一、容器交付流程
二、容器交付实战
三、dockerfile制作流程
- 项目代码构成
- 依赖的服务
- 提供服务的端口
- 配置文件
- 程序在工作种涉及持久化的文件
代码项目地址:https://gitee.com/qianxunqianyu/tom-java-demo
1、生成网站打包文件
yum install java-1.8.0-openjdk maven git -y git clone https://gitee.com/qianxunqianyu/tom-java-demo mvn clean package -Dmaven.test.skip=true # 代码编译构建 unzip target/*.war -d target/ROOT # 解压构建文件
2、制作镜像
镜像分类:
基础镜像:例如centos、ubuntu
环境镜像:jdk、nginx
项目镜像:dashboard
Dockerfile编写:
FROM tomcat LABEL maintainer xq COPY target/ROOT /usr/local/tomcat/webapps/ROOT
镜像制作:
docker build -t tomcat-java-demo:v1 .
镜像推送:
docker push tomcat-java-demo:v1
注意:推送镜像时,首先要进行harbor仓库的登录,docker login myhabor.kingsoft.com;其次要将镜像重新打tag。
harbor默认试用https登录,需要通过以下方式进行修改为http方式:
cat /etc/docker/daemon.json
{
"graph":"/data/docker",
"registry-mirrors":["https://b9pmyelo.mirror.aliyuncs.com"],
"insecure-registries":["myharbor.kingsoft.com"]
}
docker login myharbor.kingsoft.com docker tag tomcat-java-demo:v1 myharbor.kingsoft.com/tomcat-java/tomcat-java-demo:v1
四、使用控制器部署镜像
根据业务逻辑编写deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: java-demo-deployment
labels:
app: java-demo
spec:
replicas: 2
selector:
matchLabels:
app: java-demo
template:
metadata:
labels:
app: java-demo
spec:
imagePullSecrets:
- name: registry-auth
containers:
- name: web-java-demo
image: myharbor.kingsoft.com/tomcat-java/tomcat-java:v3
ports:
- containerPort: 8080
resources:
requests:
cpu: 0.5
memory: 500Mi
limits:
cpu: 1
memory: 1Gi
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 50
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 50
periodSeconds: 10
volumeMounts:
- name: config
mountPath: "/usr/local/tomcat/webapps/ROOT/WEB-INF/classes/application.yml"
subPath: application.yml
volumes:
# 你可以在 Pod 级别设置卷,然后将其挂载到 Pod 内的容器中
- name: config
configMap:
# 提供你想要挂载的 ConfigMap 的名字
name: java-demo-config
# 来自 ConfigMap 的一组键,将被创建为文件
items:
- key: "application.yml"
path: "application.yml"
注意:项目中需要使用的几个东西:健康检查、配置文件、资源限额、镜像拉取
健康检查主要是对pod启动后是否正常提供服务,端口是否正常进行检查,保证pod的健壮性;
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 50
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 50
periodSeconds: 10
配置文件通过configmap保存,然后使用volume进行挂在到pod里面直接使用
apiVersion: v1
kind: ConfigMap
metadata:
name: java-demo-config
data:
application.yml: |
server:
port: 8080
spring:
datasource:
url: jdbc:mysql://localhost:3306/test?characterEncoding=utf-8
username: root
password: 12345
driver-class-name: com.mysql.jdbc.Driver
freemarker:
allow-request-override: false
cache: true
check-template-location: true
charset: UTF-8
content-type: text/html; charset=utf-8
expose-request-attributes: false
expose-session-attributes: false
expose-spring-macro-helpers: false
suffix: .ftl
template-loader-path:
- classpath:/templates/
资源限额,对pod资源进行限制
resources:
requests:
cpu: 0.5
memory: 500Mi
limits:
cpu: 1
memory: 1Gi
镜像拉取,对于像harbor这样的镜像仓库,需要具有登录权限才能拉取镜像。
创建secret:
kubectl create secret docker-registry registry-auth --docker-username=admin --dockepassword=Harbor12345 --docker-server=10.11.97.193
在container同一级别配置拉取镜像密码:
imagePullSecrets: - name: registry-auth
五、暴露应用
service
apiVersion: v1
kind: Service
metadata:
name: tomcat-java
spec:
selector:
app: java-demo
ports:
- protocol: TCP
port: 80
targetPort: 8080
ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/enable-cors":"true","nginx.ingress.kubernetes.io/proxy-connect-timeout":"600","nginx.ingress.kubernetes.io/proxy-read-timeout":"600","nginx.ingress.kubernetes.io/proxy-send-timeout":"600","nginx.ingress.kubernetes.io/rewrite-target":"/$1"},"creationTimestamp":"2021-04-02T05:27:55Z","generation":4,"name":"omms-ingress","namespace":"omms-qa","resourceVersion":"20064615","selfLink":"/apis/extensions/v1beta1/namespaces/omms-qa/ingresses/omms-ingress","uid":"c72ec48c-17dc-4df8-bf01-35ccab2a0812"},"spec":{"rules":[{"host":"omms-qa.kingsoft.com","http":{"paths":[{"backend":{"serviceName":"tomcat-java","servicePort":80},"path":"/"},{"backend":{"serviceName":"ommsweb","servicePort":8000},"path":"/(api/.*)"},{"backend":{"serviceName":"ommsweb","servicePort":8000},"path":"/(token/.*)"},{"backend":{"serviceName":"sysmanagefront","servicePort":8000},"path":"/sysmanage/(.*)"}]}}]},"status":{"loadBalancer":{}}}
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/rewrite-target: /$1
creationTimestamp: "2021-09-29T05:36:03Z"
generation: 1
name: omms-ingress
namespace: omms-qa
resourceVersion: "20072464"
selfLink: /apis/extensions/v1beta1/namespaces/omms-qa/ingresses/omms-ingress
uid: b119fe91-0377-44ef-aa7b-9e3cffbb8191
spec:
rules:
- host: omms-qa.kingsoft.com
http:
paths:
- backend:
serviceName: tomcat-java
servicePort: 80
path: /
- backend:
serviceName: ommsweb
servicePort: 8000
path: /(api/.*)
- backend:
serviceName: ommsweb
servicePort: 8000
path: /(token/.*)
- backend:
serviceName: sysmanagefront
servicePort: 8000
path: /sysmanage/(.*)
status:
loadBalancer: {}