k8s中间件的常用部署
Centos7安装部署nginx
参考链接
nginx官网地址:https://nginx.org/en/download.html
rpm选择包操作系统版本的地址:http://nginx.org/packages/
rpm包centos7操作系统官方下载地址:http://nginx.org/packages/centos/7/x86_64/RPMS/
这里根据官网提供的主线版本自行到达rpm选择下载包连接地址
[外链图片存储失败,源站可能有防盗链机制,建议保存图片直接上传(img-IsSMJWM9-1656494597434)(./images/nginx_1.jpg)]
部署步骤
#下载rpm这里选择最新的官方稳定版1.20.2 [root@nginx-0 ~]# wget http://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.20.2-1.el7.ngx.x86_64.rpm #安装 [root@nginx-0 ~]# rpm -ivh nginx-1.20.2-1.el7.ngx.x86_64.rpm warning: nginx-1.20.2-1.el7.ngx.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 7bd9bf62: NOKEY Preparing... ################################# [100%] Updating / installing... 1:nginx-1:1.20.2-1.el7.ngx ######################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################## [100%] #检查已安装的nginx [root@nginx-0 ~]# rpm -qa | grep nginx nginx-1.20.2-1.el7.ngx.x86_64 #更需要修改/#etc/nginx/nginx.conf(主要用于自定义nginx各种服务器配置等。 [root@nginx-0 ~]# vi /etc/nginx/nginx.conf 示例配置见附录 #更需要修改/#etc/nginx/conf.d/***.conf(主要用于自定义nginx各种转发规则等) [root@nginx-0 ~]# vi /etc/nginx/conf.d/***.conf 示例配置见附录 [root@nginx-0 ~]# #检测nginx配置文件 [root@nginx-0 ~]# nginx -t #启动nginx,并配置启动自启动 [root@nginx-0 ~]# systemctl start nginx && systemctl enable nginx #热加载配置文件nginx -t检测配置文件无误) [root@nginx-0 ~]# nginx -s reload
k8s部署mysql5.7
部署步骤
创建mysql相关部署文件
- 创建mysql存储pvc yaml文件
[root@k8s-master-0 ~]# vi mysql-pvc.yaml - mysql-pv.yaml
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: mysql-pvc namespace: test #注意修改命名空间 spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: glusterfs- 创建mysql配置configmap yaml文件
[root@k8s-master-0 ~]# vi mysql-config.yaml
- mysql-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql-cm
namespace: test #注意修改命名空间
data:
mysqld.cnf: | [mysqld] pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock datadir = /var/lib/mysql bind-address = 0.0.0.0 port = 3306 log-bin = mysql-bin server-id = 1
- 创建mysql服务service yaml文件
[root@k8s-master-0 ~]# vi mysql-service.yaml
- mysql-service.yaml
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: test #注意修改命名空间
spec:
type: NodePort
ports:
- port: 3306
targetPort: 3306
nodePort: 30850
selector:
app: mysql
- 创建mysql配置副本Deployment yaml文件
[root@k8s-master-0 ~]# vi mysql.yaml
- mysql.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
namespace: test #注意修改命名空间
spec:
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:5.7.32
env:
- name: MYSQL_ROOT_PASSWORD
value: "root@my.123" #数据库root的密码
ports:
- containerPort: 3306
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumeMounts:
- name: mysql-config
mountPath: /etc/mysql/mysql.conf.d/mysqld.cnf
subPath: mysqld.cnf
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-pvc
- name: mysql-config
configMap:
name: mysql-cm
部署mysql
[root@k8s-master01 ~]# kubectl apply -f mysql-pvc.yaml
[root@k8s-master01 ~]# kubectl apply -f mysql-config.yaml
[root@k8s-master01 ~]# kubectl apply -f mysql-service.yaml
[root@k8s-master01 ~]# kubectl apply -f mysql.yaml
验证mysql
NAME READY STATUS RESTARTS AGE
mysql-589dcf6597-5ps6x 1/1 Running 0 8m3s
#进入pod登录验证
[root@k8s-master01 ~]# kubectl exec -it mysql-589dcf6597-5ps6x /bin/bash -n test
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@mysql-589dcf6597-5ps6x:/# mysql -u root -p
Enter password:
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'P@ssword-123'; #修改root密码
Query OK, 0 rows affected (0.00 sec)
k8s部署nacos集群
参考链接
部署参考:https://github.com/nacos-group/nacos-k8s
sql文件参考:https://github.com/alibaba/nacos/blob/develop/distribution/conf/nacos-mysql.sql
部署步骤
拉取项目代码
#拉取nacos代码,见附录
[root@k8s-master-0 ~]# git clone https://github.com/nacos-group/nacos-k8s.git
#拉取nacos的初始化数据库sql文件,见附录
[root@k8s-master-0 ~]# https://github.com/alibaba/nacos/blob/develop/distribution/conf/nacos-mysql.sql
创建nacos所需数据库
#登录数据库
[root@k8s-master01 mysql]# kubectl exec -it mysql-589dcf6597-5ps6x /bin/bash -n test
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@mysql-589dcf6597-5ps6x:/# mysql -u root -p
Enter password:
#创建数据库
mysql> CREATE DATABASE IF NOT EXISTS `nacos_dev` DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
#创建nacos用户
mysql> GRANT ALL PRIVILEGES ON nacos.* to nacos@'%' IDENTIFIED BY 'nacos';
#刷新权限
mysql> FLUSH PRIVILEGES;
#导入nacos数据库
mysql> use nacos;
Database changed
#查看mysql的连接端口
[root@k8s-master01 mysql]# kubectl get svc -n test
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mysql NodePort 10.233.20.110 <none> 3306:30850/TCP 47m
#使用mysql连接工具连接数据库并导入上方sql,因为mysql service的类型为nodeport,所以连接地址为任一k8s集群的节点ip地址,端口为30850
#回到命令行查看nacos数据表
mysql> show tables;
+----------------------+
| Tables_in_nacos |
+----------------------+
| config_info |
| config_info_aggr |
| config_info_beta |
| config_info_tag |
| config_tags_relation |
| group_capacity |
| his_config_info |
| permissions |
| roles |
| tenant_capacity |
| tenant_info |
| users |
+----------------------+
12 rows in set (0.00 sec)
修改nacos部署yaml文件
#进入项目目录
[root@k8s-master-0 ~]# cd nacos-k8s/deploy/nacos
[root@k8s-master-0 ~]# mv nacos-pvc-nfs.yaml nacos.yaml
#修改部署文件
[root@k8s-master-0 nacos]# vi nacos.yaml
- nacos.yaml
--- #修改8848端口为nodeport形式,以便集群外部访问
apiVersion: v1
kind: Service
metadata:
name: nacos-server
namespace: test #增加命名空间
labels:
app: nacos
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
spec:
type: NodePort
ports:
- port: 8848
name: server
targetPort: 8848
nodePort: 30848
selector:
app: nacos
---
apiVersion: v1
kind: Service
metadata:
name: nacos-headless
namespace: test #增加命名空间
labels:
app: nacos
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
spec:
ports:
- port: 8848
name: server
targetPort: 8848
- port: 9848
name: client-rpc
targetPort: 9848
- port: 9849
name: raft-rpc
targetPort: 9849
## 兼容1.4.x版本的选举端口
- port: 7848
name: old-raft-rpc
targetPort: 7848
clusterIP: None
selector:
app: nacos
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nacos-cm
namespace: test #增加命名空间
data:
mysql.host: "mysql.test.svc.cluster.local" #增加mysql连接地址
mysql.db.name: "nacos_devtest"
mysql.port: "3306"
mysql.user: "nacos"
mysql.password: "nacos"
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: nacos
namespace: test #增加命名空间
spec:
serviceName: nacos-headless
replicas: 3
template:
metadata:
labels:
app: nacos
annotations:
pod.alpha.kubernetes.io/initialized: "true"
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- nacos
topologyKey: "kubernetes.io/hostname"
serviceAccountName: nfs-client-provisioner
initContainers:
- name: peer-finder-plugin-install
image: nacos/nacos-peer-finder-plugin:1.1
imagePullPolicy: Always
volumeMounts:
- mountPath: /home/nacos/plugins/peer-finder
name: data
subPath: peer-finder
containers:
- name: nacos
imagePullPolicy: Always
image: nacos/nacos-server:latest
resources:
requests:
memory: "2Gi"
cpu: "500m"
ports:
- containerPort: 8848
name: client-port
- containerPort: 9848
name: client-rpc
- containerPort: 9849
name: raft-rpc
- containerPort: 7848
name: old-raft-rpc
env:
- name: NACOS_REPLICAS
value: "3"
- name: SERVICE_NAME
value: "nacos-headless"
- name: DOMAIN_NAME
value: "cluster.local" #修改k8s集群地址,可通过cat /etc/kubernetes/kubelet.conf查看对应字段:contexts/- context/cluster
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: MYSQL_SERVICE_HOST #增加获取mysql连接地址的环境变量
valueFrom:
configMapKeyRef:
name: nacos-cm
key: mysql.host
- name: MYSQL_SERVICE_DB_NAME
valueFrom:
configMapKeyRef:
name: nacos-cm
key: mysql.db.name
- name: MYSQL_SERVICE_PORT
valueFrom:
configMapKeyRef:
name: nacos-cm
key: mysql.port
- name: MYSQL_SERVICE_USER
valueFrom:
configMapKeyRef:
name: nacos-cm
key: mysql.user
- name: MYSQL_SERVICE_PASSWORD
valueFrom:
configMapKeyRef:
name: nacos-cm
key: mysql.password
- name: NACOS_SERVER_PORT
value: "8848"
- name: NACOS_APPLICATION_PORT
value: "8848"
- name: PREFER_HOST_MODE
value: "hostname"
volumeMounts:
- name: data
mountPath: /home/nacos/plugins/peer-finder
subPath: peer-finder
- name: data
mountPath: /home/nacos/data
subPath: data
- name: data
mountPath: /home/nacos/logs
subPath: logs
volumeClaimTemplates:
- metadata:
name: data
namespace: test #增加命名空间
annotations:
volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
spec:
accessModes: [ "ReadWriteMany" ]
storageClassName: "glusterfs" #增加storageClass选择器,以便自动创建pvc
resources:
requests:
storage: 20Gi
selector:
matchLabels:
app: nacos
部署集群
[root@k8s-master-0 ~]# kubectl apply -f nacos.yaml
验证集群
#查看nacos pod
[root@k8s-master-0 ~]# kubectl get pod -n test | grep nacos
nacos-0 1/1 Running 0 120d
nacos-1 1/1 Running 0 120d
nacos-2 1/1 Running 0 120d
#查看nacos svc
[root@k8s-master01 ~]# kubectl get svc -n test | grep nacos
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nacos-headless ClusterIP None <none> 8848/TCP,9848/TCP,9849/TCP,7848/TCP 216d
nacos-server NodePort 10.233.20.35 <none> 8848:30848/TCP 213d
#访问任意节点ip+30848(nodeport端口)进行验证
k8s安装redis三主三从集群
部署步骤
创建redis副本文件
[root@k8s-master-0 ~]# vi redis-statefulset.yaml
- redis-statefulset.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: redis-cluster-cm
namespace: test
data:
redis-conf: | appendonly yes #开启AOF模式 protected-mode no #关闭protected-mode模式,此时外部网络可以直接访问 cluster-enabled yes #开启集群模式 cluster-config-file /data/nodes.conf #Redis集群节点的集群配置文件 cluster-node-timeout 5000 #指节点在失败状态下必须不可到达的毫秒数。大多数其他内部时间限制是节点超时的倍数 dir /data #数据存储目录 port 6379 requirepass redis@123.com #redis密码,自定义 masterauth redis@123.com #如果master是密码保护的,在启动复制同步进程之前,可以告诉奴隶进行身份验证,否则主人将拒绝奴隶请求。
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis
namespace: szxc
labels:
app: redis
spec:
serviceName: redis-headless
replicas: 6
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- redis
topologyKey: kubernetes.io/hostname
containers:
- name: redis
image: redis:6.2.5
command:
- "redis-server"
args:
- "/etc/redis/redis.conf"
- "--protected-mode"
- "no"
- "--cluster-announce-ip"
- "$(POD_IP)"
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
ports:
- name: redis
containerPort: 6379
protocol: "TCP"
- name: cluster
containerPort: 16379
protocol: "TCP"
volumeMounts:
- name: redis-conf
mountPath: /etc/redis
- name: redis-data
mountPath: /data
volumes:
- name: redis-conf
configMap:
name: redis-cluster-cm
items:
- key: redis-conf
path: redis.conf
volumeClaimTemplates:
- metadata:
name: redis-data
namespace: test
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "glusterfs" #注意修改为自己的storageClass
resources:
requests:
storage: 10Gi #pvc容量,自定义
---
apiVersion: v1
kind: Service
metadata:
name: redis-headless
namespace: test
labels:
app: redis
spec:
type: NodePort
ports:
- name: redis-port
port: 6379
targetPort: 6379
nodePort: 30849 #nodeport端口自定义
selector:
app: redis
部署并配置集群
#部署
[root@k8s-master-0 ~]# kubectl apply -f redis-statefulset.yaml
#配置集群
#自动配置3个master,3个slave节点的集群,-a指定密码
[root@k8s-master-0 ~]# kubectl exec -it redis-0 -n test -- redis-cli -a redis@123.com --cluster create --cluster-replicas 1 $(kubectl get pods -n test -l app=redis -o jsonpath='{range.items[*]}{.status.podIP}:6379 {end}')
验证集群
#对redis集群进行验证 [root@k8s-master-0 ~]# kubectl exec -it redis-0 -n test -- redis-cli -a redis@123.com --cluster check $(kubectl get pods -n test -l app=redis -o jsonpath='{range.items[0]}{.status.podIP}:6379{end}') Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe. 10.233.67.76:6379 (b8e966ed...) -> 286 keys | 5461 slots | 1 slaves. 10.233.94.207:6379 (31d925a7...) -> 263 keys | 5462 slots | 1 slaves. 10.233.98.106:6379 (11b42330...) -> 275 keys | 5461 slots | 1 slaves. [OK] 824 keys in 3 masters. 0.05 keys per slot on average. >>> Performing Cluster Check (using node 10.233.67.76:6379) M: b8e966ed2e00d2c9fb24ebdd409fd7eef90cbb11 10.233.67.76:6379 slots:[0-5460] (5461 slots) master 1 additional replica 标签:56asc532连接器