梦想天花烂坠
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=habor.rpc.nb.com" \
-key ca.key \
-out ca.crt
openssl genrsa -out habor.rpc.nb.com.key 4096
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=habor.rpc.nb.com" \
-key habor.rpc.nb.com.key \
-out habor.rpc.nb.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=habor.rpc.nb.com
DNS.2=habor.rpc.nb
DNS.3=hostname
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in habor.rpc.nb.com.csr \
-out habor.rpc.nb.com.crt
openssl x509 -inform PEM -in habor.rpc.nb.com.crt -out habor.rpc.nb.com.cert
[ ! -d /etc/docker/certs.d/habor.rpc.nb.com ]&&mkdir -pv /etc/docker/certs.d/habor.rpc.nb.com
cp habor.rpc.nb.com.cert /etc/docker/certs.d/habor.rpc.nb.com/
cp habor.rpc.nb.com.key /etc/docker/certs.d/habor.rpc.nb.com/
cp ca.crt /etc/docker/certs.d/habor.rpc.nb.com/
kubectl create secret docker-registry registry-key --docker-server=habor.rpc.nb.com --docker-username=admin --docker-password=Harbor12345 --docker-email=xuliliang@epailive.com
#Dockerfile
cat >Dockerfile<<EOF
FROM habor.rpc.nb.com/ops/centos7_env:v5
WORKDIR /epailive/app
COPY . ./
RUN chown -R www.www .
CMD ["/usr/bin/supervisord"]
EOF
#configMap reloader,实现修改cm滚动更新rc
kubectl apply -f https://raw.githubusercontent.com/stakater/Reloader/master/deployments/kubernetes/reloader.yaml
#php配置文件
kubectl create cm php-fpm-config --from-file=etc/
#nginx配置文件
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-config
data:
www.conf: |
server {
listen 80;
server_name localhost;
index index.php;
root /epailive/app/public;
location / {
root /epailive/app/public;
if (!-f $request_filename){
rewrite ^/(.*)$ /index.php last;
}
}
location ~* ^.+\.(css|js|gif|png|jpg|jpeg|rar|html|htm|shtml|swf|json|xml|cur|ico|ttf|woff|woff2)$ {
root /epailive/app/resources;
}
location ~ \.php$
{
root /epailive/app/public;
fastcgi_pass 127.0.0.1:9000;
try_files $uri $uri/ /index.php?$query_string;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: supervisord-config
data:
supervisord.conf: |
[supervisord]
logfile=/epailive/log/supervisord.log
logfile_maxbytes=50MB
logfile_backups=10
loglevel=info
pidfile=/var/run/supervisord.pid
nodaemon=true
[unix_http_server]
file=/var/run/supervisor.sock
[supervisorctl]
serverurl=unix:///var/run/supervisor.sock
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[program:nginx]
command=/epailive/program/nginx-1.13.9/sbin/nginx
[program:php]
command=/epailive/program/php-7.3.9/sbin/php-fpm --nodaemonize --fpm-config /epailive/program/php-php-7.3.9/etc/php-fpm.conf
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: test1-saas-web-api
annotations:
configmap.reloader.stakater.com/reload: "nginx-config"
spec:
replicas: 2
selector:
matchLabels:
app: test1-saas-web-api
template:
metadata:
labels:
app: test1-saas-web-api
spec:
imagePullSecrets:
- name: registry-key
containers:
- name: test1-saas-web-api
image: 'habor.rpc.nb.com/ops/php-demo:v1'
command: ["/bin/sh"]
args: ["-c", "mkdir -pv /epailive/log && /usr/local/bin/supervisord -c /etc/supervisord.conf "]
#args: ["-c", "sleep 50000000000000"]
ports:
- containerPort: 80
resources: {}
volumeMounts:
- name: nginx-config
mountPath: /epailive/program/nginx-1.13.9/conf/vhosts
- name: php-fpm
mountPath: /epailive/program/php-7.3.9/etc/
- name: www-conf
mountPath: /epailive/program/php-7.3.9/etc/php-fpm.d
- name: supervisord-config
mountPath: /etc/supervisord.conf
subPath: supervisord.conf
securityContext:
privileged: true
capabilities:
add:
- SYS_ADMIN
volumes:
- name: nginx-config
configMap:
name: nginx-config
- name: php-fpm
configMap:
name: php-fpm
- name: www-conf
configMap:
name: www-conf
- name: supervisord-config
configMap:
name: supervisord-config
---
kind: Service
apiVersion: v1
metadata:
name: php-fpm-nginx-svc
spec:
selector:
app: test1-saas-web-api
type: NodePort
ports:
- name: nginx-port
port: 80
targetPort: 80
nodePort: 30010
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: consuld1
spec:
replicas: 30
selector:
matchLabels:
app: consuld1
template:
metadata:
labels:
app: consuld1
spec:
imagePullSecrets:
- name: registry-key
containers:
- name: consuld1
image: 'habor.rpc.nb.com/ops/consuldemo:v1'
command: [ "sh", "-c"]
args: ["/app/demo"]
ports:
- containerPort: 8010
resources: {}
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: status.hostIP #node的ip
