一起养成写作习惯!这是我参与「掘金日新计划 · 4 月更文挑战」的第7天,点击查看活动详情。
kubernetes简介
Kubernetes 是一个可移植的、可扩展的开源平台,用于管理容器化的工作负载和服务,可促进声明式配置和自动化。 Kubernetes 拥有一个庞大且快速增长的生态系统。Kubernetes 的服务、支持和工具广泛可用。 Kubernetes 为你提供:
- 服务发现和负载均衡 Kubernetes 可以使用 DNS 名称或自己的 IP 地址公开容器,如果进入容器的流量很大, Kubernetes 可以负载均衡并分配网络流量,从而使部署稳定。
- 存储编排 Kubernetes 允许你自动挂载你选择的存储系统,例如本地存储、公共云提供商等。
- 自动部署和回滚 你可以使用 Kubernetes 描述已部署容器的所需状态,它可以以受控的速率将实际状态 更改为期望状态。例如,你可以自动化 Kubernetes 来为你的部署创建新容器, 删除现有容器并将它们的所有资源用于新容器。
- 自动完成装箱计算 Kubernetes 允许你指定每个容器所需 CPU 和内存(RAM)。 当容器指定了资源请求时,Kubernetes 可以做出更好的决策来管理容器的资源。
- 自我修复 Kubernetes 重新启动失败的容器、替换容器、杀死不响应用户定义的 运行状况检查的容器,并且在准备好服务之前不将其通告给客户端。
- 密钥与配置管理 Kubernetes 允许你存储和管理敏感信息,例如密码、OAuth 令牌和 ssh 密钥。 你可以在不重建容器镜像的情况下部署和更新密钥和应用程序配置,也无需在堆栈配置中暴露密钥。
镜像准备
请查看jib打包spring boot项目生成docker镜像,运行一下命令会自动打包镜像
gradle jibDockerBuild
镜像列表
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.cn-hangzhou.aliyuncs.com/f-boot/message-service 1.0.0 25ffab8435a9 About an hour ago 310MB
registry.cn-hangzhou.aliyuncs.com/f-boot/message-service latest 25ffab8435a9 About an hour ago 310MB
registry.cn-hangzhou.aliyuncs.com/f-boot/sys-service 1.0.0 4a7d54e1d122 About an hour ago 330MB
registry.cn-hangzhou.aliyuncs.com/f-boot/sys-service latest 4a7d54e1d122 About an hour ago 330MB
registry.cn-hangzhou.aliyuncs.com/f-boot/file-service 1.0.0 0df8ce1486c1 About an hour ago 314MB
registry.cn-hangzhou.aliyuncs.com/f-boot/file-service latest 0df8ce1486c1 About an hour ago 314MB
registry.cn-hangzhou.aliyuncs.com/f-boot/gateway 1.0.0 bffc69dc5bcc About an hour ago 320MB
registry.cn-hangzhou.aliyuncs.com/f-boot/gateway latest bffc69dc5bcc About an hour ago 320MB
gateway是网关服务需要暴露外网访问,file、sys、message是具体的微服务
部署中间件
- nacos.yaml
---
apiVersion: v1
kind: Service
metadata:
name: nacos
namespace: feng
labels:
app: nacos
spec:
selector:
app: nacos
type: NodePort
ports:
- name: http
protocol: TCP
port: 8848
targetPort: 8848
nodePort: 30848
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nacos
namespace: feng
labels:
app: nacos
spec:
selector:
matchLabels:
app: nacos
revisionHistoryLimit: 5
replicas: 1
progressDeadlineSeconds: 60
template:
metadata:
labels:
app: nacos
spec:
terminationGracePeriodSeconds: 5
containers:
- name: nacos
image: nacos/nacos-server:v2.0.4
imagePullPolicy: IfNotPresent
ports:
- name: nacos
containerPort: 8848
protocol: TCP
resources:
limits:
memory: 1Gi
cpu: 500m
envFrom:
- configMapRef:
name: nacos-server-env
- secretRef:
name: nacos-server-secret
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nacos-server-env
namespace: feng
data:
# 类属性键;每一个键都映射到一个简单的值
MODE: standalone
SPRING_DATASOURCE_PLATFORM: mysql
MYSQL_SERVICE_HOST: 192.168.137.1
# 数字要用双引号
MYSQL_SERVICE_PORT: "13306"
MYSQL_SERVICE_DB_NAME: nacos
MYSQL_SERVICE_DB_PARAM: characterEncoding=utf8&autoReconnect=true&useUnicode=true&useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true
JVM_XMS: 512m
JVM_XMX: 512m
JVM_XMN: 128m
JVM_MS: 128m
JVM_MMS: 128m
# bool要用双引号
NACOS_AUTH_CACHE_ENABLE: "true"
immutable: true
---
apiVersion: v1
kind: Secret
metadata:
name: nacos-server-secret
namespace: feng
type: Opaque
data:
# echo -n 'nacos' | base64
MYSQL_SERVICE_USER: bmFjb3M=
MYSQL_SERVICE_PASSWORD: bmFjb3M=
- redis.yaml
---
# 外网访问
apiVersion: v1
kind: Service
metadata:
name: redis-node
namespace: feng
labels:
app: redis
spec:
selector:
app: redis
type: NodePort
ports:
- name: node
protocol: TCP
port: 6379
targetPort: 6379
nodePort: 30379
---
#内部无头服务
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: feng
labels:
app: redis
spec:
selector:
app: redis
clusterIP: None
ports:
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis
namespace: feng
labels:
app: redis
spec:
selector:
matchLabels:
app: redis
revisionHistoryLimit: 5
updateStrategy:
type: RollingUpdate
podManagementPolicy: OrderedReady
serviceName: redis
replicas: 1
template:
metadata:
labels:
app: redis
spec:
terminationGracePeriodSeconds: 10
containers:
- name: redis
image: redis:6.2.6
imagePullPolicy: IfNotPresent
ports:
- name: redis
containerPort: 6379
protocol: TCP
command:
- redis-server
- "/redis/redis.conf"
resources:
limits:
memory: 128Mi
cpu: 500m
volumeMounts:
- name: redis-data
mountPath: /data
- name: config
mountPath: /redis
volumes:
- name: config
configMap:
name: redis-conf
items:
- key: redis-conf
path: redis.conf
volumeClaimTemplates:
- metadata:
name: redis-data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: nfs-storage
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: redis-conf
namespace: feng
data:
redis-conf: |
protected-mode no
maxmemory-policy allkeys-lru
save 3600 1
save 300 100
save 60 10000
requirepass 9RhbxfQaHo8cs2gE
maxmemory 64mb
maxmemory-policy volatile-lru
appendonly yes
configMap、Secret
---
apiVersion: v1
kind: Secret
metadata:
name: nacos
namespace: feng
type: Opaque
data:
# echo -n 'nacos' | base64
username: bmFjb3M=
password: bmFjb3M=
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nacos
namespace: feng
data:
# 类属性键;每一个键都映射到一个简单的值
serverAddr: nacos:8848
namespace: pro
group: f
immutable: true
网关gateway
这里使用NodePort,也可以使用ingress-nginx
---
apiVersion: v1
kind: Service
metadata:
name: gateway
namespace: feng
labels:
app: gateway
spec:
type: NodePort
selector:
app: gateway
ports:
- name: http
protocol: TCP
# 默认情况下,为了方便起见,`targetPort` 被设置为与 `port` 字段相同的值。
port: 8000
targetPort: 8000
# 默认情况下,为了方便起见,Kubernetes 控制平面会从某个范围内分配一个端口号(默认:30000-32767)
nodePort: 30800
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gateway
namespace: feng
labels:
app: gateway
spec:
selector:
matchLabels:
app: gateway
# deploy 升级最大记录数由 revisionHistoryLimit 定义,默认值为 10。
revisionHistoryLimit: 10
replicas: 1
# deploy 升级过程中的最大时间由 progressDeadlineSeconds 来定义。
# 如果升级过程被暂停了,该时间也会同步暂停,时间不会一直增长。
progressDeadlineSeconds: 300
strategy:
type: RollingUpdate
rollingUpdate:
# 和期望ready的副本数比,不可用副本数最大比例(或最大值),这个值越小,越能保证服务稳定,更新越平滑;
maxUnavailable: 0
# 和期望ready的副本数比,超过期望副本数最大比例(或最大值),这个值调的越大,副本更新速度越快。
maxSurge: 1
template:
metadata:
labels:
app: gateway
spec:
# 可以定义优雅关闭的宽限期,即在收到停止请求后,
# 有多少时间来进行资源释放或者做其它操作,如果到了最大时间还没有停止,会被强制结束。
terminationGracePeriodSeconds: 30
containers:
- name: gateway
image: registry.cn-hangzhou.aliyuncs.com/f-boot/gateway:1.0.0
imagePullPolicy: IfNotPresent
ports:
- name: gateway
containerPort: 8000
protocol: TCP
resources:
limits:
memory: 1024Mi
cpu: '1'
envFrom:
- configMapRef:
name: boot-env
- secretRef:
name: boot-secret
volumeMounts:
- name: gateway-log
mountPath: /logs
- name: datetime
mountPath: /etc/localtime
readOnly: true
volumes:
- name: gateway-log
persistentVolumeClaim:
claimName: gateway-log
- name: datetime
hostPath:
path: /etc/localtime
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gateway-log
namespace: feng
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storageClassName: nfs-storage
系统服务(其它服务都是差不多)
---
apiVersion: v1
kind: Service
metadata:
name: sys
namespace: feng
labels:
app: sys
spec:
selector:
app: sys
ports:
- name: http
protocol: TCP
port: 18080
targetPort: 18080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sys
namespace: feng
labels:
app: sys
spec:
selector:
matchLabels:
app: sys
revisionHistoryLimit: 10
replicas: 1
progressDeadlineSeconds: 300
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
template:
metadata:
labels:
app: sys
spec:
terminationGracePeriodSeconds: 30
containers:
- name: sys
image: registry.cn-hangzhou.aliyuncs.com/f-boot/sys-service:1.0.0
imagePullPolicy: IfNotPresent
ports:
- name: sys
containerPort: 18080
protocol: TCP
resources:
limits:
memory: 1024Mi
cpu: '1'
env:
- name: PROFILE
value: pro
# 指定时区
- name: TZ
value: Asia/Shanghai
- name: NACOS_USERNAME
valueFrom:
secretKeyRef:
name: nacos
key: username
- name: NACOS_PASSWORD
valueFrom:
secretKeyRef:
name: nacos
key: password
- name: NACOS_SERVER_ADDR
valueFrom:
configMapKeyRef:
name: nacos
key: serverAddr
- name: NACOS_NAMESPACE
valueFrom:
configMapKeyRef:
name: nacos
key: namespace
- name: NACOS_GROUP
valueFrom:
configMapKeyRef:
name: nacos
key: group
volumeMounts:
- name: sys-log
mountPath: /logs
- name: datetime
mountPath: /etc/localtime
readOnly: true
volumes:
- name: sys-log
persistentVolumeClaim:
claimName: sys-log
- name: datetime
hostPath:
path: /etc/localtime
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sys-log
namespace: feng
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: nfs-storage
部署结果
运行前端项目验证
可以正常访问
