k8s部署nginx

安装NFS-Server

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22


# 禁用firewalld
systemctl stop firewalld.service
systemctl disable firewalld.service

# 安装rpc和nfs-server
dnf -y install nfs-utils rpcbind

# 配置nfs
echo "/data/k8s *(rw,sync,no_root_squash)" >> /etc/exports

# 启动rpc和nfs-server,启动服务 nfs 需要向 rpc 注册，
# rpc ⼀旦重启了，注册的⽂件都会丢失，向他注册的服务都需要重启
systemctl start rpcbind.service && \
systemctl enable rpcbind.service
systemctl -a | grep nfs | awk '{print $1}' | xargs -L1 systemctl start && \
systemctl -a | grep nfs | awk '{print $1}' | xargs -L1 systemctl enable
# 验证
systemctl status rpcbind.service
systemctl status 
rpcinfo -p|grep nfs
cat /var/lib/nfs/etab
#/data/k8s       *(rw,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,rw,secure,no_root_squash,no_all_squash)

配置说明：

/data/k8s：是共享的数据⽬录

*：表示任何⼈都有权限连接，当然也可以是⼀个⽹段，⼀个 IP，也可以是域名
rw：读写的权限
sync：表示⽂件同时写⼊硬盘和内存
no_root_squash：当登录 NFS 主机使⽤共享⽬录的使⽤者是 root 时，其权限将被转换成为匿名使⽤者，通常它的 UID 与 GID，都会变成 nobody 身份

安装NFS-Clinet

k8s节点都需要安装nfs-client，

1
2
3
4
5


dnf -y install nfs-utils rpcbind
systemctl start rpcbind.service && \
systemctl enable rpcbind.service && \
systemctl -a | grep nfs | awk '{print $1}' | xargs -L1 systemctl start && \
systemctl -a | grep nfs | awk '{print $1}' | xargs -L1 systemctl enable

创建PV

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18


apiVersion: v1
kind: PersistentVolume
metadata:
  name: nginx
spec:
  capacity:
    storage: 10G
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Recycle
  storageClassName: slow
  mountOptions:
    - hard
    - nfsvers=4.1
  nfs:
    path: /data/k8s
    server: 172.15.110.5

创建PVC

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nginx-pvc
spec:
  storageClassName: slow
  resources:
    requests:
      storage: 10G
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce

创建nginx配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17


server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /srv/html;
        index  index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /srv/html;
    }
}

根据nginx配置文件创建ConfigMap

1

kubectl create configmap nginx-config --from-file=default.conf

创建service和deployment

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50


apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-test
spec:
  selector:
    matchLabels:
      app: nginx-test
  strategy: # 指定Pod的更新策略为Rolling Update
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1 # 这将确保在更新Pod时进行滚动更新，一次替换一个Pod，
      maxUnavailable: 0 # 以确保应用程序的高可用性
  template:
    metadata:
      labels:
        app: nginx-test
    spec:
      containers:
      - name: nginx-test
        image: nginx
        resources:
          limits:
            memory: "128Mi"
            cpu: "500m"
        ports:
        - containerPort: 80
        volumeMounts:
        - name: my-pvc
          mountPath: /srv/html
        - name: nginx-config
          mountPath: /etc/nginx/conf.d
      volumes:
        - name: my-pvc       # 使用我们的pvc
          persistentVolumeClaim:
            claimName: nginx-pvc
        - name: nginx-config # 配置文件
          configMap:         # 使用我们创建的configMap
            name: nginx-config
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  selector:
    app: nginx-test
  ports:
  - port: 80
    targetPort: 80