1. 容器化的优势
- 提高资源利用率,节约部署IT成本.
- 提高部署效率,基于kubernetes实现快速部署交付,秒级启动.
- 实现横向扩容,灰度部署,回滚等.
- 可根据业务负载进行弹性扩展.
- 容器将环境和代码打包在镜像内,保证了测试与生产环境一致性.
2. 镜像分层结构
- docker pull 拉取基础镜像(centos,ubuntu,alpine)
- 自定义基础环境(vim,gcc等常用工具),上传harbor仓库.
- 基于自定义镜像安装JDK,Nginx,Tomcat等所需的中间件,打包上传harbor
- 基于tomcat,nginx的基础镜像加上业务数据,构建不同的业务镜像
一般3-4层,不直接在基础镜像的基础上直接生成业务镜像
3. 构建基础镜像
基础镜像Dockerfile
FROM centos:7.9.2009
ADD filebeat-7.12.1-x86_64.rpm /tmp
RUN rm -f /etc/yum.repos.d/*
ADD Centos-7.repo /etc/yum.repos.d
RUN yum clean all && yum makecache
RUN yum install -y /tmp/filebeat-7.12.1-x86_64.rpm vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop && rm -rf /etc/localtime /tmp/filebeat-7.12.1-x86_64.rpm && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && useradd nginx -u 2022
build文件
#!/bin/bash
docker build -t harbor.intra.com/baseimages/centos-base:7.9.2009 .
docker push harbor.intra.com/baseimages/centos-base:7.9.2009
构建基础镜像
harbor.intra.com/baseimages/centos-base
root@k8s-master-01:/opt/k8s-data/dockerfile/system/centos# ./build-command.sh
Sending build context to Docker daemon 32.61MB
Step 1/6 : FROM centos:7.9.2009
---> eeb6ee3f44bd
Step 2/6 : ADD filebeat-7.12.1-x86_64.rpm /tmp
---> Using cache
---> 470c5717e15e
Step 3/6 : RUN rm -f /etc/yum.repos.d/*
---> Using cache
---> 8817eb668724
Step 4/6 : ADD Centos-7.repo /etc/yum.repos.d
---> Using cache
---> 9102543f4c46
Step 5/6 : RUN yum clean all && yum makecache
---> Running in c73bdf76827c
Loaded plugins: fastestmirror, ovl
Cleaning repos: base extras updates
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
perl-Time-Local noarch 1.2300-2.el7 base 24 k
perl-constant noarch 1.27-2.el7 base 19 k
perl-libs x86_64 4:5.16.3-299.el7_9 updates 690 k
perl-macros x86_64 4:5.16.3-299.el7_9 updates 44 k
perl-parent noarch 1:0.225-244.el7 base 12 k
perl-podlators noarch 2.5.1-3.el7 base 112 k
perl-threads x86_64 1.87-4.el7 base 49 k
perl-threads-shared x86_64 1.43-6.el7 base 39 k
vim-common x86_64 2:7.4.629-8.el7_9 updates 5.9 M
vim-filesystem x86_64 2:7.4.629-8.el7_9 updates 11 k
which x86_64 2.20-7.el7 base 41 k
Updating for dependencies:
glibc x86_64 2.17-326.el7_9 updates 3.6 M
glibc-common x86_64 2.17-326.el7_9 updates 12 M
krb5-libs x86_64 1.15.1-54.el7_9 updates 810 k
openssl-libs x86_64 1:1.0.2k-25.el7_9 updates 1.2 M
Transaction Summary
================================================================================
Install 15 Packages (+57 Dependent packages)
Upgrade 1 Package (+ 4 Dependent packages)
Total size: 203 M
Total download size: 87 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
Updated:
zlib.x86_64 0:1.2.7-20.el7_9
Dependency Updated:
glibc.x86_64 0:2.17-326.el7_9 glibc-common.x86_64 0:2.17-326.el7_9
krb5-libs.x86_64 0:1.15.1-54.el7_9 openssl-libs.x86_64 1:1.0.2k-25.el7_9
Complete!
Removing intermediate container 1dd8f4232fff
---> 4aa2d689b2b6
Successfully built 4aa2d689b2b6
Successfully tagged harbor.intra.com/baseimages/centos-base:7.9.2009
The push refers to repository [harbor.intra.com/baseimages/centos-base]
d7f831641e18: Pushed
f4b52134c525: Pushed
0533300cca03: Pushed
30a12549c4a3: Pushed
ce1fb445c72c: Pushed
174f56854903: Pushed
7.9.2009: digest: sha256:ee0d2941ffb9ca5813c96c781b8c03ac6075101ea6065f1c939869614a8ae555 size: 1581
root@k8s-master-01:/opt/k8s-data/dockerfile/system/centos# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
harbor.intra.com/baseimages/centos-base 7.9.2009 4aa2d689b2b6 About a minute ago 1.08GB
4. 构建nginx镜像
Dockerfile
#Nginx Base Image
FROM harbor.intra.com/baseimages/centos-base:7.9.2009
RUN yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop
ADD nginx-1.18.0.tar.gz /usr/local/src/
RUN cd /usr/local/src/nginx-1.18.0 && ./configure && make && make install && ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx &&rm -rf /usr/local/src/nginx-1.18.0.tar.gz
build文件
#!/bin/bash
docker build -t harbor.intra.com/pub-images/nginx-base:v1.18.0 .
sleep 1
docker push harbor.intra.com/pub-images/nginx-base:v1.18.0
构建nginx-base镜像
harbor.intra.com/pub-images/nginx-base:v1.18.0
root@k8s-master-01:/opt/k8s-data/dockerfile/web/pub-images/nginx-base# ./build-command.sh
Sending build context to Docker daemon 1.043MB
Step 1/4 : FROM harbor.intra.com/baseimages/centos-base:7.9.2009
---> 4aa2d689b2b6
Step 2/4 : RUN yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop
---> Running in f404ed615ae9
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
make[1]: Leaving directory `/usr/local/src/nginx-1.18.0'
'/usr/sbin/nginx' -> '/usr/local/nginx/sbin/nginx'
Removing intermediate container f8c856f90087
---> e645795e0516
Successfully built e645795e0516
Successfully tagged harbor.intra.com/pub-images/nginx-base:v1.18.0
The push refers to repository [harbor.intra.com/pub-images/nginx-base]
add7044db687: Pushed
48509365cc6b: Pushed
866a31dd9674: Pushed
d7f831641e18: Pushed
f4b52134c525: Pushed
0533300cca03: Pushed
30a12549c4a3: Pushed
ce1fb445c72c: Pushed
174f56854903: Pushed
v1.18.0: digest: sha256:1d9a8c1f9c81c7aed5a2c0654e085d84c63effccd2486590059783295c211f1e size: 2215
root@k8s-master-01:/opt/k8s-data/dockerfile/web/pub-images/nginx-base# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
harbor.intra.com/pub-images/nginx-base v1.18.0 e645795e0516 35 seconds ago 1.28GB
5. 构建业务Nginx镜像
Dockerfile
#Nginx 1.18.0
FROM harbor.intra.com/pub-images/nginx-base:v1.18.0
ADD nginx.conf /usr/local/nginx/conf/nginx.conf
ADD app1.tar.gz /usr/local/nginx/html/webapp/
ADD index.html /usr/local/nginx/html/index.html
#静态资源挂载路径
RUN mkdir -p /usr/local/nginx/html/webapp/static /usr/local/nginx/html/webapp/images
EXPOSE 80 443
CMD ["nginx"]
build文件
#Nginx 1.18.0
FROM harbor.intra.com/pub-images/nginx-base:v1.18.0
ADD nginx.conf /usr/local/nginx/conf/nginx.conf
ADD app1.tar.gz /usr/local/nginx/html/webapp/
ADD index.html /usr/local/nginx/html/index.html
#静态资源挂载路径
RUN mkdir -p /usr/local/nginx/html/webapp/static /usr/local/nginx/html/webapp/images
EXPOSE 80 443
CMD ["nginx"]
root@k8s-master-01:/opt/k8s-data/dockerfile/web/wework/nginx# cat build-command.sh
#!/bin/bash
TAG=$1
docker build -t harbor.intra.com/wework/nginx-web1:${
TAG} .
echo "镜像构建完成,即将上传到harbor"
sleep 1
docker push harbor.intra.com/wework/nginx-web1:${
TAG}
echo "镜像上传到harbor完成"
目录下其他文件
root@k8s-master-01:/opt/k8s-data/dockerfile/web/wework/nginx# ls -l
total 20
-rw-r--r-- 1 root root 235 Aug 8 12:50 app1.tar.gz
-rwxr-xr-x 1 root root 226 Aug 8 12:53 build-command.sh
-rw-r--r-- 1 root root 355 Aug 8 12:52 Dockerfile
-rw-r--r-- 1 root root 21 Aug 8 12:38 index.html
-rw-r--r-- 1 root root 1520 Aug 8 12:55 nginx.conf
root@k8s-master-01:/opt/k8s-data/dockerfile/web/wework/nginx#
开始构建镜像
root@k8s-master-01:/opt/k8s-data/dockerfile/web/wework/nginx# ./build-command.sh v1
Sending build context to Docker daemon 7.168kB
Step 1/7 : FROM harbor.intra.com/pub-images/nginx-base:v1.18.0
---> e645795e0516
Step 2/7 : ADD nginx.conf /usr/local/nginx/conf/nginx.conf
---> Using cache
---> 10908e179f69
Step 3/7 : ADD app1.tar.gz /usr/local/nginx/html/webapp/
---> Using cache
---> 7b153044fc53
Step 4/7 : ADD index.html /usr/local/nginx/html/index.html
---> Using cache
---> 063bd75a66ed
Step 5/7 : RUN mkdir -p /usr/local/nginx/html/webapp/static /usr/local/nginx/html/webapp/images
---> Using cache
---> 03ac009708c5
Step 6/7 : EXPOSE 80 443
---> Using cache
---> c8051ce7ed26
Step 7/7 : CMD ["nginx"]
---> Using cache
---> cfaab53ee103
Successfully built cfaab53ee103
Successfully tagged harbor.intra.com/wework/nginx-web1:v1
镜像构建完成,即将上传到harbor
The push refers to repository [harbor.intra.com/wework/nginx-web1]
3a5cda11572a: Pushed
157cbe121239: Pushed
2b58dc2a7ea6: Pushed
de5ef3221cdb: Pushed
add7044db687: Mounted from pub-images/nginx-base
48509365cc6b: Mounted from pub-images/nginx-base
866a31dd9674: Mounted from pub-images/nginx-base
d7f831641e18: Mounted from pub-images/nginx-base
f4b52134c525: Mounted from pub-images/nginx-base
0533300cca03: Mounted from pub-images/nginx-base
30a12549c4a3: Mounted from pub-images/nginx-base
ce1fb445c72c: Mounted from pub-images/nginx-base
174f56854903: Mounted from pub-images/nginx-base
v1: digest: sha256:9743f3dcfd1b8f309c41d8afa8d9d9e3c06818bdad2d45b41b74ddbd0cfda61f size: 3043
镜像上传到harbor完成
6. 配置nginx yaml
nginx yaml
命名空间 wework
apiVersion: v1
kind: Namespace
metadata:
name: wework
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: wework-nginx-deployment-label
name: wework-nginx-deployment
namespace: wework
spec:
replicas: 1
selector:
matchLabels:
app: wework-nginx-selector
template:
metadata:
labels:
app: wework-nginx-selector
spec:
containers:
- name: wework-nginx-container
image: harbor.intra.com/wework/nginx-web1:v1
ports:
- containerPort: 80
protocol: TCP
name: http
- containerPort: 443
protocol: TCP
name: https
env:
- name: "password"
value: "123456"
- name: "age"
value: "20"
resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 500m
memory: 1Gi
volumeMounts:
- name: wework-images
mountPath: /usr/local/nginx/html/webapp/images
readOnly: false
- name: wework-static
mountPath: /usr/local/nginx/html/webapp/static
readOnly: false
volumes:
- name: wework-images
nfs:
server: 192.168.31.109
path: /data/k8s/wework/images
- name: wework-static
nfs:
server: 192.168.31.104
path: /data/k8s/wework/static
---
kind: Service
apiVersion: v1
metadata:
labels:
app: wework-nginx-service-label
name: wework-nginx-service
namespace: wework
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
nodePort: 30090
- name: https
port: 443
protocol: TCP
targetPort: 443
nodePort: 30091
selector:
app: wework-nginx-selector
root@k8s-master-01:/opt/k8s-data/yaml/wework/nginx# kubectl apply -f nginx.yaml
namespace/wework unchanged
deployment.apps/wework-nginx-deployment configured
service/wework-nginx-service created
root@k8s-master-01:/opt/k8s-data/yaml/wework/nginx# kubectl get ns
NAME STATUS AGE
default Active 103d
kube-node-lease Active 103d
kube-public Active 103d
kube-system Active 103d
kubernetes-dashboard Active 8d
kuboard Active 7d21h
n60 Active 5d3h
wework Active 12m
root@k8s-master-01:/opt/k8s-data/yaml/wework/nginx# kubectl get pods -n wework
NAME READY STATUS RESTARTS AGE
wework-nginx-deployment-55fd76774f-22lb8 1/1 Running 0 13s
root@k8s-master-01:/opt/k8s-data/yaml/wework/nginx# kubectl get svc -n wework
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
wework-nginx-service NodePort 10.200.89.252 <none> 80:30090/TCP,443:30091/TCP 19s
root@k8s-master-01:/opt/k8s-data/yaml/wework/nginx# kubectl get ep -n wework
NAME ENDPOINTS AGE
wework-nginx-service 172.100.76.147:443,172.100.76.147:80 28s
测试
root@k8s-master-01:/opt/k8s-data/yaml/wework/nginx# curl 192.168.31.113:30090
nginx wework-web1 v1
root@k8s-master-01:/opt/k8s-data/yaml/wework/nginx# curl http://192.168.31.113:30090/webapp/static/index.html
in wework/static/
root@k8s-master-01:/opt/k8s-data/yaml/wework/nginx# curl http://192.168.31.113:30090/webapp/images/index.html
in wework/images
7. 构建Jdk
Dockerfile
#JDK Base Image
FROM harbor.intra.com/baseimages/centos-base:7.9.2009
ADD jdk-8u212-linux-x64.tar.gz /usr/local/src/
RUN ln -sv /usr/local/src/jdk1.8.0_212 /usr/local/jdk
ADD profile /etc/profile
ENV JAVA_HOME /usr/local/jdk
ENV JRE_HOME $JAVA_HOME/jre
ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/
ENV PATH $PATH:$JAVA_HOME/bin
build
#!/bin/bash
docker build -t harbor.intra.com/pub-images/jdk-base:v8.212 .
sleep 1
docker push harbor.intra.com/pub-images/jdk-base:v8.212
构建镜像harbor.intra.com/pub-images/jdk-base:v8.212
root@k8s-master-01:/opt/k8s-data/dockerfile/web/pub-images/jdk-1.8.212# ./build-command.sh
Sending build context to Docker daemon 195MB
Step 1/8 : FROM harbor.intra.com/baseimages/centos-base:7.9.2009
---> 4aa2d689b2b6
Step 2/8 : ADD jdk-8u212-linux-x64.tar.gz /usr/local/src/
---> 72963c7a811d
Step 3/8 : RUN ln -sv /usr/local/src/jdk1.8.0_212 /usr/local/jdk
---> Running in 4db0c48add71
'/usr/local/jdk' -> '/usr/local/src/jdk1.8.0_212'
Removing intermediate container 4db0c48add71
---> 87349d90709f
Step 4/8 : ADD profile /etc/profile
---> e86576f80d28
Step 5/8 : ENV JAVA_HOME /usr/local/jdk
---> Running in 22ea26aa3d6b
Removing intermediate container 22ea26aa3d6b
---> 7cd7fba139c9
Step 6/8 : ENV JRE_HOME $JAVA_HOME/jre
---> Running in e4e3f54035b4
Removing intermediate container e4e3f54035b4
---> 6a6a39a69d56
Step 7/8 : ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/
---> Running in 22844d5c04f0
Removing intermediate container 22844d5c04f0
---> 18073f89ee26
Step 8/8 : ENV PATH $PATH:$JAVA_HOME/bin
---> Running in add95765d747
Removing intermediate container add95765d747
---> 7c67b5ec4ce0
Successfully built 7c67b5ec4ce0
Successfully tagged harbor.intra.com/pub-images/jdk-base:v8.212
The push refers to repository [harbor.intra.com/pub-images/jdk-base]
aadaa9679cb8: Pushed
fc305a4ba468: Pushed
ab93afc6a659: Pushed
d7f831641e18: Mounted from pub-images/nginx-base
f4b52134c525: Mounted from pub-images/nginx-base
0533300cca03: Mounted from pub-images/nginx-base
30a12549c4a3: Mounted from pub-images/nginx-base
ce1fb445c72c: Mounted from pub-images/nginx-base
174f56854903: Mounted from pub-images/nginx-base
v8.212: digest: sha256:dcaabeec3fa813ac755888ec45f98c1e5e3acaf2b81369c940d205ebd7611038 size: 2209
root@k8s-master-01:/opt/k8s-data/dockerfile/web/pub-images/jdk-1.8.212# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
harbor.intra.com/pub-images/jdk-base v8.212 7c67b5ec4ce0 2 minutes ago 1.49GB
确认镜像java版本及环境变量配置是否正确
root@k8s-master-01:/opt/k8s-data/dockerfile/web/pub-images/jdk-1.8.212# docker run -it --rm harbor.intra.com/pub-images/jdk-base:v8.212 bash
[root@6434537b3703 /]# java -version
java version "1.8.0_212"
Java(TM) SE Runtime Environment (build 1.8.0_212-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.212-b10, mixed mode)
[root@7303fd33df25 /]# env
HOSTNAME=7303fd33df25
TERM=xterm
JRE_HOME=/usr/local/jdk/jre
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/jdk/bin
PWD=/
JAVA_HOME=/usr/local/jdk
SHLVL=1
HOME=/root
CLASSPATH=/usr/local/jdk/lib/:/usr/local/jdk/jre/lib/
_=/usr/bin/env
8. 构建Tomcat镜像
Dockerfile
#Tomcat 8.5.43基础镜像
FROM harbor.intra.com/pub-images/jdk-base:v8.212
RUN mkdir /apps /data/tomcat/webapps /data/tomcat/logs -pv
ADD apache-tomcat-8.5.43.tar.gz /apps
RUN useradd tomcat -u 2050 && ln -sv /apps/apache-tomcat-8.5.43 /apps/tomcat && chown -R tomcat.tomcat /apps /data -R
build
#!/bin/bash
docker build -t harbor.intra.com/pub-images/tomcat-base:v8.5.43 .
sleep 3
docker push harbor.intra.com/pub-images/tomcat-base:v8.5.43
构建Tomcat镜像harbor.intra.com/pub-images/tomcat-base:v8.5.43
root@k8s-master-01:/opt/k8s-data/dockerfile/web/pub-images/tomcat-base-8.5.43# ./build-command.sh
Sending build context to Docker daemon 9.721MB
Step 1/4 : FROM harbor.intra.com/pub-images/jdk-base:v8.212
---> 7c67b5ec4ce0
Step 2/4 : RUN mkdir /apps /data/tomcat/webapps /data/tomcat/logs -pv
---> Running in b451e24cdb51
mkdir: created directory '/apps'
mkdir: created directory '/data'
mkdir: created directory '/data/tomcat'
mkdir: created directory '/data/tomcat/webapps'
mkdir: created directory '/data/tomcat/logs'
Removing intermediate container b451e24cdb51
---> cee348d63ec3
Step 3/4 : ADD apache-tomcat-8.5.43.tar.gz /apps
---> 94c73987b888
Step 4/4 : RUN useradd tomcat -u 2050 && ln -sv /apps/apache-tomcat-8.5.43 /apps/tomcat && chown -R tomcat.tomcat /apps /data -R
---> Running in 10559cbf38ce
'/apps/tomcat' -> '/apps/apache-tomcat-8.5.43'
Removing intermediate container 10559cbf38ce
---> 8ea246a48b19
Successfully built 8ea246a48b19
Successfully tagged harbor.intra.com/pub-images/tomcat-base:v8.5.43
The push refers to repository [harbor.intra.com/pub-images/tomcat-base]
dd8f6a0cdeaa: Pushed
3447904f79c4: Pushed
7adc429e9dda: Pushed
aadaa9679cb8: Mounted from pub-images/jdk-base
fc305a4ba468: Mounted from pub-images/jdk-base
ab93afc6a659: Mounted from pub-images/jdk-base
d7f831641e18: Mounted from pub-images/jdk-base
f4b52134c525: Mounted from pub-images/jdk-base
0533300cca03: Mounted from pub-images/jdk-base
30a12549c4a3: Mounted from pub-images/jdk-base
ce1fb445c72c: Mounted from pub-images/jdk-base
174f56854903: Mounted from pub-images/jdk-base
v8.5.43: digest: sha256:52d05e86cb0651f2fe224ef97c19015776556eb9eec9d573bd0b870d7c8851eb size: 2838
9. 构建Wework项目Tomcat app
Dockerfile
#tomcat web1
FROM harbor.intra.com/pub-images/tomcat-base:v8.5.43
ADD catalina.sh /apps/tomcat/bin/catalina.sh
ADD server.xml /apps/tomcat/conf/server.xml
ADD app1.tar.gz /data/tomcat/webapps/myapp/
ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh
RUN chown -R nginx.nginx /data/ /apps/
EXPOSE 8080 8443
CMD ["/apps/tomcat/bin/run_tomcat.sh"]
build
#!/bin/bash
TAG=$1
docker build -t harbor.intra.com/wework/tomcat-app1:${
TAG} .
sleep 3
docker push harbor.intra.com/wework/tomcat-app1:${
TAG}
构建wework项目tomcat app
harbor.intra.com/wework/tomcat-app1:v1
root@k8s-master-01:/opt/k8s-data/dockerfile/web/wework/tomcat-app1# ./build-command.sh v1
Sending build context to Docker daemon 24.13MB
Step 1/8 : FROM harbor.intra.com/pub-images/tomcat-base:v8.5.43
---> 8ea246a48b19
Step 2/8 : ADD catalina.sh /apps/tomcat/bin/catalina.sh
---> cea5baadac4d
Step 3/8 : ADD server.xml /apps/tomcat/conf/server.xml
---> 58f377ffd9bb
Step 4/8 : ADD app1.tar.gz /data/tomcat/webapps/myapp/
---> 22022b6ad43b
Step 5/8 : ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh
---> a8168086d164
Step 6/8 : RUN chown -R nginx.nginx /data/ /apps/
---> Running in 2bf1890a814d
Removing intermediate container 2bf1890a814d
---> cf2a0a834e48
Step 7/8 : EXPOSE 8080 8443
---> Running in 700d0997c9aa
Removing intermediate container 700d0997c9aa
---> b111c2979f17
Step 8/8 : CMD ["/apps/tomcat/bin/run_tomcat.sh"]
---> Running in a0014defd1a5
Removing intermediate container a0014defd1a5
---> 87152ed32f8c
Successfully built 87152ed32f8c
Successfully tagged harbor.intra.com/wework/tomcat-app1:v1
The push refers to repository [harbor.intra.com/wework/tomcat-app1]
6e39205ea13e: Pushed
0fdcd2c4b787: Pushed
14f65bcfbf17: Pushed
524d0b6013b3: Pushed
e03b1f42acaa: Pushed
dd8f6a0cdeaa: Mounted from pub-images/tomcat-base
3447904f79c4: Mounted from pub-images/tomcat-base
7adc429e9dda: Mounted from pub-images/tomcat-base
aadaa9679cb8: Mounted from pub-images/tomcat-base
fc305a4ba468: Mounted from pub-images/tomcat-base
ab93afc6a659: Mounted from pub-images/tomcat-base
d7f831641e18: Mounted from wework/nginx-web1
f4b52134c525: Mounted from wework/nginx-web1
0533300cca03: Mounted from wework/nginx-web1
30a12549c4a3: Mounted from wework/nginx-web1
ce1fb445c72c: Mounted from wework/nginx-web1
174f56854903: Mounted from wework/nginx-web1
v1: digest: sha256:c5d2a0b8086c7343e64e31434b79e054cbeff97a6cafc3ea1e114898a9289f3c size: 3879
验证tomcat服务
docker run -d --rm -p 8080:8080 harbor.intra.com/wework/tomcat-app1:v1
42dd110163f81f2a56033e598f0e2912dc387aa320b553415576b2a789f338d1
curl http://192.168.31.101:8080/myapp/
tomcat app1 for wework
10. 配置Tomcat app1 yaml
tomcat-app1.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: wework-tomcat-app1-deployment-label
name: wework-tomcat-app1-deployment
namespace: wework
spec:
replicas: 1
selector:
matchLabels:
app: wework-tomcat-app1-selector
template:
metadata:
labels:
app: wework-tomcat-app1-selector
spec:
containers:
- name: wework-tomcat-app1-container
image: harbor.intra.com/wework/tomcat-app1:v1
ports:
- containerPort: 8080
protocol: TCP
name: http
env:
- name: "password"
value: "123456"
- name: "age"
value: "18"
resources:
limits:
cpu: 1
memory: "512Mi"
requests:
cpu: 500m
memory: "512Mi"
volumeMounts:
- name: wework-images
mountPath: /usr/local/nginx/html/webapp/images
readOnly: false
- name: wework-static
mountPath: /usr/local/nginx/html/webapp/static
readOnly: false
volumes:
- name: wework-images
nfs:
server: 192.168.31.109
path: /data/k8s/wework/images
- name: wework-static
nfs:
server: 192.168.31.104
path: /data/k8s/wework/static
---
kind: Service
apiVersion: v1
metadata:
labels:
app: wework-tomcat-app1-service-label
name: wework-tomcat-app1-service
namespace: wework
spec:
# type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
# nodePort: 30092
selector:
app: wework-tomcat-app1-selector
为了测试打开了NodePort使得tomcat可以通过30092访问.
root@k8s-master-01:/opt/k8s-data/yaml/wework/tomcat-app1# kubectl get svc -n wework
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
wework-nginx-service NodePort 10.200.89.252 <none> 80:30090/TCP,443:30091/TCP 3h14m
wework-tomcat-app1-service NodePort 10.200.170.145 <none> 80:30092/TCP 10m
root@k8s-master-01:/opt/k8s-data/yaml/wework/tomcat-app1# kubectl get ep -n wework
NAME ENDPOINTS AGE
wework-nginx-service 172.100.76.147:443,172.100.76.147:80 3h14m
wework-tomcat-app1-service 172.100.140.77:8080 10m
root@k8s-master-01:/opt/k8s-data/yaml/wework/tomcat-app1# curl 192.168.31.113:30092/myapp/
tomcat app1 for wework
root@k8s-master-01:/opt/k8s-data/yaml/wework/tomcat-app1# kubectl exec -it wework-nginx-deployment-55fd76774f-22lb8 -n wework bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
[root@wework-nginx-deployment-55fd76774f-22lb8 /]# curl wework-tomcat-app1-service.wework.svc.magedu.local/myapp/
tomcat app1 for wework
[root@wework-nginx-deployment-55fd76774f-22lb8 /]# ping wework-tomcat-app1-service.wework.svc.magedu.local -c 1
PING wework-tomcat-app1-service.wework.svc.magedu.local (10.200.170.145) 56(84) bytes of data.
64 bytes from wework-tomcat-app1-service.wework.svc.magedu.local (10.200.170.145): icmp_seq=1 ttl=64 time=0.023 ms
--- wework-tomcat-app1-service.wework.svc.magedu.local ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.023/0.023/0.023/0.000 ms
11. 修改nginx镜像的nginx.conf
将tomcat的service写入tomcat_webserver的upstream中,这样后期对tomcat的伸缩就会由service管控,nginx只需要将请求转发值tomcat service即可.
upstream tomcat_webserver {
server wework-tomcat-app1-service.wework.svc.magedu.local:80
}
将访问/myapp的请求转发至tomcat service
location /myapp {
proxy_pass http://tomcat_webserver;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
nginx.conf所有内如如下
user nginx nginx;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
daemon off;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream tomcat_webserver {
server wework-tomcat-app1-service.wework.svc.magedu.local:80;
}
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
location /webapp {
root html;
index index.html index.htm;
}
location /myapp {
proxy_pass http://tomcat_webserver;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
重新构建nginx镜像
root@k8s-master-01:/opt/k8s-data/dockerfile/web/wework/nginx# ./build-command.sh v2
...略
174f56854903: Layer already exists
v2: digest: sha256:36962f095f3e112ec755ccb89aeff278bfafee5f88768ddcad2da9805f2c6780 size: 3043
镜像上传到harbor完成
root@k8s-master-01:/opt/k8s-data/dockerfile/web/wework/nginx# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
harbor.intra.com/wework/nginx-web1 v2 7ea9eec844b1 17 seconds ago 1.28GB
略
修改nginx.yaml
image: harbor.intra.com/wework/nginx-web1:v2
更新nginx镜像
root@k8s-master-01:/opt/k8s-data/yaml/wework/nginx# kubectl apply -f nginx.yaml
namespace/wework unchanged
deployment.apps/wework-nginx-deployment configured
service/wework-nginx-service unchanged
测试访问nginx的service
root@k8s-master-01:~# kubectl get svc -n wework
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
wework-nginx-service NodePort 10.200.89.252 <none> 80:30090/TCP,443:30091/TCP 18h
wework-tomcat-app1-service NodePort 10.200.170.145 <none> 80:30092/TCP 15h
root@k8s-master-01:~# kubectl get ep -n wework
NAME ENDPOINTS AGE
wework-nginx-service 172.100.76.149:443,172.100.76.149:80 18h
wework-tomcat-app1-service 172.100.76.151:8080 15h
root@k8s-master-01:~# curl 192.168.31.113:30090
nginx wework-web1 v1
root@k8s-master-01:~# curl 192.168.31.113:30090/myapp/
tomcat app1 for wework
此时tomcat的nodeport还开着
root@k8s-master-01:~# curl 192.168.31.113:30092/myapp/
tomcat app1 for wework
root@k8s-master-01:~# curl 192.168.31.188/myapp/
tomcat app1 for wework
修改tomcat svc部分配置关闭NodePort映射,并更新tomcat
其他部分略
---
kind: Service
apiVersion: v1
metadata:
labels:
app: wework-tomcat-app1-service-label
name: wework-tomcat-app1-service
namespace: wework
spec:
#type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
# nodePort: 30092
selector:
app: wework-tomcat-app1-selector
更新后可以看到wework-tomcat-app1-service已经不再对外做映射
root@k8s-master-01:/opt/k8s-data/yaml/wework/tomcat-app1# kubectl apply -f tomcat-app1.yaml
deployment.apps/wework-tomcat-app1-deployment configured
service/wework-tomcat-app1-service configured
root@k8s-master-01:/opt/k8s-data/yaml/wework/tomcat-app1# kubectl get svc -n wework
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
wework-nginx-service NodePort 10.200.89.252 <none> 80:30090/TCP,443:30091/TCP 18h
wework-tomcat-app1-service ClusterIP 10.200.170.145 <none> 80/TCP
测试访问nginx的service
root@k8s-master-01:~# curl 192.168.31.188
nginx wework-web1 v1
root@k8s-master-01:~# curl 192.168.31.113:30090
nginx wework-web1 v1
root@k8s-master-01:~# curl 192.168.31.113:30090/myapp/
tomcat app1 for wework
root@k8s-master-01:~# curl 192.168.31.188/myapp/
tomcat app1 for wework
至此通过nginx的service实现动静分离已经实现
