前提:已安裝好k8s集群
1.安裝harbor
先在安裝harbor的節(jié)點(diǎn)上安裝docker-compose:curl -L "https://get.daocloud.io/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose (使用的daocloud的源)霉翔,然后執(zhí)行:chmod +x /usr/local/bin/docker-compose 即可笋敞,使用:docker-compose--version 進(jìn)行檢查磨淌。
下載harbor最新穩(wěn)定的包:https://github.com/goharbor/harbor/releases/download/v2.3.3/harbor-offline-installer-v2.3.3.tgz? ,在服務(wù)器上解壓:tar zxvf harbor-offline-installerv2.3.3.tgz爬早,進(jìn)入harbor目錄自娩,復(fù)制一個(gè)harbor.yml文件,進(jìn)行修改孽鸡,將hostname修改為了服務(wù)器的ip(目前單節(jié)點(diǎn)先測(cè)通腐螟,用最簡(jiǎn)單的方式),然后將https相關(guān)內(nèi)容注釋調(diào),然后便可執(zhí)行install.sh钦幔,相當(dāng)于拉取了一些鏡像枕屉,創(chuàng)建了一些容器,最終啟動(dòng)了harbor鲤氢。
因?yàn)闆]有使用https搀擂,所以還要修改/etc/docker/daemon.json,增加一個(gè)配置 "insecure-registries": ["192.168.56.100"](harbor服務(wù)器ip)卷玉,然后重啟docker(這個(gè)操作在之后k8s的工作節(jié)點(diǎn)也要執(zhí)行I谒獭!)相种,還要重啟harbor威恼,在harbor目錄下執(zhí)行:docker-compose up。? 此時(shí)可訪問服務(wù)器的80端口寝并,進(jìn)入harbor頁(yè)面箫措,默認(rèn)賬號(hào):admin,密碼:Harbor2345衬潦。? ?點(diǎn)擊左側(cè)菜單中的用戶管理斤蔓,新增一個(gè)用戶。然后點(diǎn)擊左側(cè)的項(xiàng)目镀岛,可新建一個(gè)鏡像倉(cāng)庫(kù)弦牡。
2.編寫dockerfile友驮,創(chuàng)建鏡像
一個(gè)簡(jiǎn)單的springboot項(xiàng)目,打成jar(demo01.jar)驾锰,上傳到服務(wù)器卸留,編寫一個(gè)dockerfile(demo01-dockerfile):
FROM openjdk:8
ADD demo01.jar demo01.jar
ENV JAVA_OPTS=""
ENTRYPOINT [ "sh", "-c", "java $JAVA_OPTS? -jar /demo01.jar" ]
然后創(chuàng)建鏡像:docker build -t 192.168.56.100/zzn/demo01:v1 -f?demo01-dockerfile .(tag名直接寫harbor服務(wù)器ip地址,一步到位)椭豫,然后在當(dāng)前節(jié)點(diǎn)登錄harbor:docker login 192.168.56.100 -u 用戶名 -p 密碼?艾猜,最后將鏡像推往harbor:docker push?192.168.56.100/zzn/demo01:v1
3.k8s部署服務(wù)
創(chuàng)建一個(gè)k8s的Secrets:
kubectl create secret docker-registry docker-harbor01 \
--docker-server=192.168.56.100 \
--docker-username=huyao? ? ? ? \
--docker-password=Harbor12345? ? \
--docker-email=huyao@qq.com
這一步不做,docker login了也沒用捻悯。最后就是編寫k8s的yaml(demo01.yaml):
apiVersion: apps/v1
kind: Deployment? ? ?
metadata:
? name: deploy-demo01
spec:
? replicas: 3
? selector:
? ? matchLabels:
? ? ? app: demo01
? template:
? ? metadata:
? ? ? labels:
? ? ? ? app: demo01
? ? spec:
? ? ? containers:
? ? ? - name: demo01
? ? ? ? image: 192.168.56.100/zzn/demo01:v1
? ? ? imagePullSecrets:
? ? ? - name: docker-harbor01
imagePullSecrets指定的是剛剛創(chuàng)建的secret 。然后執(zhí)行yaml:kubectl apply -f demo01.yaml淤毛。檢查:kubectl get pods -owide今缚,發(fā)現(xiàn)3個(gè)pod都是running的狀態(tài)了〉偷可以創(chuàng)建service:kubectl expose deployment deploy-demo01 --port=微服務(wù)端口 --type=NodePort姓言,然后使用:kubectl get svc,deploy -owide 進(jìn)行查看NodePort的端口,訪問各工作節(jié)點(diǎn)的指定端口看接口是否可正常訪問
------------------------------------------------------------------------------------------------------------------------------------
部署網(wǎng)關(guān)和兩個(gè)微服務(wù),使用ingress對(duì)外暴露
1.編寫三個(gè)springcloud微服務(wù)蔗蹋,一個(gè)gateway何荚,一個(gè)訂單,一個(gè)支付猪杭,訂單通過feign訪問支付餐塘,三個(gè)服務(wù)注冊(cè)到宿主機(jī)的nacos上(對(duì)于k8s,我是初學(xué)者皂吮,但根據(jù)個(gè)人經(jīng)驗(yàn)戒傻,我傾向于將有狀態(tài)的服務(wù)還是部署在物理機(jī)上,如mysql蜂筹,redis需纳,nacos等)
2.為每個(gè)寫dockerfile,生成鏡像艺挪,上傳至harbor
3.為每一個(gè)微服務(wù)編寫k8s需要的yaml不翩,訂單的order.yaml:
apiVersion: apps/v1
kind: Deployment? ? ?
metadata:
? name: deploy-order
spec:
? selector:
? ? matchLabels:
? ? ? app: order
? template:
? ? metadata:
? ? ? labels:
? ? ? ? app: order
? ? spec:
? ? ? containers:
? ? ? - name: order
? ? ? ? image: 192.168.56.100/zzn/k8s-order:v1
? ? ? imagePullSecrets:
? ? ? - name: docker-harbor01
支付的yaml基本和訂單一致印衔,關(guān)于網(wǎng)關(guān)的yaml肛循,因?yàn)橐蛲獗┞叮⒁獙?duì)接ingress摊鸡,所以還需要一個(gè)service津坑,配置如下:
apiVersion: apps/v1
kind: Deployment? ? ?
metadata:
? name: deploy-gateway
spec:
? selector:
? ? matchLabels:
? ? ? app: gateway
? template:
? ? metadata:
? ? ? labels:
? ? ? ? app: gateway
? ? spec:
? ? ? containers:
? ? ? - name: gateway
? ? ? ? image: 192.168.56.100/zzn/k8s-gateway:v1
? ? ? imagePullSecrets:
? ? ? - name: docker-harbor01
---
apiVersion: v1
kind: Service
metadata:
? labels:
? ? app: gateway-service
? name: gateway-service
spec:
? selector:
? ? app: gateway
? ports:
? - port: 7001
? ? protocol: TCP
? ? targetPort: 6001
? type: ClusterIP
注意:service配置下的selector對(duì)應(yīng)的是pod的label亚皂!
4.應(yīng)用三個(gè)微服務(wù)的yaml,生成deploy和網(wǎng)關(guān)的service
5.安裝ingress:
wgethttps://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml
#修改鏡像: vi deploy.yaml? #將image的值改為如下值:registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/ingress-nginx-controller:v0.46.0
#應(yīng)用配置国瓮,安裝ingress:kubectl apply -f deploy.yaml
# 檢查安裝的結(jié)果:kubectl get pod,svc -n ingress-nginx
6.編寫針對(duì)網(wǎng)關(guān)的ingress的yaml:
apiVersion: networking.k8s.io/v1
kind: Ingress?
metadata:
? name: ingress-host-bar
spec:
? ingressClassName: nginx
? rules:
? - host: "hello.xiaoer.com"
? ? http:
? ? ? paths:
? ? ? - pathType: Prefix
? ? ? ? path: "/"
? ? ? ? backend:
? ? ? ? ? service:
? ? ? ? ? ? name: gateway-service
? ? ? ? ? ? port:
? ? ? ? ? ? ? number: 6001
查看ingress暴露的對(duì)應(yīng)端口:kubectl get svc -n ingress-nginx
輸出:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller? ? ? ? ? ? NodePort? ? 10.96.25.30? <none>? ? ? ? 80:32522/TCP,443:30615/TCP? 25h
ingress-nginx-controller-admission? ClusterIP? 10.96.95.21? <none>? ? ? ? 443/TCP? ? ? ? ? ? ? ? ? ? ? 25h
7.測(cè)試灭必,本機(jī)在host文件中添加網(wǎng)關(guān)的ingress中配置的域名狞谱,指向幾個(gè)工作節(jié)點(diǎn),在本機(jī)瀏覽器訪問:http://hello.xiaoer.com:32522/order/test/pay? 看是否正常返回?cái)?shù)據(jù)
參考:https://www.yuque.com/leifengyang/oncloud/ctiwgo#gSYVF
