k8s集群部署python+django项目
k8s集群部署python+django项目
·
一、环境说明
操作系统:centos7
kubernetes:16.0
docker:18.06
| 主机名 | 内网地址 | 公网地址 | 类型 |
|---|---|---|---|
| k8s:master | 172.16.32.3 | 129.204.91.19 | masters |
| k8s-none01 | 172.16.32.4 | 129.204.107.75 | nodes |
| k8s-none02 | 172.16.32.9 | 129.204.2.2 | nodes |
| mysql | 172.16.32.9 | 129.204.2.2 | nodes |
| 镜像仓库地址 | ccr.ccs.tencentyun.com | registry |
二、环境检查
[root@k8s-master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 15m v1.16.0
k8s-node01 Ready <none> 14m v1.16.0
k8s-node02 Ready <none> 13m v1.16.0
[root@k8s-master ~]# kubectl get pod
No resources found in default namespace.
[root@k8s-master ~]# kubectl get namespace
NAME STATUS AGE
default Active 15m
kube-node-lease Active 15m
kube-public Active 15m
kube-system Active 15m
[root@k8s-master python]# mysql -udevops1 -p1234 -h172.16.32.9 -e "show databases;"
+--------------------+
| Database |
+--------------------+
| information_schema |
| devops1 |
| test |
+--------------------+
[root@k8s-master ~]# cat /etc/docker/daemon.json
{"registry-mirrors": ["https://f1z25q5p.mirror.aliyuncs.com"],
"insecure-registries":[ "ccr.ccs.tencentyun.com" ],
"exec-opts": ["native.cgroupdriver=systemd"]
}
[root@k8s-node02~]# cat /etc/docker/daemon.json
{"registry-mirrors": ["https://f1z25q5p.mirror.aliyuncs.com"],
"insecure-registries":[ "ccr.ccs.tencentyun.com" ],
"exec-opts": ["native.cgroupdriver=systemd"]
}
[root@k8s-node02~]# cat /etc/docker/daemon.json
{"registry-mirrors": ["https://f1z25q5p.mirror.aliyuncs.com"],
"insecure-registries":[ "ccr.ccs.tencentyun.com" ],
"exec-opts": ["native.cgroupdriver=systemd"]
}
三、克隆项目
[root@k8s-master ~]# mkdir -p /data/python
[root@k8s-master ~]# cd /data/python/
[root@k8s-master python]# yum -y install git >/dev/null
[root@k8s-master python]# git clone -b dev1 https://gitee.com/mydoyou/devops.git
Cloning into 'devops'...
Username for 'https://gitee.com': 919497370@qq.com
Password for 'https://919497370@qq.com@gitee.com':
remote: Enumerating objects: 2289, done.
remote: Counting objects: 100% (2289/2289), done.
remote: Compressing objects: 100% (1779/1779), done.
remote: Total 2289 (delta 704), reused 1937 (delta 452), pack-reused 0
Receiving objects: 100% (2289/2289), 18.22 MiB | 4.21 MiB/s, done.
Resolving deltas: 100% (704/704), done.
四、项目镜像准备
[root@k8s-master python]# pwd
/data/python
[root@k8s-master python]# cat Dockerfile
FROM python:3.6
COPY devops/requirements.txt /data/devops/requirements.txt
WORKDIR /data/devops
RUN pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
[root@k8s-master python]# docker build -t python-templete:3.6 .
Sending build context to Docker daemon 58.47MB
Step 1/4 : FROM python:3.6
---> 1daf62e8cab5
Step 2/4 : COPY devops/requirements.txt /data/devops/requirements.txt
Successfully tagged python-templete:3.6
[root@k8s-master python]# docker login -u919497370 -pxxxx! ccr.ccs.tencentyun.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@k8s-master python]# docker tag python-templete:3.6 ccr.ccs.tencentyun.com/carl-2020/kubernetes:templata
[root@k8s-master python]# docker push ccr.ccs.tencentyun.com/carl-2020/kubernetes:templata
五、构建项目镜像
#修改Dockerfle文件
[root@k8s-master python]# cat Dockerfile
FROM ccr.ccs.tencentyun.com/carl-2020/kubernetes:templata
COPY devops /data/devops/
WORKDIR /data/devops
RUN python manage.py migrate
EXPOSE 7000
CMD ["python", "manage.py", "runserver", "0.0.0.0:7000"]
[root@k8s-master python]# docker build -t ccr.ccs.tencentyun.com/carl-2020/kubernetes:pro-v1 .
[root@k8s-master python]# docker push ccr.ccs.tencentyun.com/carl-2020/kubernetes:pro-v1
六、在k8s集群上部署项目
[root@k8s-master python]# kubectl create secret docker-registry registry-auth --docker-username=919497370 --docker-password=xxxx --docker-server=ccr.ccs.tencentyun.com
[root@k8s-master python]# kubectl get secret
NAME TYPE DATA AGE
default-token-5455s kubernetes.io/service-account-token 3 61m
registry-auth kubernetes.io/dockerconfigjson 1 31m
[root@k8s-master python]# cat deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: pro-v1
name: pro-v1
spec:
replicas: 1
selector:
matchLabels:
app: pro-v1
template:
metadata:
labels:
app: pro-v1
spec:
imagePullSecrets:
- name: "registry-auth"
containers:
- image: ccr.ccs.tencentyun.com/carl-2020/kubernetes:pro-v1
name: pro-v1
resources: {}
[root@k8s-master python]# kubectl get pod
NAME READY STATUS RESTARTS AGE
pro-v1-5854697c78-8z7kw 1/1 Running 0 108s
[root@k8s-master python]# cat service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: pro-v1
name: pro-v1
spec:
ports:
- port: 7000
protocol: TCP
targetPort: 7000
# nodePort: 30019 #自定义nodeport的端口
selector:
app: pro-v1
# type: NodePort
[root@k8s-master python]# kubectl apply -f service.yaml
[root@k8s-master python]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 73m
pro-v1 ClusterIP 10.1.58.147 <none> 7000/TCP 40s
# 集群内使用集群ip访问
[root@k8s-master python]# curl 10.1.58.147:7000/login/login
七、使用ingress-nginx提供外部访问
[root@k8s-master python]# cat mandatory.yaml
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tcp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
kind: ConfigMap
apiVersion: v1
metadata:
name: udp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
hostNetwork: true
serviceAccountName: nginx-ingress-serviceaccount
nodeSelector:
kubernetes.io/os: linux
containers:
- name: nginx-ingress-controller
image: registry.aliyuncs.com/google_containers/nginx-ingress-controller:0.30.0
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 101
runAsUser: 101
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
---
apiVersion: v1
kind: LimitRange
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
limits:
- min:
memory: 90Mi
cpu: 100m
type: Container```
[root@k8s-master python]# kubectl apply -f mandatory.yaml
[root@k8s-master python]# cat ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: pro-v1
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: pro-v1.mydoyou.cn
http:
paths:
- path:
backend:
serviceName: pro-v1
servicePort: 7000
[root@k8s-master python]# kubectl apply -f ingress.yaml
ingress.extensions/pro-v1 created
[root@k8s-master python]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
pro-v1 pro-v1.mydoyou.cn 80 15m
[root@k8s-master python]# kubectl get pod -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-5c47696787-cwmdx 1/1 Running 0 24m 172.16.32.9 k8s-node02 <none> <none>
nginx-ingress-controller-kwgq2 1/1 Running 0 23m 172.16.32.4 k8s-node01 <none> <none>
nginx-ingress-controller-ldjns 0/1 Pending 0 23m <none> <none> <none> <none>
八、添加域名解析,并使用域名进行访问系统
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
8
0- 0
已为社区贡献4条内容
所有评论(0)