09--k8s里helm部署mysql、wordpress、harbor
09--k8s里helm部署mysql、wordpress、harbor
·
09--helm部署mysql、wordpress、harbor
1. k8s安装helm
1.1 安装helm
# 1. 下载helm
wget https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz
# 2. 安装helm
tar xf helm-v3.10.2-linux-amd64.tar.gz
cd linux-amd64/
cp helm /usr/bin/
1.2 helm简单命令
# 1. 增加bitnami仓库
root@master1:~# helm repo add bitnami https://charts.bitnami.com/bitnami
"bitnami" has been added to your repositories
# 1.1 移除aliyun仓库的方法
root@master01:~# helm repo remove aliyun
"aliyun" has been removed from your repositories
# 2. 查看本地仓库
root@master1:~# helm repo list
NAME URL
bitnami https://charts.bitnami.com/bitnami
# 2.1 在本地仓库搜索mysql用repo
root@master1:~# helm search repo mysql
NAME CHART VERSION APP VERSION DESCRIPTION
bitnami/mysql 9.4.8 8.0.32 MySQL is a fast, reliable, scalable, and easy t...
bitnami/phpmyadmin 10.4.2 5.2.1 phpMyAdmin is a free software tool written in P...
bitnami/mariadb 11.4.6 10.6.12 MariaDB is an open source, community-developed ...
bitnami/mariadb-galera 7.4.14 10.6.12 MariaDB Galera is a multi-primary database clus...
# 3. 部署mysql, helm install <release名称> <本地仓库名称/mysql>
helm install my-release bitnami/mysql
# 3.1 移除, helm uninstall <release名称> <本地仓库名称/mysql>
helm uninstall my-release bitnami/mysql
######
helm upgrade
release 更新
helm rollback
release 回滚
2. helm部署mysql
- bitnami仓库 https://artifacthub.io/packages/helm/bitnami/mysql
2.1 增加仓库、搜索mysql、查看storageClass
# 1. 增加bitnami仓库
root@master1:~# helm repo add bitnami https://charts.bitnami.com/bitnami
"bitnami" has been added to your repositories
# 1.1 在仓库搜索mysql ----- 我们选择部署bitnami/mysql
root@master1:~# helm search repo mysql
NAME CHART VERSION APP VERSION DESCRIPTION
bitnami/mysql 9.4.8 8.0.32 MySQL is a fast, reliable, scalable, and easy t...
bitnami/phpmyadmin 10.4.2 5.2.1 phpMyAdmin is a free software tool written in P...
bitnami/mariadb 11.4.6 10.6.12 MariaDB is an open source, community-developed ...
bitnami/mariadb-galera 7.4.14 10.6.12 MariaDB Galera is a multi-primary database clus...
# 2. 查看storageClass
root@master1:/tmp/mysql# kubectl get storageclasses.storage.k8s.io
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
nfs-csi nfs.csi.k8s.io Retain Immediate false 12d
# 2.1 创建命名空间
kubectl create namespace mysql-test
2.2 不同主从节点数部署mysql的方法
# 3.1 仅有主节点primary:
helm install mysql \
--set auth.rootPassword=Lec1347 \
--set primary.persistence.storageClass=nfs-csi \
--set auth.database=wpdb \
--set auth.username=wpuser \
--set auth.password='LEC.com' \
bitnami/mysql \
-n mysql-test
# 3.2 一主一从节点secondary:
helm install mysql \
--set auth.rootPassword=Lec1347 \
--set global.storageClass=nfs-csi \
--set architecture=replication \
--set auth.database=wpdb \
--set auth.username=wpuser \
--set auth.password='lec.com' \
--set secondary.replicaCount=1 \
--set auth.replicationPassword='replpass' \
bitnami/mysql \
-n mysql-test
# 3.3 多个从节点:
# * 说明:是否为主从架构,取决于architecture参数的值,可用值有默认的standalone,以及支持主从的replication
# * 更新命令 econdary.replicaCount---->从节点个数
helm upgrade mysql \
--set auth.rootPassword=Lec1347 \
--set global.storageClass=nfs-csi \
--set architecture=replication \
--set auth.database=wpdb \
--set auth.username=wpuser \
--set auth.password='lec.com' \
--set secondary.replicaCount=2 \
--set auth.replicationPassword='replpass' \
bitnami/mysql \
-n mysql-test
2.3 部署一主一从的
root@master01:/tmp/mysql# helm install mysql \
--set auth.rootPassword=Lec1347 \
--set global.storageClass=nfs-csi \
--set architecture=replication \
--set auth.database=wpdb \
--set auth.username=wpuser \
--set auth.password='lec.com' \
--set secondary.replicaCount=1 \
--set auth.replicationPassword='replpass' \
bitnami/mysql \
-n mysql-test
# 这是打印结果
NAME: mysql
LAST DEPLOYED: Fri Feb 17 23:21:41 2023
NAMESPACE: mysql-test
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: mysql
CHART VERSION: 9.4.8
APP VERSION: 8.0.32
** Please be patient while the chart is being deployed **
Tip:
Watch the deployment status using the command: kubectl get pods -w --namespace mysql-test
Services:
echo Primary: mysql-primary.mysql-test.svc.cluster.local:3306
echo Secondary: mysql-secondary.mysql-test.svc.cluster.local:3306
Execute the following to get the administrator credentials:
# mysql 的root用户和密码
echo Username: root
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace mysql-test mysql -o jsonpath="{.data.mysql-root-password}" | base64 -d)
To connect to your database:
1. Run a pod that you can use as a client:
# 创建pod做mysql的client
kubectl run mysql-client --rm --tty -i --restart='Never' --image docker.io/bitnami/mysql:8.0.32-debian-11-r0 --namespace mysql-test --env MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD --command -- bash
2. To connect to primary service (read/write):
# 用mysql的client测试连接主节点
mysql -h mysql-primary.mysql-test.svc.cluster.local -uroot -p"$MYSQL_ROOT_PASSWORD"
3. To connect to secondary service (read-only):
# 用mysql的client测试连接从节点
mysql -h mysql-secondary.mysql-test.svc.cluster.local -uroot -p"$MYSQL_ROOT_PASSWORD"
2.4 查看信息
# 5.1 查看release
root@master01:~# helm ls -n mysql-test
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
mysql mysql-test 1 2023-02-17 23:21:41.079199423 +0800 CST deployed mysql-9.4.8 8.0.32
# 5.2 查看svc
root@master01:~# kubectl get svc -n mysql-test
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mysql-primary ClusterIP 10.107.226.83 <none> 3306/TCP 67m
mysql-primary-headless ClusterIP None <none> 3306/TCP 67m
mysql-secondary ClusterIP 10.110.160.119 <none> 3306/TCP 67m
mysql-secondary-headless ClusterIP None <none> 3306/TCP 67m
# 5.3 查看pvc
root@master01:~# kubectl get pvc -n mysql-test
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
data-mysql-primary-0 Bound pvc-b30f4f34-f62d-4e21-9430-3bdee960708d 8Gi RWO nfs-csi 18m
data-mysql-secondary-0 Bound pvc-b84fb7e6-905d-44a6-b044-621983007206 8Gi RWO nfs-csi 18m
# 5.4 查看pod
root@master01:~# kubectl get pods -n mysql-test -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mysql-primary-0 1/1 Running 0 67m 10.244.2.16 node02.lec.org <none> <none>
mysql-secondary-0 1/1 Running 0 67m 10.244.1.14 node01.lec.org <none> <none>
2.5 mysql登录测试
# 6.1 创建pod作为mysql-client
# 方法
kubectl run mysql-client --rm --tty -i --restart='Never' --image docker.io/bitnami/mysql:8.0.32-debian-11-r0 --namespace mysql-test --env MYSQL_ROOT_PASSWORD=<mysql的root密码> --command -- bash
# 执行
root@master01:~# kubectl run mysql-client --rm --tty -i --restart='Never' --image docker.io/bitnami/mysql:8.0.32-debian-11-r0 --namespace mysql-test --env MYSQL_ROOT_PASSWORD=Lec1347 --command -- bash
# 6.2 连接主节点
# 方法
mysql -h mysql-primary.mysql-test.svc.cluster.local -uroot -p"<mysql的root密码>"
# 执行 测试root用户
mysql -h mysql-primary.mysql-test.svc.cluster.local -uroot -p"Lec1347"
# 执行 测试wpuser用户
mysql -h mysql-primary.mysql-test.svc.cluster.local -uwpuser -p"lec.com"
# 5.3 连接从节点
# 方法
mysql -h mysql-secondary.mysql-test.svc.cluster.local -uroot -p"<mysql的root密码>"
# 执行 测试root用户
mysql -h mysql-secondary.mysql-test.svc.cluster.local -uroot -p"Lec1347"
# 执行 测试wpuser用户
mysql -h mysql-secondary.mysql-test.svc.cluster.local -uwpuser -p"lec.com"
2.6 删除方法(可选)
- 先删除pod,再删除pvc,再删除pv
# 6.1 删除release,然后记得检查pod是否删除了,pod删除了在删除其他的
helm uninstall mysql -n mysql-test
# 查看pod
kubectl get pods -n mysql-test -o wide
# 6.2 删除其他
# 若pvc自动删除的话,就手动删除pv
# 6.2.1 删除pvc
kubectl delete pvc <pvc的名称> -n mysql-test
# 6.2.2 删除pv
kubectl delete pv <pvc的名称> -n mysql-test
3. helm部署wordpress关联mysql
3.1 Wordpress部署方法
3.1.1 自带的MariaDB:
helm install wordpress \
--set wordpressUsername=wpuser \
--set wordpressPassword='lec.com' \
--set mariadb.auth.rootPassword=secretpassword \
bitnami/wordpress
3.1.2 外部的数据(比如mysql):
helm install wordpress \
--set mariadb.enabled=false \
--set externalDatabase.host=mysql-primary.mysql-test.svc.cluster.local \
--set externalDatabase.user=wpuser \
--set externalDatabase.password='lec.com' \
--set externalDatabase.database=wpdb \
--set externalDatabase.port=3306 \
--set persistence.storageClass=nfs-csi \
--set wordpressUsername=admin \
--set wordpressPassword='magedu.com' \
bitnami/wordpress \
-n mysql-test
3.1.3 外部的数据,支持Ingress,且使用的mysql支持主从架构:
helm install wordpress-test \
--set mariadb.enabled=false \
--set externalDatabase.host=mysql-primary.mysql-test.svc.cluster.local \
--set externalDatabase.user=wpuser \
--set externalDatabase.password='lec.com' \
--set externalDatabase.database=wpdb \
--set externalDatabase.port=3306 \
--set persistence.storageClass=nfs-csi \
--set ingress.enabled=true \
--set ingress.ingressClassName=nginx \
--set ingress.hostname=blog.lec.com \
--set ingress.pathType=Prefix \
--set wordpressUsername=admin \
--set wordpressPassword='lec.com' \
bitnami/wordpress \
-n mysql-test
3.2 部署外部的数据,支持Ingress,且使用的mysql支持主从架构
3.2.1 部署
# 1. 查看ingressclass
root@master01:/tmp/mysql# kubectl get ingressclass
NAME CONTROLLER PARAMETERS AGE
nginx k8s.io/ingress-nginx <none> 101m
# 2. 部署
root@master01:~# helm install wordpress-test \
--set mariadb.enabled=false \
--set externalDatabase.host=mysql-primary.mysql-test.svc.cluster.local \
--set externalDatabase.user=wpuser \
--set externalDatabase.password='lec.com' \
--set externalDatabase.database=wpdb \
--set externalDatabase.port=3306 \
--set persistence.storageClass=nfs-csi \
--set ingress.enabled=true \
--set ingress.ingressClassName=nginx \
--set ingress.hostname=blog.lec.com \
--set ingress.pathType=Prefix \
--set wordpressUsername=admin \
--set wordpressPassword='lec.com' \
bitnami/wordpress \
-n mysql-test
# 打印结果
NAME: wordpress-test
LAST DEPLOYED: Sat Feb 18 00:06:28 2023
NAMESPACE: mysql-test
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: wordpress
CHART VERSION: 15.2.43
APP VERSION: 6.1.1
** Please be patient while the chart is being deployed **
Your WordPress site can be accessed through the following DNS name from within your cluster:
wordpress-test.mysql-test.svc.cluster.local (port 80)
To access your WordPress site from outside the cluster follow the steps below:
1. Get the WordPress URL and associate WordPress hostname to your cluster external IP:
# 浏览器访问地址
export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
echo "WordPress URL: http://blog.lec.com/"
echo "$CLUSTER_IP blog.lec.com" | sudo tee -a /etc/hosts
2. Open a browser and access WordPress using the obtained URL.
3. Login with the following credentials below to see your blog:
# WordPress 登录的账号和密码
echo Username: admin
echo Password: $(kubectl get secret --namespace mysql-test wordpress-test -o jsonpath="{.data.wordpress-password}" | base64 -d)
3.2 查看信息
# 1. 查看ingress
root@master01:~# kubectl get ingress -n mysql-test
NAME CLASS HOSTS ADDRESS PORTS AGE
wordpress-test nginx blog.lec.com 10.0.0.71 80 59s
# 2. 查看svc
root@master01:~# kubectl get svc -n mysql-test
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mysql-primary ClusterIP 10.107.226.83 <none> 3306/TCP 45m
mysql-primary-headless ClusterIP None <none> 3306/TCP 45m
mysql-secondary ClusterIP 10.110.160.119 <none> 3306/TCP 45m
mysql-secondary-headless ClusterIP None <none> 3306/TCP 45m
wordpress-test LoadBalancer 10.97.85.73 <pending> 80:30645/TCP,443:31433/TCP 71s
# 3. 查看pvc
root@master01:~# kubectl get pvc -n mysql-test
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
data-mysql-primary-0 Bound pvc-b30f4f34-f62d-4e21-9430-3bdee960708d 8Gi RWO nfs-csi 46m
data-mysql-secondary-0 Bound pvc-b84fb7e6-905d-44a6-b044-621983007206 8Gi RWO nfs-csi 46m
wordpress-test Bound pvc-997d2378-013b-4e98-bd0f-d6d49b18df93 10Gi RWO nfs-csi 80s
# 4. 查看pod
root@master01:~# kubectl get pods -n mysql-test -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mysql-client 0/1 Error 0 26m 10.244.1.15 node01.lec.org <none> <none>
mysql-primary-0 1/1 Running 0 46m 10.244.2.16 node02.lec.org <none> <none>
mysql-secondary-0 1/1 Running 0 46m 10.244.1.14 node01.lec.org <none> <none>
wordpress-test-5db58bbf85-lzv9g 1/1 Running 0 89s 10.244.1.17 node01.lec.org <none> <none>
# 5. 查看wordpress-test的ingress的yaml
root@master01:~# kubectl get ingress wordpress-test -o yaml -n mysql-test
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
meta.helm.sh/release-name: wordpress-test
meta.helm.sh/release-namespace: mysql-test
creationTimestamp: "2023-02-17T16:06:28Z"
generation: 1
labels:
app.kubernetes.io/instance: wordpress-test
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: wordpress
helm.sh/chart: wordpress-15.2.43
name: wordpress-test
namespace: mysql-test
resourceVersion: "42964"
uid: 46ddfd10-50d7-465a-8f88-0958bbda92d6
spec:
ingressClassName: nginx
rules:
- host: blog.lec.com
http:
paths:
- backend:
service:
name: wordpress-test
port:
name: http
path: /
pathType: Prefix
status:
loadBalancer:
ingress:
- ip: 10.0.0.71 # host解析
3.3 windows进行域名解析
3.4 浏览器测试
输入 https://blog.lec.com/admin
登录账号admin 密码lec.com
4. helm部署harbor
4.1 增加仓库创建名称空间
# 1. 创建名称空间
kubectl create namespace harbor
# 2. 添加仓库
helm repo add harbor https://helm.goharbor.io
# 3. 修改ingress-nginx-controller
# ingress-nginx-controller部署在node1上了,node1 ip 10.0.0.71
root@master1:~/yaml# kubectl edit svc ingress-nginx-controller -n ingress-nginx
###下面为修改内容
externalTrafficPolicy: Local
#修改为
externalTrafficPolicy: Cluster
externalIPs:
- 10.0.0.71
4.2 编写harbor-helm.yaml
# 4. 编写harbor-helm.yaml
root@master01:~/yaml# cat harbor-helm.yaml
expose:
type: ingress
tls:
enabled: true
certSource: auto
ingress:
hosts:
core: hub.lec.com
notary: notary.lec.com
controller: default
annotations:
kubernetes.io/ingress.class: "nginx"
ipFamily:
ipv4:
enabled: true
ipv6:
enabled: false
externalURL: https://hub.lec.com
# 持久化存储配置部分
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim: # 定义Harbor各个组件的PVC持久卷
registry: # registry组件(持久卷)
storageClass: "nfs-csi" # 前面创建的StorageClass,其它组件同样配置
accessMode: ReadWriteMany # 卷的访问模式,需要修改为ReadWriteMany
size: 5Gi
chartmuseum: # chartmuseum组件(持久卷)
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 5Gi
jobservice:
jobLog:
storageClass: "nfs-csi"
accessMode: ReadWriteOnce
size: 1Gi
scanDataExports:
storageClass: "nfs-csi"
accessMode: ReadWriteOnce
size: 1Gi
database: # PostgreSQl数据库组件
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 2Gi
redis: # Redis缓存组件
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 2Gi
trivy: # Trity漏洞扫描
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 5Gi
harborAdminPassword: "lec.com"
4.3 部署harbor
# 5. 部署harbor
helm install harbor -f harbor-helm.yaml harbor/harbor -n harbor
# 执行结果
root@master01:~/yaml# helm install harbor -f harbor-helm.yaml harbor/harbor -n harbor
NAME: harbor
LAST DEPLOYED: Fri Feb 17 22:23:17 2023
NAMESPACE: harbor
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Please wait for several minutes for Harbor deployment to complete.
Then you should be able to visit the Harbor portal at https://hub.lec.com
For more details, please visit https://github.com/goharbor/harbor
4.4 信息查看
# 6.1 查看ingress
root@master01:~# kubectl get ingress -n harbor
NAME CLASS HOSTS ADDRESS PORTS AGE
harbor-ingress <none> hub.magedu.com 10.0.0.71 80, 443 7m5s
harbor-ingress-notary <none> notary.magedu.com 10.0.0.71 80, 443 7m5s
# 6.2 查看svc
root@master01:~# kubectl get svc -n harbor
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
harbor-chartmuseum ClusterIP 10.101.147.190 <none> 80/TCP 42s
harbor-core ClusterIP 10.105.35.128 <none> 80/TCP 42s
harbor-database ClusterIP 10.104.209.165 <none> 5432/TCP 42s
harbor-jobservice ClusterIP 10.102.61.51 <none> 80/TCP 42s
harbor-notary-server ClusterIP 10.109.181.45 <none> 4443/TCP 42s
harbor-notary-signer ClusterIP 10.110.83.44 <none> 7899/TCP 42s
harbor-portal ClusterIP 10.109.80.209 <none> 80/TCP 42s
harbor-redis ClusterIP 10.103.86.113 <none> 6379/TCP 42s
harbor-registry ClusterIP 10.99.85.117 <none> 5000/TCP,8080/TCP 42s
harbor-trivy ClusterIP 10.103.24.120 <none> 8080/TCP 42s
# 6.3 查看pv
root@master01:~/yaml# kubectl get pvc -n harbor
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
data-harbor-redis-0 Bound pvc-023bdc78-9330-4560-a536-53c37c8c6b84 2Gi RWX nfs-csi 94s
data-harbor-trivy-0 Bound pvc-d52e2ecf-53fd-4d35-ba8f-a6674fe93bcf 5Gi RWX nfs-csi 94s
database-data-harbor-database-0 Bound pvc-07187193-8c19-4363-ad31-62023f0fdae4 2Gi RWX nfs-csi 94s
harbor-chartmuseum Bound pvc-f7038ebc-becb-473e-b4d3-5744bc88c6d8 5Gi RWX nfs-csi 94s
harbor-jobservice Bound pvc-ec760f05-3bd5-4bce-bb68-bedf5b2b4104 1Gi RWO nfs-csi 94s
harbor-jobservice-scandata Bound pvc-9ad4fc47-79b3-483e-8ea8-da677e6065c0 1Gi RWO nfs-csi 94s
harbor-registry Bound pvc-a3c21709-87fd-4c68-a23e-1658bf0c666e 5Gi RWX nfs-csi 94s
# 6.4 查看pod
root@master01:~# kubectl get pods -n harbor -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
harbor-chartmuseum-b6556c8b6-wjw2k 1/1 Running 0 3m36s 10.244.1.6 node01.lec.org <none> <none>
harbor-core-6c9574dd8-ph9fz 1/1 Running 2 (73s ago) 3m36s 10.244.1.5 node01.lec.org <none> <none>
harbor-database-0 1/1 Running 0 3m36s 10.244.1.8 node01.lec.org <none> <none>
harbor-jobservice-574dbcdf89-smhds 1/1 Running 3 (55s ago) 3m36s 10.244.2.6 node02.lec.org <none> <none>
harbor-notary-server-7467cd7b8-rkz4n 1/1 Running 0 3m36s 10.244.2.7 node02.lec.org <none> <none>
harbor-notary-signer-57c9d4c8cb-mmwdw 1/1 Running 1 (2m12s ago) 3m36s 10.244.1.7 node01.lec.org <none> <none>
harbor-portal-6c6656bfc7-dtctq 1/1 Running 0 3m36s 10.244.2.5 node02.lec.org <none> <none>
harbor-redis-0 1/1 Running 0 3m36s 10.244.2.10 node02.lec.org <none> <none>
harbor-registry-5844486b8b-rhfpm 2/2 Running 0 3m36s 10.244.2.9 node02.lec.org <none> <none>
harbor-trivy-0 1/1 Running 0 3m36s 10.244.2.8 node02.lec.org <none> <none>
4.5 Windows 做host解析
4.6 浏览器访问
浏览器访问https://hub.lec.com
账号admin
密码lec.com
4.7 删除操作(可选)
# 删除harbor
helm uninstall harbor -n harbor
# 再删除尚未删除的pod\pvc\pv
* 先删除pod再删除pvc在删除pv
更多推荐
已为社区贡献3条内容
所有评论(0)