k8s環境部署及使用方式

安裝k8s+docker叢集環境（基於centos7系統）

叢集機器：
centos-master = 192.168.121.9
centos-minion-1 = 192.168.121.65
centos-minion-2 = 192.168.121.66
centos-minion-3 = 192.168.121.67

1.配置yum源
[centos-master]:cat /etc/yum.repos.d/virt7-docker-common-release.repo

[virt7-docker-common-release] name=virt7-docker-common-release baseurl=http://cbs.centos.org/repos/virt7-docker-common-release/x86_64/os/ gpgcheck=0

• 1
• 2
• 3
• 4

• 1
• 2
• 3
• 4

載入安裝包：
[centos-master]:yum repolist

virt7-docker-common-release virt7-docker-common-release 15

2.安裝叢集必要軟體—-etcd/flannel/kubernetes
Etcd服務在k8s叢集中用於配置共享和服務發現。

Flannel是針對k8s設計一個網路規劃服務，讓叢集 中的不同節點主機建立的Docker容器都具有全叢集唯一的虛擬IP地址。

[centos-master]:yum -y install –enablerepo=virt7-docker-common-release kubernetes etcd flannel

3.如果叢集中沒有使用DNS解析，那麼需要在master節點的/etc/hosts中新增node的主機名資訊，比如：

echo "192.168.121.9 centos-master
192.168.121.65 centos-minion-1
192.168.121.66 centos-minion-2
192.168.121.67 centos-minion-3" >> /etc/hosts

• 1
• 2
• 3
• 4

• 1
• 2
• 3
• 4

4.修改配置master節點的kubernetes配置檔案/etc/kubernetes/config

#表示錯誤日誌記錄到檔案還是輸出到stderr
KUBE_LOGTOSTDERR="--logtostderr=true" #日誌等級
KUBE_LOG_LEVEL="--v=0" #允許執行特權容器
KUBE_ALLOW_PRIV="--allow-privileged=false" #apiserver的服務地址，controller-manager、scheduler及kubelet都會用到這個配置，這裡配置為192.168.121.9
KUBE_MASTER="--master=http://192.168.121.9:8080"

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11

5.k8s叢集中涉及的埠比較多，所以centos中的防火牆需要設定對應規則，並需關閉selinux。為確保k8s叢集的正常執行，我們可以直接關閉iptables與seliinux服務。

setenforce 0
systemctl stop firewalld.service
systemctl stop firewalld.service

• 1
• 2
• 3

• 1
• 2
• 3

6.修改配置master節點的etcd配置檔案/etc/etcd/etcd.conf
etcd服務的可調引數比較多，根據需求開啟對應功能，此處我們大概調整如下幾個功能：

# [member] #etcd名稱
ETCD_NAME=default #etcd資料儲存位置
ETCD_DATA_DIR="/var/lib/etcd/default.etcd" #監聽的埠
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" #[cluster] #叢集監聽的埠
ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379"

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13

7.修改配置master節點的apiserver配置檔案/etc/kubernetes/apiserver

#監聽的介面，如果配置為127.0.0.1則只監聽localhost，配置為0.0.0.0會監聽所有介面，這裡配置為0.0.0.0
KUBE_API_ADDRESS="--address=0.0.0.0" #apiserver的監聽埠，預設8080
KUBE_API_PORT="--port=8080" #minion上kubelet監聽的埠，預設10250
KUBELET_PORT="--kubelet-port=10250" #etcd服務地址，前面已經啟動了etcd服務,埠為2379
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379" #kubernetes可以分配的ip的範圍，kubernetes啟動的每一個pod以及serveice都會分配一個ip地址，將從這個範圍分配
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16" #需要額外新增的配置項，簡單地啟用一個叢集無需配置
KUBE_API_ARGS=""

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17

8.啟動並且配置etcd的網段，此網段一定是未被使用的

systemctl start etcd
etcdctl mkdir /kube-centos/network
etcdctl mk /kube-centos/network/config "{ "Network": "172.30.0.0/16", "SubnetLen": 24, "Backend": { "Type": "vxlan" } }"

• 1
• 2
• 3

• 1
• 2
• 3

9.修改配置master節點的flanneld配置檔案/etc/sysconfig/flanneld

#etcd的訪問地址及埠
FLANNEL_ETCD_ENDPOINTS="http://192.168.121.9:2379" #服務範圍
FLANNEL_ETCD_PREFIX="/kube-centos/network" #其他
FLANNEL_OPTIONS="" 

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9

10.啟動k8s叢集

for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler flanneld; do
 systemctl restart $SERVICES
 systemctl enable $SERVICES
 systemctl status $SERVICES
done

• 1
• 2
• 3
• 4
• 5

• 1
• 2
• 3
• 4
• 5

以上就是k8s，master節點的安裝及配置
接下來，配置nodes節點

11.修改配置nodes節點kubelet的配置檔案/etc/kubernetes/kubelet

#minion監聽的地址，每個minion根據實際的ip配置,這裡配置為0.0.0.0
KUBELET_ADDRESS="--address=0.0.0.0" #監聽的埠
KUBELET_PORT="--port=10250" #apiserver的訪問地址及埠
KUBELET_API_SERVER="--api-servers=http://192.168.121.9:8080" #額外增加的引數
KUBELET_ARGS="--logtostderr=false --v=0 --log-dir=/data/logs/kubernetes" 

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12

12.修改配置nodes節點flanneld的配置檔案/etc/sysconfig/flanneld

#etcd的訪問地址及埠
FLANNEL_ETCD="http://192.168.121.9:2379" #etcd服務範圍
FLANNEL_ETCD_KEY="/kube-centos/network" 

• 1
• 2
• 3
• 4
• 5
• 6

• 1
• 2
• 3
• 4
• 5
• 6

13.啟動k8s叢集服務

for SERVICES in kube-proxy kubelet flanneld docker; do
 systemctl restart $SERVICES
 systemctl enable $SERVICES
 systemctl status $SERVICES done

• 1
• 2
• 3
• 4
• 5

• 1
• 2
• 3
• 4
• 5

14.設定kubectl的配置檔案

kubectl config set-cluster default-cluster --server=http://192.168.121.9:8080
kubectl config set-context default-context --cluster=default-cluster --user=default-admin
kubectl config use-context default-context

• 1
• 2
• 3

• 1
• 2
• 3

15.檢查叢集狀態
[centos-master]:kubectl get nodes

NAME STATUS AGE VERSION
centos-minion-1 Ready 3d v1.5.0+fff5156
centos-minion-2 Ready 3d v1.5.0+fff5156
centos-minion-3 Ready 3d v1.5.0+fff5156

• 1
• 2
• 3
• 4
• 5

• 1
• 2
• 3
• 4
• 5

至此，叢集構建完畢

---

搭建私有庫

私有庫用於系統內部儲存成品映象，能夠快速進行下載及被k8s排程。

1.下載並啟動私有庫

[centos-master]:docker run --name registry -v /etc/localtime:/etc/localtime -v /opt/registry:/var/lib/registry -p 5000:5000 -itd docker.io/registry

#--name 表示啟動的容器後名稱，此處為registry #-v 表示掛載路徑 格式為宿主機路徑:容器內路徑 #-p 表示對映埠 格式為宿主機埠:容器內埠 #-itd docker的內部引數，此處宣告後臺執行容器並分配一個偽終端並繫結到容器的標準輸入上，後跟映象名稱此處為docker.io/registry

• 1
• 2
• 3
• 4
• 5
• 6

• 1
• 2
• 3
• 4
• 5
• 6

2.建立一個secret服務，用於k8s排程私有庫容器時的“令牌”。簡單來說，secret服務就是一個儲存密碼的服務

[centos-master]:kubectl create secret docker-registry registrykey --docker-server=registry.evehicle.cn --docker-username=docker --docker-password=docker --docker-email=lienhua@zhongchuangsanyou.com 
[centos-master]:kubectl get secret
NAME TYPE DATA AGE
registrykey kubernetes.io/dockercfg 1 6s 

• 1
• 2
• 3
• 4
• 5
• 6

• 1
• 2
• 3
• 4
• 5
• 6

此時登入時會提示認證錯誤

[centos-master]:docker login -u docker -p docker -e lienhua@zhongchuangsanyou.com registry.evehicle.cn
Flag --email has been deprecated, will be removed in 1.13.
Error response from daemon: login attempt to https://registry.evehicle.cn/v2/ failed with status: 401 Unauthorized 

• 1
• 2
• 3
• 4

• 1
• 2
• 3
• 4

這是因為Docker官方是推薦採用Secure Registry的工作模式的，即transport採用tls。這樣我們就需要為Registry配置tls所需的key和crt檔案了

3.配置nginx反向代理
[centos-master]: cat registry.evehicle.cn.conf

# For versions of nginx > 1.3.9 that include chunked transfer encoding support # Replace with appropriate values where necessary upstream docker-registry {
 server 192.168.121.9:5000;
 #server 10.44.170.95:5000;
}

# uncomment if you want a 301 redirect for users attempting to connect # on port 80 # NOTE: docker client will still fail. This is just for convenience # server { # listen *:80; # server_name my.docker.registry.com; # return 301 https://$server_name$request_uri; # } server {
 listen 443;
 server_name registry.evehicle.cn;

 ssl on;
 ssl_certificate ssl/registry.evehicle.cn.crt;
 ssl_certificate_key ssl/registry.evehicle.cn.key;

 client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) chunked_transfer_encoding on;

 location / {
 auth_basic "Restricted";
 auth_basic_user_file passwd;
 add_header `Docker-Distribution-Api-Version` `registry/2.0` always;

 proxy_pass http://docker-registry;
 proxy_set_header Host $http_host; # required for docker client`s sake proxy_set_header X-Real-IP $remote_addr; # pass on real client`s IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_read_timeout 900;
 }

 location /_ping {
 auth_basic off;
 include docker-registry.conf;
 }

 location /v1/_ping {
 auth_basic off;
 include docker-registry.conf;
 }

 location /v2/_ping {
 auth_basic off;
 include docker-registry.conf;
 }
}

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50
• 51
• 52
• 53
• 54
• 55
• 56
• 57
• 58
• 59

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50
• 51
• 52
• 53
• 54
• 55
• 56
• 57
• 58
• 59

將key及crt證照檔案放到../ssl目錄下。使用htpasswd生成密碼放於./上一級目錄

 htpasswd -bcm passwd docker docker
 #-c：建立一個加密檔案 #-m：md5加密，預設可不填寫 #-b：表示使用者名稱密碼在命令列中一併輸入，不用分別填寫

• 1
• 2
• 3
• 4

• 1
• 2
• 3
• 4

4.再次登入

[centos-master]:docker login -u docker -p docker -e lienhua@zhongchuangsanyou.com registry.evehicle.cn 
Login Succeeded
表示成功，此時再pullpush既在私有庫中進行

• 1
• 2
• 3
• 4

• 1
• 2
• 3
• 4

構建服務

docker的本意是將程式碼包含在容器內製作成映象形成“產品”。但出於公司的（頻繁修改程式碼及伺服器資源受限）的特殊性，我們將程式碼以“外掛”的形式執行在宿主機上。下面以部署官網（apache）服務為例：
1.從docker的公有庫裡下載centos7的原生映象

[centos-master]:docker pull centos

Using default tag: latest
Trying to pull repository docker.io/library/centos ...
latest: Pulling from docker.io/library/centos
d9aaf4d82f24: Downloading [> ] 540 kB/73.39 MB
d9aaf4d82f24: Pulling fs layer
Digest: sha256:eba772bac22c86d7d6e72421b4700c3f894ab6e35475a34014ff8de74c10872e
Status: Downloaded newer image for centos:latest

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9

2.編寫Dockerfile製造apache基礎映象

######httpd####
FROM centos
MAINTAINER lienhua lienhua@zhongchuangsanyou.com
RUN yum -y install epel-release
RUN yum -y install httpd php php-mysql php-memcache* php-mbstring
ADD httpd.conf /etc/httpd/conf/httpd.conf

EXPOSE 80

CMD ["/usr/sbin/apachectl", "-D", "FOREGROUND"]

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11

其中httpd.conf檔案需要在當前目錄下真實存在，此處其內容為

ServerRoot "/etc/httpd" Listen 80
Listen 8080
Include conf.modules.d/*.conf
Include zcsy/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory /> AllowOverride none
 Require all denied
</Directory> DocumentRoot "/var/www/html" <Directory "/var/www"> AllowOverride None
 Require all granted
</Directory> <Directory "/var/www/html"> Options Indexes FollowSymLinks
 AllowOverride None
 Require all granted
</Directory> <IfModule dir_module> DirectoryIndex index.html
</IfModule> <Files ".ht*"> Require all denied
</Files> ErrorLog "logs/error_log" LogLevel warn
<IfModule log_config_module> LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
 LogFormat "%h %l %u %t "%r" %>s %b" common
 <IfModule logio_module> LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
 </IfModule> CustomLog "logs/access_log" combined
</IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" </IfModule> <Directory "/var/www/cgi-bin"> AllowOverride None
 Options None
 Require all granted
</Directory> <IfModule mime_module> TypesConfig /etc/mime.types
 AddType application/x-compress .Z
 AddType application/x-gzip .gz .tgz
 AddType application/x-httpd-php .php
 AddType text/html .shtml
 AddOutputFilter INCLUDES .shtml
</IfModule> AddDefaultCharset UTF-8
<IfModule mime_magic_module> MIMEMagicFile conf/magic
</IfModule> EnableSendfile off EnableMMAP off IncludeOptional conf.d/*.conf

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50
• 51
• 52
• 53
• 54
• 55
• 56
• 57
• 58
• 59
• 60
• 61
• 62

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50
• 51
• 52
• 53
• 54
• 55
• 56
• 57
• 58
• 59
• 60
• 61
• 62

執行[centos-master]:docker build -t registry.evehicle.cn/httpd . 命令製作名為”registry.evehicle.cn/httpd”的映象（注意此處的點必須要有，並且其意義代表當前目錄下的Dockerfile檔案）

3.將製作好的映象上傳到私有庫

docker push registry.evehicle.cn/httpd

• 1

• 1

4.編寫啟動apache服務的yaml檔案

[centos-master]:cat 13-rc-httpd.yaml

apiVersion: v1
kind: ReplicationController
metadata:
 name: 13-rc-httpd
 labels:
 name: 13-rc-httpd
spec:
 replicas: 2
 selector:
 name: 13-rc-httpd
 template:
 metadata:
 labels:
 name: 13-rc-httpd
 spec:
 containers:
 - name: 13-rc-httpd
 image: registry.evehicle.cn/httpd
 env:
 - name: LANG  value: en_US.UTF-8
 ports:
 - containerPort: 80  hostPort: 80
 volumeMounts:
 - name: time
 mountPath: /etc/localtime
 - name: zcsy
 mountPath: /etc/httpd/zcsy
 - name: deploy
 mountPath: /docker/httpd/deploy
 - name: log
 mountPath: /var/log/httpd
 volumes:
 - name: time
 hostPath:
 path: /etc/localtime
 - name: zcsy
 hostPath:
 path: /docker/httpd/zcsy
 - name: deploy
 hostPath:
 path: /docker/httpd/deploy
 - name: log
 hostPath:
 path: /docker/httpd/log
 nodeSelector:
 slave: "13"
 imagePullSecrets:
 - name: registrykey

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50

5.給其中一個node加上標籤為“13”

kubectl label nodes centos-minion-1 slave=13

• 1

• 1

6.此時擁有標籤“13”的nodes應具備的條件

/docker/httpd/zcsy下需要有官網的配置檔案

<VirtualHost *:80> ServerName www.evehicle.cn
 DocumentRoot /var/deploy/wordpress/
 RewriteEngine on RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-d
 RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
 RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !^.*.(ico|pdf|flv|jpe?g|js|gif|png|html|shtml|zip|xml|gz|rar|swf|txt|apk|bmp|css|m4a|ogg|mp3|ipa|plist)$
 RewriteCond %{REQUEST_URI} !^/server-status$
 RewriteRule . /index.php [QSA,PT,L] </VirtualHost> <Directory /var/deploy/wordpress/> Options FollowSymLinks
 AllowOverride All Require all granted
</Directory>

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16

以及/docker/httpd/deploy下需要有官網的程式碼

7.執行yaml檔案啟動容器

[centos-master]: kuberctl create -f 13-rc-httpd.yaml

8.檢視服務

[centos-master]: kuberctl get rc

NAME DESIRED CURRENT AGE
13-rc-httpd 2 2 168d

• 1
• 2

• 1
• 2

9.程式中涉及的mysql
edismemcache等服務也需使用容器執行起來

[centos-master]: docker pull redis
[centos-master]: docker tag registry.evehicle.cn/redis redis
[centos-master]: docker push registry.evehicle.cn/redis
[centos-master]: kubectl create -f rc-redis.yaml
[centos-master]: cat rc-redis.yaml

apiVersion: v1
kind: ReplicationController
metadata:
 name: redis
 labels:
 name: redis
spec:
 replicas: 2
 selector:
 name: redis
 template:
 metadata:
 labels:
 name: redis
 spec:
 containers:
 - name: redis
 image: registry.evehicle.cn/redis
 ports:
 - containerPort: 6379  hostPort: 6379
 volumeMounts:
 - name: data
 mountPath: /data
 - name: time
 mountPath: /etc/localtime
 volumes:
 - name: data
 hostPath:
 path: /docker/redis/6379
 - name: time
 hostPath:
 path: /etc/localtime
 nodeSelector:
 slave: "13"
 imagePullSecrets:
 - name: registrykey

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38

啟動memcache
[centos-master]: docker pull memcache
[centos-master]: docker tag registry.evehicle.cn/memcached memcache
[centos-master]: docker push registry.evehicle.cn/memcached
[centos-master]: kubectl create -f rc-memcached.yaml
[centos-master]: cat rc-memcached.yaml

apiVersion: v1
kind: ReplicationController
metadata:
 name: memcached
 labels:
 name: memcached
spec:
 replicas: 3
 selector:
 name: memcached
 template:
 metadata:
 labels:
 name: memcached
 spec:
 containers:
 - name: memcached
 image: registry.evehicle.cn/memcached
 ports:
 - containerPort: 11211
 hostPort: 11211 #nodeSelector: # slave: "13"
 imagePullSecrets:
 - name: registrykey

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25

製造mysql映象
[centos-master]: cat Dockerfile

FROM alpine


COPY startup.sh /startup.sh
RUN addgroup mysql && 
 adduser -H -D -s /bin/false -G mysql mysql && 
 apk add --update mysql mysql-client && rm -f /var/cache/apk/* && 
 mkdir /data && 
 chown -R mysql:mysql /data /etc/mysql && 
 chmod 755 /startup.sh 
 ;


WORKDIR /data VOLUME /data VOLUME /etc/mysql


EXPOSE 3306 CMD ["/startup.sh"]

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20

啟動mysql（建議mysql在宿主機啟動）
[centos-master]: docker build -t registry.evehicle.cn/mysql
[centos-master]: docker push registry.evehicle.cn/mysql
[centos-master]: kubectl create -f rc-mysql.yaml
[centos-master]: cat rc-mysql.yaml

apiVersion: v1
kind: ReplicationController
metadata:
 name: 13-rc-mysql
 labels:
 name: 13-rc-mysql
spec:
 replicas: 2
 selector:
 name: 13-rc-mysql
 template:
 metadata:
 labels:
 name: 13-rc-mysql
 spec:
 containers:
 - name: 13-rc-mysql
 image: registry.evehicle.cn/mysql
 env:
 - name: MYSQL_DATABASE  value: admin
 - name: MYSQL_USER  value: tony
 - name: MYSQL_PASSWORD  value: 456
 - name: MYSQL_ROOT_PASSWORD  value: 123
 ports:
 - containerPort: 3306  hostPort: 3306
 volumeMounts:
 - name: time
 mountPath: /etc/localtime
 - name: data
 mountPath: /data
 - name: etc
 mountPath: /etc/mysql
 - name: run
 mountPath: /run/mysqld
 volumes:
 - name: time
 hostPath:
 path: /etc/localtime
 - name: data
 hostPath:
 path: /docker/mysql/data
 - name: etc
 hostPath:
 path: /docker/mysql/etc
 - name: run
 hostPath:
 path: /docker/mysql/run
 nodeSelector:
 slave: "13"
 imagePullSecrets:
 - name: registrykey

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50
• 51
• 52
• 53
• 54
• 55
• 56
• 57

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50
• 51
• 52
• 53
• 54
• 55
• 56
• 57

為方便程式碼編寫及統一管理，應提前做好內部DNS解析。將所負責的應用規整到對應的機器上。

本文轉自CSDN-k8s環境部署及使用方式