[k8s命令]: kubectl get service: kubectl describe service nginx: kubectl get namespace: kubectl get deployment --namespace=pro: kubectl get service --namespace=pro: kubectl get pod --namespace=pro
nginx.conf
# node1 1319 -> /etc/nginx/nginx.conf#user nobody;worker_processes 1;#error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;events {worker_connections 1024;}http {include mime.types;default_type application/octet-stream;#log_format main '$remote_addr - $remote_user [$time_local] "$request" '# '$status $body_bytes_sent "$http_referer" '# '"$http_user_agent" "$http_x_forwarded_for"';#access_log logs/access.log main;sendfile on;#tcp_nopush on;#keepalive_timeout 0;keepalive_timeout 65;#gzip on;server {listen 8086;server_name localhost;location / {root html;index index.html;}}server {listen 8084;server_name localhost;#charset koi8-r;#access_log logs/host.access.log main;location / {proxy_pass http://221.178.251.182:80;}#error_page 404 /404.html;# redirect server error pages to the static page /50x.html#error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}# proxy the PHP scripts to Apache listening on 127.0.0.1:80##location ~ \.php$ {# proxy_pass http://127.0.0.1;#}# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000##location ~ \.php$ {# root html;# fastcgi_pass 127.0.0.1:9000;# fastcgi_index index.php;# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;# include fastcgi_params;#}# deny access to .htaccess files, if Apache's document root# concurs with nginx's one##location ~ /\.ht {# deny all;#}}# another virtual host using mix of IP-, name-, and port-based configuration##server {# listen 8000;# listen somename:8080;# server_name somename alias another.alias;# location / {# root html;# index index.html index.htm;# }#}# HTTPS server##server {# listen 443 ssl;# server_name localhost;# ssl_certificate cert.pem;# ssl_certificate_key cert.key;# ssl_session_cache shared:SSL:1m;# ssl_session_timeout 5m;# ssl_ciphers HIGH:!aNULL:!MD5;# ssl_prefer_server_ciphers on;# location / {# root html;# index index.html index.htm;# }#}#server {# listen 443;# server_name openapi.sinoxx.com;# ssl on;# ssl_certificate cert/2193315__sinoxx.com.pem;# ssl_certificate_key cert/2193315__sinoxx.com.key;# ssl_session_timeout 5m;# ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;# ssl_prefer_server_ciphers on;# location / {# proxy_http_version 1.1;# proxy_set_header Upgrade $http_upgrade;# proxy_set_header Connection upgrade;# proxy_pass http://127.0.0.1:10001/;# }#}#server {# listen 80;# server_name openapi.sinoxx.com;# location / {# proxy_pass http://127.0.0.1:10001/;# proxy_set_header REMOTE-HOST $remote_addr;# proxy_set_header Host $host;# proxy_set_header X-Real-IP $remote_addr;# }#}}
容器 nginx
apiVersion: v1kind: Servicemetadata:name: nginx-servicenamespace: prospec:ports:- name: '80'nodePort: 30001port: 80protocol: TCPtargetPort: 80- name: '81'nodePort: 30002port: 81protocol: TCPtargetPort: 81- name: '443'nodePort: 30003port: 443protocol: TCPtargetPort: 443selector:app: nginxtype: NodePort----- 外网防火墙配置, 将域名 xx.com:80 端口 -> 映射到主机 node 109 : 30001-- 转发端口 主机 30001 -> 容器 80 , 主机 30002 -> 容器 81 , 主机 30003 -> 容器 443// 将主机 192.168.0.109 node1 -> 映射到容器 nginx 中-- nginx 容器配置, 将对应端口 域名, 映射到 k8s里面对应容器地址[]: http://218.3.146.105:81 -> :30002 管理页面 -> # 容器nginx配置# xx:81 -> node3:30002 -> con-nginx:81# 外网转发 218.3.146.105:81 -> 192.168.0.109:30002# 容器开端口 -> 192.168.0.109:30002 -> 容器内部:81: 218.3.146.105:80 -> 109:30001-> nginx 容器, 配置 proxy_host | 域名 -> 服务容器名称映射转发# 域名:80 (防火墙) -> 内网主机:30001 (容器POD启动时打开映射) -> 容器nginx [配置] - 容器IP:80# ------------------------------------------------------------# taskadmin.sinoxx.com# ------------------------------------------------------------server {set $forward_scheme http;set $server "xxl-job-admin-service.pro.svc.cluster.local";set $port 80;listen 80;server_name taskadmin.sinoxx.com;access_log /data/logs/proxy_host-14.log proxy;location / {# Proxy!include conf.d/include/proxy.conf;}}
{"kind": "Service","apiVersion": "v1","metadata": {"name": "nginx-service","namespace": "pro","selfLink": "/api/v1/namespaces/pro/services/nginx-service","uid": "06e0f3e8-8c15-11e9-a87a-0894ef381eca","resourceVersion": "1138992","creationTimestamp": "2019-06-11T06:49:14Z","annotations": {"kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"annotations\":{},\"name\":\"nginx-service\",\"namespace\":\"pro\"},\"spec\":{\"ports\":[{\"name\":\"80\",\"nodePort\":30001,\"port\":80,\"protocol\":\"TCP\",\"targetPort\":80},{\"name\":\"81\",\"nodePort\":30002,\"port\":81,\"protocol\":\"TCP\",\"targetPort\":81},{\"name\":\"443\",\"nodePort\":30003,\"port\":443,\"protocol\":\"TCP\",\"targetPort\":443}],\"selector\":{\"app\":\"nginx\"},\"type\":\"NodePort\"}}\n"}},"spec": {"ports": [{"name": "80","protocol": "TCP","port": 80,"targetPort": 80,"nodePort": 30001},{"name": "81","protocol": "TCP","port": 81,"targetPort": 81,"nodePort": 30002},{"name": "443","protocol": "TCP","port": 443,"targetPort": 443,"nodePort": 30003}],"selector": {"app": "nginx"},"clusterIP": "10.96.32.66","type": "NodePort","sessionAffinity": "None","externalTrafficPolicy": "Cluster"},"status": {"loadBalancer": {}}}
{"kind": "Deployment","apiVersion": "extensions/v1beta1","metadata": {"name": "nginx","namespace": "pro","selfLink": "/apis/extensions/v1beta1/namespaces/pro/deployments/nginx","uid": "f002b402-8690-11e9-93ab-0894ef381eca","resourceVersion": "14643869","generation": 3,"creationTimestamp": "2019-06-04T06:21:07Z","labels": {"app": "nginx"},"annotations": {"deployment.kubernetes.io/revision": "1"}},"spec": {"replicas": 1,"selector": {"matchLabels": {"app": "nginx"}},"template": {"metadata": {"creationTimestamp": null,"labels": {"app": "nginx"}},"spec": {"volumes": [{"name": "data","nfs": {"server": "node1","path": "/home/nfs/pro"}},{"name": "letsencrypt","nfs": {"server": "node1","path": "/home/nfs/pro"}}],"containers": [{"name": "nginx","image": "registry.cn-hangzhou.aliyuncs.com/youdt/nginx:v2","ports": [{"containerPort": 80,"protocol": "TCP"},{"containerPort": 81,"protocol": "TCP"},{"containerPort": 443,"protocol": "TCP"}],"env": [{"name": "DB_HOST","value": "rm-bp10h4rjh8q877420lo.mysql.rds.aliyuncs.com"},{"name": "DB_PASS","value": "nginx"},{"name": "DB_USER","value": "nginx"},{"name": "DB_PORT","value": "3306"},{"name": "DB","value": "nginx"},{"name": "NODE_ENV","value": "production"}],"resources": {},"volumeMounts": [{"name": "data","mountPath": "/data","subPath": "nginx/data"},{"name": "letsencrypt","mountPath": "/etc/letsencrypt","subPath": "nginx/encrypt"}],"terminationMessagePath": "/dev/termination-log","terminationMessagePolicy": "File","imagePullPolicy": "IfNotPresent"}],"restartPolicy": "Always","terminationGracePeriodSeconds": 30,"dnsPolicy": "ClusterFirst","securityContext": {},"schedulerName": "default-scheduler"}},"strategy": {"type": "RollingUpdate","rollingUpdate": {"maxUnavailable": "25%","maxSurge": "25%"}},"revisionHistoryLimit": 10,"progressDeadlineSeconds": 600},"status": {"observedGeneration": 3,"replicas": 1,"updatedReplicas": 1,"readyReplicas": 1,"availableReplicas": 1,"conditions": [{"type": "Progressing","status": "True","lastUpdateTime": "2019-06-04T06:22:00Z","lastTransitionTime": "2019-06-04T06:21:07Z","reason": "NewReplicaSetAvailable","message": "ReplicaSet \"nginx-5d7bdf6c6f\" has successfully progressed."},{"type": "Available","status": "True","lastUpdateTime": "2019-09-25T06:22:38Z","lastTransitionTime": "2019-09-25T06:22:38Z","reason": "MinimumReplicasAvailable","message": "Deployment has minimum availability."}]}}
其他
apiVersion: apps/v1kind: Deploymentmetadata:name: nginxspec:replicas: 1selector:matchLabels:name: nginxtemplate:metadata:labels:name: nginxspec:containers:- name: nginximage: harbor.xxx.cn/official_hub/nginx:1.13-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80---apiVersion: v1kind: Servicemetadata:name: nginx-service-nodeportspec:ports:- port: 80targetPort: 80protocol: TCPtype: NodePortselector:name: nginx
---apiVersion: v1kind: ConfigMapmetadata:name: proxy-nginxnamespace: kube-systemdata:default.conf: |-upstream prometheus {server prometheus:9090;}upstream grafana {server monitoring-grafana:80;}upstream dashboard {server 1.2.3.4:32766;}server {listen 80;server_name localhost;location / {root /usr/share/nginx/html;index index.html index.htm;}location /check {default_type text/plain;return 200 "serving is ok!";}location /status {stub_status on;access_log off;}location /prometheus {proxy_pass http://prometheus;proxy_set_header Host $host;}location /grafana {proxy_pass http://grafana;rewrite ^/grafana/(.*) /$1 break;proxy_set_header Host $host;}location /dashboard {auth_basic "Password please";auth_basic_user_file /etc/nginx/conf.d/nginx_passwd;proxy_pass http://dashboard;rewrite ^/dashboard/(.*) /$1 break;proxy_set_header Host $host;}# redirect server error pages to the static page /50x.html# chengang from k8s config map fileerror_page 500 502 503 504 /50x.html;location = /50x.html {root /usr/share/nginx/html;}}nginx_passwd: |-admin:xxxxxxxxxxxxxxxxxxxxxxxxx---apiVersion: extensions/v1beta1kind: Deploymentmetadata:name: proxy-nginxnamespace: kube-systemspec:replicas: 1template:metadata:labels:k8s-app: proxy-nginxspec:containers:- name: nginximage: harbor.xxx.cn/official_hub/nginx:1.13-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80protocol: TCPvolumeMounts:- name: nginx-confmountPath: /etc/nginx/conf.dvolumes:- name: nginx-confconfigMap:name: proxy-nginxnodeSelector:node-role.kubernetes.io/master: ""tolerations:- key: "node-role.kubernetes.io/master"effect: "NoSchedule"---apiVersion: v1kind: Servicemetadata:name: proxy-nginxnamespace: kube-systemspec:type: NodePortports:- port: 80targetPort: 80nodePort: 32767selector:k8s-app: proxy-nginx
若有收获,就点个赞吧
0 人点赞
