[k8s命令]
: kubectl get service
: kubectl describe service nginx
: kubectl get namespace
: kubectl get deployment --namespace=pro
: kubectl get service --namespace=pro
: kubectl get pod --namespace=pro
nginx.conf
# node1 1319 -> /etc/nginx/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8086;
server_name localhost;
location / {
root html;
index index.html;
}
}
server {
listen 8084;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://221.178.251.182:80;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
#server {
# listen 443;
# server_name openapi.sinoxx.com;
# ssl on;
# ssl_certificate cert/2193315__sinoxx.com.pem;
# ssl_certificate_key cert/2193315__sinoxx.com.key;
# ssl_session_timeout 5m;
# ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_prefer_server_ciphers on;
# location / {
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection upgrade;
# proxy_pass http://127.0.0.1:10001/;
# }
#}
#server {
# listen 80;
# server_name openapi.sinoxx.com;
# location / {
# proxy_pass http://127.0.0.1:10001/;
# proxy_set_header REMOTE-HOST $remote_addr;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# }
#}
}
容器 nginx
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: pro
spec:
ports:
- name: '80'
nodePort: 30001
port: 80
protocol: TCP
targetPort: 80
- name: '81'
nodePort: 30002
port: 81
protocol: TCP
targetPort: 81
- name: '443'
nodePort: 30003
port: 443
protocol: TCP
targetPort: 443
selector:
app: nginx
type: NodePort
---
-- 外网防火墙配置, 将域名 xx.com:80 端口 -> 映射到主机 node 109 : 30001
-- 转发端口 主机 30001 -> 容器 80 , 主机 30002 -> 容器 81 , 主机 30003 -> 容器 443
// 将主机 192.168.0.109 node1 -> 映射到容器 nginx 中
-- nginx 容器配置, 将对应端口 域名, 映射到 k8s里面对应容器地址
[]
: http://218.3.146.105:81 -> :30002 管理页面 -> # 容器nginx配置
# xx:81 -> node3:30002 -> con-nginx:81
# 外网转发 218.3.146.105:81 -> 192.168.0.109:30002
# 容器开端口 -> 192.168.0.109:30002 -> 容器内部:81
: 218.3.146.105:80 -> 109:30001
-> nginx 容器, 配置 proxy_host | 域名 -> 服务容器名称映射转发
# 域名:80 (防火墙) -> 内网主机:30001 (容器POD启动时打开映射) -> 容器nginx [配置] - 容器IP:80
# ------------------------------------------------------------
# taskadmin.sinoxx.com
# ------------------------------------------------------------
server {
set $forward_scheme http;
set $server "xxl-job-admin-service.pro.svc.cluster.local";
set $port 80;
listen 80;
server_name taskadmin.sinoxx.com;
access_log /data/logs/proxy_host-14.log proxy;
location / {
# Proxy!
include conf.d/include/proxy.conf;
}
}
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "nginx-service",
"namespace": "pro",
"selfLink": "/api/v1/namespaces/pro/services/nginx-service",
"uid": "06e0f3e8-8c15-11e9-a87a-0894ef381eca",
"resourceVersion": "1138992",
"creationTimestamp": "2019-06-11T06:49:14Z",
"annotations": {
"kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"annotations\":{},\"name\":\"nginx-service\",\"namespace\":\"pro\"},\"spec\":{\"ports\":[{\"name\":\"80\",\"nodePort\":30001,\"port\":80,\"protocol\":\"TCP\",\"targetPort\":80},{\"name\":\"81\",\"nodePort\":30002,\"port\":81,\"protocol\":\"TCP\",\"targetPort\":81},{\"name\":\"443\",\"nodePort\":30003,\"port\":443,\"protocol\":\"TCP\",\"targetPort\":443}],\"selector\":{\"app\":\"nginx\"},\"type\":\"NodePort\"}}\n"
}
},
"spec": {
"ports": [
{
"name": "80",
"protocol": "TCP",
"port": 80,
"targetPort": 80,
"nodePort": 30001
},
{
"name": "81",
"protocol": "TCP",
"port": 81,
"targetPort": 81,
"nodePort": 30002
},
{
"name": "443",
"protocol": "TCP",
"port": 443,
"targetPort": 443,
"nodePort": 30003
}
],
"selector": {
"app": "nginx"
},
"clusterIP": "10.96.32.66",
"type": "NodePort",
"sessionAffinity": "None",
"externalTrafficPolicy": "Cluster"
},
"status": {
"loadBalancer": {}
}
}
{
"kind": "Deployment",
"apiVersion": "extensions/v1beta1",
"metadata": {
"name": "nginx",
"namespace": "pro",
"selfLink": "/apis/extensions/v1beta1/namespaces/pro/deployments/nginx",
"uid": "f002b402-8690-11e9-93ab-0894ef381eca",
"resourceVersion": "14643869",
"generation": 3,
"creationTimestamp": "2019-06-04T06:21:07Z",
"labels": {
"app": "nginx"
},
"annotations": {
"deployment.kubernetes.io/revision": "1"
}
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"app": "nginx"
}
},
"template": {
"metadata": {
"creationTimestamp": null,
"labels": {
"app": "nginx"
}
},
"spec": {
"volumes": [
{
"name": "data",
"nfs": {
"server": "node1",
"path": "/home/nfs/pro"
}
},
{
"name": "letsencrypt",
"nfs": {
"server": "node1",
"path": "/home/nfs/pro"
}
}
],
"containers": [
{
"name": "nginx",
"image": "registry.cn-hangzhou.aliyuncs.com/youdt/nginx:v2",
"ports": [
{
"containerPort": 80,
"protocol": "TCP"
},
{
"containerPort": 81,
"protocol": "TCP"
},
{
"containerPort": 443,
"protocol": "TCP"
}
],
"env": [
{
"name": "DB_HOST",
"value": "rm-bp10h4rjh8q877420lo.mysql.rds.aliyuncs.com"
},
{
"name": "DB_PASS",
"value": "nginx"
},
{
"name": "DB_USER",
"value": "nginx"
},
{
"name": "DB_PORT",
"value": "3306"
},
{
"name": "DB",
"value": "nginx"
},
{
"name": "NODE_ENV",
"value": "production"
}
],
"resources": {},
"volumeMounts": [
{
"name": "data",
"mountPath": "/data",
"subPath": "nginx/data"
},
{
"name": "letsencrypt",
"mountPath": "/etc/letsencrypt",
"subPath": "nginx/encrypt"
}
],
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"imagePullPolicy": "IfNotPresent"
}
],
"restartPolicy": "Always",
"terminationGracePeriodSeconds": 30,
"dnsPolicy": "ClusterFirst",
"securityContext": {},
"schedulerName": "default-scheduler"
}
},
"strategy": {
"type": "RollingUpdate",
"rollingUpdate": {
"maxUnavailable": "25%",
"maxSurge": "25%"
}
},
"revisionHistoryLimit": 10,
"progressDeadlineSeconds": 600
},
"status": {
"observedGeneration": 3,
"replicas": 1,
"updatedReplicas": 1,
"readyReplicas": 1,
"availableReplicas": 1,
"conditions": [
{
"type": "Progressing",
"status": "True",
"lastUpdateTime": "2019-06-04T06:22:00Z",
"lastTransitionTime": "2019-06-04T06:21:07Z",
"reason": "NewReplicaSetAvailable",
"message": "ReplicaSet \"nginx-5d7bdf6c6f\" has successfully progressed."
},
{
"type": "Available",
"status": "True",
"lastUpdateTime": "2019-09-25T06:22:38Z",
"lastTransitionTime": "2019-09-25T06:22:38Z",
"reason": "MinimumReplicasAvailable",
"message": "Deployment has minimum availability."
}
]
}
}
其他
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 1
selector:
matchLabels:
name: nginx
template:
metadata:
labels:
name: nginx
spec:
containers:
- name: nginx
image: harbor.xxx.cn/official_hub/nginx:1.13-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service-nodeport
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
type: NodePort
selector:
name: nginx
---
apiVersion: v1
kind: ConfigMap
metadata:
name: proxy-nginx
namespace: kube-system
data:
default.conf: |-
upstream prometheus {
server prometheus:9090;
}
upstream grafana {
server monitoring-grafana:80;
}
upstream dashboard {
server 1.2.3.4:32766;
}
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location /check {
default_type text/plain;
return 200 "serving is ok!";
}
location /status {
stub_status on;
access_log off;
}
location /prometheus {
proxy_pass http://prometheus;
proxy_set_header Host $host;
}
location /grafana {
proxy_pass http://grafana;
rewrite ^/grafana/(.*) /$1 break;
proxy_set_header Host $host;
}
location /dashboard {
auth_basic "Password please";
auth_basic_user_file /etc/nginx/conf.d/nginx_passwd;
proxy_pass http://dashboard;
rewrite ^/dashboard/(.*) /$1 break;
proxy_set_header Host $host;
}
# redirect server error pages to the static page /50x.html
# chengang from k8s config map file
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
nginx_passwd: |-
admin:xxxxxxxxxxxxxxxxxxxxxxxxx
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: proxy-nginx
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: proxy-nginx
spec:
containers:
- name: nginx
image: harbor.xxx.cn/official_hub/nginx:1.13-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
protocol: TCP
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d
volumes:
- name: nginx-conf
configMap:
name: proxy-nginx
nodeSelector:
node-role.kubernetes.io/master: ""
tolerations:
- key: "node-role.kubernetes.io/master"
effect: "NoSchedule"
---
apiVersion: v1
kind: Service
metadata:
name: proxy-nginx
namespace: kube-system
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 32767
selector:
k8s-app: proxy-nginx