dockerfile制作镜像及k8s中应用

以下制作nginx镜像过程,分以下几步
1.制作dockerfile文件
包括nginx.sh的nginx安装脚本
2.制作ngx-depoly.yaml文件
包括k8s service,deployment,pv,pvc,nfs
流程如下:

以下是具体内容

制作dockerfile

#mkdir /root/dockerfile
#cd /root/dockerfile
#touch Dockerfile
#mkdir nginx

制作dockerfile文件
root@<cc_172.16.0.2|~/dockerfile/nginx>:#cat Dockerfile
#Centos based container with tengine2.2
FROM docker.io/centos
MAINTAINER  wbb-20181207 wbb@qq.com

#prepare java environment
ENV LD_LIBRARY_PATH /usr/local/luajit/lib:$LD_LIBRARY_PATH
ENV LUAJIT_INC /usr/local/luajit/include/luajit-2.0
ENV LUAJIT_LIB /usr/local/luajit/lib

#copy jdk tomcat to container
ADD nginx.tar.gz  /root/

RUN cd /root/nginx/ \
&& sh ngxinstall.sh \             #nginx.sh安装脚本单独用脚本编写,下面有展示
&& ln -sf /dev/stdout /var/log/nginx/access.log \    #让nginx日志在k8s的web-ui里显示出来,如下图
&& ln -sf /dev/stderr /var/log/nginx/error.log

#private expose
EXPOSE 80

#START NGINX
#ENTRYPOINT [ "/usr/local/nginx/sbin/nginx", "-g", "daemon off;" ]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]     一定要前台运行,不然k8s在deploy中无法创建成功

cd /root/dockerfile
docker build -t nginx:v4 .

安装过程部分截图

ngxinstall.sh 安装脚本,在dockerfile中引用,以下安装脚本最好先在1台机器测试好,没问题直接在dockerfile引用即可

制作nginx.sh的nginx安装脚本

root@<cc_172.16.0.2|~/dockerfile/nginx/nginx>:#cat ngxinstall.sh
#!/bin/bash
path=$(pwd)

#安装依赖包
yum makecache
yum -y install gcc gcc-c++ patch make openssl openssl-devel file

#解压
tar zxvf $path/tar/tengine-2.2.0.tar.gz -C $path/src/
#tar zxvf $path/tar/openssl-1.0.2p.tar.gz -C $path/src/
tar zxvf $path/tar/zlib-1.2.11.tar.gz -C $path/src/
tar zxvf $path/tar/nginx-accesskey.tar.gz -C $path/src/
tar zxvf $path/tar/pcre-8.40.tar.gz -C $path/src/
tar zxvf $path/tar/waf.tar.gz -C $path/src/
tar zxvf $path/tar/nginx_tcp_proxy_module-master.tar.gz -C $path/src/
tar zxvf $path/tar/LuaJIT-2.0.5.tar.gz -C $path/src/
tar zxvf $path/tar/ngx_devel_kit-0.2.19.tar.gz -C $path/src/
tar zxvf $path/tar/lua-nginx-module-0.9.5rc2.tar.gz -C $path/src/

#环境变量
echo "export LD_LIBRARY_PATH=/usr/local/luajit/lib:$LD_LIBRARY_PATH" >> /etc/profile
echo "export LUAJIT_INC=/usr/local/luajit/include/luajit-2.0" >> /etc/profile
echo "export LUAJIT_LIB=/usr/local/luajit/lib" >> /etc/profile && source /etc/profile

source /etc/profile
cd $path/src/LuaJIT-2.0.5
make PREFIX=/usr/local/luajit
make install PREFIX=/usr/local/luajit

#tengine
#useradd -s /sbin/nologin nginx
cd $path/src/tengine-2.2.0
patch -p1 < $path/src/nginx_tcp_proxy_module-master/tcp.patch

./configure --user=root --group=root \
--prefix=/usr/local/nginx \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--pid-path=/var/run/nginx.pid \
--add-module=../ngx_devel_kit-0.2.19 \
--add-module=../lua-nginx-module-0.9.5rc2 \
--add-module=../nginx-accesskey-2.0.3 \
--add-module=../nginx_tcp_proxy_module-master \
--with-pcre=../pcre-8.40 \
--with-zlib=../zlib-1.2.11 \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_auth_request_module \
--with-http_v2_module \
--with-http_addition_module \
--with-http_sub_module \
--with-file-aio \
--with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
--with-ld-opt=-Wl,-rpath,/usr/local/lib

source /etc/profile
make
make install

#以下是把相关的配置文件也写好,直接复制过去即可,只包括一些模块文件,具体的域名的.conf文件在后面引用即可
cp $path/src/nginx.conf /usr/local/nginx/conf/
cp $path/src/proxy.conf /usr/local/nginx/conf/
cp $path/src/error.conf /usr/local/nginx/conf/
cp -r $path/src/html /usr/local/nginx/
cp -r $path/src/waf /usr/local/nginx/conf/
mkdir -p /usr/local/nginx/vhost
mkdir -p /usr/local/nginx/tcp
cp $path/src/default.conf /usr/local/nginx/vhost/
cp $path/src/tcp.conf /usr/local/nginx/tcp/   #支持tcp模块
rm -rf /root/nginx           #删除安装文件

制作ngx-depolyment.yaml文件

---
#定义nginx命名空间
apiVersion: v1
kind: Namespace
metadata:
name: k8s-go

---
#定义nginx svc
apiVersion: v1
kind: Service
metadata:
name: k8s-nginx
namespace: k8s-go
labels:
app: k8s-nginx
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 10280
protocol: TCP
#clusterIP: 169.169.249.80
selector:
app: k8s-nginx

---

apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deploy
namespace: k8s-go
labels:
app: k8s-nginx
spec:
replicas: 1
selector:
matchLabels:
app: k8s-nginx
template:
metadata:
labels:
app: k8s-nginx
annotations:
app: nginx-clouster
spec:
containers:
- name: nginx
image: 172.16.0.2:5000/nginx:v4   #从私有仓加载
imagePullPolicy: Always    #只从私有仓加载,不放到node节点
volumeMounts:
- mountPath: /usr/local/www
name: nginx-data
#- mountPath: /etc/nginx/conf.d
#  name: nginx-conf
resources:
limits:
cpu: 300m
memory: 3000Mi
requests:
cpu: 100m
memory: 100Mi
ports:
- containerPort: 80
volumes:
- name: nginx-data
persistentVolumeClaim:
claimName: nginx-data-nfs-pvc    #挂载nginx 数据文件pvc,后面展示详细pv,pvc内容
- name: nginx-conf
persistentVolumeClaim:
claimName: nginx-conf-nfs-pvc    #挂载nginx 域名配置文件pvc,后面展示详细pv,pvc内容
#volumes:
#  - name: nginx-nfs
#    nfs:
#      server: 172.16.0.2
#      path: /data/nfs-storage/nginx

制作nginx-data-nfs-pv nginx-data-nfs-pvc

#root@<cc_172.16.0.2|~/project/ngx>:#cat ngx-data-nfs-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: nginx-data-nfs-pv
namespace: k8s-go
labels:
pv: nginx-data-pv
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
nfs:
server: 172.16.0.2
path: "/data/nfs-storage/nginx/data/"
-----
#root@<cc_172.16.0.2|~/project/ngx>:#cat ngx-data-nfs-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nginx-data-nfs-pvc
namespace: k8s-go
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
selector:
matchLabels:
pv: nginx-data-pv

制作nginx-conf-nfs-pv nginx-conf-nfs-pvc

#root@<cc_172.16.0.2|~/project/ngx>:#cat ngx-conf-nfs-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: nginx-conf-nfs-pv    #命名最好规范一下,方便后面使用
namespace: k8s-go
labels:
pv: nginx-conf-pv      #pvc绑定此pv这里是通过标签来选择,所以要保持一致
spec:
capacity:
storage: 500Mi
accessModes:
- ReadWriteMany
nfs:
server: 172.16.0.2                      #已搭建的nfs
path: "/data/nfs-storage/nginx/conf/"

-----
#root@<cc_172.16.0.2|~/project/ngx>:#cat ngx-conf-nfs-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nginx-conf-nfs-pvc
namespace: k8s-go
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 500Mi
selector:                         #通过标签选择器来绑定相应pvc
matchLabels:
pv: nginx-conf-pv

制作NFS

#root@<cc_172.16.0.2|~/project/ngx>:#cat /etc/exports
/data/nfs-storage/nginx *(rw,insecure,sync,no_subtree_check,no_root_squash)
/data/nfs-storage/tomcat *(rw,insecure,sync,no_subtree_check,no_root_squash)
/data/nfs-storage/app *(rw,insecure,sync,no_subtree_check,no_root_squash)

#root@<cc_172.16.0.2|/data/nfs-storage/nginx>:#ls
conf  data  ssl

conf里为相应域名的.conf文件,例如default.conf
data里为相应域名的.conf文件里的静态文件加载路径,此处不要搞错
ssl里为相应域名的证书文件,例如default.pem,default.key及ssh.conf配置文件

k8s dashboard中显示的生成的nginx pod,

外网访问显示测试页

nginx日志在web-ui中显示,要在此显示日志,就必须在dockerfile中定义,不然是不是会显示的.因为k8s展示的日志是从/dev/stdout /dev/stderr 里获取的