dockerfile制作镜像及k8s中应用

以下制作nginx镜像过程,分以下几步
1.制作dockerfile文件
包括nginx.sh的nginx安装脚本
2.制作ngx-depoly.yaml文件
包括k8s service,deployment,pv,pvc,nfs
流程如下:

以下是具体内容

制作dockerfile

#mkdir /root/dockerfile
#cd /root/dockerfile
#touch Dockerfile
#mkdir nginx制作dockerfile文件
root&＃64;:#cat Dockerfile
#Centos based container with tengine2.2
FROM docker.io/centos
MAINTAINER wbb-20181207 wbb&＃64;qq.com#prepare java environment
ENV LD_LIBRARY_PATH /usr/local/luajit/lib:$LD_LIBRARY_PATH
ENV LUAJIT_INC /usr/local/luajit/include/luajit-2.0
ENV LUAJIT_LIB /usr/local/luajit/lib#copy jdk tomcat to container
ADD nginx.tar.gz /root/RUN cd /root/nginx/ \
&& sh ngxinstall.sh \ #nginx.sh安装脚本单独用脚本编写,下面有展示
&& ln -sf /dev/stdout /var/log/nginx/access.log \ #让nginx日志在k8s的web-ui里显示出来,如下图
&& ln -sf /dev/stderr /var/log/nginx/error.log#private expose
EXPOSE 80 #START NGINX
#ENTRYPOINT [ "/usr/local/nginx/sbin/nginx", "-g", "daemon off;" ]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"] 一定要前台运行,不然k8s在deploy中无法创建成功

cd /root/dockerfile
docker build -t nginx:v4 .

安装过程部分截图

ngxinstall.sh 安装脚本,在dockerfile中引用,以下安装脚本最好先在1台机器测试好,没问题直接在dockerfile引用即可

制作nginx.sh的nginx安装脚本

root&＃64;:#cat ngxinstall.sh
#!/bin/bash
path&＃61;$(pwd)#安装依赖包
yum makecache
yum -y install gcc gcc-c&＃43;&＃43; patch make openssl openssl-devel file#解压
tar zxvf $path/tar/tengine-2.2.0.tar.gz -C $path/src/
#tar zxvf $path/tar/openssl-1.0.2p.tar.gz -C $path/src/
tar zxvf $path/tar/zlib-1.2.11.tar.gz -C $path/src/
tar zxvf $path/tar/nginx-accesskey.tar.gz -C $path/src/
tar zxvf $path/tar/pcre-8.40.tar.gz -C $path/src/
tar zxvf $path/tar/waf.tar.gz -C $path/src/
tar zxvf $path/tar/nginx_tcp_proxy_module-master.tar.gz -C $path/src/
tar zxvf $path/tar/LuaJIT-2.0.5.tar.gz -C $path/src/
tar zxvf $path/tar/ngx_devel_kit-0.2.19.tar.gz -C $path/src/
tar zxvf $path/tar/lua-nginx-module-0.9.5rc2.tar.gz -C $path/src/#环境变量
echo "export LD_LIBRARY_PATH&＃61;/usr/local/luajit/lib:$LD_LIBRARY_PATH" >> /etc/profile
echo "export LUAJIT_INC&＃61;/usr/local/luajit/include/luajit-2.0" >> /etc/profile
echo "export LUAJIT_LIB&＃61;/usr/local/luajit/lib" >> /etc/profile && source /etc/profilesource /etc/profile
cd $path/src/LuaJIT-2.0.5
make PREFIX&＃61;/usr/local/luajit
make install PREFIX&＃61;/usr/local/luajit#tengine
#useradd -s /sbin/nologin nginx
cd $path/src/tengine-2.2.0
patch -p1 <$path/src/nginx_tcp_proxy_module-master/tcp.patch./configure --user&＃61;root --group&＃61;root \
--prefix&＃61;/usr/local/nginx \
--lock-path&＃61;/var/run/nginx.lock \
--error-log-path&＃61;/var/log/nginx/error.log \
--http-log-path&＃61;/var/log/nginx/access.log \
--http-client-body-temp-path&＃61;/var/cache/nginx/client_temp \
--http-proxy-temp-path&＃61;/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path&＃61;/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path&＃61;/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path&＃61;/var/cache/nginx/scgi_temp \
--pid-path&＃61;/var/run/nginx.pid \
--add-module&＃61;../ngx_devel_kit-0.2.19 \
--add-module&＃61;../lua-nginx-module-0.9.5rc2 \
--add-module&＃61;../nginx-accesskey-2.0.3 \
--add-module&＃61;../nginx_tcp_proxy_module-master \
--with-pcre&＃61;../pcre-8.40 \
--with-zlib&＃61;../zlib-1.2.11 \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_auth_request_module \
--with-http_v2_module \
--with-http_addition_module \
--with-http_sub_module \
--with-file-aio \
--with-cc-opt&＃61;&＃39;-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE&＃61;2 -fexceptions -fstack-protector --param&＃61;ssp-buffer-size&＃61;4 -m64 -mtune&＃61;generic&＃39; \
--with-ld-opt&＃61;-Wl,-rpath,/usr/local/libsource /etc/profile
make
make install#以下是把相关的配置文件也写好,直接复制过去即可,只包括一些模块文件,具体的域名的.conf文件在后面引用即可
cp $path/src/nginx.conf /usr/local/nginx/conf/
cp $path/src/proxy.conf /usr/local/nginx/conf/
cp $path/src/error.conf /usr/local/nginx/conf/
cp -r $path/src/html /usr/local/nginx/
cp -r $path/src/waf /usr/local/nginx/conf/
mkdir -p /usr/local/nginx/vhost
mkdir -p /usr/local/nginx/tcp
cp $path/src/default.conf /usr/local/nginx/vhost/
cp $path/src/tcp.conf /usr/local/nginx/tcp/ #支持tcp模块
rm -rf /root/nginx #删除安装文件

制作ngx-depolyment.yaml文件

---
#定义nginx命名空间
apiVersion: v1
kind: Namespace
metadata:name: k8s-go---
#定义nginx svc
apiVersion: v1
kind: Service
metadata:name: k8s-nginxnamespace: k8s-golabels:app: k8s-nginx
spec:type: NodePortports:- port: 80targetPort: 80nodePort: 10280protocol: TCP#clusterIP: 169.169.249.80selector:app: k8s-nginx---apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-deploynamespace: k8s-golabels:app: k8s-nginx
spec:replicas: 1selector:matchLabels:app: k8s-nginxtemplate:metadata:labels:app: k8s-nginxannotations:app: nginx-clousterspec:containers:- name: nginximage: 172.16.0.2:5000/nginx:v4 #从私有仓加载imagePullPolicy: Always #只从私有仓加载,不放到node节点volumeMounts:- mountPath: /usr/local/wwwname: nginx-data#- mountPath: /etc/nginx/conf.d# name: nginx-confresources:limits:cpu: 300mmemory: 3000Mirequests:cpu: 100mmemory: 100Miports:- containerPort: 80volumes:- name: nginx-datapersistentVolumeClaim:claimName: nginx-data-nfs-pvc #挂载nginx 数据文件pvc,后面展示详细pv,pvc内容- name: nginx-confpersistentVolumeClaim:claimName: nginx-conf-nfs-pvc #挂载nginx 域名配置文件pvc,后面展示详细pv,pvc内容#volumes:# - name: nginx-nfs# nfs:# server: 172.16.0.2# path: /data/nfs-storage/nginx


制作nginx-data-nfs-pv nginx-data-nfs-pvc

#root&＃64;:#cat ngx-data-nfs-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:name: nginx-data-nfs-pvnamespace: k8s-golabels:pv: nginx-data-pv
spec:capacity:storage: 5GiaccessModes:- ReadWriteManynfs:server: 172.16.0.2path: "/data/nfs-storage/nginx/data/"
-----
#root&＃64;:#cat ngx-data-nfs-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: nginx-data-nfs-pvcnamespace: k8s-go
spec:accessModes:- ReadWriteManyresources:requests:storage: 5Giselector:matchLabels:pv: nginx-data-pv


制作nginx-conf-nfs-pv nginx-conf-nfs-pvc

#root&＃64;:#cat ngx-conf-nfs-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:name: nginx-conf-nfs-pv #命名最好规范一下,方便后面使用namespace: k8s-golabels:pv: nginx-conf-pv #pvc绑定此pv这里是通过标签来选择,所以要保持一致
spec:capacity:storage: 500MiaccessModes:- ReadWriteManynfs:server: 172.16.0.2 #已搭建的nfspath: "/data/nfs-storage/nginx/conf/"-----
#root&＃64;:#cat ngx-conf-nfs-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: nginx-conf-nfs-pvcnamespace: k8s-go
spec:accessModes:- ReadWriteManyresources:requests:storage: 500Miselector: #通过标签选择器来绑定相应pvcmatchLabels:pv: nginx-conf-pv

制作NFS

#root&＃64;:#cat /etc/exports
/data/nfs-storage/nginx *(rw,insecure,sync,no_subtree_check,no_root_squash)
/data/nfs-storage/tomcat *(rw,insecure,sync,no_subtree_check,no_root_squash)
/data/nfs-storage/app *(rw,insecure,sync,no_subtree_check,no_root_squash)#root&＃64;:#ls
conf data sslconf里为相应域名的.conf文件,例如default.conf
data里为相应域名的.conf文件里的静态文件加载路径,此处不要搞错
ssl里为相应域名的证书文件,例如default.pem,default.key及ssh.conf配置文件

k8s dashboard中显示的生成的nginx pod,

外网访问显示测试页

nginx日志在web-ui中显示,要在此显示日志,就必须在dockerfile中定义,不然是不是会显示的.因为k8s展示的日志是从/dev/stdout /dev/stderr 里获取的