文章目录
- k8s一键部署nginx+php+mysql+WordPress
- 一、docker主机准备工作
- 1.配置站点目录wordpress
- 1)目录结构
- 2)配置wordpress信息
- 1> 配置账户与密码
- 2> 授权脚本
- 2.构建镜像
- 3.打标签上传
- 一、配置安装Ingress
- 1.配置安装Ingress
- 1)安装Ingress
- 2)创建HTTPS证书
- 2)配置到清单
- 4)另外,主要是为了配上https加密
- 二、k8s一键搭建wordpress
- 1.准备配置清单
- 1)配置清单结构
- 2)编写配置清单
- 3)部署证书
- 3.一键部署
- 1)部署wordpress
- 2)查询访问端口
- 3)浏览器访问测试
- 4)报错解决
- 1> 报错
- 2> 报错解决
k8s一键部署nginx+php+mysql+WordPress
一、docker主机准备工作
- 项目准备流程参考:
- 以下准备工作,在docker主机操作即可
1.配置站点目录wordpress
1)目录结构
[root@docker1 ~]# tree -d -L 3 /code/wordpress
/code/wordpress
├── mysql
├── nginx
│ └── wordpress
│ ├── wp-admin
│ ├── wp-content
│ └── wp-includes
└── php
└── wordpress
├── wp-admin
├── wp-content
└── wp-includes
2)配置wordpress信息
1> 配置账户与密码
- 主要修改PHP与nginx内的wp-config.php
- PHP与nginx内的wp-config.php信息需一致
[root@docker1 ~ ]# vim /code/nginx/wordpress/wp-config.php
[root@docker1 ~ ]# vim /code/php/wordpress/wp-config.php
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress' );
/** MySQL database username */
define( 'DB_USER', 'wp' );
/** MySQL database password */
define( 'DB_PASSWORD', '123' );
/** MySQL hostname */
define( 'DB_HOST', 'mysql.mysql.svc.cluster.local' );
# debug开启为true状态
* @link https://wordpress.org/support/article/debugging-in-wordpress/
define( 'WP_DEBUG', true );
2> 授权脚本
- 授权脚本需增加k8s的10网段,且账户、密码要与上述对应
[root@docker1 mysql]# cat /code/mysql/privileges.sql
use mysql;
grant all on wordpress.* to wp@'10.244.%.%' identified by '123';
grant all on wordpress.* to wp@'172.18.0.%' identified by '123';
SET PASSWORD=PASSWORD('123');
flush privileges;
2.构建镜像
# 构建nginx
[root@docker1 ~]# cd /code/wordpress/nginx/
[root@docker1 nginx]# docker build -t lnmp-nginx-wp:v2 .
# 构建PHP
[root@docker1 ~]# cd /code/wordpress/php/
[root@docker1 php]# docker build -t lnmp-php-wp:v2 .
# 构建mysql
[root@docker1 ~]# cd /code/wordpress/mysql/
[root@docker1 php]# docker build -t lnmp-mysql-wp:v2 .
3.打标签上传
# 打标签
docker tag lnmp-nginx-wp:v2 18954354671/lnmp-nginx-wp:v2
docker tag lnmp-php-wp:v2 18954354671/lnmp-php-wp:v2
docker tag lnmp-mysql-wp:v2 18954354671/lnmp-mysql-wp:v2
# 上传
docker push 18954354671/lnmp-nginx-wp:v2
docker push 18954354671/lnmp-php-wp:v2
docker push 18954354671/lnmp-mysql-wp:v2
一、配置安装Ingress
- 以下操作在k8s-master1上执行
1.配置安装Ingress
- nginx ingress : 性能强
- traefik :原生支持k8s
- istio : 服务网格,服务流量的治理
1)安装Ingress
# 下载Ingress Nginx配置清单
[root@k8s-master1 ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/baremetal/deploy.yaml
# 修改镜像
[root@k8s-master1 ~]# sed -i 's#k8s.gcr.io/ingress-nginx/controller:v0.44.0@sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a#registry.cn-hangzhou.aliyuncs.com/k8sos/ingress-controller:v0.44.0#g' deploy.yaml
# 开始部署
[root@k8s-master1 ~]# kubectl apply -f deploy.yaml
# 检查
[root@k8s-master1 ~]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-g9brk 0/1 Completed 0 3d22h
ingress-nginx-admission-patch-tzlgf 0/1 Completed 0 3d22h
ingress-nginx-controller-8494fd5b55-wpf9g 1/1 Running 0 3d22h
2)创建HTTPS证书
- www.wp.local 是你要指定访问的域名,勿复制
openssl genrsa -out tls.key 2048
openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.wp.local
2)配置到清单
- 举例,勿复制,下面有完整的配置清单
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: wordpress
namespace: wordpress
spec:
tls: # 此处是添加了证书加密(给https用)
- secretName: ingress-tls
rules:
- host: www.wp.local
http:
paths:
- path: /
backend:
serviceName: wordpress
servicePort: 80
4)另外,主要是为了配上https加密
- 举例,勿复制,下面有完整的配置清单
apiVersion: v1
kind: Service
metadata:
name: wordpress
namespace: wordpress
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 30080
- name: https # 此处是添加了https加密访问,暴露给443端口
port: 443
targetPort: 443
protocol: TCP
selector:
app: wordpress
二、k8s一键搭建wordpress
- 以下操作在k8s-master1上执行
1.准备配置清单
1)配置清单结构
指定mysql的Namespace
---
指定mysql服务于端口号
---
配置mysql的Pod信息与镜像来源
---
指定wordpress的Namespace
---
指定wordpress的协议端口与代理端口
---
配置wordpress的Pod信息与镜像来源
2)编写配置清单
cat > configlist.yaml <<EOF
apiVersion: v1
kind: Namespace
metadata:
name: mysql
---
kind: Service
apiVersion: v1
metadata:
name: mysql
namespace: mysql
spec:
ports:
- name: http
port: 3306
targetPort: 3306
selector:
app: mysql
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: name-mysql
namespace: mysql
spec:
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: 18954354671/lnmp-mysql-wp:v2
---
apiVersion: v1
kind: Namespace
metadata:
name: wordpress
---
apiVersion: v1
kind: Service
metadata:
name: wordpress
namespace: wordpress
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 30080
- name: https # 此处是添加了https加密访问,暴露给443端口
port: 443
targetPort: 443
protocol: TCP
selector:
app: wordpress
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: wordpress
namespace: wordpress
spec:
selector:
matchLabels:
app: wordpress
template:
metadata:
labels:
app: wordpress
spec:
containers:
- name: php
image: 18954354671/lnmp-php-wp:v2
- name: nginx
image: 18954354671/lnmp-nginx-wp:v2
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: wordpress
namespace: wordpress
spec:
tls:
- secretName: ingress-tls
rules:
- host: www.wp.local
http:
paths:
- path: /
backend:
serviceName: wordpress
servicePort: 80
EOF
3)部署证书
- 指定证书需要指定位置,若是在当前路径,则直接指定证书名即可
- -n:指定NameSpace,因部署的是wordpress,所以指定为wordpress
kubectl -n wordpress create secret tls ingress-tls --cert=tls.crt --key=tls.key
3.一键部署
1)部署wordpress
# 部署成功
[root@k8s-master1 ~]# kubectl apply -f configlist/configlist.yaml
namespace/mysql created
service/mysql created
deployment.apps/name-mysql created
namespace/wordpress created
service/wordpress created
deployment.apps/wordpress created
# 获取mysql部署状态
[root@k8s-master1 ~]# kubectl get pod -n mysql
NAME READY STATUS RESTARTS AGE
name-mysql-b4bf8995d-x58ws 1/1 Running 0 47s
# 获取PHP与nginx的wordpress部署状态
[root@k8s-master1 ~]# kubectl get pod -n wordpress
NAME READY STATUS RESTARTS AGE
wordpress-5fdbdbc89b-s4sp6 2/2 Running 0 55s
2)查询访问端口
# 获取IP
[root@k8s-master1 ~]# ifconfig eth0 | awk 'NR==2{print $2}'
192.168.12.11
# 获取ip访问的端口号:30080
[root@k8s-master1 ~]# kubectl get svc -n wordpress
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
wordpress NodePort 10.104.232.147 <none> 80:30080/TCP,443:30151/TCP 10m
# 获取域名访问的端口号:32719
[root@k8s-master1 configlist]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.110.220.172 <none> 80:30985/TCP,443:32719/TCP 4h29m
ingress-nginx-controller-admission ClusterIP 10.97.26.129 <none> 443/TCP 4h29m
3)浏览器访问测试
# 将ip与域名写进Windows的hosts进行解析
windows hosts: 192.168.12.11 www.wp.local
# 浏览器访问测试http模式:
192.168.12.11:30080 # 访问ip+端口
http://www.wp.local:30080 # 访问域名+端口
# 浏览器访问测试https模式:
https://www.wp.local:32719/wp-admin/install.php # 访问域名+端口
4)报错解决
1> 报错
# 报错内容
警告:mysqli_real_connect():(HY000 / 1130):不允许主机“ 10.244.1.97”连接到第1653行的/usr/share/nginx/html/wp-includes/wp-db.php中的此MySQL服务器
Host '10.244.1.97' is not allowed to connect to this MySQL server
# 报错原因
上面授权时可能漏掉授权步骤,导致 10.244.1.% 网段没授权,也有可能生成的ip超出了10.244.1的范围
# 进入容器后查看,果然超出了1的范围,所以即便是授权了1也无用
mysql> select user,host from mysql.user;
+---------------+------------+
| user | host |
+---------------+------------+
| wp | 10.244.2.% |
| wp | 172.18.0.% |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+------------+
2> 报错解决
- 解决方案:授权一下即可,建议最初直接授权双网段
[root@k8s-master1 ~]# kubectl exec -it -n mysql name-mysql-b4bf8995d-x58ws -- bash
root@name-mysql-b4bf8995d-x58ws:/# mysql -p123
grant all on wordpress.* to wp@'10.244.%.%' identified by '123';
mysql> flush privileges;
# 再次查看,授权成功,访问也没问题了
mysql> select user,host from mysql.user;
+---------------+------------+
| user | host |
+---------------+------------+
| wp | 10.244.%.% |
| wp | 10.244.2.% |
| wp | 172.18.0.% |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+------------+
7 rows in set (0.00 sec)