【Kubernetes】第二十五篇 - 布署 nodejs 后端项目（下）

一，前言

上一篇，介绍了部署后端项目之前，需要的准备的相关配置信息；

本篇，创建 Deployment、Service 完成后端项目布署；

---

二，解决 jenkins 安全问题

构建 docker 镜像之后，登录 docker 会提示有安全问题：

这是由于在脚本中使用了眀文用户名、密码进行登录所导致的；

jenkins 中的项目构建脚本：

#!/bin/bash
time=$(date "+%Y%m%d%H%M%S")
npm install --registry=https://registry.npm.taobao.org
docker build -t 47.94.92.122:8082/cicd-backend:$time .
docker login -u admin -p Wz@19880818 47.94.92.122:8082
docker push 47.94.92.122:8082/cicd-backend:$time

修改为使用环境变量用户名、密码：

#!/bin/bash
time=$(date "+%Y%m%d%H%M%S")
npm install --registry=https://registry.npm.taobao.org
docker build -t 47.94.92.122:8082/cicd-backend:$time .
docker login -u $DOCKER_LOGIN_USERNAME -p $DOCKER_LOGIN_PASSWORD 47.94.92.122:8082
docker push 47.94.92.122:8082/cicd-backend:$time

如何提供环境变量：

这样，用户名密码写到了环境变量，那么用户名密码是怎么来的呢？

它会去读一个 jenkins 凭据：主页-系统管理-凭据

登录成功了

---

三、创建后端 Deployment

创建一个 pod：创建一个 kind: pod；
创建多个 pod：创建一个 kind: Deployment;

Deployment 对象，会创建出一个副本集，这个副本集可以控制 pod 数量；

由于后端项目和前端项目都是无状态的，为了便于演示各部署两份

[root@k8s-master cicd]# vi deployment-cicd-backend.yamlapiVersion: apps/v1
kind: Deployment
metadata:name: cicd-backend
spec:selector:matchLabels:app: cicd-backendreplicas: 2 #两个副本template:metadata:labels:app: cicd-backend #必须和selector-cicd-backend对应spec:imagePullSecrets:- name: private-registrycontainers:- name: cicd-backendimagePullPolicy: Alwaysimage: "47.94.92.122:8082/cicd-backend:20220111113749"ports:- containerPort: 7001env: #注入后端需要的5个环境变量- name: MYSQL_HOSTvalueFrom:configMapKeyRef:name: mysql-configkey: host- name: MYSQL_PORTvalueFrom:configMapKeyRef:name: mysql-configkey: port- name: MYSQL_DATABASEvalueFrom:configMapKeyRef:name: mysql-configkey: database- name: MYSQL_USERvalueFrom:secretKeyRef:name: mysql-authkey: username     - name: MYSQL_PASSWORDvalueFrom:secretKeyRef:name: mysql-authkey: password    

上边配置涉及到的 configMap：

[root@k8s-master ~]# kubectl get configMap mysql-config
NAME           DATA   AGE
mysql-config   3      3d19h[root@k8s-master ~]# kubectl get configMap mysql-config -o yaml
apiVersion: v1
data: #三个值database: cicdhost: service-cicd-mysqlport: "8899"
kind: ConfigMap

上边配置涉及到的 Secret：

[root@k8s-master ~]# kubectl get secret mysql-auth
NAME         TYPE     DATA   AGE
mysql-auth   Opaque   2      4d2h[root@k8s-master ~]# kubectl get secret mysql-auth -o yaml
apiVersion: v1
data:password: MTIzNDU2username: cm9vdA==
kind: Secret[root@k8s-master ~]# echo cm9vdA== | base64 -d
root
[root@k8s-master ~]# echo MTIzNDU2 | base64 -d
123456

生效配置

// 生效配置
[root@k8s-master cicd]# kubectl apply -f deployment-cicd-backend.yaml
deployment.apps/cicd-backend created// 两个副本
[root@k8s-master cicd]# kubectl get pods
NAME                           READY   STATUS              RESTARTS   AGE
cicd-backend-98b5d4f57-jndvd   0/1     ContainerCreating   0          2s
cicd-backend-98b5d4f57-qjvch   0/1     ContainerCreating   0          2s
cicd-mysql-745975859b-gpwzh    1/1     Running             7          4d3h// 稍等约 30 秒
[root@k8s-master cicd]# kubectl get pods
NAME                           READY   STATUS    RESTARTS   AGE
cicd-backend-98b5d4f57-jndvd   1/1     Running   0          26s
cicd-backend-98b5d4f57-qjvch   1/1     Running   0          26s
cicd-mysql-745975859b-gpwzh    1/1     Running   7          4d3h

---

四，创建后端 Service

[root@k8s-master cicd]# vi service-cicd-backend.yamlapiVersion: v1
kind: Service
metadata:name: service-cicd-backend
spec:selector:app: cicd-backend #deploymentports:- protocol: TCPport: 7001 #服务内部的端口号targetPort: 7001 #容器内部向外暴露的端口号Dockerfile中的EXPOSEtype: NodePort

[root@k8s-master cicd]# kubectl apply -f  service-cicd-backend.yaml
service/service-cicd-backend created[root@k8s-master cicd]# kubectl get svc
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
kubernetes             ClusterIP   10.96.0.1       <none>        443/TCP          20d
service-cicd-backend   NodePort    10.97.144.175   <none>        7001:30174/TCP   44s
service-cicd-mysql     NodePort    10.108.224.96   <none>        8899:32154/TCP   4d2h
service-pay-v1         NodePort    10.97.250.199   <none>        80:30114/TCP     6d21h
service-user-v1        NodePort    10.104.13.40    <none>        80:31071/TCP     19d// 删掉不用的 service：service-pay、service-user，释放资源
[root@k8s-master cicd]# kubectl delete service service-pay-v1 service-user-v1 
service "service-pay-v1" deleted
service "service-user-v1" deleted// 查 ip
[root@k8s-master cicd]# cat /etc/hosts
::1	localhost	localhost.localdomain	localhost6	localhost6.localdomain6
127.0.0.1	localhost	localhost.localdomain	localhost4	localhost4.localdomain4172.17.178.106	k8s-node172.17.178.105	k8s-master
172.17.178.105	k8s-master	k8s-master// 通过 service 访问服务接口
[root@k8s-master cicd]# curl http://172.17.178.105:30174/user/list
curl: (7) Failed connect to 172.17.178.105:30174; 拒绝连接

访问失败，看下 pod：

[root@k8s-master cicd]# kubectl get pods
NAME                           READY   STATUS             RESTARTS   AGE
cicd-backend-98b5d4f57-jndvd   0/1     CrashLoopBackOff   3          8m41s
cicd-backend-98b5d4f57-qjvch   1/1     Running            4          8m41s
cicd-mysql-745975859b-gpwzh    1/1     Running            8          4d3h// 过了一会，全都完蛋了
[root@k8s-master cicd]# kubectl get pods
NAME                           READY   STATUS             RESTARTS   AGE
cicd-backend-98b5d4f57-jndvd   0/1     CrashLoopBackOff   4          9m37s
cicd-backend-98b5d4f57-qjvch   0/1     CrashLoopBackOff   4          9m37s
cicd-mysql-745975859b-gpwzh    0/1     CrashLoopBackOff   8          4d3h// 重启 mysql
[root@k8s-master cicd]# kubectl delete deploy cicd-mysql
deployment.apps "cicd-mysql" deleted
[root@k8s-master cicd]# kubectl apply -f deployment-cicd-mysql.yaml
deployment.apps/cicd-mysql created
[root@k8s-master cicd]# kubectl get pods
NAME                          READY   STATUS    RESTARTS   AGE
cicd-mysql-745975859b-c4b6p   1/1     Running   0          8s// 2 个 pod 副本负载比较大 ，修改配置，改成 1 个 pod
[root@k8s-master cicd]# kubectl get pods
NAME                           READY   STATUS    RESTARTS   AGE
cicd-backend-98b5d4f57-ftrdk   1/1     Running   0          6s
cicd-mysql-745975859b-c4b6p    1/1     Running   0          99s

重新测试访问：

[root@k8s-master cicd]# curl http://172.17.178.105:30174/user/list
{"message":"ok2","success":true,"code":200,"data":[]}

至此，后端项目就部署完成了

---

五，结尾

本篇，创建 Deployment、Service 完成后端项目布署；

下一篇，部署前端项目；