自定义镜像运行Nginx及Java服务并基于NAS实现动静分离

1.0 nginx+tomcat自动分离

       业务流程图:

 1.1 构建jdk与tomcat业务镜像与资源

 1、构建jdk镜像

       创建profile环境变量文件

root@master1:/dockerfile/web/jdk# cat profile 
export JAVA_HOME=/usr/local/jdk1.8.0_191
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

编写Dockerfile

root@master1:/dockerfile/web/jdk# cat Dockerfile 
FROM harbor.cncf.net/os/ubuntu:20.04
  
MAINTAINER LXH
 
LABEL description="jdk-1.8.191"
 
ADD jdk-8u191-linux-x64.tar.gz /usr/local/
 
ADD profile /etc/profile
 
ENV JAVA_HOME=/usr/local/jdk1.8.0_191
ENV PATH=$JAVA_HOME/bin:$PATH
ENV CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

构建镜像

root@master1:/dockerfile/web/jdk# nerdctl build -t harbor.cncf.net/baseimages/jdk:1.8.191 .

推送镜像到harbor

root@master1:/dockerfile/web/jdk# nerdctl push harbor.cncf.net/baseimages/jdk:1.8.191

2、构建tomcat镜像

root@master1:/dockerfile/web/tomcat# cat Dockerfile FROM harbor.cncf.net/baseimages/jdk:1.8.191 MAINTAINER LXH LABEL description="tomcat8.5.43" ADD apache-tomcat-8.5.43.tar.gz /usr/local RUN ln -sv /usr/local/apache-tomcat-8.5.43 /usr/local/tomcat

执行构建镜像

root@master1:/dockerfile/web/tomcat# cat build.sh #!/bin/bash DIR=$(pwd) nerdctl build -t harbor.cncf.net/web/tomcat:8.5.13 $DIR nerdctl push harbor.cncf.net/web/tomcat:8.5.13

3、构建tomcat业务镜像

创建业务镜像相关配置文件和启动文件
打包代码文件

root@master1:/dockerfile/project/tomcat# tar tf app1.tar.gz ./ ./index.html

镜像构建文件

root@master1:/dockerfile/project/tomcat# cat build-command.sh #!/bin/bash TAG=$1 nerdctl build -t harbor.cncf.net/project/tomcat-app1:${TAG} . nerdctl push harbor.cncf.net/project/tomcat-app1:${TAG}

tomcat容器前台启动文件

root@master1:/dockerfile/project/tomcat# cat run_tomcat.sh #!/bin/bash su - tomcat -c "/usr/local/tomcat/bin/catalina.sh start" tail -f /usr/local/tomcat/logs/catalina.out

创建Dockerfile

root@master1:/dockerfile/tomcat# cat Dockerfile FROM harbor.cncf.net/web/tomcat:8.5.13 MAINTAINER LXH ADD catalina.sh /usr/local/tomcat/bin/catalina.sh ADD server.xml /usr/local/tomcat/conf/server.xml ADD app1.tar.gz /data/tomcat/webapps/myapp/ ADD run_tomcat.sh /usr/local/tomcat/bin/run_tomcat.sh RUN useradd tomcat RUN chown -R tomcat.tomcat /data/ /usr/local/tomcat/ EXPOSE 8080 8443 CMD ["/usr/local/tomcat/bin/run_tomcat.sh"]

构建业务tomcat镜像

root@master1:/dockerfile/tomcat# ./build-command.sh 1.1.1

验证镜像仓库

运行tomcat业务镜像测试：

root@master1:/dockerfile/project/tomcat# nerdctl run -d -p 8080:8080 --name tomcat-app1 harbor.cncf.net/project/tomcat-app1:1.1.1 9a71d516ff74dfcd9fa4d34dbe4ea9644f8db43c3900102112c613db1f9053e4 root@master1:/dockerfile/project/tomcat# nerdctl logs -f tomcat-app1

准备站点资源文件
配置nfs文件共享

创建k8s业务资源文件

root@master1:/dockerfile/project/tomcat# cat tomcat-app1.yaml kind: Deployment apiVersion: apps/v1 metadata: labels: app: tomcat-app1-deployment-label name: tomcat-app1-deployment namespace: test spec: replicas: 1 selector: matchLabels: app: tomcat-app1 template: metadata: labels: app: tomcat-app1 spec: containers: - name: tomcat image: harbor.cncf.net/project/tomcat-app1:1.1.2 imagePullPolicy: IfNotPresent ports: - containerPort: 8080 protocol: TCP name: http volumeMounts: - name: tomcatapp1-images mountPath: /data/tomcat/webapps/myapp/images readOnly: false - name: tomcatapp1-static mountPath: /data/tomcat/webapps/myapp/static readOnly: false volumes: - name: tomcatapp1-images nfs: server: 192.168.100.15 path: /data/k8sdata/tomcatapp1/images - name: tomcatapp1-static nfs: server: 192.168.100.15 path: /data/k8sdata/tomcatapp1/static --- kind: Service apiVersion: v1 metadata: labels: app: tomcat-app1-svc-label name: tomcat-app1-svc namespace: test spec: ports: - name: http port: 80 protocol: TCP targetPort: 8080 selector: app: tomcat-app1

验证创建
1|2构建nginx业务镜像与资源
1、构建nginx镜像
创建构建脚本

root@master1:/dockerfile/web/nginx# cat build.sh #!/bin/bash DIR=$(pwd) nerdctl build -t harbor.cncf.net/web/nginx:1.20.2 $DIR nerdctl push harbor.cncf.net/web/nginx:1.20.2

创建Dockerfile

root@master1:/dockerfile/web/nginx# cat Dockerfile FROM harbor.cncf.net/os/ubuntu:20.04 MAINTAINER lxh #nginx build ADD nginx-1.20.2.tar.gz /usr/local/src/ RUN useradd nginx -s /sbin/nologin -M RUN cd /usr/local/src/nginx-1.20.2 && \ ./configure \ --user=nginx \ --group=nginx \ --prefix=/usr/local/nginx \ --with-http_stub_status_module \ --with-http_ssl_module \ --with-stream && \ make && make install RUN rm -fr /usr/local/src/nginx-1.20.2

执行构建

root@master1:/dockerfile/web/nginx# ./build.sh

2、构建nginx业务镜像
创建构建脚本

root@master1:/dockerfile/project/nginx# cat build-command.sh #!/bin/bash TAG=$1 nerdctl build -t harbor.cncf.net/project/nginx-web1:${TAG} . nerdctl push harbor.cncf.net/project/nginx-web1:${TAG}

创建Dockerfile业务镜像

root@master1:/dockerfile/project/nginx# cat Dockerfile FROM harbor.cncf.net/web/nginx:1.20.2 ADD nginx.conf /usr/local/nginx/conf/nginx.conf ADD app1.tar.gz /usr/local/nginx/html/webapp/ ADD index.html /usr/local/nginx/html/index.html #静态资源挂载路径 RUN mkdir -p /usr/local/nginx/html/webapp/static /usr/local/nginx/html/webapp/images EXPOSE 80 443 CMD ["/usr/local/nginx/sbin/nginx"]

创建nginx配置文件

root@master1:/dockerfile/project/nginx# cat nginx.conf user nginx nginx; worker_processes auto; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; daemon off; #取消后台启动 events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; upstream tomcat_webserver { server tomcat-app1-svc.test.svc.cluster.local:80; #tomcat的svc名称.+namespace名称.+svc.+k8s集群名称 } server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } location /webapp { root html; index index.html index.htm; } #反向代理tomcat后端服务 location /myapp { proxy_pass http://tomcat_webserver/myapp; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }

执行构建

root@master1:/dockerfile/project/nginx# ./build-command.sh 1.0

3、创建nginx k8s资源文件
创建nfs共享站点资源文件

创建nginx yaml

root@master1:/dockerfile/project/nginx# cat nginx.yaml kind: Deployment apiVersion: apps/v1 metadata: labels: app: nginx-deployment-label name: nginx-deployment namespace: test spec: replicas: 1 selector: matchLabels: app: nginx-app template: metadata: labels: app: nginx-app spec: containers: - name: nginx image: harbor.cncf.net/project/nginx-web1:1.0 imagePullPolicy: IfNotPresent ports: - containerPort: 80 protocol: TCP name: http - containerPort: 443 protocol: TCP name: https resources: limits: cpu: 500m memory: 512Mi requests: cpu: 500m memory: 256Mi volumeMounts: - name: images mountPath: /usr/local/nginx/html/webapp/images readOnly: false - name: static mountPath: /usr/local/nginx/html/webapp/static readOnly: false volumes: - name: images nfs: server: 192.168.100.15 path: /data/k8sdata/nginx/images - name: static nfs: server: 192.168.100.15 path: /data/k8sdata/nginx/static --- kind: Service apiVersion: v1 metadata: labels: app: nginx-svc-label name: nginx-svc namespace: test spec: type: NodePort ports: - name: http port: 80 protocol: TCP targetPort: 80 nodePort: 30180 - name: https port: 443 protocol: TCP targetPort: 443 nodePort: 31443 selector: app: nginx-app

查看创建资源

root@master1:/dockerfile/project/nginx# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-deployment-5b46c8db6c-8qnwd 1/1 Running 0 2m45s tomcat-app1-deployment-9bfb4846c-7wb9q 1/1 Running 0 98m root@master1:/dockerfile/project/nginx# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginx-svc NodePort 10.100.220.87  80:30180/TCP,443:31443/TCP 8m35s tomcat-app1-svc ClusterIP 10.100.151.84  80/TCP 98m

访问tomcat后端反向代理页面

tomcat后端资源文件

访问nginx前端页面

nginx前端资源文件