基于基础的linux系统(centos/ubuntu/alpine)镜像，制作Nginx基础镜像
Centos基础镜像制作
tree /opt/k8s-data/dockerfile/system/centos
├── build-command.sh
├── Dockerfile
└── filebeat-6.8.1-x86_64.rpm

Dockerfile文件内容

FROM harbor.magedu.net/baseimages/centos:7.6.1810 
ADD filebeat-6.8.1-x86_64.rpm /tmp/ 
RUN yum install -y epel-release /tmp/filebeat-6.5.4-x86_64.rpm && rm -rf /tmp/filebeat-6.5.4-x86_64.rpm 
RUN yum install -y vim wget tree pcre pcre-devel gcc gcc-c++ zlib zlib-devel openssl openssl-devel net-tools iotop unzip zip iproute ntpdate nfs-utils tcp dump telnet traceroute 
RUN rm -rf /etc/localtime && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

build-command脚本

#!/bin/bash docker build -t harbor.magedu.net/baseimages/centos-base:v7.6 . 
sleep 1 
docker push harbor.magedu.net/baseimages/centos-base:v7.6

执行构建centos 基础镜像
bash build-command.sh

Nginx 基础镜像制作
tree /opt/k8s-data/dockerfile/pub-images/nginx-base
├── build-command.sh
├── Dockerfile
└── nginx-1.14.2.tar.gz

Dockerfile文件内容

#Nginx Base Image 
FROM harbor.magedu.net/baseimages/centos-base:v7.6 
RUN yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop 
ADD nginx-1.14.2.tar.gz /usr/local/src/ 
RUN cd /usr/local/src/nginx-1.14.2 && ./configure && make && make install && ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx && useradd nginx -u 2001

build-command脚本

#!/bin/bash docker build -t harbor.magedu.net/pub-images/nginx-base:v1.14.2 . 
sleep 1 
docker push harbor.magedu.net/pub-images/nginx-base:v1.14.2

执行构建Nginx基础镜像
bash build-command.sh

基于基础的linux系统(centos/ubuntu/alpine)镜像，制作JDK基础镜像、Tomcat镜像
JDK基础镜像制作
tree /opt/k8s-data/dockerfile/pub-images/jdk-1.8.212
├── build-command.sh
├── Dockerfile
├── jdk-8u212-linux-x64.tar.gz
└── profile

Dockerfile文件内容

#JDK Base Image 
FROM harbor.magedu.net/baseimages/centos-base:v7.6 
ADD jdk-8u212-linux-x64.tar.gz /usr/local/src/ 
RUN ln -sv /usr/local/src/jdk1.8.0_212 /usr/local/jdk && groupadd tomcat -g 2018 && useradd tomcat -u 2018 -g 2018 
ADD profile /etc/profile 
ENV JAVA_HOME /usr/local/jdk 
ENV JRE_HOME $JAVA_HOME/jre 
ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/ 
ENV PATH $PATH:$JAVA_HOME/bin

build-command脚本

#!/bin/bash docker build -t harbor.magedu.net/pub-images/jdk-base:v8.212 . 
sleep 1 
docker push harbor.magedu.net/pub-images/jdk-base:v8.212

执行构建JDK基础镜像
bash build-command

tomcat基础镜像制作
tree /opt/k8s-data/dockerfile/pub-images/tomcat-base
├── apache-tomcat-8.5.43.tar.gz
├── build-command.sh
└── Dockerfile

Dockerfile文件内容

#JDK Base Image 
FROM harbor.magedu.net/pub-images/jdk-base:v8.212 
RUN mkdir /apps /data/tomcat/webapps /data/tomcat/logs -pv 
ADD apache-tomcat-8.5.43.tar.gz /apps 
RUN ln -sv /apps/apache-tomcat-8.5.43 /apps/tomcat && chown -R tomcat.tomcat /apps /data -R 
#ADD filebeat-6.4.2-x86_64.rpm /tmp/ 
#RUN yum install -y /tmp/filebeat-6.4.2-x86_64.rpm && rm -rf /tmp/filebeat-6.4.2- x86_64.rpm

build-command脚本

#!/bin/bash docker build -t harbor.magedu.net/pub-images/tomcat-base:v8.5.43 . 
sleep 1 
docker push harbor.magedu.net/pub-images/tomcat-base:v8.5.43

构建tomcat基础镜像
bash build-command

tomcat业务镜像app1制作
tree /opt/k8s-data/dockerfile/linux36/tomcat-app1
├── app1.tar.gz
├── build-command.sh
├── catalina.sh
├── Dockerfile
├── filebeat.yml
├── myapp
│ └── index.html
├── run_tomcat.sh
└── server.xml

Dockerfile文件内容

#tomcat web1 
FROM harbor.magedu.net/pub-images/tomcat-base:v8.5.43 
ADD catalina.sh /apps/tomcat/bin/catalina.sh 
ADD server.xml /apps/tomcat/conf/server.xml 
#ADD myapp/* /data/tomcat/webapps/myapp/ 
ADD app1.tar.gz /data/tomcat/webapps/myapp/ 
ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh 
#ADD filebeat.yml /etc/filebeat/filebeat.yml 
RUN chown -R tomcat.tomcat /data/ /apps/ 
EXPOSE 8080 8443 
CMD ["/apps/tomcat/bin/run_tomcat.sh"]

build-command脚本

#!/bin/bash TAG=$1 
docker build -t harbor.magedu.net/linux36/tomcat-app1:${TAG} . 
sleep 3 
docker push harbor.magedu.net/linux36/tomcat-app1:${TAG}

执行构建tomcat业务镜像
bash build-command.sh

k8s中nginx+tomcat实现动静分离
实现一个通用的nginx+tomcat动静分离web架构，即用户访问的静态页面和图片在由nginx直接响应，而动态请求则基于location转发至tomcat。
重点：Nginx基于tomcat的service name转发用户请求到tomcat业务app

Nginx业务镜像制作
tree /opt/k8s-data/dockerfile/linux36/nginx
├── build-command.sh
├── Dockerfile
├── index.html
├── nginx.conf
└── webapp
└── index.html

Dockerfile文件内容

#Nginx Base Image 
FROM harbor.magedu.net/pub-images/nginx-base:v1.14.2 
ADD nginx.conf /usr/local/nginx/conf/nginx.conf 
ADD webapp/* /usr/local/nginx/html/webapp/ 
ADD index.html /usr/local/nginx/html/index.html 
#RUN mkdir /usr/local/nginx/html/webapp/about /usr/local/nginx/html/webapp/images EXPOSE 80 443 
CMD ["nginx"]

build-command脚本

#!/bin/bash docker build -t harbor.magedu.net/linux36/nginx-web1:v1 . 
sleep 1 
docker push harbor.magedu.net/linux36/nginx-web1:v1

nginx配置文件

upstream tomcat_webserver { 
    server linux36-tomcat-app1-service.linux36.svc.linux36.local:80; 
}
server {
    location /myapp{
        proxy_pass http://tomcat_webserver; 
        proxy_set_header Host $host; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_set_header X-Real-IP $remote_addr; 
    } 
}

执行构建Nginx 业务镜像
bash build-command

基于NFS实现动静分离
图片的上传由后端服务器tomcat完成，图片的读取由前端的nginx响应，就需要nginx与tomcat的数据保持一致性，因此需要将数据保存到k8s环境外部的存储服务器，然后再挂载到各nginx与tomcat 的容器中进行相应的操作。

http://docs.kubernetes.org.cn/429.html #存储卷类型及使用

NFS 服务器环境准备

# mkdir /data/linux36/images #图片目录 
# mkdir /data/linux36/static #静态文件目录 
# vim /etc/exports 
/data/linux36 *(rw,no_root_squash) 
# systemctl restart nfs-server

NFS客户端挂载并测试写入文件

mount -t nfs 192.168.7.108:/data/linux36 /mnt
cp /etc/passwd /mnt/ #必须能够写入数据

nginx 业务容器yaml

kind:Deployment
apiVersion:extensions/v1beta1
metadata:
    labels:
        app:linux36-nginx-deployment-label
        name:linux36-nginx-deployment
        namespace:linux36
spec:
    replicas:1
    selector:
    matchLabels:
        app:linux36-nginx-selector
    template:
        metadata:
            labels:
                app:linux36-nginx-selector
    spec:
    containers:
        - name:linux36-nginx-container
            image:harbor.magedu.net/linux36/nginx-web1:v1
            #command:["/apps/tomcat/bin/run_tomcat.sh"]
            #imagePullPolicy:IfNotPresent
            imagePullPolicy:Always
    ports:
        - containerPort:80
            protocol:TCP
            name:http
        - containerPort:443
            protocol:TCP
            name:https
    env:
        - name:"password"
        value:"123456"
        - name:"age"
        value:"18"
    resources:
        limits:
            cpu:2
            memory:2Gi
        requests:
            cpu:500m
            memory:1Gi
            volumeMounts:
            - name: linux36-images
                mountPath: /usr/local/nginx/html/webapp/images
                readOnly: false
            - name: linux36-static
                mountPath: /usr/local/nginx/html/webapp/static
                readOnly: false
                volumes: #kubectl explain Deployment.spec.template.spec.volumes
            - name: linux36-images
                nfs:
                    server: 192.168.7.108
                    path: /data/linux36/images
            - name: linux36-static
                nfs:
                    server: 192.168.7.108
                    path: /data/linux36/static
---
kind:Service
apiVersion:v1
metadata:
    labels:
        app:linux36-nginx-service-label
        name:linux36-nginx-service
        namespace:linux36
spec:
    type:
    NodePort
    ports:
        - name:http
            port:80
            protocol:TCP
            targetPort:80
            nodePort:30002
        - name:https
            port:443
            protocol:TCP
            targetPort:443
            nodePort:30443
    selector:
        app:linux36-nginx-selector

创建Nginx pod
kubectl apply -f nginx.yaml

pod中验证NFS挂载
kubectl get pods -n linux36

tomcat业务pod更新挂载

/opt/k8s-data/yaml/linux36/tomcat-app1/tomcat-app1.yaml
kind: Deployment 
apiVersion: extensions/v1beta1 
metadata: 
    labels: 
        app: linux36-tomcat-app1-deployment-label 
    name: linux36-tomcat-app1-deployment 
    namespace: linux36 
spec: 
    replicas: 1 
    selector: 
        matchLabels: 
            app: linux36-tomcat-app1-selector 
    template: 
        metadata: 
        labels: 
            app: linux36-tomcat-app1-selector 
    spec: 
        containers:
        - name: linux36-tomcat-app1-container 
            image: harbor.magedu.net/linux36/tomcat-app1:2019-08-02_11_02_30 
            #command: ["/apps/tomcat/bin/run_tomcat.sh"] 
            #imagePullPolicy: IfNotPresent 
            imagePullPolicy: Always 
            ports: 
            - containerPort: 8080 
                protocol: TCP 
                name: http 
        volumeMounts: 
            - name: linux36-images 
                mountPath: /data/tomcat/webapps/myapp/images 
                readOnly: false 
            - name: linux36-static 
                mountPath: /data/tomcat/webapps/myapp/static 
                readOnly: false 
                volumes: 
            - name: linux36-images 
                nfs:server: 192.168.7.108 
                path: /data/linux36/images 
            - name: linux36-static 
                nfs:
                    server: 192.168.7.108 
                    path: /data/linux36/static 
--- 
kind: Service 
apiVersion: v1 
metadata: 
    labels: 
        app: linux36-tomcat-app1-service-label 
    name: linux36-tomcat-app1-service 
    namespace: linux36 
spec: 
    type: NodePort 
        ports: 
            - name: http 
                port: 80 
                protocol: TCP
                targetPort: 8080 
                nodePort: 30003 
                selector: 
                app: linux36-tomcat-app1-selector

执行更新tomcat app1业务容器yaml
kubectl apply -f tomcat- app1.yaml

访问web测试
上传数据到NFS
tree /data/linux36

├── images
│ └── 1.jpg
└── static
└── index.html
访问nginx 业务pod
http://ip/myaopp/1.jpg

访问tomcat业务pod
http://ip:port/webapp/images/1.jpg