23、Kubernetes 实战 - 布署 nodejs 后端项目(中)
一,前言
上一篇,介绍了 nodejs 后端项目的布署(将后端项目构建成为 docker 镜像,并推送至镜像仓库);
部署后端之前,需要完成一下操作:
1,配置数据库连接信息、数据库账号,使项目连接到数据库;
2,配置私有镜像仓库认证信息;
本篇,后端项目连接数据库;
二,配置数据库连接信息
// config/config.prod.js
module.exports = () => {
const userConfig = {
mysql: {
client: {
host: process.env.MYSQL_HOST,
port: process.env.MYSQL_PORT,
database: process.env.MYSQL_DATABASE,
user: process.env.MYSQL_USER,
password: process.env.MYSQL_PASSWORD,
},
app: true,
agent: false,
}
};
console.log(userConfig);
return {
...userConfig,
};
};
需要配置 5 个数据库相关信息:主机名、端口号、db、用户名、密码,其中:
- 主机名、端口号、db 不敏感,无需加密可以放到 configMap 中;
- 用户名、密码比较敏感,需要放到会加密的 Secret 中;
备注:包含用户名、密码的 Secret 前面已经创建可以直接使用;
还需要再创建一个 configMap:
创建ConfigMap :mysql.config.yaml
[root@k8s-master cicd]# vi mysql.config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql-config
data:
host: "service-cicd-mysql" 通过服务名访问之前定义的mysql服务
port: "8899"内部访问端口
database: "cicd"
// 有一个警告,没关系
[root@k8s-master cicd]# kubectl apply -f mysql.config.yaml
Warning: resource configmaps/mysql-config is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
configmap/mysql-config configured
// 由于和之前的mysql-config重名了,所以被创建到了之前的mysql-config中
[root@k8s-master cicd]# kubectl get cm
NAME DATA AGE
env-from-dir 2 2d4h
env-from-file 1 2d4h
kube-root-ca.crt 1 16d
mysql-config 5 2d4h
mysql-config-file 2 2d4h
[root@k8s-master cicd]# kubectl get cm -o yaml
- apiVersion: v1
data:
MYSQL_HOST: 127.0.0.1
MYSQL_PORT: "3306"
database: cicd
host: service-cicd-mysql
port: "8899"
// 删除之前的相关configMap
[root@k8s-master cicd]# kubectl delete cm env-from-dir
configmap "env-from-dir" deleted
[root@k8s-master cicd]# kubectl delete cm env-from-file
configmap "env-from-file" deleted
[root@k8s-master cicd]# kubectl delete cm mysql-config
configmap "mysql-config" deleted
[root@k8s-master cicd]# kubectl delete cm mysql-config-file
configmap "mysql-config-file" deleted
// 删逛了
[root@k8s-master cicd]# kubectl get cm
NAME DATA AGE
kube-root-ca.crt 1 16d
// 重新 apply mysql-config
[root@k8s-master cicd]# kubectl apply -f mysql.config.yaml
configmap/mysql-config created
// mysql-config有 3 个 key
[root@k8s-master cicd]# kubectl get cm
NAME DATA AGE
kube-root-ca.crt 1 16d
mysql-config 3 63s
[root@k8s-master cicd]# kubectl get cm -o yaml
- apiVersion: v1
data:
database: cicd
host: service-cicd-mysql
port: "8899"
三,配置数据库账号信息
Secret 之前已经创建好了,可以直接使用;
[root@k8s-master cicd]# kubectl get secret mysql-auth -o yaml
apiVersion: v1
data:
password: MTIzNDU2
username: cm9vdA==
kind: Secret
metadata:
creationTimestamp: "2022-01-07T01:49:33Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:password: {}
f:username: {}
f:type: {}
manager: kubectl-create
operation: Update
time: "2022-01-07T01:49:33Z"
name: mysql-auth
namespace: default
resourceVersion: "2031029"
uid: 4b2f060f-2b8c-4f4d-803a-daec20fe50fc
type: Opaque
[root@k8s-master cicd]# echo MTIzNDU2 | base64 -d
123456
[root@k8s-master cicd]# echo cm9vdA== | base64 -d
root
参考创建方式:
vi mysql-auth.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysql-auth
stringData:
username: root
password: 13456
type: Opaque
kubectl apply -f mysql.config.yaml
这样,主机名、端口号、db、用户名、密码就都齐备了;
四,私有仓库认证
当需要登陆私服拉取镜像时,需要进行私有仓库的认证;
创建secret docker-registry:private-registry
备注:docker-registry 是关键字,代表私有镜像仓库认证
kubectl create secret docker-registry private-registry \
--docker-username=admin \
--docker-password=Wz@19880818 \
--docker-email=admin@example.org \
--docker-server=47.94.92.122:8082
// 实际操作
root[root@k8s-master cicd]# kubectl create secret docker-registry private-registry\
> --docker-username=admin \
> --docker-password=Wz@19880818 \
> --docker-email=admin@example.org \
> --docker-server=47.94.92.122:8082
secret/private-registry created
[root@k8s-master cicd]# kubectl get secret private-registry
NAME TYPE DATA AGE
private-registry kubernetes.io/dockerconfigjson 1 87s
[root@k8s-master cicd]# kubectl get secret private-registry -o yaml
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyI0Ny45NC45Mi4xMjI6ODA4MiI6eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJXekAxOTg4MDgxOCIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5vcmciLCJhdXRoIjoiWVdSdGFXNDZWM3BBTVRrNE9EQTRNVGc9In19fQ==
kind: Secret
metadata:
creationTimestamp: "2022-01-07T08:30:32Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:.dockerconfigjson: {}
f:type: {}
manager: kubectl-create
operation: Update
time: "2022-01-07T08:30:32Z"
name: private-registry
namespace: default
resourceVersion: "2065620"
uid: a0d963ea-4857-41e6-8240-6352e849d410
type: kubernetes.io/dockerconfigjson
[root@k8s-master cicd]# echo eyJhdXRocyI6eyI0Ny45NC45Mi4xMjI6ODA4MiI6eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJXekAxOTg4MDgxOCIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5vcmciLCJhdXRoIjoiWVdSdGFXNDZWM3BBTVRrNE9EQTRNVGc9In19fQ== | base64 -d
{"auths":{"47.94.92.122:8082":{"username":"admin","password":"Wz@19880818","email":"admin@example.org","auth":"YWRtaW46V3pAMTk4ODA4MTg="}}}
接下来,就可以部署后端服务了;
需要为后端后台服务创建 Deployment 部署对象 和 后端服务的 Service 服务对象;
五,结尾
本篇,介绍了部署后端之前,需要的配置信息准备;
下一篇,部署后端项目;