nginx容器化部署

1.创建挂载目录

mkdir -p /data/nginx/log

2.准备配置文件

2.1 准备证书

内置一份主机IP的证书，如果使用域名方式，使用客户提供的证书文件替换。

ls /data/nginx/*.pem
cert.pem key.pem

2.2 准备nginx.conf

如需增减服务，修改server段

cat /data/nginx/nginx.conf

user root;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 2000;
}

http {
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	gzip on;

        map $http_upgrade $connection_upgrade {
		default upgrade;
		'' close;
        }
server {
    listen       81 ssl;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_certificate      /etc/nginx/cert.pem;
    ssl_certificate_key  /etc/nginx/key.pem;

    server_name  _;
    access_log  /var/log/nginx/test1.access.log;
    error_log   /var/log/nginx/test1.error.log;

    location /healthz {
    access_log off;
    return 200;
    }

location  / {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://127.0.0.1:30005;
    }
}

server {
    listen       82 ssl;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_certificate      /etc/nginx/cert.pem;
    ssl_certificate_key  /etc/nginx/key.pem;

    server_name  _;
    access_log  /var/log/nginx/test2.access.log;
    error_log   /var/log/nginx/test2.error.log;

    location /healthz {
    access_log off;
    return 200;
    }
location  / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://127.0.0.1:30006;
    }
}
#	include /etc/nginx/*.conf;
}

3.通过yaml创建

3.1 准备yaml文件

cat nginx.yaml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.18.0
        ports:
        - containerPort: 80
          name: nginx
        - containerPort: 81
          name: test1
        - containerPort: 82
          name: test2
        volumeMounts:
        - name: conf
          mountPath: /etc/nginx/nginx.conf
        - name: cert
          mountPath: /etc/nginx/cert.pem
        - name: key
          mountPath: /etc/nginx/key.pem
        - name: log
          mountPath: /var/log/nginx
      volumes:
      - name: conf
        hostPath:
          path: /data/nginx/nginx.conf
      - name: cert
        hostPath:
          path: /data/nginx/cert.pem
      - name: key
        hostPath:
          path: /data/nginx/key.pem
      - name: log
        hostPath:
          path: /data/nginx/log
          type: Directory
---
apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  ports:
    - port: 81
      targetPort: 81
      name: test1
      nodePort: 32081
    - port: 82
      targetPort: 82
      name: test2
      nodePort: 32082
  type: NodePort
  selector:
    app: nginx

3.2 执行命令创建

kubectl apply -f nginx.yaml