# Kubernetes 部署配置文件 # 用于从私有 Harbor 仓库拉取 NGINX 镜像并部署 # # 使用方法: # 1. 设置环境变量: # export HARBOR_REGISTRY=<你的Harbor仓库地址> # export HARBOR_USERNAME= # export HARBOR_PASSWORD= # export NGINX_IMAGE_TAG=<镜像标签> # # 2. 运行部署脚本: # ./deploy.sh # # 或者手动执行: # 1. kubectl create secret docker-registry harbor-registry-secret \ # --docker-server=$HARBOR_REGISTRY \ # --docker-username=$HARBOR_USERNAME \ # --docker-password=$HARBOR_PASSWORD # 2. kubectl apply -f nginx-deployment.yaml --- # 1. 私有仓库访问凭据 Secret (通过脚本自动创建) # 如果需要手动创建,请使用以下命令: # kubectl create secret docker-registry harbor-registry-secret \ # --docker-server= \ # --docker-username= \ # --docker-password= --- # 1. ConfigMap - NGINX 配置 apiVersion: v1 kind: ConfigMap metadata: name: nginx-config namespace: default data: nginx.conf: | user nginx; worker_processes auto; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /usr/local/nginx/conf/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; location / { root /usr/local/nginx/html; index index.html index.htm; } # 健康检查端点 location /health { return 200 'ok'; add_header Content-Type text/plain; } } } --- # 3. Deployment - NGINX 应用部署 apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment namespace: default labels: app: nginx version: v1 spec: replicas: 3 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: nginx template: metadata: labels: app: nginx version: v1 spec: # 使用私有仓库凭据 imagePullSecrets: - name: harbor-registry-secret # 安全上下文 securityContext: runAsNonRoot: true runAsUser: 65534 fsGroup: 65534 containers: - name: nginx # 使用私有仓库中的镜像(需要根据实际情况修改) image: ${HARBOR_REGISTRY}/test/nginx:latest imagePullPolicy: Always ports: - name: http containerPort: 80 protocol: TCP # 环境变量 env: - name: TZ value: "Asia/Shanghai" # 资源限制 resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "128Mi" cpu: "200m" # 健康检查 livenessProbe: httpGet: path: /health port: 80 initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: /health port: 80 initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 3 # 启动探针 startupProbe: httpGet: path: /health port: 80 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 5 # 挂载配置文件 volumeMounts: - name: nginx-config-volume mountPath: /etc/nginx/nginx.conf subPath: nginx.conf readOnly: true - name: nginx-cache mountPath: /var/cache/nginx - name: nginx-run mountPath: /var/run volumes: - name: nginx-config-volume configMap: name: nginx-config defaultMode: 0644 - name: nginx-cache emptyDir: {} - name: nginx-run emptyDir: {} # 节点选择器(可选) nodeSelector: kubernetes.io/os: linux # 容忍度(可选) tolerations: - key: "node.kubernetes.io/not-ready" operator: "Exists" effect: "NoExecute" tolerationSeconds: 300 - key: "node.kubernetes.io/unreachable" operator: "Exists" effect: "NoExecute" tolerationSeconds: 300 --- # 4. Service - 服务暴露 apiVersion: v1 kind: Service metadata: name: nginx-service namespace: default labels: app: nginx spec: type: ClusterIP ports: - name: http port: 80 targetPort: 80 protocol: TCP selector: app: nginx --- # 5. HorizontalPodAutoscaler - 自动扩缩容 apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: nginx-hpa namespace: default spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: nginx-deployment minReplicas: 2 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 70 - type: Resource resource: name: memory target: type: Utilization averageUtilization: 80 behavior: scaleDown: stabilizationWindowSeconds: 300 policies: - type: Percent value: 50 periodSeconds: 60 scaleUp: stabilizationWindowSeconds: 60 policies: - type: Percent value: 100 periodSeconds: 15 --- # 6. PodDisruptionBudget - Pod 中断预算 apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: nginx-pdb namespace: default spec: minAvailable: 1 selector: matchLabels: app: nginx averageUtilization: 70 - type: Resource resource: name: memory target: type: Utilization averageUtilization: 80 behavior: scaleDown: stabilizationWindowSeconds: 300 policies: - type: Percent value: 50 periodSeconds: 60 scaleUp: stabilizationWindowSeconds: 60 policies: - type: Percent value: 100 periodSeconds: 15 --- # 6. PodDisruptionBudget - Pod 中断预算 apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: nginx-pdb namespace: default spec: minAvailable: 1 selector: matchLabels: app: nginx