gitea_admin/nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nginx/k8s/nginx-deployment.yaml
huangzhiqiang 8662280849
Some checks failed
Build NGINX on Ubuntu / build-and-push (push) Successful in 1m1s
Details
Build NGINX on Ubuntu / deploy-to-kubernetes (push) Has been cancelled
Details
更新nginx yaml
2025-06-09 18:34:13 +08:00

284 lines
7.0 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Kubernetes 部署配置文件
# 用于从私有 Harbor 仓库拉取 NGINX 镜像并部署
#
# 使用方法:
# 1. 设置环境变量:
# export HARBOR_REGISTRY=<你的Harbor仓库地址>
# export HARBOR_USERNAME=<Harbor用户名>
# export HARBOR_PASSWORD=<Harbor密码>
# export NGINX_IMAGE_TAG=<镜像标签>
#
# 2. 运行部署脚本:
# ./deploy.sh
---
# 1. ConfigMap - NGINX 配置
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
namespace: default
data:
nginx.conf: |
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
server {
listen 8080; # 修改为非特权端口
server_name localhost;
location / {
root /usr/local/nginx/html;
index index.html index.htm;
}
# 健康检查端点
location /health {
return 200 'ok';
add_header Content-Type text/plain;
}
}
}
---
# 2. Deployment - NGINX 应用部署
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: default
labels:
app: nginx
version: v1
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
version: v1
spec:
# 使用私有仓库凭据
imagePullSecrets:
- name: harbor-registry-secret
# 安全上下文
securityContext:
runAsNonRoot: true
runAsUser: 65534
fsGroup: 65534
# 添加初始化容器来设置日志目录权限
initContainers:
- name: init-nginx-logs
image: busybox
command: ["/bin/sh", "-c"]
args:
- mkdir -p /usr/local/nginx/logs;
chmod 777 /usr/local/nginx/logs;
touch /usr/local/nginx/logs/error.log /usr/local/nginx/logs/access.log;
chmod 666 /usr/local/nginx/logs/error.log /usr/local/nginx/logs/access.log;
volumeMounts:
- name: nginx-logs
mountPath: /usr/local/nginx/logs
containers:
- name: nginx
# 使用私有仓库中的镜像(需要根据实际情况修改)
image: $HARBOR_REGISTRY/test/nginx:$NGINX_IMAGE_TAG
imagePullPolicy: Always
# 添加明确的启动命令,确保使用正确的配置文件
command: ["/usr/local/nginx/sbin/nginx"]
args: ["-c", "/etc/nginx/nginx.conf", "-g", "daemon off;"]
ports:
- name: http
containerPort: 8080
protocol: TCP
# 环境变量
env:
- name: TZ
value: "Asia/Shanghai"
# 资源限制
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "200m"
# 健康检查
livenessProbe:
httpGet:
path: /health
port: 8080 # 修改端口
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 8080 # 修改端口
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
# 启动探针
startupProbe:
httpGet:
path: /health
port: 8080 # 修改端口
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
# 挂载配置文件 - 修改挂载方式
volumeMounts:
- name: nginx-config-volume
mountPath: /etc/nginx # 修改为目录挂载而非文件挂载
- name: nginx-cache
mountPath: /var/cache/nginx
- name: nginx-run
mountPath: /var/run
# 添加日志目录挂载
- name: nginx-logs
mountPath: /usr/local/nginx/logs
volumes:
- name: nginx-config-volume
configMap:
name: nginx-config
defaultMode: 0644
- name: nginx-cache
emptyDir: {}
- name: nginx-run
emptyDir: {}
# 添加日志目录卷
- name: nginx-logs
emptyDir: {}
# 节点选择器(可选)
nodeSelector:
kubernetes.io/os: linux
# 容忍度(可选)
tolerations:
- key: "node.kubernetes.io/not-ready"
operator: "Exists"
effect: "NoExecute"
tolerationSeconds: 300
- key: "node.kubernetes.io/unreachable"
operator: "Exists"
effect: "NoExecute"
tolerationSeconds: 300
---
# 3. Service - 服务暴露
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: default
labels:
app: nginx
spec:
type: NodePort # 修改为NodePort类型
ports:
- name: http
port: 8080 # 集群内部访问端口
targetPort: 8080 # 容器端口
nodePort: 32020 # 主机端口必须在30000-32767范围内
protocol: TCP
selector:
app: nginx
---
# 4. HorizontalPodAutoscaler - 自动扩缩容
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: nginx-hpa
namespace: default
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: nginx-deployment
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
behavior:
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 50
periodSeconds: 60
scaleUp:
stabilizationWindowSeconds: 60
policies:
- type: Percent
value: 100
periodSeconds: 15
---
# 5. PodDisruptionBudget - Pod 中断预算
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: nginx-pdb
namespace: default
spec:
minAvailable: 1
selector:
matchLabels:
app: nginx
Reference in New Issue View Git Blame Copy Permalink