在設定完k8s之後,接下來就要加入服務了
基礎知識
k8s
主要會有以下幾個服務
- devlopment
- service
- 負責 port forward的,把
hexo的4000port
轉到80port
- 當然你也可以直接在這理設定
externalIPs,但就要自己處理SSL了
- ingress
- 可以簡單的達成
Virtuls Host
- 和
cert-manager合作可以自己簽ssl自己更新
- cert-manager
- metallb
- 負責分配
IP給Ingress
IPAddressPool:IPL2Advertisement:要宣告這個metallb底下的speaker才會送ARP封包
各個服務的YAML
development
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| apiVersion: apps/v1
kind: Deployment
metadata:
name: hexo-deployment
spec:
replicas: 3
selector:
matchLabels:
app: hexo
template:
metadata:
labels:
app: hexo
spec:
containers:
- name: hexo
image: william950615/my-hexo:latest
ports:
- containerPort: 4000
|
service
1
2
3
4
5
6
7
8
9
10
11
| apiVersion: v1
kind: Service
metadata:
name: hexo-service
spec:
selector:
app: hexo
ports:
- protocol: TCP
port: 80
targetPort: 4000
|
ingress
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hexo-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- test.driseam.com
secretName: test-driseam-com-tls
- hosts:
- blog.driseam.com
secretName: blog-driseam-com-tls
rules:
- host: test.driseam.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hexo-service
port:
number: 80
- host: blog.driseam.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hexo-service
port:
number: 80
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
- 140.113.168.153/32
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: example
namespace: metallb-system
spec:
ipAddressPools:
- first-pool
|
cert-manager
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
| apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: william950615@gmail.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: test-driseam.com-cert
spec:
secretName: test-driseam-com-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- test.driseam.com
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: blog-driseam.com-cert
spec:
secretName: blog-driseam-com-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- blog.driseam.com
|
Dockerfile
為了方便,所以也把docker build寫成shell script了
## install.sh 這個等等在Dockerfile裡面會用到
1
2
3
4
5
6
7
8
9
10
11
| #!/bin/sh
git clone https://github.com/theme-next/hexo-theme-next themes/next
cp my_next_config.yml themes/next/_config.yml
npm uninstall hexo-renderer-marked
npm install hexo-renderer-pandoc
# sitemap
npm install hexo-generator-sitemap --save
|
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| FROM node:18-alpine
RUN apk add git pandoc && \
npm install -g hexo-cli
WORKDIR /app
COPY package.json _config.yml install.sh my_next_config.yml /app
RUN sh install.sh
ADD source /app/source
RUN npx hexo generate
EXPOSE 4000
CMD ["npx" , "hexo", "server", "--port", "4000", "--bind", "0.0.0.0"]
|
Shell script
1
2
3
4
5
6
7
8
9
| DOCKER_IMAGE_REPO=william950615
DOCKER_IMAGE_NAME=my-hexo
DOCKER_IMAGE_VERSION=$(cat ./image-version)
DOCKER_IMAGE_TAG=$DOCKER_IMAGE_REPO/$DOCKER_IMAGE_NAME:$DOCKER_IMAGE_VERSION
DOCKER_LATEST_TAG=$DOCKER_IMAGE_REPO/$DOCKER_IMAGE_NAME:latest
echo $DOCKER_IMAGE_TAG
docker buildx build --platform linux/amd64 -t $DOCKER_IMAGE_TAG . --push
docker tag $DOCKER_IMAGE_TAG $DOCKER_LATEST_TAG
docker push $DOCKER_LATEST_TAG
|