kubernetes部署go服务二
# 配置Dockerfile
# go服务
# 第一阶段:编译Go应用
FROM docker.cnb.cool/zzppjj/docker-images/golang:1.20-alpine AS builder
# 设置Go环境变量,使用国内代理
ENV GO111MODULE=on
ENV GOPROXY=https://goproxy.cn,direct
# 设置工作目录
WORKDIR /build
# 复制Go项目文件
COPY . .
# -mod=mod 允许补全 go.sum(仅下载 build 依赖,不含 test deps,无版本爆炸风险)
RUN go build -mod=mod -o xirang .
# 第二阶段:运行环境
FROM docker.cnb.cool/zzppjj/docker-images/alpine:latest
# 设置工作目录
WORKDIR /app
# 从builder阶段复制编译后的二进制文件
COPY /build/xirang .
# 复制配置文件
COPY config.yml .
COPY rbac_model.conf .
COPY xirang-priv.pem .
COPY xirang-pub.pem .
# 暴露端口
EXPOSE 8888
# 设置启动命令
CMD ["./xirang", "-c", "config.yml"]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# web前端
FROM docker.cnb.cool/zzppjj/docker-images/node:14.18 AS builder
RUN mkdir /app
ADD . /app/
WORKDIR /app
RUN git config --global url."https://".insteadOf git:// \
&& sed -i s#localhost:8888#xirang.zzppjj.top#g .env.development \
&& sed -i s#localhost:8888#xirang.zzppjj.top#g .env.production \
&& npm install --registry=http://registry.npmmirror.com \
&& yarn build:prod
FROM docker.cnb.cool/zzppjj/docker-images/nginx:alpine
# 安装 netcat 或 telnet(这里以 netcat 为例)
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
&& apk update \
&& apk add --no-cache netcat-openbsd
COPY /app/dist /usr/share/nginx/html
CMD nginx -g "daemon off;"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# 配置流水线gitlabci
# go的流水线
variables:
IMAGE_NAME: "docker.cnb.cool/zzppjj/docker-images/xirang"
IMAGE_TAG: "$CI_COMMIT_SHORT_SHA"
CONFIG_REPO: "git@192.168.51.50:root/argo-demo.git"
stages:
- build
- scanner
- deploy
build:
stage: build
tags:
- linux-shell
image: docker:24.0
services:
- docker.cnb.cool/zzppjj/docker-images/docker:24.0-dind
script:
- docker login -u cnb docker.cnb.cool -p 01d21Lwxp6gMZBcf0o7BnPeaNgM
- docker build -t $IMAGE_NAME:$IMAGE_TAG .
- docker push $IMAGE_NAME:$IMAGE_TAG
only:
- main
scanner-job: # This job runs in the build stage, which runs first.
tags:
- linux-shell
stage: scanner
script:
- trivy image --server http://192.168.51.50:4954 --severity HIGH,CRITICAL $IMAGE_NAME:$IMAGE_TAG
update-manifests:
tags:
- linux-shell
stage: deploy
needs: ["build"]
script:
# 1. 删掉了 apk add --no-cache git openssh-client (因为宿主机已经装好了)
- git config --global user.email "ci@gitlab.com"
- git config --global user.name "GitLab CI"
- git clone $CONFIG_REPO
- cd argo-demo
- cd go/xirang
- |
find . -type f \( -name "*.yaml" -o -name "*.yml" \) | xargs sed -i "s|image: .*xirang:[^[:space:]]*|image: $IMAGE_NAME:$IMAGE_TAG|g"
- git add .
- |
git diff --cached --quiet || git commit -m "chore: update image $IMAGE_NAME to $IMAGE_TAG [skip ci]"
- git push origin main
only:
- main
environment: production
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# web端
variables:
IMAGE_NAME: "docker.cnb.cool/zzppjj/docker-images/xirang-ui"
IMAGE_TAG: "$CI_COMMIT_SHORT_SHA"
CONFIG_REPO: "git@192.168.51.50:root/argo-demo.git"
stages:
- build
- scanner
- deploy
build:
stage: build
tags:
- linux-shell
image: docker:24.0
services:
- docker.cnb.cool/zzppjj/docker-images/docker:24.0-dind
script:
- docker login -u cnb docker.cnb.cool -p 01d21Lwxp6gMZBcf0o7BnPeaNgM
- docker build -t $IMAGE_NAME:$IMAGE_TAG .
- docker push $IMAGE_NAME:$IMAGE_TAG
only:
- main
scanner-job: # This job runs in the build stage, which runs first.
tags:
- linux-shell
stage: scanner
script:
- trivy image --server http://192.168.51.50:4954 --severity HIGH,CRITICAL $IMAGE_NAME:$IMAGE_TAG
update-manifests:
tags:
- linux-shell
stage: deploy
needs: ["build"]
script:
# 1. 删掉了 apk add --no-cache git openssh-client (因为宿主机已经装好了)
- git config --global user.email "ci@gitlab.com"
- git config --global user.name "GitLab CI"
- git clone $CONFIG_REPO
- cd argo-demo
- cd go/xirang
- |
find . -type f \( -name "*.yaml" -o -name "*.yml" \) | xargs sed -i "s|image: .*xirang-ui:[^[:space:]]*|image: $IMAGE_NAME:$IMAGE_TAG|g"
- git add .
- |
git diff --cached --quiet || git commit -m "chore: update image $IMAGE_NAME to $IMAGE_TAG [skip ci]"
- git push origin main
only:
- main
environment: production
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# 部署kubernetes配置清单
[root@localhost xirang]# cat cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config-files
namespace: apply02
data:
config.yml: |
system:
mode: debug
url-path-prefix: api
port: 8888
init-data: true
rsa-public-key: xirang-pub.pem
rsa-private-key: xirang-priv.pem
logs:
level: -1
path: logs
max-size: 50
max-backups: 100
max-age: 30
compress: false
database:
driver: mysql
source: xirang.db
mysql:
username: root
password: 2023W#@qGhsd
database: xirang
host: 192.168.51.51
port: 13306
query: parseTime=True&loc=Local&timeout=10000ms
log-mode: true
table-prefix: tb
charset: utf8mb4
collation: utf8mb4_general_ci
casbin:
model-path: 'rbac_model.conf'
jwt:
realm: test jwt
key: secret key
timeout: 12000
max-refresh: 12000
rate-limit:
fill-interval: 50
capacity: 200
jaeger:
enable: true
service-name: xirang
service-version: 1.0.0
collector-endpoint: jaeger.observability.svc.cluster.local:4318
[root@localhost xirang]# cat svc.yaml
apiVersion: v1
kind: Service
metadata:
name: go-service
namespace: apply02
spec:
selector:
app: go-app
ports:
- protocol: TCP
port: 8888
targetPort: 8888
type: ClusterIP
[root@localhost xirang]# cat deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: go-deployment
namespace: apply02
labels:
app: go-app
spec:
replicas: 3
selector:
matchLabels:
app: go-app
template:
metadata:
labels:
app: go-app
spec:
containers:
- name: go
image: docker.cnb.cool/zzppjj/docker-images/xirang:4ec66e04
ports:
- containerPort: 8888
args:
["sh", "-c", "./xirang -c config.yml"]
volumeMounts:
- name: app-config
mountPath: /app/config.yml
subPath: config.yml
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
volumes:
- name: app-config
configMap:
name: app-config-files
items:
- key: config.yml
path: config.yml
[root@localhost xirang]# cat deploy-web.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: my.conf
namespace: apply02
data:
my.conf: |
server {
listen 10480;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /usr/share/nginx/html;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://go-service:8888; # 设置代理服务器的协议和地址
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: xirang-ui
labels:
app: xirang-ui
namespace: apply02
spec:
replicas: 1
selector:
matchLabels:
app: xirang-ui
template:
metadata:
labels:
app: xirang-ui
spec:
containers:
- name: xirang-ui-container
image: docker.cnb.cool/zzppjj/docker-images/xirang-ui:c12eca37 # 如果使用具体版本请修改 tag
ports:
- containerPort: 10480
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "200m"
volumeMounts:
- mountPath: /etc/nginx/conf.d/
name: nginx-config
livenessProbe:
httpGet:
path: /
port: 10480
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /
port: 10480
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: nginx-config
configMap:
name: my.conf
---
apiVersion: v1
kind: Service
metadata:
name: xirang-ui-service
namespace: apply02
spec:
type: ClusterIP # 如果使用云服务商,会创建外部负载均衡器
selector:
app: xirang-ui
ports:
- protocol: TCP
port: 80 # 外部访问端口
targetPort: 10480 # 容器端口
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
上次更新: 2026/06/07, 07:08:16
|