基于Kubernetes部署Owncloud个人网盘
案例分析
1. 规划节点
节点规划,见表1。
表1 节点规划
| IP | 主机名 | 节点 |
|---|---|---|
| 192.168.100.3 | master | k8s-master-node1 |
| 192.168.100.4 | node | k8s-worker-node1 |
2. 基础准备
(1)导入软件包
[root@master ~]# nerdctl -n k8s.io load -i owncloud.tar.gz
查看集群状态:
[root@k8s-master-node1 ~]# kubectl cluster-info
Kubernetes control plane is running at https://apiserver.cluster.local:6443
CoreDNS is running at https://apiserver.cluster.local:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxyTo further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
3. 部署owncloud
Kubernete环境已安装完成,ownCloud 是一个开源免费专业的私有云存储项目,它能帮你快速在个人电脑或服务器上架设一套专属的私有云文件同步网盘,可以像百度云那样实现文件跨平台同步、共享、版本控制、团队协作等。
(1)创建 PV 和 PVC
编写 yaml 文件(文件名自定义)创建 PV 和 PVC 来提供持久化存储,以便保存 ownCloud 服务中的文件和数据。
要求:PV(访问模式为读写,只能被单个节点挂载;存储为 5Gi;存储类型为 hostPath,存储路径自定义) PVC(访问模式为读写,只能被单个节点挂载;申请存储空间大小为 5Gi)
创建 PV (owncloud-pv.yaml)
[root@master ~]# vim owncloud-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:name: owncloud-pv
spec:accessModes:- ReadWriteOncecapacity:storage: 5GihostPath:path: /opt/owncloudpersistentVolumeReclaimPolicy: Retain
创建 PVC (owncloud-pvc.yaml)
[root@master ~]# vim owncloud-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: owncloud-pvc
spec:accessModes:- ReadWriteOnceresources:requests:storage: 5Gi
应用 PV 和 PVC
[root@master ~]# kubectl apply -f owncloud-pv.yaml
[root@master ~]# kubectl apply -f owncloud-pvc.yaml
验证 PV 和 PVC
[root@master ~]# kubectl get pv,pvc
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
persistentvolume/owncloud-pv 5Gi RWO Retain Bound default/owncloud-pvc 22mNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
persistentvolumeclaim/owncloud-pvc Bound owncloud-pv 5Gi RWO 22m
(2)配置 ConfigMap
编写 yaml 文件(文件名自定义)创建一个 configMap 对象,指定 OwnCloud 的环境变量。登录账号对应的环境变量为OWNCLOUD_ADMIN_USERNAME,密码对应的环境变量为OWNCLOUD_ADMIN_PASSWORD。
创建 ConfigMap (owncloud-configmap.yaml)
[root@master ~]# vim owncloud-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: owncloud-configmap
data:OWNCLOUD_ADMIN_USERNAME: rootOWNCLOUD_ADMIN_PASSWORD: root
应用 ConfigMap
[root@master ~]# kubectl apply -f owncloud-configmap.yaml
验证 ConfigMap
[root@master ~]# kubectl get configmap
NAME DATA AGE
kube-root-ca.crt 1 3h45m
owncloud-configmap 2 22m
(3)创建 Secret
编写 yaml 文件(文件名自定义)创建一个 Secret 对象,以保存 OwnCloud 数据库的密码。对原始密码采用 base64 编码格式进行加密。
创建 Secret (owncloud-secret.yaml)
首先,将数据库密码进行 base64 编码:
[root@master ~]# echo -n 'owncloud-db' | base64
将编码后的密码替换到下面的 OWNCLOUD_DB_PASSWORD 中:
[root@master ~]# vim owncloud-secret.yaml
apiVersion: v1
kind: Secret
metadata:name: owncloud-secret
type: Opaque
data:OWNCLOUD_DB_PASSWORD: b3duY2xvdWQtZGI=
应用 Secret
[root@master ~]# kubectl apply -f owncloud-secret.yaml
验证 Secret
[root@master ~]# kubectl get secret
NAME TYPE DATA AGE
owncloud-secret Opaque 1 20m
(4)部署 Deployment
编写 yaml 文件(文件名自定义) 创建 Deployment 对象, 指定 OwnCloud 的容器和相关的环境变量。(Deployment 资源命名为 owncloud-deployment,镜像为 Harbor 仓库中的 owncloud:latest,存储的挂载路径为/var/www/html,其它根据具体情况进行配置) 。
创建 Deployment (owncloud-deployment.yaml)
[root@master ~]# vim owncloud-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: owncloud-deploylabels:app: owncloud-deploy
spec:replicas: 1selector:matchLabels:app: owncloud-deploytemplate:metadata:labels:app: owncloud-deployspec:volumes:- name: owncloud-datapersistentVolumeClaim:claimName: owncloud-pvccontainers:- image: owncloud:latestimagePullPolicy: IfNotPresentname: owncloudports:- name: owncloudcontainerPort: 80volumeMounts:- name: owncloud-datamountPath: /var/www/htmlenv:- name: OWNCLOUD_ADMIN_USERNAME # 自定义环境变量名称valueFrom:configMapKeyRef:name: owncloud-configmapkey: OWNCLOUD_ADMIN_USERNAME- name: OWNCLOUD_ADMIN_PASSWORD # 自定义环境变量名称valueFrom:configMapKeyRef:name: owncloud-configmap key: OWNCLOUD_ADMIN_PASSWORD- name: owncloud-mysqlimage: mysql:5.7.44imagePullPolicy: IfNotPresentports:- name: owncloud-mysqlcontainerPort: 3306env:- name: MYSQL_ROOT_PASSWORD # 必须这样写根据Docker安装的方法valueFrom:secretKeyRef:name: owncloud-secretkey: OWNCLOUD_DB_PASSWORD
应用 Deployment
[root@master ~]# kubectl apply -f owncloud-deployment.yaml
验证 Pod
[root@master ~]# kubectl get deployments.apps
NAME READY UP-TO-DATE AVAILABLE AGE
owncloud 1/1 1 1 16m
(5)创建 Service
编写 yaml 文件(文件名自定义)创建一个 Service 对象将 OwnCloud 公开到集群外部。通过 http://IP:端口号可查看 owncloud。
创建 Service (owncloud-service.yaml)
[root@master ~]# vim owncloud-service.yaml
apiVersion: v1
kind: Service
metadata:name: owncloud-service
spec:type: NodePortselector:app: owncloud-deployports:- protocol: TCPport: 80targetPort: 80nodePort: 30080 # 可以自定义端口范围: 30000-32767
应用 Service
[root@master ~]# kubectl apply -f owncloud-service.yaml
验证 Service
[root@master ~]# kubectl get svc
AME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 14h
owncloud-service NodePort 10.96.148.104 <none> 80:30088/TCP 45m
(6)浏览器访问测试
主机名填写 Pod 的 IP地址
MySQL使用Pod的IP地址
[root@master ~]# kubectl exec -it owncloud-deploy-6688885568-srbq5 -c owncloud -- /bin/bash
root@owncloud-deploy-6688885568-srbq5:/var/www/html# cat config/config.php
<?php
$CONFIG = array ('instanceid' => 'ock6bkczdqqg','passwordsalt' => '7GqUHkyIKEvXVD4SGUlHCs/ikdR3X5','secret' => 'AsMJbVLmk1wDorsaf3wLmWIE0JTja9VcrdWo5osydtb2Cwpw','trusted_domains' => array (0 => '192.168.100.3:30088',),'datadirectory' => '/var/www/html/data','overwrite.cli.url' => 'http://192.168.100.3:30088','dbtype' => 'mysql','version' => '10.0.10.4','dbname' => 'owncloud','dbhost' => '10.244.0.42','dbtableprefix' => 'oc_','mysql.utf8mb4' => true,'dbuser' => 'oc_root','dbpassword' => 'h1i8vZPDk3GODC/NEyU25VKlb2cAtD','logtimezone' => 'UTC','installed' => true,
);
查看数据库和表
[root@master ~]# kubectl exec -it owncloud-deploy-6688885568-srbq5 -c owncloud-mysql -- /bin/bash
bash-4.2# mysql -uroot -powncloud-db
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 25
Server version: 5.7.44 MySQL Community Server (GPL)Copyright (c) 2000, 2023, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| owncloud |
| performance_schema |
| sys |
+--------------------+
5 rows in set (0.00 sec)mysql> use owncloud;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -ADatabase changed
mysql> show tables;
+-----------------------------+
| Tables_in_owncloud |
+-----------------------------+
| oc_account_terms |
| oc_accounts |
| oc_addressbookchanges |
| oc_addressbooks |
| oc_appconfig |
| oc_authtoken |
| oc_calendarchanges |
| oc_calendarobjects |
| oc_calendars |
| oc_calendarsubscriptions |
| oc_cards |
| oc_cards_properties |
| oc_comments |
| oc_comments_read_markers |
| oc_credentials |
| oc_dav_job_status |
| oc_dav_properties |
| oc_dav_shares |
| oc_external_applicable |
| oc_external_config |
| oc_external_mounts |
| oc_external_options |
| oc_federated_reshares |
| oc_file_locks |
| oc_filecache |
| oc_files_trash |
| oc_group_admin |
| oc_group_user |
| oc_groups |
| oc_jobs |
| oc_migrations |
| oc_mimetypes |
| oc_mounts |
| oc_notifications |
| oc_preferences |
| oc_privatedata |
| oc_properties |
| oc_schedulingobjects |
| oc_share |
| oc_share_external |
| oc_storages |
| oc_systemtag |
| oc_systemtag_group |
| oc_systemtag_object_mapping |
| oc_trusted_servers |
| oc_users |
| oc_vcategory |
| oc_vcategory_to_object |
+-----------------------------+
48 rows in set (0.00 sec)
(7)部署 Ingress 访问
[root@master ~]# vim owncloud-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: owncloud-ingress-http # Ingress 资源的名称namespace: default # 所在的命名空间
spec:ingressClassName: nginxrules:- host: gxl.owncloud.com # 使用 gxl.owncloud.com 作为域名http:paths:- path: / # 匹配路径为 /pathType: Prefix # 使用 Prefix 匹配策略backend:service:name: owncloud-service # 后端的服务名称,指向 owncloud 服务port:number: 80 # 后端的服务端口
应用 Ingress
[root@master ~]# kubectl apply -f owncloud-service.yaml
验证 Ingress
[root@master ~]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
owncloud-ingress-http nginx gxl.owncloud.com 80 2s
在Windows下配置hosts解析
C:\Windows\System32\drivers\etc\hosts
# 添加集群IP地址和域名,保存退出
192.168.100.3 gxl.owncloud.com
使用Ingress域名访问
默认情况下,OwnCloud 会限制只允许通过 trusted_domains 配置中的域名来访问。
通过将域名 gxl.owncloud.com 添加到 trusted_domains 中,OwnCloud 允许通过该域名访问实例。
[root@master ~]# cat /opt/owncloud/config/config.php
<?php
$CONFIG = array ('instanceid' => 'ock6bkczdqqg','passwordsalt' => '7GqUHkyIKEvXVD4SGUlHCs/ikdR3X5','secret' => 'AsMJbVLmk1wDorsaf3wLmWIE0JTja9VcrdWo5osydtb2Cwpw','trusted_domains' => array (0 => '192.168.100.3:30088',1 => 'gxl.owncloud.com', // 添加你的自定义域名),'datadirectory' => '/var/www/html/data','overwrite.cli.url' => 'http://192.168.100.3:30088','dbtype' => 'mysql','version' => '10.0.10.4','dbname' => 'owncloud','dbhost' => '10.244.0.42','dbtableprefix' => 'oc_','mysql.utf8mb4' => true,'dbuser' => 'oc_root','dbpassword' => 'h1i8vZPDk3GODC/NEyU25VKlb2cAtD','logtimezone' => 'UTC','installed' => true,
);
)
