Jeecgboot Cloud 容器化部署文档
一、环境准备
1.1 服务器配置
| 服务器角色 | 数量 | CPU | 内存 | 磁盘 | 操作系统 |
|---|---|---|---|---|---|
| 主控节点 | 1 | 4核 | 8GB | 100GB | CentOS 7.9+ |
| 工作节点 | 3 | 8核 | 16GB | 200GB | CentOS 7.9+ |
1.2 软件安装
# 1. 安装 Docker CE
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io
# 2. 配置 Docker 镜像加速
mkdir -p /etc/docker
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
# 3. 启动并设置开机自启
systemctl enable --now docker
# 4. 安装 kubectl
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x ./kubectl
mv ./kubectl /usr/local/bin/kubectl
# 5. 安装 Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
二、Kubernetes 集群部署
2.1 初始化主控节点
# 关闭防火墙和 SELinux
systemctl disable --now firewalld
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
# 关闭交换空间
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
# 设置系统参数
cat > /etc/modules-load.d/k8s.conf <<EOF
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sysctl --system
# 添加 Kubernetes 仓库
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.27/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.27/rpm/repodata/repomd.xml.key
EOF
# 安装 kubelet、kubeadm 和 kubelet
yum install -y kubelet kubeadm kubectl
systemctl enable --now kubelet
# 初始化集群
kubeadm init --pod-network-cidr=192.168.0.0/16 --kubernetes-version=1.27.0
# 配置 kubectl
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
# 安装网络插件(Calico)
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
2.2 加入工作节点
在主控节点执行以下命令获取加入令牌:
kubeadm token create --print-join-command
在工作节点执行上述命令输出的结果,例如:
kubeadm join 192.168.1.100:6443 --token abcdef.1234567890abcdef \
--discovery-token-ca-cert-hash sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
三、基础设施组件部署
3.1 存储配置
# 创建本地存储类
cat > local-storage-class.yaml <<EOF
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
EOF
kubectl apply -f local-storage-class.yaml
# 创建 PV 和 PVC(示例)
cat > local-pv.yaml <<EOF
apiVersion: v1
kind: PersistentVolume
metadata:
name: local-pv
spec:
capacity:
storage: 100Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage
local:
path: /data/volumes
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- worker-node-1
EOF
kubectl apply -f local-pv.yaml
cat > local-pvc.yaml <<EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: local-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: local-storage
EOF
kubectl apply -f local-pvc.yaml
3.2 数据库部署
# 创建 MySQL 部署
cat > mysql-deployment.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:8.0
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secret
key: root-password
- name: MYSQL_DATABASE
value: jeecg-boot
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: local-pvc
---
apiVersion: v1
kind: Service
metadata:
name: mysql
spec:
selector:
app: mysql
ports:
- protocol: TCP
port: 3306
targetPort: 3306
EOF
# 创建数据库密码 Secret
kubectl create secret generic mysql-secret --from-literal=root-password=your-root-password
# 部署 MySQL
kubectl apply -f mysql-deployment.yaml
3.3 Redis 部署
# 创建 Redis 部署
cat > redis-deployment.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:6.0
ports:
- containerPort: 6379
volumeMounts:
- name: redis-data
mountPath: /data
volumes:
- name: redis-data
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: redis
spec:
selector:
app: redis
ports:
- protocol: TCP
port: 6379
targetPort: 6379
EOF
# 部署 Redis
kubectl apply -f redis-deployment.yaml
3.4 Nacos 部署
# 添加 Nacos Helm 仓库
helm repo add nacos https://nacos-group.github.io/nacos-k8s/
helm repo update
# 创建 Nacos 命名空间
kubectl create namespace nacos
# 部署 Nacos
helm install nacos nacos/nacos -n nacos \
--set mysql.external.enabled=true \
--set mysql.external.host=mysql \
--set mysql.external.port=3306 \
--set mysql.external.user=root \
--set mysql.external.password=your-root-password \
--set mysql.external.dbName=nacos_devtest
四、Jeecgboot Cloud 服务部署
4.1 构建微服务镜像
# 以 gateway 服务为例
cd jeecg-boot-module-system/jeecg-cloud-gateway
# 构建 Docker 镜像
docker build -t jeecg-cloud-gateway:v3.5.0 .
# 推送到镜像仓库
docker tag jeecg-cloud-gateway:v3.5.0 your-registry/jeecg-cloud-gateway:v3.5.0
docker push your-registry/jeecg-cloud-gateway:v3.5.0
4.2 创建微服务部署文件
# 创建 gateway 部署
cat > gateway-deployment.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: jeecg-cloud-gateway
namespace: jeecg
spec:
replicas: 2
selector:
matchLabels:
app: jeecg-cloud-gateway
template:
metadata:
labels:
app: jeecg-cloud-gateway
spec:
containers:
- name: gateway
image: your-registry/jeecg-cloud-gateway:v3.5.0
ports:
- containerPort: 9999
env:
- name: NACOS_SERVER_ADDR
value: "nacos.nacos.svc.cluster.local:8848"
- name: SPRING_REDIS_HOST
value: "redis"
- name: SPRING_REDIS_PORT
value: "6379"
- name: SPRING_DATASOURCE_URL
value: "jdbc:mysql://mysql:3306/jeecg-boot?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8"
- name: SPRING_DATASOURCE_USERNAME
valueFrom:
secretKeyRef:
name: mysql-secret
key: username
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secret
key: password
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "1024Mi"
cpu: "500m"
---
apiVersion: v1
kind: Service
metadata:
name: jeecg-cloud-gateway
namespace: jeecg
spec:
selector:
app: jeecg-cloud-gateway
ports:
- protocol: TCP
port: 80
targetPort: 9999
type: LoadBalancer
EOF
# 创建数据库访问凭证
kubectl create secret generic mysql-secret -n jeecg \
--from-literal=username=root \
--from-literal=password=your-root-password
# 部署 gateway
kubectl apply -f gateway-deployment.yaml
4.3 部署其他微服务
类似地,为每个微服务(如 system、demo、workflow 等)创建部署文件和服务定义,注意调整环境变量和资源请求。
五、前端部署
5.1 构建前端镜像
cd jeecg-boot-ui
# 构建前端项目
npm install
npm run build:prod
# 创建 Dockerfile
cat > Dockerfile <<EOF
FROM nginx:1.21.0
COPY dist/ /usr/share/nginx/html/
COPY nginx.conf /etc/nginx/conf.d/default.conf
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]
EOF
# 创建 Nginx 配置文件
cat > nginx.conf <<EOF
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
location / {
try_files \$uri \$uri/ /index.html;
}
location /jeecg-boot/ {
proxy_pass http://jeecg-cloud-gateway.jeecg.svc.cluster.local/;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
}
EOF
# 构建并推送镜像
docker build -t jeecg-boot-ui:v3.5.0 .
docker tag jeecg-boot-ui:v3.5.0 your-registry/jeecg-boot-ui:v3.5.0
docker push your-registry/jeecg-boot-ui:v3.5.0
5.2 部署前端应用
cat > jeecg-ui-deployment.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: jeecg-boot-ui
namespace: jeecg
spec:
replicas: 2
selector:
matchLabels:
app: jeecg-boot-ui
template:
metadata:
labels:
app: jeecg-boot-ui
spec:
containers:
- name: jeecg-ui
image: your-registry/jeecg-boot-ui:v3.5.0
ports:
- containerPort: 80
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "200m"
---
apiVersion: v1
kind: Service
metadata:
name: jeecg-boot-ui
namespace: jeecg
spec:
selector:
app: jeecg-boot-ui
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer
EOF
kubectl apply -f jeecg-ui-deployment.yaml
六、配置 Ingress
# 安装 Nginx Ingress Controller
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx -n ingress-nginx --create-namespace
# 创建 Jeecgboot Ingress
cat > jeecg-ingress.yaml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jeecg-ingress
namespace: jeecg
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /\$1
spec:
rules:
- host: jeecg.yourdomain.com
http:
paths:
- path: /(.*)
pathType: Prefix
backend:
service:
name: jeecg-boot-ui
port:
number: 80
EOF
kubectl apply -f jeecg-ingress.yaml
七、验证部署
# 检查所有 Pod 状态
kubectl get pods -n jeecg
# 检查服务状态
kubectl get services -n jeecg
# 检查 Ingress 状态
kubectl get ingress -n jeecg
# 访问应用
http://jeecg.yourdomain.com
八、故障排查
# 查看容器日志
kubectl logs <pod-name> -n jeecg
# 进入容器内部
kubectl exec -it <pod-name> -n jeecg -- /bin/bash
# 检查服务连通性
kubectl run curl --image=curlimages/curl -i --tty --rm
九、维护与扩展
9.1 自动扩缩容
# 为 gateway 服务配置 HPA
kubectl autoscale deployment jeecg-cloud-gateway -n jeecg --min=2 --max=5 --cpu-percent=70
9.2 滚动更新
# 更新 gateway 镜像
kubectl set image deployment/jeecg-cloud-gateway gateway=your-registry/jeecg-cloud-gateway:v3.5.1 -n jeecg
9.3 备份与恢复
# 备份 MySQL 数据库
kubectl exec -it <mysql-pod-name> -n jeecg -- mysqldump -u root -p jeecg-boot > jeecg-boot-backup.sql
# 恢复数据库
kubectl cp jeecg-boot-backup.sql <mysql-pod-name>:/tmp/ -n jeecg
kubectl exec -it <mysql-pod-name> -n jeecg -- mysql -u root -p jeecg-boot < /tmp/jeecg-boot-backup.sql
十、安全加固
10.1 网络策略
# 创建默认拒绝所有流量的网络策略
cat > default-deny.yaml <<EOF
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny
namespace: jeecg
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
EOF
kubectl apply -f default-deny.yaml
10.2 TLS 配置
# 创建 TLS Secret
kubectl create secret tls jeecg-tls --cert=path/to/cert.pem --key=path/to/key.pem -n jeecg
# 更新 Ingress 配置
cat > jeecg-ingress-tls.yaml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jeecg-ingress
namespace: jeecg
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /\$1
spec:
tls:
- hosts:
- jeecg.yourdomain.com
secretName: jeecg-tls
rules:
- host: jeecg.yourdomain.com
http:
paths:
- path: /(.*)
pathType: Prefix
backend:
service:
name: jeecg-boot-ui
port:
number: 80
EOF
kubectl apply -f jeecg-ingress-tls.yaml
十一、监控与日志
11.1 Prometheus & Grafana
# 安装 Prometheus Operator
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install prometheus prometheus-community/kube-prometheus-stack -n monitoring --create-namespace
# 配置应用监控
cat > jeecg-metrics-service.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
name: jeecg-cloud-gateway-metrics
namespace: jeecg
labels:
app: jeecg-cloud-gateway
prometheus: enabled
spec:
selector:
app: jeecg-cloud-gateway
ports:
- name: metrics
port: 8080
targetPort: 8080
EOF
kubectl apply -f jeecg-metrics-service.yaml
11.2 ELK 日志系统
# 安装 Elasticsearch
helm repo add elastic https://helm.elastic.co
helm install elasticsearch elastic/elasticsearch -n logging --create-namespace --values elasticsearch-values.yaml
# 安装 Kibana
helm install kibana elastic/kibana -n logging --values kibana-values.yaml
# 安装 Fluentd
helm repo add fluent https://fluent.github.io/helm-charts
helm install fluentd fluent/fluentd -n logging --values fluentd-values.yaml
十二、CI/CD 集成
12.1 GitHub Actions 配置
name: Build and Deploy Jeecgboot Cloud
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Build with Maven
run: mvn clean package -DskipTests
- name: Build and push Docker images
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
push: true
tags: |
your-registry/jeecg-cloud-gateway:${{ github.sha }}
your-registry/jeecg-cloud-gateway:latest
credentials:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
deploy:
needs: build
runs-on: ubuntu-latest
steps:
- name: Deploy to Kubernetes
uses: steebchen/kubectl@v2.0.0
with:
config: ${{ secrets.KUBE_CONFIG }}
command: |
kubectl set image deployment/jeecg-cloud-gateway gateway=your-registry/jeecg-cloud-gateway:${{ github.sha }} -n jeecg
kubectl rollout status deployment/jeecg-cloud-gateway -n jeecg
十三、高可用配置
13.1 数据库高可用
# 部署 MySQL 集群
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install mysql-cluster bitnami/mysql -n jeecg \
--set primary.persistence.size=100Gi \
--set secondary.replicas=2 \
--set auth.rootPassword=your-root-password \
--set auth.database=jeecg-boot
13.2 微服务多副本
# 为所有微服务设置至少 3 个副本
kubectl scale deployment --all --replicas=3 -n jeecg
十四、性能优化
14.1 JVM 参数优化
# 在部署文件中添加 JVM 参数
env:
- name: JAVA_OPTS
value: "-Xms512m -Xmx1024m -XX:MetaspaceSize=128m -XX:+UseG1GC -XX:MaxGCPauseMillis=200"
14.2 数据库连接池优化
# 在配置文件中调整连接池参数
spring:
datasource:
hikari:
maximum-pool-size: 15
minimum-idle: 5
idle-timeout: 30000
max-lifetime: 1800000
十五、成本优化
15.1 资源请求与限制优化
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "1024Mi"
cpu: "500m"
15.2 按需扩缩容
# 配置 HPA 基于内存使用
kubectl autoscale deployment jeecg-cloud-gateway -n jeecg --min=2 --max=5 --memory-percent=70
十六、附录
16.1 常用命令速查表
# 查看集群节点
kubectl get nodes
# 查看命名空间
kubectl get namespaces
# 查看 Pods
kubectl get pods -n jeecg
# 查看服务
kubectl get services -n jeecg
# 查看部署
kubectl get deployments -n jeecg
# 查看日志
kubectl logs <pod-name> -n jeecg
# 执行命令
kubectl exec -it <pod-name> -n jeecg -- /bin/bash
# 查看事件
kubectl get events -n jeecg --sort-by=.metadata.creationTimestamp
# 查看资源使用情况
kubectl top pods -n jeecg
16.2 常见问题及解决方法
-
问题:微服务无法连接到 Nacos
解决:检查 Nacos 服务是否正常,查看服务名称和命名空间是否正确。 -
问题:前端页面无法访问后端 API
解决:检查网关服务是否正常,检查 Ingress 配置是否正确。 -
问题:数据库连接失败
解决:检查数据库服务是否正常,验证数据库凭证是否正确。 -
问题:Pod 频繁重启
解决:查看容器日志,检查资源请求和限制是否合理,检查应用启动参数。
扫一扫
1535
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
