php基础镜像构建
FROM daocloud.io/php:7.2-fpm-alpine # 修改镜像源 RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories # 安装依赖,核心扩展,pecl扩展,git,composer,npm工具 RUN apk update && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ curl-dev \ imagemagick-dev \ libtool \ libxml2-dev \ postgresql-dev \ sqlite-dev \ libmcrypt-dev \ freetype-dev \ libjpeg-turbo-dev \ libpng-dev \ && apk add --no-cache \ curl \ git \ imagemagick \ mysql-client \ postgresql-libs \ nodejs \ nodejs-npm \ # 配置npm中国镜像 && npm config set registry https://registry.npm.taobao.org \ && pecl install imagick \ && pecl install mcrypt-1.0.1 \ && docker-php-ext-enable mcrypt \ && docker-php-ext-enable imagick \ && docker-php-ext-install \ curl \ mbstring \ pdo \ pdo_mysql \ pdo_pgsql \ pdo_sqlite \ pcntl \ tokenizer \ xml \ zip \ && docker-php-ext-install -j"$(getconf _NPROCESSORS_ONLN)" iconv && docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ && docker-php-ext-install -j"$(getconf _NPROCESSORS_ONLN)" gd && pecl install -o -f redis && rm -rf /tmp/pear && docker-php-ext-enable redis # 安装composer并允许root用户运行 ENV COMPOSER_ALLOW_SUPERUSER=1 ENV COMPOSER_NO_INTERACTION=1 ENV COMPOSER_HOME=/usr/local/share/composer RUN mkdir -p /usr/local/share/composer && curl -o /tmp/composer-setup.php https://getcomposer.org/installer && php /tmp/composer-setup.php --no-ansi --install-dir=/usr/local/bin --filename=composer --snapshot && rm -f /tmp/composer-setup.* # 配置composer中国全量镜像 && composer config -g repo.packagist composer https://packagist.phpcomposer.com # 对其他容器开放9000端口 EXPOSE 9000
代码打包到 php 镜像,然后和 nginx 容器挂载相同目录。或者放到共享存储,php 和 nginx 容器都挂载。配置 comfigmap、deployment、service、ingress
完整yaml
kind: Deployment # 对象类型 apiVersion: apps/v1 # api 版本 metadata: # 元数据 namespace: test-demo name: test-demo # Deployment 对象名称 spec: # Deployment 对象规约 selector: # 选择器 matchLabels: # 标签匹配 app: test-demo replicas: 1 # 副本数量 template: # 模版 metadata: # Pod 对象的元数据 labels: # Pod 对象的标签 app: test-demo spec: # Pod 对象规约 imagePullSecrets: - name: harbor-registry containers: # 这里设置了两个容器 - name: php-fpm # 第一个容器名称 image: harbor.demo.com/demo:1.0.0 # php打包代码容器镜像 ports: - containerPort: 9000 # php-fpm 端口 volumeMounts: # 挂载数据卷 - mountPath: /var/www/html # 挂载两个容器共享的 volume name: nginx-www lifecycle: # 生命周期 postStart: # 当容器处于 postStart 阶段时,执行一下命令 exec: command: ["/bin/sh", "-c", "cp -r /test-demo /var/www/html && chown -R www-data.www-data /var/www/html/test-demo"] # 复制到挂载的 volume - name: nginx # 第二个容器名称 image: harbor.demo.com/nginx-1.16.1-baseimage:1.0.0 # 容器镜像 ports: - containerPort: 80 # nginx 端口 volumeMounts: # nginx 容器挂载了两个 volume,一个是与 php-fpm 容器共享的 volume,另外一个是配置了 nginx.conf 的 volume - mountPath: /var/www/html # 挂载两个容器共享的 volume name: nginx-www - name: config-volume mountPath: /nginx/etc/conf.d volumes: - name: nginx-www # 这个 volume 是 php-fpm 容器 和 nginx 容器所共享的,两个容器都 volumeMounts 了 emptyDir: {} - name: config-volume configMap: items: - key: test-demo.conf path: test-demo.conf name: nginxconf --- kind: Service # 对象类型 apiVersion: v1 # api 版本 metadata: # 元数据 namespace: test-demo name: test-demo spec: selector: app: test-demo ports: - port: 80 targetPort: 80 # Service 将 nginx 容器的 80 端口暴露出来 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-demo namespace: test-demo annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/proxy-body-size: "50m" spec: rules: - host: test-demo.demo.cn http: paths: - backend: serviceName: test-demo servicePort: 80 path: / pathType: ImplementationSpecific --- apiVersion: v1 kind: ConfigMap metadata: name: nginxconf namespace: test-demo data: test-demo.conf: |- server { listen 80 default_server; listen [::]:80 default_server; server_name _; index index.php index.html index.htm default.php default.htm default.html; root /var/www/html/test-demo/; #PHP-INFO-START PHP引用配置,可以注释或修改 location ~ \.php$ { include fastcgi_params; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass 127.0.0.1:9000; } #PHP-INFO-END #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效 location / { if (!-e $request_filename){ rewrite ^(.*)$ /index.php?s=$1 last; break; } } #REWRITE-END #禁止访问的文件或目录 location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md) { return 404; } #一键申请SSL证书验证目录相关设置 location ~ \.well-known{ allow all; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; error_log off; access_log off; } location ~ .*\.(js|css)?$ { expires 12h; error_log off; access_log off; } }
欢迎来到这里!
我们正在构建一个小众社区,大家在这里相互信任,以平等 • 自由 • 奔放的价值观进行分享交流。最终,希望大家能够找到与自己志同道合的伙伴,共同成长。
注册 关于