Skip to content

搭载blog之安装halo(三)

要求:安装halo博客,并配置域名可访问 一. 安装nfs-provisioner 二. 安装halo 三. 配置Ingress

一、安装nfs-provisioner
  • 首先安装helm
$ curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
  • 安装nfs-provisioner 我在这里使用helm安装nfs
$ helm repo add stable http://mirror.azure.cn/kubernetes/charts/
"stable" has been added to your repositories

2.本地搜索库

$ helm search repo nfs-client-provisioner

3.安装

$ helm install nfs-storage stable/nfs-client-provisioner \
--set nfs.server=10.0.8.15 \
--set nfs.path=/nfs_dir \
--set storageClass.name=nfs-storage \
--set storageClass.defaultClass=true

helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
    --set nfs.server=x.x.x.x \
    --set nfs.path=/nfs_dir \
    --set storageClass.name=nfs-storage \
    --set storageClass.defaultClass=true

注意:
nfs.server:nfs服务地址 可ifconfig 查看eth0 的ip
nfs.path:nfs根目录
storageClass.name:存储类名称
storageClass.defaultClass:设为默认存储类


也可使用新版本的nfs
sudo helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/

helm install  nfs-storage nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
    --set nfs.server=x.x.x.x \
    --set nfs.path=/nfs_dir \
    --set image.repository=registry.cn-qingdao.aliyuncs.com/jameswu-hub/nfs-subdir-external-provisioner \
    --set image.tag=v4.0.2 \
    --set storageClass.name=nfs-storage

4.报错1 mount.nfs: requested NFS version or transport protocol is not supported

解决:安装nfs-kernel-server
apt install nfs-kernel-server

报错2 Output: mount.nfs: access denied by server while mounting 10.0.8.15:/nfs_dir

3.创建共享目录
sudo mkdir -p /nfs_dir
4.修改权限
sudo chown nobody:nogroup /nfs_dir
sudo chmod -R 777 /nfs_dir
5.添加修改/etc/exports
sudo echo '/nfs_dir *(rw,sync,no_root_squash)' > /etc/exports
6.使目录生效
sudo exportfs -arv

查看是否安装

$ kubectl get pods
NAME                                                  READY   STATUS    RESTARTS   AGE
nfs-storage-nfs-client-provisioner-64f59fcf7f-cgr46   1/1     Running   0          2m34s
二、安装halo
  • 创建命名空间

    $ kubectl create namespace ns-halo

  • 安装pvc 创建halo_pvc.yaml

    apiVersion: v1 kind: PersistentVolumeClaim metadata: name: halo-pvc namespace: ns-halo spec: storageClassName: "nfs-storage" accessModes: - ReadWriteMany resources: requests: storage: 5Gi

由于self

Google 之后,找到主要原因是,官方在 k8s 1.20 中基于对性能和统一apiserver调用方式的初衷,移除了对 SelfLink 的支持,而 nfs-provisioner 需要 SelfLink 该项功能。具体计划和原因可查看这个issue[2] 和 KEP[3]。
K3S 为兼容 K8S 应该也继承了该项修改,按 K8S 的方式修改测试了下,完美解决。

k3s修改
# /etc/systemd/system/k3s.service
ExecStart=/usr/local/bin/k3s \
    server \
        ...
        '--kube-apiserver-arg' \   # 新增
        'feature-gates=RemoveSelfLink=false' \  # 新增

执行

$ kaf halo_pvc.yaml
$ kubectl get pvc -A
NAMESPACE   NAME       STATUS    VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   AGE
ns-halo     halo-pvc   Pending                                      nfs-storage    18s
  • 安装halo 创建 halo.yaml

    apiVersion: apps/v1 kind: Deployment metadata: name: halo namespace: ns-halo spec: replicas: 1 selector: matchLabels: app: halo env: prod template: metadata: labels: app: halo env: prod spec: containers: - name: halo image: halohub/halo:2.5.2 ports: - containerPort: 8090 volumeMounts: - name: halo-files mountPath: "/root/.halo2" args: - --halo.security.initializer.superadminusername=admin - --halo.security.initializer.superadminpassword=123456 volumes: - name: halo-files # 这里定义的名称,与上面的volumeMounts.name一致 persistentVolumeClaim: claimName: halo-pvc #为之前创建好的pvc

    apiVersion: v1 kind: Service metadata: name: halo-service namespace: ns-halo spec: selector: app: halo ports: - port: 80 targetPort: 8090

三、配置Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: halo-ingress
  namespace: ns-halo
  annotations:
    kubernetes.io/ingress.class: traefik
    cert-manager.io/cluster-issuer: letsencrypt
    ingress.kubernetes.io/ssl-redirect: "true"
    kubernetes.io/tls-acme: "true"
spec:
  tls:
    - hosts:
        - jamesyt.com
      secretName: blog-com
    - hosts:
        - www.jamesyt.com
      secretName: blog-www-com

  rules:
    - host: jamesyt.com
      http:
        paths:
          - backend:
              service:
                name: halo-service
                port:
                  number: 80
            pathType: Prefix
            path: /
    - host: www.jamesyt.com
      http:
        paths:
          - backend:
              service:
                name: halo-service
                port:
                  number: 80
            pathType: Prefix
            path: /