User Tools

Site Tools


Sidebar

Me
Здравствуйте!

Меня зовут Михаил Усик!
Я системный администратор
и наполняю эту wiki,
решая разнообразные IT-задачки.

Я всегда готов помочь Вам
наладить IT-инфраструктуру
за скромное вознаграждение!

mike@autosys.tk
+7 (977) 887-96-23

linux_faq:deploy_dokuwiki_in_kubernetes

Todo:

  1. change sendmail path in php.ini

Dockerfile

Вариант с postfix

Недостаток - жирный сервис постфикса нужно запускать в контейнере.

FROM php:fpm
RUN echo "postfix postfix/main_mailer_type string 'Satellite system'" | debconf-set-selections \
    && echo "postfix postfix/mailname string autosys.tk" | debconf-set-selections \
    && DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \
    postfix \
    libfreetype6-dev \
    libjpeg62-turbo-dev \
    libpng-dev \
    libicu-dev \
    libldap2-dev \
    libxml2-dev \
    libxslt1-dev \
 && CFLAGS="-I/usr/src/php" docker-php-ext-install -j$(nproc) pcntl exif gd \
    calendar gettext intl ldap shmop sockets sysvmsg \
    sysvsem sysvshm tokenizer xml xmlreader xmlwriter xsl \
 && apt-get clean \
 && rm -Rf /var/www/* \
 && chown -R www-data:www-data /var/www \
 && postconf -e "smtp_generic_maps = hash:/etc/postfix/generic" \
 && postconf -e "relayhost = mail.autosys.tk" \ 
 && postconf -e "mydestination = localhost" \
 && echo 'www-data mike@autosys.tk' >> /etc/postfix/generic \
 && echo 'root mike@autosys.tk' >> /etc/postfix/generic \
 && postmap /etc/postfix/generic \
 && echo "root: mike@autosys.tk" >> /etc/aliases \
 && echo "www-data: mike@autosys.tk" >> /etc/aliases \
 && newaliases \
 && mkfifo /var/spool/postfix/public/pickup \
 && sed -i '/sendmail_path/ s/=.*$/= "\/usr\/sbin\/sendmail -t -i"/' /usr/local/etc/php/php.ini-production \
 && sed -i '/sendmail_path/ s/^.*;//' /usr/local/etc/php/php.ini-production \
 && mv /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini \
 && sed -i '/exec/ s/^/service postfix start \& /' /usr/local/bin/docker-php-entrypoint

Вариант с nullmailer

http://www.panticz.de/install-nullmailer

FROM php:fpm
RUN echo "nullmailer shared/mailname string wiki.autosys.tk" | debconf-set-selections \
    && echo "nullmailer nullmailer/relayhost string mail.autosys.tk smtp" | debconf-set-selections \
    && echo "nullmailer nullmailer/adminaddr string mike@autosys.tk" | debconf-set-selections \
    && echo "nullmailer nullmailer/defaultdomain string autosys.tk" | debconf-set-selections \
    && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
    nullmailer \
    libfreetype6-dev \
    libjpeg62-turbo-dev \
    libpng-dev \
    libicu-dev \
    libldap2-dev \
    libxml2-dev \
    libxslt1-dev \
 && CFLAGS="-I/usr/src/php" docker-php-ext-install -j$(nproc) pcntl exif gd \
    calendar gettext intl ldap shmop sockets sysvmsg \
    sysvsem sysvshm tokenizer xml xmlreader xmlwriter xsl \
 && apt-get clean \
 && rm -Rf /var/www/* \
 && chown -R www-data:www-data /var/www \
 && sed -i '/sendmail_path/ s/=.*$/= "\/usr\/sbin\/sendmail -f mike@autosys.tk -t -i"/' /usr/local/etc/php/php.ini-production \
 && sed -i '/sendmail_path/ s/^.*;//' /usr/local/etc/php/php.ini-production \
 && mv /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini \
 && sed -i '/exec/ s/^/service nullmailer start \& /' /usr/local/bin/docker-php-entrypoint

Собираем и пушим образ

docker build -t registry.autosys.tk/dokuwiki-php .
docker login -u _reg_user_ -p __superpassword__ registry.domain.com
#docker tag dokuwiki-php registry.autosys.tk/dokuwiki-php
docker push registry.autosys.tk/dokuwiki-php

Создаем объекты в kubernetes

kind: Namespace
apiVersion: v1
metadata:
  name: wiki
  labels:
    name: wiki
---
apiVersion: v1
data:
  .dockerconfigjson: ewoJ....
kind: Secret
metadata:
  name: autosys-regcred
  namespace: wiki
type: kubernetes.io/dockerconfigjson
---
apiVersion: apps/v1
kind: Deployment
metadata:    
  name: wiki
  namespace: wiki
spec:
  replicas: 1
  selector:  
    matchLabels:
      app: wiki
  template:  
    metadata:
      labels:
        app: wiki
    spec:
      imagePullSecrets:
      - name: autosys-regcred
      containers:    
        - name: wiki-php-fpm
          image: registry.autosys.tk/dokuwiki-php
          volumeMounts:
            - name: doku-wiki-files
              mountPath: /var/www
        - name: wiki-nginx
          image: nginx
          volumeMounts:
            - name: doku-wiki-files
              mountPath: /var/www
            - name: nginx-config-volume
              mountPath: /etc/nginx/nginx.conf
              subPath: nginx.conf
      volumes:
        - name: doku-wiki-files
          persistentVolumeClaim:
            claimName: doku-wiki-files-pv-claim
        - name: nginx-config-volume
          configMap:
            name: nginx-config       
      
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: doku-wiki-files-pv-claim
  namespace: wiki
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 20Gi
  selector:
    matchLabels:
      app: wiki
---
apiVersion: v1
kind: PersistentVolume
metadata:
   name: doku-wiki-data-pv
   namespace: wiki
   labels:
     app: wiki
spec:
  capacity:
    storage: 20Gi
  accessModes:
  - ReadWriteOnce
  hostPath:
    path: "/kubernetes_volumes/wiki-data"
    type: Directory
  persistentVolumeReclaimPolicy: Retain
  claimRef: {}
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-config
  namespace: wiki
data:
  nginx.conf: |
    user www-data;
    worker_processes 4;
    worker_rlimit_nofile 100000;
    
    events {
        worker_connections 4000;
        multi_accept on;
        use epoll;
    }
    http {
        ##
        # Basic Settings
        ##
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        types_hash_max_size 2048;
        server_tokens off;

        ##
        # Cache
        ##
        open_file_cache max=200000 inactive=20s;
        open_file_cache_valid 30s;
        open_file_cache_min_uses 2;
        open_file_cache_errors on; 

        add_header X-XSS-Protection "1; mode=block";
        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";

        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        
                ##
        # Gzip Settings
        ##
        # reduce the data that needs to be sent over network -- for testing environment
        gzip on;
        # gzip_static on;
        gzip_min_length 10240;
        gzip_comp_level 9;
        gzip_vary on;
        gzip_disable msie6;
        gzip_proxied expired no-cache no-store private auth;
        gzip_types
                text/html
                text/css
                text/javascript
                text/xml
                text/plain
                text/x-component
                application/javascript
                application/x-javascript
                application/json
                application/xml
                application/rss+xml
                application/atom+xml
                font/truetype
                font/opentype
                application/vnd.ms-fontobject
                image/svg+xml;

        ##
        # Misc options
        ##

        # allow the server to close connection on non responding client, this will free up memory
        reset_timedout_connection on;

        # request timed out -- default 60
        client_body_timeout 10;

        # if client stop responding, free up memory -- default 60
        send_timeout 2;

        # server will close connection after this time -- default 75
        keepalive_timeout 30;

        # number of requests client can make over keep-alive -- for testing environment
        keepalive_requests 100000;

      server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www;
        server_name _;
        autoindex off;
        client_max_body_size 15M;
        client_body_buffer_size 128k;
        index doku.php;
        
        #Security Settings
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";        
        
        location ~ /(data|conf|bin|inc|vendor)/ {
          deny all;
        }
        
        #WARNING! Redirect 404 pages to homepage broke ACME !!! 
        #Redirect any 404 to homepage
        #error_page 404 =200 /doku.php?id=mainpage;

        #Enable access to acme files
        location ~ /\.well-known/acme-challenge/ {
          allow all;
          access_log off;
          log_not_found off;
        }
        
        location / {
          try_files $uri $uri/ @dokuwiki;
        }
 
        location ~ ^/lib.*\.(jpg|jpeg|png|gif|ico|css|js|svg)$ {
          expires 30d;
        }

        location = /robots.txt  { access_log off; log_not_found off; }
        location = /favicon.ico { access_log off; log_not_found off; }
        location ~ /\.          { access_log off; log_not_found off; deny all; }
        location ~ ~$           { access_log off; log_not_found off; deny all; }

        location @dokuwiki {
          rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
          rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
          rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
          rewrite ^/(.*) /doku.php?id=$1 last;
        }

        location ~ \.php$ {
            include /etc/nginx/fastcgi_params;
            fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
            try_files $uri =404;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_intercept_errors        on;
            fastcgi_ignore_client_abort     off;
            fastcgi_connect_timeout 60;
            fastcgi_send_timeout 180;
            fastcgi_read_timeout 180;
            fastcgi_buffer_size 128k;
            fastcgi_buffers 4 256k;
            fastcgi_busy_buffers_size 256k;
            fastcgi_temp_file_write_size 256k;
        }
      }
    }
---
apiVersion: v1
kind: Service
metadata:
  name: wiki-http
  namespace: wiki
spec:
  selector: 
    app: wiki
  type: ClusterIP
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
  name: wiki-ingress
  namespace: wiki
spec:
  rules:
  - host: wiki.autosys.tk
    http:
      paths:
      - backend:
          serviceName: wiki-http
          servicePort: 80
        path: /
  tls:
  - hosts:
    - wiki.autosys.tk
    secretName:  wiki-autosys-tk-tls

Discussion

Enter your comment. Wiki syntax is allowed:
H G D᠎ L A
 
linux_faq/deploy_dokuwiki_in_kubernetes.txt · Last modified: 2019/11/17 17:50 by admin