Todo:
- change sendmail path in php.ini
Dockerfile
Вариант с postfix
Недостаток - жирный сервис постфикса нужно запускать в контейнере.
FROM php:fpm RUN echo "postfix postfix/main_mailer_type string 'Satellite system'" | debconf-set-selections \ && echo "postfix postfix/mailname string autosys.tk" | debconf-set-selections \ && DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \ postfix \ libfreetype6-dev \ libjpeg62-turbo-dev \ libpng-dev \ libicu-dev \ libldap2-dev \ libxml2-dev \ libxslt1-dev \ libwebp-dev \ libxpm-dev \ && CFLAGS="-I/usr/src/php" docker-php-ext-configure gd --with-gd --with-webp-dir --with-jpeg-dir \ --with-png-dir --with-zlib-dir --with-xpm-dir --with-freetype-dir \ && CFLAGS="-I/usr/src/php" docker-php-ext-install -j$(nproc) pcntl exif gd \ calendar gettext intl ldap shmop sockets sysvmsg \ sysvsem sysvshm tokenizer xml xmlreader xmlwriter xsl \ && apt-get clean \ && rm -Rf /var/www/* \ && chown -R www-data:www-data /var/www \ && postconf -e "smtp_generic_maps = hash:/etc/postfix/generic" \ && postconf -e "relayhost = mail.autosys.tk" \ && postconf -e "mydestination = localhost" \ && echo 'www-data mike@autosys.tk' >> /etc/postfix/generic \ && echo 'root mike@autosys.tk' >> /etc/postfix/generic \ && postmap /etc/postfix/generic \ && echo "root: mike@autosys.tk" >> /etc/aliases \ && echo "www-data: mike@autosys.tk" >> /etc/aliases \ && newaliases \ && mkfifo /var/spool/postfix/public/pickup \ && sed -i '/sendmail_path/ s/=.*$/= "\/usr\/sbin\/sendmail -t -i"/' /usr/local/etc/php/php.ini-production \ && sed -i '/sendmail_path/ s/^.*;//' /usr/local/etc/php/php.ini-production \ && mv /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini \ && sed -i '/exec/ s/^/service postfix start \& /' /usr/local/bin/docker-php-entrypoint
Вариант с nullmailer
http://www.panticz.de/install-nullmailer
FROM php:fpm RUN echo "nullmailer shared/mailname string wiki.autosys.tk" | debconf-set-selections \ && echo "nullmailer nullmailer/relayhost string mail.autosys.tk smtp" | debconf-set-selections \ && echo "nullmailer nullmailer/adminaddr string mike@autosys.tk" | debconf-set-selections \ && echo "nullmailer nullmailer/defaultdomain string autosys.tk" | debconf-set-selections \ && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ nullmailer \ libfreetype6-dev \ libjpeg62-turbo-dev \ libpng-dev \ libicu-dev \ libldap2-dev \ libxml2-dev \ libxslt1-dev \ libwebp-dev \ libxpm-dev \ && CFLAGS="-I/usr/src/php" docker-php-ext-configure gd --with-gd --with-webp-dir --with-jpeg-dir \ --with-png-dir --with-zlib-dir --with-xpm-dir --with-freetype-dir \ && CFLAGS="-I/usr/src/php" docker-php-ext-install -j$(nproc) pcntl exif gd \ calendar gettext intl ldap shmop sockets sysvmsg \ sysvsem sysvshm tokenizer xml xmlreader xmlwriter xsl \ && apt-get clean \ && rm -Rf /var/www/* \ && chown -R www-data:www-data /var/www \ && sed -i '/sendmail_path/ s/=.*$/= "\/usr\/sbin\/sendmail -f mike@autosys.tk -t -i"/' /usr/local/etc/php/php.ini-production \ && sed -i '/sendmail_path/ s/^.*;//' /usr/local/etc/php/php.ini-production \ && mv /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini \ && sed -i '/exec/ s/^/service nullmailer start \& /' /usr/local/bin/docker-php-entrypoint
Собираем и пушим образ
docker build -t registry.autosys.tk/dokuwiki-php . docker login -u _reg_user_ -p __superpassword__ registry.domain.com #docker tag dokuwiki-php registry.autosys.tk/dokuwiki-php docker push registry.autosys.tk/dokuwiki-php
Создаем объекты в kubernetes
kind: Namespace apiVersion: v1 metadata: name: wiki labels: name: wiki --- apiVersion: v1 data: .dockerconfigjson: ewoJ.... kind: Secret metadata: name: autosys-regcred namespace: wiki type: kubernetes.io/dockerconfigjson --- apiVersion: apps/v1 kind: Deployment metadata: name: wiki namespace: wiki spec: replicas: 1 selector: matchLabels: app: wiki template: metadata: labels: app: wiki spec: imagePullSecrets: - name: autosys-regcred containers: - name: wiki-php-fpm image: registry.autosys.tk/dokuwiki-php volumeMounts: - name: doku-wiki-files mountPath: /var/www - name: wiki-nginx image: nginx volumeMounts: - name: doku-wiki-files mountPath: /var/www - name: nginx-config-volume mountPath: /etc/nginx/nginx.conf subPath: nginx.conf volumes: - name: doku-wiki-files persistentVolumeClaim: claimName: doku-wiki-files-pv-claim - name: nginx-config-volume configMap: name: nginx-config --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: doku-wiki-files-pv-claim namespace: wiki spec: accessModes: - ReadWriteOnce resources: requests: storage: 20Gi selector: matchLabels: app: wiki --- apiVersion: v1 kind: PersistentVolume metadata: name: doku-wiki-data-pv namespace: wiki labels: app: wiki spec: capacity: storage: 20Gi accessModes: - ReadWriteOnce hostPath: path: "/kubernetes_volumes/wiki-data" type: Directory persistentVolumeReclaimPolicy: Retain claimRef: {} --- kind: ConfigMap apiVersion: v1 metadata: name: nginx-config namespace: wiki data: nginx.conf: | user www-data; worker_processes 4; worker_rlimit_nofile 100000; events { worker_connections 4000; multi_accept on; use epoll; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; types_hash_max_size 2048; server_tokens off; ## # Cache ## open_file_cache max=200000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; include /etc/nginx/mime.types; default_type application/octet-stream; ## # Gzip Settings ## # reduce the data that needs to be sent over network -- for testing environment gzip on; # gzip_static on; gzip_min_length 10240; gzip_comp_level 9; gzip_vary on; gzip_disable msie6; gzip_proxied expired no-cache no-store private auth; gzip_types text/html text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml application/atom+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; ## # Misc options ## # allow the server to close connection on non responding client, this will free up memory reset_timedout_connection on; # request timed out -- default 60 client_body_timeout 10; # if client stop responding, free up memory -- default 60 send_timeout 2; # server will close connection after this time -- default 75 keepalive_timeout 30; # number of requests client can make over keep-alive -- for testing environment keepalive_requests 100000; server { listen 80 default_server; listen [::]:80 default_server; root /var/www; #server_name dokuwiki; autoindex off; client_max_body_size 15M; client_body_buffer_size 128k; index doku.php; location ~ /(data|conf|bin|inc|vendor)/ { deny all; } location / { try_files $uri $uri/ @dokuwiki; } location ~ ^/lib.*\.(jpg|jpeg|png|gif|ico|css|js|svg)$ { expires 30d; } location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } location ~ /\. { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } location @dokuwiki { rewrite ^/([\d\s\w]*)(\.)(.*)(\.ashx) /$1/$3 last; rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; rewrite ^/(.*) /doku.php?id=$1 last; } location ~ \.php$ { include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; try_files $uri =404; fastcgi_pass 127.0.0.1:9000; fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; fastcgi_send_timeout 180; fastcgi_read_timeout 180; fastcgi_buffer_size 128k; fastcgi_buffers 4 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; } } } --- apiVersion: v1 kind: Service metadata: name: wiki-http namespace: wiki spec: selector: app: wiki type: ClusterIP ports: - name: http port: 80 protocol: TCP targetPort: 80 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" name: wiki-ingress namespace: wiki spec: rules: - host: wiki.autosys.tk http: paths: - backend: serviceName: wiki-http servicePort: 80 path: / tls: - hosts: - wiki.autosys.tk secretName: wiki-autosys-tk-tls
Discussion