Todo:
- change sendmail path in php.ini
Dockerfile
Вариант с postfix
Недостаток - жирный сервис постфикса нужно запускать в контейнере.
FROM php:fpm RUN echo "postfix postfix/main_mailer_type string 'Satellite system'" | debconf-set-selections \ && echo "postfix postfix/mailname string autosys.tk" | debconf-set-selections \ && DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \ postfix \ libfreetype6-dev \ libjpeg62-turbo-dev \ libpng-dev \ libicu-dev \ libldap2-dev \ libxml2-dev \ libxslt1-dev \ libwebp-dev \ libxpm-dev \ && CFLAGS="-I/usr/src/php" docker-php-ext-configure gd --with-gd --with-webp-dir --with-jpeg-dir \ --with-png-dir --with-zlib-dir --with-xpm-dir --with-freetype-dir \ && CFLAGS="-I/usr/src/php" docker-php-ext-install -j$(nproc) pcntl exif gd \ calendar gettext intl ldap shmop sockets sysvmsg \ sysvsem sysvshm tokenizer xml xmlreader xmlwriter xsl \ && apt-get clean \ && rm -Rf /var/www/* \ && chown -R www-data:www-data /var/www \ && postconf -e "smtp_generic_maps = hash:/etc/postfix/generic" \ && postconf -e "relayhost = mail.autosys.tk" \ && postconf -e "mydestination = localhost" \ && echo 'www-data mike@autosys.tk' >> /etc/postfix/generic \ && echo 'root mike@autosys.tk' >> /etc/postfix/generic \ && postmap /etc/postfix/generic \ && echo "root: mike@autosys.tk" >> /etc/aliases \ && echo "www-data: mike@autosys.tk" >> /etc/aliases \ && newaliases \ && mkfifo /var/spool/postfix/public/pickup \ && sed -i '/sendmail_path/ s/=.*$/= "\/usr\/sbin\/sendmail -t -i"/' /usr/local/etc/php/php.ini-production \ && sed -i '/sendmail_path/ s/^.*;//' /usr/local/etc/php/php.ini-production \ && mv /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini \ && sed -i '/exec/ s/^/service postfix start \& /' /usr/local/bin/docker-php-entrypoint
Вариант с nullmailer
http://www.panticz.de/install-nullmailer
FROM php:fpm RUN echo "nullmailer shared/mailname string wiki.autosys.tk" | debconf-set-selections \ && echo "nullmailer nullmailer/relayhost string mail.autosys.tk smtp" | debconf-set-selections \ && echo "nullmailer nullmailer/adminaddr string mike@autosys.tk" | debconf-set-selections \ && echo "nullmailer nullmailer/defaultdomain string autosys.tk" | debconf-set-selections \ && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ nullmailer \ libfreetype6-dev \ libjpeg62-turbo-dev \ libpng-dev \ libicu-dev \ libldap2-dev \ libxml2-dev \ libxslt1-dev \ libwebp-dev \ libxpm-dev \ && CFLAGS="-I/usr/src/php" docker-php-ext-configure gd --with-gd --with-webp-dir --with-jpeg-dir \ --with-png-dir --with-zlib-dir --with-xpm-dir --with-freetype-dir \ && CFLAGS="-I/usr/src/php" docker-php-ext-install -j$(nproc) pcntl exif gd \ calendar gettext intl ldap shmop sockets sysvmsg \ sysvsem sysvshm tokenizer xml xmlreader xmlwriter xsl \ && apt-get clean \ && rm -Rf /var/www/* \ && chown -R www-data:www-data /var/www \ && sed -i '/sendmail_path/ s/=.*$/= "\/usr\/sbin\/sendmail -f mike@autosys.tk -t -i"/' /usr/local/etc/php/php.ini-production \ && sed -i '/sendmail_path/ s/^.*;//' /usr/local/etc/php/php.ini-production \ && mv /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini \ && sed -i '/exec/ s/^/service nullmailer start \& /' /usr/local/bin/docker-php-entrypoint
Собираем и пушим образ
docker build -t registry.autosys.tk/dokuwiki-php . docker login -u _reg_user_ -p __superpassword__ registry.domain.com #docker tag dokuwiki-php registry.autosys.tk/dokuwiki-php docker push registry.autosys.tk/dokuwiki-php
Создаем объекты в kubernetes
kind: Namespace
apiVersion: v1
metadata:
name: wiki
labels:
name: wiki
---
apiVersion: v1
data:
.dockerconfigjson: ewoJ....
kind: Secret
metadata:
name: autosys-regcred
namespace: wiki
type: kubernetes.io/dockerconfigjson
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wiki
namespace: wiki
spec:
replicas: 1
selector:
matchLabels:
app: wiki
template:
metadata:
labels:
app: wiki
spec:
imagePullSecrets:
- name: autosys-regcred
containers:
- name: wiki-php-fpm
image: registry.autosys.tk/dokuwiki-php
volumeMounts:
- name: doku-wiki-files
mountPath: /var/www
- name: wiki-nginx
image: nginx
volumeMounts:
- name: doku-wiki-files
mountPath: /var/www
- name: nginx-config-volume
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: doku-wiki-files
persistentVolumeClaim:
claimName: doku-wiki-files-pv-claim
- name: nginx-config-volume
configMap:
name: nginx-config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: doku-wiki-files-pv-claim
namespace: wiki
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
selector:
matchLabels:
app: wiki
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: doku-wiki-data-pv
namespace: wiki
labels:
app: wiki
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/kubernetes_volumes/wiki-data"
type: Directory
persistentVolumeReclaimPolicy: Retain
claimRef: {}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-config
namespace: wiki
data:
nginx.conf: |
user www-data;
worker_processes 4;
worker_rlimit_nofile 100000;
events {
worker_connections 4000;
multi_accept on;
use epoll;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
server_tokens off;
##
# Cache
##
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Gzip Settings
##
# reduce the data that needs to be sent over network -- for testing environment
gzip on;
# gzip_static on;
gzip_min_length 10240;
gzip_comp_level 9;
gzip_vary on;
gzip_disable msie6;
gzip_proxied expired no-cache no-store private auth;
gzip_types
text/html
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/atom+xml
font/truetype
font/opentype
application/vnd.ms-fontobject
image/svg+xml;
##
# Misc options
##
# allow the server to close connection on non responding client, this will free up memory
reset_timedout_connection on;
# request timed out -- default 60
client_body_timeout 10;
# if client stop responding, free up memory -- default 60
send_timeout 2;
# server will close connection after this time -- default 75
keepalive_timeout 30;
# number of requests client can make over keep-alive -- for testing environment
keepalive_requests 100000;
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www;
#server_name dokuwiki;
autoindex off;
client_max_body_size 15M;
client_body_buffer_size 128k;
index doku.php;
location ~ /(data|conf|bin|inc|vendor)/ {
deny all;
}
location / {
try_files $uri $uri/ @dokuwiki;
}
location ~ ^/lib.*\.(jpg|jpeg|png|gif|ico|css|js|svg)$ {
expires 30d;
}
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ~ /\. { access_log off; log_not_found off; deny all; }
location ~ ~$ { access_log off; log_not_found off; deny all; }
location @dokuwiki {
rewrite ^/([\d\s\w]*)(\.)(.*)(\.ashx) /$1/$3 last;
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1 last;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
}
}
---
apiVersion: v1
kind: Service
metadata:
name: wiki-http
namespace: wiki
spec:
selector:
app: wiki
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
name: wiki-ingress
namespace: wiki
spec:
rules:
- host: wiki.autosys.tk
http:
paths:
- backend:
serviceName: wiki-http
servicePort: 80
path: /
tls:
- hosts:
- wiki.autosys.tk
secretName: wiki-autosys-tk-tls
Discussion