helm 实践 mysql_如何使用Helm在Kubernetes上使用MySQL设置WordPress
helm 实践 mysql
介绍 (Introduction)
As more developers work within distributed environments, tools like Kubernetes have become central to keeping application components standardized across dynamic build and production environments. With the increasing complexity of application ecosystems and the growing popularity of Kuberbetes, tools that help manage resources within Kubernetes clusters have become essential.
随着越来越多的开发人员在分布式环境中工作,诸如Kubernetes之类的工具已成为在动态构建和生产环境中保持应用程序组件标准化的核心。 随着应用程序生态系统的日益复杂和Kuberbetes的日益普及,帮助管理Kubernetes集群中的资源的工具变得至关重要。
Helm is an open-source package manager for Kubernetes that simplifies the process of deploying and upgrading applications on a Kubernetes cluster, while also providing a way to find and share ready-to-install applications that are packaged as Kubernetes Charts.
Helm是Kubernetes的开源软件包管理器,它简化了在Kubernetes集群上部署和升级应用程序的过程,同时还提供了一种查找和共享打包为Kubernetes Charts的即插即用应用程序的方法。
In this tutorial, we’ll use Helm for setting up WordPress on top of a Kubernetes cluster, in order to create a highly-available website. In addition to leveraging the intrinsic scalability and high availability aspects of Kubernetes, this setup will help keeping WordPress secure by providing simplified upgrade and rollback workflows via Helm.
在本教程中,我们将使用Helm在Kubernetes集群上设置WordPress ,以创建一个高可用性的网站。 除了利用Kubernetes固有的可扩展性和高可用性方面之外,此设置还将通过Helm提供简化的升级和回滚工作流来帮助保持WordPress的安全。
We’ll be using an external MySQL server in order to abstract the database component, since it can be part of a separate cluster or managed service for extended availability. After completing the steps described in this tutorial, you will have a fully functional WordPress installation within a containerized cluster environment managed by Kubernetes.
我们将使用外部MySQL服务器来抽象化数据库组件,因为它可以作为单独的群集或托管服务的一部分以提高可用性。 完成本教程中描述的步骤后,您将在Kubernetes管理的容器化集群环境中安装功能齐全的WordPress。
先决条件 (Prerequisites)
In order to complete this guide, you will need the following available to you:
为了完成本指南,您将需要以下内容:
A Kubernetes 1.10+ cluster with role-based access control (RBAC) enabled.
启用了基于角色的访问控制 (RBAC)的Kubernetes 1.10+集群。
The
kubectlcommand-line tool installed on your local machine or development server, configured to connect to your cluster. Please see the official Kubernetes documentation for instructions on how to set this up.安装在本地计算机或开发服务器上的
kubectl命令行工具,配置为连接到集群。 请参阅Kubernetes官方文档以获取有关设置方法的说明。The Helm package manager installed on your local machine or development server, and Tiller installed on your cluster, as explained in this tutorial: How To Install Software on Kubernetes Clusters with the Helm Package Manager.
如本教程中所述: 如何在本地计算机或开发服务器上安装Helm软件包管理器,并在群集上安装Tiller: 如何使用Helm软件包管理器在Kubernetes群集上安装软件 。
An external MySQL server with SSH access, and the root MySQL password. To set this up, you can follow one of our MySQL tutorials, such as: How To Install MySQL on Ubuntu 18.04 .
具有SSH访问权限和MySQL 根密码的外部MySQL服务器。 要进行设置,您可以遵循我们MySQL教程之一,例如: 如何在Ubuntu 18.04上安装MySQL 。
Before moving on, make sure you’re able to log into your MySQL server, and that you have connectivity to your Kubernetes cluster. In case you have multiple clusters set up in your kubectl config file, you should make sure that you’re connected to the correct cluster by running the following command from your local machine or development server:
在继续之前,请确保您能够登录到MySQL服务器,并且已连接到Kubernetes集群。 如果您在kubectl配置文件中设置了多个集群,则应通过从本地计算机或开发服务器运行以下命令来确保已连接到正确的集群:
- kubectl config get-contexts kubectl配置获取上下文
This is an example output:
这是一个示例输出:
Output
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* do-sfo2-wordpress-cluster do-sfo2-wordpress-cluster do-sfo2-wordpress-cluster-admin
minikube minikube minikube
The asterisk sign (*) indicates which cluster is currently the default context. In case you need to change the current context, run:
星号(*)表示当前是默认上下文的群集。 如果需要更改当前上下文,请运行:
kubectl config use-context context-name
kubectl配置使用上下文上下文名称
You should now be ready to follow the rest of the guide.
现在,您应该准备按照指南的其余部分进行操作。
第1步-配置MySQL (Step 1 — Configuring MySQL)
First, we’ll create a dedicated MySQL user and a database for WordPress, allowing connections from external hosts. This is necessary because our WordPress installation will live on a separate server inside the Kubernetes cluster. In case you already have a dedicated MySQL user and database set up for WordPress, you can skip to the next step.
首先,我们将创建一个专用MySQL用户和WordPress数据库,以允许来自外部主机的连接。 这是必要的,因为我们的WordPress安装将位于Kubernetes集群内的单独服务器上。 如果您已经为WordPress建立了专用MySQL用户和数据库,则可以跳到下一步。
From the MySQL server, log into MySQL with the following command:
从MySQL服务器,使用以下命令登录到MySQL:
- mysql -u root -p mysql -u root -p
You will be prompted to provide the password you set up for the root MySQL account when you first installed the software. After logging in, MySQL will give you a command prompt you can use to create the database and user we need for WordPress.
首次安装该软件时,系统将提示您提供为MySQL 根帐户设置的密码。 登录后,MySQL将为您提供命令提示符,您可以使用它来创建我们需要WordPress的数据库和用户。
Note: For this tutorial, we’ll be creating a database named wordpress and a user named wordpress_user, identified by the password password. Please note that these are insecure example values, and you should modify them accordingly throughout this guide.
注意:在本教程中,我们将创建一个名为wordpress的数据库和一个名为wordpress_user的用户,该用户由密码password标识。 请注意,这些是不安全的示例值,您应该在本指南中进行相应的修改 。
To create the database, you can use the following statement:
要创建数据库,可以使用以下语句:
CREATE DATABASE wordpress;
创建数据库wordpress ;
Now, let’s create a dedicated MySQL user for this database:
现在,让我们为此数据库创建一个专用MySQL用户:
CREATE USER wordpress_user IDENTIFIED BY 'password';
创建用户wordpress_user IDENTIFIED BY' 密码 ';
The user wordpress_user was created, but it doesn’t have any access permissions yet. The following command will give this user admin access (all privileges) to the wordpress database from both local and external networks:
用户wordpress_user已创建,但没有任何访问权限。 以下命令将授予该用户从本地和外部网络对wordpress数据库的管理员访问权限(所有特权):
GRANT ALL PRIVILEGES ON wordpress.* TO wordpress_user@'%';
将所有特权授予wordpress 。*到wordpress_user @'%';
To update the internal MySQL tables that manage access permissions, use the following statement:
要更新管理访问权限的内部MySQL表,请使用以下语句:
- FLUSH PRIVILEGES; 冲洗特权;
Now you can exit the MySQL client with:
现在,您可以使用以下方式退出MySQL客户端:
- exit; 出口;
To test that the changes were successful, you can log into the MySQL command-line client again, this time using the new account wordpress_user to authenticate:
要测试更改是否成功,您可以再次登录MySQL命令行客户端,这次使用新帐户wordpress_user进行身份验证:
mysql -u wordpress_user -p
mysql -u wordpress_user -p
You should use the same password you provided when creating this MySQL user with the CREATE_USER statement. To confirm your new user has access to the wordpress database, you can use the following statement:
使用CREATE_USER语句创建此MySQL用户时,应使用提供的密码。 要确认您的新用户有权访问wordpress数据库,可以使用以下语句:
- show databases; 显示数据库;
The following output is expected:
预期输出如下:
Output
+--------------------+
| Database |
+--------------------+
| information_schema |
| wordpress |
+--------------------+
2 rows in set (0.03 sec)
After confirming the wordpress database is included in the results, you can exit the MySQL command-line client with:
确认结果中包括wordpress数据库后,您可以使用以下命令退出MySQL命令行客户端:
- exit; 出口;
You now have a dedicated MySQL database for WordPress, and valid access credentials to use within it. Because our WordPress installation will live on a separate server, we still need to edit our MySQL configuration to allow connections coming from external hosts.
现在,您已经有一个专用于WordPressMySQL数据库,以及在其中使用的有效访问凭据。 因为我们的WordPress安装将位于单独的服务器上,所以我们仍然需要编辑MySQL配置以允许来自外部主机的连接。
While still on your MySQL server, open the file /etc/mysql/mysql.conf.d/mysqld.cnf using your command-line editor of choice:
仍在您MySQL服务器上时,使用选择的命令行编辑器打开文件/etc/mysql/mysql.conf.d/mysqld.cnf :
- sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf 须藤nano /etc/mysql/mysql.conf.d/mysqld.cnf
Locate the bind-address setting within this file. By default, MySQL listens only on 127.0.0.1 (localhost). In order to accept connections from external hosts, we need to change this value to 0.0.0.0. This is how your bind-address configuration should look:
在此文件中找到bind-address设置。 默认情况下,MySQL仅侦听127.0.0.1 (localhost)。 为了接受来自外部主机的连接,我们需要将此值更改为0.0.0.0 。 这是您的bind-address配置的外观:
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 0.0.0.0When you’re done making these changes, save and close the file. You’ll need to restart MySQL with the following command:
完成这些更改后,保存并关闭文件。 您需要使用以下命令重新启动MySQL:
- sudo systemctl restart mysql sudo systemctl重新启动mysql
To test if you’re able to connect remotely, run the following command from your local machine or development server:
要测试您是否能够远程连接,请从本地计算机或开发服务器运行以下命令:
mysql -h mysql_server_ip -u wordpress_user -p
mysql -h mysql_server_ip -u wordpress_user -p
Remember to change mysql_server_ip to your MySQL server IP address or hostname. If you’re able to connect without errors, you are now ready to proceed to the next step.
切记将mysql_server_ip更改为您MySQL服务器IP地址或主机名。 如果能够正确连接,则现在可以继续进行下一步了。
第2步-安装WordPress (Step 2 — Installing WordPress)
Now that we have the necessary information to connect to the MySQL database, we can go ahead and install WordPress using Helm.
现在,我们已经拥有连接到MySQL数据库的必要信息,我们可以继续使用Helm安装WordPress。
By default, the WordPress chart installs MariaDB on a separate pod inside the cluster and uses it as the WordPress database. We want to disable this behavior and configure WordPress to use an external MySQL database. This and other configuration options (such as the default WordPress admin user and password) can be set at installation time, either via command-line parameters or via a separate YAML configuration file.
默认情况下,WordPress图表将MariaDB安装在群集内的单独容器上,并将其用作WordPress数据库。 我们要禁用此行为,并将WordPress配置为使用外部MySQL数据库。 此和其他配置选项(例如默认的WordPress管理员用户和密码)可以在安装时通过命令行参数或通过单独的YAML配置文件进行设置。
In order to keep things organized and easily extendable, we are going to use a configuration file.
为了使事情井井有条且易于扩展,我们将使用配置文件。
From your local machine or development server, create a new directory for your project settings and navigate into it:
在本地计算机或开发服务器上,为您的项目设置创建一个新目录,然后浏览至其中:
- mkdir myblog-settings mkdir myblog设置
- cd myblog-settings cd myblog-settings
Next, create a file named values.yaml, using your text editor of choice:
接下来,使用您选择的文本编辑器创建一个名为values.yaml的文件:
- nano values.yaml 纳米值
Within this file, we need to set up a few variables that will define how WordPress connects to the database, as well as some basic information about your site and the initial admin user for logging into WordPress when the installation is complete.
在此文件中,我们需要设置一些变量,这些变量将定义WordPress如何连接到数据库,以及有关您的站点和安装完成后登录WordPress的初始管理员用户的一些基本信息。
We’ll base our configuration on the default values.yaml file from the WordPress Helm chart. The Blog/Site Info section contains general options for your WordPress blog, such as the name of the blog and the initial user credentials. The Database Settings section of this file contains the settings for connecting to the remote MySQL server. MariaDB is disabled in the final section.
我们将基于WordPress Helm图表中的默认values.yaml文件进行配置。 “ 博客/站点信息”部分包含WordPress博客的常规选项,例如博客名称和初始用户凭据。 该文件的“ 数据库设置”部分包含用于连接到远程MySQL服务器的设置。 在最后一节中禁用了MariaDB。
Copy the following contents into your values.yaml file, replacing the highlighted values with your custom values:
将以下内容复制到values.yaml文件中,将突出显示的值替换为自定义值:
## Blog/Site Info
wordpressUsername: sammy
wordpressPassword: password
wordpressEmail: sammy@example.com
wordpressFirstName: Sammy
wordpressLastName: the Shark
wordpressBlogName: Sammy's Blog!
## Database Settings
externalDatabase:
host: mysql_server_ip
user: wordpress_user
password: password
database: wordpress
## Disabling MariaDB
mariadb:
enabled: falseWe have just configured the following options:
我们刚刚配置了以下选项:
wordpressUsername: WordPress user’s login.
wordpressUsername :WordPress用户的登录名。
wordpressPassword: WordPress user’s password.
wordpressPassword :WordPress用户的密码。
wordpressEmail: WordPress user’s email.
wordpressEmail :WordPress用户的电子邮件。
wordpressFirstName: Wordpress user’s first name.
wordpressFirstName :Wordpress用户的名字。
wordpressLastName: Wordpress user’s last name.
wordpressLastName :Wordpress用户的姓氏。
wordpressBlogName: Name of the Site or Blog.
wordpressBlogName :网站或博客的名称。
host: MySQL server IP address or hostname.
host :MySQL服务器的IP地址或主机名。
user: MySQL user.
user :MySQL用户。
password: MySQL password.
密码 :MySQL密码。
database: MySQL database name.
database :MySQL数据库名称。
When you’re done editing, save the file and exit the editor.
完成编辑后,保存文件并退出编辑器。
Now that we have all settings in place, it is time to execute helm to install WordPress. The following command tells helm to install the most recent stable release of the WordPress chart under the name myblog, using values.yaml as configuration file:
现在,我们已经具备了所有的设置,它是时间来执行helm安装WordPress。 下面的命令告诉helm安装名下的WordPress图表的最新稳定版本myblog ,使用values.yaml作为配置文件:
helm install --name myblog -f values.yaml stable/wordpress
舵机安装--name myblog -f values.yaml稳定/ wordpress
You should get output similar to the following:
您应该获得类似于以下内容的输出:
Output
NAME: myblog
LAST DEPLOYED: Fri Jan 25 20:24:10 2019
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
myblog-wordpress 0/1 1 0 1s
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
myblog-wordpress Pending do-block-storage 1s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
myblog-wordpress-5965f49485-8zfl7 0/1 Pending 0 1s
==> v1/Secret
NAME TYPE DATA AGE
myblog-externaldb Opaque 1 1s
myblog-wordpress Opaque 1 1s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myblog-wordpress LoadBalancer 10.245.144.79 <pending> 80:31403/TCP,443:30879/TCP 1s
(...)
After the installation is finished, a service named myblog-wordpress is created within your Kubernetes cluster, but it may take a few minutes before the container is ready and the External-IP information is available. To check the status of this service and retrieve its external IP address, run:
安装完成后,将在您的Kubernetes群集中创建一个名为myblog-wordpress的服务,但是可能需要花费几分钟,容器才能准备就绪,并且External-IP信息可用。 要检查此服务的状态并检索其外部IP地址,请运行:
- kubectl get services kubectl获得服务
You should get output similar to the following:
您应该获得类似于以下内容的输出:
Output
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.245.0.1 <none> 443/TCP 20h
myblog-wordpress LoadBalancer 10.245.144.79 203.0.113.110 80:31403/TCP,443:30879/TCP 3m40s
This command gives you detailed information about services running on your cluster, including name and type of the service, as well as IP addresses used by these services. As you can see from the output, the WordPress installation is being served as myblog-wordpress on the external IP address 203.0.113.110.
此命令为您提供有关在群集上运行的服务的详细信息,包括服务的名称和类型以及这些服务使用的IP地址。 从输出中可以看到,WordPress安装在外部IP地址203.0.113.110上用作myblog-wordpress 。
Note: In case you are using minikube to test this setup, you’ll need to run minikube service myblog-wordpress in order to expose the container web server so that you can access it from your browser.
注意:如果要使用minikube测试此设置,则需要运行minikube service myblog-wordpress才能显示容器Web服务器,以便可以从浏览器访问它。
Your WordPress installation is now operational. To access the admin interface, use the public IP address obtained from the output of kubectl get services, followed by /wp-admin in your web browser:
您的WordPress安装现已开始运行。 要访问管理界面,请使用从kubectl get services输出获得的公共IP地址,然后在Web浏览器中输入/wp-admin :
http://203.0.113.110/wp-adminYou should use the credentials defined in your values.yaml file to log in and start configuring your WordPress site.
您应该使用在values.yaml文件中定义的凭据登录并开始配置WordPress网站。
第3步-升级WordPress (Step 3 — Upgrading WordPress)
Because of its popularity, WordPress is often a target for malicious exploitation, so it’s important to keep it updated. We can upgrade Helm releases with the command helm upgrade.
由于WordPress的受欢迎程度,它经常成为恶意利用的目标,因此保持更新很重要。 我们可以使用helm upgrade命令来升级Helm版本。
To list all of your current releases, run the following command from your local machine or development server:
要列出所有当前发行版,请从本地计算机或开发服务器运行以下命令:
- helm list 掌舵清单
You should get output similar to this:
您应该获得类似于以下的输出:
Output
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
myblog 1 Fri Jan 25 20:24:10 2019 DEPLOYED wordpress-5.1.2 5.0.3 default
As you can see from the output, our current WordPress version is 5.0.3 (app version), while the chart version is 5.1.2. If you want to upgrade a release to a newer version of a chart, first update your Helm repositories with:
从输出中可以看到,我们当前的WordPress版本是5.0.3 (应用程序版本),而图表版本是5.1.2 。 如果要将发行版升级到图表的较新版本,请首先使用以下命令更新Helm存储库:
- helm repo update 头盔回购更新
You can expect the following output:
您可以期待以下输出:
Output
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈
Now you can check if there’s a newer version of the WordPress chart available with:
现在,您可以检查是否有以下版本的WordPress图表可用:
- helm inspect chart stable/wordpress 掌舵检查图表稳定/ wordpress
You should see output similar to this:
您应该看到类似于以下的输出:
Output
apiVersion: v1
appVersion: 5.1.1
description: Web publishing platform for building blogs and websites.
engine: gotpl
home: http://www.wordpress.com/
icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png
keywords:
- wordpress
- cms
- blog
- http
- web
- application
- php
maintainers:
- email: containers@bitnami.com
name: Bitnami
name: wordpress
sources:
- https://github.com/bitnami/bitnami-docker-wordpress
version: 5.9.0
As you can see from the output, there’s a new chart available (version 5.9.0) with WordPress 5.1.1 (app version). Whenever you want to upgrade your WordPress release to the latest WordPress chart, you should run:
从输出中可以看到,WordPress 5.1.1 (应用程序版本)提供了一个新图表(版本5.9.0)。 每当您要将WordPress版本升级到最新的WordPress图表时,都应运行:
helm upgrade -f values.yaml myblog stable/wordpress
头盔升级-f values.yaml myblog稳定版/ wordpress
This command will produce output very similar to the output produced by helm install. It is important to provide the same configuration file we used when installing the WordPress chart for the first time, as it contains the custom database settings we defined for our setup.
此命令将产生与helm install产生的输出非常相似的输出。 提供与首次安装WordPress图表时使用的配置文件相同的配置文件非常重要,因为它包含我们为安装程序定义的自定义数据库设置。
Now, if you run helm list again, you should see updated information about your release:
现在,如果您再次运行helm list ,您应该会看到有关发布的更新信息:
Output
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
myblog 2 Fri May 3 14:51:20 2019 DEPLOYED wordpress-5.9.0 5.1.1 default
You have successfully upgraded your WordPress to the latest version of the WordPress chart.
您已成功将WordPress升级到WordPress图表的最新版本。
回滚版本 (Rolling Back a Release)
Each time you upgrade a release, a new revision of that release is created by Helm. A revision sets a fixed checkpoint to where you can come back if things don’t work as expected. It is similar to a commit in Git, because it creates a history of changes that can be compared and reverted. If something goes wrong during the upgrade process, you can always rollback to a previous revision of a given Helm release with the helm rollback command:
每次升级版本时,Helm都会创建该版本的新修订版。 修订版设置了一个固定的检查点 ,以便您在无法正常工作的情况下返回。 它与Git中的提交类似,因为它创建了可以比较和还原的更改历史记录。 如果在升级过程中出现问题,您始终可以使用helm rollback命令回滚到给定Helm版本的先前版本:
helm rollback release-name revision-number
头盔回滚发布名称修订号
For instance, if we want to undo the upgrade and rollback our WordPress release to its first version, we would use:
例如,如果我们要撤消升级并将WordPress版本回滚到其第一个版本,则可以使用:
helm rollback myblog 1
头盔回滚myblog 1
This would rollback the WordPress installation to its first release. You should see the following output, indicating that the rollback was successful:
这会将WordPress安装回滚到其第一个版本。 您应该看到以下输出,指示回滚成功:
Output
Rollback was a success! Happy Helming!
Running helm list again should now indicate that WordPress was downgraded back to 5.0.3, chart version 5.1.2:
现在再次运行helm list应表明WordPress已降级至5.0.3(图表版本5.1.2):
Output
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
myblog 3 Mon Jan 28 22:02:42 2019 DEPLOYED wordpress-5.1.2 5.0.3 default
Notice that rolling back a release will actually create a new revision, based on the target revision of the roll-back. Our WordPress release named myblog now is at revision number three, which was based on revision number one.
请注意,回滚发行版实际上将基于回滚的目标修订版创建一个新修订版。 我们命名的WordPress版本myblog现在是版本号三种 ,其中基于版本号之一 。
结论 (Conclusion)
In this guide, we installed WordPress with an external MySQL server on a Kubernetes cluster using the command-line tool Helm. We also learned how to upgrade a WordPress release to a new chart version, and how to rollback a release if something goes wrong throughout the upgrade process.
在本指南中,我们使用命令行工具Helm在kubernetes集群上将WordPress与外部MySQL服务器一起安装。 我们还学习了如何将WordPress版本升级到新的图表版本,以及在整个升级过程中出现问题时如何回滚版本。
As additional steps, you might consider setting up Nginx Ingress with Cert-Manager in order to enable name-based virtual hosting and to configure an SSL certificate for your WordPress site. You should also check the recommended production settings for the WordPress chart we used in this guide.
作为其他步骤,您可以考虑使用Cert-Manager设置Nginx Ingress,以启用基于名称的虚拟主机并为WordPress网站配置SSL证书。 您还应该检查本指南中使用的WordPress图表的建议生产设置 。
If you want to learn more about Kubernetes and Helm, please check out the Kubernetes section of our community page.
如果您想了解有关Kubernetes和Helm的更多信息,请查看我们社区页面的Kubernetes部分。
helm 实践 mysql