如果有一天,需要进行在k8s生产环境部署php,怎么玩呢?方案如下:
首先你要有基础镜像包,基础镜像包可以基于webdevops/php-nginx构建,是个好注意。
注: 由于目前还不支持dockefile的语法高亮,先纯文本输出
Dockerfile
FROM alpine:3 AS download
# 下载 SkyAPM-php, 由于是临时镜像,忽略构建层级的问题
RUN echo "http://mirrors.aliyun.com/alpine/v3.8/main/" > /etc/apk/repositories
RUN apk add --no-cache git openssl openssh openssl openssl-dev
COPY .ssh /root/.ssh
RUN chmod 0400 /root/.ssh/id_rsa
RUN git clone --depth=1 ssh://git@git-self.example.com/SkyAPM-php-sdk.git /tmp/SkyAPM-php-sdk
# 要构建的包
FROM webdevops/php-nginx:7.1
ENV TZ=Asia/Shanghai
# 复制skyAPM下载的内容
COPY --from=download /tmp/SkyAPM-php-sdk SkyAPM-php-sdk
# 复制本地文件内容
COPY copy /tmp/dfs-docker-base/php-nginx
# 执行镜像命令
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
&& sed -i "s|deb.debian.org/debian|mirrors.tuna.tsinghua.edu.cn/debian|g" /etc/apt/sources.list \
&& sed -i "s|security.debian.org/debian-security|mirrors.tuna.tsinghua.edu.cn/debian-security|g" /etc/apt/sources.list \
&& apt-get update && pecl channel-update pecl.php.net \
&& apt-get install -y ca-certificates unzip zip procps net-tools dnsutils iputils-ping tcpdump && update-ca-certificates \
&& echo "--##-- BASE --##--" \
&& apt-get install -y zlib1g-dev \
&& echo "--##-- CACHE, 同时依赖 zlib1g-dev --##--" \
&& apt-get install -y libmemcached-dev \
&& pecl install memcache-4.0.5.2 \
&& docker-php-ext-enable memcache \
&& echo "--##-- OPENCC --##--" \
&& apt-get install -y libopencc-dev \
&& curl -fsSL 'https://github.com/nauxliu/opencc4php/archive/master.zip' -o opencc4php.zip \
&& mkdir -p opencc4php \
&& unzip opencc4php.zip -d opencc4php \
&& rm opencc4php.zip \
&& ( \
cd opencc4php/opencc4php-master \
&& phpize \
&& ./configure \
&& make -j "$(nproc)" \
&& make install \
) \
&& rm -rf opencc4php \
&& docker-php-ext-enable opencc \
&& echo "--##-- Gearman --##--" \
&& apt-get install -y libgearman-dev \
&& curl -fsSL 'https://github.com/wcgallego/pecl-gearman/archive/gearman-2.0.6.zip' -o pecl-gearman.zip \
&& mkdir -p pecl-gearman \
&& unzip pecl-gearman.zip -d pecl-gearman \
&& rm pecl-gearman.zip \
&& ( \
cd pecl-gearman/pecl-gearman-gearman-2.0.6 \
&& phpize \
&& ./configure \
&& make -j "$(nproc)" \
&& make install \
) \
&& rm -rf pecl-gearman \
&& docker-php-ext-enable gearman \
&& echo "--##-- SkyWalking --##--" \
&& apt-get install -y libcurl4-openssl-dev \
&& ( \
cd SkyAPM-php-sdk \
&& phpize \
&& ./configure \
&& make -j "$(nproc)" \
&& make install \
) \
&& rm -rf SkyAPM-php-sdk \
&& docker-php-ext-enable skywalking \
&& echo "--##-- Nginx --##--" \
&& echo "deb http://nginx.org/packages/debian buster nginx" \
| tee /etc/apt/sources.list.d/nginx.list \
&& echo exit 0 > /usr/sbin/policy-rc.d \
&& apt-get install -y gnupg2\
&& curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add - \
&& apt-get update \
&& apt-get remove -y nginx \
&& apt-get install -y -o Dpkg::Options::="--force-confold" nginx \
&& echo "" > /opt/docker/etc/nginx/vhost.ssl.conf \
&& echo "--##-- Composer --##--" \
&& bash /tmp/dfs-docker-base/php-nginx/composer-install.sh \
&& composer selfupdate \
&& echo "--##-- 更新 BrowsCapINI --##--" \
&& mkdir -p /opt/docker/etc/php/ \
&& curl -fsSL 'https://browscap.org/stream?q=Lite_PHP_BrowsCapINI' -o /opt/docker/etc/php/php_browscap.ini \
&& rm -rf /var/lib/apt/lists/* \
&& echo "--##-- 追加 php 自定义配置文件,这里使用追加而不使用新建文件,主要原因是便于环境变量覆盖,否则层级关系是乱的 --##--" \
&& cat /tmp/dfs-docker-base/php-nginx/docker-php-build.ini >> /opt/docker/etc/php/php.webdevops.ini \
&& echo "--##-- 删除本地配置 --##--" \
&& rm -rf /tmp/dfs-docker-base/php-nginx
此时:你还需要一些额外的文件,如docker-php-build.ini, composer-install.sh
docker-php-build.ini
;; >>>>>> Docker 打包自定义PHP.ini配置文件开始
openssl.cafile=/etc/ssl/certs/ca-certificates.crt
openssl.capath=/etc/ssl/certs/
browscap=/opt/docker/etc/php/php_browscap.ini
;; <<<<<< Docker 打包自定义PHP.ini配置文件结束, 最后一行的换行符请务必保留,避免下一个人直接写入的问题
openssl.cafile=/etc/ssl/certs/ca-certificates.crt
openssl.capath=/etc/ssl/certs/
browscap=/opt/docker/etc/php/php_browscap.ini
;; <<<<<< Docker 打包自定义PHP.ini配置文件结束, 最后一行的换行符请务必保留,避免下一个人直接写入的问题
composer-install.sh
#!/bin/sh
EXPECTED_CHECKSUM="$(wget -q -O - https://composer.github.io/installer.sig)"
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ]; then
echo >&2 'ERROR: Invalid installer checksum'
rm composer-setup.php
exit 1
fi
php composer-setup.php --install-dir=bin
RESULT=$?
rm composer-setup.php
exit $RESULT
EXPECTED_CHECKSUM="$(wget -q -O - https://composer.github.io/installer.sig)"
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ]; then
echo >&2 'ERROR: Invalid installer checksum'
rm composer-setup.php
exit 1
fi
php composer-setup.php --install-dir=bin
RESULT=$?
rm composer-setup.php
exit $RESULT
当前还没有任何评论