Kubernetes 生态链路整合
第一章:kustomize
1.1 概述
- kustomize 是 Kubernetes 本地的配置工具,相当于轻量级的 Helm 。
- kustomize 可以快速部署不同环境(开发、测试、预生产、生产等)的应用,只需要通过
kubectl apply -k命令即可。
1.2 应用实例
- 项目结构 kustomize.zip:
- base/configMap.yaml
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configmap
data:
index.html: "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Document</title>\r\n</head>\r\n<body>\r\n 你好,Nginx!!!\r\n</body>\r\n</html>"
- base/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
selector:
matchLabels:
app: deployment
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: deployment
spec:
containers:
- name: deployment
image: nginx:latest
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 3
periodSeconds: 10
ports:
- containerPort: 80
name: deployment
volumeMounts:
- name: localtime
mountPath: /etc/localtime
volumes:
- name: localtime
hostPath:
path: /usr/share/zoneinfo/Asia/Taipei
restartPolicy: Always
- base/service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
selector:
app: deployment
type: ClusterIP
ports:
- name: nginx
protocol: TCP
port: 80
targetPort: 80
- base/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app: nginx # 构建出来的每个资源上都有 app=nginx 标签
resources: # 需要加载的资源
- configMap.yaml
- deployment.yaml
- service.yaml
- overlays/development/deployment.yaml
- overlays/development/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: development- # 开发环境所有资源加前缀
commonLabels:
variant: development
commonAnnotations:
note: 大家好,这是开发环境!!!
bases: # 所有资源的基本位置
- ../../base
patchesStrategicMerge: # 增量合并
- deployment.yaml
- overlays/production/deployment.yaml
- overlays/production/kustomization.yaml
# $BASE/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: production- # 生产环境所有资源加前缀
commonLabels:
variant: production
commonAnnotations:
note: 大家好,这是生产环境!!!
bases:
- ../../base
patchesStrategicMerge:
- deployment.yaml
- 安装基础配置的资源:
注意:
- ① 可以在安装的时候指定 namespace ,即
kubectl apply -k base -n dev。- ② 删除可以使用 delete ,即
kubectl delete -k base。
- 安装开发环境和生产环境的资源:
第二章:ECK(Elastic Cloud on Kubernetes,Helm)
2.1 安装 Operator
- 创建目录并进入目录:
- 生成证书:
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout tls.key -out tls.crt -subj "/CN=*.xudaxian.com/O=*.xudaxian.com" \
-extensions san \
-config <(echo '[req]'; echo 'distinguished_name=req';
echo '[san]'; echo 'subjectAltName=DNS:*.xudaxian.com,DNS:www.xudaxian.com,DNS:harbor.xudaxian.com,DNS:alertmanager.xudaxian.com,DNS:grafana.xudaxian.com,DNS:prometheus.xudaxian.com,DNS:jenkins.xudaxian.com,DNS:elastic.xudaxian.com,DNS:kibana.xudaxian.com,DNS:filebeats.xudaxian.com,DNS:thanos-gateway.xudaxian.com,DNS:gitlab.xudaxian.com')
注意:实际生产环境中需要自己购买域名。
- 增加仓库:
- 更新仓库索引:
- 集群范围(全局)安装:
- 受限安装(可选):限制仅管理一组预定义的命名空间
helm install elastic-operator elastic/eck-operator -n elastic-system --create-namespace \
--set=installCRDs=false \
--set=managedNamespaces='{namespace-a, namespace-b}' \
--set=createClusterScopedResources=false \
--set=webhook.enabled=false \
--set=config.validateStorageClass=false
2.2 安装 ElasticSearch
- 创建目录并进入目录:
- 获取 eck-elasticsearch 的 Chart 包:
- 获取 eck-elasticsearch 的默认值:
- 修改 eck-elasticsearch 的 override.yaml 的内容:
version: 8.7.0
annotations:
eck.k8s.elastic.co/license: basic
nodeSets:
- name: masters
count: 3
config:
node.roles: ["master"]
xpack.ml.enabled: true
node.store.allow_mmap: false
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: "ceph-block"
- name: data
count: 5
config:
node.roles: ["data", "ingest", "ml", "transform"]
node.store.allow_mmap: false
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: "ceph-block"
- 安装:
helm install eck-elasticsearch eck-elasticsearch-0.3.0.tgz -f override.yaml \
-n eck --create-namespace
- 获取密码:
kubectl get secret eck-elasticsearch-es-elastic-user -o=jsonpath='{.data.elastic}' -n eck | base64 --decode; echo
注意:本人的密码是
vnPP9R8Amy8e78Q7Uo552p3K,每个人的不一样!!!
- 集群组件内访问:
# 账号是 elastic,密码上面步骤已经获取
curl -u "elastic:vnPP9R8Amy8e78Q7Uo552p3K" -k "https://eck-elasticsearch-es-http:9200"
- 部署 ingress 访问:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: elastic-ingress
namespace: eck
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/server-snippet: |
proxy_ssl_verify off;
spec:
tls:
- hosts:
- elastic.xudaxian.com
secretName: xudaxian.com
rules:
- host: elastic.xudaxian.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: eck-elasticsearch-es-http
port:
number: 9200
- 配置域名解析:
- 浏览器访问:
2.3 安装 Kibana
- 创建目录并进入目录:
- 获取 eck-kibana 的 Chart 包:
- 获取 eck-kibana 默认值:
- 修改 eck-kibana 默认值:
version: 8.7.0
annotations:
eck.k8s.elastic.co/license: basic
spec:
count: 1
elasticsearchRef:
name: eck-elasticsearch
namespace: eck
- 安装:
- 获取密码:
kubectl get secret eck-elasticsearch-es-elastic-user -o=jsonpath='{.data.elastic}' -n eck | base64 --decode; echo
注意:账号是
elastic,密码是vnPP9R8Amy8e78Q7Uo552p3K,每个人的不一样!!!
- 部署 ingress 访问:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kibana-ingress
namespace: eck
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/server-snippet: |
proxy_ssl_verify off;
spec:
tls:
- hosts:
- kibana.xudaxian.com
secretName: xudaxian.com
rules:
- host: kibana.xudaxian.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: eck-kibana-kb-http
port:
number: 5601
- 配置域名解析:
- 浏览器访问:
2.4 安装 Filebeat
- 创建目录并进入目录:
- 获取 eck-beats 的 Chart 包:
- 获取 eck-beats 默认值:
- 修改 eck-beats 默认值:
version: 8.7.0
annotations:
eck.k8s.elastic.co/license: basic
spec:
type: "filebeat" # filebeat,metricbeat,heartbeat,auditbeat,packetbeat,journalbeat
kibanaRef:
name: eck-kibana
namespace: eck
elasticsearchRef:
name: eck-elasticsearch
namespace: eck
daemonSet:
podTemplate:
spec:
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
securityContext:
runAsUser: 0
containers:
- name: filebeat
volumeMounts:
- name: varlogcontainers
mountPath: /var/log/containers
- name: varlogpods
mountPath: /var/log/pods
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
volumes:
- name: varlogcontainers
hostPath:
path: /var/log/containers
- name: varlogpods
hostPath:
path: /var/log/pods
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
config:
filebeat.inputs:
- type: container
paths:
- /var/log/containers/*.log
- 安装:
更新: 2023-04-12 02:18:43
原文: https://www.yuque.com/fairy-era/yg511q/ou2c6ady5amhoqsm