k8s部署微服务
一、安装nfs服务由于资源有限,以master节点所在虚拟机作为nfs服务器1、确认是否安装nfsrpm -qa nfs-utils rpcbind如果未安装,则安装nfs服务器上安装2个模块:yum install -y nfs-utils rpcbindnfs客户端机器(这里是所有node节点)安装yum install -y nfs-utils2、nfs服务器创建共享文件夹/data/nfs
一、安装nfs服务
由于资源有限,以master节点所在虚拟机作为nfs服务器
1、确认是否安装nfs
rpm -qa nfs-utils rpcbind
如果未安装,则安装
nfs服务器上安装2个模块:yum install -y nfs-utils rpcbind
nfs客户端机器(这里是所有node节点)安装yum install -y nfs-utils
2、nfs服务器创建共享文件夹/data/nfs和mysql各数据库文件的挂载目录,当然你可以自己选择位置
nfs:为nfs共享文件的目录
auth_center_mysql为认证中心mysql数据文件目录
user_center_mysql为用户中心mysql数据文件目录
log_center_mysql为日志中心mysql数据文件目录
nacos_mysql为nacos的mysql数据文件目录
3、配置vim /etc/exports文件,在此文件中写入如下内容(不支持共享子目录no_hide)
/data/nfs *(insecure,rw,async,no_root_squash)
/data/auth_center_mysql *(insecure,rw,async,no_root_squash)
/data/user_center_mysql *(insecure,rw,async,no_root_squash)
/data/log_center_mysql *(insecure,rw,async,no_root_squash)
/data/nacos_mysql *(insecure,rw,async,no_root_squash)
具体含义如下:
配置完成后需要使其马上生效:exportfs –r
4、启动 RPC 服务
service rpcbind start
5、查看 NFS 服务项 rpc 服务器注册的端口列表
rpcinfo -p localhost
6、启动 NFS 服务
service nfs start(重启service nfs restart)
7、查看是否加载了/etc/exports中的配置
showmount -e localhost
8、k8s中部署nfs
1)下载nacos
在master节点上root目录下执行
git clone https://github.com/nacos-group/nacos-k8s.git
2)下载完成后进入nacos-k8s
3)创建角色(注意名称空间,下面2种根据自己需要选择)
- 创建到默认名称空间default中
kubectl create -f deploy/nfs/rbac.yaml
如果K8S命名空间不是default,请在部署RBAC之前执行以下脚本(就不要执行上面的脚本了):
NS=$(kubectl config get-contexts|grep -e "^\*" |awk '{print $5}')
NAMESPACE=${NS:-default}
sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/nfs/rbac.yaml
- 创建到指定名称空间中,我这里是msp
修改rbac.yaml中出现namespace:default的所有地方为namespace:msp
yaml文件内容
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: msp
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: msp
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io4)创建 ServiceAccount 和部署 NFS-Client Provisioner
修改yaml文件中nfs的server地址及共享目录,指定名称空间为msp,可指定nfs-client-provisioner镜像,这里使用默认的镜像,nfs服务器地址为192.168.126.128,共享目录为/data/nfs
./deploy/nfs/deployment.yaml内容:
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
namespace: msp
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: nfs-client-provisioner
namespace: msp
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: nfs-client-provisioner
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccount: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: quay.io/external_storage/nfs-client-provisioner:latest
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: fuseim.pri/ifs
- name: NFS_SERVER
value: 192.168.126.128
- name: NFS_PATH
value: /data/nfs
volumes:
- name: nfs-client-root
nfs:
server: 192.168.126.128
path: /data/nfs执行yaml文件:
kubectl create -f deploy/nfs/deployment.yaml
5)创建NFS StorageClass
kubectl create -f deploy/nfs/class.yaml
yaml文件内容指定名称空间
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: managed-nfs-storage
namespace: msp
provisioner: fuseim.pri/ifs
parameters:
archiveOnDelete: "false"
6)验证NFS部署成功
kubectl get pod -l app=nfs-client-provisioner -n msp
7)如果安装错误可以根据部署的yaml执行删除再创建
进入nacos-k8s目录执行
#角色信息
kubectl delete -f deploy/nfs/rbac.yaml
kubectl create -f deploy/nfs/rbac.yaml
#存储类信息
kubectl delete -f deploy/nfs/class.yaml
kubectl create -f deploy/nfs/class.yaml
#账号和nfs客户端信息
kubectl delete -f deploy/nfs/deployment.yaml
kubectl create -f deploy/nfs/deployment.yaml
二、部署单机mysql
使用kuboard部署三个数据库db-auth-center、db-user-center、db-log-center、db-nacos数据库
1、制作mysql(mysql 版本 5.7)镜像
1)将对应的sql文件传到master节点上
创建sql目录,将对应的初始化数据库执行的sql脚本文件上传到sql目录
2)在当前目录下创建对应的mysql配置文件,用来解决mysql使用时的乱码问题
vim user-center-my.cnf,配置如下
[mysqld]
init_connect='SET collation_connection = utf8_unicode_ci'
init_connect='SET NAMES utf8'
character-set-server=utf8
collation-server=utf8_unicode_ci
skip-character-set-client-handshake
3)创建docker文件
vim dockerfile_user-center,配置文件内容如下:
FROM mysql:5.7.26
ADD user-center-my.cnf /etc/mysql/conf.d/my.cnf
ADD 01.user-center.sql /docker-entrypoint-initdb.d/01.user-center.sql
EXPOSE 33064)创建镜像(注意镜像是要存放在私有的harbor镜像仓库的msp,且最后以空格+英文点号结尾)
docker build -f dockerfile_user-center -t 192.168.126.131:80/msp/user-center-mysql:V1 .
稍等片刻下载依赖的mysql镜像比较慢.
推送镜像到仓库
docker push 192.168.126.131:80/msp/user-center-mysql:V1
5)依次按照第2)、3)、4)步分别完成auth-center-mysql、log-center-mysql镜像制作
登录harbor查看镜像仓库中的镜像
2、使用kuboard部署mysql数据库
注意集群中各个service的端口不能冲突。
1)登录kuboard,进入集群及名称空间
2)从常用操作中选择创建工作负载,以下以创建auth-center为例
| 字段名称 | 填写内容 | 说明 |
| 工作负载类型 | StatefulSet | |
| 工作负载分层 | 持久层 | |
| 工作负载名称 | auth-center-mysql | |
| 服务描述 | 认证中心数据库 | |
| 副本数量 | 1 | 请填写1,如果是2,他们挂载到的nfs是同一路径会导致错误[ERROR] InnoDB: Unable to lock ./ibdata1 error: 11 |
| 容器名称 | auth-center-mysql | |
| 镜像 | msp/auth-center-mysql:V1 | 创建镜像仓库密码后并选择,再输入镜像路径和标签 |
| 抓取策略 | IfNotPresent | |
| 环境变量 | MYSQL_ROOT_PASSWORD=root | |
| 容器端口 | Tcp/3306 | containerPort,Pod内部mysql容器的端口,不一定与dockerfile文件中EXPOSE命令声明的端口一致,但与springboot应用指定的端口一致 |
| Service名称 | db-auth-center | 默认与工作负载名称一致无法修改,可以单独创建服务来指定服务名称 |
| Service | ClusterIP(集群内访问) | |
| service服务端口 | port:3306 targetPort:3306 | port,service提供给集群内部的访问端口,targetPort是service所映射的容器组pod暴露的端口 |
| 存储挂载名称 | auth-center-mysql-nfs | 注意不能使用下划线,只能使用数字字母和短横线 |
| 存储挂载类型 | NFS | |
| NFS SERVER | 192.168.126.128 | |
| NFS PATH | /data/auth_center_mysql | |
| 权限 | 读写 | |
| 容器内的路径(挂载点) | /var/lib/mysql | |
| 挂载数据卷中的子路径 |
基本信息配置如下图:
容器(工作容器)信息配置如下图:
存储挂载信息如下图
高级信息
服务/应用路由,名称默认和工作负载名称一样,单独创建服务service可能指定服务名称,选择器选择指定标签的容器
保存,点击应用成功。
3)验证数据库是否创建成功
点击容器下方的Bash,进入终端界面,执行如下命令
mysql -uroot -proot
> show databases;
> use oauth-center;
> show tables;
不知道为什么只有这个容器bash进去后mysql -uroot –proot登录会提示不安全,不使用密码就可以登录
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
4)按照上面的步骤创建用户中心和日志中心的工作负载
| 字段名称 | 填写内容 | 说明 |
| 工作负载类型 | StatefulSet | |
| 工作负载分层 | 持久层 | |
| 工作负载名称 | user-center-mysql | |
| 服务描述 | 用户中心数据库 | |
| 副本数量 | 1 | 请填写1 |
| 容器名称 | user-center-mysql | |
| 镜像 | msp/user-center-mysql:V1 | |
| 抓取策略 | IfNotPresent | |
| 环境变量 | MYSQL_ROOT_PASSWORD=root | |
| 容器端口 | tcp/3306 | containerPort,Pod内部mysql容器的端口,不一定与dockerfile文件中EXPOSE命令声明的端口一致,但与springboot应用指定的端口一致 |
| Service名称 | db-user-center | |
| Service | ClusterIP(集群内访问) | |
| service服务端口 | port:3106 targetPort:3306 | port,service提供给集群内部的访问端口,targetPort是service所映射的容器组pod暴露的端口 |
| 存储挂载名称 | user-center-mysql-nfs | 注意不能使用下划线,只能使用数字字母和短横线 |
| 存储挂载类型 | NFS | |
| NFS SERVER | 192.168.126.128 | |
| NFS PATH | /data/user_center_mysql | |
| 权限 | 读写 | |
| 容器内的路径(挂载点) | /var/lib/mysql | |
| 挂载数据卷中的子路径 |
日志中心
| 字段名称 | 填写内容 | 说明 |
| 工作负载类型 | StatefulSet | |
| 工作负载分层 | 持久层 | |
| 工作负载名称 | log-center-mysql | |
| 服务描述 | 日志中心数据库 | |
| 副本数量 | 1 | 请填写1 |
| 容器名称 | log-center-mysql | |
| 镜像 | msp/log-center-mysql:V1 | |
| 抓取策略 | IfNotPresent | |
| 环境变量 | MYSQL_ROOT_PASSWORD=root | |
| 容器端口 | Tcp/3306 | containerPort,Pod内部mysql容器的端口,不一定与dockerfile文件中EXPOSE命令声明的端口一致,但与springboot应用指定的端口一致 |
| Service名称 | db-log-center | |
| Service | ClusterIP(集群内访问) | |
| service服务端口 | port:3206 targetPort:3306 | port,service提供给集群内部的访问端口,targetPort是service所映射的容器组pod暴露的端口 |
| 存储挂载名称 | log-center-mysql-nfs | 注意不能使用下划线,只能使用数字字母和短横线 |
| 存储挂载类型 | NFS | |
| NFS SERVER | 192.168.126.128 | |
| NFS PATH | /data/log_center_mysql | |
| 权限 | 读写 | |
| 容器内的路径(挂载点) | /var/lib/mysql | |
| 挂载数据卷中的子路径 |
5)nacos数据库工作负载创建
- 创建脚本文件
下载官方的mysql脚本文件内容创建vim nacos-mysql.sql
https://github.com/alibaba/nacos/blob/develop/distribution/conf/nacos-mysql.sql
创建配置文件vim nacos-mysql-my.cnf,内容如下
[mysqld]
init_connect='SET collation_connection = utf8_unicode_ci'
init_connect='SET NAMES utf8'
character-set-server=utf8
collation-server=utf8_unicode_ci
skip-character-set-client-handshake
- 创建dockerfile构建文件,vim dockerfile_nacos_mysql
FROM mysql:5.7.26
ADD nacos-mysql-my.cnf /etc/mysql/conf.d/my.cnf
ADD nacos-mysql.sql /docker-entrypoint-initdb.d/nacos-mysql.sql
EXPOSE 3306
- 创建镜像
docker build -f dockerfile_nacos_mysql -t 192.168.126.131:80/msp/nacos_mysql:5.7.26 .
- 推送镜像
docker push 192.168.126.131:80/msp/nacos_mysql:5.7.26
- kuboard上创建nacos-mysql的工作负载
| 字段名称 | 填写内容 | 说明 |
| 服务类型 | StatefulSet | |
| 服务分层 | 持久层 | |
| 服务名称 | nacos-mysql | |
| 服务描述 | nacos的数据库 | |
| 副本数量 | 1 | 请填写1 |
| 容器名称 | nacos-mysql | |
| 镜像 | msp/nacos_mysql:5.7.26 | |
| 抓取策略 | IfNotPresent | |
| 环境变量root用户的密码 | MYSQL_ROOT_PASSWORD=root | |
| 启动时创建的数据库名称 | MYSQL_DATABASE=nacos_config | |
| 启动时创建的用户 | MYSQL_USER=nacos | |
| 启动时创建的用户密码 | MYSQL_PASSWORD=nacos | |
| 容器端口 | Tcp/3306 | containerPort,Pod内部mysql容器的端口,相当于dockerfile文件中EXPOSE指定的端口 |
| Service | ClusterIP(集群内访问) | |
| service服务端口 | port:3406 targetPort:3306 | port,service提供给集群内部的访问端口,targetPort是service所映射的容器组pod的端口 |
| 存储挂载名称 | nacos-mysql-nfs | 注意不能使用下划线,只能使用数字字母和短横线 |
| 存储挂载类型 | NFS | |
| NFS SERVER | 192.168.126.128 | |
| NFS PATH | /data/nacos_mysql | |
| 权限 | 读写 | |
| 容器内的路径(挂载点) | /var/lib/mysql | |
| 挂载数据卷中的子路径 |
三、部署redis
创建工作负载redis
| 字段名称 | 填写内容 | 说明 |
| 服务类型 | StatefulSet | |
| 服务分层 | 中间层 | |
| 服务名称 | redis | |
| 服务描述 | redis缓存 | |
| 副本数量 | 1 | 请填写1 |
| 容器名称 | redis | |
| 镜像 | redis: 4.0.14 | 从hub.docker.com 加载镜像 |
| 抓取策略 | IfNotPresent | |
| 容器端口 | Tcp/6379 | containerPort,Pod内部redis容器的端口,相当于dockerfile文件中EXPOSE指定的端口 |
| Service | ClusterIP(集群内访问) | |
| service服务端口 | port: 6379 targetPort: 6379 | port,service提供给集群内部的访问端口,targetPort是service所映射的容器组pod的端口 |
四、部署nacos集群
1、制作私有的nacos-peer-finder-plugin镜像
1)构建本地镜像
根据官方的提供的nacos-k8s部署包,解压后进入/nacos-k8s/plugin目录,执行构建命令
docker build -f Dockerfile -t 192.168.126.131:80/msp/nacos-peer-finder-plugin:V1.0 .
2)推送镜像
docker push 192.168.126.131:80/msp/nacos-peer-finder-plugin:V1.0
2、制作nacos镜像
参考https://www.pianshen.com/article/71541656180/
1)下载nacos的构建镜像源码
- 下载镜像源码
git clone https://github.com/nacos-group/nacos-docker.git
- 查看使用的nacos-server默认版本
进入/nacos-docker/build目录,cat Dockerfile,可以看到是2.0.2
2)制作nacos镜像
进入/nacos-docker/build目录,执行
docker build -f Dockerfile -t 192.168.126.131:80/msp/nacos-server:V2.0.2 .
此过程要安装很多模块,可以下载nacos-server相应tar包到本地,减少构建时间,需要修改Dockerfile文件,如下图:
3)推送镜像
docker push 192.168.126.131:80/msp/nacos-server:V2.0.2
3、部署Nacos
kuboard部署,service类型使用headless方式,可以让每个容器组(pod)都向CoreDNS注册,外部通过CoreDNS可以得到每个pod的地址信息(域名信息),而不会解析成service的ip(此方式再通过iptables或者ipvs进行请求路由),这样外部可以使用自定义的路由规则进行负载均衡。通过部署nginx-ingress-controller可以针对多个节点进行负载均衡。
使用nacos-k8s包下的nacos-pvc-nfs.yaml进行部署,注意里面没有指定数据库的host配置,即MYSQL_SERVICE_HOST,我没有配置这项,启动时报No DataSource set,注意端口也要使用前面配置的mysql服务service所暴露的端口。
查看MYSQL_SERVICE_HOST使用的地方(构建nacos镜像的/nacos-docker/build/conf/application.properties)
名称空间也使用自定义的msp。下面是将nacos-pvc-nfs.yaml的内容拷贝到kuboard中进行部署的,最后生成的yaml如下(nacos副本数量是2,机器资源不足,没办法了),注意环境变量SERVICE_NAME的取值必须与服务Service的名称一样,不是指的工作负载的配置属性
serviceName:
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
annotations:
k8s.kuboard.cn/displayName: nacos集群
creationTimestamp: '2021-07-02T14:19:03Z'
generation: 15
labels:
k8s.kuboard.cn/layer: cloud
k8s.kuboard.cn/name: nacos
name: nacos
namespace: msp
resourceVersion: '620141'
selfLink: /apis/apps/v1/namespaces/msp/statefulsets/nacos
uid: ec40757f-6689-4e88-97a1-b88b7d8fea35
spec:
podManagementPolicy: OrderedReady
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app: nacos
serviceName: nacos-headless
template:
metadata:
annotations:
kubectl.kubernetes.io/restartedAt: '2021-07-05T12:15:45+08:00'
pod.alpha.kubernetes.io/initialized: 'true'
labels:
app: nacos
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- nacos
topologyKey: kubernetes.io/hostname
containers:
- env:
- name: NACOS_REPLICAS
value: '2'
- name: SERVICE_NAME
value: nacos-headless
- name: DOMAIN_NAME
value: cluster.local
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: MYSQL_SERVICE_DB_NAME
valueFrom:
configMapKeyRef:
key: mysql.db.name
name: nacos-cm
- name: MYSQL_SERVICE_PORT
valueFrom:
configMapKeyRef:
key: mysql.port
name: nacos-cm
- name: MYSQL_SERVICE_USER
valueFrom:
configMapKeyRef:
key: mysql.user
name: nacos-cm
- name: MYSQL_SERVICE_PASSWORD
valueFrom:
configMapKeyRef:
key: mysql.password
name: nacos-cm
- name: NACOS_SERVER_PORT
value: '8848'
- name: NACOS_APPLICATION_PORT
value: '8848'
- name: PREFER_HOST_MODE
value: hostname
- name: MYSQL_SERVICE_HOST
valueFrom:
configMapKeyRef:
key: mysql.host
name: nacos-cm
image: '192.168.126.131:80/msp/nacos-server:V2.0.2'
imagePullPolicy: IfNotPresent
name: nacos
ports:
- containerPort: 8848
name: client-port
protocol: TCP
- containerPort: 9848
name: client-rpc
protocol: TCP
- containerPort: 9849
name: raft-rpc
protocol: TCP
- containerPort: 7848
name: old-raft-rpc
protocol: TCP
resources:
requests:
cpu: 500m
memory: 2Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /home/nacos/plugins/peer-finder
name: data
subPath: peer-finder
- mountPath: /home/nacos/data
name: data
subPath: data
- mountPath: /home/nacos/logs
name: data
subPath: logs
dnsPolicy: ClusterFirst
initContainers:
- image: '192.168.126.131:80/msp/nacos-peer-finder-plugin:V1.0'
imagePullPolicy: IfNotPresent
name: peer-finder-plugin-install
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /home/nacos/plugins/peer-finder
name: data
subPath: peer-finder
restartPolicy: Always
schedulerName: default-scheduler
serviceAccount: nfs-client-provisioner
serviceAccountName: nfs-client-provisioner
terminationGracePeriodSeconds: 30
updateStrategy:
rollingUpdate:
partition: 0
type: RollingUpdate
volumeClaimTemplates:
- metadata:
annotations:
volume.beta.kubernetes.io/storage-class: managed-nfs-storage
name: data
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 20Gi
volumeMode: Filesystem
status:
phase: Pending
status:
collisionCount: 0
currentReplicas: 2
currentRevision: nacos-8d5c8996f
observedGeneration: 15
readyReplicas: 2
replicas: 2
updateRevision: nacos-8d5c8996f
updatedReplicas: 2
---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: '2021-07-02T15:06:32Z'
labels:
k8s.kuboard.cn/layer: cloud
k8s.kuboard.cn/name: nacos-headless
name: nacos-headless
namespace: msp
resourceVersion: '504739'
selfLink: /api/v1/namespaces/msp/services/nacos-headless
uid: 9dada13c-6565-494c-b0c4-7ea50182aeca
spec:
clusterIP: None
ports:
- name: server
port: 8848
protocol: TCP
targetPort: 8848
- name: client-rpc
port: 9848
protocol: TCP
targetPort: 9848
- name: raft-rpc
port: 9849
protocol: TCP
targetPort: 9849
- name: old-raft-rpc
port: 7848
protocol: TCP
targetPort: 7848
selector:
app: nacos
sessionAffinity: None
type: ClusterIP
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
creationTimestamp: '2021-07-03T05:50:23Z'
generation: 5
labels:
k8s.kuboard.cn/layer: cloud
k8s.kuboard.cn/name: nacos
name: nacos
namespace: msp
resourceVersion: '598033'
selfLink: /apis/networking.k8s.io/v1beta1/namespaces/msp/ingresses/nacos
uid: 4c10562d-4da9-4420-9a63-714fd3004f51
spec:
rules:
- host: www.nacos1.com
http:
paths:
- backend:
serviceName: nacos-headless
servicePort: 8848
path: /nacos
引用的数据字典配置,nacos-mysql是mysql的service名称
---
apiVersion: v1
data:
mysql.db.name: nacos_config
mysql.host: nacos-mysql
mysql.password: nacos
mysql.port: '3406'
mysql.user: nacos
kind: ConfigMap
metadata:
creationTimestamp: '2021-06-30T14:34:07Z'
name: nacos-cm
namespace: msp
resourceVersion: '382833'
selfLink: /api/v1/namespaces/msp/configmaps/nacos-cm
uid: 9ce8685b-4529-47c9-b066-d7b1aef432ae
nacos启动报错,无数据源问题
Invocation of init method failed; nested exception is ErrCode:500, ErrMsg:Nacos Server did not start because dumpservice bean construction failure :
No DataSource set
1)通过kuboard以bash进入pod确保能ping通数据库的service ip或者服务名
如果不能ping需要kube-proxy开启ipvs,参考进行查看设置
https://www.cnblogs.com/deny/p/13880589.html?ivk_sa=1024320u
- 修改kube-proxy
再master上执行:kubectl edit cm kube-proxy -n kube-system (如果是高可用,在第一个master上执行)
mode “ipvs” (找到kind: KubeProxyConfiguration这一项。。。他下面的第二行就是这个mode)
- 2、添加ipvs模块(每个节点上执行)
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
- 3、添加权限并生效(每个节点上执行)
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
- 4、重启kube-proxy(master上执行)
kubectl get pod -n kube-system | grep kube-proxy |awk '{system("kubectl delete pod "$1" -n kube-system")}'
- 5、查看kube-proxy启动日志,确认是否为ipvs
kubectl logs -n kube-system kube-proxy-ff74q (这个pod名称使用命令kubectl get pod -n kube-system查出来)
- 6、验证是否可以pod访问service
2)bash进入pod使用printenv查看环境变量MYSQL_SERVICE_HOST=nacos-mysql
3)数据库的端口配置未使用正确,应该是数据库容器组服务上的port
4)出现异常com.alibaba.nacos.api.exception.NacosException: java.net.UnknownHostException: jmenv.tbsite.net解决办法,参考:https://github.com/nacos-group/nacos-k8s/issues/144
原因是启动nacos的容器时无法创建/home/nacos/conf/cluster.conf文件,初始化容器无法生成cluster.conf文件,按照上面的解释是要修改注解k8s在1.13以后请使用publishNotReadyAddresses代替tolerate-unready-endpoints注解,publishNotReadyAddresses: true,但我这样设置没有效,脑袋一热将 nfs目录下的所有文件都清空了,这时报找不到对应容器的挂载生成的持久化文件了,后面在kuboard的存储页面找到对应的资源全部删除掉,再重新启动nacos的工作负载,再次进入对应的pod,查看启动日志,终于不报错了。
4、给nacos集群添加ingress-nginx代理,供集群外部访问
参考:https://www.cnblogs.com/caibao666/p/11600224.html,我这里采用NodePort方式。
1)部署nginx-ingress-controller
- 下载mandatory.yaml文件(无法下载参考:https://www.cnblogs.com/xiluhua/p/14772367.html):
https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
- 修改mandatory.yaml中关于nginx-ingress-controller的配置
镜像可改为
registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.25.1
nginx-ingress-controller:0.25.1版本注意要与k8s的版本保持兼容,我的是v.1.15.1。
可以给yaml文件中所有资源添加自定义的所属名称空间,默认是ingress-nginx
,注意:deamonset方式,还有3处修改:
Kind值修改成DaemonSet
删除replicas配置
添加hostNetwork: true
- 部署nginx-ingress-controller
kubectl apply -f mandatory.yaml
- 查看nginx-ingress-controller是否正常
kubectl get pod -n msp
- 不正常查看pod日志
kubectl describe pod nginx-ingress-controller-5gpls -n ingress-nginx
kubectl logs nginx-ingress-controller-5gpls -n ingress-nginx
- 删除nginx-ingress-controller
kubectl delete from mandatory.yaml
执行时间长,稍等一段时间
- 修改mandatory.yaml中runAsUser的用户id
网上说修改为33,不知道在哪能找到这个33,通过id或者cat /etc/passwd都没找到。
改为root用户的0还是无权限。
- 重新部署nginx-ingress-controller
kubectl apply -f mandatory.yaml
- 再次检查是否正常
kubectl get pod -n ingress-nginx
- 修改service-nodeport.yaml
指定固定nodeport(80对应32080,443对应32443),默认是自动分配的,名称空间可以改成自定义的
- 部署service-nodeport.yaml
kubectl apply -f service-nodeport.yaml
查看是否创建成功
kubectl get svc -n msp
这种方式通过k8s的物理节点的端口(32080)进行访问,它与nginx-ingress-controller容器组的service绑定。nginx-ingress-controller内部启动了nginx服务,当前创建了Ingress后,会将其配置的路由规则应用到nginx-ingress-controller容器组内的nginx.conf中,如下图:
5、外部浏览器访问nacos的请求处理流程
1)修改本地windows的hosts文件,添加192.168.126.130 www.nacos1.com,www.nacos1.com这个是配置Ingress资源对象时指定的host,192.168.126.130是k8s的节点地址,当然windows系统所在机器能够访问节点192.168.126.130。这里必须配置www.nacos1.com是因为配置Ingress时,nginx-ingress-controller容器组pod内部的nginx服务的配置为相应添加与之对应的服务名,同时该配置文件中还有默认的服务名,它们监听相同的80和443端口,所以请求时要指定服务名即域名。默认的nginx服务配置(无法处理/nacos,导致报404)
如果使用ip访问会报如下404错误:
成功访问如下:
2)请求处理大概流程
五、部署Sentinel
1、制作Sentinel镜像
1)获取jar包
wget https://github.com/alibaba/Sentinel/releases/download/1.8.1/sentinel-dashboard-1.8.1.jar
2)创建Dockerfile文件
内容如下:
#基础镜像,如果本地没有,会从远程仓库拉取
FROM openjdk:8-jdk-alpine
#镜像制作人
MAINTAINER chenhj
#在容器中创建挂载点,可以多个VOLUME["/tmp"]
VOLUME /tmp
#将主机下的jar拷贝到镜像中
ADD sentinel-dashboard-1.8.1.jar sentinel-dashboard.jar
#声明了容器应该打开的端口并没有实际上将它打开
EXPOSE 8380
#执行java命令,启动应用
CMD java ${JAVA_OPTS} -jar sentinel-dashboard.jar
3)构建镜像
docker build -f Dockerfile -t 192.168.126.131:80/msp/sentinel:1.8.1 .
4)推送镜像
docker push 192.168.126.131:80/msp/sentinel:1.8.1
2、编写sentinel.yaml
---
apiVersion: v1
kind: Service
metadata:
name: sentinel
namespace: msp
labels:
app: sentinel
spec:
publishNotReadyAddresses: true
ports:
- port: 8380
name: server
targetPort: 8380
clusterIP: None
selector:
app: sentinel
---
# 外部访问服务
apiVersion: v1
kind: Service
metadata:
name: sentinel-svc
namespace: msp
labels:
app: sentinel
spec:
publishNotReadyAddresses: true
ports:
- name: http
protocol: "TCP"
port: 8380
targetPort: 8380
nodePort: 31380
type: NodePort
selector:
app: sentinel
3、编写sentinel-statefulset.yaml
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: sentinel
namespace: msp
spec:
serviceName: sentinel
replicas: 1
template:
metadata:
namespace: msp
labels:
app: sentinel
annotations:
pod.alpha.kubernetes.io/initialized: "true"
spec:
containers:
- name: sentinel
imagePullPolicy: IfNotPresent
image: 192.168.126.131:80/msp/sentinel:1.8.1
resources:
requests:
memory: "512Mi"
cpu: "200m"
ports:
- containerPort: 8380
name: client
env:
- name: TZ
value: Asia/Shanghai
- name: JAVA_OPTS
value: "-Dserver.port=8380 -Dcsp.sentinel.dashboard.server=localhost:8380 -Dproject.name=sentinel-dashboard -Djava.security.egd=file:/dev/./urandom -Dcsp.sentinel.api.port=8700"
selector:
matchLabels:
app: sentinel
4、部署
kubectl apply -f sentinel.yaml
kubectl apply -f sentinel-statefulset.yaml
查看pod发现拉取镜像失败
kubectl get pod -n msp -o wide
kubectl describe pod sentinel-0 -n msp
需要登录,解决办法:
创建一个密钥:
kubectl create secret docker-registry -n msp registry-key --docker-server=192.168.126.131:80 --docker-username=admin --docker-password=Harbor12345
删除部署kubectl delete -f sentinel-statefulset.yaml
修改sentinel-statefulset.yaml,添加拉取时使用的密钥
imagePullSecrets:
- name: registrykey
重新部署后访问任意k8s节点,如http://k8s-master:31380即可访问成功,31380是service绑定的宿主机的物理端口,用户名密码是sentinel
六、部署用户中心
无状态服务,使用Deployment部署
1、配置bootstrap.yml
主要指定公共配置,应用配置扩展名,流控sentinel控制台地址,监控指标,应用名
spring:
cloud:
nacos:
config:
# 共享配置的DataId,多个使用,分隔
# 越靠后,优先级越高;
# .yaml后缀不能少,只支持yaml/properties
shared-dataids: common.yaml ### 共享配置
refreshable-dataids: common.yaml ### 可刷新共享配置
server-addr: nacos-0.nacos-headless.msp.svc.cluster.local:8848 ### nacos server地址
file-extension: yaml ### dataId扩展名
namespace: 6594ff18-07f3-4bb8-8add-72a35235e3ac #命名空间 代指某个环境
sentinel:
transport:
# 指定sentinel 控制台的地址
dashboard: sentinel:8380
eager: true
application:
name: user-center
#metrics
management:
endpoints:
web:
exposure:
include: "*"
endpoint:
chaosmonkey:
enabled: true
health:
show-details: always
2、配置公共配置common.yaml
spring:
cloud:
nacos:
# 注册中心
discovery:
server-addr: nacos-0.nacos-headless.msp.svc.cluster.local:8848
namespace: 6594ff18-07f3-4bb8-8add-72a35235e3ac #命名空间 代指某个环境
# 配置中心
config:
# 共享配置的DataId,多个使用,分隔
# 越靠后,优先级越高;
# .yaml后缀不能少,只支持yaml/properties
shared-dataids: common.yaml ### 共享配置
refreshable-dataids: common.yaml ### 可刷新共享配置
server-addr: nacos-0.nacos-headless.msp.svc.cluster.local:8848 ### nacos server配置中心地址
file-extension: yaml ### dataId扩展名
namespace: 6594ff18-07f3-4bb8-8add-72a35235e3ac #命名空间 代指某个环境
sentinel:
transport:
# 指定sentinel 控制台的地址
dashboard: sentinel:8380
eager: true
jackson:
mapper:
ALLOW_EXPLICIT_PROPERTY_RENAMING: true
deserialization:
READ_DATE_TIMESTAMPS_AS_NANOSECONDS: false
serialization:
WRITE_DATE_TIMESTAMPS_AS_NANOSECONDS: false
WRITE_DATES_AS_TIMESTAMPS: true
3、应用配置user-center.yaml
#端口配置
server:
port: 7000 #固定端口
# port: ${randomServerPort.value[7000,7005]} #随机端口
spring:
datasource:
# JDBC 配置(驱动类自动从url的mysql识别,数据源类型自动识别)
url: jdbc:mysql://db-user-center:3106/user-center?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
username: root
password: root
driver-class-name: com.mysql.cj.jdbc.Driver
#连接池配置(通常来说,只需要修改initialSize、minIdle、maxActive
initial-size: 1
max-active: 20
min-idle: 1
# 配置获取连接等待超时的时间
max-wait: 60000
#打开PSCache,并且指定每个连接上PSCache的大小
pool-prepared-statements: true
max-pool-prepared-statement-per-connection-size: 20
validation-query: SELECT 'x'
test-on-borrow: false
test-on-return: false
test-while-idle: true
#配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒
time-between-eviction-runs-millis: 60000
#配置一个连接在池中最小生存的时间,单位是毫秒
min-evictable-idle-time-millis: 300000
filters: stat,wall
# WebStatFilter配置,说明请参考Druid Wiki,配置_配置WebStatFilter
#是否启用StatFilter默认值true
web-stat-filter.enabled: true
web-stat-filter.url-pattern: /*
web-stat-filter.exclusions: "*.js , *.gif ,*.jpg ,*.png ,*.css ,*.ico , /druid/*"
web-stat-filter.session-stat-max-count: 1000
web-stat-filter.profile-enable: true
# StatViewServlet配置
#展示Druid的统计信息,StatViewServlet的用途包括:1.提供监控信息展示的html页面2.提供监控信息的JSON API
#是否启用StatViewServlet默认值true
stat-view-servlet.enabled: true
#根据配置中的url-pattern来访问内置监控页面,如果是上面的配置,内置监控页面的首页是/druid/index.html例如:
#http://110.76.43.235:9000/druid/index.html
#http://110.76.43.235:8080/mini-web/druid/index.html
stat-view-servlet.url-pattern: /druid/*
#允许清空统计数据
stat-view-servlet.reset-enable: true
stat-view-servlet.login-username: admin
stat-view-servlet.login-password: admin
#StatViewSerlvet展示出来的监控信息比较敏感,是系统运行的内部情况,如果你需要做访问控制,可以配置allow和deny这两个参数
#deny优先于allow,如果在deny列表中,就算在allow列表中,也会被拒绝。如果allow没有配置或者为空,则允许所有访问
#配置的格式
#<IP>
#或者<IP>/<SUB_NET_MASK_size>其中128.242.127.1/24
#24表示,前面24位是子网掩码,比对的时候,前面24位相同就匹配,不支持IPV6。
#stat-view-servlet.allow=
#stat-view-servlet.deny=128.242.127.1/24,128.242.128.1
# Spring监控配置,说明请参考Druid Github Wiki,配置_Druid和Spring关联监控配置
#aop-patterns= # Spring监控AOP切入点,如x.y.z.service.*,配置多个英文逗号分隔
redis:
################### redis 单机版 start ##########################
host: redis
port: 6379
timeout: 6000
database: 8
lettuce:
pool:
max-active: 10 # 连接池最大连接数(使用负值表示没有限制),如果赋值为-1,则表示不限制;如果pool已经分配了maxActive个jedis实例,则此时pool的状态为exhausted(耗尽)
max-idle: 8 # 连接池中的最大空闲连接 ,默认值也是8
max-wait: 100 # # 等待可用连接的最大时间,单位毫秒,默认值为-1,表示永不超时。如果超过等待时间,则直接抛出JedisConnectionException
min-idle: 2 # 连接池中的最小空闲连接 ,默认值也是0
shutdown-timeout: 100ms
mybatis-plus:
global-config:
banner: false
configuration:
log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
mapper-locations: classpath*:com/open/**/dao/*.xml
security:
oauth2:
ignored: /users-anon/** , /doc.html ,/document.html ,/users/save
token:
store:
type: redis
#设置最大超时时间
ribbon:
ServerListRefreshInterval: 10 #刷新服务列表源的间隔时间
OkToRetryOnAllOperations: true
MaxAutoRetries: 1
MaxAutoRetriesNextServer: 1
ReadTimeout: 16000
ConnectTimeout: 16000
#设置最大容错超时时间
hystrix:
command:
default:
execution:
timeout:
enabled: true
isolation:
thread:
timeoutInMilliseconds: 16000
logging:
level:
com.open.capacity: INFO
org.hibernate: INFO
org.hibernate.type.descriptor.sql.BasicBinder: TRACE
org.hibernate.type.descriptor.sql.BasicExtractor: TRACE
# com.neusoft: DEBUG
# com.netflix: DEBUG #用于心跳检测输出的日志
4、构建user-center镜像
1)Dockerfile文件配置
#基础镜像,如果本地没有,会从远程仓库拉取
FROM openjdk:8-jdk-alpine
#镜像制作人
MAINTAINER chenhj
#在容器中创建挂载点,可以多个VOLUME["/tmp"]
VOLUME /tmp
#声明了容器应该打开的端口并没有实际上将它打开
EXPOSE 8080
#定义参数
ARG JAR_FILE
#拷贝本地文件到镜像中
COPY ${JAR_FILE} app.jar
#指定容器启动时要执行的命令,但如果存在CMD命令,cmd中的参数会被附加到ENTRYPOINT指令的后面
ENTRYPOINT [ "java", "-Djava.security.egd=file:/dev/./urandom", "java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom", "-jar", "/app.jar" ]
/dev/./urandom或者/dev/urandom都报类似于下面的错误,不知道怎么回事儿,Error: Could not find or load main class java $JAVA_OPTS -Djava.security.egd=file:.dev.urandom
2)mvn clean
3)mvn package
4)docker build
5)docker push
5、在nacos中配置yaml
common.yaml、user-center.yaml
6、用户中心部署yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: '3'
k8s.kuboard.cn/displayName: 用户中心
creationTimestamp: '2021-07-12T07:33:02Z'
generation: 4
labels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: user-center
name: user-center
namespace: msp
resourceVersion: '62194'
selfLink: /apis/apps/v1/namespaces/msp/deployments/user-center
uid: 2b651e82-506e-4e2f-8435-67b643ddc23e
spec:
progressDeadlineSeconds: 600
replicas: 0
revisionHistoryLimit: 10
selector:
matchLabels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: user-center
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
kubectl.kubernetes.io/restartedAt: '2021-07-12T15:54:38+08:00'
labels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: user-center
spec:
containers:
- env:
- name: spring.datasource.druid.core.url
value: >-
jdbc:mysql://db-user-center:3106/user-center?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
- name: spring.datasource.druid.log.url
value: >-
jdbc:mysql://db-log-center:3206/log-center?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
- name: spring.redis.host
value: redis
image: '192.168.126.131:80/msp/user-center:v1.0.3'
imagePullPolicy: IfNotPresent
name: user-center
ports:
- containerPort: 7000
protocol: TCP
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: harbor-msp
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
status:
conditions:
- lastTransitionTime: '2021-07-12T07:34:04Z'
lastUpdateTime: '2021-07-12T07:34:04Z'
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: 'True'
type: Available
- lastTransitionTime: '2021-07-12T07:33:02Z'
lastUpdateTime: '2021-07-12T07:54:41Z'
message: ReplicaSet "user-center-6bbfc58bd7" has successfully progressed.
reason: NewReplicaSetAvailable
status: 'True'
type: Progressing
observedGeneration: 4
---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: '2021-07-12T07:33:02Z'
labels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: user-center
name: user-center
namespace: msp
resourceVersion: '58819'
selfLink: /api/v1/namespaces/msp/services/user-center
uid: a0ee37a4-8629-4d64-b517-b151daf54e19
spec:
clusterIP: 10.100.21.141
ports:
- name: ww7t3p
port: 7000
protocol: TCP
targetPort: 7000
selector:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: user-center
sessionAffinity: None
type: ClusterIP
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
creationTimestamp: '2021-07-12T07:33:02Z'
generation: 1
labels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: user-center
name: user-center
namespace: msp
resourceVersion: '58821'
selfLink: /apis/networking.k8s.io/v1beta1/namespaces/msp/ingresses/user-center
uid: 496accf0-f13c-4e95-8b30-69b4b5063cc1
spec:
rules:
- host: svc.user-center.msp.cluster.kuboard.cn
http:
paths:
- backend:
serviceName: user-center
servicePort: ww7t3p
path: /
7启动报错
1)Ignore the empty nacos configuration and get it based on dataId[user-center] & group[DEFAULT_GROUP]
启动时报找不到配置文件,原因是在nacos创建的配置common.yaml、user-center.yaml没在应用的bootstrap.yml文件指定的命名空间下。将nacos中的配置文件克隆到指定的命名空间下。
2)向nacos注册中心发送心跳包时,nacos返回Distro protocol is not initialized
[user-center:10.244.2.180:7000] [,] 2021-07-07 12:01:43.666 ERROR 1 [main] com.alibaba.nacos.client.naming request: /nacos/v1/ns/instance failed, servers: [nacos-0.nacos-headless.msp.svc.cluster.local:8848], code: 503, msg: server is DOWNnow, detailed error message: Optional[Distro protocol is not initialized]
这表明nacos的注册中心使用的Distro模块未成功初始化,到nacos的挂载目录查看日志文件,即
/data/nfs/msp-data-nacos-0-pvc-094ae124-4f0c-4296-879e-b1b9bd1b37ca/logs/protocol-distro.log。日志中会出现很多关键的异常信息如下:
2021-07-09 09:12:22,110 ERROR [DISTRO-INIT] load snapshot com.alibaba.nacos.naming.iplist. from nacos-1.nacos-headless.msp.svc.cluster.local:8848 failed.
com.alibaba.nacos.core.distributed.distro.exception.DistroException: [DISTRO-EXCEPTION]Get snapshot from nacos-1.nacos-headless.msp.svc.cluster.local:8848 failed.
Caused by: java.io.IOException: failed to req API: http://nacos-1.nacos-headless.msp.svc.cluster.local:8848/nacos/v1/ns/distro/datums. code: 500 msg: org.apache.http.conn.HttpHostConnectException: Connect to nacos-1.nacos-headless.msp.svc.cluster.local:8848 [nacos-1.nacos-headless.msp.svc.cluster.local/10.244.2.205] failed: Connection refused (Connection refused)
com.alibaba.nacos.core.distributed.distro.exception.DistroException: [DISTRO-EXCEPTION][DISTRO-FAILED] Get distro snapshot failed!
Caused by: com.alibaba.nacos.api.exception.NacosException: No rpc client related to member: Member{ip='nacos-1.nacos-headless.msp.svc.cluster.local', port=8848, state=UP, extendInfo={raftPort=7848}}
WARN data storage DistroDataStorageImpl has not finished initial step, do not send verify data
但是nacos的pod日志报了nacos Have not found myself in list yet.度娘了一番发现出现类似于“pod数量为110个,所有node都达到110个时无法再调度”的相关问题,比如:https://blog.csdn.net/warrah/article/details/106488733
由此想到了是不是k8s节点的资源耗得差不了,因为我的k8s节点内存只有4个G左右,但部署的东西太多了导致的,接下了我就关了很多与nacos无关的容器,查看k8s的节点资源占用情况,果然发现了惊喜,下图已经是停了很多容器之后的情况,可怜的内存啊:
看看当前集群状况(已经关了很多,想来当前的电脑配置无法完成整个平台的搭建工作了,服务监控相关也没法弄了,VM太吃资源了,电脑的内存还得整到32G):
重启nacos最后正常了:
3)发送心跳报400
failed to req API:/api//nacos/v1/ns/instance/beat code:400
重启用户中心应用又可以了注册上了
4)登录访问时,用户中心无法连接数据库
因为数据库不支持用户名密码登录导致,暂将用户中心数据库脚本文件在认证中心数据库中执行,具体步骤:
- 将用户中心sql脚本传入认证中心数据库pod容器组中
kubectl cp user-center.sql auth-center-mysql-0:/ -n msp
- 进入认证中心数据库pod
kubectl exec -it auth-center-mysql-0 -n msp -- /bin/bash
- 登录连接认证中心数据库
mysql -uroot –proot
- 执行用户中心脚本文件(此方式可解决中文在客户端无法插入数据库的问题)
\. user-center.sql
七、部署认证中心
部署与用户中心类似
八、部署网关
部署与用户中心类似
九、部署后台应用
后台应用主要是静态文件
在工程/src/main/view/static目录下,以nginx作为服务器进行部署,所以需要以nginx作为基础镜像进行构建。
工程目录结构:
1、在Dockerfile文件同级目录下构建脚本文件entry-point.sh
#!/bin/sh
echo "GATEWAY_API_URL => ${GATEWAY_API_URL}"
sed -i "s#base_server.*#base_server: '${GATEWAY_API_URL}',$g" /usr/share/nginx/html/module/config.js
sed -i "s#user.*nginx;#user root;#g" /etc/nginx/nginx.conf
echo "args fllows:"
cat /usr/share/nginx/html/module/config.js
cat /etc/nginx/nginx.conf
echo "start nginx"
nginx -g "daemon off;"
2、构建Dockerfile文件
FROM nginx:1.17.1
LABEL maintainer="kuboard.cn"
ADD ./entry-point.sh /entry-point.sh
RUN chmod +x /entry-point.sh && rm -rf /usr/share/nginx/html
# 创建环境变量的默认内容,防止 sed 脚本出错
ENV GATEWAY_API_URL http://gateway_api_url_not_set/
ENV CLOUD_EUREKA_URL http://cloud_eureka_url_not_set/
ADD ./src/main/view/static /usr/share/nginx/html
EXPOSE 80
CMD ["/entry-point.sh"]
问题
1、启动时报standard_init_linux.go:211: exec user process caused "no such file or directory"
使用docker run -it -p 8080:80 192.168.126.131:5000/msp/back-center:v1.0.2 /bin/bash进入容器,执行sh entry-point.sh后,输出错误如下:
GATEWAY_API_URL http://gateway_api_url_not_set/
CLOUD_EUREKA_URL http://cloud_eureka_url_not_set/
: No such file or directorynginx/html/module/config.js
: No such file or directorynginx/html/module/config.js
cat: '/usr/share/nginx/html/module/config.js'$'\r': No such file or directory
New state of 'nil' is invalid.
但文件确实在目录下。
最后在linux环境下重建文件entry-point.sh后,重新构建镜像就可以了,确认是在windows下构建时,内容中带有特殊的字符,可能是带有windows的换行符\r\n,在容器环境中无法识别,而linux下的换行符是\n
2、访问时报403
查看nginx容器,日志报错如下:
2021/07/13 05:25:49 [error] 12#12: *11 open() "/usr/share/nginx/html/assets/libs/v5.3.0/ol.js" failed (13: Permission denied), client: 10.244.1.76, server: localhost, request: "GET /assets/libs/v5.3.0/ol.js HTTP/1.1", host: "back-center.msp.cluster.com:32080", referrer: "http://back-center.msp.cluster.com:32080/"
10.244.1.76 - - [13/Jul/2021:05:25:49 +0000] "GET /assets/libs/v5.3.0/ol.js HTTP/1.1" 403 555 "http://back-center.msp.cluster.com:32080/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36" "10.244.1.1"
发现是启动用户是root,而nginx.conf中指定的nginx
https://blog.csdn.net/onlysunnyboy/article/details/75270533
解决办法:nginx容器启动后执行entry-point.sh脚本,脚本中将/etc/nginx/nginx.conf中的user nginx;替换成user root;
#!/bin/sh
echo "GATEWAY_API_URL => ${GATEWAY_API_URL}"
echo "CLOUD_EUREKA_URL -> ${CLOUD_EUREAKA_URL}"
sed -i "s#base_server.*#base_server: '${GATEWAY_API_URL}',$g" /usr/share/nginx/html/module/config.js
sed -i "s#eureka_server.*#eureka_server: '${CLOUD_EUREKA_URL}',#g" /usr/share/nginx/html/module/config.js
sed -i "s#user.*nginx;#user root;#g" /etc/nginx/nginx.conf
echo "args fllows:"
cat /usr/share/nginx/html/module/config.js
cat /etc/nginx/nginx.conf
echo "start nginx"
nginx -g "daemon off;"
附:k8s使用中的问题
1、电脑非正常关机导致安装在VM上的k8s节点无法正常使用。
1)kubectl get pod
The connection to the server 192.168.126.128:6443 was refused - did you specify the right host or port?systemctl status kubelet
7月 09 16:58:35 k8s-master kubelet[21332]: E0709 16:58:35.679351 21332 kubelet.go:2248] node "k8s-master" not founddocker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
37b2c619ec03 2c4adeb21b4f "etcd --advertise-cl…" About a minute ago Exited (2) About a minute ago k8s_etcd_etcd-k8s-master_kube-system_d4ce83c21891db7e73e807ef995ca360_129
2536430e10b3 68c3eb07bfc3 "kube-apiserver --ad…" 4 minutes ago Exited (255) 4 minutes ago k8s_kube-apiserver_kube-apiserver-k8s-master_kube-system_4d8a5ffa907226d52ec5ad126ef212fb_137
7e259c79f9a6 b0b3c4c404da "kube-scheduler --bi…" 39 minutes ago Up 39 minutes k8s_kube-scheduler_kube-scheduler-k8s-master_kube-system_ecae9d12d3610192347be3d1aa5aa552_119
2f22d8c90df4 d75082f1d121 "kube-controller-man…" 39 minutes ago Up 39 minutes k8s_kube-controller-manager_kube-controller-manager-k8s-master_kube-system_5a1fa432561d9745fe013857ccb566c1_119
5d501d1d078d k8s.gcr.io/pause:3.1 "/pause" 39 minutes ago Up 39 minutes k8s_POD_kube-controller-manager-k8s-master_kube-system_5a1fa432561d9745fe013857ccb566c1_105
cfb01af4e5e8 k8s.gcr.io/pause:3.1 "/pause" 39 minutes ago Up 39 minutes k8s_POD_kube-scheduler-k8s-master_kube-system_ecae9d12d3610192347be3d1aa5aa552_88
83bdb7cba419 k8s.gcr.io/pause:3.1 "/pause" 39 minutes ago Up 39 minutes k8s_POD_kube-apiserver-k8s-master_kube-system_4d8a5ffa907226d52ec5ad126ef212fb_86
c5f742d2064e k8s.gcr.io/pause:3.1 "/pause" 39 minutes ago Up 39 minutes k8s_POD_etcd-k8s-master_kube-system_d4ce83c21891db7e73e807ef995ca360_72
2628f7f03f85 d75082f1d121 "kube-controller-man…" 41 minutes ago Exited (2) 41 minutes ago k8s_kube-controller-manager_kube-controller-manager-k8s-master_kube-system_5a1fa432561d9745fe013857ccb566c1_118
4b5bf17b2663 b0b3c4c404da "kube-scheduler --bi…" 41 minutes ago Exited (2) 41 minutes ago k8s_kube-scheduler_kube-scheduler-k8s-master_kube-system_ecae9d12d3610192347be3d1aa5aa552_118
0cc77025e7d9 k8s.gcr.io/pause:3.1 "/pause" 41 minutes ago Exited (0) 40 minutes ago k8s_POD_kube-scheduler-k8s-master_kube-system_ecae9d12d3610192347be3d1aa5aa552_87
docker start $(docker ps -a | awk '{ print $1}' | tail -n +2)
425af1d425ac
37b2c619ec03
7e259c79f9a6
2f22d8c90df4
5d501d1d078d
cfb01af4e5e8
83bdb7cba419
c5f742d2064e
Error response from daemon: cannot join network of a non running container: 124351d81c42b393ea7cda5b859cb3c971f5dcf020ef7b1834b06777fda1a0ab
Error response from daemon: cannot join network of a non running container: 0cc77025e7d954264a4a27c5be58e43a434de5dc850c0ec59b6616e8ed91fae0
0cc77025e7d9
124351d81c42
Error response from daemon: cannot join network of a non running container: bfe9cb4f37a1df6d413b1458c2105f5f8e76a711c0ac613b5a698641247cd390
Error response from daemon: cannot join network of a non running container: b3792df16c18a5f5f6ad6aece0c9e92b4a277c9d7a2f9e8e45d0aaf6e82c169e
Error response from daemon: cannot join network of a non running container: b48f01632705e20548d4b83d283323a69aa9770e31dcde56c480dc0bd63ceb3b
b3792df16c18
bfe9cb4f37a1
b48f01632705
Error response from daemon: cannot join network of a non running container: 1402ff8e40bf602e96cf28b74b0fb4d80a3d1f272076260be211eee07324cbaf
Error response from daemon: cannot join network of a non running container: 1402ff8e40bf602e96cf28b74b0fb4d80a3d1f272076260be211eee07324cbaf
Error response from daemon: cannot join network of a non running container: d9b5c42c62ca11fbf1c5a80035ef508f5e33ea3320b8a5eb3b91b48a887ed60e
1402ff8e40bf
d9b5c42c62ca
348e331bb616
63032652160b
Error: failed to start containers: 2628f7f03f85, 4b5bf17b2663, 62ef0183bbdf, d2f5aa7e04de, 594be1b1fa38, 17373fd45907, 6c84555eda5d, 567b4db33d92
最后按照https://ghostwritten.blog.csdn.net/article/details/111186072的前四种方法都不行,只有按方法5 重新部署集群了,之前部署的很多应用都没了。
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
1
0- 0
已为社区贡献2条内容
所有评论(0)