K8S-statefulset-nacos
K8S简单部署---apiVersion: v1data:mysql.db.name: nacosmysql.password: nacosmysql.port: "3306"mysql.user: rootmysql.host: mysqlkind: ConfigMapmetadata:name: nacos-cm---apiVersion: v1kind: Servicemetadata:na
·
K8S简单部署
---
apiVersion: v1
data:
mysql.db.name: nacos
mysql.password: nacos
mysql.port: "3306"
mysql.user: root
mysql.host: mysql
kind: ConfigMap
metadata:
name: nacos-cm
---
apiVersion: v1
kind: Service
metadata:
name: nacos-hs
labels:
app: nacos
spec:
ports:
- port: 8848
name: server
protocol: TCP
targetPort: 8848
clusterIP: None
selector:
app: nacos
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: nacos-svc
labels:
app: nacos
spec:
ports:
- port: 8848
name: server
protocol: TCP
targetPort: 8848
selector:
app: nacos
type: ClusterIP
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
labels:
app: nacos
name: nacos
spec:
host: nacos-X.X.X
port:
targetPort: server
to:
kind: Service
name: nacos-svc
weight: 100
wildcardPolicy: None
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: nacos
spec:
podManagementPolicy: OrderedReady
replicas: 3
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/instance: nacos
app.kubernetes.io/name: nacos
serviceName: nacos-hs
template:
metadata:
labels:
app.kubernetes.io/instance: nacos
app.kubernetes.io/name: nacos
app: nacos
spec:
containers:
- env:
- name: JVM_XMX
value: 3500m
- name: MODE
value: hostname
- name: PREFER_HOST_MODE
value: hostname
- name: NACOS_SERVERS
value: 'nacos-0.nacos-hs:8848 nacos-1.nacos-hs:8848 nacos-2.nacos-hs:8848'
- name: SPRING_DATASOURCE_PLATFORM
value: mysql
- name: NACOS_AUTH_CACHE_ENABLE
value: "true"
- name: NACOS_REPLICAS
value: "3"
- name: SERVICE_NAME
value: nacos-hs
- name: DOMAIN_NAME
value: cluster.local
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: MYSQL_SERVICE_HOST
valueFrom:
configMapKeyRef:
key: mysql.host
name: nacos-cm
- name: MYSQL_SERVICE_DB_NAME
valueFrom:
configMapKeyRef:
key: mysql.db.name
name: nacos-cm
- name: MYSQL_SERVICE_PORT
valueFrom:
configMapKeyRef:
key: mysql.port
name: nacos-cm
- name: MYSQL_SERVICE_USER
valueFrom:
configMapKeyRef:
key: mysql.user
name: nacos-cm
- name: MYSQL_SERVICE_PASSWORD
valueFrom:
configMapKeyRef:
key: mysql.password
name: nacos-cm
- name: NACOS_APPLICATION_PORT
value: "8848"
image: nacos/nacos-server:1.4.1.0
imagePullPolicy: IfNotPresent
name: nacos
ports:
- containerPort: 8848
name: http
protocol: TCP
- containerPort: 7848
name: rpc
protocol: TCP
resources:
limits:
cpu: 800m
memory: 4Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
updateStrategy:
rollingUpdate:
partition: 0
type: RollingUpdate
简单部署,需要指定节点的配置信息,并且不需要绑定目录
K8S可扩容缩容部署
---
apiVersion: v1
data:
mysql.db.name: nacos
mysql.password: nacos
mysql.port: "3306"
mysql.user: root
mysql.host: mysql-0
kind: ConfigMap
metadata:
name: nacos-cm
---
apiVersion: v1
kind: Service
metadata:
name: nacos-hs
labels:
app: nacos
spec:
ports:
- port: 8848
name: server
protocol: TCP
targetPort: 8848
clusterIP: None
selector:
app: nacos
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: nacos-svc
labels:
app: nacos
spec:
ports:
- port: 8848
name: server
protocol: TCP
targetPort: 8848
selector:
app: nacos
type: ClusterIP
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
labels:
app: nacos
name: nacos
spec:
host: nacos.apps.XXXX
port:
targetPort: server
to:
kind: Service
name: nacos-svc
weight: 100
wildcardPolicy: None
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: nacos
spec:
podManagementPolicy: OrderedReady
replicas: 3
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/instance: nacos
app.kubernetes.io/name: nacos
serviceName: nacos-hs
template:
metadata:
labels:
app.kubernetes.io/instance: nacos
app.kubernetes.io/name: nacos
app: nacos
spec:
containers:
- env:
- name: JVM_XMX
value: 3500m
- name: MODE
value: hostname
- name: SPRING_DATASOURCE_PLATFORM
value: mysql
- name: NACOS_AUTH_CACHE_ENABLE
value: "true"
- name: NACOS_REPLICAS
value: "3"
- name: SERVICE_NAME
value: nacos-hs
- name: DOMAIN_NAME
value: cluster.local
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: PREFER_HOST_MODE
value: hostname
- name: MYSQL_SERVICE_HOST
valueFrom:
configMapKeyRef:
key: mysql.host
name: nacos-cm
- name: MYSQL_SERVICE_DB_NAME
valueFrom:
configMapKeyRef:
key: mysql.db.name
name: nacos-cm
- name: MYSQL_SERVICE_PORT
valueFrom:
configMapKeyRef:
key: mysql.port
name: nacos-cm
- name: MYSQL_SERVICE_USER
valueFrom:
configMapKeyRef:
key: mysql.user
name: nacos-cm
- name: MYSQL_SERVICE_PASSWORD
valueFrom:
configMapKeyRef:
key: mysql.password
name: nacos-cm
- name: NACOS_SERVER_PORT
value: "8848"
- name: NACOS_APPLICATION_PORT
value: "8848"
image: nacos/nacos-server:1.4.1-unprivileged
imagePullPolicy: Always
name: nacos
ports:
- containerPort: 8848
name: http
protocol: TCP
- containerPort: 7848
name: rpc
protocol: TCP
resources:
limits:
cpu: 1500m
memory: 4Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /home/nacos/plugins/peer-finder
name: plugindir
- mountPath: /home/nacos/data
name: datadir
- mountPath: /home/nacos/logs
name: logdir
dnsPolicy: ClusterFirst
initContainers:
- image: nacos/nacos-peer-finder-plugin:1.0
imagePullPolicy: Always
name: peer-finder-plugin-install
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /home/nacos/plugins/peer-finder
name: plugindir
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
items:
- key: application.properties
path: application.properties
name: nacos-config
name: nacos-config
updateStrategy:
rollingUpdate:
partition: 0
type: RollingUpdate
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: datadir
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storageClassName: "rook-cephfs" #存储类名,改为集群中已存在的
volumeMode: Filesystem
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: plugindir
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storageClassName: "rook-cephfs" #存储类名,改为集群中已存在的
volumeMode: Filesystem
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: logdir
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storageClassName: "rook-cephfs" #存储类名,改为集群中已存在的
volumeMode: Filesystem
镜像说明
查看YAML文件可知官方教程使用的初始化容器镜像是:nacos/nacos-peer-finder-plugin:1.0,镜像则是:nacos/nacos-server:latest
-
nacos-peer-finder-plugin
这个镜像唯一的作用是安装 peer-finder插件相关的脚本到指定目录(plugins/peer-finder/),结束后就死亡。peer-finder插件的功能是轮询(1秒)指定的k8s service ,如果service下面的pod地址列表发生变化,则重新写入
cluster.conf文件,以便实现nacos的动态扩容。 -
nacos-server
nacos本体镜像,镜像启动时,除了启动自身的服务外,还会同时调用peer-finder-plugin-install 安装好的脚本启动peer-finder。
容器运行原理
Nacos集群节点信息保存在cluster.conf文件中,在k8s环境下不再需要手动去更改cluster.conf文件来维护集群,必须使用k8s的机制去完成自动扩缩容。其实是peer-finder-plugin 和 上面说的自动轮询cluster.conf机制来达到的。
通过Helm使用官方的chart包部署的nacos集群,每一个pod有两个容器:
peer-finder-plugin-install: 是一个initContainers,这个镜像唯一的作用是安装 peer-finder插件相关的脚本到指定目录(plugins/peer-finder/),结束后就死亡。nacos-cluster:nacos本体镜像,镜像启动时,除了启动自身的服务外,还会同时调用peer-finder-plugin-install安装好的脚本启动peer-finder(nacos dockerfile)
peer-finder这个插件很简单,使用go语言写的一个定时轮询的程序,
peer-finder轮询(1秒)指定的k8s service ,如果service下面的pod地址列表发生变化,则重新写入cluster.conf文件。这里的k8s service就必须是headless类型的了,因为只有解析headless提供的域名,才能获取所有pod的地址列表。
pod启动顺序如下:
nacos客户端访问:
探针
zookeeper-ready
附录
参考
hub:https://registry.hub.docker.com/r/nacos/nacos-server
项目地址:https://github.com/nacos-group/nacos-k8s.git
https://nacos.io/zh-cn/docs/use-nacos-with-kubernetes.html
nacos环境隔离:https://nacos.io/zh-cn/blog/address-server.html
nacos集群原理
客户端与集群的交互
首先需要声明的是Nacos Cluster虽然内部使用了Raft协议,但是对于Nacos客户端,Cluster实例是无状态的。客户端配置集群地址有两种方式:
- 1.通过配置serverAddr列表,客户端将访问集群时,随机从列表中选择一个实例访问:
NamingService configService = NacosFactory.createNamingService("10.22.0.137:30253,10.22.0.137:30254,10.22.0.137:30255");
当然,一般情况下我们并不会直接配置Nacos实例的IP,可用用域名,以便能动态发现。
- 2.通过Properties配置endpoint,定时访问,感知集群变化,并随机从接口返回的列表中选择一个实例访问,客户端会与Endpoint创建LONG PULL。
Properties properties = new Properties();
properties.put(PropertyKeyConst.ENDPOINT,"10.18.90.16");
properties.put(PropertyKeyConst.ENDPOINT_PORT,"8850");
NamingService configService = NacosFactory.createNamingService(properties);
节点发现
只需要在部署Nacos 实例时,在conf/cluster.conf 中把自己和集群内其它实例的地址整合到一起即可,cluster.conf文件可以是这样:
ip1:8848
ip2:8848
ip3:8848
这样就构成了集群。Nacos实例会轮询cluster.conf 文件,以保证集群在有新的实例加入时能相互发现以实现实例的扩缩容,具体代码实现在(com.alibaba.nacos.naming.cluster.ServerListManager.ServerListUpdater)。
nacos-server 镜像启动脚本及配置文件
-
启动脚本
容器内文件位置:/home/nacos/bin/docker-startup.sh#!/bin/bash #set -x 执行指令后,会先显示该指令及所下的参数。 set -x # 这里定义了一些环境变量 export DEFAULT_SEARCH_LOCATIONS="classpath:/,classpath:/config/,file:./,file:./config/" export CUSTOM_SEARCH_LOCATIONS=${DEFAULT_SEARCH_LOCATIONS},file:${BASE_DIR}/conf/,${BASE_DIR}/init.d/ export CUSTOM_SEARCH_NAMES="application,custom" export MEMBER_LIST="" # 这里定义了插件的目录 PLUGINS_DIR="/home/nacos/plugins/peer-finder" # 如果目录不存在 则加载${NACOS_SERVERS}到$CLUSTER_CONF 存在则启动插件 function print_servers(){ if [[ ! -d "${PLUGINS_DIR}" ]]; then echo "" > "$CLUSTER_CONF" for server in ${NACOS_SERVERS}; do echo "$server" >> "$CLUSTER_CONF" done else bash $PLUGINS_DIR/plugin.sh sleep 30 fi } #=========================================================================================== # JVM Configuration #=========================================================================================== # 这里检查启动模式:standalone 单机模式 其他则为集群模式 if [[ "${MODE}" == "standalone" ]]; then JAVA_OPT="${JAVA_OPT} -Xms${JVM_XMS} -Xmx${JVM_XMX} -Xmn${JVM_XMN}" JAVA_OPT="${JAVA_OPT} -Dnacos.standalone=true" else # 是否启用内嵌存储模式 if [[ "${EMBEDDED_STORAGE}" == "embedded" ]]; then JAVA_OPT="${JAVA_OPT} -DembeddedStorage=true" fi JAVA_OPT="${JAVA_OPT} -server -Xms${JVM_XMS} -Xmx${JVM_XMX} -Xmn${JVM_XMN} -XX:MetaspaceSize=${JVM_MS} -XX:MaxMetaspaceSize=${JVM_MMS}" # 是否开启远程调试 if [[ "${NACOS_DEBUG}" == "y" ]]; then JAVA_OPT="${JAVA_OPT} -Xdebug -Xrunjdwp:transport=dt_socket,address=9555,server=y,suspend=n" fi JAVA_OPT="${JAVA_OPT} -XX:-OmitStackTraceInFastThrow -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=${BASE_DIR}/logs/java_heapdump.hprof" JAVA_OPT="${JAVA_OPT} -XX:-UseLargePages" print_servers fi #=========================================================================================== # Setting system properties #=========================================================================================== # set mode that Nacos Server function of split if [[ "${FUNCTION_MODE}" == "config" ]]; then JAVA_OPT="${JAVA_OPT} -Dnacos.functionMode=config" elif [[ "${FUNCTION_MODE}" == "naming" ]]; then JAVA_OPT="${JAVA_OPT} -Dnacos.functionMode=naming" fi # set nacos server ip if [[ ! -z "${NACOS_SERVER_IP}" ]]; then JAVA_OPT="${JAVA_OPT} -Dnacos.server.ip=${NACOS_SERVER_IP}" fi if [[ ! -z "${USE_ONLY_SITE_INTERFACES}" ]]; then JAVA_OPT="${JAVA_OPT} -Dnacos.inetutils.use-only-site-local-interfaces=${USE_ONLY_SITE_INTERFACES}" fi if [[ ! -z "${PREFERRED_NETWORKS}" ]]; then JAVA_OPT="${JAVA_OPT} -Dnacos.inetutils.preferred-networks=${PREFERRED_NETWORKS}" fi if [[ ! -z "${IGNORED_INTERFACES}" ]]; then JAVA_OPT="${JAVA_OPT} -Dnacos.inetutils.ignored-interfaces=${IGNORED_INTERFACES}" fi ### If turn on auth system: if [[ ! -z "${NACOS_AUTH_ENABLE}" ]]; then JAVA_OPT="${JAVA_OPT} -Dnacos.core.auth.enabled=${NACOS_AUTH_ENABLE}" fi if [[ "${PREFER_HOST_MODE}" == "hostname" ]]; then JAVA_OPT="${JAVA_OPT} -Dnacos.preferHostnameOverIp=true" fi JAVA_OPT="${JAVA_OPT} -Dnacos.member.list=${MEMBER_LIST}" JAVA_MAJOR_VERSION=$($JAVA -version 2>&1 | sed -E -n 's/.* version "([0-9]*).*$/\1/p') if [[ "$JAVA_MAJOR_VERSION" -ge "9" ]] ; then JAVA_OPT="${JAVA_OPT} -cp .:${BASE_DIR}/plugins/cmdb/*.jar:${BASE_DIR}/plugins/mysql/*.jar" JAVA_OPT="${JAVA_OPT} -Xlog:gc*:file=${BASE_DIR}/logs/nacos_gc.log:time,tags:filecount=10,filesize=102400" else JAVA_OPT="${JAVA_OPT} -Djava.ext.dirs=${JAVA_HOME}/jre/lib/ext:${JAVA_HOME}/lib/ext:${BASE_DIR}/plugins/health:${BASE_DIR}/plugins/cmdb:${BASE_DIR}/plugins/mysql" JAVA_OPT="${JAVA_OPT} -Xloggc:${BASE_DIR}/logs/nacos_gc.log -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=100M" fi JAVA_OPT="${JAVA_OPT} -Dnacos.home=${BASE_DIR}" JAVA_OPT="${JAVA_OPT} -jar ${BASE_DIR}/target/nacos-server.jar" JAVA_OPT="${JAVA_OPT} ${JAVA_OPT_EXT}" JAVA_OPT="${JAVA_OPT} --spring.config.location=${CUSTOM_SEARCH_LOCATIONS}" JAVA_OPT="${JAVA_OPT} --spring.config.name=${CUSTOM_SEARCH_NAMES}" JAVA_OPT="${JAVA_OPT} --logging.config=${BASE_DIR}/conf/nacos-logback.xml" JAVA_OPT="${JAVA_OPT} --server.max-http-header-size=524288" echo "nacos is starting,you can check the ${BASE_DIR}/logs/start.out" echo "$JAVA ${JAVA_OPT}" > ${BASE_DIR}/logs/start.out 2>&1 & nohup $JAVA ${JAVA_OPT} > ${BASE_DIR}/logs/start.out 2>&1 < /dev/null -
配置文件
容器内文件位置:/home/nacos/conf/application.properties
server.servlet.contextPath=${SERVER_SERVLET_CONTEXTPATH:/nacos}
server.contextPath=/nacos
server.port=${NACOS_APPLICATION_PORT:8848}
# 数据源类型
spring.datasource.platform=${SPRING_DATASOURCE_PLATFORM:""}
nacos.cmdb.dumpTaskInterval=3600
nacos.cmdb.eventTaskInterval=10
nacos.cmdb.labelTaskInterval=300
nacos.cmdb.loadDataAtStart=false
db.num=${MYSQL_DATABASE_NUM:1}
db.url.0=jdbc:mysql://${MYSQL_SERVICE_HOST}:${MYSQL_SERVICE_PORT:3306}/${MYSQL_SERVICE_DB_NAME}?characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=${MYSQL_SSL_ENABLE:false}
db.url.1=jdbc:mysql://${MYSQL_SERVICE_HOST}:${MYSQL_SERVICE_PORT:3306}/${MYSQL_SERVICE_DB_NAME}?characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=${MYSQL_SSL_ENABLE:false}
db.user=${MYSQL_SERVICE_USER}
db.password=${MYSQL_SERVICE_PASSWORD}
### The auth system to use, currently only 'nacos' is supported:
nacos.core.auth.system.type=${NACOS_AUTH_SYSTEM_TYPE:nacos}
### The token expiration in seconds:
nacos.core.auth.default.token.expire.seconds=${NACOS_AUTH_TOKEN_EXPIRE_SECONDS:18000}
### The default token:
nacos.core.auth.default.token.secret.key=${NACOS_AUTH_TOKEN:SecretKey012345678901234567890123456789012345678901234567890123456789}
### Turn on/off caching of auth information. By turning on this switch, the update of auth information would have a 15 seconds delay.
nacos.core.auth.caching.enabled=${NACOS_AUTH_CACHE_ENABLE:false}
server.tomcat.accesslog.enabled=${TOMCAT_ACCESSLOG_ENABLED:false}
server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D
# default current work dir
server.tomcat.basedir=
## spring security config
### turn off security
nacos.security.ignore.urls=/,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-fe/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/**
# metrics for elastic search
management.metrics.export.elastic.enabled=false
management.metrics.export.influx.enabled=false
nacos.naming.distro.taskDispatchThreadCount=10
nacos.naming.distro.taskDispatchPeriod=200
nacos.naming.distro.batchSyncKeyCount=1000
nacos.naming.distro.initDataRatio=0.9
nacos.naming.distro.syncRetryDelay=5000
nacos.naming.data.warmup=true
参数
| name | description | option |
|---|---|---|
| MODE | cluster/standalone | cluster/standalone default cluster |
| NACOS_SERVERS | nacos cluster address | eg. ip1:port1 ip2:port2 ip3:port3 |
| PREFER_HOST_MODE | 启动Nacos集群按域名解析还是IP | hostname/ip default ip |
| NACOS_APPLICATION_PORT | Nacos 端口 | default 8848 |
| NACOS_SERVER_IP | custom nacos server ip when network was mutil-network | |
| SPRING_DATASOURCE_PLATFORM | standalone support mysql | mysql / empty default empty |
| MYSQL_SERVICE_HOST | mysql host | |
| MYSQL_SERVICE_PORT | mysql database port | default : 3306 |
| MYSQL_SERVICE_DB_NAME | mysql database name | |
| MYSQL_SERVICE_USER | username of database | |
| MYSQL_SERVICE_PASSWORD | password of database | |
| MYSQL_DATABASE_NUM | It indicates the number of database | default :1 |
| MYSQL_SERVICE_DB_PARAM | Database url parameter | default : characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true |
| JVM_XMS | -Xms | default :2g |
| JVM_XMX | -Xmx | default :2g |
| JVM_XMN | -Xmn | default :1g |
| JVM_MS | -XX:MetaspaceSize | default :128m |
| JVM_MMS | -XX:MaxMetaspaceSize | default :320m |
| NACOS_DEBUG | enable remote debug | y/n default :n |
| TOMCAT_ACCESSLOG_ENABLED | server.tomcat.accesslog.enabled | default :false |
| NACOS_AUTH_SYSTEM_TYPE | The auth system to use, currently only ‘nacos’ is supported | default :nacos |
| NACOS_AUTH_ENABLE | If turn on auth system | default :false |
| NACOS_AUTH_TOKEN_EXPIRE_SECONDS | The token expiration in seconds | default :18000 |
| NACOS_AUTH_TOKEN | The default token | default :SecretKey012345678901234567890123456789012345678901234567890123456789 |
| NACOS_AUTH_CACHE_ENABLE | Turn on/off caching of auth information. By turning on this switch, the update of auth information would have a 15 seconds delay. | default : false |
| MEMBER_LIST | Set the cluster list with a configuration file or command-line argument | eg:192.168.16.101:8847?raft_port=8807,192.168.16.101?raft_port=8808,192.168.16.101:8849?raft_port=8809 |
| EMBEDDED_STORAGE | Use embedded storage in cluster mode without mysql | embedded default : none |
| NACOS_AUTH_CACHE_ENABLE | nacos.core.auth.caching.enabled | default : false |
| NACOS_AUTH_USER_AGENT_AUTH_WHITE_ENABLE | nacos.core.auth.enable.userAgentAuthWhite | default : false |
| NACOS_AUTH_IDENTITY_KEY | nacos.core.auth.server.identity.key | default : serverIdentity |
| NACOS_AUTH_IDENTITY_VALUE | nacos.core.auth.server.identity.value | default : security |
| NACOS_SECURITY_IGNORE_URLS | nacos.security.ignore.urls | default : /,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-fe/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/** |
如果以上配置不满足要求,可以通过挂载文件方式实现。挂载文件到
/home/nacos/init.d/目录下custom.properties文件,优先级比application.properties文件高。
nacos端口
nacos默认使用8848对外提供服务,7848 用于节点直接的通信,例如选举leader。
解决K8S/openshift等限制以root账户运行问题
如果K8S/openshift限制以root账户运行,则nacos中的tomcat会启动失败,在 /home/nacos/logs/start.out 中记录以下错误:
2021-03-09 18:22:23,496 INFO Nacos is starting...
2021-03-09 18:22:23,771 INFO Nacos Log files: /home/nacos/logs
2021-03-09 18:22:23,771 INFO Nacos Log files: /home/nacos/conf
2021-03-09 18:22:23,771 INFO Nacos Log files: /home/nacos/data
2021-03-09 18:22:23,774 ERROR Startup errors : {}
org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:156)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:544)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:744)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:391)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:312)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1204)
at com.alibaba.nacos.Nacos.main(Nacos.java:35)
解决方法是创建一个账户nacos,并且把 /home/nacos目录owner改为nacos,并设置ENTRYPOINT
Dockerfile
From nacos/nacos-server:1.4.1
RUN useradd nacos -u 1000 && chown -R nacos /home/nacos
ENTRYPOINT ["bin/docker-startup.sh"]
docker build -t nacos/nacos-server:1.4.1-unprivilege ./
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献3条内容
所有评论(0)