生产环境Kubernetes Consul最佳实践
2021-01-16 20:13
标签:异常 retention jin ase agent registry ssd available d-bus 本指南为Consul agent在K8s中的运行方式,Server端建议运行在物理机上。 本方案已在生产环境中经过验证,暂时没有发现使用问题。 生产环境Kubernetes Consul最佳实践 标签:异常 retention jin ase agent registry ssd available d-bus 原文地址:https://blog.51cto.com/shmilyjinian/2513152
Consul的安装方式请参考本人的另一篇博文Consul集群安装,这里不做过多描述。Kubernetes中运行Consul agent的问题及应对方法
问题
解决方法
配置
ConfigMap配置
~]# cat consul-client-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: consul-client
namespace: consul
data:
consul.json: |
{
"datacenter": "dc1",
"client_addr": "0.0.0.0",
"bind_addr": "{{ GetInterfaceIP \"eth0\" }}",
"data_dir": "/consul/data",
"retry_interval": "20s",
"retry_join": ["10.111.67.1","10.111.67.2","10.111.67.3","10.111.67.4","10.111.67.5"],
"enable_local_script_checks": true,
"log_file": "/var/log/",
"log_level": "trace",
"pid_file": "/var/run/consul.pid",
"performance": {
"raft_multiplier": 1
},
"telemetry": {
"prometheus_retention_time": "300s",
"disable_hostname": true
}
}
create-consul-registration.sh: |
#!/bin/sh
ADDR=`ip addr show|awk -F ‘[ /]+‘ ‘/eth[0-9]|em[0-9]/ && /inet/ {print $3}‘`
CONSUL_CONF_DIR=‘/consul/config‘
CONSUL_REDISTER_FILE="$CONSUL_CONF_DIR/consul-members-registration.json"
if [[ -n "$ADDR" && -d $CONSUL_CONF_DIR ]];then
cat > ${CONSUL_REDISTER_FILE}
Consul监控请参考Consul Prometheus监控DaemonSet配置
~]# cat consul-client-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: consul-client
namespace: consul
labels:
app: consul
environment: prod
component: client
spec:
minReadySeconds: 60
revisionHistoryLimit: 10
selector:
matchLabels:
app: consul
environment: prod
commponent: client
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
namespace: consul
labels:
app: consul
environment: prod
commponent: client
spec:
containers:
- env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
name: consul-client
image: consul:1.5.1
imagePullPolicy: IfNotPresent
command:
- "consul"
- "agent"
- "-config-dir=/consul/config"
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- |
/consul/create-consul-registration.sh
consul reload
preStop:
exec:
command:
- /bin/sh
- -c
- consul leave
ports:
- name: http-api
hostPort: 8500
containerPort: 8500
protocol: TCP
- name: dns-tcp
hostPort: 8600
containerPort: 8600
protocol: TCP
- name: dns-udp
hostPort: 8600
containerPort: 8600
protocol: UDP
- name: server-rpc
hostPort: 8300
containerPort: 8300
protocol: TCP
- name: serf-lan-tcp
hostPort: 8301
containerPort: 8301
protocol: TCP
- name: serf-lan-udp
hostPort: 8301
containerPort: 8301
protocol: UDP
- name: serf-wan-tcp
hostPort: 8302
containerPort: 8302
protocol: TCP
- name: serf-wan-udp
hostPort: 8302
containerPort: 8302
protocol: UDP
volumeMounts:
- name: consul-config
mountPath: /consul/config/consul.json
subPath: consul.json
- name: consul-members
mountPath: /consul/create-consul-registration.sh
subPath: create-consul-registration.sh
- name: consul-data-dir
mountPath: /consul/data
- name: localtime
mountPath: /etc/localtime
livenessProbe:
tcpSocket:
port: 8500
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
timeoutSeconds: 1
readinessProbe:
httpGet:
path: /v1/status/leader
port: 8500
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
timeoutSeconds: 1
resources:
requests:
memory: "1024Mi"
cpu: "1000m"
limits:
memory: "1024Mi"
cpu: "1000m"
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
hostNetwork: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: consul-config
configMap:
name: consul-client
items:
- key: consul.json
path: consul.json
- name: consul-members
configMap:
name: consul-client
defaultMode: 0755
items:
- key: create-consul-registration.sh
path: create-consul-registration.sh
- name: consul-data-dir
hostPath:
path: /data/consul/data
type: DirectoryOrCreate
- name: localtime
hostPath:
path: /etc/localtime
type: File
Deployment配置
~]# cat deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: business
environment: prod
release: release
name: business
namespace: prod-platform
spec:
progressDeadlineSeconds: 600
replicas: 3
revisionHistoryLimit: 10
selector:
matchLabels:
app: business
environment: prod
release: release
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app: business
environment: prod
release: release
spec:
shareProcessNamespace: true
containers:
- env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: CONSUL_HTTP_ADDR
value: "$(HOST_IP):8500"
image: registry-vpc.cn-hangzhou.aliyuncs.com/prod/prod-business:v1
imagePullPolicy: Always
name: usercancel
ports:
- containerPort: 8999
- containerPort: 9988
livenessProbe:
tcpSocket:
port: 8999
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
timeoutSeconds: 1
readinessProbe:
httpGet:
path: /health
port: 8999
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
timeoutSeconds: 1
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1024Mi"
cpu: "1000m"
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- name: data-vol
mountPath: /logs
subPath: logs
- name: data-vol
mountPath: /coredump
subPath: coredump
- env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: registry-vpc.cn-hangzhou.aliyuncs.com/devops/filebeat:7.4.2-1
imagePullPolicy: IfNotPresent
name: filebeat
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- name: filebeat-config
mountPath: /usr/share/filebeat/filebeat.yml
subPath: filebeat.yml
- name: data-vol
mountPath: /logs
subPath: logs
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: data-vol
persistentVolumeClaim:
claimName: pvc-nas-prod-platform-business
- name: filebeat-config
configMap:
name: business
items:
- key: filebeat.yml
path: filebeat.yml
上一篇:网站指纹收集及其利用方式