云计算运维kubernetes集群里集成Apollo配置中心

发表于2021-08-15更新于2021-08-15

字数总计:4.5k阅读时长:25分钟北京评论数:

虚拟化运维 Kubernetes

云计算运维kubernetes集群里集成Apollo配置中心

王先森2021-08-152021-08-15

Apollo介绍

Apollo（阿波罗）是携程框架部门研发的分布式配置中心，能够集中化管理应用不同环境、不同集群的配置，配置修改后能够实时推送到应用端，并且具备规范的权限、流程治理等特性，适用于微服务配置管理场景。

Apollo安装部署

Apollo官方地址

官方release包

基础架构

简化模型

交付apollo-configservice

准备软件包

在k8s-dns.boysec.cn上：

下载官方release包

1 2	cd /tools/ mkdir /data/dockerfile/apollo-configservice && unzip -o apollo-configservice-1.7.1-github.zip -d /data/dockerfile/apollo-configservice

执行数据库脚本

注意：MySQL版本应为5.6或以上！

更新yum源

vi /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = https://mirrors.ustc.edu.cn/mariadb/yum/10.2/centos7-amd64/
gpgkey=https://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1

导入GPG-KEY

1	rpm --import https://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB

更新数据库版本

1	yum install MariaDB-server -y

配置my.cnf

vim /etc/my.cnf.d/mysql-clients.cnf
[mysql]
default-character-set = utf8mb4

vim /etc/my.cnf.d/server.cnf
[mysqld]
character_set_server = utf8mb4
collation_server = utf8mb4_general_ci
init_connect = "SET NAMES 'utf8mb4'"

数据库脚本地址

1 2	mysql -uroot -p mysql> source ./apolloconfigdb.sql

数据库用户授权

1	MariaDB [(none)]> grant INSERT,DELETE,UPDATE,SELECT on TestBetaApolloConfigDB.* to "apolloconfig"@"10.1.1.%" identified by "123456";

修改初始数据

1	update TestBetaApolloConfigDB.ServerConfig set ServerConfig.Value="http://config-test.od.com/eureka" where ServerConfig.Key="eureka.service.url";

制作Docker镜像

配置数据库连接串

[root@k8s-dns apollo-configservice]# cat config/application-github.properties 
# DataSource
spring.datasource.url = jdbc:mysql://mysql.od.com:3306/TestBetaApolloConfigDB?characterEncoding=utf8
spring.datasource.username = apolloconfig
spring.datasource.password = 123456

更新startup.sh

官方脚本

vim scripts/startup.sh

#!/bin/bash
SERVICE_NAME=apollo-configservice
## Adjust log dir if necessary
LOG_DIR=/opt/logs/apollo-config-server
## Adjust server port if necessary
SERVER_PORT=8080
APOLLO_CONFIG_SERVICE_NAME=$(hostname -i)
SERVER_URL="http://${APOLLO_CONFIG_SERVICE_NAME}:${SERVER_PORT}"

## Adjust memory settings if necessary
#export JAVA_OPTS="-Xms6144m -Xmx6144m -Xss256k -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=384m -XX:NewSize=4096m -XX:MaxNewSize=4096m -XX:SurvivorRatio=8"

## Only uncomment the following when you are using server jvm
#export JAVA_OPTS="$JAVA_OPTS -server -XX:-ReduceInitialCardMarks"

########### The following is the same for configservice, adminservice, portal ###########
export JAVA_OPTS="$JAVA_OPTS -XX:ParallelGCThreads=4 -XX:MaxTenuringThreshold=9 -XX:+DisableExplicitGC -XX:+ScavengeBeforeFullGC -XX:SoftRefLRUPolicyMSPerMB=0 -XX:+ExplicitGCInvokesConcurrent -XX:+HeapDumpOnOutOfMemoryError -XX:-OmitStackTraceInFastThrow -Duser.timezone=Asia/Shanghai -Dclient.encoding.override=UTF-8 -Dfile.encoding=UTF-8 -Djava.security.egd=file:/dev/./urandom"
export JAVA_OPTS="$JAVA_OPTS -Dserver.port=$SERVER_PORT -Dlogging.file=$LOG_DIR/$SERVICE_NAME.log -XX:HeapDumpPath=$LOG_DIR/HeapDumpOnOutOfMemoryError/"

# Find Java
if [[ -n "$JAVA_HOME" ]] && [[ -x "$JAVA_HOME/bin/java" ]]; then
    javaexe="$JAVA_HOME/bin/java"
elif type -p java > /dev/null 2>&1; then
    javaexe=$(type -p java)
elif [[ -x "/usr/bin/java" ]];  then
    javaexe="/usr/bin/java"
else
    echo "Unable to find Java"
    exit 1
fi

if [[ "$javaexe" ]]; then
    version=$("$javaexe" -version 2>&1 | awk -F '"' '/version/ {print $2}')
    version=$(echo "$version" | awk -F. '{printf("%03d%03d",$1,$2);}')
    # now version is of format 009003 (9.3.x)
    if [ $version -ge 011000 ]; then
        JAVA_OPTS="$JAVA_OPTS -Xlog:gc*:$LOG_DIR/gc.log:time,level,tags -Xlog:safepoint -Xlog:gc+heap=trace"
    elif [ $version -ge 010000 ]; then
        JAVA_OPTS="$JAVA_OPTS -Xlog:gc*:$LOG_DIR/gc.log:time,level,tags -Xlog:safepoint -Xlog:gc+heap=trace"
    elif [ $version -ge 009000 ]; then
        JAVA_OPTS="$JAVA_OPTS -Xlog:gc*:$LOG_DIR/gc.log:time,level,tags -Xlog:safepoint -Xlog:gc+heap=trace"
    else
        JAVA_OPTS="$JAVA_OPTS -XX:+UseParNewGC"
        JAVA_OPTS="$JAVA_OPTS -Xloggc:$LOG_DIR/gc.log -XX:+PrintGCDetails"
        JAVA_OPTS="$JAVA_OPTS -XX:+UseConcMarkSweepGC -XX:+UseCMSCompactAtFullCollection -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSInitiatingOccupancyFraction=60 -XX:+CMSClassUnloadingEnabled -XX:+CMSParallelRemarkEnabled -XX:CMSFullGCsBeforeCompaction=9 -XX:+CMSClassUnloadingEnabled  -XX:+PrintGCDateStamps -XX:+PrintGCApplicationConcurrentTime -XX:+PrintHeapAtGC -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=5M"
    fi
fi

printf "$(date) ==== Starting ==== \n"

cd `dirname $0`/..
chmod 755 $SERVICE_NAME".jar"
./$SERVICE_NAME".jar" start

rc=$?;

if [[ $rc != 0 ]];
then
    echo "$(date) Failed to start $SERVICE_NAME.jar, return code: $rc"
    exit $rc;
fi

tail -f /dev/null

编写Dockerfile

FROM wangxiansen/jre8:8u112

ENV VERSION 1.7.1

RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\
    echo "Asia/Shanghai" > /etc/timezone

ADD apollo-configservice-${VERSION}.jar /apollo-configservice/apollo-configservice.jar
ADD config/ /apollo-configservice/config
ADD scripts/ /apollo-configservice/scripts

CMD ["/apollo-configservice/scripts/startup.sh"]

制作镜像并推送

1 2	docker build . -t harbor.od.com/infra/apollo-configservice:v1.7.1 docker push harbor.od.com/infra/apollo-configservice:v1.7.1

解析域名

1
2
3

vi /var/named/chroot/etc/od.com.zone  
mysql   A    10.1.1.250
config-test A 10.1.1.50

准备资源配置清单

1	mkdir /var/k8s-yaml/apollo-configservice && cd /var/k8s-yaml/apollo-configservice

vim /var/k8s-yaml/apollo-configservice/deployment.yaml

kind: Deployment
apiVersion: apps/v1
metadata:
  name: apollo-configservice
  namespace: test
  labels: 
    name: apollo-configservice
spec:
  replicas: 1
  selector:
    matchLabels: 
      name: apollo-configservice
  template:
    metadata:
      labels: 
        app: apollo-configservice 
        name: apollo-configservice
    spec:
      volumes:
      - name: configmap-volume
        configMap:
          name: apollo-configservice-cm
      containers:
      - name: apollo-configservice
        image: harbor.od.com/infra/apollo-configservice:v1.7.1
        ports:
        - containerPort: 8080
          protocol: TCP
        volumeMounts:
        - name: configmap-volume
          mountPath: /apollo-configservice/config
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        imagePullPolicy: IfNotPresent
      imagePullSecrets:
      - name: harbor
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      securityContext: 
        runAsUser: 0
      schedulerName: default-scheduler
  strategy:
    type: RollingUpdate
    rollingUpdate: 
      maxUnavailable: 1
      maxSurge: 1
  revisionHistoryLimit: 7
  progressDeadlineSeconds: 600

vim /var/k8s-yaml/apollo-configservice/svc.yaml

kind: Service
apiVersion: v1
metadata: 
  name: apollo-configservice
  namespace: test
spec:
  ports:
  - protocol: TCP
    port: 8080
    targetPort: 8080
  selector: 
    app: apollo-configservice
  clusterIP: None
  type: ClusterIP
  sessionAffinity: None

vim /var/k8s-yaml/apollo-configservice/ingress.yaml

kind: Ingress
apiVersion: extensions/v1beta1
metadata: 
  name: apollo-configservice
  namespace: test
spec:
  rules:
  - host: config-test.od.com
    http:
      paths:
      - path: /
        backend: 
          serviceName: apollo-configservice
          servicePort: 8080

vim /var/k8s-yaml/apollo-configservice/configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: apollo-configservice-cm
  namespace: test
data:
  application-github.properties: |
    # DataSource
    spring.datasource.url = jdbc:mysql://mysql.od.com:3306/TestBetaApolloConfigDB?characterEncoding=utf8
    spring.datasource.username = apolloconfig
    spring.datasource.password = 123456
    eureka.service.url = http://config-test.od.com/eureka
  app.properties: |
    appId=100003171

应用资源配置清单

在任意一台k8s运算节点执行：

kubectl create ns test
kubectl create  secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=Harbor12345 -n test
kubectl apply -f http://k8s-yaml.od.com/apollo-configservice/deployment.yaml
kubectl apply -f http://k8s-yaml.od.com/apollo-configservice/svc.yaml
kubectl apply -f http://k8s-yaml.od.com/apollo-configservice/ingress.yaml
kubectl apply -f http://k8s-yaml.od.com/apollo-configservice/configmap.yaml

浏览器访问

http://config-test.od.com

交付apollo-adminservice

准备软件包

在k8s-dns.boysec.cn上：

下载官方release包

1	[root@k8s-dns tools]# mkdir /data/dockerfile/apollo-adminservice && unzip -o apollo-adminservice-1.7.1-github.zip -d /data/dockerfile/apollo-adminservice

制作Docker镜像

配置数据库连接串

[root@k8s-dns apollo-adminservice]# cat config/application-github.properties 
# DataSource
spring.datasource.url = jdbc:mysql://mysql.od.com:3306/TestBetaApolloConfigDB?characterEncoding=utf8
spring.datasource.username = apolloconfig
spring.datasource.password = 123456

更新starup.sh

vi scripts/startup.sh

#!/bin/bash
SERVICE_NAME=apollo-adminservice
## Adjust log dir if necessary
LOG_DIR=/opt/logs/apollo-adminservice
## Adjust server port if necessary
SERVER_PORT=8080
APOLLO_ADMIN_SERVICE_NAME=$(hostname -i)
# SERVER_URL="http://localhost:${SERVER_PORT}"
SERVER_URL="http://${APOLLO_ADMIN_SERVICE_NAME}:${SERVER_PORT}"

## Adjust memory settings if necessary
#export JAVA_OPTS="-Xms2560m -Xmx2560m -Xss256k -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=384m -XX:NewSize=1536m -XX:MaxNewSize=1536m -XX:SurvivorRatio=8"

## Only uncomment the following when you are using server jvm
#export JAVA_OPTS="$JAVA_OPTS -server -XX:-ReduceInitialCardMarks"

########### The following is the same for configservice, adminservice, portal ###########
export JAVA_OPTS="$JAVA_OPTS -XX:ParallelGCThreads=4 -XX:MaxTenuringThreshold=9 -XX:+DisableExplicitGC -XX:+ScavengeBeforeFullGC -XX:SoftRefLRUPolicyMSPerMB=0 -XX:+ExplicitGCInvokesConcurrent -XX:+PrintGCDetails -XX:+HeapDumpOnOutOfMemoryError -XX:-OmitStackTraceInFastThrow -Duser.timezone=Asia/Shanghai -Dclient.encoding.override=UTF-8 -Dfile.encoding=UTF-8 -Djava.security.egd=file:/dev/./urandom"
export JAVA_OPTS="$JAVA_OPTS -Dserver.port=$SERVER_PORT -Dlogging.file=$LOG_DIR/$SERVICE_NAME.log -XX:HeapDumpPath=$LOG_DIR/HeapDumpOnOutOfMemoryError/"

# Find Java
if [[ -n "$JAVA_HOME" ]] && [[ -x "$JAVA_HOME/bin/java" ]]; then
    javaexe="$JAVA_HOME/bin/java"
elif type -p java > /dev/null 2>&1; then
    javaexe=$(type -p java)
elif [[ -x "/usr/bin/java" ]];  then
    javaexe="/usr/bin/java"
else
    echo "Unable to find Java"
    exit 1
fi

if [[ "$javaexe" ]]; then
    version=$("$javaexe" -version 2>&1 | awk -F '"' '/version/ {print $2}')
    version=$(echo "$version" | awk -F. '{printf("%03d%03d",$1,$2);}')
    # now version is of format 009003 (9.3.x)
    if [ $version -ge 011000 ]; then
        JAVA_OPTS="$JAVA_OPTS -Xlog:gc*:$LOG_DIR/gc.log:time,level,tags -Xlog:safepoint -Xlog:gc+heap=trace"
    elif [ $version -ge 010000 ]; then
        JAVA_OPTS="$JAVA_OPTS -Xlog:gc*:$LOG_DIR/gc.log:time,level,tags -Xlog:safepoint -Xlog:gc+heap=trace"
    elif [ $version -ge 009000 ]; then
        JAVA_OPTS="$JAVA_OPTS -Xlog:gc*:$LOG_DIR/gc.log:time,level,tags -Xlog:safepoint -Xlog:gc+heap=trace"
    else
        JAVA_OPTS="$JAVA_OPTS -XX:+UseParNewGC"
        JAVA_OPTS="$JAVA_OPTS -Xloggc:$LOG_DIR/gc.log -XX:+PrintGCDetails"
        JAVA_OPTS="$JAVA_OPTS -XX:+UseConcMarkSweepGC -XX:+UseCMSCompactAtFullCollection -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSInitiatingOccupancyFraction=60 -XX:+CMSClassUnloadingEnabled -XX:+CMSParallelRemarkEnabled -XX:CMSFullGCsBeforeCompaction=9 -XX:+CMSClassUnloadingEnabled  -XX:+PrintGCDateStamps -XX:+PrintGCApplicationConcurrentTime -XX:+PrintHeapAtGC -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=5M"
    fi
fi

printf "$(date) ==== Starting ==== \n"

cd `dirname $0`/..
chmod 755 $SERVICE_NAME".jar"
./$SERVICE_NAME".jar" start

rc=$?;

if [[ $rc != 0 ]];
then
    echo "$(date) Failed to start $SERVICE_NAME.jar, return code: $rc"
    exit $rc;
fi

tail -f /dev/null

编写Dockerfile

vi /data/dockerfile/apollo-adminservice/Dockerfile

FROM wangxiansen/jre8:8u112

ENV VERSION 1.7.1

RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\
    echo "Asia/Shanghai" > /etc/timezone

ADD apollo-adminservice-${VERSION}.jar /apollo-adminservice/apollo-adminservice.jar
ADD config/ /apollo-adminservice/config
ADD scripts/ /apollo-adminservice/scripts

CMD ["/apollo-adminservice/scripts/startup.sh"]

制作镜像并推送

1
2
3

[root@k8s-dns apollo-adminservice]# docker build . -t harbor.od.com/infra/apollo-adminservice:v1.7.1

[root@k8s-dns apollo-adminservice]# docker push harbor.od.com/infra/apollo-adminservice:v1.7.1

准备资源配置清单

1	mkdir /var/k8s-yaml/apollo-adminservice && cd /var/k8s-yaml/apollo-adminservice

vim /var/k8s-yaml/apollo-adminservice/deployment.yaml

kind: Deployment
apiVersion: apps/v1
metadata:
  name: apollo-adminservice
  namespace: test
  labels: 
    name: apollo-adminservice
spec:
  replicas: 1
  selector:
    matchLabels: 
      name: apollo-adminservice
  template:
    metadata:
      labels: 
        app: apollo-adminservice 
        name: apollo-adminservice
    spec:
      volumes:
      - name: configmap-volume
        configMap:
          name: apollo-adminservice-cm
      containers:
      - name: apollo-adminservice
        image: harbor.od.com/infra/apollo-adminservice:v1.7.1
        ports:
        - containerPort: 8080
          protocol: TCP
        volumeMounts:
        - name: configmap-volume
          mountPath: /apollo-adminservice/config
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        imagePullPolicy: IfNotPresent
      imagePullSecrets:
      - name: harbor
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      securityContext: 
        runAsUser: 0
      schedulerName: default-scheduler
  strategy:
    type: RollingUpdate
    rollingUpdate: 
      maxUnavailable: 1
      maxSurge: 1
  revisionHistoryLimit: 7
  progressDeadlineSeconds: 600

vim /var/k8s-yaml/apollo-adminservice/configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: apollo-adminservice-cm
  namespace: test
data:
  application-github.properties: |
    # DataSource
    spring.datasource.url = jdbc:mysql://mysql.od.com:3306/TestBetaApolloConfigDB?characterEncoding=utf8
    spring.datasource.username = apolloconfig
    spring.datasource.password = 123456
    eureka.service.url = http://config-test.od.com/eureka
  app.properties: |
    appId=100003172

应用资源配置清单

在任意一台k8s运算节点执行：

1 2	kubectl apply -f http://k8s-yaml.od.com/apollo-adminservice/configmap.yaml kubectl apply -f http://k8s-yaml.od.com/apollo-adminservice/deployment.yaml

浏览器访问

http://config-test.od.com

交付apollo-portal

准备软件包

在运维主机HDSS7-200.host.com上：
下载官方release包

1 2	[root@k8s-dns tools]# mkdir /data/dockerfile/apollo-portal && unzip -o apollo-portal-1.7.1-github.zip -d /data/dockerfile/apollo-portal [root@k8s-dns tools]# cd /data/dockerfile/apollo-portal

执行数据库脚本

在数据库主机HDSS7-11.host.com上：
数据库脚本地址

[root@k8s-dns apollo-portal]# mysql -uroot -p123456 < apolloportaldb.sql 
## 授权
grant INSERT,DELETE,UPDATE,SELECT on ApolloPortalDB.* to "apolloportal"@"10.1.1.%" identified by "123456";

update ServerConfig set value='[{"orgId":"boy1","orgName":"Linux男孩"},{"orgId":"boy","orgName":"LinuxBoy"}]' where id=2;

制作Docker镜像

配置数据库连接串

[root@k8s-dns apollo-portal]# cat config/application-github.properties 
# DataSource
spring.datasource.url = jdbc:mysql://mysql.od.com:3306/ApolloPortalDB?characterEncoding=utf8
spring.datasource.username = apolloportal
spring.datasource.password = 123456

配置Portal的meta service

1 2	[root@k8s-dns apollo-portal]# cat config/apollo-env.properties dev.meta=http://config.od.com

更新starup.sh

vim scripts/startup.sh

#!/bin/bash
SERVICE_NAME=apollo-portal
## Adjust log dir if necessary
LOG_DIR=/opt/logs/apollo-portal-server
## Adjust server port if necessary
SERVER_PORT=8080
APOLLO_PORTAL_SERVICE_NAME=$(hostname -i)
# SERVER_URL="http://localhost:$SERVER_PORT"
SERVER_URL="http://${APOLLO_PORTAL_SERVICE_NAME}:${SERVER_PORT}"

## Adjust memory settings if necessary
#export JAVA_OPTS="-Xms2560m -Xmx2560m -Xss256k -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=384m -XX:NewSize=1536m -XX:MaxNewSize=1536m -XX:SurvivorRatio=8"

## Only uncomment the following when you are using server jvm
#export JAVA_OPTS="$JAVA_OPTS -server -XX:-ReduceInitialCardMarks"

########### The following is the same for configservice, adminservice, portal ###########
export JAVA_OPTS="$JAVA_OPTS -XX:ParallelGCThreads=4 -XX:MaxTenuringThreshold=9 -XX:+DisableExplicitGC -XX:+ScavengeBeforeFullGC -XX:SoftRefLRUPolicyMSPerMB=0 -XX:+ExplicitGCInvokesConcurrent -XX:+PrintGCDetails -XX:+HeapDumpOnOutOfMemoryError -XX:-OmitStackTraceInFastThrow -Duser.timezone=Asia/Shanghai -Dclient.encoding.override=UTF-8 -Dfile.encoding=UTF-8 -Djava.security.egd=file:/dev/./urandom"
export JAVA_OPTS="$JAVA_OPTS -Dserver.port=$SERVER_PORT -Dlogging.file=$LOG_DIR/$SERVICE_NAME.log -XX:HeapDumpPath=$LOG_DIR/HeapDumpOnOutOfMemoryError/"

# Find Java
if [[ -n "$JAVA_HOME" ]] && [[ -x "$JAVA_HOME/bin/java" ]]; then
    javaexe="$JAVA_HOME/bin/java"
elif type -p java > /dev/null 2>&1; then
    javaexe=$(type -p java)
elif [[ -x "/usr/bin/java" ]];  then
    javaexe="/usr/bin/java"
else
    echo "Unable to find Java"
    exit 1
fi

if [[ "$javaexe" ]]; then
    version=$("$javaexe" -version 2>&1 | awk -F '"' '/version/ {print $2}')
    version=$(echo "$version" | awk -F. '{printf("%03d%03d",$1,$2);}')
    # now version is of format 009003 (9.3.x)
    if [ $version -ge 011000 ]; then
        JAVA_OPTS="$JAVA_OPTS -Xlog:gc*:$LOG_DIR/gc.log:time,level,tags -Xlog:safepoint -Xlog:gc+heap=trace"
    elif [ $version -ge 010000 ]; then
        JAVA_OPTS="$JAVA_OPTS -Xlog:gc*:$LOG_DIR/gc.log:time,level,tags -Xlog:safepoint -Xlog:gc+heap=trace"
    elif [ $version -ge 009000 ]; then
        JAVA_OPTS="$JAVA_OPTS -Xlog:gc*:$LOG_DIR/gc.log:time,level,tags -Xlog:safepoint -Xlog:gc+heap=trace"
    else
        JAVA_OPTS="$JAVA_OPTS -XX:+UseParNewGC"
        JAVA_OPTS="$JAVA_OPTS -Xloggc:$LOG_DIR/gc.log -XX:+PrintGCDetails"
        JAVA_OPTS="$JAVA_OPTS -XX:+UseConcMarkSweepGC -XX:+UseCMSCompactAtFullCollection -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSInitiatingOccupancyFraction=60 -XX:+CMSClassUnloadingEnabled -XX:+CMSParallelRemarkEnabled -XX:CMSFullGCsBeforeCompaction=9 -XX:+CMSClassUnloadingEnabled  -XX:+PrintGCDateStamps -XX:+PrintGCApplicationConcurrentTime -XX:+PrintHeapAtGC -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=5M"
    fi
fi

printf "$(date) ==== Starting ==== \n"

cd `dirname $0`/..
chmod 755 $SERVICE_NAME".jar"
./$SERVICE_NAME".jar" start

rc=$?;

if [[ $rc != 0 ]];
then
    echo "$(date) Failed to start $SERVICE_NAME.jar, return code: $rc"
    exit $rc;
fi

tail -f /dev/null

编写Dockerfile

FROM wangxiansen/jre8:8u112

ENV VERSION 1.7.1

RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\
    echo "Asia/Shanghai" > /etc/timezone

ADD apollo-portal-${VERSION}.jar /apollo-portal/apollo-portal.jar
ADD config/ /apollo-portal/config
ADD scripts/ /apollo-portal/scripts

CMD ["/apollo-portal/scripts/startup.sh"]

制作镜像并推送

1
2
3

[root@k8s-dns apollo-portal]# docker build . -t harbor.od.com/infra/apollo-portal:v1.7.1

[root@k8s-dns apollo-portal]# docker push harbor.od.com/infra/apollo-portal:v1.7.1

解析域名

1
2
3

[root@k8s-dns apollo-portal]# cat /var/named/chroot/etc/od.com.zone   
...
portal   A 10.1.1.50

准备资源配置清单

1 2	mkdir /var/k8s-yaml/apollo-portal cd /var/k8s-yaml/apollo-portal

vim /var/k8s-yaml/apollo-portal/deployment.yaml

kind: Deployment
apiVersion: apps/v1
metadata:
  name: apollo-portal
  namespace: test
  labels: 
    name: apollo-portal
spec:
  replicas: 1
  selector:
    matchLabels: 
      name: apollo-portal
  template:
    metadata:
      labels: 
        app: apollo-portal 
        name: apollo-portal
    spec:
      volumes:
      - name: configmap-volume
        configMap:
          name: apollo-portal-cm
      containers:
      - name: apollo-portal
        image: harbor.od.com/infra/apollo-portal:v1.7.1
        ports:
        - containerPort: 8080
          protocol: TCP
        volumeMounts:
        - name: configmap-volume
          mountPath: /apollo-portal/config
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        imagePullPolicy: IfNotPresent
      imagePullSecrets:
      - name: harbor
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      securityContext: 
        runAsUser: 0
      schedulerName: default-scheduler
  strategy:
    type: RollingUpdate
    rollingUpdate: 
      maxUnavailable: 1
      maxSurge: 1
  revisionHistoryLimit: 7
  progressDeadlineSeconds: 600

vim /var/k8s-yaml/apollo-portal/svc.yaml

kind: Service
apiVersion: v1
metadata: 
  name: apollo-portal
  namespace: test
spec:
  ports:
  - protocol: TCP
    port: 8080
    targetPort: 8080
  selector: 
    app: apollo-portal
  clusterIP: None
  type: ClusterIP
  sessionAffinity: None

vim /var/k8s-yaml/apollo-portal/ingress.yaml

kind: Ingress
apiVersion: extensions/v1beta1
metadata: 
  name: apollo-portal
  namespace: test
spec:
  rules:
  - host: portal.od.com
    http:
      paths:
      - path: /
        backend: 
          serviceName: apollo-portal
          servicePort: 8080

vim /var/k8s-yaml/apollo-portal/configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: apollo-portal-cm
  namespace: test
data:
  application-github.properties: |
    # DataSource
    spring.datasource.url = jdbc:mysql://mysql.od.com:3306/ApolloPortalDB?characterEncoding=utf8
    spring.datasource.username = apolloportal
    spring.datasource.password = 123456
  app.properties: |
    appId=100003173
  apollo-env.properties: |
    dev.meta=http://config-test.od.com

应用资源配置清单

在任意一台k8s运算节点执行：


[root@k8s-node01 ~]# kubectl apply -f http://k8s-yaml.od.com/apollo-portal/configmap.yaml
configmap/apollo-portal-cm created
[root@k8s-node01 ~]# kubectl apply -f http://k8s-yaml.od.com/apollo-portal/deployment.yaml
deployment.apps/apollo-portal created
[root@k8s-node01 ~]# kubectl apply -f http://k8s-yaml.od.com/apollo-portal/svc.yaml
service/apollo-portal created
[root@k8s-node01 ~]# kubectl apply -f http://k8s-yaml.od.com/apollo-portal/ingress.yaml
ingress.extensions/apollo-portal created

浏览器访问

http://portal.od.com

用户名：apollo
密码： admin

实战dubbo微服务接入Apollo配置中心

apollo项目地址

这里将k8s-slave.boysec.cn作为zookeeper独立服务来使用

配置apollo-portal

创建项目

注意：此处AppID要与gitee上项目id相同

进入配置页面

dubbo.registry：zookeeper://zk4.od.com:2181

dubbo.port：20880

发布配置

点击发布，配置生效

使用jenkins进行CI

略（注意记录镜像的tag）

上线新构建的项目

准备资源配置清单

vim /var/k8s-yaml/dubbo-demo-service/apollo-deployment.yaml

kind: Deployment
apiVersion: apps/v1
metadata:
  name: dubbo-demo-service
  namespace: test
  labels: 
    name: dubbo-demo-service
spec:
  replicas: 1
  selector:
    matchLabels: 
      name: dubbo-demo-service
  template:
    metadata:
      labels: 
        app: dubbo-demo-service
        name: dubbo-demo-service
    spec:
      containers:
      - name: dubbo-demo-service
        image: harbor.od.com/app/dubbo-demo-service:apollo_1230
        ports:
        - containerPort: 20880
          protocol: TCP
        env:
        - name: JAR_BALL
          value: dubbo-server.jar
        - name: C_OPTS
          value: -Denv=dev -Dapollo.meta=http://config-test.od.com
        imagePullPolicy: IfNotPresent
      imagePullSecrets:
      - name: harbor
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      securityContext: 
        runAsUser: 0
      schedulerName: default-scheduler
  strategy:
    type: RollingUpdate
    rollingUpdate: 
      maxUnavailable: 1
      maxSurge: 1
  revisionHistoryLimit: 7
  progressDeadlineSeconds: 600

注意：增加了env段配置
注意：docker镜像新版的tag

应用资源配置清单

在任意一台k8s运算节点上执行：

1	kubectl apply -f http://k8s-yaml.od.com/dubbo-demo-service/apollo-deployment.yaml

观察项目运行情况

http://dubbo-monitor.od.com/

Apollo实例列表：

创建dubbo消费者服务

配置apollo-portal

dubbo.registry：zookeeper://zk4.od.com:2181

准备资源配置清单

vim /var/k8s-yaml/dubbo-demo-consumer/apollo-deployment.yaml

kind: Deployment
apiVersion: apps/v1
metadata:
  name: dubbo-demo-consumer
  namespace: test
  labels: 
    name: dubbo-demo-consumer
spec:
  replicas: 1
  selector:
    matchLabels: 
      name: dubbo-demo-consumer
  template:
    metadata:
      labels: 
        app: dubbo-demo-consumer
        name: dubbo-demo-consumer
    spec:
      containers:
      - name: dubbo-demo-consumer
        image: harbor.od.com/app/dubbo-demo-consumer:apollo_20210824_1654
        ports:
        - containerPort: 20880
          protocol: TCP
        - containerPort: 8080
          protocol: TCP
        env:
        - name: C_OPTS
          value: -Denv=dev -Dapollo.meta=http://config-test.od.com
        - name: JAR_BALL
          value: dubbo-client.jar
        imagePullPolicy: IfNotPresent
      imagePullSecrets:
      - name: harbor
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      securityContext: 
        runAsUser: 0
      schedulerName: default-scheduler
  strategy:
    type: RollingUpdate
    rollingUpdate: 
      maxUnavailable: 1
      maxSurge: 1
  revisionHistoryLimit: 7
  progressDeadlineSeconds: 600

注意：增加了env段配置
注意：docker镜像新版的tag

应用资源配置清单

在任意一台k8s运算节点上执行：

1	kubectl apply -f http://k8s-yaml.od.com/dubbo-demo-consumer/apollo-deployment.yaml

实战维护多套dubbo微服务环境

生产实践

迭代新需求/修复BUG（编码->提GIT）
测试环境发版，测试（应用通过编译打包发布至TEST命名空间）
测试通过，上线（应用镜像直接发布至PROD命名空间）

系统架构

物理架构

主机名	角色	ip
k8s-master.boysec.cn	zk-test(测试环境Test)	10.1.1.120
k8s-slave.boysec.cn	zk-prod(生产环境Prod)	10.1.1.130
k8s-node01.boysec.cn	kubernetes运算节点	10.1.1.100
k8s-node02.boysec.cn	kubernetes运算节点	10.1.1.110
k8s-dns.boysec.cn	运维主机，harbor仓库	10.1.1.250

K8S内系统架构

环境	命名空间	应用
测试环境（TEST）	test	apollo-config，apollo-admin
测试环境（TEST）	test	dubbo-demo-service，dubbo-demo-web
生产环境（PROD）	prod	apollo-config，apollo-admin
生产环境（PROD）	prod	dubbo-demo-service，dubbo-demo-web
ops环境（infra）	infra	jenkins，dubbo-monitor，apollo-portal

修改/添加域名解析

DNS主机k8s-dns.boysec.cn上：

vim /var/named/chroot/etc/od.com.zone
...
zk-test 60 IN A 10.1.1.120
zk-prod 60 IN A 10.1.1.130
config-test A 10.1.1.50
config-prod A 10.1.1.50

Apollo的k8s应用配置

删除app命名空间内应用，创建test命名空间，创建prod命名空间
删除infra命名空间内apollo-configservice，apollo-adminservice应用
数据库内删除ApolloConfigDB，创建ApolloConfigTestDB，创建ApolloConfigProdDB

mysql> drop database ApolloConfigDB;

mysql> create database ApolloConfigTestDB;
mysql> use ApolloConfigTestDB;
mysql> source ./apolloconfig.sql
mysql> update ApolloConfigTestDB.ServerConfig set ServerConfig.Value="http://config-test.od.com/eureka" where ServerConfig.Key="eureka.service.url";
mysql> grant INSERT,DELETE,UPDATE,SELECT on ApolloConfigTestDB.* to "apolloconfig"@"10.1.1.%" identified by "123456";

mysql> create database ApolloConfigProdDB;
mysql> use ApolloConfigProdDB;
mysql> source ./apolloconfig.sql
mysql> update ApolloConfigProdDB.ServerConfig set ServerConfig.Value="http://config-prod.od.com/eureka" where ServerConfig.Key="eureka.service.url";
mysql> grant INSERT,DELETE,UPDATE,SELECT on ApolloConfigProdDB.* to "apolloconfig"@"10.1.1.%" identified by "123456";

准备apollo-config，apollo-admin的资源配置清单（各2套）

注：apollo-config/apollo-admin的configmap配置要点

Test环境

application-github.properties: |
    # DataSource
    spring.datasource.url = jdbc:mysql://mysql.od.com:3306/ApolloConfigTestDB?characterEncoding=utf8
    spring.datasource.username = apolloconfig
    spring.datasource.password = 123456
    eureka.service.url = http://config-test.od.com/eureka

Prod环境

application-github.properties: |
    # DataSource
    spring.datasource.url = jdbc:mysql://mysql.od.com:3306/ApolloConfigProdDB?characterEncoding=utf8
    spring.datasource.username = apolloconfig
    spring.datasource.password = 123456
    eureka.service.url = http://config-prod.od.com/eureka

依次应用，分别发布在test和prod命名空间
修改apollo-portal的configmap并重启portal

1
2
3

apollo-env.properties: |
    TEST.meta=http://config-test.od.com
    PROD.meta=http://config-prod.od.com

Apollo的portal配置

管理员工具

删除应用、集群、AppNamespace，将已配置应用删除

系统参数

Key
apollo.portal.envs
Value
TEST,PROD

查询

Value
TEST,PROD

保存

新建dubbo-demo-service和dubbo-demo-web项目

在TEST/PROD环境分别增加配置项并发布

发布dubbo微服务

准备dubbo-demo-service和dubbo-demo-web的资源配置清单（各2套）
依次应用，分别发布至test和prod命名空间
使用dubbo-monitor查验

王先森

分享运维与信息安全知识

原创云计算运维kubernetes集群里集成Apollo配置中心

打赏作者

感谢你赐予我前进的力量

微信
支付宝

赞赏者名单

因为你们的支持让我意识到写文章的价值🙏

运营模式与责任

本博客所有文章除特别声明外，均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自王先森！

Kubernetes66

喜欢这篇文章的人也看了

2023-02-24

Istio服务网格细节剖析

Envoy简介什么是Envoy envoy 是作为微服务服务架构中以独立进程方式实现高级网络功能的，轻量级的7层服务代理程序，通常以sidecar的方式运行在应用程序的周边，也可以作为网络的边缘代理来运行。 envoy 的特性进程外体系结构，L3/L4过滤器体系结构，HTTP L7过滤器体系结构，一流的HTTP/2支持， HTTP/3支持(目前为alpha)，HTTP L7路由，gRPC支持，服务发现和动态配置，健康检查，高级负载平衡，前端/边缘代理支持，一流的可观察性服务网格细节剖析宏观分析执行的操作：使用istioctl为pod注入了sidecar 创建了virtualservice和destinationrule 如何最终影响到了pod的访问行为？宏观角度nginx的配置中，可以提供类似如下的配置片段实现按照权重的转发：因为nginx是代理层，可以转发请求，istio也实现了流量转发的效果，肯定也有代理层，并且识别了前面创建的虚拟服务中定义的规则。 1$ istioctl kube-inject -f front-t ...

2023-02-23

Istio流量管理快速入门

Istio使用场景在业务更新迭代快速发展时代，更新版本只靠Kubernetes实现简单的更新发布是不行的，如果想要实现对业务流量访问限制还需要借用Istio的能力，比如升级到v2版本，将v2版本接入流量占比要到10%，Kubernetes是无法实现。下面就是整个实现过程。快速入门环境准备主机名 IP 角色 k8s-master eth0:10.1.1.100、docker：172.17.100.0/24 K8S-master k8s-node1 eth0:10.1.1.120、docker：172.17.120.0/24 K8S-node k8s-node2 eth0:10.1.1.130、docker：172.17.130.0/24 K8S-node 场景一模型图创建资源配置清单Front-tomcatBill-service-V1Service12345678910111213141516171819202122232425cat > front-tomcat-dpl-v1.yaml <<EOFapiV ...

2022-08-08

Helm应用包管理器初步认识

Helm 介绍每个成功的软件平台都有一个优秀的打包系统，比如 Debian、Ubuntu 的 apt，Redhat、Centos 的 yum。而 Helm 则是 Kubernetes 上的包管理器，可以很方便的将之前打包好的yaml文件部署到kubernetes上。本章我们将讨论为什么需要 Helm，它的架构和组件，以及如何使用 Helm。 Helm有两个重要概念： helm：一个命令行客户端工具，主要用于Kubernetes应用chart的创建、打包、发布和管理。 Chart：应用描述，一系列用于描述 k8s 资源相关文件的集合。 Release：基于Chart的部署实体，一个 chart 被 Helm 运行后将会生成对应的一个 release；将在k8s中创建出真实运行的资源对象。此外Helm还经常与CI\CD配置使用，在这个过程中用于维护应用程序的安装、升级、回滚等操作。 Helm解决那些问题 Helm 到底解决了什么问题？为什么 Kubernetes 需要 Helm？答案是：Kubernetes 能够很好地组织和编排容器，但它缺少一个更高层次的应用打包工具，而 ...

2023-03-02

Istio服务网格的可观察性

Istio 可观察性前面我们学习了 Istio 中的流量管理功能，本节我们来学习如何配置 Istio来自动收集网格中的服务遥测。Istio为网格内所有的服务通信生成详细的遥测数据，这种遥测技术提供了服务的可观察性，使运维人员能够排查故障、维护和优化应用程序，而不会给服务的开发人员带来任何额外的负担。通过 Istio，运维人员可以全面了解到受监控的服务如何与其他服务以及Istio组件进行交互。网站会自动生成以下类型的遥测数据，以提供对整个服务网格的可观察性: 指标:Istio 基于 4 个监控的黄金标识(延迟、流量、错误、饱和)生成了一系列服务指标，Isti 还为网格控制平面提供了更详细的指标，除此以外还提供了一组默认的基于这些指标的网格监控仪表板。延迟表示服务一个请求所需的时间。这个指标应该分成成功请求（如 HTTP 200）和失败请求（如 HTTP 500）的延迟。流量是衡量对系统的需求有多大，它是以系统的具体指标来衡量的。例如，每秒的 HTTP 请求，或并发会话，每秒的检索量，等等。错误用来衡量请求失败的比率（例如 HTTP 500）。饱和度衡量一个服务中最紧张的资源 ...

2021-11-15

Ansible自动化部署K8S集群

简介本文是通过ansible-playbook的roles功能实现二进制批量自动安装部署Kubernetes集群服务。本想做成离线版本，但由于coredns,ingress,dashboard插件需要拉取镜像，（这里把flannel做成非容器安装版）如需容器版去https://github.com/flannel-io/flannel中获取yaml文件部署思路系统初始化关闭selinux，firewalld 关闭swap 时间同步写hosts Etcd集群部署生成etcd证书部署三个etcd集群查看集群状态部署Master 生成apiserver证书部署apiserver、controller-manager和scheduler组件启动TLS Bootstrapping 部署Node 安装Docker 部署kubelet和kube-proxy 在Master上允许为新Node颁发证书授权apiserver访问kubelet 部署插件（准备好镜像） Web UI CoreDNS Ingress Controller 一键部署角色Ansi ...

2023-04-24

Linkerd服务网格安装部署详解

Linkerd 介绍Linkerd 是 Kubernetes 的一个完全开源的服务网格实现。它通过为你提供运行时调试、可观测性、可靠性和安全性，使运行服务更轻松、更安全，所有这些都不需要对你的代码进行任何更改。 Linkerd 通过在每个服务实例旁边安装一组超轻、透明的代理来工作。这些代理会自动处理进出服务的所有流量。由于它们是透明的，这些代理充当高度仪表化的进程外网络堆栈，向控制平面发送遥测数据并从控制平面接收控制信号。这种设计允许 Linkerd 测量和操纵进出你的服务的流量，而不会引入过多的延迟。为了尽可能小、轻和安全，Linkerd 的代理采用 Rust 编写。功能概述自动 mTLS：Linkerd 自动为网格应用程序之间的所有通信启用相互传输层安全性 (TLS)。自动代理注入：Linkerd 会自动将数据平面代理注入到基于 annotations 的 pod 中。容器网络接口插件：Linkerd 能被配置去运行一个 CNI 插件，该插件自动重写每个 pod 的 iptables 规则。仪表板和 Grafana：Linkerd 提供了一个 Web 仪表板，以及预配置的 ...

匿名评论隐私政策

✅ 你无需删除空行，直接评论以获取最佳展示效果