k8s以StatefulSet方式部署consul集群:
public-service-ns.yaml
apiVersion: v1kind: Namespacemetadata: name: public-service
consul-server.yaml
apiVersion: extensions/v1beta1kind: Ingressmetadata:
name: consul namespace: public-servicespec:
rules:
- host: consul.lzxlinux.com http:
paths:
- path: / backend:
serviceName: consul-ui servicePort: 80---apiVersion: v1kind: Servicemetadata:
name: consul-ui namespace: public-service labels:
app: consul component: serverspec:
selector:
app: consul ports:
- name: http port: 80
targetPort: 8500
---apiVersion: v1kind: Servicemetadata:
name: consul-dns namespace: public-service labels:
app: consul component: dnsspec:
selector:
app: consul ports:
- name: dns-tcp protocol: TCP port: 53
targetPort: dns-tcp - name: dns-udp protocol: UDP port: 53
targetPort: dns-udp
---apiVersion: v1kind: Servicemetadata:
name: consul-server namespace: public-service labels:
app: consul component: serverspec:
selector:
app: consul component: server ports:
- name: http port: 8500
targetPort: 8500
- name: dns-tcp protocol: TCP port: 8600
targetPort: dns-tcp - name: dns-udp protocol: "UDP"
port: 8600
targetPort: dns-udp - name: serflan-tcp protocol: TCP port: 8301
targetPort: 8301
- name: serflan-udp protocol: UDP port: 8301
targetPort: 8302
- name: serfwan-tcp protocol: TCP port: 8302
targetPort: 8302
- name: serfwan-udp protocol: UDP port: 8302
targetPort: 8302
- name: server port: 8300
targetPort: 8300
publishNotReadyAddresses: true
clusterIP: None
---apiVersion: v1kind: ConfigMapmetadata:
name: consul-server-config namespace: public-servicedata:---apiVersion: policy/v1beta1kind: PodDisruptionBudgetmetadata:
name: consul-server namespace: public-servicespec:
selector:
matchLabels:
app: consul component: server minAvailable: 2
---apiVersion: apps/v1kind: StatefulSetmetadata:
name: consul-server namespace: public-servicespec:
serviceName: consul-server replicas: 3
updateStrategy:
type: RollingUpdate selector:
matchLabels:
app: consul component: server template:
metadata:
labels:
app: consul component: server spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: "componment"
operator: In values:
- server topologyKey: "kubernetes.io/hostname"
terminationGracePeriodSeconds: 10
containers:
- name: consul image: consul:latest imagePullPolicy: IfNotPresent ports:
- containerPort: 8500
name: http - containerPort: 8600
name: dns-tcp protocol: TCP - containerPort: 8600
name: dns-udp protocol: UDP - containerPort: 8301
name: serflan - containerPort: 8302
name: serfwan - containerPort: 8300
name: server env:
- name: POD_IP valueFrom:
fieldRef:
fieldPath: status.podIP - name: NAMESPACE valueFrom:
fieldRef:
fieldPath: metadata.namespace args:
- "agent"
- "-server"
- "-advertise=$(POD_IP)"
- "-bind=0.0.0.0"
- "-bootstrap-expect=3"
- "-datacenter=dc1"
- "-config-dir=/consul/userconfig"
- "-data-dir=/consul/data"
- "-disable-host-node-id"
- "-domain=cluster.local"
- "-retry-join=consul-server-0.consul-server.$(NAMESPACE).svc.cluster.local"
- "-client=0.0.0.0"
- "-ui"
resources:
limits:
cpu: "100m"
memory: "128Mi"
requests:
cpu: "100m"
memory: "128Mi"
lifecycle:
preStop:
exec:
command:
- /bin/sh - -c - consul leave volumeMounts:
- name: data mountPath: /consul/data - name: user-config mountPath: /consul/userconfig volumes:
- name: user-config configMap:
name: consul-server-config - name: data emptyDir: {}
securityContext:
fsGroup: 1000
# volumeClaimTemplates:# - metadata:# name: data# spec:# accessModes:# - ReadWriteMany# storageClassName: "gluster-heketi-2"# resources:# requests:# storage: 10Gi
consul-client.yaml
apiVersion: v1kind: ConfigMapmetadata:
name: consul-client-config namespace: public-servicedata:---apiVersion: apps/v1kind: DaemonSetmetadata:
name: consul namespace: public-servicespec:
selector:
matchLabels:
app: consul component: client template:
metadata:
labels:
app: consul component: client spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: "componment"
operator: In values:
- client topologyKey: "kubernetes.io/hostname"
terminationGracePeriodSeconds: 10
containers:
- name: consul image: consul:latest imagePullPolicy: IfNotPresent ports:
- containerPort: 8500
name: http - containerPort: 8600
name: dns-tcp protocol: TCP - containerPort: 8600
name: dns-udp protocol: UDP - containerPort: 8301
name: serflan - containerPort: 8302
name: serfwan - containerPort: 8300
name: server env:
- name: POD_IP valueFrom:
fieldRef:
fieldPath: status.podIP - name: NAMESPACE valueFrom:
fieldRef:
fieldPath: metadata.namespace args:
- "agent"
- "-advertise=$(POD_IP)"
- "-bind=0.0.0.0"
- "-datacenter=dc1"
- "-config-dir=/consul/userconfig"
- "-data-dir=/consul/data"
- "-disable-host-node-id=true"
- "-domain=cluster.local"
- "-retry-join=consul-server-0.consul-server.$(NAMESPACE).svc.cluster.local"
- "-client=0.0.0.0"
resources:
limits:
cpu: "50m"
memory: "32Mi"
requests:
cpu: "50m"
memory: "32Mi"
lifecycle:
preStop:
exec:
command:
- /bin/sh - -c - consul leave volumeMounts:
- name: data mountPath: /consul/data - name: user-config mountPath: /consul/userconfig volumes:
- name: user-config configMap:
name: consul-client-config - name: data emptyDir: {}
securityContext:
fsGroup: 1000# volumeClaimTemplates:# - metadata:# name: data# spec:# accessModes:# - ReadWriteMany# storageClassName: "gluster-heketi-2"# resources:# requests:# storage: 10Gi
- PodDisruptionBudget:
k8s可以为每个应用程序创建 PodDisruptionBudget 对象(PDB)。PDB 将限制在同一时间因资源干扰导致的复制应用程序中宕机的 pod 数量。
可以通过两个参数来配置PodDisruptionBudget:
MinAvailable:表示最小可用Pod数,表示应用Pod集群处于运行状态的最小Pod数量,或者是运行状态的Pod数同总Pod数的最小百分比 MaxUnavailable:表示最大不可用Pod数,表示应用Pod集群处于不可用状态的最大Pod数,或者是不可用状态的Pod数同总Pod数的最大百分比
需要注意的是,MinAvailable参数和MaxUnavailable参数只能同时配置一个。
- 部署:
kubectl apply -f public-service-ns.yaml kubectl apply -f consul-server.yaml kubectl get svc -n public-service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE consul-dns ClusterIP 10.110.235.63 <none> 53/TCP,53/UDP 85s consul-server ClusterIP None <none> 8500/TCP,8600/TCP,8600/UDP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP 85s consul-ui ClusterIP 10.98.220.223 <none> 80/TCP 85s kubectl get pod -n public-service NAME READY STATUS RESTARTS AGE consul-server-0 1/1 Running 0 110s consul-server-1 1/1 Running 0 107s consul-server-2 1/1 Running 0 92s
- 查看集群状态:
kubectl exec -n public-service consul-server-0 -- consul members Node Address Status Type Build Protocol DC Segment consul-server-0 172.10.135.17:8301 alive server 1.8.3 2 dc1 <all>consul-server-1 172.10.104.11:8301 alive server 1.8.3 2 dc1 <all>consul-server-2 172.10.166.136:8301 alive server 1.8.3 2 dc1 <all>
- 访问ui:
添加hosts:consul.lzxlinux.com,访问consul.lzxlinux.com/ui。
可以看到:consul-server-0是leader,集群状态正常。
- 加入client:
kubectl apply -f consul-client.yaml kubectl get pod -n public-service NAME READY STATUS RESTARTS AGE consul-8wx22 1/1 Running 0 40s consul-glmgs 1/1 Running 0 10s consul-server-0 1/1 Running 0 30m consul-server-1 1/1 Running 0 30m consul-server-2 1/1 Running 0 30m consul-vxbj7 1/1 Running 0 61s
kubectl exec -n public-service consul-server-0 -- consul members Node Address Status Type Build Protocol DC Segment consul-server-0 172.10.135.17:8301 alive server 1.8.3 2 dc1 <all>consul-server-1 172.10.104.11:8301 alive server 1.8.3 2 dc1 <all>consul-server-2 172.10.166.136:8301 alive server 1.8.3 2 dc1 <all>consul-8wx22 172.10.166.138:8301 alive client 1.8.3 2 dc1 <default>consul-glmgs 172.10.135.19:8301 alive client 1.8.3 2 dc1 <default>consul-vxbj7 172.10.104.13:8301 alive client 1.8.3 2 dc1 <default>
至此,consul集群(3 server、3client)部署完成。已存放至个人github:kubernetes