微服务部署方案-v3
搭建
安装指定版本的docker
# 查看系统版本
cat /etc/redhat-release
# 移除掉原来安装的docker
yum -y remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
# 卸载
yum remove -y docker-ce docker-ce-cli containerd.io
# 启用仓库的文件
yum-config-manager --enable docker-ce-nightly
# 配置yum aliyun源
## 备份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
## 下载
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
## 生成缓存
yum makecache
# 配置centos docker-ce 源
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 更新yum
yum update -y
# 安装依赖软件
yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
# 查看所有版本
yum list docker-ce --showduplicates | sort -r
# 选择 18.06.3.ce-3.el7
yum install -y docker-ce-18.06.3.ce-3.el7 docker-ce-cli-18.06.3.ce-3.el7 containerd.io
# 查看所有版本
yum list docker-ce --showduplicates | sort -r
# 选择 18.06.3.ce-3.el7
yum install -y docker-ce-18.06.3.ce-3.el7 docker-ce-cli-18.06.3.ce-3.el7 containerd.io
# 启动docker
systemctl start docker
# 允许开机自启
systemctl enable docker
# 配置镜像源加速
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://q4jtpmzm.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
# 运行一个demo镜像
docker run hello-world
gitlab
https://docs.gitlab.com/omnibus/docker/
# 创建数据挂载点
rm -rf /data/tristan/gitlab/config /data/tristan/gitlab/logs /data/tristan/gitlab/data
mkdir -p /data/tristan/gitlab/config /data/tristan/gitlab/logs /data/tristan/gitlab/data
# 运行镜像
docker run --detach \
--hostname 192.168.71.220 \
--publish 80:80 --publish 2289:22 \
--name gitlab \
--restart always \
--volume /data/tristan/gitlab/config:/etc/gitlab \
--volume /data/tristan/gitlab/logs:/var/log/gitlab \
--volume /data/tristan/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
#限制gitlab的内存
docker stop gitlab
docker update --memory-swap 15360M gitlab
docker update --memory 15360M gitlab
docker start gitlab
#查看镜像运行情况
docker logs -f gitlab
http://192.168.71.220:8929 root/tanshilin
为root账号配置密码 root/tanshilin
jenkins
# 创建数据挂载点
mkdir -p /data/tristan/jenkins
# 运行镜像
docker run \
-u root \
-d --restart always \
-p 8080:8080 \
-p 50000:50000 \
-v /data/tristan/jenkins:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
--name jenkins \
jenkinsci/blueocean
# 查看镜像运行情况
docker logs -f jenkins
访问地址:
http://192.168.71.220:8080 访问密码需要从docker的日志控制台拷贝出来
设置admin账号的密码 admin/admin
nexus
# 创建数据挂载点
# 创建本地文件夹
mkdir -p /data/tristan/nexus && chmod 777 /data/tristan/nexus
# 启动容器
docker run -d --restart always -p 8081:8081 --name nexus -v /data/tristan/nexus:/nexus-data sonatype/nexus3
# 查看镜像启动情况
docker logs -f nexus
访问:
http://192.168.71.220:8081 admin/admin123
k8s
搭建k8s
清理rancher
#删除所有容器
docker rm -f $(sudo docker ps -qa)
#删除/var/etcd目录
rm -rf /var/etcd
#删除/var/lib/kubelet/目录,删除前先卸载
for m in $(sudo tac /proc/mounts | sudo awk '{print $2}'|sudo grep /var/lib/kubelet);do
umount $m||true
done
umount -f /var/lib/kubelet/pods/2aaf3247-61e1-11e9-a738-020860040104/volume-subpaths/filebeat-config/filebeat/1
umount -f /var/lib/kubelet/pods/55b15b49-61e5-11e9-9b17-020860040104/volume-subpaths/filebeat-config/filebeat/1
umount -f /var/lib/kubelet/
rm -rf /var/lib/kubelet/
#删除/var/lib/rancher/目录,删除前先卸载
for m in $(sudo tac /proc/mounts | sudo awk '{print $2}'|sudo grep /var/lib/rancher);do
umount $m||true
done
umount -f /var/lib/rancher/volumes
rm -rf /var/lib/rancher/
#删除/run/kubernetes/ 目录
rm -rf /run/kubernetes/
#删除所有的数据卷
docker volume rm $(sudo docker volume ls -q)
#再次显示所有的容器和数据卷,确保没有残留
docker ps -a
docker volume ls
安装rancher
# 创建数据卷
rm -rf /data/tristan/rancher/
mkdir -p /data/tristan/rancher/mysql
# 运行rancher镜像
docker run -d --name rancher -v /data/tristan/rancher/mysql:/var/lib/mysql --restart=unless-stopped -p 8765:8080 rancher/server
#查看运行情况
docker logs -f rancher
# 加入主节点
sudo docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.11 http://192.168.71.220:8765/v1/scripts/3277D056DBE1B20BDB55:1546214400000:Ovc5YLAsfQfvrZoGW2Es7U9w
# 修改密码
/usr/bin/mysqladmin -u root password 'new-password'
# 修改 访问控制 为 local
访问地址:
http://192.168.71.220:8765 rancher/rancher
注意
如果第一次安装会出问题请重置服务器后再试一次
因为rancher版本比较快,请不要使用国内的镜像配置,尽量配置不要改配置
搭建之后如果性能/稳定性不够请搭建多节点(后面补充多节点部署)
停止并删除所有容器
docker stop $(docker ps -aq)
docker rm $(docker ps -aq)
docker rmi $(docker images -aq)
一些指令
# 清理内存
echo 2 > /proc/sys/vm/drop_caches
echo 3 > /proc/sys/vm/drop_caches
https://my.oschina.net/wenzhenxi/blog/1824274
nfs
本地搭建方式
安装nfs服务
1)通过yum目录安装nfs服务和rpcbind服务:
$ yum -y install nfs-utils rpcbind
2)检查nfs服务是否正常安装
$ rpcinfo -p localhost
创建用户
为NFS服务其添加用户,并创建共享目录,以及设置用户设置共享目录的访问权限:
$ useradd -u nfs
$ mkdir -p /data/tristan/nfs
$ chmod a+w /data/tristan/nfs
配置共享目录
在nfs服务器中为客户端配置共享目录:
$ echo "/data/tristan/nfs *(rw,async,no_root_squash)" >> /etc/exports
通过执行如下命令是配置生效:
$exportfs -r
启动服务
1)由于必须先启动rpcbind服务,再启动nfs服务,这样才能让nfs服务在rpcbind服务上注册成功:
$ systemctl start rpcbind
2)启动nfs服务:
$ systemctl start nfs-server
3)设置rpcbind和nfs-server开机启动:
$ systemctl enable rpcbind
$ systemctl enable nfs-server
检查nfs服务是否正常启动
$ showmount -e localhost
$ mount -t nfs 127.0.0.1:/data/tristan/nfs /mnt
mkdir -p /data/tristan/nfs/es/0
mkdir -p /data/tristan/nfs/es/1
在 192.168.71.221上
mount -t nfs 192.168.71.220:/data/tristan/nfs /data
项目改造
服务器构建配置
settings.xml
nexus-snapshots
ebuy-cloud-test
ebuy-cloud-test
registry.cn-shenzhen.aliyuncs.com
xxx@xxx
xxx
nexus-releases
*
http://192.168.71.220:8081/repository/maven-public/
nexus-snapshots
*
http://192.168.71.220:8081/repository/maven-snapshots/
nexus-snapshots
nexus-snapshots
nexus-snapshots
http://192.168.71.220:8081/repository/maven-snapshots/
registry.cn-shenzhen.aliyuncs.com
nexus-snapshots
目前项目结构
tree /F
ebuy-cloud
springcloud
cloud-eureka
cloud-config
cloud-oauth2
cloud-gateway
service-common
commons-base
commons-dto
commons-http
commons-task
commons-utils
service-modules
dynamic-datasource
service-amazon
service-crm
service-erp
service-erp-crm
service-kafka-demo
service-logistics
service-logistics-old
service-mrp
service-plan
service-procurement
service-procurement-old
service-product
service-warehouse
service-workflow
service-workflowengine
cloud-basics
service-alibaba-order
service-aliyun-image-search
service-basics-data
service-batchtask
service-file
service-mail
service-util
cloud-datacenter
service-elasticsearch
service-oa
service-system
父类工程
# pom.xml
${repository.id}
${repository.name}
${repository.url}
default
# Jenkinsfile
pipeline {
agent {
docker {
image 'maven:3-alpine'
args '-v /root/.m2:/root/.m2'
}
}
stages {
stage('Deliver') {
steps {
sh 'mvn clean deploy'
}
}
}
}
特殊工程
eureka
# pom.xml
org.springframework.boot
spring-boot-maven-plugin
true
com.spotify
dockerfile-maven-plugin
1.4.10
true
${dockerRegistry.url}/ebuy-cloud/${project.artifactId}
${project.version}.${maven.build.timestamp}
true
false
0
target/${project.build.finalName}.jar
default
package
# Jenkinsfile
pipeline {
agent {
docker {
image 'maven:3-alpine'
args '-v /root/.m2:/root/.m2'
}
}
stages {
stage('Deliver') {
steps {
sh 'mvn clean package -DskipTests dockerfile:build dockerfile:tag dockerfile:push'
}
}
}
}
# Dockerfile
FROM anapsix/alpine-java:latest
ARG EUREKA_USER_NAME
ARG EUREKA_USER_PASSWORD
ARG CLOUD_EUREKA_DEFAULTZONE_OTHER
ARG CLOUD_ZIPKIN_BASE_URL
ARG JAR_FILE
ADD ${JAR_FILE} app.jar
RUN echo 'Asia/Shanghai' > /etc/timezone
RUN bash -c 'touch /app.jar'
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar","${EUREKA_USER_NAME}","${EUREKA_USER_PASSWORD}","${CLOUD_EUREKA_DEFAULTZONE_OTHER}","${CLOUD_ZIPKIN_BASE_URL}"]
config
# pom.xml
org.springframework.boot
spring-boot-maven-plugin
true
com.spotify
dockerfile-maven-plugin
1.4.10
true
${dockerRegistry.url}/ebuy-cloud/${project.artifactId}
${project.version}.${maven.build.timestamp}
true
false
0
target/${project.build.finalName}.jar
default
package
# Jenkinsfile
pipeline {
agent {
docker {
image 'maven:3-alpine'
args '-v /root/.m2:/root/.m2'
}
}
stages {
stage('Deliver') {
steps {
sh 'mvn clean package -DskipTests dockerfile:build dockerfile:tag dockerfile:push'
}
}
}
}
# Dockerfile
FROM anapsix/alpine-java:latest
ARG CLOUD_EUREKA_DEFAULTZONE
ARG CLOUD_ZIPKIN_BASE_URL
ARG CONFIG_GIT_URI
ARG CONFIG_GIT_USERNAME
ARG CONFIG_GIT_PASSWORD
ARG CONFIG_KAFKA_HOST
ARG CONFIG_KAFKA_PORT
ARG CONFIG_ZK_PORT
ARG JAR_FILE
ADD ${JAR_FILE} app.jar
RUN echo 'Asia/Shanghai' > /etc/timezone
RUN bash -c 'touch /app.jar'
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar","${CLOUD_EUREKA_DEFAULTZONE}","${CLOUD_ZIPKIN_BASE_URL}","${CONFIG_GIT_URI}","${CONFIG_GIT_USERNAME}","${CONFIG_GIT_PASSWORD}","${CONFIG_KAFKA_HOST}","${CONFIG_KAFKA_PORT}","${CONFIG_ZK_PORT}"]
标准工程
oauth2
# pom.xml
org.springframework.boot
spring-boot-maven-plugin
true
com.spotify
dockerfile-maven-plugin
1.4.10
true
${dockerRegistry.url}/ebuy-cloud/${project.artifactId}
${project.version}.${maven.build.timestamp}
true
false
0
target/${project.build.finalName}.jar
default
package
# Jenkinsfile
pipeline {
agent {
docker {
image 'maven:3-alpine'
args '-v /root/.m2:/root/.m2'
}
}
stages {
stage('Deliver') {
steps {
sh 'mvn clean package -DskipTests dockerfile:build dockerfile:tag dockerfile:push'
}
}
}
}
# Dockerfile
FROM anapsix/alpine-java:latest
ARG CLOUD_EUREKA_DEFAULTZONE
ARG JASYPT_ENCRYPTOR_PASSWORD
ARG JAR_FILE
ADD ${JAR_FILE} app.jar
RUN echo 'Asia/Shanghai' > /etc/timezone
RUN bash -c 'touch /app.jar'
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar","${CLOUD_EUREKA_DEFAULTZONE}","${JASYPT_ENCRYPTOR_PASSWORD}"]
# bootstrap.yml
eureka:
client:
serviceUrl:
defaultZone: ${cloud_eureka_defaultzone:http://root:123456@localhost:9000/eureka/}
instance:
prefer-ip-address: true
spring:
application:
name: service-crm
cloud:
config:
discovery:
service-id: cloud-config
enabled: true
logging:
config: classpath:logback.xml
jasypt:
encryptor:
password: ${jasypt_encryptor_password:l&id81!lw}
使用搭建
gitlab
ebuy-cloud-config-dev
ebuy-cloud-dev
ebuy-cloud-dev-system/ebuy-cloud-dev-system
ebuy-cloud-config-test
ebuy-cloud-test
ebuy-cloud-test-system/ebuy-cloud-test-system
ebuy-cloud-config-product
ebuy-cloud-product-system/
使用钉钉名称注册人员账号
创建ebuy-cloud-dev-system/ebuy-cloud-test-system/ebuy-cloud-product-system三个系统用户
创建ebuy-cloud-dev-report/ebuy-cloud-test-report/ebuy-cloud-product-report三个只读用户
创建ebuy-cloud-dev/ebuy-cloud-test/ebuy-cloud-product三个用户组
依次添加用户到用户组并设置权限 系统用户为 Maintainer权限,只读用户为 Report权限
root账号创建ebuy-cloud-config配置项目
从高向低fork项目
fork root/ebuy-cloud-config -> ebuy-cloud-product/ebuy-cloud-config
fork ebuy-cloud-product/ebuy-cloud-config -> ebuy-cloud-test/ebuy-cloud-config
fork ebuy-cloud-test/ebuy-cloud-config -> ebuy-cloud-dev/ebuy-cloud-config
从低给高授权(Developer权限)
grant ebuy-cloud-dev/ebuy-cloud-config -> ebuy-cloud-test
grant ebuy-cloud-test/ebuy-cloud-config -> ebuy-cloud-product
低修改之后查看自己的项目中 高(项目名称一致且所属者后缀不同)的项目的成员,在钉钉找到该成员之后发送消息 合并配置文件
高登录之后向低发起合并请求然后去合并代码
nexus
创建snapshot库
aliyun docker registry
创建阿里云子账号
创建命名空间
创建仓库
jenkins
创建流水线
主要参数为 svn地址
rancher
http://192.168.71.220:8765
修改系统语言为中文
在商店中搜索kubernetes
查看该rancher模板中k8s的版本为 12 -> 对应docker 的版本为 18.06.3.ce-3.el7
修改dashboard的内存(有利于查看内存)
加入主机,根据提示的加入主机的指令去其他主机上去执行(三台即可)
等待初始化完成
…
k8s
http://192.168.71.220:8765 KUBERNETES 仪表板
http://192.168.71.220:8765/r/projects/1a5/kubernetes-dashboard:9090/#!/overview?namespace=default
确定主节点所在主机
# 需要将对外的那台主机进行标记标签
kubectl label nodes 192.168.71.221 type=outer
# 如果该主机的位置发生了变化需要删除原来的主机的标签
kubectl label nodes 192.168.71.104 type-
创建拉取镜像的凭证字符串
kubectl create secret docker-registry regcred --docker-server=registry.cn-shenzhen.aliyuncs.com --docker-username=xxx@xxx --docker-password=xxx [email protected]
一些指令:
# 查看所有版本
kubectl rollout history deployment servicemrp
# 回滚到指定版本
kubectl rollout undo deployment servicemrp --to-revision=1
编写部署文件
└─deploy
│ README.MD
│
├─middleware
│ elasticsearch-router.yml
│ elasticsearch-single.yml
│ filebeat.yml
│ kafka.yml
│ xxljob-router.yml
│ xxljob.yml
│ zipkin-router.yml
│ zipkin-single.yml
│ zookeeper.yml
│
├─service
│ ├─cloud-basics
│ │ servicealibabaorder.yml
│ │ servicemail.yml
│ │ serviceutil.yml
│ │
│ ├─cloud-datacenter
│ │ serviceelasticsearch.yml
│ │ serviceoa.yml
│ │
│ └─cloud-modules
│ servicecrm.yml
│ serviceerp.yml
│ serviceerpcrm.yml
│ servicelogistics.yml
│ servicemrp.yml
│ serviceplan.yml
│ serviceprocurement.yml
│ serviceproduct.yml
│
└─springcloud
cloudconfig.yml
cloudeureka.yml
cloudgateway.yml
router.yml
serveroauth2.yml
middleware
filebeat-demo.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: serviceerp2filebeat2
labels:
app: serviceerp2filebeat2
spec:
replicas: 1
template:
metadata:
name: serviceerp2filebeat2
labels:
app: serviceerp2filebeat2
spec:
containers:
- name: serviceerp
image:
imagePullPolicy: IfNotPresent
env:
- name: CLOUD_EUREKA_DEFAULTZONE
value: "http://root:[email protected]/eureka/,http://root:[email protected]/eureka/"
- name: JASYPT_ENCRYPTOR_PASSWORD
value: "l&id81!lw"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
- name: app-logs
mountPath: /logs
- name: filebeat
image: docker.elastic.co/beats/filebeat:5.4.0
volumeMounts:
- name: app-logs
mountPath: /logs
- name: filebeat-config
mountPath: /usr/share/filebeat/filebeat.yml
readOnly: true
subPath: filebeat.yml
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: app-logs
emptyDir: {}
- name: filebeat-config
configMap:
name: filebeat-config
restartPolicy: Always
imagePullSecrets:
- name: regcred
selector:
matchLabels:
app: serviceerp2filebeat2
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: default
labels:
k8s-app: filebeat
data:
filebeat.yml: |-
filebeat.prospectors:
- input_type: log
paths:
- "/logs/*/*"
output.elasticsearch:
hosts: ["192.168.71.223:9200"]
username: ""
password: ""
index: "filebeat-log"
xxljob.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: xxljob
labels:
app: xxljob
spec:
replicas: 1
template:
metadata:
name: xxljob
labels:
app: xxljob
spec:
nodeSelector:
type: outer
containers:
- name: xxljob
image: xuxueli/xxl-job-admin:2.0.1
imagePullPolicy: IfNotPresent
env:
- name: PARAMS
value: "--spring.datasource.url=jdbc:mysql://192.168.71.219:3306/xxl-job?Unicode=true&characterEncoding=UTF-8 --spring.datasource.username=javaappuser --spring.datasource.password=javaappuser --spring.datasource.driver-class-name=com.mysql.jdbc.Driver"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
ports:
- containerPort: 8080
hostPort: 9988
volumes:
- name: localtime
hostPath:
path: /etc/localtime
restartPolicy: Always
selector:
matchLabels:
app: xxljob
xxljob-router.yml
---
apiVersion: v1
kind: Service
metadata:
name: xxljob
spec:
selector:
app: xxljob
ports:
- protocol: TCP
port: 80
targetPort: 8080
zipkin-single.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: zipkin
labels:
app: zipkin
spec:
replicas: 1
template:
metadata:
name: zipkin
labels:
app: zipkin
spec:
nodeSelector:
type: outer
containers:
- name: zipkin
image: openzipkin/zipkin
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/localtime
name: localtime
ports:
- containerPort: 9411
hostPort: 9411
volumes:
- name: localtime
hostPath:
path: /etc/localtime
restartPolicy: Always
selector:
matchLabels:
app: zipkin
zipkin-router.yml
---
apiVersion: v1
kind: Service
metadata:
name: zipkin
spec:
selector:
app: zipkin
ports:
- protocol: TCP
port: 80
targetPort: 9411
springcloud
cloudeureka.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cloudeureka
labels:
app: cloudeureka
spec:
replicas: 1
template:
metadata:
name: cloudeureka
labels:
app: cloudeureka
spec:
nodeSelector:
type: outer
containers:
- name: cloudeureka
image:
imagePullPolicy: IfNotPresent
env:
- name: EUREKA_USER_NAME
value: "root"
- name: EUREKA_USER_PASSWORD
value: "123456"
- name: CLOUD_EUREKA_DEFAULTZONE_OTHER
value: "http://root:[email protected]/eureka/"
- name: CLOUD_ZIPKIN_BASE_URL
value: ""
volumeMounts:
- mountPath: /etc/localtime
name: localtime
ports:
- containerPort: 9000
hostPort: 9000
volumes:
- name: localtime
hostPath:
path: /etc/localtime
restartPolicy: Always
imagePullSecrets:
- name: regcred
selector:
matchLabels:
app: cloudeureka
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cloudeureka2
labels:
app: cloudeureka2
spec:
replicas: 1
template:
metadata:
name: cloudeureka2
labels:
app: cloudeureka2
spec:
containers:
- name: cloudeureka2
image:
imagePullPolicy: IfNotPresent
env:
- name: EUREKA_USER_NAME
value: "root"
- name: EUREKA_USER_PASSWORD
value: "123456"
- name: CLOUD_EUREKA_DEFAULTZONE_OTHER
value: "http://root:[email protected]/eureka/"
- name: CLOUD_ZIPKIN_BASE_URL
value: ""
volumeMounts:
- mountPath: /etc/localtime
name: localtime
ports:
- containerPort: 9000
hostPort: 9000
volumes:
- name: localtime
hostPath:
path: /etc/localtime
restartPolicy: Always
imagePullSecrets:
- name: regcred
selector:
matchLabels:
app: cloudeureka2
cloudeureka-router.yml
---
apiVersion: v1
kind: Service
metadata:
name: cloudeureka
spec:
selector:
app: cloudeureka
ports:
- protocol: TCP
port: 80
targetPort: 9000
---
apiVersion: v1
kind: Service
metadata:
name: cloudeureka2
spec:
selector:
app: cloudeureka2
ports:
- protocol: TCP
port: 80
targetPort: 9000
cloudconfig.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cloudconfig
labels:
app: cloudconfig
spec:
replicas: 1
template:
metadata:
name: cloudconfig
labels:
app: cloudconfig
spec:
containers:
- name: cloudconfig
image:
imagePullPolicy: IfNotPresent
env:
- name: CLOUD_EUREKA_DEFAULTZONE
value: "http://root:[email protected]/eureka/,http://root:[email protected]/eureka/"
- name: CLOUD_ZIPKIN_BASE_URL
value: ""
- name: CONFIG_GIT_URI
value: "http://192.168.71.220/ebuy-cloud-test/ebuy-cloud-config.git"
- name: CONFIG_GIT_USERNAME
value: "ebuy-cloud-test-report"
- name: CONFIG_GIT_PASSWORD
value: "ebuy-cloud-test-report"
- name: CONFIG_KAFKA_HOST
value: "192.168.71.223"
- name: CONFIG_KAFKA_PORT
value: "9092"
- name: CONFIG_ZK_PORT
value: "2181"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
volumes:
- name: localtime
hostPath:
path: /etc/localtime
restartPolicy: Always
imagePullSecrets:
- name: regcred
selector:
matchLabels:
app: cloudconfig
serveroauth2.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: serveroauth2
labels:
app: serveroauth2
spec:
replicas: 1
template:
metadata:
name: serveroauth2
labels:
app: serveroauth2
spec:
nodeSelector:
type: outer
containers:
- name: serveroauth2
image:
imagePullPolicy: IfNotPresent
env:
- name: CLOUD_EUREKA_DEFAULTZONE
value: "http://root:[email protected]/eureka/,http://root:[email protected]/eureka/"
- name: JASYPT_ENCRYPTOR_PASSWORD
value: "l&id81!lw"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
ports:
- containerPort: 9403
hostPort: 9403
volumes:
- name: localtime
hostPath:
path: /etc/localtime
restartPolicy: Always
imagePullSecrets:
- name: regcred
selector:
matchLabels:
app: serveroauth2
serveroauth2-router.yml
---
apiVersion: v1
kind: Service
metadata:
name: serveroauth2
spec:
selector:
app: serveroauth2
ports:
- protocol: TCP
port: 80
targetPort: 9403
cloudgateway.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cloudgateway
labels:
app: cloudgateway
spec:
replicas: 1
template:
metadata:
name: cloudgateway
labels:
app: cloudgateway
spec:
nodeSelector:
type: outer
containers:
- name: cloudgateway
image:
imagePullPolicy: IfNotPresent
env:
- name: CLOUD_EUREKA_DEFAULTZONE
value: "http://root:[email protected]/eureka/,http://root:[email protected]/eureka/"
- name: JASYPT_ENCRYPTOR_PASSWORD
value: "l&id81!lw"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
ports:
- containerPort: 5000
hostPort: 5000
volumes:
- name: localtime
hostPath:
path: /etc/localtime
restartPolicy: Always
imagePullSecrets:
- name: regcred
selector:
matchLabels:
app: cloudgateway
service
案例
servicealibabaorder.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: servicealibabaorder
labels:
app: servicealibabaorder
spec:
replicas: 1
template:
metadata:
name: servicealibabaorder
labels:
app: servicealibabaorder
spec:
containers:
- name: servicealibabaorder
image:
imagePullPolicy: IfNotPresent
env:
- name: CLOUD_EUREKA_DEFAULTZONE
value: "http://root:[email protected]/eureka/,http://root:[email protected]/eureka/"
- name: JASYPT_ENCRYPTOR_PASSWORD
value: "l&id81!lw"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
- name: app-logs
mountPath: /logs
- name: filebeat
image: docker.elastic.co/beats/filebeat:5.4.0
volumeMounts:
- name: app-logs
mountPath: /logs
- name: filebeat-config
mountPath: /usr/share/filebeat/filebeat.yml
readOnly: true
subPath: filebeat.yml
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: app-logs
emptyDir: {}
- name: filebeat-config
configMap:
name: filebeat-config
restartPolicy: Always
imagePullSecrets:
- name: regcred
selector:
matchLabels:
app: servicealibabaorder
当需要更新更新镜像的时候需要直接编辑对应工程的部署文件的镜像版本即可
项目模块规划升级-v3
升级之后的结构:
ebuy-cloud
springcloud
cloud-eureka
cloud-config
cloud-oauth2
cloud-gateway
service-common
commons-base
commons-dto
commons-http
commons-task
commons-utils
service-modules
canal.sample
dynamic-datasource
service-amazon
service-crm
service-erp
service-erp-crm
service-kafka-demo
service-logistics
service-logistics-old
service-mrp
service-plan
service-procurement
service-procurement-old
service-product
service-warehouse
service-workflow
service-workflowengine
service-xxljob-demo
cloud-basics
service-alibaba-order
service-aliyun-image-search
service-basics-data
service-batchtask
service-file
service-mail
service-util
cloud-datacenter
service-elasticsearch
service-oa
service-system
将原来的spring cloud的组件工程放到单独的文件夹中
关于镜像命名和版本的问题
原来的做法
所有的镜像在同一个命名空间、同一个仓库、使用标签后缀实现镜像名称和版本的区分
遇到什么问题
k8s 使用 kubectl rollout status deployment service-xxx 实现镜像升级
这里有一个前提
原来的镜像的版本必须与当前的版本不同
jenkins -> k8s 的webhook不可用
现在的做法
镜像源
对每个服务的tag单独出来做版本划分
需要变成 四级目录
# 镜像源地址
registry.cn-shenzhen.aliyuncs.com
# 命名空间
ebuy-cloud
# 服务名
service-xxx
# 递增版本号 (大版本号+时间戳版本号)
1.0.1
所以需要为每一个服务创建一个仓库
并且不允许 push 覆盖版本
– 生产 和 开发/测试 环境的镜像库隔离是否有必要
– 提供页面去执行kubectl rollout status deployment service-xxx 是否有必要
构建
修改pom.xml中tag标签中的值
去掉后面的环境区分
加上当前时间戳
部署
修改 k8s-deploy-service-xxx.yml 文件
镜像名
前缀 -> registry.cn-shenzhen.aliyuncs.com/ebuy-cloud
仓库名 -> service-xxx
版本号 -> lastest
关于仓库的想法
划分仓库有哪些好处?
可以更加清晰的看到很多版本
划分仓库有哪些坏处?
每加一个服务或者修改服务名称 就要加一个仓库
日志管理
搭建ek
# 创建保存elk文件的文件夹
mkdir -p /data/tristan/elk && cd /data/tristan/elk
# 下载docker stack 文件
wget https://github.com/deviantony/docker-elk/archive/master.zip
#解压并进入该docker stack 文件位置
unzip master.zip && cd docker-elk-master
# 修改es的内存
vi docker-stack.yml
# 将256 改为 2048
# 初始化docker swarm集群
docker swarm init
# 运行容器
docker stack deploy -c docker-stack.yml elk
在上一个版本中(v2)
使用docker stack创建elk(elasticsearch/logstash/kibana)
配置容器的日志驱动为syslog 并且配置syslog-address地址为logstash的地址
在使用过程发现几个问题:
1、由于日志内容中没有zipkin的trace信息(spanId)导致并发调用的时候获取整个调用链日志不直观
2、 日志过于呈现形式为日志行,导致分析定位问题不直观
3、由于syslog的方式与elk耦合过重导致业务系统的启动会受到elk的影响
4、syslog会影响原来docker 日志的显示,降低docker 容器的性能
有几个好处:
配置简单,维护简单
设计思考
elk是否需要放到k8s容器中?
非常有必要
放到k8s容器之后,再通过dnsServer去固定内部访问地址可以简化配置,使得开发/测试/生产环境的配置一致
后期动态扩缩节点更方便(相比docker stack)
带来的坏处?
搭建需要时间
实践
通过k8s 部署文件 搭建elk
将kibana固定到指定标签的主机上,提供外部访问端口
通过service固定elk的内部访问地址
修改Deployment的配置指向 elk
- image: sz-pg-oam-docker-hub-001.tendcloud.com/library/filebeat:5.4.0
name: filebeat
volumeMounts:
- name: app-logs
mountPath: /log
- name: filebeat-config
mountPath: /etc/filebeat/
配置使用filebeat / fluent
参考资料
https://www.kubernetes.org.cn/4022.html nfs
https://www.kubernetes.org.cn/2011.html ek + filebeat
总结
第二个版本主要做了什么?
优化项目实现可配置式
基于gitlab中实现开发、测试、生产环境的切换、隔离和权限控制
jenkins构建项目打包镜像并推送到阿里云的docker镜像仓库同时触发docker service的重新拉取镜像并运行,单独开放只读用户给测试人员
基于docker swarm集群创建overlay网络、registry、docker service,注入参数到容器、挂载数据卷、开放全局端口、任意服务的高可用和高拓展已经容器的性能监控
基于elk+syslog+zipkin server实现分布式调用链及日志的聚合分析
在第三个部署版本中:
我会着重解决几个问题:
使用k8s替换docker swarm
使用fannel替换overlay
弱化spring cloud
遇到的问题?
服务器资源问题 – 目前已经有很多资源了,所以资源应该不是问题
因为一开始没有锁定代码版本导致现在的镜像的版本无法和原来的代码的版本保持一致 --从线上根据原来部署文件直接构建镜像
mysql 根据ip授权的问题,是应该给宿主机ip授权还是容器的ip授权 – 根据宿主机ip授权即可
v3(k8s)解决了什么问题?
原始发包容易出错
每个工程里面取改配置文件容易出错且效率低
发包的版本无法管理
单jar包部署的性能不够,稳定性不够,主机拓展性不够
日志问题、调用链问题