JustHaveTry 2020-05-08
Consul 集群(三个节点)部署方式使用 StatefulSet
Consul 集群成员之间使用TLS进行安全通信 TLS and encryption keys
主节点需要安装以下工具:cfssl 、 cfssljson、consul
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 chmod a+x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64 mv cfssl_linux-amd64 /usr/local/bin/cfssl mv cfssljson_linux-amd64 /usr/local/bin/cfssljson mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo wget https://releases.hashicorp.com/consul/1.7.1/consul_1.7.1_linux_amd64.zip unzip consul_1.7.1_linux_amd64.zip mv consul /usr/local/bin/ consul一般下载比较慢,以下提供百度云下载地址: 链接: https://pan.baidu.com/s/1sePwMD0yKL62FvlMSn8dyw 提取码: kkua
安装教程
git clone https://github.com/kelseyhightower/consul-on-kubernetes.git cd consul-on-kubernetes
cfssl gencert -initca ca/ca-csr.json | cfssljson -bare ca cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca/ca-config.json -profile=default ca/consul-csr.json | cfssljson -bare consul
GOSSIP_ENCRYPTION_KEY=$(consul keygen)
kubectl create secret generic consul --from-literal="gossip-encryption-key=${GOSSIP_ENCRYPTION_KEY}" --from-file=ca.pem --from-file=consul.pem --from-file=consul-key.pem kubectl create configmap consul --from-file=configs/server.json
mkdir -p /data/pv/consul-0 /data/pv/consul-1 /data/pv/consul-2 vim consul-pv.yaml # 内容如下 kubectl create -f consul-pv.yaml
apiVersion: v1 kind: PersistentVolume metadata: labels: app: data-consul-0 name: data-consul-0 spec: capacity: storage: 10Gi volumeMode: Filesystem accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle hostPath: path: /data/pv/consul-0 --- apiVersion: v1 kind: PersistentVolume metadata: labels: app: data-consul-1 name: data-consul-1 spec: capacity: storage: 10Gi volumeMode: Filesystem accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle hostPath: path: /data/pv/consul-1 --- apiVersion: v1 kind: PersistentVolume metadata: labels: app: data-consul-2 name: data-consul-2 spec: capacity: storage: 10Gi volumeMode: Filesystem accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle hostPath: path: /data/pv/consul-2
consul-pv.yaml
kubectl create -f services/consul.yaml kubectl apply -f serviceaccounts/consul.yaml kubectl apply -f clusterroles/consul.yaml kubectl create -f services/consul.yaml
kubectl get pods NAME READY STATUS RESTARTS AGE consul-0 1/1 Running 0 50s consul-1 1/1 Running 0 29s consul-2 1/1 Running 0 15s
kubectl logs consul-0
[]# kubectl exec -it consul-0 /bin/sh / # consul members Node Address Status Type Build Protocol DC Segment consul-0 10.11.3.139:8301 alive server 1.4.0rc1 2 dc1 <all> consul-1 10.11.5.11:8301 alive server 1.4.0rc1 2 dc1 <all> consul-2 10.11.0.9:8301 alive server 1.4.0rc1 2 dc1 <all> / # ^C / # exit command terminated with exit code 130
1)本地访问
kubectl port-forward consul-0 8500:8500
然后本地浏览器访问 http://127.0.0.1:8500 即可。
2)通过 NodePort 对外暴露端口
vim services/consul.yaml # 修改如下 kubectl replace -f services/consul.yaml
apiVersion: v1 kind: Service metadata: name: consul labels: name: consul spec: #clusterIP: None type: NodePort ports: - name: http port: 8500 nodePort: 30500 targetPort: 8500 - ......
然后任意浏览器访问 http://masterip:30500 即可。
3)通过 Ingress 暴露外网地址
暂不做说明
bash cleanup