官网有Helm方式的安装文档(https://www.consul.io/docs/platform/k8s/index.html)
一,准备工作:
1,k8s环境
2,nfs服务器
二,创建PV
nfs_pv.yaml
apiVersion: v1 kind: PersistentVolume metadata: name: kingsun.nfs1 spec: capacity: storage: 1Gi accessModes: ["ReadWriteMany","ReadWriteOnce","ReadOnlyMany"] persistentVolumeReclaimPolicy: Recycle storageClassName: nfs nfs: path: /mnt/nfsdata server: 196.1.210.140 --- apiVersion: v1 kind: PersistentVolume metadata: name: kingsun.nfs2 spec: capacity: storage: 1Gi accessModes: ["ReadWriteMany","ReadWriteOnce","ReadOnlyMany"] persistentVolumeReclaimPolicy: Recycle storageClassName: nfs nfs: path: /mnt/nfsdata server: 196.1.210.140 --- apiVersion: v1 kind: PersistentVolume metadata: name: kingsun.nfs3 spec: capacity: storage: 1Gi accessModes: ["ReadWriteMany","ReadWriteOnce","ReadOnlyMany"] persistentVolumeReclaimPolicy: Recycle storageClassName: nfs nfs: path: /mnt/nfsdata server: 196.1.210.140
执行:kubectl apply -f nfs_pv.yaml 创建pv(PersistentVolume)
三,将Consul使用端口通过Service暴露
PortService.yaml
apiVersion: v1 kind: Service metadata: name: consul labels: name: consul spec: type: ClusterIP clusterIP: None ports: - name: http port: 8500 targetPort: 8500 - name: https port: 8443 targetPort: 8443 - name: rpc port: 8400 targetPort: 8400 - name: serflan-tcp protocol: "TCP" port: 8301 targetPort: 8301 - name: serflan-udp protocol: "UDP" port: 8301 targetPort: 8301 - name: serfwan-tcp protocol: "TCP" port: 8302 targetPort: 8302 - name: serfwan-udp protocol: "UDP" port: 8302 targetPort: 8302 - name: server port: 8300 targetPort: 8300 - name: consuldns port: 8600 targetPort: 8600 selector: app: consul
四,编辑ACL配置文件并保存到K8S ConfigMap
Acl.json
{"acl":{
"enabled":true,
"default_policy":"deny",
"enable_token_persistence":true,
"tokens":{
"master":"8dc1eb67-1f5f-4e10-ad9d-5e58b047647c",
"agent":"8dc1eb67-1f5f-4e10-ad9d-5e58b047647c"
}
}}
执行:kubectl create configmap --from-file Acl.json
查看configmap:kubectl get configmap -o yaml
PS G:KingSunConsulYaml> kubectl get configmap -o yaml apiVersion: v1 items: - apiVersion: v1 data: Acl.json: "{"acl":{ "enabled":true, "default_policy":"deny", "enable_token_persistence":true, "tokens":{ "master":"8dc1eb67-1f5f-4e10-ad9d-5e58b047647c", "agent":"8dc1eb67-1f5f-4e10-ad9d-5e58b047647c" } }}" kind: ConfigMap metadata: creationTimestamp: "2019-12-03T08:21:22Z" name: consul-acl-config namespace: default resourceVersion: "771714" selfLink: /api/v1/namespaces/default/configmaps/consul-acl-config uid: 57507410-e0a2-4979-9c8b-731fe9dc62b8 kind: List metadata: resourceVersion: "" selfLink: ""
五,编辑StateFulSet配置文件创建pod
StateFulSet.yaml
apiVersion: apps/v1 kind: StatefulSet metadata: name: consul spec: selector: matchLabels: app: consul serviceName: consul replicas: 1 template: metadata: labels: app: consul spec: #affinity: # podAntiAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # - labelSelector: # matchExpressions: # - key: app # operator: In # values: # - consul # topologyKey: kubernetes.io/hostname terminationGracePeriodSeconds: 10 volumes: - name: config configMap: name: consul-acl-config containers: - name: consul image: consul:latest volumeMounts: - name: config mountPath: /consul/config - name: data mountPath: /consul/data command: - "/bin/sh" - "-ec" - | exec /bin/consul agent -server -ui -advertise="$(PODIP)" -bind=0.0.0.0 -client=0.0.0.0 -bootstrap-expect=1 -data-dir=/consul/data -domain=cluster.local -retry-join=consul-0.consul.$(NAMESPACE).svc.cluster.local -disable-host-node-id -datacenter=ks -config-file=/consul/config/Acl.json env: - name: PODIP valueFrom: fieldRef: fieldPath: status.podIP - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - containerPort: 8500 name: ui-port - containerPort: 8400 name: alt-port - containerPort: 53 name: udp-port - containerPort: 8443 name: https-port - containerPort: 8080 name: http-port - containerPort: 8301 name: serflan - containerPort: 8302 name: serfwan - containerPort: 8600 name: consuldns - containerPort: 8300 name: server volumeClaimTemplates: - metadata: name: data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 1Gi storageClassName: nfs
执行:kubectl apply -f StateFulSet.yaml
查看consul pod日志:kubectl logs consul-0
查看StateFulSet启动日志:kubectl describe StateFulSet consul
六,通过NodePort Service暴露consul ui
UiService.yaml
apiVersion: v1 kind: Service metadata: name: consul-ui labels: app: consul spec: selector: app: consul ports: - name: consul-port protocol: TCP port: 80 nodePort: 32000 targetPort: 8500 type: NodePort
七,打开ui
先点击"acl"输入Acl.json中定义的master_token
