-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
beatrueman
committed
Nov 16, 2024
1 parent
2f50812
commit 3e4fcd6
Showing
26 changed files
with
2,826 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,233 @@ | ||
# ferry的Kubernetes部署 | ||
|
||
## 做出的更改 | ||
|
||
通过项目目录下的`Dockerfile`将ferry打包为镜像,推送至dockerhub | ||
|
||
镜像名:`beatrueman/ferry:1.0.0` | ||
|
||
在项目目录下新增了`deploy`目录,用于ferry的K8s平台部署,其中包含了`helm`和`kubernetes`两个目录 | ||
|
||
- helm目录:包含了一个ferry的chart | ||
- kubernetes目录:包含部署ferry的资源文件 | ||
|
||
## kubernetes目录 | ||
|
||
包含以下文件: | ||
|
||
- `config.yaml`:ferry的`ConfigMap`,包含了ferry的`rbac_model.conf`和settings.yml | ||
- `secret.yaml`:用于保存数据库凭据 | ||
- `deploy.yaml`:包含ferry主平台的`deployment`,`service`和`pvc`,pvc用于持久化`/opt/workflow/ferry/config` | ||
- `mysql.yaml`:包含用于ferry的mysql数据库的`statefulset`,`service`和`pvc` | ||
- `redis.yaml`:包含用于ferry的redis的`deployment`,`service`和`pvc` | ||
- `sql目录`:保存了`ferry.sql`和`db.sql`,需要用户手动的导入到数据库中 | ||
|
||
使用如下命令部署: | ||
|
||
``` | ||
kubectl apply -f <sources>.yaml | ||
``` | ||
|
||
## helm目录 | ||
|
||
目录结构如下 | ||
|
||
``` | ||
. | ||
|-- Chart.yaml | ||
|-- charts | ||
|-- templates | ||
| |-- NOTES.txt | ||
| |-- _helpers.tpl | ||
| |-- configmap.yaml # ferry主平台 | ||
| |-- deployment.yaml # ferry主平台 | ||
| |-- mysql # ferry依赖的mysql的资源模板文件 | ||
| | |-- persistentvolumeclaim.yaml | ||
| | |-- service.yaml | ||
| | `-- statefulset.yaml | ||
| |-- persistentvolumeclaim.yaml | ||
| |-- redis # ferry依赖的redis的资源模板文件 | ||
| | |-- deployment.yaml | ||
| | |-- persistentvolumeclaim.yaml | ||
| | `-- service.yaml | ||
| |-- secret.yaml # ferry主平台 | ||
| `-- service.yaml # ferry主平台 | ||
`-- values.yaml # helm配置文件 | ||
``` | ||
|
||
***values.yaml介绍*** | ||
|
||
``` | ||
replicaCount: 1 # ferry、mysql、redis副本数 | ||
namespace: ferry # ferry的命名空间 | ||
global: | ||
storageClassName: longhorn # 用户可以指定存储类 | ||
# 数据库凭据,主要用于secret | ||
env: | ||
ENV: "production" | ||
MYSQL_ROOT_PASSWORD: "123456" | ||
MYSQL_USER: "ferry" | ||
MYSQL_DATABASE: "ferry" | ||
MYSQL_PASSWORD: "123456" | ||
# ferry的配置项 | ||
ferry: | ||
image: | ||
repository: beatrueman/ferry | ||
tag: "1.0.0" | ||
pullPolicy: IfNotPresent | ||
service: | ||
type: NodePort | ||
port: 8002 | ||
# ferry的持久卷 | ||
persistentVolume: | ||
accessModes: | ||
- ReadWriteOnce | ||
size: 2Gi | ||
# 如果要自用mysql,请将enable设置为false | ||
# 并且需要修改下方configMap.settings.yml中的database.host | ||
mysql: | ||
enable: false | ||
image: | ||
repository: mysql | ||
tag: 8.4.0-oraclelinux8 | ||
port: 3306 | ||
persistentVolume: | ||
accessModes: | ||
- ReadWriteOnce | ||
size: 2Gi | ||
# 如果要自用redis,请将enable设置为false | ||
# 并且需要修改下方configMap.settings.yml中的redis.url | ||
redis: | ||
enable: false | ||
image: | ||
repository: redis | ||
tag: 7.0.5-alpine | ||
port: 6379 | ||
persistentVolume: | ||
accessModes: | ||
- ReadWriteOnce | ||
size: 2Gi | ||
# ferry的配置文件 | ||
# 主要关注database和redis | ||
configMap: | ||
rbac_model_conf: | | ||
[request_definition] | ||
r = sub, obj, act | ||
[policy_definition] | ||
p = sub, obj, act | ||
[policy_effect] | ||
e = some(where (p.eft == allow)) | ||
[matchers] | ||
m = r.sub == p.sub && (keyMatch2(r.obj, p.obj) || keyMatch(r.obj, p.obj)) && (r.act == p.act || p.act == "*") | ||
settings_yml: | | ||
script: | ||
path: ./static/scripts | ||
settings: | ||
application: | ||
domain: localhost:8002 | ||
host: 0.0.0.0 | ||
ishttps: false | ||
mode: dev | ||
name: ferry | ||
port: "8002" | ||
readtimeout: 1 | ||
writertimeout: 2 | ||
database: | ||
dbtype: mysql | ||
host: ferry-mysql.ferry.svc.cluster.local # 这里使用K8s部署mysql service的DNS,如果使用自用的数据库,请更改 | ||
name: ferry | ||
password: 123456 | ||
port: 3306 | ||
username: root | ||
domain: | ||
gethost: 1 | ||
url: localhost:9527 | ||
email: | ||
alias: ferry | ||
host: smtp.163.com | ||
pass: your password | ||
port: 465 | ||
user: [email protected] | ||
gorm: | ||
logmode: 0 | ||
maxidleconn: 0 | ||
maxopenconn: 20000 | ||
jwt: | ||
secret: ferry | ||
timeout: 86400 | ||
ldap: | ||
anonymousquery: 0 | ||
basedn: dc=fdevops,dc=com | ||
bindpwd: 123456 | ||
binduserdn: cn=admin,dc=fdevops,dc=com | ||
host: localhost | ||
port: 389 | ||
tls: 0 | ||
userfield: uid | ||
log: | ||
compress: 1 | ||
consolestdout: 1 | ||
filestdout: 0 | ||
level: debug | ||
localtime: 1 | ||
maxage: 30 | ||
maxbackups: 300 | ||
maxsize: 10240 | ||
path: ./logs/ferry.log | ||
public: | ||
islocation: 0 | ||
redis: | ||
url: redis://ferry-redis.ferry.svc.cluster.local:6379 # 这里使用K8s部署redis service的DNS,如果使用自用的redis,请更改 | ||
ssl: | ||
key: keystring | ||
pem: temp/pem.pem | ||
runAsUser: 1000 | ||
``` | ||
|
||
使用如下命令部署: | ||
|
||
``` | ||
helm install -n <namespace> <release> . | ||
# 建议在ferry命名空间下部署 | ||
``` | ||
|
||
ferry依赖于mysql | ||
|
||
如果使用了附带的mysql,当`helm install`后,需要等待mysql容器准备好后,ferry容器才可以正常运行,期间如果ferry没有正常运行,只需要在mysql正常启动后,重启ferry容器即可(delete它) | ||
|
||
一切就绪后,注意要把`templates/mysql/sql`下的两个sql文件(`ferry.sql`和`db.sql`)导入名为ferry的数据库,先导入`ferry.sql`,后导入`db.sql` | ||
|
||
## 环境介绍 | ||
|
||
### 集群环境 | ||
|
||
![image-20241117011316070](https://gitee.com/beatrueman/images/raw/master/img/202411170113207.png) | ||
|
||
### helm版本 | ||
|
||
![image-20241117011418385](https://gitee.com/beatrueman/images/raw/master/img/202411170114447.png) | ||
|
||
## 部署成功证明 | ||
|
||
helm部署 | ||
|
||
![image-20241117002900813](https://gitee.com/beatrueman/images/raw/master/img/202411170029915.png) | ||
|
||
资源文件部署: | ||
|
||
使用了自用的数据库 | ||
|
||
![image-20241117011709830](https://gitee.com/beatrueman/images/raw/master/img/202411170117927.png) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Patterns to ignore when building packages. | ||
# This supports shell glob matching, relative path matching, and | ||
# negation (prefixed with !). Only one pattern per line. | ||
.DS_Store | ||
# Common VCS dirs | ||
.git/ | ||
.gitignore | ||
.bzr/ | ||
.bzrignore | ||
.hg/ | ||
.hgignore | ||
.svn/ | ||
# Common backup files | ||
*.swp | ||
*.bak | ||
*.tmp | ||
*.orig | ||
*~ | ||
# Various IDEs | ||
.project | ||
.idea/ | ||
*.tmproj | ||
.vscode/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
apiVersion: v2 | ||
name: ferry_helm | ||
description: A Helm chart for Kubernetes | ||
|
||
# A chart can be either an 'application' or a 'library' chart. | ||
# | ||
# Application charts are a collection of templates that can be packaged into versioned archives | ||
# to be deployed. | ||
# | ||
# Library charts provide useful utilities or functions for the chart developer. They're included as | ||
# a dependency of application charts to inject those utilities and functions into the rendering | ||
# pipeline. Library charts do not define any templates and therefore cannot be deployed. | ||
type: application | ||
|
||
# This is the chart version. This version number should be incremented each time you make changes | ||
# to the chart and its templates, including the app version. | ||
# Versions are expected to follow Semantic Versioning (https://semver.org/) | ||
version: 0.1.0 | ||
|
||
# This is the version number of the application being deployed. This version number should be | ||
# incremented each time you make changes to the application. Versions are not expected to | ||
# follow Semantic Versioning. They should reflect the version the application is using. | ||
# It is recommended to use it with quotes. | ||
appVersion: "1.16.0" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
********** | ||
Attention! | ||
********** | ||
|
||
Before using Ferry, you need to import ferry.sql and db.sql from templates/mysql/sql into your database! | ||
You need to import ferroy.sql first and then import db.sql. It is recommended that you import it into a database called ferroy! | ||
|
||
|
||
Thank you for installing {{ .Chart.Name }}. | ||
|
||
Your release is named {{ .Release.Name }}. | ||
|
||
To learn more about the release, try: | ||
|
||
$ helm status {{ .Release.Name }} -n {{ .Values.namespace }} | ||
$ helm get all {{ .Release.Name }} -n {{ .Values.namespace }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
{{/* | ||
Expand the name of the chart. | ||
*/}} | ||
{{- define "ferry_helm.name" -}} | ||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} | ||
{{- end }} | ||
|
||
{{/* | ||
Create a default fully qualified app name. | ||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||
If release name contains chart name it will be used as a full name. | ||
*/}} | ||
{{- define "ferry_helm.fullname" -}} | ||
{{- if .Values.fullnameOverride }} | ||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} | ||
{{- else }} | ||
{{- $name := default .Chart.Name .Values.nameOverride }} | ||
{{- if contains $name .Release.Name }} | ||
{{- .Release.Name | trunc 63 | trimSuffix "-" }} | ||
{{- else }} | ||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
|
||
{{/* | ||
Create chart name and version as used by the chart label. | ||
*/}} | ||
{{- define "ferry_helm.chart" -}} | ||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} | ||
{{- end }} | ||
|
||
{{/* | ||
Common labels | ||
*/}} | ||
{{- define "ferry_helm.labels" -}} | ||
helm.sh/chart: {{ include "ferry_helm.chart" . }} | ||
{{ include "ferry_helm.selectorLabels" . }} | ||
{{- if .Chart.AppVersion }} | ||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} | ||
{{- end }} | ||
app.kubernetes.io/managed-by: {{ .Release.Service }} | ||
{{- end }} | ||
|
||
{{/* | ||
Selector labels | ||
*/}} | ||
{{- define "ferry_helm.selectorLabels" -}} | ||
app.kubernetes.io/name: {{ include "ferry_helm.name" . }} | ||
app.kubernetes.io/instance: {{ .Release.Name }} | ||
{{- end }} | ||
|
||
{{/* | ||
Create the name of the service account to use | ||
*/}} | ||
{{- define "ferry_helm.serviceAccountName" -}} | ||
{{- if .Values.serviceAccount.create }} | ||
{{- default (include "ferry_helm.fullname" .) .Values.serviceAccount.name }} | ||
{{- else }} | ||
{{- default "default" .Values.serviceAccount.name }} | ||
{{- end }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: ferry-config | ||
namespace: {{ .Values.namespace }} | ||
data: | ||
rbac_model.conf: | | ||
{{ .Values.configMap.rbac_model_conf | nindent 4 }} | ||
|
||
settings.yml: | | ||
{{ .Values.configMap.settings_yml | indent 4 }} |
Oops, something went wrong.