k8s部署consul集群-蒲公英云

k8s以StatefulSet方式部署consul集群：

public-service-ns.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: public-service

consul-server.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: consul
  namespace: public-service
spec:
  rules:
    - host: consul.lzxlinux.com
      http:
        paths:
          - path: /
            backend:
              serviceName: consul-ui
              servicePort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: consul-ui
  namespace: public-service
  labels:
    app: consul
    component: server
spec:
  selector:
    app: consul
  ports:
    - name: http
      port: 80
      targetPort: 8500
---
apiVersion: v1
kind: Service
metadata:
  name: consul-dns
  namespace: public-service
  labels:
    app: consul
    component: dns
spec:
  selector:
    app: consul
  ports:
    - name: dns-tcp
      protocol: TCP
      port: 53
      targetPort: dns-tcp
    - name: dns-udp
      protocol: UDP
      port: 53
      targetPort: dns-udp
---
apiVersion: v1
kind: Service
metadata:
  name: consul-server
  namespace: public-service
  labels:
    app: consul
    component: server
spec:
  selector:
    app: consul
    component: server
  ports:
    - name: http
      port: 8500
      targetPort: 8500
    - name: dns-tcp
      protocol: TCP
      port: 8600
      targetPort: dns-tcp
    - name: dns-udp
      protocol: "UDP"
      port: 8600
      targetPort: dns-udp
    - name: serflan-tcp
      protocol: TCP
      port: 8301
      targetPort: 8301
    - name: serflan-udp
      protocol: UDP
      port: 8301
      targetPort: 8302
    - name: serfwan-tcp
      protocol: TCP
      port: 8302
      targetPort: 8302
    - name: serfwan-udp
      protocol: UDP
      port: 8302
      targetPort: 8302
    - name: server
      port: 8300
      targetPort: 8300
  publishNotReadyAddresses: true
  clusterIP: None
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: consul-server-config
  namespace: public-service
data:
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
  name: consul-server
  namespace: public-service
spec:
  selector:
    matchLabels:
      app: consul
      component: server
  minAvailable: 2
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: consul-server
  namespace: public-service
spec:
  serviceName: consul-server
  replicas: 3
  updateStrategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app: consul
      component: server
  template:
    metadata:
      labels:
        app: consul
        component: server
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: "componment"
                    operator: In
                    values:
                    - server
              topologyKey: "kubernetes.io/hostname"
      terminationGracePeriodSeconds: 10
      containers:
      - name: consul
        image: consul:latest
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8500
          name: http
        - containerPort: 8600
          name: dns-tcp
          protocol: TCP
        - containerPort: 8600
          name: dns-udp
          protocol: UDP
        - containerPort: 8301
          name: serflan
        - containerPort: 8302
          name: serfwan
        - containerPort: 8300
          name: server
        env:
        - name: POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        args:
        - "agent"
        - "-server"
        - "-advertise=$(POD_IP)"
        - "-bind=0.0.0.0"
        - "-bootstrap-expect=3"
        - "-datacenter=dc1"
        - "-config-dir=/consul/userconfig"
        - "-data-dir=/consul/data"
        - "-disable-host-node-id"
        - "-domain=cluster.local"
        - "-retry-join=consul-server-0.consul-server.$(NAMESPACE).svc.cluster.local"
        - "-client=0.0.0.0"
        - "-ui"
        resources:
          limits:
            cpu: "100m"
            memory: "128Mi"
          requests:
            cpu: "100m"
            memory: "128Mi"
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - consul leave
        volumeMounts:
        - name: data
          mountPath: /consul/data
        - name: user-config
          mountPath: /consul/userconfig
      volumes:
      - name: user-config
        configMap:
          name: consul-server-config
      - name: data
        emptyDir: { }
      securityContext:
        fsGroup: 1000
# volumeClaimTemplates:
# - metadata:
# name: data
# spec:
# accessModes:
# - ReadWriteMany
# storageClassName: "gluster-heketi-2"
# resources:
# requests:
# storage: 10Gi

consul-client.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: consul-client-config
  namespace: public-service
data:
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: consul
  namespace: public-service
spec:
  selector:
    matchLabels:
      app: consul
      component: client
  template:
    metadata:
      labels:
        app: consul
        component: client
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: "componment"
                    operator: In
                    values:
                    - client
              topologyKey: "kubernetes.io/hostname"
      terminationGracePeriodSeconds: 10
      containers:
      - name: consul
        image: consul:latest
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8500
          name: http
        - containerPort: 8600
          name: dns-tcp
          protocol: TCP
        - containerPort: 8600
          name: dns-udp
          protocol: UDP
        - containerPort: 8301
          name: serflan
        - containerPort: 8302
          name: serfwan
        - containerPort: 8300
          name: server
        env:
        - name: POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        args:
        - "agent"
        - "-advertise=$(POD_IP)"
        - "-bind=0.0.0.0"
        - "-datacenter=dc1"
        - "-config-dir=/consul/userconfig"
        - "-data-dir=/consul/data"
        - "-disable-host-node-id=true"
        - "-domain=cluster.local"
        - "-retry-join=consul-server-0.consul-server.$(NAMESPACE).svc.cluster.local"
        - "-client=0.0.0.0"
        resources:
          limits:
            cpu: "50m"
            memory: "32Mi"
          requests:
            cpu: "50m"
            memory: "32Mi"
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - consul leave
        volumeMounts:
        - name: data
          mountPath: /consul/data
        - name: user-config
          mountPath: /consul/userconfig
      volumes:
      - name: user-config
        configMap:
          name: consul-client-config
      - name: data
        emptyDir: { }
      securityContext:
        fsGroup: 1000
# volumeClaimTemplates:
# - metadata:
# name: data
# spec:
# accessModes:
# - ReadWriteMany
# storageClassName: "gluster-heketi-2"
# resources:
# requests:
# storage: 10Gi

PodDisruptionBudget：

k8s可以为每个应用程序创建 PodDisruptionBudget 对象（PDB）。PDB 将限制在同一时间因资源干扰导致的复制应用程序中宕机的 pod 数量。

可以通过两个参数来配置PodDisruptionBudget：

MinAvailable：表示最小可用Pod数，表示应用Pod集群处于运行状态的最小Pod数量，或者是运行状态的Pod数同总Pod数的最小百分比
MaxUnavailable：表示最大不可用Pod数，表示应用Pod集群处于不可用状态的最大Pod数，或者是不可用状态的Pod数同总Pod数的最大百分比

需要注意的是，MinAvailable参数和MaxUnavailable参数只能同时配置一个。

部署：

kubectl apply -f public-service-ns.yaml

kubectl apply -f consul-server.yaml

kubectl get svc -n public-service

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
consul-dns ClusterIP 10.110.235.63 53/TCP,53/UDP 85s
consul-server ClusterIP None 8500/TCP,8600/TCP,8600/UDP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP 85s
consul-ui ClusterIP 10.98.220.223 80/TCP 85s

kubectl get pod -n public-service
NAME              READY   STATUS    RESTARTS   AGE
consul-server-0   1/1     Running   0          110s
consul-server-1   1/1     Running   0          107s
consul-server-2   1/1     Running   0          92s

查看集群状态：

kubectl exec -n public-service consul-server-0 — consul members

Node Address Status Type Build Protocol DC Segment
consul-server-0 172.10.135.17:8301 alive server 1.8.3 2 dc1
consul-server-1 172.10.104.11:8301 alive server 1.8.3 2 dc1
consul-server-2 172.10.166.136:8301 alive server 1.8.3 2 dc1
访问ui：

添加hosts：consul.lzxlinux.com，访问consul.lzxlinux.com/ui。

在这里插入图片描述

可以看到：consul-server-0是leader，集群状态正常。

加入client：

kubectl apply -f consul-client.yaml

kubectl get pod -n public-service

NAME READY STATUS RESTARTS AGE
consul-8wx22 1/1 Running 0 40s
consul-glmgs 1/1 Running 0 10s
consul-server-0 1/1 Running 0 30m
consul-server-1 1/1 Running 0 30m
consul-server-2 1/1 Running 0 30m
consul-vxbj7 1/1 Running 0 61s

kubectl exec -n public-service consul-server-0 — consul members

Node Address Status Type Build Protocol DC Segment
consul-server-0 172.10.135.17:8301 alive server 1.8.3 2 dc1
consul-server-1 172.10.104.11:8301 alive server 1.8.3 2 dc1
consul-server-2 172.10.166.136:8301 alive server 1.8.3 2 dc1
consul-8wx22 172.10.166.138:8301 alive client 1.8.3 2 dc1
consul-glmgs 172.10.135.19:8301 alive client 1.8.3 2 dc1
consul-vxbj7 172.10.104.13:8301 alive client 1.8.3 2 dc1