Shulou(Shulou.com)05/31 Report--

This article mainly introduces "how to deploy consumer clusters on kubernetes". In daily operation, I believe many people have doubts about how to deploy consumer clusters on kubernetes. Xiaobian consulted various materials and sorted out simple and easy operation methods. I hope to help you answer the doubts about "how to deploy consumer clusters on kubernetes"! Next, please follow the small series to learn together!

preview

The three nodes of the consumer cluster are deployed using StatefulSet

TLS and encryption keys for secure communication between cluster members

preliminary knowledge

This tutorial takes advantage of Kubernetes 1.7.0 and later features.

kubernetes 1.7.x

The following client must be installed on the machine used in this tutorial:

consul 0.9.x

cfssl and cfssljson 1.2

use

Clone this repo:

git clone https://github.com/nicklv/consul_cluster_on_kubernetes.git

Go to consul-on-kubernetes directory:

cd consul-on-kubernetes Generate TLS certificates

RPC communications between members of a Consul cluster are encrypted using TLS. Initialize the CA certificate with the following command:

cfssl gencert -initca ca/ca-csr.json | cfssljson -bare ca

Create TLS certificates and private keys using the following command:

cfssl gencert \ -ca=ca.pem \ -ca-key=ca-key.pem \ -config=ca/ca-config.json \ -profile=default \ ca/consul-csr.json | cfssljson -bare consul

After executing the above command, you should see the following certificate file in the current directory:

ca-key.pemca.pemconsul-key.pemconsul.pem Generate Consul Gossip encryption key

Gossip communication Consul Encrypted communication between cluster members using shared encryption keys. Use the following command to generate the encryption key:

GOSSIP_ENCRYSTATION_KEY=$(consume keygen) Use the following command to generate Secrets and Configmaps used by Consul clusters

Consul clusters are configured via CLI flags, TLS certificates, and configuration files, which are stored via Kubernetes config maps and secrets.

Store the Gossip encryption key and TLS certificate in Kubernetes Secret:

kubectl create secret generic consul \ --from-literal="gossip-encryption-key=${GOSSIP_ENCRYPTION_KEY}" \ --from-file=ca.pem \ --from-file=consul.pem \ --from-file=consul-key.pem

Store the profile used by Consul cluster in ConfigMap of kubernetes:

kubectl create configmap consume--from-file= configs/server.json Before creating Consul service and statefulSet, create pv(persistVolume) persistent storage volume and pvc(persistVolumeClaim) persistent storage volume declaration kubectl create -f pvc/pvc.yaml Create Consul cluster service with kubectl command

Expose Consul cluster functionality by creating a service:

kubectl create -f services/consume.yaml Create Consul Cluster StatefulSet

Start 3 instance nodes of Consul cluster by deploying StatefulSet:

kubectl create -f statefulsets/consul.yaml

All Consul nodes will be created. Before proceeding to the next step, verify that all nodes are in the normal Running state. Execute the following command to see the following results:

kubectl get podsNAME READY STATUS RESTARTS AGEconsul-0 1/1 Running 0 50sconsul-1 1/1 Running 0 29sconsul-2 1/1 Running 0 15s Verify node status

At this point, all nodes of the Consume cluster have been started. To make sure that each node is working properly, you can view the membership status of each cluster by viewing the log command.

kubectl logs consul-0

(This step may not be performed) You can use Consul CLI to check the health status of the consumer cluster, you can use port-forward mode in the new command window to access via IP, in this tutorial our test environment applied for domain names, and support external network access via peanut shells.

kubectl port-forward consul-0 8400:8400Forwarding from 127.0.0.1:8400 -> 8400Forwarding from [::1]:8400 -> 8400

(If you don't execute the previous command, you can enter the following command to consume-0 pod, kubectl exec -it consume-0 /bin/sh) Execute the consume members command to view the status of all nodes in the consume cluster.

consul membersNode Address Status Type Build Protocol DCconsul-0 10.244.2.197:8301 alive server 0.9.1 2 dc1consul-1 10.244.1.231:8301 alive server 0.9.1 2 dc1consul-2 10.244.2.198:8301 alive server 0.9.1 2 dc1 Access consume Cluster Web UI

Currently Consul cluster UI sites do not support permission validation, so it is not recommended to expose Web UI access to the external network in production environments for security reasons. There are two ways to access Web-UI:

Port 8500 of consumer-0 node is exposed through port-forward, which is similar to nodeport mode. All traffic accessing port 8500 of the server where consumer-0 node is located is forwarded to consumer-0. Disadvantages: After the node restarts, if the server node changes, the access IP will also change. It is recommended to use this model in an experimental environment.

kubectl port-forward consume-0 8500:8500 After executing the above command, access the consume cluster web administration interface via the URL address http://127.0.0.1:8500

Through Ingress exposure to external network access, we configured a consul.xxxx.cn domain name, exposed to the external network. This mode allows unlimited access to the consumer cluster web management interface from external networks, so it is recommended to use it in development or testing environments, not in production environments.

clean up

Running the cleanup script automatically removes all running consum-related kubernetes resources. Note: Adjust the cleanup script according to the actual situation.

bash cleanup At this point, the study of "how to deploy consumer clusters on kubernetes" is over, hoping to solve everyone's doubts. Theory and practice can better match to help everyone learn, go and try it! If you want to continue learning more relevant knowledge, please continue to pay attention to the website, Xiaobian will continue to strive to bring more practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.