南大通用GCDW在k8s上的部署

GCDW的运行环境k8s已经搭建完成,本文介绍将gcdw部署在k8s上的过程,最终将出现云际WEB管理平台。

参考

GCDW技术栈-kubernets操作系统环境准备

GCDW技术栈- docker运行环境搭建

GCDW技术栈 – kubernets 1.26.0运行环境搭建

GCDW元数据服务FoundationDB的集群模式配置和高可用测试

MinIO S3分布式集群搭建

GCDW技术栈,镜像仓库harbor安装,包括https 服务CA证书的生成(openssl)

上一步

GCDW技术栈 – kubernets 1.26.0运行环境搭建

上传镜像

将gcdw安装包里面的images目录下的tar文件,上传到镜像服务器。

[root@k8s-81 images]# ll
total 3158576
-rw-------. 1 root root 255503360 Jan  4 01:36 gcdw-operator-9.8.0.3.5-202301041735.tar
-rw-------. 1 root root 234355712 Jan  4 01:36 logrotate-202301041735.tar
-rw-------. 1 root root 399340032 Jan  4 01:36 s3-monitor-202301041735.tar
-rw-------. 1 root root 907063808 Jan  6 04:09 saas-backend-9.8.0.3.5-202301061953.tar
-rw-------. 1 root root 155664896 Jan  5 19:23 saas-frontend-9.8.0.3.5-202301061022.tar
-rw-------. 1 root root 108803072 Jan  5 19:23 saas-redis-202301061022.tar
-rw-------. 1 root root 263322112 Jan  5 19:23 saas-vsftpd-202301061022.tar
-rw-------. 1 root root 910307840 Jan  3 23:18 server-9.8.0.3.5-20231513.tar
[root@vm249 images]#

先要将镜像加载到docker环境

通过load命令, -i指定文件名,将镜像逐个加载到docker内部。

[root@k8s-81 images]# docker load  --help
Usage:  docker load [OPTIONS]
Load an image from a tar archive or STDIN
Aliases:
  docker image load, docker load
Options:
  -i, --input string   Read from tar archive file, instead of STDIN
  -q, --quiet          Suppress the load output
[root@k8s-81 images]# docker load -i saas-backend-9.8.0.3.5-202301061953.tar
d889666f8dfd: Loading layer [==================================================>]  34.53MB/34.53MB
90006678c274: Loading layer [==================================================>]  19.45MB/19.45MB
ce481b589c7b: Loading layer [==================================================>]  136.4MB/136.4MB
5b6d3eb7eb12: Loading layer [==================================================>]  4.052MB/4.052MB
a791e81cb124: Loading layer [==================================================>]  3.072kB/3.072kB
811b32d98e6d: Loading layer [==================================================>]  497.2MB/497.2MB
3d9261d92a9a: Loading layer [==================================================>]  5.205MB/5.205MB
Loaded image: 192.168.8.84/gcdw/clound-database-backend:9.8.0.3.5
[root@vm249 images]# 

通过docker images能够看到刚才上传的镜像

给镜像打上tag, 指向镜像服务器

[root@k8s-81 images]# docker tag 192.168.8.84/gcdw/clound-database-backend:9.8.0.3.5 172.16.3.249:8443/gcdw/clound-database-backend:9.8.0.3.5

将镜像上传到镜像服务器

[root@k8s-81 images]# docker push 172.16.3.249:8443/gcdw/clound-database-backend:9.8.0.3.5
The push refers to repository [172.16.3.249:8443/gcdw/clound-database-backend]
3d9261d92a9a: Pushed
811b32d98e6d: Pushed
a791e81cb124: Pushed
5b6d3eb7eb12: Pushed
ce481b589c7b: Pushed
90006678c274: Pushed
d889666f8dfd: Pushed
071d8bd76517: Mounted from gcdw/gcdw-operator
9.8.0.3.5: digest: sha256:1dd80b412b5252e66393bc869f3d52aa59bb79044668af85a3e0c8b0551896b9 size: 2007
[root@k8s-81 images]# 

从hardor的gcdw项目里查看

可以看到所需要的所有镜像。

创建命名空间

kubectl create ns gcdw

创建访问凭证

注意里面的命名空间,凭证的名字,harbor服务的地址,用户名和密码。

[root@k8s-81 ~]# kubectl create secret  --namespace gcdw docker-registry gcdw-regcred  --docker-server=172.16.3.249:8443  --docker-username=admin --docker-password=Admin12345
secret/gcdw-regcred created
[root@k8s-81 ~]#

上传gcdw部署helm文件

[root@vm248 gcdw_9.8.0.3.5]# tree .
.
└── helm
    └── single_tenant
        ├── bin
        │   └── helm
        ├── chart
        │   ├── Chart.yaml
        │   ├── templates
        │   │   ├── gcdw-operator
        │   │   │   ├── controller_manager_config.yaml
        │   │   │   ├── filebeat_configmap_gcware.yaml
        │   │   │   ├── filebeat_configmap_warehouse.yaml
        │   │   │   ├── filebeat_configmap.yaml
        │   │   │   ├── gcdw_coordinator_configmap.yaml
        │   │   │   ├── gcdw_warehouse_configmap.yaml
        │   │   │   ├── init-config.yaml
        │   │   │   ├── leader_election_role_binding.yaml
        │   │   │   ├── leader_election_role.yaml
        │   │   │   ├── manager.yaml
        │   │   │   ├── role_binding.yaml
        │   │   │   ├── role.yaml
        │   │   │   └── sa.yaml
        │   │   ├── gcdw-saas
        │   │   │   ├── gcdw-fdb-cm.yaml
        │   │   │   ├── gcdw-ftp-st.yaml
        │   │   │   ├── gcdw-redis-cm.yaml
        │   │   │   ├── gcdw-redis-st.yaml
        │   │   │   ├── gcdw-saas-backend-cm.yaml
        │   │   │   ├── gcdw-saas-backend-st.yaml
        │   │   │   ├── gcdw-saas-frontend-cm.yaml
        │   │   │   ├── gcdw-saas-frontend-st.yaml
        │   │   │   └── rbac.yaml
        │   │   └── _helpers.tpl
        │   └── values.yaml
        ├── crds
        │   ├── gcdw.gbase.cn_coordinators.yaml
        │   └── gcdw.gbase.cn_warehouses.yaml
        └── tools
            └── s3_monit_cronjob.yaml
9 directories, 29 files
[root@vm248 gcdw_9.8.0.3.5]#

编辑char/values.yaml文件

修改内容如下

registry

镜像服务器的地址

imagePullSecrets

访问镜像服务器的安全凭证,用上一步创建凭证的那个名字。

fdb_addr

foundationdb的地址

fdb_cluster

/etc/foundationdb/fdb.cluster文件里的访问密钥串。

cpu

所需的CPU,包括最小和最大,我这里最小都改成了1,因为本机资源不足。 实际场景根据资源情况调整。

memory

内存限制,同CPU,我最小的都改成了1G

replicas

副本数量,我单机,就改成了1。

完整的values.yaml的样例

[root@k8s-81 opt]# cat /opt/gcdw/helm/single_tenant/chart/values.yaml
# Default values for gcdw
global:
  cluster_domain: "cluster.local"
  image:
    registry: "172.16.3.249:8443"
    pullPolicy: Always
    imagePullSecrets: "gcdw-regcred"
  metadata:
    fdb_addr: "172.16.3.249:4550"
    fdb_cluster: "BougYK7P:jFV4Ipbn@172.16.3.249:4500"
  privatePlatform: true
# gcdw operator values-------------
operator:
  enabled: true
  image:
    repository: gcdw/gcdw-operator
    tag: 9.8.0.3.5
  replicas: 1
  leaderElect: true
  resources:
    requests:
      cpu: 1
      memory: 1Gi
    limits:
      cpu: 2
      memory: 2Gi
# gcdw server values-------------------
server:
  image:
    repository: gcdw/gcdw-server
    tag: 9.8.0.3.5
  gcware_replicas: 1
  coordinator_replicas: 1
  gcware_resource:
      request:
        cpu: "1"
        mem: "1Gi"
      limit:
        cpu: "2"
        mem: 4Gi
  coordinator_resource:
      request:
        cpu: "1"
        mem: 1Gi
      limit:
        cpu: "4"
        mem: 16Gi
  warehouse_resource:
      request:
        cpu: "1"
        mem: 1Gi
      limit:
        cpu: "16"
        mem: 32Gi
# gcdw saas values--------------------
saas:
  enabled: true
  image:
    frontend:
      repository: gcdw/clound-database-frontend
      tag: 9.8.0.3.5
    backend:
      repository: gcdw/clound-database-backend
      tag: 9.8.0.3.5
    redis:
      repository: gcdw/redis
      tag: latest
    vsftpd:
      repository: gcdw/vsftpd
      tag: latest
  replicas:
    frontend: 1
    backend:  1
    redis: 1
    vsftpd: 1
  webServicePort: 32143
# logging system setting
logging:
  enabled: false
  filebeatImage: ""
  filebeatOutput:
    output.elasticsearch:
      hosts:
      - ""
      username: ""
      password: ""
      index: 'gcdw-${MY_POD_NAMESPACE}-${MY_POD_NAME}-log-%{+yyyy.MM.dd}'
  logrotateImage: "gcdw/gcdw-logrotate"
# persistant storage setting
storage:
  enabled: false
  storageClass: "rook-ceph-block"
  storageSize: "1Gi"
# node affinity setting
nodeAffinitySchedule:
  cloudServiceAffinity:
    key:  cloudService
    value: gcdw
  coordiantorServiceAffinity:
    key: coordinatorService
    value: gcdw
  warehouseServiceAffinity:
    key: warehouseService
    value: gcdw
[root@k8s-81 opt]#

在 kubernetes 上创建自定义资源

运行目录就在chart的目录下

[root@k8s-81 single_tenant]# kubectl apply -f crds
customresourcedefinition.apiextensions.k8s.io/coordinators.gcdw.gbase.cn created
customresourcedefinition.apiextensions.k8s.io/warehouses.gcdw.gbase.cn created
[root@k8s-81 single_tenant]# 

使用 helm 安装 GCDW 实例

[root@k8s-81 single_tenant]# ./bin/helm install gcdw chart -n gcdw
NAME: gcdw
LAST DEPLOYED: Thu Feb 23 16:03:05 2023
NAMESPACE: gcdw
STATUS: deployed
REVISION: 1
TEST SUITE: None
[root@k8s-81 single_tenant

查看安装状态

[root@k8s-81 single_tenant]# ./bin/helm ls -n gcdw
NAME    NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                           APP VERSION
gcdw    gcdw            1               2023-05-30 17:12:42.354513312 +0800 CST deployed        gcdw-single-tenancy-9.8.0.3.5
[root@k8s-81 single_tenant]#

查看在 gcdw 命名空间下已安装的 helm 项目

其中几个基础服务,只有gcdw-operator、gcdw-saas-backend和gcdw-saas-frontend会运行,其它的要在创建用户后,才会自动启动服务。

注意POD的状态,会先下载镜像,再启动服务,最后才是Running状态。

WEB访问端口为32143。

[root@vm248 gcdw_9.8.0.3.5]# kubectl get all -n gccdw
No resources found in gccdw namespace.
[root@vm248 gcdw_9.8.0.3.5]# kubectl get all -n gcdw
NAME                                READY   STATUS    RESTARTS        AGE
pod/gcdw-ftp-0                      1/1     Running   0               3h39m
pod/gcdw-operator-b66b7b698-xhc88   1/1     Running   0               3h39m
pod/gcdw-redis-0                    1/1     Running   0               3h39m
pod/gcdw-saas-backend-0             1/1     Running   0               3h39m
pod/gcdw-saas-frontend-0            1/1     Running   3 (3h39m ago)   3h39m
NAME                         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
service/gcdw-1               NodePort    10.106.10.223   <none>        5258:32045/TCP   3h35m
service/gcdw-ftp             ClusterIP   None            <none>        21/TCP           3h39m
service/gcdw-redis           ClusterIP   10.101.28.232   <none>        6378/TCP         3h39m
service/gcdw-saas-backend    ClusterIP   None            <none>        8082/TCP         3h39m
service/gcdw-saas-frontend   NodePort    10.105.208.82   <none>        80:32143/TCP     3h39m
service/gcware               ClusterIP   None            <none>        5919/TCP         3h35m
NAME                            READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/gcdw-operator   1/1     1            1           3h39m
NAME                                      DESIRED   CURRENT   READY   AGE
replicaset.apps/gcdw-operator-b66b7b698   1         1         1       3h39m
NAME                                  READY   AGE
statefulset.apps/gcdw-1               1/1     3h35m
statefulset.apps/gcdw-ftp             1/1     3h39m
statefulset.apps/gcdw-redis           1/1     3h39m
statefulset.apps/gcdw-saas-backend    1/1     3h39m
statefulset.apps/gcdw-saas-frontend   1/1     3h39m
statefulset.apps/gcware               1/1     3h35m
[root@vm248 gcdw_9.8.0.3.5]#

检查POD运行状态

如果状态一直不能变成Running,可以用describe查看状态。 其它命令请参考kubectl手册。常见的包括log查看日志, exec等。

[root@vm248 gcdw_9.8.0.3.5]# kubectl describe pods gcdw-saas-frontend-0 -n gcdw
Name:             gcdw-saas-frontend-0
Namespace:        gcdw
Priority:         0
Service Account:  default
Node:             vm248/172.16.3.248
Start Time:       Sun, 26 Feb 2023 21:56:32 -0800
Labels:           app=gcdw-saas-frontend
                  controller-revision-hash=gcdw-saas-frontend-74c459fc55
                  statefulset.kubernetes.io/pod-name=gcdw-saas-frontend-0
Annotations:      <none>
Status:           Running
IP:               10.244.0.56
IPs:
  IP:           10.244.0.56
Controlled By:  StatefulSet/gcdw-saas-frontend
Containers:
  gcdw-saas-frontend:
    Container ID:  containerd://a5cad831f609f1b6c32ae5d00201aec969a8bbc81c67ae5bc86ef686cc7ebe6f
    Image:         172.16.3.249:8443/gcdw/clound-database-frontend:9.8.0.3.5
    Image ID:      172.16.3.249:8443/gcdw/clound-database-frontend@sha256:19986c92474cd6dce5781f976b32364f1275064ee79e67cdea19900f24403f04
    Port:          80/TCP
    Host Port:     0/TCP
    Command:
      nginx
      -g
      daemon off;
    State:          Running
      Started:      Sun, 26 Feb 2023 21:57:17 -0800
    Last State:     Terminated
      Reason:       Error
      Exit Code:    1
      Started:      Sun, 26 Feb 2023 21:56:51 -0800
      Finished:     Sun, 26 Feb 2023 21:56:51 -0800
    Ready:          True
    Restart Count:  3
    Environment:    <none>
    Mounts:
      /etc/nginx/nginx.conf from frontend (rw,path="nginx.conf")
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-pfg64 (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  frontend:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      gcdw-saas-frontend
    Optional:  false
  kube-api-access-pfg64:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:                      <none>
[root@vm248 gcdw_9.8.0.3.5]#

登录web终端

http://10.0.2.81:32143