南大通用GCDW K8S 9.8.0.4.1多租户版本介绍

对比于9.8.0.3.5的GCDW, 9.8.0.4.1支持多租户,其配置也有了些许的变动。

主配置文件 values.yaml

multiTenantMode

开启多租户模式。租户,就是云际界面注册时的【账号】(租户)。请注意区分账号和【管理员用户名】的区别。用户是附属于账号下的,一个账号可以有很多用户。

在多租户模式下,每个【账号/租户】,将使用独立的namespace。9.8.0.3.5老版本的默认namespace是gcdw。

如下是一个gcdw401租户的资源使用情况。每个租户下,各自有管理服务(gcware),调度服务(coordinator)以及计算服务(本例是2个计算资源的名字为ss的warehouse)

[root@k8s-81 chart]# kubectl get all -n gcdw401 -o wide
NAME                  READY   STATUS    RESTARTS   AGE   IP             NODE     NOMINATED NODE   READINESS GATES
pod/coordinator-1-0   1/1     Running   0          16h   10.244.1.77    k8s-82   <none>           <none>
pod/gcware-0          1/1     Running   0          16h   10.244.0.121   k8s-81   <none>           <none>
pod/s2-c1-0           1/1     Running   0          15h   10.244.0.122   k8s-81   <none>           <none>
pod/s2-c1-1           1/1     Running   0          15h   10.244.1.78    k8s-82   <none>           <none>

NAME                    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE   SELECTOR
service/coordinator-1   NodePort    10.106.135.43   <none>        5258:32195/TCP   16h   app=gcdw,index=1,service=coordinator,tenant=gcdw401
service/gcware          ClusterIP   None            <none>        5919/TCP         16h   app=gcdw,service=gcware,tenant=gcdw401
service/s2-c1           ClusterIP   10.97.170.191   <none>        5050/TCP         15h   app=gcdw,service=warehosue,tenant=gcdw401,wh_name=s2-c1

NAME                             READY   AGE   CONTAINERS    IMAGES
statefulset.apps/coordinator-1   1/1     16h   coordinator   172.16.3.249:8443/gcdw/gcdw-server:9.8.0.4.1
statefulset.apps/gcware          1/1     16h   gcware        172.16.3.249:8443/gcdw/gcdw-server:9.8.0.4.1
statefulset.apps/s2-c1           2/2     15h   s2-c1         172.16.3.249:8443/gcdw/gcdw-server:9.8.0.4.1
[root@k8s-81 chart]#

如下是默认的gcdw,和另外2个租户gcdwb4和gcdw401的pod信息

其中云际前后台,operator,redis,ftp等服务,都运行在了默认的gcdw下面。其它的都是租户自己的。

[root@k8s-81 chart]# kubectl get pod -n gcdw -o wide
NAME                             READY   STATUS    RESTARTS   AGE   IP            NODE     NOMINATED NODE   READINESS GATES
gcdw-ftp-0                       1/1     Running   0          15h   10.244.2.55   k8s-83   <none>           <none>
gcdw-operator-67cf7c7bf7-dfhkd   1/1     Running   0          15h   10.244.1.84   k8s-82   <none>           <none>
gcdw-redis-0                     1/1     Running   0          15h   10.244.2.56   k8s-83   <none>           <none>
gcdw-saas-backend-0              1/1     Running   0          15h   10.244.2.54   k8s-83   <none>           <none>
gcdw-saas-frontend-0             1/1     Running   0          15h   10.244.2.57   k8s-83   <none>           <none>
[root@k8s-81 chart]# kubectl get pod -n gcdw401 -o wide
NAME              READY   STATUS    RESTARTS   AGE   IP             NODE     NOMINATED NODE   READINESS GATES
coordinator-1-0   1/1     Running   0          16h   10.244.1.77    k8s-82   <none>           <none>
gcware-0          1/1     Running   0          16h   10.244.0.121   k8s-81   <none>           <none>
s2-c1-0           1/1     Running   0          16h   10.244.0.122   k8s-81   <none>           <none>
s2-c1-1           1/1     Running   0          16h   10.244.1.78    k8s-82   <none>           <none>
[root@k8s-81 chart]# kubectl get pod -n gcdwb5 -o wide
NAME              READY   STATUS    RESTARTS   AGE   IP             NODE     NOMINATED NODE   READINESS GATES
coordinator-1-0   1/1     Running   0          15h   10.244.0.124   k8s-81   <none>           <none>
gcware-0          1/1     Running   0          15h   10.244.2.48    k8s-83   <none>           <none>
[root@k8s-81 chart]#

多租户下,需要额外配置镜像服务。如果是需要安全认证的,也需要设置用户名和密码

  # Tenant mode for gcdw, true: multiple-tenant; false: single-tenant
  multiTenantMode:
    enabled: true
    imageRegistry:
      server: "172.16.3.249:8443"
      username: "admin"
      password: "XXXXX"

foundation db metadata

只保留了一个fdb_cluster参数。

  # fdb setting
  metadata:
    fdb_cluster: "QdBWBJdf:S6QntDRlFdhyBstGIZnnQd6vVjf0ytAB@10.0.2.81:4500,10.0.2.82:4500,10.0.2.83:4500"

kerberos setting

看配置,支持kerberos认证,但我目前还不会用这个新功能。

  # kerberos setting
  kerberos:
    enabled: true

Namespace label setting

未测试。但看名字,是为了避免新生成的namespace和已有的冲突,做了个【前缀】?

  # # Namespace label setting
  # namespaceLabel: "Organization=gcdw"

完整配置文件样例

里面的内存,CPU和副本,我已经都改成了最小值。

[root@k8s-81 chart]# cat values.yaml
# Default values for gcdw.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

global:
  # images setting
  image:
    registry: "172.16.3.249:8443"
    pullPolicy: Always
    imagePullSecrets: "gcdw-regcred"

  # Tenant mode for gcdw, true: multiple-tenant; false: single-tenant
  multiTenantMode:
    enabled: true
    imageRegistry:
      server: "172.16.3.249:8443"
      username: "admin"
      password: "XXXXXX"

  # fdb setting
  metadata:
    fdb_cluster: "QdBWBJdf:S6QntDRlFdhyBstGIZnnQd6vVjf0ytAB@10.0.2.81:4500,10.0.2.82:4500,10.0.2.83:4500"

  # persistant storage setting for gcware
  storage:
    enabled: false

    storageClass: ""
    storageSize: ""

  # logging system setting
  logging:
    enabled: false

    filebeatImage: ""
    filebeatOutput:
      output.elasticsearch:
        hosts:
        - ""
        username: ""
        password: ""
        index: 'gcdw-${MY_POD_NAMESPACE}-${MY_POD_NAME}-log-%{+yyyy.MM.dd}'

    logrotateImage: "gcdw/gcdw-logrotate"

  # node affinity setting
  nodeAffinitySchedule:
    cloudServiceAffinity:
      key:  cloudService
      value: gcdw
    coordiantorServiceAffinity:
      key: coordinatorService
      value: gcdw
    warehouseServiceAffinity:
      key: warehouseService
      value: gcdw

  # kerberos setting
  kerberos:
    enabled: true

  # # Namespace label setting
  # namespaceLabel: "Organization=gcdw"

# gcdw operator values-------------
operator:
  enabled: true

  image:
    repository: gcdw/gcdw-operator
    tag: 9.8.0.4.1

  replicas: 1
  leaderElect: true

  resources:
    requests:
      cpu: 1
      memory: 1Gi
    limits:
      cpu: 2
      memory: 2Gi



# gcdw server values-------------------
server:
  image:
    repository: gcdw/gcdw-server
    tag: 9.8.0.4.1

  gcware_replicas: 1
  coordinator_replicas: 1

  gcware_resource:
      request:
        cpu: "1"
        mem: "1Gi"
      limit:
        cpu: "4"
        mem: 4Gi
  coordinator_resource:
      request:
        cpu: "1"
        mem: 1Gi
      limit:
        cpu: "4"
        mem: 16Gi
  warehouse_resource:
      request:
        cpu: "1"
        mem: 1Gi
      limit:
        cpu: "16"
        mem: 32Gi

# gcdw saas values--------------------
saas:
  enabled: true

  # set time zone env for saas-backend
  TZ: "Asia/Shanghai"

  image:
    frontend:
      repository: gcdw/clound-database-frontend
      tag: 9.8.0.4.1
    backend:
      repository: gcdw/clound-database-backend
      tag: 9.8.0.4.1
    redis:
      repository: gcdw/redis
      tag: latest
    vsftpd:
      repository: gcdw/vsftpd
      tag: latest

  replicas:
    frontend: 1
    backend:  1
    redis: 1
    vsftpd: 1

  webServicePort: 32144