对比于9.8.0.3.5的GCDW, 9.8.0.4.1支持多租户,其配置也有了些许的变动。
目录导航
主配置文件 values.yaml
multiTenantMode
开启多租户模式。租户,就是云际界面注册时的【账号】(租户)。请注意区分账号和【管理员用户名】的区别。用户是附属于账号下的,一个账号可以有很多用户。
在多租户模式下,每个【账号/租户】,将使用独立的namespace。9.8.0.3.5老版本的默认namespace是gcdw。
如下是一个gcdw401租户的资源使用情况。每个租户下,各自有管理服务(gcware),调度服务(coordinator)以及计算服务(本例是2个计算资源的名字为ss的warehouse)
[root@k8s-81 chart]# kubectl get all -n gcdw401 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/coordinator-1-0 1/1 Running 0 16h 10.244.1.77 k8s-82 <none> <none>
pod/gcware-0 1/1 Running 0 16h 10.244.0.121 k8s-81 <none> <none>
pod/s2-c1-0 1/1 Running 0 15h 10.244.0.122 k8s-81 <none> <none>
pod/s2-c1-1 1/1 Running 0 15h 10.244.1.78 k8s-82 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/coordinator-1 NodePort 10.106.135.43 <none> 5258:32195/TCP 16h app=gcdw,index=1,service=coordinator,tenant=gcdw401
service/gcware ClusterIP None <none> 5919/TCP 16h app=gcdw,service=gcware,tenant=gcdw401
service/s2-c1 ClusterIP 10.97.170.191 <none> 5050/TCP 15h app=gcdw,service=warehosue,tenant=gcdw401,wh_name=s2-c1
NAME READY AGE CONTAINERS IMAGES
statefulset.apps/coordinator-1 1/1 16h coordinator 172.16.3.249:8443/gcdw/gcdw-server:9.8.0.4.1
statefulset.apps/gcware 1/1 16h gcware 172.16.3.249:8443/gcdw/gcdw-server:9.8.0.4.1
statefulset.apps/s2-c1 2/2 15h s2-c1 172.16.3.249:8443/gcdw/gcdw-server:9.8.0.4.1
[root@k8s-81 chart]#
如下是默认的gcdw,和另外2个租户gcdwb4和gcdw401的pod信息
其中云际前后台,operator,redis,ftp等服务,都运行在了默认的gcdw下面。其它的都是租户自己的。
[root@k8s-81 chart]# kubectl get pod -n gcdw -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
gcdw-ftp-0 1/1 Running 0 15h 10.244.2.55 k8s-83 <none> <none>
gcdw-operator-67cf7c7bf7-dfhkd 1/1 Running 0 15h 10.244.1.84 k8s-82 <none> <none>
gcdw-redis-0 1/1 Running 0 15h 10.244.2.56 k8s-83 <none> <none>
gcdw-saas-backend-0 1/1 Running 0 15h 10.244.2.54 k8s-83 <none> <none>
gcdw-saas-frontend-0 1/1 Running 0 15h 10.244.2.57 k8s-83 <none> <none>
[root@k8s-81 chart]# kubectl get pod -n gcdw401 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coordinator-1-0 1/1 Running 0 16h 10.244.1.77 k8s-82 <none> <none>
gcware-0 1/1 Running 0 16h 10.244.0.121 k8s-81 <none> <none>
s2-c1-0 1/1 Running 0 16h 10.244.0.122 k8s-81 <none> <none>
s2-c1-1 1/1 Running 0 16h 10.244.1.78 k8s-82 <none> <none>
[root@k8s-81 chart]# kubectl get pod -n gcdwb5 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coordinator-1-0 1/1 Running 0 15h 10.244.0.124 k8s-81 <none> <none>
gcware-0 1/1 Running 0 15h 10.244.2.48 k8s-83 <none> <none>
[root@k8s-81 chart]#
多租户下,需要额外配置镜像服务。如果是需要安全认证的,也需要设置用户名和密码
# Tenant mode for gcdw, true: multiple-tenant; false: single-tenant
multiTenantMode:
enabled: true
imageRegistry:
server: "172.16.3.249:8443"
username: "admin"
password: "XXXXX"foundation db metadata
只保留了一个fdb_cluster参数。
# fdb setting
metadata:
fdb_cluster: "QdBWBJdf:S6QntDRlFdhyBstGIZnnQd6vVjf0ytAB@10.0.2.81:4500,10.0.2.82:4500,10.0.2.83:4500"kerberos setting
看配置,支持kerberos认证,但我目前还不会用这个新功能。
# kerberos setting
kerberos:
enabled: trueNamespace label setting
未测试。但看名字,是为了避免新生成的namespace和已有的冲突,做了个【前缀】?
# # Namespace label setting
# namespaceLabel: "Organization=gcdw"完整配置文件样例
里面的内存,CPU和副本,我已经都改成了最小值。
[root@k8s-81 chart]# cat values.yaml
# Default values for gcdw.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
# images setting
image:
registry: "172.16.3.249:8443"
pullPolicy: Always
imagePullSecrets: "gcdw-regcred"
# Tenant mode for gcdw, true: multiple-tenant; false: single-tenant
multiTenantMode:
enabled: true
imageRegistry:
server: "172.16.3.249:8443"
username: "admin"
password: "XXXXXX"
# fdb setting
metadata:
fdb_cluster: "QdBWBJdf:S6QntDRlFdhyBstGIZnnQd6vVjf0ytAB@10.0.2.81:4500,10.0.2.82:4500,10.0.2.83:4500"
# persistant storage setting for gcware
storage:
enabled: false
storageClass: ""
storageSize: ""
# logging system setting
logging:
enabled: false
filebeatImage: ""
filebeatOutput:
output.elasticsearch:
hosts:
- ""
username: ""
password: ""
index: 'gcdw-${MY_POD_NAMESPACE}-${MY_POD_NAME}-log-%{+yyyy.MM.dd}'
logrotateImage: "gcdw/gcdw-logrotate"
# node affinity setting
nodeAffinitySchedule:
cloudServiceAffinity:
key: cloudService
value: gcdw
coordiantorServiceAffinity:
key: coordinatorService
value: gcdw
warehouseServiceAffinity:
key: warehouseService
value: gcdw
# kerberos setting
kerberos:
enabled: true
# # Namespace label setting
# namespaceLabel: "Organization=gcdw"
# gcdw operator values-------------
operator:
enabled: true
image:
repository: gcdw/gcdw-operator
tag: 9.8.0.4.1
replicas: 1
leaderElect: true
resources:
requests:
cpu: 1
memory: 1Gi
limits:
cpu: 2
memory: 2Gi
# gcdw server values-------------------
server:
image:
repository: gcdw/gcdw-server
tag: 9.8.0.4.1
gcware_replicas: 1
coordinator_replicas: 1
gcware_resource:
request:
cpu: "1"
mem: "1Gi"
limit:
cpu: "4"
mem: 4Gi
coordinator_resource:
request:
cpu: "1"
mem: 1Gi
limit:
cpu: "4"
mem: 16Gi
warehouse_resource:
request:
cpu: "1"
mem: 1Gi
limit:
cpu: "16"
mem: 32Gi
# gcdw saas values--------------------
saas:
enabled: true
# set time zone env for saas-backend
TZ: "Asia/Shanghai"
image:
frontend:
repository: gcdw/clound-database-frontend
tag: 9.8.0.4.1
backend:
repository: gcdw/clound-database-backend
tag: 9.8.0.4.1
redis:
repository: gcdw/redis
tag: latest
vsftpd:
repository: gcdw/vsftpd
tag: latest
replicas:
frontend: 1
backend: 1
redis: 1
vsftpd: 1
webServicePort: 32144