官网有Helm方式的安装文档(https://www.consul.io/docs/platform/k8s/index.html)
一,准备工作:
1,k8s环境
2,nfs服务器
二,创建PV
nfs_pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: kingsun.nfs1
spec:
capacity:
storage: 1Gi
accessModes: ["ReadWriteMany","ReadWriteOnce","ReadOnlyMany"]
persistentVolumeReclaimPolicy: Recycle
storageClassName: nfs
nfs:
path: /mnt/nfsdata
server: 196.1.210.140---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kingsun.nfs2
spec:
capacity:
storage: 1Gi
accessModes: ["ReadWriteMany","ReadWriteOnce","ReadOnlyMany"]
persistentVolumeReclaimPolicy: Recycle
storageClassName: nfs
nfs:
path: /mnt/nfsdata
server: 196.1.210.140
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kingsun.nfs3
spec:
capacity:
storage: 1Gi
accessModes: ["ReadWriteMany","ReadWriteOnce","ReadOnlyMany"]
persistentVolumeReclaimPolicy: Recycle
storageClassName: nfs
nfs:
path: /mnt/nfsdata
server: 196.1.210.140
执行:kubectl apply -f nfs_pv.yaml 创建pv(PersistentVolume)
三,将Consul使用端口通过Service暴露
PortService.yaml
apiVersion: v1
kind: Service
metadata:
name: consul
labels:
name: consul
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http
port: 8500
targetPort: 8500
- name: https
port: 8443
targetPort: 8443
- name: rpc
port: 8400
targetPort: 8400
- name: serflan-tcp
protocol: "TCP"
port: 8301
targetPort: 8301
- name: serflan-udp
protocol: "UDP"
port: 8301
targetPort: 8301
- name: serfwan-tcp
protocol: "TCP"
port: 8302
targetPort: 8302
- name: serfwan-udp
protocol: "UDP"
port: 8302
targetPort: 8302
- name: server
port: 8300
targetPort: 8300
- name: consuldns
port: 8600
targetPort: 8600
selector:
app: consul
四,编辑ACL配置文件并保存到K8S ConfigMap
Acl.json
{"acl":{
"enabled":true,
"default_policy":"deny",
"enable_token_persistence":true,
"tokens":{
"master":"8dc1eb67-1f5f-4e10-ad9d-5e58b047647c",
"agent":"8dc1eb67-1f5f-4e10-ad9d-5e58b047647c"
}
}}
执行:kubectl create configmap –from-file Acl.json
查看configmap:kubectl get configmap -o yaml
PS G:\KingSun\Consul\Yaml> kubectl get configmap -o yaml
apiVersion: v1
items:
- apiVersion: v1
data:
Acl.json: "{\"acl\":{\r\n \"enabled\":true,\r\n \"default_policy\":\"deny\",\r\n
\"enable_token_persistence\":true,\r\n \"tokens\":{\r\n \"master\":\"8dc1eb67-1f5f-4e10-ad9d-5e58b047647c\",\r\n
\ \"agent\":\"8dc1eb67-1f5f-4e10-ad9d-5e58b047647c\"\r\n }\r\n}}"
kind: ConfigMap
metadata:
creationTimestamp: "2019-12-03T08:21:22Z"
name: consul-acl-config
namespace: default
resourceVersion: "771714"
selfLink: /api/v1/namespaces/default/configmaps/consul-acl-config
uid: 57507410-e0a2-4979-9c8b-731fe9dc62b8
kind: List
metadata:
resourceVersion: ""
selfLink: ""
五,编辑StateFulSet配置文件创建pod
StateFulSet.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: consul
spec:
selector:
matchLabels:
app: consul
serviceName: consul
replicas: 1
template:
metadata:
labels:
app: consul
spec:
#affinity:
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - consul
# topologyKey: kubernetes.io/hostname
terminationGracePeriodSeconds: 10
volumes:
- name: config
configMap:
name: consul-acl-config
containers:
- name: consul
image: consul:latest
volumeMounts:
- name: config
mountPath: /consul/config
- name: data
mountPath: /consul/data
command:
- "/bin/sh"
- "-ec"
- |
exec /bin/consul agent \
-server \
-ui \
-advertise="$(PODIP)" \
-bind=0.0.0.0 \
-client=0.0.0.0 \
-bootstrap-expect=1 \
-data-dir=/consul/data \
-domain=cluster.local \
-retry-join=consul-0.consul.$(NAMESPACE).svc.cluster.local \
-disable-host-node-id \
-datacenter=ks \
-config-file=/consul/config/Acl.json
env:
- name: PODIP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- containerPort: 8500
name: ui-port
- containerPort: 8400
name: alt-port
- containerPort: 53
name: udp-port
- containerPort: 8443
name: https-port
- containerPort: 8080
name: http-port
- containerPort: 8301
name: serflan
- containerPort: 8302
name: serfwan
- containerPort: 8600
name: consuldns
- containerPort: 8300
name: server
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
storageClassName: nfs
执行:kubectl apply -f StateFulSet.yaml
查看consul pod日志:kubectl logs consul-0
查看StateFulSet启动日志:kubectl describe StateFulSet consul
六,通过NodePort Service暴露consul ui
UiService.yaml
apiVersion: v1
kind: Service
metadata:
name: consul-ui
labels:
app: consul
spec:
selector:
app: consul
ports:
- name: consul-port
protocol: TCP
port: 80
nodePort: 32000
targetPort: 8500
type: NodePort
七,打开ui
先点击”acl”输入Acl.json中定义的master_token