前言:
helm是k8s的专有包管理器,使用helm的chart包可以快速简单的实现一个或者多个微服务的部署,好处太多在这就不说了,当然,坏处也是有的,就是定制化部署比较困难,因此,本次实验目的是通过下载的chart包,离线部署实现nfs的存储类实现,并在nfs的存储类实现的基础上,通过helm部署一个redis简单的集群。
实验步骤:
一,
首先,我们需要一个关于helm的nfs-client-provisioner的chart包,在此基础上将该包的内容做适当的修改,然后通过helm快递的部署一个nfs的存储类。
其次,需要一个redis的关于helm的chart包,不修改此包,直接通过helm快速部署一个简单的redis集群。
相关chart包以及镜像在以下链接:
链接:https://pan.baidu.com/s/1LXZRo1kmFE_5bsLZuc1X9A?pwd=k8ss
提取码:k8ss
二,helm的安装
这个比较简单了,上传NFS目录下的helm文件到服务器,放入系统环境变量内即可。命令是:
mv helm /usr/local/bin/ &&chmod a+x /usr/local/bin/helm
三,自定义 PROVISIONER
这一步需要修改chart文件nfs-client-provisioner-0.1.1.tgz,将该文件解压后,可以看到一个文件夹:
[root@master ~]# ls nfs-client-provisioner Chart.yaml templates values.yaml
编辑values.yaml这个文件(该文件是一个模板文件):
image: repository: registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner tag: v3.1.0-k8s1.11 pullPolicy: IfNotPresent strategy: type: Recreate storageClass: name: nfs-client-provisioner provisioner: nfs-client-provisioner archiveOnDelete: true
这个provisioner的值修改为自己想要的值即可。修改完毕后删除原tar包nfs-client-provisioner-0.1.1.tgz,重新使用helm打包即可。
rm -rf nfs-client-provisioner-0.1.1.tgz helm package ./nfs-client-provisioner
四,
在部署之前,需要将镜像registry.cn-shanghai.aliyuncs.com_c7n_nfs-client-provisioner_v3.1.0-k8s1.11.tar导入到集群各个节点内,导入命令为:
docker load <registry.cn-shanghai.aliyuncs.com_c7n_nfs-client-provisioner_v3.1.0-k8s1.11.tar
部署nfs的存储类
helm install nfs-client-provisioner ./nfs-client-provisioner-0.1.1.tgz --set rbac.create=true --set persistence.enabled=true --set storageClass.name=nfs-provisioner --set persistence.nfsServer=192.168.217.16 --set persistence.nfsPath=/data/nfs-sc --version 0.1.2 --namespace kube-system
参数说明:
--set storageClass.name=nfs-provisioner #这个值自定义 --set persistence.nfsServer=192.168.217.16 #这里是nfs服务器的IP地址,根据实际情况填写 --set persistence.nfsPath=/data/nfs-sc #这里是nfs服务的共享目录,也是根据实际填写,我定义的是/data/nfs-sc --set rbac.create=true #这个不能更改 --version 0.1.2 #这里的版本定义,可自定义 --namespace kube-system # namespace不要使用default,一般是设置为kube-system
helm非常的方便,一般部署服务都是一句话就搞定了,nfs的存储类部署也是同样的简单,下面做一个简单的测试:
(1)获取sc信息,验证提供者provisioner是否正确:
[root@master ~]# k get sc NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE nfs-provisioner (default) nfs-client-provisioner Delete Immediate false 21m
(2)
为了以后使用的方便,将该StorageClass设置为默认存储类:
kubectl patch storageclass nfs-provisioner -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
(3)
helm查看部署的是否正确:
[root@master ~]# helm list -A NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION nfs-client-provisioner kube-system 1 2022-07-17 17:49:21.281270901 +0800 CST deployed nfs-client-provisioner-0.1.1 v3.1.0-k8s1.11
(4)
查看nfs存储类的pod是否运行正常:
[root@master ~]# k get po -A |grep nfs kube-system nfs-client-provisioner-57c749cf94-s5vmr 1/1 Running 0 26m
五,安装redis集群:
这个就非常简单了,一条命令就可以了,因为是使用的默认设置,当然,也可以像nfs存储类一样,修改values.yaml 文件重新打包
解压redis的chart包:
tar zxf redis-16.4.1.tgz
镜像导入:
镜像导入:
registry.hand-china.com_tools_redis_6.2.6-debian-10-r120这个镜像在集群各个节点都导入,导入命令:
docker load <registry.hand-china.com_tools_redis_6.2.6-debian-10-r120
直接部署:
helm install redis ./redis --namespace kube-system
此命令输出如下:
NAME: redis LAST DEPLOYED: Sun Jul 17 17:54:25 2022 NAMESPACE: kube-system STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: CHART NAME: redis CHART VERSION: 16.4.1 APP VERSION: 6.2.6 ** Please be patient while the chart is being deployed ** Redis™ can be accessed on the following DNS names from within your cluster: redis-master.kube-system.svc.cluster.local for read/write operations (port 6379) redis-replicas.kube-system.svc.cluster.local for read-only operations (port 6379) To get your password run: export REDIS_PASSWORD=$(kubectl get secret --namespace kube-system redis -o jsonpath="{.data.redis-password}" | base64 --decode) To connect to your Redis™ server: 1. Run a Redis™ pod that you can use as a client: kubectl run --namespace kube-system redis-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image registry.hand-china.com/tools/redis:6.2.6-debian-10-r120 --command -- sleep infinity Use the following command to attach to the pod: kubectl exec --tty -i redis-client \ --namespace kube-system -- bash 2. Connect using the Redis™ CLI: REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-master REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-replicas To connect to your database from outside the cluster execute the following commands: kubectl port-forward --namespace kube-system svc/redis-master : & REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h 127.0.0.1 -p
单元测试:
(1)
查看pvc和pv是否正常:
[root@master ~]# k get pvc -A NAMESPACE NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE kube-system redis-data-redis-master-0 Bound pvc-0a788b58-a806-43ac-9c80-8d35684587d4 8Gi RWO nfs-provisioner 52m kube-system redis-data-redis-replicas-0 Bound pvc-cca6d8b0-1f2f-437a-bcdd-f978234cc551 8Gi RWO nfs-provisioner 52m kube-system redis-data-redis-replicas-1 Bound pvc-d2ec683c-9d18-4d91-9bb4-b7995814d76e 8Gi RWO nfs-provisioner 51m kube-system redis-data-redis-replicas-2 Bound pvc-ea3d3d4f-255b-493d-8406-d9c563054c08 8Gi RWO nfs-provisioner 51m [root@master ~]# k get pv -A NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE pvc-0a788b58-a806-43ac-9c80-8d35684587d4 8Gi RWO Delete Bound kube-system/redis-data-redis-master-0 nfs-provisioner 52m pvc-cca6d8b0-1f2f-437a-bcdd-f978234cc551 8Gi RWO Delete Bound kube-system/redis-data-redis-replicas-0 nfs-provisioner 52m pvc-d2ec683c-9d18-4d91-9bb4-b7995814d76e 8Gi RWO Delete Bound kube-system/redis-data-redis-replicas-1 nfs-provisioner 51m pvc-ea3d3d4f-255b-493d-8406-d9c563054c08 8Gi RWO Delete Bound kube-system/redis-data-redis-replicas-2 nfs-provisioner 51m
(2)
执行命令获取redis集群的密码:
[root@master ~]# kubectl get secret --namespace kube-system redis -o jsonpath="{.data.redis-password}" | base64 --decode u2vXM3RHVM
查看pod:
u2vXM3RHVM[root@master ~]# k get po -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-6c76c8bb89-tfcrm 1/1 Running 4 34d kube-system coredns-6c76c8bb89-vnlwg 1/1 Running 4 34d kube-system etcd-c7n.cnn 1/1 Running 4 34d kube-system kube-apiserver-c7n.cnn 1/1 Running 4 34d kube-system kube-controller-manager-c7n.cnn 1/1 Running 2 81m kube-system kube-flannel-ds-hgx56 1/1 Running 3 33h kube-system kube-flannel-ds-nwgv8 1/1 Running 3 33h kube-system kube-flannel-ds-r8ckj 1/1 Running 3 33h kube-system kube-proxy-7v5mj 1/1 Running 4 34d kube-system kube-proxy-mtttm 1/1 Running 4 34d kube-system kube-proxy-zwmwf 1/1 Running 4 34d kube-system kube-scheduler-c7n.cnn 1/1 Running 2 81m kube-system nfs-client-provisioner-57c749cf94-s5vmr 1/1 Running 0 60m kube-system redis-master-0 1/1 Running 0 55m kube-system redis-replicas-0 1/1 Running 0 55m kube-system redis-replicas-1 1/1 Running 0 54m kube-system redis-replicas-2 1/1 Running 0 54m
登录redis的master节点:
[root@master ~]# kubectl exec --tty -i redis-master-0 --namespace kube-system -- bash
命令输出如下:
1. [root@master ~]# kubectl exec --tty -i redis-master-0 --namespace kube-system -- bash 2. I have no name!
连接redis数据库(使用前面查询出来的密码登录该集群的master):
I have no name!@redis-master-0:/$ redis-cli -h redis-master -a u2vXM3RHVM Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe. redis-master:6379> auth u2vXM3RHVM OK redis-master:6379> set msg fuck OK redis-master:6379> get msg "fuck"
多说一句,如果想要固定redis集群的密码,可以修改values.yaml 文件的这一段:
global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: "" redis: password: ""1.
自定义的密码添加完毕后,使用helm重新打包这个文件夹即可,然后在重新安装,如果正常的话,集群将会使用自定义的固定密码,打包命令:
helm package ./redis/
重新打包后的安装命令是:
helm upgrade --install redis ./redis-16.4.1.tgz --namespace kube-system
