k8s以StatefulSet方式部署consul集群:

public-service-ns.yaml

apiVersion: v1kind: Namespacemetadata:
  name: public-service

consul-server.yaml

apiVersion: extensions/v1beta1kind: Ingressmetadata:
  name: consul  namespace: public-servicespec:
  rules:
    - host: consul.lzxlinux.com      http:
        paths:
          - path: /            backend:
              serviceName: consul-ui              servicePort: 80---apiVersion: v1kind: Servicemetadata:
  name: consul-ui  namespace: public-service  labels:
    app: consul    component: serverspec:
  selector:
    app: consul  ports:
    - name: http      port: 80
      targetPort: 8500
      ---apiVersion: v1kind: Servicemetadata:
  name: consul-dns  namespace: public-service  labels:
    app: consul    component: dnsspec:
  selector:
    app: consul  ports:
    - name: dns-tcp      protocol: TCP      port: 53
      targetPort: dns-tcp    - name: dns-udp      protocol: UDP      port: 53
      targetPort: dns-udp      
---apiVersion: v1kind: Servicemetadata:
  name: consul-server  namespace: public-service  labels:
    app: consul    component: serverspec:
  selector:
    app: consul    component: server  ports:
    - name: http      port: 8500
      targetPort: 8500
    - name: dns-tcp      protocol: TCP      port: 8600
      targetPort: dns-tcp    - name: dns-udp      protocol: "UDP"
      port: 8600
      targetPort: dns-udp    - name: serflan-tcp      protocol: TCP      port: 8301
      targetPort: 8301
    - name: serflan-udp      protocol: UDP      port: 8301
      targetPort: 8302
    - name: serfwan-tcp      protocol: TCP      port: 8302
      targetPort: 8302
    - name: serfwan-udp      protocol: UDP      port: 8302
      targetPort: 8302
    - name: server      port: 8300
      targetPort: 8300
  publishNotReadyAddresses: true
  clusterIP: None      
---apiVersion: v1kind: ConfigMapmetadata:
  name: consul-server-config  namespace: public-servicedata:---apiVersion: policy/v1beta1kind: PodDisruptionBudgetmetadata:
  name: consul-server  namespace: public-servicespec:
  selector:
    matchLabels:
      app: consul      component: server  minAvailable: 2
  ---apiVersion: apps/v1kind: StatefulSetmetadata:
  name: consul-server  namespace: public-servicespec:
  serviceName: consul-server  replicas: 3
  updateStrategy:
    type: RollingUpdate  selector:
    matchLabels:
      app: consul      component: server  template:
    metadata:
      labels:
        app: consul        component: server    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: "componment"
                    operator: In                    values:
                    - server              topologyKey: "kubernetes.io/hostname"
      terminationGracePeriodSeconds: 10
      containers:
      - name: consul        image: consul:latest        imagePullPolicy: IfNotPresent        ports:
        - containerPort: 8500
          name: http        - containerPort: 8600
          name: dns-tcp          protocol: TCP        - containerPort: 8600
          name: dns-udp          protocol: UDP        - containerPort: 8301
          name: serflan        - containerPort: 8302
          name: serfwan        - containerPort: 8300
          name: server        env:
        - name: POD_IP          valueFrom:
            fieldRef:
              fieldPath: status.podIP        - name: NAMESPACE          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace        args:
        - "agent"
        - "-server"
        - "-advertise=$(POD_IP)"
        - "-bind=0.0.0.0"
        - "-bootstrap-expect=3"
        - "-datacenter=dc1"
        - "-config-dir=/consul/userconfig"
        - "-data-dir=/consul/data"
        - "-disable-host-node-id"
        - "-domain=cluster.local"
        - "-retry-join=consul-server-0.consul-server.$(NAMESPACE).svc.cluster.local"
        - "-client=0.0.0.0"
        - "-ui"
        resources:
          limits:
            cpu: "100m"
            memory: "128Mi"
          requests:
            cpu: "100m"
            memory: "128Mi"
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh              - -c              - consul leave        volumeMounts:
        - name: data          mountPath: /consul/data        - name: user-config          mountPath: /consul/userconfig      volumes:
      - name: user-config        configMap:
          name: consul-server-config      - name: data        emptyDir: {}
      securityContext:
        fsGroup: 1000
        #  volumeClaimTemplates:#  - metadata:#      name: data#    spec:#      accessModes:#        - ReadWriteMany#      storageClassName: "gluster-heketi-2"#      resources:#        requests:#          storage: 10Gi

consul-client.yaml

apiVersion: v1kind: ConfigMapmetadata:
  name: consul-client-config  namespace: public-servicedata:---apiVersion: apps/v1kind: DaemonSetmetadata:
  name: consul  namespace: public-servicespec:
  selector:
    matchLabels:
      app: consul      component: client  template:
    metadata:
      labels:
        app: consul        component: client    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: "componment"
                    operator: In                    values:
                    - client              topologyKey: "kubernetes.io/hostname"
      terminationGracePeriodSeconds: 10
      containers:
      - name: consul        image: consul:latest        imagePullPolicy: IfNotPresent        ports:
        - containerPort: 8500
          name: http        - containerPort: 8600
          name: dns-tcp          protocol: TCP        - containerPort: 8600
          name: dns-udp          protocol: UDP        - containerPort: 8301
          name: serflan        - containerPort: 8302
          name: serfwan        - containerPort: 8300
          name: server        env:
        - name: POD_IP          valueFrom:
            fieldRef:
              fieldPath: status.podIP        - name: NAMESPACE          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace        args:
        - "agent"
        - "-advertise=$(POD_IP)"
        - "-bind=0.0.0.0"
        - "-datacenter=dc1"
        - "-config-dir=/consul/userconfig"
        - "-data-dir=/consul/data"
        - "-disable-host-node-id=true"
        - "-domain=cluster.local"
        - "-retry-join=consul-server-0.consul-server.$(NAMESPACE).svc.cluster.local"
        - "-client=0.0.0.0"
        resources:
          limits:
            cpu: "50m"
            memory: "32Mi"
          requests:
            cpu: "50m"
            memory: "32Mi"
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh              - -c              - consul leave        volumeMounts:
        - name: data          mountPath: /consul/data        - name: user-config          mountPath: /consul/userconfig      volumes:
      - name: user-config        configMap:
          name: consul-client-config      - name: data        emptyDir: {}
      securityContext:
        fsGroup: 1000#  volumeClaimTemplates:#  - metadata:#      name: data#    spec:#      accessModes:#        - ReadWriteMany#      storageClassName: "gluster-heketi-2"#      resources:#        requests:#          storage: 10Gi


  • PodDisruptionBudget:

k8s可以为每个应用程序创建 PodDisruptionBudget 对象(PDB)。PDB 将限制在同一时间因资源干扰导致的复制应用程序中宕机的 pod 数量。

可以通过两个参数来配置PodDisruptionBudget:

MinAvailable:表示最小可用Pod数,表示应用Pod集群处于运行状态的最小Pod数量,或者是运行状态的Pod数同总Pod数的最小百分比

MaxUnavailable:表示最大不可用Pod数,表示应用Pod集群处于不可用状态的最大Pod数,或者是不可用状态的Pod数同总Pod数的最大百分比

需要注意的是,MinAvailable参数和MaxUnavailable参数只能同时配置一个。

  • 部署:
kubectl apply -f public-service-ns.yaml

kubectl apply -f consul-server.yaml

kubectl get svc -n public-service

NAME            TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                                                                   AGE
consul-dns      ClusterIP   10.110.235.63   <none>        53/TCP,53/UDP                                                             85s
consul-server   ClusterIP   None            <none>        8500/TCP,8600/TCP,8600/UDP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP   85s
consul-ui       ClusterIP   10.98.220.223   <none>        80/TCP                                                                    85s


kubectl get pod -n public-service

NAME              READY   STATUS    RESTARTS   AGE
consul-server-0   1/1     Running   0          110s
consul-server-1   1/1     Running   0          107s
consul-server-2   1/1     Running   0          92s

  • 查看集群状态:
kubectl exec -n public-service consul-server-0 -- consul members

Node             Address              Status  Type    Build  Protocol  DC   Segment
consul-server-0  172.10.135.17:8301   alive   server  1.8.3  2         dc1  <all>consul-server-1  172.10.104.11:8301   alive   server  1.8.3  2         dc1  <all>consul-server-2  172.10.166.136:8301  alive   server  1.8.3  2         dc1  <all>

  • 访问ui:

添加hosts:consul.lzxlinux.com,访问consul.lzxlinux.com/ui

k8s部署consul集群_集群

可以看到:consul-server-0是leader,集群状态正常。

  • 加入client:
kubectl apply -f consul-client.yaml

kubectl get pod -n public-service

NAME              READY   STATUS    RESTARTS   AGE
consul-8wx22      1/1     Running   0          40s
consul-glmgs      1/1     Running   0          10s
consul-server-0   1/1     Running   0          30m
consul-server-1   1/1     Running   0          30m
consul-server-2   1/1     Running   0          30m
consul-vxbj7      1/1     Running   0          61s

kubectl exec -n public-service consul-server-0 -- consul members

Node             Address              Status  Type    Build  Protocol  DC   Segment
consul-server-0  172.10.135.17:8301   alive   server  1.8.3  2         dc1  <all>consul-server-1  172.10.104.11:8301   alive   server  1.8.3  2         dc1  <all>consul-server-2  172.10.166.136:8301  alive   server  1.8.3  2         dc1  <all>consul-8wx22     172.10.166.138:8301  alive   client  1.8.3  2         dc1  <default>consul-glmgs     172.10.135.19:8301   alive   client  1.8.3  2         dc1  <default>consul-vxbj7     172.10.104.13:8301   alive   client  1.8.3  2         dc1  <default>

k8s部署consul集群_k8s部署_02

至此,consul集群(3 server、3client)部署完成。已存放至个人github:kubernetes