本文描述如何通过 Rancher2.0 部署 kubernetes 集群,并将 EMQ X 部署到 kubernetes 集群上
实验环境:
- 公有云环境:AWS EC2
- 操作系统:ubuntu 16.04
- Docker version:18.09.0
通过 Rancher 部署 kubernetes 集群
Rancher 的安装以及部署 kubernetes 集群的步骤推荐直接按照快速入门执行。
创建 Rancher Api 密钥
EMQ X 通过访问 kube-apiserver 来实现自动集群功能,在 Rancher 中,Rancher 对 kube-apiserver 做了一层代理,在访问 kube-apiserver 的时候必须提供用于向 Rancher 进行身份验证的 API 密钥。参考用户手册创建并保存 API Key。本实验中创建的 Access Key 为:token-dksbl,Secret Key 为:pshhhf5cp8d5v5x7bzjdm82qfrwgx7f2bzksnr748j42xmbvvklbdz,组合成的 Token 为:token-dksbl:pshhhf5cp8d5v5x7bzjdm82qfrwgx7f2bzksnr748j42xmbvvklbdz
下载并配置 kubectl
- 下载并安装 kubectl
- 进入 Rancher 集群页面,点击 Kubeconfig 文件。
将 kubeconfig 文件保存到~/.kube/config
执行 kubectl cluster-info 验证配置是否成功
$ kubectl cluster-infoKubernetes master is running at https://13.125.244.172/k8s/clusters/c-vvgjq
KubeDNS is running at https://13.125.244.172/k8s/clusters/c-vvgjq/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.访问 kube-apiserver
EMQ X 通过访问 kube-apiserver 来实现自动集群,kube-apiserver 的地址可以查看 ~/.ssh/config 文件或者执行 kubectl cluster-info 获取,本实验中 kube-apiserver 的地址为:https://13.125.244.172/k8s/clusters/c-vvgjq。
直接访问 kube-apiserver,可以看到会报错需要认证。
$ curl -k https://13.125.244.172/k8s/clusters/c-vvgjq{"type":"error","status":"401","message":"must authenticate"}在头部加上 Authorization 认证则可以正常访问
$ curl -k -H 'Authorization: Bearer token-dksbl:pshhhf5cp8d5v5x7bzjdm82qfrwgx7f2bzksnr748j42xmbvvklbdz' https://13.125.244.172/k8s/clusters/c-vvgjq编辑 emqx.yaml
在 Kubernetes 上安装 EMQ X 系列文章之二:EMQ X 自动集群一文中分享了 EMQ X 部署 kubernetes 集群的 yaml 文件如下,在 Rancher 上部署 EMQ X 集群的话需要稍加改动。
$cat emqx.yaml
apiVersion: v1
kind: Service
metadata:
name: emqx
spec:
ports:
- port: 32333
nodePort: 32333
targetPort: emqx-dashboard
protocol: TCP
selector:
app: emqx
type: NodePort
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: emqx
labels:
app: emqx
spec:
replicas: 2
template:
metadata:
labels:
app: emqx
spec:
containers:
- name: emqx
image: emqx/emqx:latest
ports:
- name: emqx-dashboard
containerPort: 18083
env:
- name: EMQX_CLUSTER__DISCOVERY
value: k8s
- name: EMQX_NAME
value: emqx
- name: EMQX_CLUSTER__K8S__APISERVER
value: http://172.31.19.161:8080
- name: EMQX_CLUSTER__K8S__NAMESPACE
value: default
- name: EMQX_CLUSTER__K8S__SERVICE_NAME
value: emqx
- name: EMQX_CLUSTER__K8S__ADDRESS_TYPE
value: ip
- name: EMQX_CLUSTER__K8S__APP_NAME
value: emqx
tty: trueEMQ X 可以读取 /var/run/secrets/kubernetes.io/serviceaccount/token 文件中的内容组合 Authorization 认证访问 kube-apiserver,所以只需要把 Rancher 的 API Token 通过 Secret 挂载到容器中就可以了。
Secret 解决了密码、token、密钥等敏感数据的配置问题,而不需要把这些敏感数据暴露到镜像或者 Pod Spec 中。Secret 可以以 Volume 或者环境变量的方式使用。
Secret 有三种类型:
- Service Account:用来访问 Kubernetes API,由 Kubernetes 自动创建,并且会自动挂载到 Pod 的
/run/secrets/kubernetes.io/serviceaccount目录中;- Opaque:base64 编码格式的 Secret,用来存储密码、密钥等;
- kubernetes.io/dockerconfigjson:用来存储私有 docker registry 的认证信息。
首先对 API Token 做 base64 编码
$ echo -n token-dksbl:pshhhf5cp8d5v5x7bzjdm82qfrwgx7f2bzksnr748j42xmbvvklbdz | base64 -w 0dG9rZW4tZGtzYmw6cHNoaGhmNWNwOGQ1djV4N2J6amRtODJxZnJ3Z3g3ZjJiemtzbnI3NDhqNDJ4bWJ2dmtsYmR6在 yaml 文件中创建 Secret
$vim emqx.yamlapiVersion: v1
kind: Secret
metadata:
name: emqx-secret
type: Opaque
data:
token: dG9rZW4tcGI2MjU6eDZ2eGJ0Y2NmdG1waGpseHR3NGNjdGN2d2txdzk5aDJzYmhxNHFtaDh4c2ZnbXd6dzJ0d2Rw
---
......修改 Deployment,将环境变量中的 EMQX_CLUSTER__K8S__APISERVER 改为 Rancher 的 Kube-apiserver 的地址,增加 volumeMounts
$vim emqx.yaml......
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: emqx
labels:
app: emqx
spec:
replicas: 2
template:
metadata:
labels:
app: emqx
spec:
volumes:
- name: emqx-secret
secret:
secretName: emqx-secret
containers:
- name: emqx
image: emqx/emqx:latest
ports:
- name: emqx-dashboard
containerPort: 18083
- name: emqx-http
containerPort: 8083
- name: emqx-mqtt
containerPort: 1883
env:
- name: EMQX_CLUSTER__DISCOVERY
value: k8s
- name: EMQX_NAME
value: emqx
- name: EMQX_CLUSTER__K8S__APISERVER
value: https://13.125.244.172/k8s/clusters/c-vvgjq
- name: EMQX_CLUSTER__K8S__NAMESPACE
value: default
- name: EMQX_CLUSTER__K8S__SERVICE_NAME
value: emqx
- name: EMQX_CLUSTER__K8S__ADDRESS_TYPE
value: ip
- name: EMQX_CLUSTER__K8S__APP_NAME
value: emqx
tty: true
volumeMounts:
- name: emqx-secret
mountPath: "/var/run/secrets/kubernetes.io/serviceaccount"
readOnly: true部署 EMQ X
查看修改后的 emqx.yaml
$cat emqx.yamlapiVersion: v1
kind: Secret
metadata:
name: emqx-secret
type: Opaque
data:
token: dG9rZW4tcGI2MjU6eDZ2eGJ0Y2NmdG1waGpseHR3NGNjdGN2d2txdzk5aDJzYmhxNHFtaDh4c2ZnbXd6dzJ0d2Rw
---
apiVersion: v1
kind: Service
metadata:
name: emqx
spec:
ports:
- port: 32333
nodePort: 32333
targetPort: emqx-dashboard
protocol: TCP
selector:
app: emqx
type: NodePort
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: emqx
labels:
app: emqx
spec:
replicas: 2
template:
metadata:
labels:
app: emqx
spec:
volumes:
- name: emqx-secret
secret:
secretName: emqx-secret
containers:
- name: emqx
image: emqx/emqx:latest
ports:
- name: emqx-dashboard
containerPort: 18083
- name: emqx-http
containerPort: 8083
- name: emqx-mqtt
containerPort: 1883
env:
- name: EMQX_CLUSTER__DISCOVERY
value: k8s
- name: EMQX_NAME
value: emqx
- name: EMQX_CLUSTER__K8S__APISERVER
value: https://13.125.244.172/k8s/clusters/c-vvgjq
- name: EMQX_CLUSTER__K8S__NAMESPACE
value: default
- name: EMQX_CLUSTER__K8S__SERVICE_NAME
value: emqx
- name: EMQX_CLUSTER__K8S__ADDRESS_TYPE
value: ip
- name: EMQX_CLUSTER__K8S__APP_NAME
value: emqx
tty: true
volumeMounts:
- name: emqx-secret
mountPath: "/var/run/secrets/kubernetes.io/serviceaccount"
readOnly: true部署 EMQ X
$ kubectl create -f emqx.yamlsecret/emqx-secret created
service/emqx created
deployment.extensions/emqx created查看状态
$ kubectl get podsNAME READY STATUS RESTARTS AGE
emqx-67b5fcf4d-gwzfn 1/1 Running 0 36s
emqx-67b5fcf4d-rb7m6 1/1 Running 0 36s集群成功
$ kubectl exec emqx-67b5fcf4d-gwzfn /opt/emqx/bin/emqx_ctl cluster statusCluster status: [{running_nodes,['emqx@10.42.1.24','emqx@10.42.2.19']}]使用 Rancher Dashboard 部署 EMQ X(可选)
删除刚刚部署的 EMQ X
$ kubectl delete -f emqx.yamlsecret "emqx-secret" deleted
service "emqx" deleted
deployment.extensions "emqx" deleted进入 Rancher 集群工作负载页面,点击导入 YAML
在导入页面将 emqx.yaml 文件的内容复制进去!
点击导入,等待导入成功。
更多信息请访问我们的官网 emqx.io,或关注我们的开源项目 github.com/emqx/emqx,详细文档请访问 官方文档。