k8s部署consul集群

准备资源配置清单

• consul.yaml

# vim consul.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: consul
  namespace: demo
  labels:
    app: consul
    component: server
spec:
  serviceName: consul
  replicas: 3
  selector:
    matchLabels:
      app: consul
      component: server
  template:
    metadata:
      labels:
        app: consul
        component: server
    spec:
      imagePullSecrets:
        - name: harbor
      volumes:
      - name: host-time
        hostPath:
          path: /etc/localtime
      - name: config
        configMap:
          name: consul-config
      containers:
      - name: consul
        image: 10.166.33.110/infra/consul:1.9.2
        imagePullPolicy: IfNotPresent
        args:
          - "agent"
          - "-server"                  # 以server加入集群
          - "-bootstrap-expect=3"      # 组成集群预期需要的数量
          - "-config-dir=/etc/consul/config"                     #配置文件目录，所有以.json结尾的文件都会被加载，可以是服务或consul自身的配置
          - "-advertise=$(PODIP)"      # 节点地址
          - "-retry-join=consul-0.consul.$(NAMESPACE).svc.cluster.local"   # 对已知地址情况下，启动时加入的另一位代理的地址
          - "-retry-join=consul-1.consul.$(NAMESPACE).svc.cluster.local"
          - "-retry-join=consul-2.consul.$(NAMESPACE).svc.cluster.local"
        volumeMounts:
          - name: consul
            mountPath: /consul/data
          - name: host-time
            mountPath: /etc/localtime
          - name: config
            mountPath: /etc/consul/config
        env:
          - name: PODIP
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        ports:
          - containerPort: 8500     # HTTP API 及 Web UI
            name: http
          - containerPort: 8300     #  Server RPC，server 用于接受其他 agent 的请求
            name: server
          - containerPort: 8301     # Serf LAN，数据中心内 gossip 交换数据用
            name: serflan
          - containerPort: 8302     # Serf WAN，跨数据中心 gossip 交换数据用
            name: serfwan
          - containerPort: 8400     # CLI RPC，接受命令行的 RPC 调用
            name: cli-port
          - containerPort: 8600     # DNS 服务，可以把它配置到 53 端口来响应 dns 请求
            name: consuldns
  volumeClaimTemplates:
  - metadata:
      name: consul
      namespace: demo
    spec:
      accessModes:
        - ReadWriteMany
      resources:
        requests:
          storage: 5Gi
      storageClassName: nfs

• headless.yaml

apiVersion: v1
kind: Service
metadata:
  name: consul
  namespace: demo
  labels:
    name: consul
    component: server
spec:
  clusterIP: None
  ports:
    - name: http
      port: 8500
      targetPort: 8500
    - name: server
      port: 8300
      targetPort: 8300
    - name: serflan-tcp
      protocol: "TCP"
      port: 8301
      targetPort: 8301
    - name: serflan-udp
      protocol: "UDP"
      port: 8301
      targetPort: 8301
    - name: serfwan-tcp
      protocol: "TCP"
      port: 8302
      targetPort: 8302
    - name: serfwan-udp
      protocol: "UDP"
      port: 8302
      targetPort: 8302
    - name: cli-port
      port: 8400
      targetPort: 8400
    - name: consuldns
      port: 8600
      targetPort: 8600
  selector:
    app: consul
---
kind: Service
metadata:
  name: consul-web
  namespace: demo
  labels:
    name: consul
    component: server
spec:
  ports:
    - name: http
      protocol: TCP
      port: 8500
      targetPort: 8500
    - name: server
      protocol: TCP
      port: 8300
      targetPort: 8300
    - name: serflan-tcp
      protocol: TCP
      port: 8301
      targetPort: 8301
    - name: serflan-udp
      protocol: UDP
      port: 8301
      targetPort: 8301
    - name: serfwan-tcp
      protocol: TCP
      port: 8302
      targetPort: 8302
    - name: serfwan-udp
      protocol: UDP
      port: 8302
      targetPort: 8302
    - name: cli-port
      port: 8400
      targetPort: 8400
    - name: consuldns
      protocol: TCP
      port: 8600
      targetPort: 8600
  selector:
    app: consul
  type: ClusterIP

• config.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: consul-config
  namespace: demo
data:
  server.json: |
    {
      "bind_addr": "0.0.0.0",           // 应为内部集群通信绑定的地址
      "client_addr": "0.0.0.0",         // consul绑定客户端接口的地址
      "disable_host_node_id": true,     // 将此设置为true将阻止Consul使用来自主机的信息生成确定性节点标识，并将生成随机节点标识，该标识将保留在数据目录中
      "data_dir": "/consul/data",       // consul持久化数据存储位置
      "datacenter": "shisuyun",         // 数据中心名称
      "bootstrap_expect": 3,            // 组成集群预期需要的数量
      "server": true,                   // 表示当前使用的server模式
      "domain": "cluster.consul",       // 默认情况下，Consul响应"consul"中的DNS查询
      "retry_join": [                   // k8s集群
        "provider=k8s namespace=demo label_selector=\"app=consul,component=server\""
      ],
      "telemetry": {
        "prometheus_retention_time": "5m"
      }
    }
  ui.json: |
    {
      "ui" : true,                      // 启用内置的Web UI服务器和所需的HTTP路由
      "client_addr" : "0.0.0.0",
      "enable_script_checks" : false,
      "disable_remote_exec" : true
    }

应用资源配置清单

# kubectl apply -f headless.yaml
service/consul created
service/consul-web created
# kubectl apply -f config.yaml
configmap/consul-config  created
# kubectl apply -f consul.yaml
statefulset.apps/consul created