Устранение неполадок при развертывании ravendb в kubernetes - PullRequest
2 голосов
/ 22 марта 2019

Я развернул ravendb в кластере из 3 узлов в облаке Google.Однако это не доступно из браузера.Вот процедура и конфигурация, которой я следовал.Не могли бы вы помочь мне устранить неполадки службы и развертывания.Когда я запускаю команды get pods и get svc, pods и службы работают, но база данных недоступна из браузера.

Выполненная процедура:

I suggest you first run the setup wizard on your local dev machine and get the Let's Encrypt certificate. Just use 127.0.0.1:8080 as the IP, it's not important at the moment.
(Even better will be to get your own domain + certificate for production use)

You need to convert both the pfx file and the license.json file to base64, In c# for example:
Convert.ToBase64String(File.ReadAllBytes(@"C:\work\certs\cluster.server.certificate.iftah.pfx"))

Convert.ToBase64String(File.ReadAllBytes(@"C:\work\license.json"))

1. Create a GKE standard cluster with 3 nodes, no special settings. Let's call it raven-cluster
2. Install gcloud and kubectl (follow the getting started guide: https://cloud.google.com/kubernetes-engine/docs/quickstart)
run:
3. > gcloud container clusters get-credentials raven-cluster
4. > kubectl create clusterrolebinding my-cluster-admin-binding --clusterrole cluster-admin --user $(gcloud config get-value account)

Now you're ready to deploy. 
Edit the cluster.yaml file to include the base64 certificate (name: raven-ssl)
Edit the license.secret.yaml file to include the base64 license (name: ravendb-license)

4a) kubectl label node role=ingress-controller --all
5. kubectl create -f license.secret.yaml
6. kubectl create -f haproxy.yaml
7. kubectl create -f cluster.yaml
9. kubectl get pod
8. kubectl get svc

ravendb spec YAML:

apiVersion: v1
items:
- apiVersion: v1
  data:
    raven-0: "{\r\n  \"Setup.Mode\": \"None\",\r\n  \"DataDir\": \"/data/RavenData\",\r\n
      \ \"Security.Certificate.Path\": \"/ssl/ssl\",\r\n  \"ServerUrl\": \"https://0.0.0.0\",\r\n
      \ \"ServerUrl.Tcp\": \"tcp://0.0.0.0:38888\",\r\n  \"PublicServerUrl\": \"https://a.tej-test001.ravendb.community\",\r\n
      \ \"PublicServerUrl.Tcp\": \"tcp://tcp-a.tej-test001.ravendb.community:443\",\r\n
      \ \"License.Path\": \"/license/license.json\",\r\n  \"License.Eula.Accepted\":
      \"true\",\r\n  \"License.CanActivate\": \"false\",\r\n  \"License.CanForceUpdate\":
      \"false\",\r\n  \"Server.AllowedDestinations\": \"Azure\",\r\n}"
    raven-1: "{\r\n  \"Setup.Mode\": \"None\",\r\n  \"DataDir\": \"/data/RavenData\",\r\n
      \ \"Security.Certificate.Path\": \"/ssl/ssl\",\r\n  \"ServerUrl\": \"https://0.0.0.0\",\r\n
      \ \"ServerUrl.Tcp\": \"tcp://0.0.0.0:38888\",\r\n  \"PublicServerUrl\": \"https://b.tej-test001.ravendb.community\",\r\n
      \ \"PublicServerUrl.Tcp\": \"tcp://tcp-b.tej-test001.ravendb.community:443\",\r\n
      \ \"License.Path\": \"/license/license.json\",\r\n  \"License.Eula.Accepted\":
      \"true\",\r\n  \"License.CanActivate\": \"false\",\r\n  \"License.CanForceUpdate\":
      \"false\",\r\n  \"Server.AllowedDestinations\": \"Azure\",\r\n}"
    raven-2: "{\r\n  \"Setup.Mode\": \"None\",\r\n  \"DataDir\": \"/data/RavenData\",\r\n
      \ \"Security.Certificate.Path\": \"/ssl/ssl\",\r\n  \"ServerUrl\": \"https://0.0.0.0\",\r\n
      \ \"ServerUrl.Tcp\": \"tcp://0.0.0.0:38888\",\r\n  \"PublicServerUrl\": \"https://c.tej-test001.ravendb.community\",\r\n
      \ \"PublicServerUrl.Tcp\": \"tcp://tcp-c.tej-test001.ravendb.community:443\",\r\n
      \ \"License.Path\": \"/license/license.json\",\r\n  \"License.Eula.Accepted\":
      \"true\",\r\n  \"License.CanActivate\": \"false\",\r\n  \"License.CanForceUpdate\":
      \"false\",\r\n  \"Server.AllowedDestinations\": \"Azure\",\r\n}"
  kind: ConfigMap
  metadata:
    labels:
      app: ravendb
      cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
    name: raven-settings
    namespace: default
- apiVersion: apps/v1
  kind: StatefulSet
  metadata:
    labels:
      app: ravendb
      cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
    name: raven
    namespace: default
  spec:
    podManagementPolicy: OrderedReady
    replicas: 3
    revisionHistoryLimit: 10
    selector:
      matchLabels:
        app: ravendb
        cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
    serviceName: raven
    template:
      metadata:
        labels:
          app: ravendb
          cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
      spec:
        affinity:
          podAntiAffinity:
            requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                - key: cluster
                  operator: In
                  values:
                  - ee632d20-0a5f-40e4-a84a-5294da32d6d5
              topologyKey: kubernetes.io/hostname
        containers:
        - command:
          - /bin/sh
          - -c
          - /opt/RavenDB/Server/Raven.Server --config-path /config/$HOSTNAME
          image: ravendb/ravendb:latest
          imagePullPolicy: Always
          name: ravendb
          ports:
          - containerPort: 443
            name: http-api
            protocol: TCP
          - containerPort: 38888
            name: tcp-server
            protocol: TCP
          - containerPort: 161
            name: snmp
            protocol: TCP
          resources:
            limits:
              cpu: 256m
              memory: 1900Mi
            requests:
              cpu: 256m
              memory: 1900Mi
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
          - mountPath: /data
            name: data
          - mountPath: /ssl
            name: ssl
          - mountPath: /license
            name: license
          - mountPath: /config
            name: config
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        schedulerName: default-scheduler
        securityContext: {}
        terminationGracePeriodSeconds: 120
        volumes:
        - name: ssl
          secret:
            defaultMode: 420
            secretName: raven-ssl
        - configMap:
            defaultMode: 420
            name: raven-settings
          name: config
        - name: license
          secret:
            defaultMode: 420
            secretName: ravendb-license
    updateStrategy:
      rollingUpdate:
        partition: 0
      type: RollingUpdate
    volumeClaimTemplates:
    - metadata:
        labels:
          app: ravendb
          cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
        name: data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
- apiVersion: extensions/v1beta1
  kind: Ingress  
  metadata:
    annotations:
      ingress.kubernetes.io/ssl-passthrough: "true"
      kubernetes.io/ingress.class: "haproxy"
    labels:
      app: ravendb
      cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
    name: raven
    namespace: default
  spec:
    rules:
    - host: a.tej-test001.ravendb.community
      http:
        paths:
        - backend:
            serviceName: raven-0
            servicePort: 443
          path: /
    - host: tcp-a.tej-test001.ravendb.community
      http:
        paths:
        - backend:
            serviceName: raven-0
            servicePort: 38888
          path: /
    - host: b.tej-test001.ravendb.community
      http:
        paths:
        - backend:
            serviceName: raven-1
            servicePort: 443
          path: /
    - host: tcp-b.tej-test001.ravendb.community
      http:
        paths:
        - backend:
            serviceName: raven-1
            servicePort: 38888
          path: /
    - host: c.tej-test001.ravendb.community
      http:
        paths:
        - backend:
            serviceName: raven-2
            servicePort: 443
          path: /
    - host: tcp-c.tej-test001.ravendb.community
      http:
        paths:
        - backend:
            serviceName: raven-2
            servicePort: 38888
          path: /
- apiVersion: v1
  data:
    ssl: dfdjfdkljfdkjdkjd;kfjdkfjdklfj
  kind: Secret
  metadata:
    labels:
      app: ravendb
      cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
    name: raven-ssl
    namespace: default
  type: Opaque
- apiVersion: v1
  kind: Service
  metadata:
    labels:
      app: ravendb
      cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
    name: raven
    namespace: default
  spec:
    clusterIP: None
    ports:
    - name: http-api
      port: 443
      protocol: TCP
      targetPort: 443
    - name: tcp-server
      port: 38888
      protocol: TCP
      targetPort: 38888
    - name: snmp
      port: 161
      protocol: TCP
      targetPort: 161
    selector:
      app: ravendb
      cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
    sessionAffinity: None
    type: ClusterIP
  status:
    loadBalancer: {}
- apiVersion: v1
  kind: Service
  metadata:
    labels:
      app: ravendb
      cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
      node: "0"
    name: raven-0
    namespace: default
  spec:
    ports:
    - name: http-api
      port: 443
      protocol: TCP
      targetPort: 443
    - name: tcp-server
      port: 38888
      protocol: TCP
      targetPort: 38888
    - name: snmp
      port: 161
      protocol: TCP
      targetPort: 161
    selector:
      app: ravendb
      cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
      statefulset.kubernetes.io/pod-name: raven-0
    sessionAffinity: None
    type: ClusterIP
  status:
    loadBalancer: {}
- apiVersion: v1
  kind: Service
  metadata:
    labels:
      app: ravendb
      cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
      node: "1"
    name: raven-1
    namespace: default
  spec:
    ports:
    - name: http-api
      port: 443
      protocol: TCP
      targetPort: 443
    - name: tcp-server
      port: 38888
      protocol: TCP
      targetPort: 38888
    - name: snmp
      port: 161
      protocol: TCP
      targetPort: 161
    selector:
      app: ravendb
      cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
      statefulset.kubernetes.io/pod-name: raven-1
    sessionAffinity: None
    type: ClusterIP
  status:
    loadBalancer: {}
- apiVersion: v1
  kind: Service
  metadata:
    labels:
      app: ravendb
      cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
      node: "2"
    name: raven-2
    namespace: default
  spec:
    ports:
    - name: http-api
      port: 443
      protocol: TCP
      targetPort: 443
    - name: tcp-server
      port: 38888
      protocol: TCP
      targetPort: 38888
    - name: snmp
      port: 161
      protocol: TCP
      targetPort: 161
    selector:
      app: ravendb
      cluster: ee632d20-0a5f-40e4-a84a-5294da32d6d5
      statefulset.kubernetes.io/pod-name: raven-2
    sessionAffinity: None
    type: ClusterIP
  status:
    loadBalancer: {}
kind: List


haproxy spec yaml:

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ingress-controller
  namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: ingress-controller
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - secrets
    verbs:
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - "extensions"
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - "extensions"
    resources:
      - ingresses/status
    verbs:
      - update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
  name: ingress-controller
  namespace: default
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - pods
      - secrets
      - namespaces
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - get
      - update
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - create
  - apiGroups:
      - ""
    resources:
      - endpoints
    verbs:
      - get
      - create
      - update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-controller
subjects:
  - kind: ServiceAccount
    name: ingress-controller
    namespace: default
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: ingress-controller
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: ingress-controller
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-controller
subjects:
  - kind: ServiceAccount
    name: ingress-controller
    namespace: default
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: ingress-controller
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    run: ingress-default-backend
  name: ingress-default-backend
  namespace: default
spec:
  selector:
    matchLabels:
      run: ingress-default-backend
  template:
    metadata:
      labels:
        run: ingress-default-backend
    spec:
      containers:
      - name: ingress-default-backend
        image: gcr.io/google_containers/defaultbackend:1.0
        ports:
        - containerPort: 8080
        resources:
          limits:
            cpu: 10m
            memory: 20Mi
---
apiVersion: v1
kind: Service
metadata:
  name: ingress-default-backend
  namespace: default
spec:
  ports:
  - port: 8080
  selector:
    run: ingress-default-backend
---
apiVersion: v1
data:
  backend-server-slots-increment: "4"
  dynamic-scaling: "true"
kind: ConfigMap
metadata:
  name: haproxy-ingress
  namespace: default
---
apiVersion: apps/v1beta2
kind: Deployment
metadata:
  labels:
    run: haproxy-ingress
  name: haproxy-ingress
spec:
  selector:
    matchLabels:
      run: haproxy-ingress
  template:
    metadata:
      labels:
        run: haproxy-ingress
    spec:
      serviceAccountName: ingress-controller
      containers:
      - name: haproxy-ingress
        image: quay.io/jcmoraisjr/haproxy-ingress
        args:
        - --default-backend-service=$(POD_NAMESPACE)/ingress-default-backend
        - --configmap=$(POD_NAMESPACE)/haproxy-ingress
        - --reload-strategy=reusesocket
        ports:
        - name: https
          containerPort: 443
        - name: stat
          containerPort: 1936
        livenessProbe:
          httpGet:
            path: /healthz
            port: 10253
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
---
apiVersion: v1
kind: Service
metadata:
  labels:
    run: haproxy-ingress
  name: haproxy-ingress
  namespace: default
spec:
  type: LoadBalancer
  ports:
  - name: https
    port: 443
  - name: stat
    port: 1936
  selector:
    run: haproxy-ingress

1 Ответ

3 голосов
/ 27 марта 2019

Инструкции, которые вы имеете, являются частичными.Вы не обновили записи DNS.

kubectl get pod kubectl get pvc Запишите поле EXTERNAL-IP службы доступа к haproxy.Это может занять пару минут, пока IP не будет выделен.Вам нужно будет использовать его для обновления DNS-записи вашего домена.Перейдите на Customers.ravendb.net и отредактируйте запись DNS для нового внешнего IP-адреса, который вы получили.(или если у вас есть собственный домен, сделайте это с вашим провайдером домена) Когда все вороны будут готовы, вы можете перейти в браузер и получить доступ к кластеру.
...