Are you sure you want to delete this task? Once this task is deleted, it cannot be recovered.
huolongshe d05fad9652 | 1 year ago | |
---|---|---|
.. | ||
gpushare | 1 year ago | |
plugin_gpushare | 1 year ago | |
plugin_metrics | 1 year ago | |
plugin_nvidia_device | 1 year ago | |
service | 1 year ago | |
storage | 1 year ago | |
README.md | 1 year ago |
在将CubePy微服务框架及样例微服务应用部署至k8s云原生环境之前,可以先在单机上使用minikube进行部署测试。
首先参照 根目录README文档 完成 CubePy 基础开发环境配置。
Minikube官方文档参见:https://minikube.sigs.k8s.io/docs/ 。
建议使用 minikube v1.25.2 版本,集群搭建步骤如下:
如果使用 Ubuntu 16.4 ,需在每次重启系统后执行如下操作(Ubuntu 18.4/20.4 不需要):
修改 /etc/resolv.conf 文件:
将其中 “nameserver 127.0.x.x” 改为: “nameserver 114.114.114.114”
使用非root用户登录,配置其具有操作docker的权限:
$ sudo usermod -aG docker $USER
$ newgrp docker
安装kubectl:
$ curl -LO “https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl”
$ sudo install kubectl /usr/local/bin/kubectl
配置HostPath Volume持久化:
$ sudo sysctl fs.protected_regular=0
$ sudo mkdir -p /var/tmp/hostpath-provisioner /tmp/hostpath-provisioner
$ sudo mount --bind /var/tmp/hostpath-provisioner /tmp/hostpath-provisioner
$ echo '/var/tmp/hostpath-provisioner /tmp/hostpath-provisioner none defaults,bind 0 0' |sudo tee -a /etc/fstab
拉取minikube依赖的镜像:
$ docker pull registry.aliyuncs.com/google_containers/storage-provisioner:v5
$ docker tag registry.aliyuncs.com/google_containers/storage-provisioner:v5 registry.aliyuncs.com/google_containers/k8s-minikube/storage-provisioner:v5
安装minikube:
$ curl -LO https://storage.googleapis.com/minikube/releases/v1.25.2/minikube-linux-amd64
$ sudo install minikube-linux-amd64 /usr/local/bin/minikube
启动minikube:
如果以前启动过其他版本的minikube,需要先清除相关痕迹:
$ minikube delete --all
$ minikube delete
$ sudo rm -rf .kube/
$ sudo rm -rf .minikube/
$ sudo rm -rf /etc/kubernetes/
$ sudo rm /tmp/juju*
$ sudo rm /tmp/minikube*
$ sudo rm -rf /var/lib/minikube/
然后执行如下命令其中minikube:
$ sudo -E minikube start --driver=none --image-mirror-country=cn --image-repository=registry.aliyuncs.com/google_containers --insecure-registry "10.100.1.2" --install-addons false --extra-config=kubelet.cgroup-driver=systemd
注意,上述 --insecure-registry 参数值需要替换成本机网卡的IP地址或地址段,例如192.168.1.x或192.168.1.0/24,请根据实际情况修改。
等待显示:Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default,表示集群启动完毕。然后执行:
$ sudo chown -R $USER $HOME/.kube $HOME/.minikube
如果需要在k8s中使用GPU,可通过执行以下命令来配置gpushare(可选):
$ sh ~/cubenet/cubepy/minikube/gpushare/deploy_gpushare.sh
配置metrics-server(可选):
$ kubectl apply -f ~/cubenet/cubepy/minikube/plugin_metrics
$ kubectl -nkube-system patch deploy metrics-server --patch '{"spec":{"template":{"spec":{"containers":[{"name":"metrics-server","args":["--cert-dir=/tmp","--secure-port=4443","--kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP","--kubelet-use-node-status-port","--metric-resolution=15s","--kubelet-insecure-tls"]}]}}}}'
配置dashboard:
$ minikube addons enable dashboard --images="Dashboard=dashboard:v2.5.1,MetricsScraper=metrics-scraper:v1.0.7"
配置远程连接权限:
$ kubectl -nkube-system create sa remote-admin
$ kubectl create clusterrolebinding remote-admin --clusterrole=cluster-admin --serviceaccount=kube-system:remote-admin
启动dashboard界面:
$ minikube dashboard
等待显示Opening http://127.0.0.1:3xxxx/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/ in your default browser...,命令会自动调用浏览器打开dashboard。
如果未自动打开浏览器,请将上述URL复制到浏览器打开。
停止minkube:
$ minikube stop
重启minikube集群:
$ sudo -E minikube start
$ sudo chown -R $USER $HOME/.kube $HOME/.minikube
彻底删除minkube集群:
$ minikube delete --all
Istio的安装基于minikube,需要预先安装并启动好minikube。
安装Istio:
$ wget https://github.com/istio/istio/releases/download/1.13.2/istio-1.13.2-linux-amd64.tar.gz --no-check-certificate
$ tar -xvf istio-1.13.2-linux-amd64.tar.gz
$ ./istio-1.13.2/bin/istioctl install --set hub=mirror.baidubce.com/istio -y
$ kubectl -nistio-system patch svc istio-ingressgateway --patch '{"spec":{"externalIPs":["'"$(minikube ip)"'"],"ports":[{"name":"nexus-ui","port":8081,"protocol":"TCP","targetPort":8081},{"name":"uaa-mysql","port":13306,"protocol":"TCP","targetPort":13306},{"name":"umm-mysql","port":13307,"protocol":"TCP","targetPort":13307}]}}'
安装prometheus、grafan、jaeger和kiali等遥测插件(可选,需要时安装)
$ sed -i 's/image: "/image: "mirror.baidubce.com\//' istio-1.13.2/samples/addons/prometheus.yaml
$ sed -i 's/image: "/image: "mirror.baidubce.com\//' istio-1.13.2/samples/addons/grafana.yaml
$ sed -i 's/docker.io/mirror.baidubce.com/' istio-1.13.2/samples/addons/jaeger.yaml
$ sed -i 's/Always/IfNotPresent/' istio-1.13.2/samples/addons/kiali.yaml
$ sed -i '/external_services:/a\ grafana:\n url: "http://'$(minikube ip)':15031"\n tracing:\n url: "http://'$(minikube ip)':15032/jaeger"' istio-1.13.2/samples/addons/kiali.yaml
$ kubectl apply -f istio-1.13.2/samples/addons/
对外暴露遥测插件的端口:
$ kubectl apply -f ~/cubenet/cubepy/minikube/telemetry/expose.yaml
$ kubectl -nistio-system patch svc istio-ingressgateway --patch '{"spec":{"ports":[{"name":"kiali","port":15029,"protocol":"TCP","targetPort":15029},{"name":"prometheus","port":15030,"protocol":"TCP","targetPort":15030},{"name":"grafana","port":15031,"protocol":"TCP","targetPort":15031},{"name":"tracing","port":15032,"protocol":"TCP","targetPort":15032}]}}'
安装完成后,可以通过下列地址访问遥测插件:
- Kiali:http://<命令minikube ip输出的地址>:15029
- Prometheus:http://<命令minikube ip输出的地址>:15030
- Grafana:http://<命令minikube ip输出的地址>:15031
- Jaeger:http://<命令minikube ip输出的地址>:15032
编译打包微服务docker镜像
预先将CubePy源代码下载至当前帐号的 cubenet 目录之下,然后:
$ cd ~/cubenet/cubepy/
$ sh build-dockers.sh
修改 ./service/cubepy-configmap.yml 配置文件内容(参照其中相关注释)。
修改 ./service/ingressgateway.yml 配置文件,将其中出现的所有IP地址(例如:1092.168.1.2)替换成如下命令的输出值(通常为本机网卡IP地址):
$ minikube ip
创建CubePy项目命名空间:
$ kubectl create namespace cubenet
$ kubectl label namespace cubenet istio-injection=enabled
拉起平台运行需要用到的存储资源:
$ kubectl apply -f ~/cubenet/cubepy/minikube/storage
拉起平台运行需要用到的其他资源和微服务:
$ kubectl apply -f ~/cubenet/cubepy/minikube/service
配置Nexus服务器:
等待nexus服务启动完成后,执行nexus自动配置操作:
$ sh ~/cubenet/cubepy/minikube/service/nexus_configure_minikube.sh
屏幕输出中出现如下JSON格式数据后,才表示配置成功(如不成功请多试几次):
{
"enabled" : true,
"userId" : "anonymous",
"realmName" : "NexusAuthorizingRealm"
}
查看所有资源是否正常(也可在dashboard图形界面中查看):
$ kubectl -ncubenet get cm,pvc,pv,deploy,po,svc,vs,gw -owide
在开发过程中,如某个微服务代码有更新,以uaa为例,打包新的uaa镜像之后需要执行如下命令来重启该微服务:
$ kubectl -ncubenet delete pod -l app=uaa
在浏览器中输入如下地址打开CubePy平台页面:
http://<命令 minikube ip 的输出值>
停止并删除部署在Minikube中的CubePy微服务:
$ kubectl delete -f ~/cubenet/cubepy/minikube/service
重启CubePy微服务:
$ kubectl apply -f ~/cubenet/cubepy/minikube/service
Dear OpenI User
Thank you for your continuous support to the Openl Qizhi Community AI Collaboration Platform. In order to protect your usage rights and ensure network security, we updated the Openl Qizhi Community AI Collaboration Platform Usage Agreement in January 2024. The updated agreement specifies that users are prohibited from using intranet penetration tools. After you click "Agree and continue", you can continue to use our services. Thank you for your cooperation and understanding.
For more agreement content, please refer to the《Openl Qizhi Community AI Collaboration Platform Usage Agreement》