环境信息:
域名:discourse-k8s.onap.vip
服务器地区:内网
配置: 8个CPU,16G内存
系统:centos7.9
docker 版本:18.09.5
k8s 版本:v1.18.10
helm版本:v3.6.2
镜像构建机器:192.168.0.4 香港(避免安装github插件失败)
一、基础环境搭建
1、k8s部署参考:rke部署allinone k8s
2、helm部署参考
wget https://get.helm.sh/helm-v3.6.2-linux-amd64.tar.gz
tar -xf helm-v3.6.2-linux-amd64.tar.gz
mv linux-amd64/helm /usr/bin/
chmod a+x /usr/bin/helm
3、配置storageclass
helm repo add kvaps https://kvaps.github.io/charts
helm repo update
helm install nfs-server-provisioner \
--set persistence.enabled=true \
--set persistence.size=30Gi \
--set persistence.storageClass=standard \
--set storageClass.defaultClass=true \
--set nodeSelector.kubernetes\\.io/hostname=allinone \
kvaps/nfs-server-provisioner
cat > nfs-server-pv.yaml <<EOF
apiVersion: v1
kind: PersistentVolume
metadata:
name: data-nfs-server-provisioner-0
spec:
capacity:
storage: 30Gi
accessModes:
- ReadWriteOnce
hostPath:
## 绑定在node上的位置
path: /data/k8s/volumes/data-nfs-server-provisioner-0
claimRef:
namespace: default
## 自动生成的pvc名字
name: data-nfs-server-provisioner-0
EOF
kubectl apply -f nfs-server-pv.yaml
4、验证nfs storageclass可用性
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-pvc
spec:
storageClassName: "nfs"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
二、构建discourse镜像
注意事项:构建机器需要安装docker、可以正常访问github
1、构建镜像,搭建临时数据库,创建对应的数据库结构用的,构建完镜像删除即可(香港机器)
docker run -itd --restart=always -p 5432:5432 --name postgresql -v /data/postgresql/data:/var/lib/postgresql/data -e POSTGRES_USER=discourse -e POSTGRES_PASSWORD=discourse -e POSTGRES_DB=discourse postgres
docker run -itd --restart=always -p 6379:6379 --name redis-server -v /data/redis/data:/data redis redis-server --protected-mode no
2、clone discourse代码
git clone https://github.com/discourse/discourse_docker.git /var/discourse
3、配置构建文件,安装所需插件
cat /var/discourse/containers/web_only.yml
templates:
- "templates/web.template.yml"
- "templates/web.ratelimited.template.yml"
env:
LANG: en_US.UTF-8
UNICORN_WORKERS: 2
DISCOURSE_DB_USERNAME: discourse
DISCOURSE_DB_PASSWORD: 'discourse'
DISCOURSE_DB_HOST: 192.168.0.4。#构建机器的内网ip
DISCOURSE_DB_NAME: discourse
DISCOURSE_DEVELOPER_EMAILS: 'duanshuaixing@gmail.com'
DISCOURSE_HOSTNAME: 'discourse-k8s.onap.vip'
DISCOURSE_REDIS_HOST: 192.168.0.4 #构建机器的内网ip
hooks:
after_code:
- exec:
cd: $home/plugins
cmd:
- mkdir -p plugins
- git clone https://github.com/discourse/docker_manager.git
- git clone https://github.com/discourse/discourse-solved.git
- git clone https://github.com/discourse/discourse-math.git
- git clone https://github.com/discourse/discourse-voting.git
- git clone https://github.com/discourse/discourse-push-notifications.git
- git clone https://github.com/discourse/discourse-spoiler-alert.git
- git clone https://github.com/discourse/discourse-graphviz.git
- git clone https://github.com/unfoldingWord-dev/discourse-mermaid.git
- git clone https://github.com/discourse/discourse-checklist.git
- git clone https://github.com/discourse/discourse-assign.git
- git clone https://github.com/discourse/discourse-linkify-words.git
- git clone https://github.com/communiteq/discourse-suppress-category-from-latest.git
- git clone https://github.com/discourse/discourse-prometheus.git
- git clone https://github.com/discourse/discourse-docs.git
- git clone https://github.com/discourse/discourse-docs-card-filter.git
- git clone https://github.com/discourse/discourse-oauth2-basic.git
run:
- exec:
cd: /var/www/discourse
cmd:
- sed -i 's/GlobalSetting.serve_static_assets/true/' config/environments/production.rb
- bash -c "touch -a /shared/log/rails/{sidekiq,puma.err,puma}.log"
- bash -c "ln -sf /shared/log/rails/{sidekiq,puma.err,puma}.log log/"
- sed -i 's/default \$scheme;/default https;/' /etc/nginx/conf.d/discourse.conf
- sed -i 's,^\(MinProtocol[ ]*=\).*,\1'TLSv1.0',g' /etc/ssl/openssl.cnf;
- sed -i 's,^\(CipherString[ ]*=\).*,\1'DEFAULT@SECLEVEL=1',g' /etc/ssl/openssl.cnf;
- yarn config set registry https://registry.npm.taobao.org/ ;
cd /var/discourse/
./launcher bootstrap web_only
docker tag local_discourse/web_only:latest registry.baidubce.com/tools/discourse_web_only:latest
docker push registry.baidubce.com/tools/discourse_web_only:latest
4、创建namespaces
kubectl create ns discourse-onap
5、数据库yaml文件
discourse-db.yaml
apiVersion: v1
kind: Secret
metadata:
name: secret
type: Opaque
stringData:
dbUsername: discourse
dbPassword: discourse
smtpUsername: discourse@noreply.onap.vip
smtpPassword: smtpPassword
---
apiVersion: v1
kind: Service
metadata:
name: redis-discourse
labels:
app: redis-discourse
spec:
ports:
- port: 6379
targetPort: 6379
selector:
app: redis-discourse
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis-discourse
spec:
replicas: 1
selector:
matchLabels:
app: redis-discourse
template:
metadata:
labels:
app: redis-discourse
spec:
containers:
- name: master
image: redis
resources:
requests:
cpu: 500m
memory: 500Mi
ports:
- containerPort: 6379
---
apiVersion: v1
kind: Service
metadata:
name: pgsql
labels:
app: pgsql-server
spec:
ports:
- port: 5432
selector:
app: pgsql-server
clusterIP: None
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pgsql-pv-claim
labels:
app: pgsql-server
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: nfs-storage
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pgsql
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: pgsql-server
template:
metadata:
labels:
app: pgsql-server
spec:
containers:
- name: pgsql-server
image: postgres:latest
ports:
- containerPort: 5432
volumeMounts:
- name: pgsql-storage
mountPath: /var/lib/postgresql/data
env:
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: secret
key: dbUsername
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: secret
key: dbPassword
- name: POSTGRES_DB
value: discourse
nodeSelector:
rbd: "true"
volumes:
- name: pgsql-storage
persistentVolumeClaim:
claimName: pgsql-pv-claim
---
6、web服务yaml文件discourse-web.yaml
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: discourse-k8s-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: discourse-k8s.onap.vip
http:
paths:
- path:
backend:
serviceName: web-server
servicePort: 80
tls:
- hosts:
- discourse-k8s.onap.vip
secretName: discourse-https-secret
---
apiVersion: v1
kind: Service
metadata:
name: web-server
labels:
app: web-server
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: web-server
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: discourse-pv-claim
labels:
app: web-server
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: nfs-storage
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-server
spec:
replicas: 1
selector:
matchLabels:
app: web-server
template:
metadata:
labels:
app: web-server
spec:
containers:
- name: web-server
image: registry.baidubce.com/discourse/web_only:2.9.0.beta1
command: ["/sbin/boot"]
ports:
- containerPort: 80
env:
- name: DISCOURSE_DB_USERNAME
valueFrom:
secretKeyRef:
name: secret
key: dbUsername
- name: DISCOURSE_DB_PASSWORD
valueFrom:
secretKeyRef:
name: secret
key: dbPassword
- name: DISCOURSE_DB_HOST
value: pgsql
- name: DISCOURSE_DB_NAME
value: discourse
- name: DISCOURSE_REDIS_HOST
value: redis-discourse
- name: DISCOURSE_DEVELOPER_EMAILS
value: duanshuaixing@gmail.com
- name: DISCOURSE_HOSTNAME
value: discourse-k8s.onap.vip
- name: DISCOURSE_SMTP_ADDRESS
value: smtpdm.aliyun.com
- name: DISCOURSE_SMTP_PORT
value: "80"
- name: DISCOURSE_SMTP_USER_NAME
valueFrom:
secretKeyRef:
name: secret
key: smtpUsername
- name: DISCOURSE_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: secret
key: smtpPassword
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 1
memory: 2Gi
imagePullPolicy: IfNotPresent
volumeMounts:
- name: discourse-storage
mountPath: /shared
volumes:
- name: discourse-storage
persistentVolumeClaim:
claimName: discourse-pv-claim
7、创建secret
kubectl -n discourse-onap create secret tls discourse-https-secret --cert=ssl.crt --key=ssl.key
8、部署服务
kubectl -n discourse-onap apply -f discourse-db.yaml -f discourse-web.yaml
9、配置服务
登录到 pgsql 容器
kubectl -n discourse-onap exec -it pgsql-f656db5c7-drv9d bash
psql -U discourse discourse -c "create extension if not exists hstore;"
psql -U discourse discourse -c "create extension if not exists pg_trgm;"
登录到 discourse 容器
kubectl -n discourse-onap exec -it web-server-fb77b8444-z2676 bash
rake db:migrate
创建admin用户
rake admin:create
三、论坛监控与告警
1、监控数据采集(web服务已经安装Prometheus插件),需要对接到prometheus中,参考:Prometheus部署
2、添加discourse web-server的ServiceMonitor
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app: web-server
release: prometheus-operator
name: discourse-webserver
namespace: monitoring
spec:
endpoints:
- interval: 1s
namespaceSelector:
matchNames:
- discourse-onap
selector:
matchLabels:
app: web-server
3、grafana内添加模板(https://grafana.com/dashboards/3539),查看监控指标