# cncamp **Repository Path**: wang5620079/cncamp ## Basic Information - **Project Name**: cncamp - **Description**: 云原生训练营作业 - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2021-10-17 - **Last Updated**: 2022-01-16 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # 云原生训练营 ## 一、模块二: #### 要求 ![image-20211126190050683](https://gitee.com/wang5620079/mypics/raw/master//202111261900735.png) ### 作业说明: 作业是在windows环境下,用goland写的。启动的时候加入“**-alsologtostderr**”启动参数就可以将日志打印在控制台中。 ### 有疑问的地方: HTTP返回码怎么才能更好的获取? ----------------- ## 二、模块三:将作业2.2中的httpserver打包镜像 作业截图说明如下: ![image-20211019152710467](https://gitee.com/wang5620079/mypics/raw/master//202110191527523.png) #### 1)打包镜像 先编译,生成二进制文件 ![image-20211019152954811](https://gitee.com/wang5620079/mypics/raw/master//202110191529841.png) 详见项目中的cncamp/httpserver/Dockerfile ```dockerfile FROM alpine:3.13.6 #设置工作目录 WORKDIR /httpserver #拷贝生成的bin文件,其实可以用级联构建 COPY bin/main . #设置时区 RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime RUN echo 'Asia/Shanghai' >/etc/timezone #添加一个环境变量,用于验证环境变量获取 ENV version=v1.0.0 #暴露端口 EXPOSE 8080 RUN chmod a+x main #启动服务 CMD ["/httpserver/main","-alsologtostderr"] ``` **需要注意的点:** 在linux中,如果要编译容器中,遇到“[standard_init_linux.go:190: exec user process caused "no such file or directory" - Docker](https://stackoverflow.com/questions/51508150/standard-init-linux-go190-exec-user-process-caused-no-such-file-or-directory)”的问题,根据连接说明记录,需要设置export CGO_ENABLED=0环境变量,然后再编译,才可以在容器中使用。 docker打包运行的命令: 打包镜像: docker build -t gohttpserver:v1.0.0 -f Dockerfile . 运行镜像: docker run -d -P gohttpserver:v1.0.0 访问主机: http://192.168.100.10:8080 截图如下: ![](https://gitee.com/wang5620079/mypics/raw/master//202110172318334.png) #### 2)镜像上传 这里我没有用docker hub,用的是阿里云镜像仓库,我有自己注册的镜像仓库账号。截图如下: ![image-20211019151915633](https://gitee.com/wang5620079/mypics/raw/master//202110191519679.png) #### 3)镜像运行,并用nsenter命令查看ip配置 截图如下: ![image-20211019152026013](https://gitee.com/wang5620079/mypics/raw/master//202110191520074.png) ## 三、模块八&模块九——课后作业: #### 模块八作业: ![image-20211126144215684](https://gitee.com/wang5620079/mypics/raw/master//202111261442745.png) #### 模块九作业: ![image-20211126144305147](https://gitee.com/wang5620079/mypics/raw/master//202111261443191.png) #### 作业内容说明: 作业内容详见代码仓库: **分支:**master **go代码**: cncamp/httpserver/src/main.go **yaml部署文件代码(合并为一个文件):** cncamp/httpserver/httpserver.yaml #### 模块八关键点说明 ##### 1、优雅启动 部署文件中增加startupprobe、livenessprobe、readinessprobe: ![image-20211126192411113](https://gitee.com/wang5620079/mypics/raw/master//202111261924146.png) ##### 2、优雅终止 首先,代码中有对syscall.SIGINT, syscall.SIGTERM的处理: ![image-20211126192117582](https://gitee.com/wang5620079/mypics/raw/master//202111261921629.png) 其次,显示增加了优雅退出设定值terminationGracePeriodSeconds(虽然默认值也是30 ^_^): ![image-20211126192547973](https://gitee.com/wang5620079/mypics/raw/master//202111261925003.png) ##### 3、资源需求和Qos保证 ![image-20211126192706355](https://gitee.com/wang5620079/mypics/raw/master//202111261927381.png) pod运行起来后,其Qos class如下: ![image-20211126192806385](https://gitee.com/wang5620079/mypics/raw/master//202111261928413.png) ##### 4、探活 如上各种探针截图。 运行的日志截图如下(日志格式没有统一规范,先暂且忽略吧): ![image-20211126192933096](https://gitee.com/wang5620079/mypics/raw/master//202111261929148.png) ##### 5、日常运维和日志等级 这个放在configmap和volumes中了: ![image-20211126193122028](https://gitee.com/wang5620079/mypics/raw/master//202111261931057.png) ![image-20211126193204307](https://gitee.com/wang5620079/mypics/raw/master//202111261932339.png) ##### 6、配置和代码分离 上面的configmap设定日志级别和输出路径,是一个体现。另外一个header,header里面可以读取这个配置文件,在返回的header和responsebody中输出这个label的值,主要代码如下 ![image-20211126193507383](https://gitee.com/wang5620079/mypics/raw/master//202111261935432.png) #### 模块九关键点说明: ##### 1、添加service和ingress 详见代码仓库里面的**httpserver/httpserver.yaml**这个文件。 注意: ###### 1)需要创建tls用的secret,我用的是如下的命令: ```sh #生成自签名证书文件 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.cert -subj "/CN=*.my-site.com/O=*.my-site.com" #创建secret kubectl create secret tls my-site.com --cert=tls.cert --key=tls.key ``` ###### 2)ingress配置中加上tls的配置 ![image-20211126194132172](https://gitee.com/wang5620079/mypics/raw/master//202111261941210.png) ###### 3)hosts中配置好节点的url映射即可访问 ![image-20211126194259625](https://gitee.com/wang5620079/mypics/raw/master//202111261942657.png) ##### 2、保证应用的高可用 ###### 1)可以在deployment中设置副本数 ![image-20211126194829432](https://gitee.com/wang5620079/mypics/raw/master//202111261948463.png) ###### 2)为deployment设置HPA,自动扩缩容 ```sh kubectl autoscale deployment httpserver --cpu-percent=50 --min=1 --max=10 ``` 具体的自动扩缩容,官网有演示: https://v1-17.docs.kubernetes.io/zh/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/ ## 四、模块十——课后作业(补交) ### 作业要求: 1. 为 HTTPServer 添加 0-2 秒的随机延时 2. 为 HTTPServer 项目添加延时 Metric 3. 将 HTTPServer 部署至测试集群,并完成 Prometheus 配置 4. 从 Promethus 界面中查询延时指标数据 5. (可选)创建一个 Grafana Dashboard 展现延时分配情况 ### 作业内容及说明 分为以下几个步骤 1、metrics初始化 ![image-20220116120754007](https://gitee.com/wang5620079/mypics/raw/master//202201161207046.png) 2、根据老师的代码,对httpserver进行了一部分改造: ![image-20220116115813919](https://gitee.com/wang5620079/mypics/raw/master//202201161158973.png) 3、对服务添加注解 ## 五、模块作业十二——把我们的 httpserver 服务以 Istio Ingress Gateway 的形式发布出来 ### 作业要求 以下是你需要考虑的几点: - 如何实现安全保证; - 七层路由规则; - 考虑 open tracing 的接入。 ### 作业内容说明: 作业总共分为以下几个步骤: #### 1、创建命名空间并为ns打上标签 ``` shell kubectl create ns cncamp kubectl label ns cncamp istio-injection=true ``` #### 2、发布服务到此ns中 ```yaml #service0的deploy apiVersion: apps/v1 kind: Deployment metadata: labels: app: service0-deploy version: v1 name: service0-deploy namespace: cncamp spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: service0-deploy strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: service0-deploy version: v1 spec: containers: - image: registry.cn-beijing.aliyuncs.com/wang5620079/cncamp:service0-v1.1 imagePullPolicy: IfNotPresent name: service ports: - containerPort: 80 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 --- #service0的svc apiVersion: v1 kind: Service metadata: labels: app: service0-svc name: service0 namespace: cncamp spec: ports: - port: 80 protocol: TCP name: http targetPort: 80 selector: app: service0-deploy type: NodePort --- #service1的deploy apiVersion: apps/v1 kind: Deployment metadata: labels: app: service1-deploy version: v1 name: service1-deploy namespace: cncamp spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: service1-deploy strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: service1-deploy version: v1 spec: containers: - image: registry.cn-beijing.aliyuncs.com/wang5620079/cncamp:service1-v1.1 imagePullPolicy: IfNotPresent name: service ports: - containerPort: 80 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 --- #service1的svc apiVersion: v1 kind: Service metadata: labels: app: service1-svc name: service1 namespace: cncamp spec: ports: - port: 80 protocol: TCP name: http targetPort: 80 selector: app: service1-deploy type: ClusterIP --- #service2的deploy apiVersion: apps/v1 kind: Deployment metadata: labels: app: service2-deploy version: v1 name: service2-deploy namespace: cncamp spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: service2-deploy strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: service2-deploy version: v1 spec: containers: - image: registry.cn-beijing.aliyuncs.com/wang5620079/cncamp:service2-v1.1 imagePullPolicy: IfNotPresent name: service ports: - containerPort: 80 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 --- #service2的svc apiVersion: v1 kind: Service metadata: labels: app: service2-svc name: service2 namespace: cncamp spec: ports: - port: 80 protocol: TCP name: http targetPort: 80 selector: app: service2-deploy type: ClusterIP ``` #### 3、发布istio的vs、ds和gateway ```yaml #先定义dr --- #service0服务的dr apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: service0 namespace: cncamp spec: host: service0.cncamp.svc.cluster.local subsets: - name: v1 labels: version: v1 --- #service1服务的dr apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: service1 namespace: cncamp spec: host: service1.cncamp.svc.cluster.local subsets: - name: v1 labels: version: v1 --- #service2服务的dr apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: service2 namespace: cncamp spec: host: service2.cncamp.svc.cluster.local subsets: - name: v1 labels: version: v1 --- #创建入口网关服务 apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: service-gateway namespace: cncamp spec: selector: istio: ingressgateway # use istio default controller servers: - port: number: 80 name: http protocol: HTTP hosts: - '*' --- #定义mybookstore-front-app虚拟服务,把front和app服务结合起来了,共同暴露到ingressgateway中,对外提供服务 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: service0 namespace: cncamp spec: hosts: - "*" gateways: - service-gateway http: - match: - uri: prefix: / route: - destination: host: service0.cncamp.svc.cluster.local port: number: 80 --- #定义service1虚拟服务 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: service1 namespace: cncamp spec: hosts: - service1.cncamp.svc.cluster.local http: - match: - uri: prefix: / route: - destination: host: service1.cncamp.svc.cluster.local port: number: 80 --- #定义service2虚拟服务 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: service2 namespace: cncamp spec: hosts: - service2.cncamp.svc.cluster.local http: - match: - uri: prefix: / route: - destination: host: service2.cncamp.svc.cluster.local port: number: 80 ``` #### 4、最终实现服务的发布 ![image-20220116130222475](https://gitee.com/wang5620079/mypics/raw/master//202201161303454.png)