go-micro 基于k8s做服务发现
马浩淼
go-micro 基于k8s做服务发现
go-micro 可以基于k8s做服务发现,需要开启RBAC
制作镜像
micro-hello 是基于go-micro框架的服务
Dokerfile
FROM alpine
ADD micro-hello /micro-hello
ENTRYPOINT /micro-hello --registry kubernetes
执行命令生成镜像
~# docker build . -t micro-hello-default-k8s:latest
创建serviceAccount
serviceAccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: micro-services
- 执行命令 kubectl apply -f serviceAccount.yaml
- 查看serviceAccount是否创建成功
~$ kubectl get sa
NAME SECRETS AGE
default 1 4d20h
micro-services 1 3h24m
~$ kubectl describe sa micro-services
Name: micro-services
Namespace: default
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: micro-services-token-qbhfz
Tokens: micro-services-token-qbhfz
Events: <none>
创建clusterRole
clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: micro-registry
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- patch
- watch
- 执行命令 kubectl apply -f clusterrole.yaml
- 检查clusterRole的状态
~$ kubectl get clusterrole
NAME CREATED AT
admin 2021-08-20T09:30:09Z
calico-kube-controllers 2021-08-20T09:38:15Z
calico-node 2021-08-20T09:38:16Z
cluster-admin 2021-08-20T09:30:08Z
edit 2021-08-20T09:30:09Z
kubeadm:get-nodes 2021-08-20T09:30:19Z
micro-registry 2021-08-24T09:06:28Z
~$ kubectl describe clusterrole micro-registry
Name: micro-registry
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods [] [] [list patch watch]
创建 rolebinging
rulebinging.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: micro-registry
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: micro-registry
subjects:
- kind: ServiceAccount
name: micro-services
namespace: default
- 执行命令 kubectl apply -f rulebinging.yaml
- 检查roleBind的状态
~$ kubectl get rolebinding
NAME ROLE AGE
micro-registry ClusterRole/micro-registry 21h
~$ kubectl describe rolebinding micro-registry
Name: micro-registry
Labels: <none>
Annotations: <none>
Role:
Kind: ClusterRole
Name: micro-registry
Subjects:
Kind Name Namespace
---- ---- ---------
ServiceAccount micro-services default
部署镜像
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: micro-hello-default
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: micro-hello-default
template:
metadata:
labels:
app: micro-hello-default
spec:
serviceAccountName: micro-services
containers:
- name: hello
image: micro-hello-default-k8s:test
- 执行命令 kubectl apply -f deployment.yaml
- 检查pods是否允许正常
~$ kubectl get pods -n default
NAME READY STATUS RESTARTS AGE
micro-client-79fb798cd5-sjrcc 1/1 Running 0 99m
micro-hello-default-7cf4bd79d7-gtdpc 1/1 Running 0 3h21m
nginx-deployment-748c6fff66-kmtjw 1/1 Running 1 (4h42m ago) 21h
~$ kubectl logs -f micro-hello-default-7cf4bd79d7-gtdpc
2021-08-25 03:12:07 file=v3@v3.6.0/service.go:199 level=info Starting [service] micro-hello
2021-08-25 03:12:07 file=server/rpc_server.go:820 level=info Transport [http] Listening on [::]:33989
2021-08-25 03:12:07 file=server/rpc_server.go:840 level=info Broker [http] Connected to 127.0.0.1:35617
2021-08-25 03:12:07 file=server/rpc_server.go:654 level=info Registry [kubernetes] Registering node: micro-hello-1196f798-8218-4c81-a646-196292ddefc0
如果出现下面的错误,一般是因为权限问题,检查一下配置设置的是否正确
2019/06/27 12:54:13 K8s: request failed with code 403
2019/06/27 12:54:13 K8s: request failed with body:
2019/06/27 12:54:13 {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods \"micro-hello-default-7cf4bd79d7-gtdpc\" is forbidden: User \"system:serviceaccount:micro-services:default\" cannot patch resource \"pods\" in API group \"\" in the namespace \"default\"","reason":"Forbidden","details":{"name":"micro-hello-default-7cf4bd79d7-gtdpc","kind":"pods"},"code":403}
2019/06/27 12:54:13 Server register error: K8s: error
类似资料: