作者:朱雷
文章目录
- 1、环境准备
- 2、双架构镜像
- 3、sts部署文件
-
- [3.1. headless-service.yaml](#3.1. headless-service.yaml)
- [3.2. svc.yaml(可选)](#3.2. svc.yaml(可选))
- [3.3. rbac.yaml](#3.3. rbac.yaml)
- [3.4. sc.yaml](#3.4. sc.yaml)
- [3.5. pv.yaml](#3.5. pv.yaml)
- [3.6. secret.yaml](#3.6. secret.yaml)
- [3.7. cm.yaml](#3.7. cm.yaml)
- [3.8. rabbitmq-sts.yaml](#3.8. rabbitmq-sts.yaml)
1、环境准备
| 组件 | 架构 | 版本 | 备注 |
|---|---|---|---|
| Rabbitmq | Linux/amd64 | V4.0.9 | 64位架构 |
| Rabbitmq | Linux/arm64/v8 | V4.0.9 | 64位架构 |
| K8S | Linux | v1.23.6 |
2、双架构镜像
Rabbitmq Linux/amd64下载官方镜像:
docker pull --platform Linux/amd64 rabbitmq:4.0.9-management
docker tag rabbitmq:4.0.9-management 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management-amd64-x86
docker push 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management -amd64-x86Rabbitmq Linux/arm64下载官方镜像:
docker pull --platform Linux/arm64/v8 rabbitmq:4.0.9-management
docker tag rabbitmq:4.0.9-management 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management-arm64-v8
docker push 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management-arm64-v8
docker inspect 77d88125053e | grep -A5 Architecture
docker inspect 5e283cfbf5e6 | grep -A5 Architecture
创建manifest:
docker manifest create --insecure 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management-arm64-v8 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management-amd64-x86
Created manifest list 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management添加manifest系统、架构等注释:
docker manifest annotate --arch arm64 --os linux --variant v8 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management-arm64-v8
docker manifest annotate 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management-amd64-x86 --arch amd64 --os linux推送manifest到Harbor仓库:
docker manifest push --insecure 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management
Manifest清单检查:
docker manifest inspect --insecure 192.168.123.240:8011/sdx/rabbitmq:4.0.9-management
不同架构系统测试拉取:
docker pull 192.168.123.240:8011/sdx/rabbitmq:4.0.9-managementx86 系统下:
Arm系统下:
3、sts部署文件
以下所有文件内 "{{}}" 包含的内容根据实际需要替换
3.1. headless-service.yaml
apiVersion: v1
kind: Service
metadata:
name: rabbitmq-headless
namespace: {{rabbitmq-clu-9}}
labels:
app: rabbitmq
spec:
clusterIP: None
ports:
- name: amqp
port: 5672
targetPort: 5672
- name: management
port: 15672
targetPort: 15672
- name: epmd
port: 4369
targetPort: 4369
- name: dist
port: 25672
targetPort: 25672
selector:
app: rabbitmq
publishNotReadyAddresses: true3.2. svc.yaml(可选)
kind: Service
apiVersion: v1
metadata:
namespace: {{rabbitmq-clu-9}}
name: rabbitmq-service
spec:
ports:
- name: http
protocol: TCP
port: 15672
nodePort: 30015
- name: amqp
protocol: TCP
port: 5672
targetPort: 5672
nodePort: 30016
selector:
app: rabbitmq
type: NodePort3.3. rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: rabbitmq
namespace: {{rabbitmq-clu-9}}
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: endpoint-reader
namespace: {{rabbitmq-clu-9}}
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: endpoint-reader
namespace: {{rabbitmq-clu-9}}
subjects:
- kind: ServiceAccount
name: rabbitmq
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: endpoint-reader3.4. sc.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: hostpath-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer3.5. pv.yaml
修改 {{node x}} 为kubectl get nodes 输出第一列NAME 的内容
Path路径和存储大小,根据实际业务自定义,本文存储大小只作为测试
apiVersion: v1
kind: PersistentVolume
metadata:
name: rabbitmq-clu-pv-0
spec:
capacity:
storage: {{2Gi}}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hostpath-storage
hostPath:
path: {{/data/rabbitmq-clu-pv-0}}
type: DirectoryOrCreate
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- {{node01}}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: rabbitmq-clu-pv-1
spec:
capacity:
storage: {{2Gi}}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hostpath-storage
hostPath:
path: {{/data/rabbitmq-clu-pv-1}}
type: DirectoryOrCreate
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- {{node02}}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: rabbitmq-clu-pv-2
spec:
capacity:
storage: {{2Gi}}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hostpath-storage
hostPath:
path: {{/data/rabbitmq-clu-pv-2}}
type: DirectoryOrCreate
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- {{node03}}3.6. secret.yaml
账号密码及cookie请自行定义,本文内容只作为测试
apiVersion: v1
kind: Secret
metadata:
name: rabbitmq-secret
namespace: {{rabbitmq-clu-9}}
type: Opaque
stringData:
rabbitmq-username: "{{admin}}"
rabbitmq-password: "{{admin123}}"
erlang-cookie: "{{ERLANG_COOKIE_VALUE}}"3.7. cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: rabbitmq-config
namespace: {{rabbitmq-clu-9}}
data:
enabled_plugins: |
[rabbitmq_management,rabbitmq_peer_discovery_k8s].
rabbitmq.conf: |
# 基础配置
listeners.tcp.default = 5672
# management.listener.port = 15672
# management.listener.ssl = false
# 定义了磁盘空间的绝对最低限制,当剩余空间低于此值时将触发警报并阻止消息生产
disk_free_limit.absolute = {{2GB}}
# 指定在 Kubernetes 环境中使用 RabbitMQ 自带的 K8s 对等发现后端
# cluster_formation.peer_discovery_backend = k8s
cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s
# K8s API 服务器地址
cluster_formation.k8s.host = {{kubernetes.default.svc.cluster.local}}
# 节点地址类型
cluster_formation.k8s.address_type = hostname
# 主机名后缀,格式:svc(headless)名.命令空间名.svc.cluster.local
cluster_formation.k8s.hostname_suffix = {{.rabbitmq-headless.rabbitmq-clu-9.svc.cluster.local}}
# 节点发现重试次数
cluster_formation.discovery_retry_limit = {{10}}
# 发现重试间隔(毫秒)
cluster_formation.discovery_retry_interval = {{3000}}
# 无头服务名称
cluster_formation.k8s.service_name = rabbitmq-headless
# 设定了检查并清理失效集群节点的间隔时间为 30 秒
cluster_formation.node_cleanup.interval = {{30}}
# 当检测到失效集群节点时, 系统会实际执行节点清理操作,从集群中移除失效节点
cluster_formation.node_cleanup.only_log_warning = false
# 该配置用于 ETCD 服务发现的 SSL/TLS 证书验证
# verify_none 表示禁用对 ETCD 服务器证书的验证, 通常用于内部信任的网络中
# cluster_formation.etcd.ssl_options.verify = verify_none
## Mnesia 数据库加载元数据时的超时时间和重试次数
# wait for 60 seconds instead of 30
mnesia_table_loading_retry_timeout = {{60000}}
# retry 15 times instead of 10
mnesia_table_loading_retry_limit = {{15}}
# 内存配置
# 将内存高水位线设置为总可用内存的 70%,超过此限制将触发流控
vm_memory_high_watermark.relative = {{0.7}}
# 高水位线内存分页比率
vm_memory_high_watermark_paging_ratio = {{0.6}}
# 总内存覆盖值,根据实际物理内存大小调整,参考sts的resources的limit内存配置建议小于等于
total_memory_available_override_value = {{8GB}}
# 日志配置
# 启用控制台日志
log.console = {{true}}
# 控制台日志级别
log.console.level = info
# 文件日志
log.file = rabbit.log
log.file.level = info
log.file.formatter.level_format = uc4
## 文件轮转大小和时间不能同时使用,二选一
# 文件轮转大小: 例: 100MiB, 大小值根据需要调整
# log.file.rotation.size = {{104857600}}
# 保留文件数
# log.file.rotation.count = {{7}}
# 是否压缩
# log.file.rotation.compress = {{true}}
# 文件轮转时间: 例: 下面配置每天0 点执行轮转值根据需要调整
log.file.rotation.date = $D{{0}}
# 保留天数
log.file.rotation.count = {{7}}
# 是否压缩
log.file.rotation.compress = {{true}}
# 临时启用调试日志,生产环境禁用
# log.connection.level = debug
# log.channel.level = debug
# log.queue.level = debug3.8. rabbitmq-sts.yaml
镜像地址、资源请求限制大小、存储模板资源请求大小请自行定义。
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: rabbitmq
namespace: {{rabbitmq-clu-9}}
labels:
app: rabbitmq
spec:
serviceName: rabbitmq-headless
replicas: 3
podManagementPolicy: "Parallel"
selector:
matchLabels:
app: rabbitmq
template:
metadata:
labels:
app: rabbitmq
spec:
terminationGracePeriodSeconds: 10
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- rabbitmq
topologyKey: kubernetes.io/hostname
serviceAccountName: rabbitmq
containers:
- name: rabbitmq
image: {{rabbitmq:4.0.9-management}}
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5672
name: amqp
- containerPort: 15672
name: http
resources:
limits:
cpu: "{{2}}"
memory: {{8Gi}}
requests:
cpu: "{{1}}"
memory: {{4Gi}}
env:
- name: RABBITMQ_USE_LONGNAME
value: "true"
- name: RABBITMQ_ERLANG_COOKIE
valueFrom:
secretKeyRef:
name: rabbitmq-secret
key: erlang-cookie
- name: RABBITMQ_DEFAULT_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secret
key: rabbitmq-username
- name: RABBITMQ_DEFAULT_PASS
valueFrom:
secretKeyRef:
name: rabbitmq-secret
key: rabbitmq-password
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
volumeMounts:
- name: config
mountPath: /etc/rabbitmq
- name: data
mountPath: /var/lib/rabbitmq
subPathExpr: $(POD_NAMESPACE)/rabbitmq
readOnly: false
- name: data
mountPath: /var/log/rabbitmq
subPathExpr: $(POD_NAMESPACE)/rabbitmq/logs/$(POD_NAME)
readOnly: false
readinessProbe:
tcpSocket:
port: 5672
initialDelaySeconds: 60
periodSeconds: 60
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 3
# livenessProbe:
# exec:
# command: ["rabbitmq-diagnostics", "ping"]
# initialDelaySeconds: 60
# periodSeconds: 30
volumes:
- name: config
configMap:
name: rabbitmq-config
items:
- key: rabbitmq.conf
path: rabbitmq.conf
- key: enabled_plugins
path: enabled_plugins
volumeClaimTemplates:
- metadata:
name: data
namespace: {{rabbitmq-clu-9}}
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{2000M}}
storageClassName: hostpath-storage