#{ commentsCount } comment.
Kubernetes环境Dapr部署与应用
发布于2021-11-03
,全文约1689
字,阅读时间约4
分钟。
更新记录¶
-
2021-11-20
Dapr
版本由v1.4.3
更新至v1.5.0
;
-
2022-04-30
Dapr
版本由v1.5.0
更新至v1.7.2
;Redis
版本由v6.2.6
更新至v7.0.0
;
-
2022-05-20
Dapr
版本由v1.7.2
更新至v1.7.3
;
-
2022-06-23
Dapr
版本由v1.7.3
更新至v1.7.4
;Redis
版本由v7.0.0
更新至v7.0.2
;
-
2022-07-09
Dapr
版本由v1.7.4
更新至v1.8.0
;
-
2022-07-24
Dapr
版本由v1.8.0
更新至v1.8.2
;
概述¶
本文用于整理基于Kubernetes环境的Dapr部署与应用,并基于Redis部署状态管理和发布/订阅组件。
本次演练环境为Kubernetes
集群环境,环境配置可参考笔者另一篇笔记《Kubernetes集群部署笔记》。
组件版本¶
配置过程¶
部署Dapr运行时¶
-
1helm repo add dapr https://dapr.github.io/helm-charts 2helm repo update
-
安装运行时组件
本次演练中将
Dapr
安装至dapr-system
命名空间,可根据需要替换。1# global.ha.enabled=true 将Dapr控制平面配置为高可用模式 2# global.ha.replicaCount=3 设置高可用模式下Dapr控制平面的副本数 3helm upgrade --install \ 4 --namespace dapr-system \ 5 --create-namespace \ 6 --set global.ha.enabled=true \ 7 --set global.ha.replicaCount=3 \ 8 dapr dapr/dapr
配置Dapr Dashboard(可选)¶
本次演练使用Traefik作为Ingress Controller实现,环境配置可参考笔者另一篇笔记《Kubernetes环境Traefik部署与应用》。
-
创建TLS证书Secret
从已准备好的证书
key
文件和crt
文件创建Secret
。1kubectl create secret tls local-choral-io-tls -n dapr-system --key=local.choral.io.key --cert=local.choral.io.crt
-
配置BasicAuth认证
首先,创建一个用于保存用户名和密码的
Secret
,其中的users
字段内容可使用htpassword
工具生成。本次演练中,认证username
和password
都是admin
。1cat <<EOF | kubectl apply -f - 2apiVersion: v1 3kind: Secret 4metadata: 5 name: dapr-basicauth-secret 6 namespace: dapr-system 7data: 8 users: |2 # htpasswd -nb admin admin | openssl base64 9 YWRtaW46e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9Cg== 10EOF
创建一个
Traefik
中间件,用于对请求启用BasicAuth
认证。1cat <<EOF | kubectl apply -f - 2apiVersion: traefik.containo.us/v1alpha1 3kind: Middleware 4metadata: 5 name: dapr-basicauth 6 namespace: dapr-system 7spec: 8 basicAuth: 9 realm: traefik.local.choral.io 10 secret: dapr-basicauth-secret 11EOF
-
配置
dapr-dashboard
服务的入口规则使用IngressRoute配置入口规则。
1cat <<EOF | kubectl apply -f - 2apiVersion: traefik.containo.us/v1alpha1 3kind: IngressRoute 4metadata: 5 name: dapr-dashboard 6 namespace: dapr-system 7spec: 8 entryPoints: 9 - websecure 10 routes: 11 - match: Host(\`dapr.local.choral.io\`) 12 kind: Rule 13 services: 14 - name: dapr-dashboard 15 kind: Service 16 port: 8080 17 middlewares: 18 - name: dapr-basicauth 19 tls: 20 secretName: local-choral-io-tls 21EOF
部署Redis实例¶
首先,部署一个用于演练的Redis实例。由于需要使用Redis Streams功能,要求Redis实例版本高于5.0.0
。
该实例仅用于演练环境,不可用于生产环境。
-
部署Redis实例(可选)
本次演练中将
Redis
实例部署至data-choral
命名空间,可根据需要替换。1cat <<EOF | kubectl apply -f - 2apiVersion: v1 3kind: Namespace 4metadata: 5 name: data-choral 6--- 7apiVersion: v1 8kind: PersistentVolumeClaim 9metadata: 10 name: redis-data 11 namespace: data-choral 12spec: 13 storageClassName: local-path 14 accessModes: 15 - ReadWriteOnce 16 resources: 17 requests: 18 storage: 2Gi 19--- 20apiVersion: apps/v1 21kind: Deployment 22metadata: 23 name: redis 24 namespace: data-choral 25spec: 26 selector: 27 matchLabels: 28 app: redis 29 strategy: 30 type: Recreate 31 template: 32 metadata: 33 labels: 34 app: redis 35 spec: 36 containers: 37 - image: redis:7.0.2-alpine 38 name: redis 39 ports: 40 - containerPort: 6379 41 name: redis 42 volumeMounts: 43 - name: redis-persistent-storage 44 mountPath: /data 45 resources: 46 limits: 47 memory: 512Mi 48 cpu: 200m 49 volumes: 50 - name: redis-persistent-storage 51 persistentVolumeClaim: 52 claimName: redis-data 53--- 54apiVersion: v1 55kind: Service 56metadata: 57 name: redis-headless 58 namespace: data-choral 59spec: 60 type: ClusterIP 61 clusterIP: None 62 selector: 63 app: redis 64 ports: 65 - port: 6379 66EOF
创建Dapr组件¶
-
创建状态管理组件
1cat <<EOF | kubectl apply -f - 2apiVersion: dapr.io/v1alpha1 3kind: Component 4metadata: 5 name: pubsub 6 namespace: apps-choral 7spec: 8 type: pubsub.redis 9 version: v1 10 metadata: 11 - name: redisHost 12 value: redis-headless.data-choral:6379 13 - name: redisPassword 14 value: "" 15 - name: redisDB 16 value: 9 17EOF
-
创建发布/订阅组件
1cat <<EOF | kubectl apply -f - 2apiVersion: dapr.io/v1alpha1 3kind: Component 4metadata: 5 name: statestore 6 namespace: apps-choral 7spec: 8 type: state.redis 9 version: v1 10 metadata: 11 - name: redisHost 12 value: redis-headless.data-choral:6379 13 - name: redisPassword 14 value: "" 15 - name: redisDB 16 value: 9 17EOF
验证组件状态¶
-
创建示例应用
1cat <<EOF | kubectl apply -f - 2apiVersion: apps/v1 3kind: Deployment 4metadata: 5 name: dapr-demo 6 namespace: apps-choral 7spec: 8 selector: 9 matchLabels: 10 app: dapr-demo 11 strategy: 12 type: Recreate 13 replicas: 1 14 template: 15 metadata: 16 labels: 17 app: dapr-demo 18 annotations: 19 dapr.io/enabled: "true" # 启用Dapr集成 20 dapr.io/app-id: "dapr-demo" # Dapr应用标识 21 dapr.io/app-port: "80" # 应用访问端口 22 spec: 23 containers: 24 - image: nginx:1.21.6-alpine 25 imagePullPolicy: IfNotPresent 26 name: dapr-demo 27 ports: 28 - containerPort: 80 29 resources: 30 limits: 31 memory: 128Mi 32 cpu: 200m 33EOF
打开示例应用Shell。本节中所有命令需要在示例应用的Shell中执行。
1kubectl exec -it $(kubectl get pods -n apps-choral --selector=app=dapr-demo -o jsonpath="{.items[0].metadata.name}") -n apps-choral -- sh
-
1# 访问健康检查端点 2curl http://localhost:3500/v1.0/healthz -w "%{http_code}\n" 3# 204 4 5# 访问获取元数据端点 6curl http://localhost:3500/v1.0/metadata -w "\n" 7# {"id":"dapr-demo","actors":[],"extended":{},"components":[{"name":"pubsub","type":"pubsub.redis","version":"v1"},{"name":"statestore","type":"state.redis","version":"v1"}]}
-
验证状态管理组件
1# 保存一组状态 2curl -X POST http://localhost:3500/v1.0/state/statestore -H "Content-Type: application/json" -d '[{ "key": "counter", "value": 1, "etag": "1" }]' 3 4# 读取某个状态 5curl http://localhost:3500/v1.0/state/statestore/counter -H "Content-Type: application/json" -v -w "\n" 6# < Etag: 1 7# 1 8 9# 删除某个状态 10curl -X DELETE -H "If-Match: 1" http://localhost:3500/v1.0/state/statestore/counter
-
验证发布/订阅组件
1curl -X POST http://localhost:3500/v1.0/publish/pubsub/orderStatus -H "Content-Type: application/json" -d '{"id": 1, "status": "completed"}' -w "%{http_code}\n" 2# 204