K8S部署skywalking9.3版本
skywalking集群情况下需要保证用同一数据源,这里我存储方式改为es
部署es集群
省略
安装包等镜像准备
安装包官网下载地址:Documentation | Apache SkyWalking
K8S部署
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: logging
name: skywalking-config
labels:
app: skywalking
data:
# #存储方式
SW_STORAGE: "elasticsearch"
SW_STORAGE_ES_CLUSTER_NODES: "elk-elasticsearch.logging.svc.cluster.local:9200"
SW_ES_USER: "elastic"
SW_ES_PASSWORD: "XXX"
#skywalking-oap监听端口
SW_OAP_ADDRESS: "http://skywalking-oap:12800"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: skywalking-oap
namespace: logging
labels:
app: skywalking-oap
spec:
replicas: 1
selector:
matchLabels:
app: skywalking-oap
template:
metadata:
labels:
app: skywalking-oap
spec:
containers:
- name: skywalking-oap
image: 10.194.24.53/k8s-component/apache/skywalking-oap-server:9.3.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 11800
name: grpc
- containerPort: 12800
name: rest
env:
- name: SW_STORAGE #存储方式
valueFrom:
configMapKeyRef:
key: SW_STORAGE
name: skywalking-config
- name: SW_STORAGE_ES_CLUSTER_NODES # es地址
valueFrom:
configMapKeyRef:
key: SW_STORAGE_ES_CLUSTER_NODES
name: skywalking-config
- name: SW_ES_USER
valueFrom:
configMapKeyRef:
key: SW_ES_USER
name: skywalking-config
- name: SW_ES_PASSWORD
valueFrom:
configMapKeyRef:
key: SW_ES_PASSWORD
name: skywalking-config
- name: TZ
value: Asia/Shanghai
- name: TIME_ZONE
value: Asia/Shanghai
resources:
limits:
cpu: '2'
memory: 4Gi
requests:
cpu: '1'
memory: 2Gi
volumeMounts:
- mountPath: /etc/localtime
name: localtime
volumes:
- name: localtime
hostPath:
path: /etc/localtime
---
apiVersion: v1
kind: Service
metadata:
name: skywalking-oap
namespace: logging
labels:
service: skywalking-oap
spec:
type: NodePort
ports:
- port: 12800
nodePort: 32800
name: rest
- port: 11800
nodePort: 31800
name: grpc
selector:
app: skywalking-oap
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: skywalking-ui
namespace: logging
labels:
app: skywalking-ui
spec:
replicas: 1
selector:
matchLabels:
app: skywalking-ui
template:
metadata:
labels:
app: skywalking-ui
spec:
containers:
- name: skywalking-ui
image: 10.194.24.53/k8s-component/apache/skywalking-ui:9.3.0
ports:
- containerPort: 8080
name: web
env:
- name: SW_OAP_ADDRESS
valueFrom:
configMapKeyRef:
key: SW_OAP_ADDRESS
name: skywalking-config
- name: TZ
value: Asia/Shanghai
- name: TIME_ZONE
value: Asia/Shanghai
resources:
limits:
cpu: '1'
memory: 2Gi
requests:
cpu: '1'
memory: 1Gi
volumeMounts:
- mountPath: /etc/localtime
name: localtime
volumes:
- name: localtime
hostPath:
path: /etc/localtime
---
apiVersion: v1
kind: Service
metadata:
name: skywalking-ui
namespace: logging
labels:
service: skywalking-ui
spec:
ports:
- port: 8080
name: web
nodePort: 33800
type: NodePort
selector:
app: skywalking-ui
验证
登录网页ip:33800,查看网页
增加访问限制
由于 skywalking 新版本不支持 Dashboard 访问增加账户密码,因此需要自行通过 nginx 的 access auth 来实现
创建Htpaswd加密
使用:htpasswd在线生成器生成后再使用base64进行进一步转化
在线工具:
- https://tool.oschina.net/encrypt?type=3 base64在线
- https://tool.oschina.net/htpasswd htpasswd在线
创建 Secret和Ingress
因为使用Ingress,因此把Service的NodePort去掉
apiVersion: v1
kind: Service
metadata:
name: skywalking-ui
namespace: logging
labels:
service: skywalking-ui
spec:
ports:
- port: 8080
name: web
# nodePort: 33800
# type: NodePort
selector:
app: skywalking-ui
---
apiVersion: v1
kind: Secret
metadata:
name: skywalking-ui-auth-secret-gzapps
namespace: logging
type: Opaque
data:
auth: Z3phcHBzOntTSEF9bzMzelphaGYzM0gyY3RvaHltbTlUZjdWemZJPQ==
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-skywalking-199604-com
namespace: logging
annotations:
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret-type: auth-file
nginx.ingress.kubernetes.io/auth-secret: skywalking-ui-auth-secret-gzapps
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required by gzapps'
labels:
app: web-skywalking-199604-com
spec:
rules:
- host: web.skywalking.199604.com
http:
paths:
- backend:
service:
name: skywalking-ui
port:
number: 8080
pathType: Prefix
path: /
配置完成打开域名验证即可。
java服务接入skywalking
省略,但需要强调的是,skywalking-agent会生成日志,如果使用容器挂载,强烈建议将日志外挂,避免容器越来越大。