kubernetes部署redis高可用-哨兵模式

  sre

DTKuKe.jpg

ns

apiVersion: v1
kind: Namespace
metadata:
  name: test

ConfigMap redis

apiVersion: v1
kind: ConfigMap
metadata:
  name: redis-configmap
  labels:
    app: redis
data:
  redis.conf: |
    dir "/data"
    maxmemory 0
    maxmemory-policy volatile-lru
    min-slaves-max-lag 5
    min-slaves-to-write 1
    rdbchecksum yes
    rdbcompression yes
    repl-diskless-sync yes
    save 900 1

  sentinel.conf: |
    dir "/data"
    sentinel down-after-milliseconds mymaster 10000
    sentinel failover-timeout mymaster 180000
    sentinel parallel-syncs mymaster 5

  init.sh: |
    HOSTNAME="(hostname)"
    INDEX="{HOSTNAME##*-}"
    MASTER="(redis-cli -h redis -p 26379 sentinel get-master-addr-by-name mymaster | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
    MASTER_GROUP="mymaster"
    QUORUM="2"
    REDIS_CONF=/data/conf/redis.conf
    REDIS_PORT=6379
    SENTINEL_CONF=/data/conf/sentinel.conf
    SENTINEL_PORT=26379
    SERVICE=redis-headless
    set -eu

    sentinel_update() {
        echo "Updating sentinel config"
        eval MY_SENTINEL_ID="\${SENTINEL_ID_INDEX}"
        sed -i "1s/^/sentinel myid MY_SENTINEL_ID\\n/" "SENTINEL_CONF"
        sed -i "2s/^/sentinel monitor MASTER_GROUP1 REDIS_PORTQUORUM \\n/" "SENTINEL_CONF"
        echo "sentinel announce-ipANNOUNCE_IP" >> SENTINEL_CONF
        echo "sentinel announce-portSENTINEL_PORT" >> SENTINEL_CONF
    }

    redis_update() {
        echo "Updating redis config"
        echo "slaveof1 REDIS_PORT" >> "REDIS_CONF"
        echo "slave-announce-ip ANNOUNCE_IP" >>REDIS_CONF
        echo "slave-announce-port REDIS_PORT" >>REDIS_CONF
    }

    copy_config() {
        cp /readonly-config/redis.conf "REDIS_CONF"
        cp /readonly-config/sentinel.conf "SENTINEL_CONF"
    }

    setup_defaults() {
        echo "Setting up defaults"
        if [ "INDEX" = "0" ]; then
            echo "Setting this pod as the default master"
            redis_update "ANNOUNCE_IP"
            sentinel_update "ANNOUNCE_IP"
            sed -i "s/^.*slaveof.*//" "REDIS_CONF"
        else
            DEFAULT_MASTER="(getent hosts "redis-0.SERVICE" | awk '{ print 1 }')"
            if [ -z "DEFAULT_MASTER" ]; then
                echo "Unable to resolve host"
                exit 1
            fi
            echo "Setting default slave config.."
            redis_update "DEFAULT_MASTER"
            sentinel_update "DEFAULT_MASTER"
        fi
    }

    find_master() {
        echo "Attempting to find master"
        if [ "(redis-cli -h "MASTER" ping)" != "PONG" ]; then
           echo "Can't ping master, attempting to force failover"
           if redis-cli -h "SERVICE" -p "SENTINEL_PORT" sentinel failover "MASTER_GROUP" | grep -q 'NOGOODSLAVE' ; then               setup_defaults
               return 0
           fi
           sleep 10
           MASTER="(redis-cli -h SERVICE -pSENTINEL_PORT sentinel get-master-addr-by-name MASTER_GROUP | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
           if [ "MASTER" ]; then
               sentinel_update "MASTER"
               redis_update "MASTER"
           else
              echo "Could not failover, exiting..."
              exit 1
           fi
        else
            echo "Found reachable master, updating config"
            sentinel_update "MASTER"
            redis_update "MASTER"
        fi
    }

    mkdir -p /data/conf/

    echo "Initializing config.."
    copy_config

    ANNOUNCE_IP=(getent hosts "redis-INDEX.SERVICE" | awk '{ print1 }')
    if [ -z "ANNOUNCE_IP" ]; then
        "Could not resolve the announce ip for this pod"
        exit 1
    elif [ "MASTER" ]; then
        find_master
    else
        setup_defaults
    fi

    if [ "{AUTH:-}" ]; then
        echo "Setting auth values"
        ESCAPED_AUTH=(echo "AUTH" | sed -e 's/[\/&]/\\&/g');
        sed -i "s/replace-default-auth/{ESCAPED_AUTH}/" "REDIS_CONF" "SENTINEL_CONF"
    fi

    echo "Ready..."

ConfigMap probes

apiVersion: v1
kind: ConfigMap
metadata:
  name: redis-probes
  labels:
    app: redis
data:
  check-quorum.sh: |
    #!/bin/sh
    set -eu
    MASTER_GROUP="mymaster"
    SENTINEL_PORT=26379
    REDIS_PORT=6379
    NUM_SLAVES=(redis-cli -p "SENTINEL_PORT" sentinel master mymaster | awk '/num-slaves/{getline; print}')
    MIN_SLAVES=1

    if [ "1" = "SENTINEL_PORT" ]; then
        if redis-cli -p "SENTINEL_PORT" sentinel ckquorum "MASTER_GROUP" | grep -q NOQUORUM ; then
            echo "ERROR: NOQUORUM. Sentinel quorum check failed, not enough sentinels found"
            exit 1
        fi
    elif [ "1" = "REDIS_PORT" ]; then
        if [ "MIN_SLAVES" -gt "NUM_SLAVES" ]; then
            echo "Could not find enough replicating slaves. Needed MIN_SLAVES but foundNUM_SLAVES"
            exit 1
        fi
    fi
    sh /probes/readiness.sh "1"

  readiness.sh: |
    #!/bin/sh
    set -eu
    CHECK_SERVER="(redis-cli -p "1" ping)"

    if [ "CHECK_SERVER" != "PONG" ]; then
        echo "Server check failed with: $CHECK_SERVER"
        exit 1
    fi

ServiceAccount Role RoleBinding

apiVersion: v1
kind: ServiceAccount
metadata:
  name: redis
  labels:
    app: redis

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: redis
  labels:
    app: redis
rules:
- apiGroups:
    - ""
  resources:
    - endpoints
  verbs:
    - get

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: redis
  labels:
    app: redis
subjects:
- kind: ServiceAccount
  name: redis
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: redis

Service

apiVersion: v1
kind: Service
metadata:
  name: redis-headless
  labels:
    app: redis-ha
  annotations:
    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
spec:
  publishNotReadyAddresses: true
  type: ClusterIP
  clusterIP: None
  ports:
  - name: server
    port: 6379
    protocol: TCP
    targetPort: redis
  - name: sentinel
    port: 26379
    protocol: TCP
    targetPort: sentinel
  selector:
    app: redis-ha

---
apiVersion: v1
kind: Service
metadata:
  name: redis
  labels:
    app: redis-ha
  annotations:
spec:
  type: ClusterIP
  ports:
  - name: server
    port: 6379
    protocol: TCP
    targetPort: redis
  - name: sentinel
    port: 26379
    protocol: TCP
    targetPort: sentinel
  selector:
    app: redis-ha

StatefulSet

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: redis
  labels:
    app: redis-ha
spec:
  selector:
    matchLabels:
      app: redis-ha
  serviceName: redis-headless
  replicas: 3
  podManagementPolicy: OrderedReady
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: redis-ha
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app: redis-ha
              topologyKey: kubernetes.io/hostname
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app:  redis-ha
                topologyKey: failure-domain.beta.kubernetes.io/zone

      securityContext:
        fsGroup: 1000
        runAsNonRoot: true
        runAsUser: 1000

      serviceAccountName: redis
      initContainers:
      - name: config-init
        image: redis:5.0.3-alpine
        imagePullPolicy: IfNotPresent
        resources:
          {}

        command:
        - sh
        args:
        - /readonly-config/init.sh
        env:
        - name: SENTINEL_ID_0
          value: 0c09a3866dba0f3b43ef2e383b5dc05980900fd8

        - name: SENTINEL_ID_1
          value: e6be0f70406122877338f7c814b17a7c7b648d82

        - name: SENTINEL_ID_2
          value: 31f8f52b34feaddcabdd6bf1827aeb02be44d2e3

        volumeMounts:
        - name: config
          mountPath: /readonly-config
          readOnly: true
        - name: data
          mountPath: /data
      containers:
      - name: redis
        image: redis:5.0.3-alpine
        imagePullPolicy: IfNotPresent
        command:
        - redis-server
        args:
        - /data/conf/redis.conf
        livenessProbe:
          exec:
            command: [ "sh", "/probes/readiness.sh", "6379"]
          initialDelaySeconds: 15
          periodSeconds: 5
        readinessProbe:
          exec:
            command: ["sh", "/probes/readiness.sh", "6379"]
          initialDelaySeconds: 15
          periodSeconds: 5
        resources:
          {}

        ports:
        - name: redis
          containerPort: 6379
        volumeMounts:
        - mountPath: /data
          name: data
        - mountPath: /probes
          name: probes
      - name: sentinel
        image: redis:5.0.3-alpine
        imagePullPolicy: IfNotPresent
        command:
          - redis-sentinel
        args:
          - /data/conf/sentinel.conf
        livenessProbe:
          exec:
            command: [ "sh", "/probes/readiness.sh", "26379"]
          initialDelaySeconds: 15
          periodSeconds: 5
        readinessProbe:
          exec:
            command: ["sh", "/probes/readiness.sh", "26379"]
          initialDelaySeconds: 15
          periodSeconds: 5
        resources:
          {}

        ports:
          - name: sentinel
            containerPort: 26379
        volumeMounts:
        - mountPath: /data
          name: data
        - mountPath: /probes
          name: probes
      volumes:
      - name: config
        configMap:
          name: redis-configmap
      - name: probes
        configMap:
          name: redis-probes
  volumeClaimTemplates:
  - metadata:
      name: data
      annotations:
    spec:
      accessModes:
        - "ReadWriteOnce"
      resources:
        requests:
          storage: "5Gi"
      storageClassName: nfs

LEAVE A COMMENT

Captcha Code