携程Apollo配置管理中心部署
代码显示有问题,需要的去GitHub看post
遇到的问题:
- mysql数据库需要先进行初始化
- service的名字是 apollo-service-apollo-adminservice、apollo-service-apollo-configservice;配置metaserver时需要注意
- 接入active directory后,默认的超级管理员apollo会被禁用,需要在数据库的ServerConfig表中更新 superAdmin的值,添加新的管理员。
- 记得更新value.yaml中的configdb.host为mysql的service的name即可(coreDNS内部解析)
helm chart
Apollo service
- value.yaml
configdb:
name: apollo-configdb
# apolloconfigdb host
host: "apollo-configdb"
port: 3306
dbName: ApolloConfigDB
# apolloconfigdb user name
userName: "ApolloConfigDB"
# apolloconfigdb password
password: "password"
connectionStringProperties: characterEncoding=utf8&useSSL=false
service:
# whether to create a Service for this host or not
enabled: false
fullNameOverride: ""
port: 3306
type: ClusterIP
configService:
name: apollo-configservice
fullNameOverride: ""
replicaCount: 1
containerPort: 8080
image:
repository: apolloconfig/apollo-configservice
pullPolicy: IfNotPresent
imagePullSecrets: []
service:
fullNameOverride: ""
port: 8080
targetPort: 8080
type: ClusterIP
liveness:
initialDelaySeconds: 100
periodSeconds: 10
readiness:
initialDelaySeconds: 30
periodSeconds: 5
config:
# spring profiles to activate
profiles: "github,kubernetes"
# override apollo.config-service.url: config service url to be accessed by apollo-client
configServiceUrlOverride: ""
# override apollo.admin-service.url: admin service url to be accessed by apollo-portal
adminServiceUrlOverride: ""
# environment variables passed to the container, e.g. JAVA_OPTS
env: {}
strategy: {
JAVA_OPTS: -Duser.timezone=Asia/Shanghai
}
resources: {}
nodeSelector: {
atlassian: crucible
}
tolerations: []
affinity: {}
adminService:
name: apollo-adminservice
fullNameOverride: ""
replicaCount: 1
containerPort: 8090
image:
repository: apolloconfig/apollo-adminservice
pullPolicy: IfNotPresent
imagePullSecrets: []
service:
fullNameOverride: ""
port: 8090
targetPort: 8090
type: ClusterIP
liveness:
initialDelaySeconds: 100
periodSeconds: 10
readiness:
initialDelaySeconds: 30
periodSeconds: 5
config:
# spring profiles to activate
profiles: "github,kubernetes"
# environment variables passed to the container, e.g. JAVA_OPTS
env: {
JAVA_OPTS: -Duser.timezone=Asia/Shanghai
}
strategy: {}
resources: {}
nodeSelector: {
atlassian: crucible
}
tolerations: []
affinity: {}
- templates/apolloservicegateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: apollo-service-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- hosts:
- "apollo.config.hyxfjr.com"
port:
name: tcp
number: 80
protocol: TCP
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: apollo-service-vs
spec:
hosts:
- "config.hyxfjr.com"
gateways:
- apollo-service-gateway
tcp:
- match:
- port: 80
route:
- destination:
host: apollo-configservice
port:
number: 8090
- templates/deployment-adminservice.yaml
# configmap for apollo-adminservice
kind: ConfigMap
apiVersion: v1
metadata:
name:
data:
application-github.properties: |
spring.datasource.url = jdbc:mysql://:/?
spring.datasource.username =
spring.datasource.password =
---
kind: Deployment
apiVersion: apps/v1
metadata:
name:
labels:
spec:
replicas:
selector:
matchLabels:
app:
strategy:
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
labels:
app:
spec:
imagePullSecrets:
volumes:
- name: volume-configmap-
configMap:
name:
items:
- key: application-github.properties
path: application-github.properties
defaultMode: 420
containers:
- name:
image: ":"
imagePullPolicy:
ports:
- name: http
containerPort:
protocol: TCP
env:
- name: SPRING_PROFILES_ACTIVE
value:
- name:
value:
volumeMounts:
- name: volume-configmap-
mountPath: /apollo-adminservice/config/application-github.properties
subPath: application-github.properties
livenessProbe:
tcpSocket:
port:
initialDelaySeconds:
periodSeconds:
readinessProbe:
httpGet:
path: /health
port:
initialDelaySeconds:
periodSeconds:
resources:
nodeSelector:
affinity:
tolerations:
- templates/deployment-configservice.yaml
# configmap for apollo-configservice
kind: ConfigMap
apiVersion: v1
metadata:
name:
data:
application-github.properties: |
spring.datasource.url = jdbc:mysql://:/?
spring.datasource.username =
spring.datasource.password =
apollo.config-service.url =
apollo.admin-service.url =
---
kind: Deployment
apiVersion: apps/v1
metadata:
name:
labels:
spec:
replicas:
selector:
matchLabels:
app:
strategy:
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
labels:
app:
spec:
imagePullSecrets:
volumes:
- name: volume-configmap-
configMap:
name:
items:
- key: application-github.properties
path: application-github.properties
defaultMode: 420
containers:
- name:
image: ":"
imagePullPolicy:
ports:
- name: http
containerPort:
protocol: TCP
env:
- name: SPRING_PROFILES_ACTIVE
value:
- name:
value:
volumeMounts:
- name: volume-configmap-
mountPath: /apollo-configservice/config/application-github.properties
subPath: application-github.properties
livenessProbe:
tcpSocket:
port:
initialDelaySeconds:
periodSeconds:
readinessProbe:
httpGet:
path: /health
port:
initialDelaySeconds:
periodSeconds:
resources:
nodeSelector:
affinity:
tolerations:
- templates/service-adminservice.yaml
kind: Service
apiVersion: v1
metadata:
name:
labels:
spec:
type:
ports:
- name: http
protocol: TCP
port:
targetPort:
selector:
app:
- templates/service-configservice.yaml
kind: Service
apiVersion: v1
metadata:
name:
labels:
spec:
type:
ports:
- name: http
protocol: TCP
port:
targetPort:
selector:
app:
- 删除不用 templates/service-configdb.yaml
Apollo portal
- value.yaml
name: apollo-portal
fullNameOverride: ""
replicaCount: 1
containerPort: 8070
image:
repository: apolloconfig/apollo-portal
pullPolicy: IfNotPresent
imagePullSecrets: []
service:
fullNameOverride: ""
port: 8070
targetPort: 8070
type: ClusterIP
sessionAffinity: ClientIP
ingress:
enabled: false
annotations: {}
hosts:
- host: ""
paths: []
tls: []
liveness:
initialDelaySeconds: 100
periodSeconds: 10
readiness:
initialDelaySeconds: 30
periodSeconds: 5
# environment variables passed to the container, e.g. JAVA_OPTS
env: {}
strategy: {}
resources: {}
nodeSelector: {
atlassian: crucible
}
tolerations: []
affinity: {}
config:
# spring profiles to activate
profiles: "github,ldap"
# specify the env names, e.g. dev,pro
envs: "dev"
# specify the meta servers, e.g.
# dev: http://apollo-configservice-dev:8080
# pro: http://apollo-configservice-pro:8080
metaServers: {
dev: "http://apollo-service-apollo-configservice:8080"
}
# specify the context path, e.g. /apollo
contextPath: ""
# extra config files for apollo-portal, e.g. application-ldap.yml
# MS active directory config
files:
application-ldap.yml: |
spring:
ldap:
base: "dc=domain,dc=com"
username: "adname"
password: "password"
searchFilter: "(sAMAccountName={0})"
urls:
- "ldap://yourtIP:389"
ldap:
mapping:
objectClass: "user"
loginId: "sAMAccountName"
userDisplayName: "displayName"
email: "mail"
portaldb:
name: apollo-portaldb
# apolloportaldb host
host: apollo-portaldb
port: 3306
dbName: ApolloPortalDB
# apolloportaldb user name
userName: ApolloPortalDB
# apolloportaldb password
password: password
connectionStringProperties: characterEncoding=utf8&useSSL=false
service:
# whether to create a Service for this host or not
enabled: false
fullNameOverride: ""
port: 3306
type: ClusterIP
- templates/apolloportalgateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: apollo-portal-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "apollo.hyxfjr.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: apollo-portal-vs
spec:
hosts:
- "apollo.hyxfjr.com"
gateways:
- apollo-portal-gateway
http:
- match:
- port: 80
route:
- destination:
host: apollo-portal
port:
number: 8070
- templates/deployment-portal.yaml
# configmap for apollo-portal
kind: ConfigMap
apiVersion: v1
metadata:
name:
data:
application-github.properties: |
spring.datasource.url = jdbc:mysql://:/?
spring.datasource.username =
spring.datasource.password =
apollo.portal.envs =
server.servlet.context-path =
apollo-env.properties: |
.meta =
: |
<!-- Post Header -->
<header class="intro-header" style="background-image: url('/img/post-bg-02.jpg')">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2 col-md-10 col-md-offset-1">
<div class="post-heading">
<h1>grafana admin password</h1>
<h2 class="subheading">grafana 7.1.5</h2>
<span class="meta">Posted by Dongyupu on September 2, 2020</span>
</div>
</div>
</div>
</div>
</header>
<!-- Post Content -->
<article>
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2 col-md-10 col-md-offset-1">
<h3 id="istio-grafana-deployment">istio grafana deployment</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apiVersion: apps/v1beta2
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "4"
creationTimestamp: "2019-09-04T07:42:40Z"
generation: 4
labels:
app: grafana
chart: grafana
heritage: Tiller
release: istio
name: grafana
namespace: istio-system
resourceVersion: "77338379"
selfLink: /apis/apps/v1beta2/namespaces/istio-system/deployments/grafana
uid: 92f16829-cee7-11e9-8dc2-5254006b5d25
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: grafana
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
prometheus.io/scrape: "true"
sidecar.istio.io/inject: "false"
creationTimestamp: null
labels:
app: grafana
chart: grafana
heritage: Tiller
release: istio
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- env:
- name: GRAFANA_PORT
value: "3000"
- name: GF_AUTH_BASIC_ENABLED
value: "false"
- name: GF_AUTH_ANONYMOUS_ENABLED
value: "true"
- name: GF_AUTH_ANONYMOUS_ORG_ROLE
value: Admin
- name: GF_PATHS_DATA
value: /data/grafana
image: grafana/grafana:7.1.5
imagePullPolicy: IfNotPresent
name: grafana
ports:
- containerPort: 3000
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /login
port: 3000
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 10m
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/lib/grafana/plugins
name: plugins
- mountPath: /data/grafana
name: data
- mountPath: /var/lib/grafana/dashboards/istio/galley-dashboard.json
name: dashboards-istio-galley-dashboard
readOnly: true
subPath: galley-dashboard.json
- mountPath: /var/lib/grafana/dashboards/istio/istio-mesh-dashboard.json
name: dashboards-istio-istio-mesh-dashboard
readOnly: true
subPath: istio-mesh-dashboard.json
- mountPath: /var/lib/grafana/dashboards/istio/istio-performance-dashboard.json
name: dashboards-istio-istio-performance-dashboard
readOnly: true
subPath: istio-performance-dashboard.json
- mountPath: /var/lib/grafana/dashboards/istio/istio-service-dashboard.json
name: dashboards-istio-istio-service-dashboard
readOnly: true
subPath: istio-service-dashboard.json
- mountPath: /var/lib/grafana/dashboards/istio/istio-workload-dashboard.json
name: dashboards-istio-istio-workload-dashboard
readOnly: true
subPath: istio-workload-dashboard.json
- mountPath: /var/lib/grafana/dashboards/istio/mixer-dashboard.json
name: dashboards-istio-mixer-dashboard
readOnly: true
subPath: mixer-dashboard.json
- mountPath: /var/lib/grafana/dashboards/istio/pilot-dashboard.json
name: dashboards-istio-pilot-dashboard
readOnly: true
subPath: pilot-dashboard.json
- mountPath: /etc/grafana/provisioning/datasources/datasources.yaml
name: config
subPath: datasources.yaml
- mountPath: /etc/grafana/provisioning/dashboards/dashboardproviders.yaml
name: config
subPath: dashboardproviders.yaml
dnsPolicy: ClusterFirst
nodeSelector:
apps: istio
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 472
runAsUser: 472
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
name: istio-grafana
name: config
# 挂载NFS盘 data和plugins
- name: data
nfs:
path: /istio/grafana/data
server: 172.16.131.173
- name: plugins
nfs:
path: /istio/grafana/plugins
server: 172.16.131.173
- configMap:
defaultMode: 420
name: istio-grafana-configuration-dashboards-galley-dashboard
name: dashboards-istio-galley-dashboard
- configMap:
defaultMode: 420
name: istio-grafana-configuration-dashboards-istio-mesh-dashboard
name: dashboards-istio-istio-mesh-dashboard
- configMap:
defaultMode: 420
name: istio-grafana-configuration-dashboards-istio-performance-dashboard
name: dashboards-istio-istio-performance-dashboard
- configMap:
defaultMode: 420
name: istio-grafana-configuration-dashboards-istio-service-dashboard
name: dashboards-istio-istio-service-dashboard
- configMap:
defaultMode: 420
name: istio-grafana-configuration-dashboards-istio-workload-dashboard
name: dashboards-istio-istio-workload-dashboard
- configMap:
defaultMode: 420
name: istio-grafana-configuration-dashboards-mixer-dashboard
name: dashboards-istio-mixer-dashboard
- configMap:
defaultMode: 420
name: istio-grafana-configuration-dashboards-pilot-dashboard
name: dashboards-istio-pilot-dashboard
status:
availableReplicas: 1
conditions:
- lastTransitionTime: "2019-09-04T07:42:52Z"
lastUpdateTime: "2019-09-04T07:42:52Z"
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
- lastTransitionTime: "2019-09-04T07:42:41Z"
lastUpdateTime: "2020-09-03T06:06:29Z"
message: ReplicaSet "grafana-694cd96bb8" has successfully progressed.
reason: NewReplicaSetAvailable
status: "True"
type: Progressing
observedGeneration: 4
readyReplicas: 1
replicas: 1
updatedReplicas: 1
</code></pre></div></div>
<ul>
<li>
<p>登录,默认的用户名密码为 <code class="language-plaintext highlighter-rouge">admin/admin</code> ,登录成功会要求你设置新的密码。</p>
</li>
<li>
<p>如上,istio中部署grafana时指定了<code class="language-plaintext highlighter-rouge">GF_PATHS_DATA</code>值。grafana.db存储在这个位置。</p>
</li>
</ul>
<hr>
<ul class="pager">
<li class="previous">
<a href="/2020/08/27/artifactory-docker-registry-login-faile/" data-toggle="tooltip" data-placement="top" title="Jfrog Artifactory docker registry login failed">← Previous Post</a>
</li>
<li class="next">
<a href="/2020/09/03/ctripcorp-apollo-helm-istio-config/" data-toggle="tooltip" data-placement="top" title="ctripcorp apollo deploy on k8s">Next Post →</a>
</li>
<!-- 多说评论框 start 2016.1.5 PM 15:11 -->
<div class="ds-thread" data-thread-key="/2020/09/02/grafana-for-istio-admin-password" data-title="grafana admin password" data-url="https://dongyupu.github.io//2020/09/02/grafana-for-istio-admin-password/"></div>
<!-- 多说评论框 end -->
<!-- 多说公共JS代码 start (一个网页只需插入一次) -->
<script type="text/javascript">
var duoshuoQuery = {short_name:"yupu"};
(function() {
var ds = document.createElement('script');
ds.type = 'text/javascript';ds.async = true;
ds.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') + '//static.duoshuo.com/embed.js';
ds.charset = 'UTF-8';
(document.getElementsByTagName('head')[0]
|| document.getElementsByTagName('body')[0]).appendChild(ds);
})();
</script>
<!-- 多说公共JS代码 end -->
</ul>
</div>
</div>
</div>
</article>
<!--高速版sohu畅言 2016.1.5 要求备案信息无法使用了>
<div id="SOHUCS"></div>
<script charset="utf-8" type="text/javascript" src="http://changyan.sohu.com/upload/changyan.js" ></script>
<script type="text/javascript">
window.changyan.api.config({
appid: 'cys866EWk',
conf: 'prod_e30e8ab6272cd1277ff54684c4fbcf8c'
});
</script-->
<hr>
---
kind: Deployment
apiVersion: apps/v1
metadata:
name:
labels:
spec:
replicas:
selector:
matchLabels:
app:
strategy:
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
labels:
app:
spec:
hostAliases:
- hostnames:
- "domain.com"
ip: "your ms ad ip if you can't access your URL domain.com"
imagePullSecrets:
volumes:
- name: configmap-
configMap:
name:
items:
- key: application-github.properties
path: application-github.properties
- key: apollo-env.properties
path: apollo-env.properties
- key:
path:
defaultMode: 420
containers:
- name:
image: ":"
imagePullPolicy:
ports:
- name: http
containerPort:
protocol: TCP
env:
- name: SPRING_PROFILES_ACTIVE
value:
- name:
value:
volumeMounts:
- name: configmap-
mountPath: /apollo-portal/config/application-github.properties
subPath: application-github.properties
- name: configmap-
mountPath: /apollo-portal/config/apollo-env.properties
subPath: apollo-env.properties
- name: configmap-
mountPath: /apollo-portal/config/
subPath:
livenessProbe:
tcpSocket:
port:
initialDelaySeconds:
periodSeconds:
readinessProbe:
httpGet:
path: /health
port:
initialDelaySeconds:
periodSeconds:
resources:
nodeSelector:
affinity:
tolerations:
- templates/service-portal.yaml
kind: Service
apiVersion: v1
metadata:
name:
labels:
spec:
type:
ports:
- name: http
protocol: TCP
port:
targetPort:
selector:
app:
sessionAffinity:
-
删除不用 templates/service-portadb.yaml
-
ingress也不用,删除也无妨。