在Kubernetes中部署zookeeper集群

CTwZVfsAII · 2025-2-21 20:07:01

部署遇到的问题

挂载目录没有写入权限

修改容器启动命令，查看到用户 id 是 1001

官方也有说明

解决方法 1: 使用 initcontainer 授权

1
2
3
4
5
6
7
8

initContainers:
- name: init
  image: busybox:1.28
  command: ['sh', '-c', "chown -R 1001:1001 /bitnami/"]
  volumeMounts:
- name: data
   mountPath: /bitnami/zookeeper

解决方法 2：增加安全上下文，使用 root 用户

这么做会降低容器的安全性，不推荐！

1
2
3

securityContext:
runAsUser: 0
runAsGroup: 0

最终的 yaml 文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

apiVersion: v1
kind: Service
metadata:
  name: zk-hs
  labels:
app: zookeeper
spec:
  ports:
- name: tcp-client
   protocol: TCP
   port: 2181
   targetPort: 2181
- name: tcp-follower
   port: 2888
   targetPort: 2888
- name: tcp-election
   port: 3888
   targetPort: 3888
  selector:
app: zookeeper
  clusterIP: None
  type: ClusterIP

---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: zookeeper
  labels:
app: zookeeper
spec:
  replicas: 3
  selector:
matchLabels:
   app: zookeeper
  serviceName: zk-hs
  template:
metadata:
   name: zookeeper
   labels:
      app: zookeeper
spec:
   # 使用 initContainers 解决挂载目录没有权限写入问题
   initContainers:
   - name: init
      image: busybox:1.28
      command: ['sh', '-c', "chown -R 1001:1001 /bitnami/"]
      volumeMounts:
      - name: data
         mountPath: /bitnami/zookeeper

   containers:
      - name: zookeeper
      image: bitnami/zookeeper:3.8.2
      command:
         - bash
         - '-ec'
         - |
            HOSTNAME="$(hostname -s)"
            if [[ $HOSTNAME =~ (.*)-([0-9]+)$ ]]; then
            ORD=${BASH_REMATCH[2]}
            export ZOO_SERVER_ID="$((ORD + 1 ))"
            else
            echo "Failed to get index from hostname $HOST"
            exit 1
            fi
            exec /entrypoint.sh /run.sh
      resources:
         limits:
            cpu: 1
            memory: 2Gi
         requests:
            cpu: 50m
            memory: 500Mi
      env:
         - name: ZOO_ENABLE_AUTH
            value: "no"
         - name: ALLOW_ANONYMOUS_LOGIN
            value: "yes"
         - name: ZOO_SERVERS
            value: >
            zookeeper-0.zk-hs.default.svc.cluster.local:2888:3888
            zookeeper-1.zk-hs.default.svc.cluster.local:2888:3888
            zookeeper-2.zk-hs.default.svc.cluster.local:2888:3888
      ports:
         - name: client
            containerPort: 2181
         - name: follower
            containerPort: 2888
         - name: election
            containerPort: 3888
      livenessProbe:
         tcpSocket:
            port: client
         failureThreshold: 6
         initialDelaySeconds: 30
         periodSeconds: 10
         successThreshold: 1
         timeoutSeconds: 5
      readinessProbe:
         tcpSocket:
            port: client
         failureThreshold: 6
         initialDelaySeconds: 5
         periodSeconds: 10
         successThreshold: 1
         timeoutSeconds: 5
      volumeMounts:
         - name: data
            mountPath: /bitnami/zookeeper
  volumeClaimTemplates:
- metadata:
      name: data
   spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "longhorn"
      resources:
      requests:
         storage: 2Gi

集群验证

1
2
3
4
5
6
7
8
9
10
11
12

# 检查FQDN
for i in 0 1 2; do kubectl exec zookeeper-$i -- hostname -f; done

# 检查生成的myid文件
for i in 0 1 2; do echo "myid zookeeper-$i";kubectl exec zookeeper-$i -- cat /bitnami/zookeeper/data/myid; done

# 检查自动生成的配置文件
kubectl exec -it zookeeper-0 -- cat /opt/bitnami/zookeeper/conf/zoo.cfg | grep -vE "^#|^$"

# 检查集群状态
for i in 0 1 2; do echo -e "# myid zookeeper-$i \n";kubectl exec zookeeper-$i -- opt/bitnami/zookeeper/bin/zkServer.sh status;echo -e "\n"; done

数据验证

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

kubectl run --rm -it zookeeper-client --image=zookeeper:3.8.2 -- bash

cd /apache-zookeeper-3.8.2-bin/bin

# 连上 zookeeper 第一个节点
./zkCli.sh -server zookeeper-0.zk-hs.default.svc.cluster.local:2181

# 创建测试数据
[zk: zookeeper-0.zk-hs.default.svc.cluster.local:2181(CONNECTED) 0] create /test test-data
Created /test

# 读取测试数据
[zk: zookeeper-0.zk-hs.default.svc.cluster.local:2181(CONNECTED) 1] get /test
test-data

# 连上 zookeeper 第二个节点
./zkCli.sh -server zookeeper-1.zk-hs.default.svc.cluster.local:2181
# 获取数据
[zk: zookeeper-1.zk-hs.default.svc.cluster.local:2181(CONNECTED) 0] get /test
test-data