本节重点介绍 :
编写Dockerfile
1. FROM 指定基础镜像
- 必须有的指令,并且必须是第一条指令
- Alpine 操作系统是一个面向安全的轻型 Linux 发行版。它不同于通常 Linux 发行版,Alpine 采用了 musl libc 和 busybox 以减小系统的体积和运行时资源消耗,但功能上比 busybox 又完善的多,因此得到开源社区越来越多的青睐。
FROM golang:1.16-alpine as builder
2. WORKDIR 指定工作目录
- 使用 WORKDIR 指令可以来指定工作目录(或者称为当前目录),以后各层的当前目录就被改为指定的目录
- 如果目录不存在,WORKDIR 会帮你建立目录
WORKDIR /usr/src/app
3. COPY 复制
- COPY 指令将从构建上下文目录中 <源路径> 的文件/目录复制到新的一层的镜像内的 <目标路径> 位置
- 格式
COPY <源路径>... <目标路径>
COPY ["<源路径1>",... "<目标路径>"]
COPY ./go.mod ./
COPY ./go.sum ./
4. RUN 用于执行命令行命令
- 把镜像替换成阿里云,并且安装upx ca-certificates tzdata包
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \apk add --no-cache upx ca-certificates tzdata
RUN go mod download
RUN CGO_ENABLED=0 go build -o ink8s-pod-metrics
5. ENTRYPOINT 带参数的执行
ENTRYPOINT [ "curl", "-s", "http://ip.cn" ]
完整的Dockerfile
FROM golang:1.16-alpine as builder
WORKDIR /usr/src/app
ENV GOPROXY=https://goproxy.cn
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \apk add --no-cache upx ca-certificates tzdata
COPY ./go.mod ./
COPY ./go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go build -o ink8s-pod-metricsFROM yauritux/busybox-curl as runner
COPY --from=builder /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /usr/src/app/ink8s-pod-metrics /opt/app/ink8s-pod-metrics
ENTRYPOINT [ "/opt/app/ink8s-pod-metrics" ]
编写k8s的yaml
编写rbac.yaml
ServiceAccount
---
apiVersion: v1
kind: ServiceAccount
metadata:name: ink8s-pod-metricsnamespace: default
ClusterRole
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:name: ink8s-pod-metrics
rules:- apiGroups:- ""resources:- nodes- podsverbs:- list
ClusterRoleBinding
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: ink8s-pod-metrics
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: ink8s-pod-metrics
subjects:- kind: ServiceAccountname: ink8s-pod-metricsnamespace: default
完整的rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:name: ink8s-pod-metricsnamespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:name: ink8s-pod-metrics
rules:- apiGroups:- ""resources:- nodes- nodes/metrics- services- endpoints- podsverbs:- get- list- watch- nonResourceURLs:- "/metrics"verbs:- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: ink8s-pod-metrics
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: ink8s-pod-metrics
subjects:- kind: ServiceAccountname: ink8s-pod-metricsnamespace: default
编写deployment的yaml
metadata段
apiVersion: apps/v1
kind: Deployment
metadata:name: ink8s-pod-metrics-deploymentnamespace: defaultlabels:app: ink8s-pod-metrics-deployment
prometheus 采集的相关配置
- 我们在使用pod自定义指标时在pod yaml 的spec.template.metadata.annotations中需要定义三个以
prometheus.io开头的配置 - 释义
prometheus.io/scrape 是否需要prometheus采集prometheus.io/port metrics暴露的端口prometheus.io/path metrics的http path信息
详细配置如下:
spec:replicas: 1selector:matchLabels:app: ink8s-pod-metricstemplate:metadata:labels:app: ink8s-pod-metricsannotations:prometheus.io/scrape: 'true'prometheus.io/port: '8080'prometheus.io/path: 'metrics'
容器配置
- 端口是8080,和go代码中的一致
- 使用的镜像名字和dockerfile中 一致 ink8s-pod-metrics
spec:containers:- name: ink8s-pod-metricsimage: ink8s-pod-metrics:v1command:- /opt/app/ink8s-pod-metricsports:- containerPort: 8080resources:requests:cpu: 100mmemory: 100Milimits:cpu: 200mmemory: 800MiserviceAccountName: ink8s-pod-metrics
完整的
apiVersion: apps/v1
kind: Deployment
metadata:name: ink8s-pod-metrics-deploymentnamespace: defaultlabels:app: ink8s-pod-metrics-deploymentspec:replicas: 1selector:matchLabels:app: ink8s-pod-metricstemplate:metadata:labels:app: ink8s-pod-metricsannotations:prometheus.io/scrape: 'true'prometheus.io/port: '8080'prometheus.io/path: 'metrics'spec:containers:- name: ink8s-pod-metricsimage: ink8s-pod-metrics:v1command:- /opt/app/ink8s-pod-metricsports:- containerPort: 8080resources:requests:cpu: 100mmemory: 100Milimits:cpu: 200mmemory: 800MiserviceAccountName: ink8s-pod-metrics
本节重点总结 :
)
)
)
