本文转载自微信公众号「运维开发故事」,作者小姜。转载本文请联系运维开发故事公众号。
背景
随着k8s的成熟,在k8s上使用ingress-nginx、traefik、apisix等各类ingress的人也越来越多。ingress-kong也可以作为k8s的ingress使用,当然kong也可以单独作为微服务的gateway网关来使用。
如果kong是作为ingress来使用,那么需要使用kong镜像来部署一个ingress-kong和一个kong/kubernetes-ingress-controller镜像来部署一个kong的ingress-controller。还需要部署sa账号和rbac,还有CRD资源。
如果kong只是作为一个gateway来替换springcloud中的gateway来使用,那么只需要部署sa账号和rbac,然后用kong镜像部署一个pod即可当做gateway使用,crd也就不需要了。
kong和konga支持MySQL、MongoDB、PostgresSQL三种数据库。而我这里选择的是PostgresSQL。因为公司都是all in docker,all in kubernetes,因此这里也就选择了在k8s中部署kong和konga。下面记录了一下部署kong和konga过程中遇到的一些报错和排查解决方案思路手段。
部署konga
- $ cat kong-ui-pre.yaml
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- labels:
- appName: konga-ui-aggre-sit
- appEnv: sit
- name: konga-ui-aggre-sit
- namespace: kong
- spec:
- replicas: 1
- selector:
- matchLabels:
- appName: konga-ui-aggre-sit
- appEnv: sit
- template:
- metadata:
- labels:
- appName: konga-ui-aggre-sit
- appEnv: sit
- spec:
- imagePullSecrets:
- - name: registry-auth
- containers:
- - env:
- - name: NODE_ENV
- value: "production"
- - name: DB_ADAPTER
- value: "postgres"
- - name: DB_HOST
- value: "你自己的pgsql地址"
- - name: DB_PORT
- value: "你自己的pgsql端口"
- - name: DB_USER
- value: "kong"
- - name: DB_PASSWORD
- value: "你自己的pgsql密码"
- - name: DB_DATABASE
- value: "konga"
- - name: TOKEN_SECRET
- value: "自己生成随机字符串"
- - name: NO_AUTH
- value: "false"
- - name: NODE_TLS_REJECT_UNAUTHORIZED
- value: "0"
- image: registry.ayunw.cn/kube-system/pantsel/konga:0.14.9
- imagePullPolicy: IfNotPresent
- livenessProbe:
- failureThreshold: 3
- httpGet:
- path: /
- port: 1337
- scheme: HTTP
- initialDelaySeconds: 5
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- name: konga-ui-aggre-sit
- ports:
- - containerPort: 1337
- name: kong-ui
- protocol: TCP
- readinessProbe:
- failureThreshold: 3
- httpGet:
- path: /
- port: 1337
- scheme: HTTP
- initialDelaySeconds: 5
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- serviceAccountName: kong-serviceaccount
我部署kong和konga的时候使用的是pgsql,根据GitHub上的文档上说明得知,在使用NODE_ENV为production的时候需要手动去初始化pgsql。看了一下kong官网的文档来初始化,官网文档:https://docs.konghq.com/install/docker/
初始化pgsql报错
- $ docker run --rm --network=kong-net -e "KONG_DATABASE=postgres" \
- > -e "KONG_PG_HOST=pgsql地址" \
- > -e "KONG_PG_USER=konga" \
- > -e "KONG_PG_PASSWORD=pgsql密码" \
- > -e "KONG_PG_DATABASE=konga" \
- > -e "KONG_PG_PORT=3306" \
- > registry.ayunw.cn/kong/kong-custom:382-ffaf4d50 kong migrations up
- Unable to find image 'registry.ayunw.cn/kong/kong-custom:382-ffaf4d50' locally
- 382-ffaf4d50: Pulling from kong/kong-custom
- 0a6724ff3fcd: Pull complete
- 274efec6805c: Pull complete
- 4bb58967a4ce: Pull complete
- 3f59fb9af44b: Pull complete
- 7e3ec18b9226: Pull complete
- ce8acfac03f7: Pull complete
- Digest: sha256:453dea194d4e39275ea771d062262f0868e29120fc529702dea10278677413c2
- Status: Downloaded newer image for registry.ayunw.cn/kong/kong-custom:382-ffaf4d50
- Error: [PostgreSQL error] failed to retrieve PostgreSQL server_version_num: temporary failure in name resolution
- Run with --v (verbose) or --vv (debug) for more details
想了一下,他这个完全是docker部署kong而不是k8s中部署kong,因此他会需要创建一个docker的network为kong-net,然后保证所有kong相关的服务都跑在同一个网络中。那我这里是部署在k8s中,且pgsql也是买的云的服务,所以我这里其实是不应该这样子来进行初始化的。
然后上github,找到https://github.com/pantsel/konga/tree/master文档上的Production Docker Image步骤中的Prepare the database来操作。
但是里面可能有一个参数解释的不是很清楚,我自己一开始也是比较模糊的,就是https://github.com/pantsel/konga上Production Docker Image步骤下的Prepare the database步骤中的connection-uri参数,你会发现他似乎没给出connection-uri的这个uri的例子是什么样子的。但是其实你会发现在这个github中的Production步骤有写一条url和这个比较类似的,告诉你在使用MySQL或者PostgresSQL的时候应该怎么初始化,命令是:node ./bin/konga.js prepare --adapter postgres --uri postgresql://localhost:5432/konga。但是注意,这个命令他应该不是在你将konga部署在k8s中来使用的。但是这里就有一条url:postgresql://localhost:5432/konga,可以用来参考,那么也就是说差不多就是这个样子的url了,但是应该还需要带上用户名和密码。
其实这里我还犯了一个错误,就是其实一开始我初始化的pgsql命令中pgsql的url写错了,看了https://github.com/pantsel/konga/tree/master中的文档后,手敲命令,将postgresql://localhost:5432/konga敲成了postgre://localhost:5432/konga,所以初始化的时候也报错了。
更改后重新初始化
- $ docker run registry.ayunw.cn/kube-system/pantsel/konga:0.14.9 -c prepare -a postgres -u postgresql://konga:pgsql密码@pgsql地址:pgsql端口/konga
- debug: Preparing database...
- Using postgres DB Adapter.
- Failed to connect to DB Error: getaddrinfo EAI_AGAIN konga
- at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:64:26) {
- errno: 'EAI_AGAIN',
- code: 'EAI_AGAIN',
- syscall: 'getaddrinfo',
- hostname: 'konga'
- }
然后想到了因为“#”导致的问题。甚至尝试了将密码用单引号或者双引号括起来尝试,仍然报错,然后将整个连接pgsql的url全部用单引号或者双引号括起来,也都是没有用。再查了一下google发现需要将“#”符号改成%23。
再次初始化
- $ docker run registry.ayunw.cn/kube-system/pantsel/konga:0.14.9 -c prepare -a postgres -u postgresql://konga:pgsql密码@pgsql地址:pgsql端口/konga
- debug: Preparing database...
- Using postgres DB Adapter.
- Database exists. Continue...
- debug: Hook:api_health_checks:process() called
- debug: Hook:health_checks:process() called
- debug: Hook:start-scheduled-snapshots:process() called
- debug: Hook:upstream_health_checks:process() called
- debug: Hook:user_events_hook:process() called
- debug: Seeding User...
- debug: User seed planted
- debug: Seeding Kongnode...
- debug: Kongnode seed planted
- debug: Seeding Emailtransport...
- debug: Emailtransport seed planted
- debug: Database migrations completed!
初始化成功
总结部署konga遇到的问题
1、文档中写的connection-uri的话必须不能写错,postgresql不要写成postgres
2、密码中有符号“#”要改成%23
部署kong
- ---
- # Source: kong-custom-pre-master/templates/deployment.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: kong-custom-pre-master
- namespace: kong
- labels:
- appEnv: pre
- appName: kong-custom
- appGroup: kong
- spec:
- replicas: 1
- progressDeadlineSeconds: 1800
- minReadySeconds: 5
- strategy:
- type: RollingUpdate
- rollingUpdate:
- maxUnavailable: 50%
- maxSurge: 50%
- selector:
- matchLabels:
- appEnv: pre
- appName: kong-custom
- appGroup: kong
- template:
- metadata:
- labels:
- appEnv: pre
- appName: kong-custom
- appGroup: kong
- spec:
- dnsPolicy: ClusterFirst
- terminationGracePeriodSeconds: 10
- serviceAccountName: kong-serviceaccount
- imagePullSecrets:
- - name: registry-auth-kong-pro
- initContainers:
- - name: wait-for-migrations
- image: "registry.ayunw.cn/kong/kong-custom:398-c44f9085"
- command:
- - /bin/sh
- - -c
- - while true; do kong migrations bootstrap; if [[ 0 -eq 0 ]]; then exit 0; fi; sleep 2; done;
- env:
- # 注意这里KONG_DATABASE的value是错误的,应该将Kong改成postgres
- - name: KONG_DATABASE
- value: "kong"
- - name: KONG_PG_USER
- value: "kong"
- - name: KONG_PG_PORT
- value: "pgsql端口"
- - name: KONG_PG_PASSWORD
- value: "pgsql密码"
- - name: KONG_PG_HOST
- value: "pgsql地址"
- containers:
- - name: kong-custom-pre-master
- image: "registry.ayunw.cn/kong/kong-custom:398-c44f9085"
- ports:
- - name: proxy
- containerPort: 8000
- protocol: TCP
- - name: proxy-ssl
- containerPort: 9443
- protocol: TCP
- - name: metrics
- containerPort: 8100
- protocol: TCP
- - name: admin-url
- containerPort: 8444
- protocol: TCP
- resources:
- limits:
- cpu: "5000m"
- memory: "1024Mi"
- requests:
- cpu: "100m"
- memory: "512Mi"
- lifecycle:
- preStop:
- exec:
- command:
- - /bin/sh
- - -c
- - kong quit
- env:
- - name: "KONG_PROXY_LISTEN"
- value: "0.0.0.0:8000, 0.0.0.0:9443 ssl http2"
- - name: "KONG_PORT_MAPS"
- value: "80:8000, 443:8443"
- - name: "KONG_ADMIN_LISTEN"
- value: "0.0.0.0:8444 ssl"
- - name: "KONG_STATUS_LISTEN"
- value: "0.0.0.0:8100"
- - name: "KONG_NGINX_WORKER_PROCESSES"
- value: "2"
- - name: "KONG_ADMIN_ACCESS_LOG"
- value: "/dev/stdout"
- - name: "KONG_ADMIN_ERROR_LOG"
- value: "/dev/stderr"
- - name: "KONG_PROXY_ERROR_LOG"
- value: "/dev/stderr"
- # 注意这里KONG_DATABASE的value是错误的,应该将Kong改成postgres
- - name: KONG_DATABASE
- value: "kong"
- - name: KONG_PG_USER
- value: "kong"
- - name: KONG_PG_PORT
- value: "pgsql端口"
- - name: KONG_PG_PASSWORD
- value: "pgsql密码"
- - name: KONG_PG_HOST
- value: "pgsql地址"
查看kong的日志报错
- $ kubectl logs -f --tail=20 -n kong kong-custom-sit-9c5cf7b69-4q29l
- stack traceback:
- [C]: in function 'error'
- /usr/local/share/lua/5.1/kong/cmd/utils/migrations.lua:16: in function 'check_state'
- /usr/local/share/lua/5.1/kong/init.lua:455: in function 'init'
- init_by_lua:3: in main chunk
- nginx: [error] init_by_lua error: /usr/local/share/lua/5.1/kong/cmd/utils/migrations.lua:16: Database needs bootstrapping or is older than Kong 1.0.
- To start a new installation from scratch, run 'kong migrations bootstrap'.
- To migrate from a version older than 1.0, migrated to Kong 1.5.0 first.
- If you still have 'apis' entities, you can convert them to Routes and Services
- using the 'kong migrations migrate-apis' command in Kong 1.5.0.
- stack traceback:
- [C]: in function 'error'
- /usr/local/share/lua/5.1/kong/cmd/utils/migrations.lua:16: in function 'check_state'
- /usr/local/share/lua/5.1/kong/init.lua:455: in function 'init'
- init_by_lua:3: in main chunk
很明显是因为没有执行kong migrations的命令。但是明明在deployment.yaml中的initContainers中已经写了,为何没执行?
原因
是因为kong的deployment.yaml中的initContainers下的env环境变量中KONG_DATABASE写错了,我写成了kong。而根据github:https://github.com/pantsel/konga/tree/master上README.md文档中的Environment variables中所知,KONG_DATABASE这个变量是要指明使用postgres或者MySQL或者off三个选项其中的一个。因为我用的是pgsql,因此这里需要指定postgres,那么初始化就回去pgsql中创建库、表、创建数据等操作,这样才会成功。
更改后,kong启动正常。
写在最后
我在konga的github上没找到manifests直接可以用的yaml清单文件,只找到了chart包,因此我是渲染出来以后然后根据自己的实际环境进行了更改。初次使用难免会遇到杂七杂八的问题。其实也是由于我个人的不细心,没仔细多看几遍文档导致的。有读者如果找到了konga的manifests清单文件也可下方留言交流。也提醒各位小伙伴们,平常也需要注意一下习惯,减少和我犯同样的错误!