Launch, configuration, expansion, expansion, storage, cloud platform using Kepler's Guide

From the start, the configuration, expansion, stretching, memory and other aspects of how to use Kepler cloud platform.

First, what Kplcloud that?

kplcloud is based on a lightweight Kubernetes of PaaS, through a visual interface for management applications, the degree of reduction of the application container, thereby reducing the cost of the time of the application container.

Kplcloud letter should have been in service for more than one team and pleasant wealth, etc., stable operation for nearly two years, the current platform has ran hundreds of applications, nearly 1,000 containers in a production environment.

A landing

Landing can be divided into three types, namely LDAP login, mail password, authorize the tripartite landing, we have not registered function. Below these three landing approach to explain.

E-mail and LDAP or less the same, only a simple configuration can be.

1.1 LDAP landing

App.cfg found in document [server] login_type the parameter, and is set to ldap found [ldap] Block

[ldap]
ldap_host = 127.0.0.1
ldap_port = 389
ldap_base = DC=yourdomain,DC=corp
ldap_sseSSL = false
ldap_bindDN = 
ldap_bind_password = 
ldap_user_filter = (userPrincipalName=%s)
ldap_group_filter = (&(objectCategory=Group))
ldap_attr = name;mail

[server]
;auth_login 
login_type = ldap

Enter your home LDAP related information can be.

Do not set up auth_login, it should be commented out.

1.2 E-mail

App.cfg file found in the [server] is login_type parameters, set email

[server]
;auth_login 
login_type = ldap

Do not set up auth_login, it should be commented out.

1.3 Github authorize landing

app.cfg authorized by Github login parameters needed to auth_login [server] is set at github

Github create OAuth App

• Open github official website, enter https://github.com/settings/developers, find the "OAuth Apps" in the left menu bar and click to enter
• If there are no OAuth App then click on the "New OAuth App" button to create a new OAuth App
• We find OAuth App created after just created and enter you can see the Client ID and Client Secret
• Duplicating them app.cfg he attached to the [server]block underclient_id和client_secret

• Set Homepage URL and Authorization callback URL

• Authorized users need to log in to https://github.com/settings/profile on Public Email settings, or can not successfully authorized

1.4 Authorization Log

After setting up above, you can use github authorized to enter the landing platform, the default allocation of space and permissions can be at app.cfg file [server]under the block default_namespace和default_role_idconfiguration.

[server]
client_id = balabalabalbabiubiubiu
client_secret = balabalabalbabiubiubiu
auth_login = github
default_namespace = default-app
default_role_id = 4C

Two, Dashboard

Workbench 2.1

Workbench is the first page to see after we entered the main lists some of the following information

• Use document
• Create an application entry
• Space CPU and memory resource usage
• Your latest of several operational applications
• Recent applications of this dynamic space
• Your operational space list
• You belong to which permissions list rules

2.2 Global Monitoring

Just simple monitoring of cluster network, memory, CPU and language, the details of the monitoring can be viewed from grafana.

2.3 on-line statistics

This module is a case of some applications released some statistics, such as the number of applications and the number of application failures interrupt rollback, click on the application name to see details of the application.

Third, the application management

3.1 to create applications

Creating a Java application

Before creating the application, first thing we do is in your git project documents submitted on Dockerfile up, and generates or releases a version Tag.

Dockerfile reference

FROM openjdk:latest

COPY xxxx.jar /opt/app

WORKDIR /opt/app
CMD ["java", "xxx.jar"]

The Create Application page, fill out the basic information

• Enter "Create Project" page
• "English name" the name of the rule project to fill in the English name of the project: ^[a-z0-9]([-a-z0-9])?([a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
• Fill out the "Project Description" time to fill
• Submit information into the second step

Fill in the details

• Select the Java language project
• Project Address: Enter the address of the project kplcloud/helloto fill in after the tags will automatically get a list of items
• Select the version: Select version of get back tags
• Pom.xml file path: POMFILE
• Build path: This is the address where the project Dockerfile into the path of
• The number of containers: The number of start Pods
• Container specifications: maximum memory limit of the Pods
• Starting method: jar start or start tomcat
• Args: Select jar start automatically generate simple start command, if the tomcat startup is considering other commands // remove this option
• dubbo service: If the service is dubbo checked, will open its ports 20880
• If the "Add Port" Select the port will be listed, fill out the agreement
• Port and protocol: If you choose to create a Service will load, pay attention to the format port name must be xxx-port, you can add multiple ports, it is recommended that an application to start only one port.

Will display the following page, the management can be deployed in this review page after submitting successful.

(To create a Golang / Python / NodeJs / static applications see open source document.)

3.2 custom boot command

Application service starts can be adjusted in multiple places Here are two scenarios, Dockerfile adjustment and platform details page

Dockerfile CMD startup mode

Look at a simple example:

FROM hub.kpaas.nsini.com/app/hello:v0.0.3

CMD ["/go/bin/hello"]

In this latter write start command CMD, if a plurality of parameters may be followed by a comma, for example: CMD [ "static-web", "-path", "app", "-port", ": 8080"]

Platform adjustment details page

Open the application details page:

Find "command parameters" on the details of the selected card, edit icon on the right spot, pop-up dialog box to fill in:

Will fill startup commands and parameters, parameters separated by commas. Point submission service will automatically restart.

Note: changes in the platform details page will overwrite command CMD command of Dockerfile.

3.3 log collection

Configure log collection

In the middle of the application details page called a "log collection" module

Click on the right of the "Add" button in the pop-up dialog box, select the log path and the rules of regular

• File Path: The location of your log file
• Log rule: If you do not like the default, then the special needs

After submitting the service will automatically restart.

Log collection

If you configure the above acquisition, the Pod where it will serve to inject a Filebeat log collector application services to business acquisition. The collected logs into kafka cluster and logstash message processing and formatting.

ES dealt into clusters, and ultimately we will be able to query the log of our business through kibana.

Of course kafka, logstash, es have to build your own.

If you can put a few services running Kubernetes I can refer to yaml you generate will be able to apply directly into the run.

Template configuration

Filebeat will be used to generate two templates, one template FilebeatContainer container and the other is ConfigMap template FilebeatConfigMap, that you can adjust the template files according to their needs.

3.4 Query Builder application log

Build process applications submitted by some of the information to create applications processed

• Get a list of tags from the git repository
• Jenkins API calls related parameters of the application and version information to it and build
• Jenkins Job execution Shell command execution docker build and upload cause Docker warehouse
• Listening to job execution platform has been successfully completed and the call Image address kubernetes API update applications
• Monitor upgrades
• Send notifications

These are the building back-end process applications, and the front end becomes relatively simple. Just click on the application details page in the "Build" button in the pop-up dialog box, select the version appropriate use of tags and submitted on the line, as shown below:

Query Builder Logs

Click on the details page of build log tab displays the most recent build record, the appropriate version Click on the left to see the version of the building, the application can be built are loose interrupted, as shown below:

3.5 Service mode switch

Service mode switching is too much trouble, Kubernetes need your support, we are now using istio program, which means you need to install istio related services on your kubernetes, and in our template management will require several istio template configuration. To turn on this feature.

If you do not Istio installed, you can skip this chapter.

rely

Find Gateway, VritualService, InitContainer, IstioProxy these templates in the "template management" menu, adjust according to their own environment.

• Gateway: This model is a platform Gateway Namespace a corresponding plurality of spaces will have a plurality of Namespace Gateway, VirtualService Gateway is selected under this Namespace.
• VirtualService: Ingress generation with applications in the generation of foreign access entrance.

Used Istio students should know to carry out their functions Istio provided need to be injected in two containers in Pods, one proxy_init, and the other is proxyv2

• InitContainer: yaml templates Yes Yes initialization settings, such as the traffic
  forwarded to the proxy iptables way
• IstioProxy: template is to all traffic pods proxy yaml

Process

The figure is the architecture of our container traffic into our map:

• DNS domain name will resolve to the VIP
• VIP traffic forwarding 31380 80-port edge node (this is the Service of IstioIngressGateway controller NodePort)
• Each Namespace front we said, there will be at least one corresponding Gateway, Gateway of hosts is xxx. {Namespace} .xxx.com
• VirtualService in the destination.host is the name of the Service.
  The flow of the kplcloud platform, if you need to adjust, only need to modify the template like, do not need to adjust the code.

A key switch

As shown in the application details page select the "Mode" button in the pop-up dialog box, select "Service Mesh" selected items, after clicking submit Pods will automatically restart.

You need to open the file from the ServiceMesh function app.cfg

[server]
service_mesh = true

3.6 Expansion

It is the expansion of the use of resources Pods for expansion, such as CPU and memory resources used by the largest.

In the app's details page, find the "expansion" button in the upper right corner, and after opening.

In the dialog box that drag the CPU and memory, it may be provided a base thereof and a maximum value, as shown below:

After choosing the appropriate value click on the "Save" button, the POD will restart all applications. After the restart maximum CPU and memory resources POD can be used is the value you just set.

The application to the deployment yaml parameters:

requests:
    limits:
        cpu: 1
        memory: 128Mi
    requests:
        cpu: 500m
        memory: 64Mi

3.7 Telescopic

Telescopic is the number of pods application performs a start control.

Also enter the application details page page, locate the "stretch" button in the upper right corner and point to open.

In the dialog box to select the number of the start of POD, as shown below:

After the number of submissions before if the number is greater than the number of missing POD will start, if the value is less than before, will be reduced gradually POD applications.

To the maximum current is 8 pod, memory resources can be used are 16G, if your application exceeds the maximum set by us. To find ways to optimize it, 64 nuclear 128G memory is not enough, this level is not suitable for use with Docker.

This application is the best level of demolished it.

3.8 Mount persistent storage volumes

This platform is dynamically created by PV storageclass. That we rely on storageclass, if your Kubernetes not support the corresponding storage test, will not be very easy to mount.

Currently it does not support multiple mount PVC, perhaps it will be updated later.

Here is a demo of NFS demonstration can be configured according to their respective needs provisioner actual use, the other configuration is the same no need to adjust, just "template management" and adjust StorageClass PersistentVolumeClaim templates in.

Create a persistent storage volumes statement

Find the "Configuration stored" in the menu -> "persistent storage volumes statement."

Selection of applications and click the "Create" button

In the dialog box there will be a few selected items:

• Name: The name of the storage volume (rule: ^[a-z0-9]([-a-z0-9])?([a-z0-9]([-a-z0-9]*[a-z0-9])?)*$）
• Capacity: the size of the storage area may be used, the smallest unit Mi, Ti maximum
• Access mode:
  • ReadWriteOnce-- the roll may be mounted in a single node read / write mode
  • The volume ReadOnlyMany-- plurality of nodes can be mounted read-only mode
  • ReadWriteMany-- The volume may be mounted a plurality of nodes in read / write mode
• Storage class: If no storage class storage class, please see the creation

Mount to the application directory

After storage volumes can be created in the mount applications.

The same applied to enter the details page, find the "persistent storage" tab, as shown:

Click the "Add" button in the pop-up dialog box to enter information plus:

• Persistent storage path: The path to the container mount path
• Persistent storage volumes Disclaimer: This lists the storage volume that you can use

Click to submit your completed path and choose a good storage volumes, all of POD gradually change the application restart.

You can see information about the mounted after mounting is completed:

The final results generated yaml:

volumes:
- name: soup-hello-pvc
  persistentVolumeClaim:
    claimName: test-data
containers:
- volumeMounts: 
  - name: "soup-hello-pvc"
    mountPath: "/soupzhang"

Fourth, the application deployment audit

If you configure the mailbox after the user submits the audit administrator will send mail, the mail address with the audit.

Or you can also find application in the application to enter the unapproved list.

4.1 Application Audit

Submitted on the basis of information

Generated kubernetes yaml

Dockerfile file code library

turn down

If you have a problem submitted by the administrator can be dismissed, dismissed the mailbox will fill the grounds will be sent to the submitter.

What if there is no problem, you can click on the "start deploying" button.

After deploying the application automatically creates a job in the jenkins, and automatically build.

Fifth, the time adjustment container

In our project maintenance process, you may encounter need to modify the server time, toolset platform functionality to meet your needs the ~

In this note, this feature relies faketime, please compile the host faketime extension. Path/usr/local/lib/libfaketime.so.1

Adjust the service time (menu bar: Tools Set -> Set the time)

Screening list of items you want to modify the project, click Edit time, after confirming that the service will restart to take effect.

Open Source Address:

• Github: https://github.com/kplcloud/kplcloud
• Document: https://docs.nsini.com
• Demo: https://kplcloud.nsini.com

Author: pleasant Jinke - Wealth Technology - Innovation Team

Source: CreditEase Institute of Technology