☰
Current Page
Main Menu
Home
Home
Editing
多租户2.0升级部署文档
Edit
Preview
h1
h2
h3
default
Set your preferred keybinding
default
vim
emacs
markdown
Set this page's format to
AsciiDoc
Creole
Markdown
MediaWiki
Org-mode
Plain Text
RDoc
Textile
Rendering unavailable for
BibTeX
Pod
reStructuredText
Help 1
Help 1
Help 1
Help 2
Help 3
Help 4
Help 5
Help 6
Help 7
Help 8
Autosaved text is available. Click the button to restore it.
Restore Text
# Kubernetes相关:配置RBAC RBAC全称叫:Role-based access control,即权限相关的配置。 Hazelcast官网已经为我们准备了一个在线yaml,ServiceAccount=defult,namespace同样为default,如果需要自定义,那么下载rbac.yaml文件自行改之: ``` kubectl apply -f https://raw.githubusercontent.com/hazelcast/hazelcast-kubernetes/master/rbac.yaml ``` ```yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: hazelcast-cluster-role rules: - apiGroups: - "" # Access to apps API is only required to support automatic cluster state management # when persistence (hot-restart) is enabled. - apps resources: - endpoints - pods - nodes - services # Access to statefulsets resource is only required to support automatic cluster state management # when persistence (hot-restart) is enabled. - statefulsets verbs: - get - list # Watching resources is only required to support automatic cluster state management # when persistence (hot-restart) is enabled. - watch - apiGroups: - "discovery.k8s.io" resources: - endpointslices verbs: - get - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: hazelcast-cluster-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: hazelcast-cluster-role subjects: - kind: ServiceAccount name: default namespace: mijiuye # 命名空间需要按照实际情况调整 ``` # app.yml配置文件 ```yaml kind: Deployment apiVersion: apps/v1 metadata: name: snest-v1 namespace: $PROJECT_NAMESPACE labels: app: snest app.kubernetes.io/name: snest app.kubernetes.io/version: v1 version: v1 annotations: deployment.kubernetes.io/revision: '3' kubesphere.io/creator: admin servicemesh.kubesphere.io/enabled: 'true' spec: replicas: 1 selector: matchLabels: app: snest app.kubernetes.io/name: snest app.kubernetes.io/version: v1 version: v1 template: metadata: creationTimestamp: null labels: app: snest app.kubernetes.io/name: snest app.kubernetes.io/version: v1 version: v1 annotations: logging.kubesphere.io/logsidecar-config: '{}' sidecar.istio.io/inject: 'true' spec: volumes: - name: host-time hostPath: path: /etc/localtime type: '' - name: volume-18unfh configMap: name: snest defaultMode: 420 - name: volume-v4qaik persistentVolumeClaim: claimName: apps-frontend - name: volume-ajqw8u persistentVolumeClaim: claimName: apps containers: - name: sie-snest-server image: $REGISTRY/$DOCKERHUB_NAMESPACE/$APP_NAME:$TAG_NAME_ENV ports: - name: http-8060 containerPort: 8060 protocol: TCP resources: {} volumeMounts: - name: host-time readOnly: true mountPath: /etc/localtime - name: volume-18unfh readOnly: true mountPath: /config - name: volume-v4qaik mountPath: /apps-frontend - name: volume-ajqw8u mountPath: /apps lifecycle: postStart: exec: command: - /bin/sh - '-c' - >- cp -rf /apps_temp/* /apps terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: IfNotPresent restartPolicy: Always terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirst serviceAccountName: default serviceAccount: default securityContext: {} imagePullSecrets: - name: harbor schedulerName: default-scheduler strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 25% maxSurge: 25% revisionHistoryLimit: 10 progressDeadlineSeconds: 600 ``` # IIOT 配置文件 ### 部署方式 - 单机:stand-alone; - k8s分布式:distributed; - docker分布式:docker-distributed deployment.mode=distributed # Auth 配置文件 ```properties appAuth.Server=http://192.168.168.176:8080 ``` # hazelcast 配置文件 ```properties hazelcast.cluster-name = hazelcast-cluster hazelcast.network.join.auto-detection.enabled = true hazelcast.network.join.multicast.enabled = false hazelcast.network.join.kubernetes.enabled = true hazelcast.network.join.kubernetes.namespace = default # 实际部署时,以实际的命名空间为准。比如 iidp命名空间,则需要改为iidp hazelcast.map.hazelcast-map.backup-count = 1 ``` # Engine运行模式配置文件 #profile ```properties engine.run.mode=DISTRIBUTED engine.store.meta.mode=CLOUD ``` # SG 策略配置文件 ```properties url.whiteList=base.rbac_login_model.*,base.rbac_user.*,*.rbac_user.*,*.ui_menu.*,*.meta_app.*,*.meta_product_line.*,*.meta_app_category.*,*.meta_app_dependency.*,*.meta_app_store.*,*.meta_attachment.*,*.ui_view_seed.*,*.meta_app_store_dependency.*,iiot_thing.*,iiot_importexport.*,*.iiot_thing_entity.*,*iiot_thing_overview_model.*,*iiot_thing_model.*,*.iiot_thing_property.* getModel.whiteList=*.rbac_login_log,*.meta_tree_data,*.rbac_user,*.ui_menu,*.meta_app,*.meta_product_line,*.meta_app_category,*.meta_app_dependency,*.meta_app_store,*.meta_attachment,*.ui_view_seed,*.meta_app_store_dependency,iiot_importexport.*,iiot_thing.*,,*iiot_thing_model.*,*.iiot_thing_property.* sg.whiteList=iiot_alarm.*,iiot_thing.* ```
Uploading file...
Sidebar
[[_TOC_]]
Edit message:
Cancel