Kubernetes 检索Ignite吊舱IP地址失败
我正在尝试使用GoogleKubernetes引擎运行ApacheIgnite集群 在完成教程之后,这里有一些yaml文件 首先,我创建一个服务- 点火服务。yamlKubernetes 检索Ignite吊舱IP地址失败,kubernetes,ignite,Kubernetes,Ignite,我正在尝试使用GoogleKubernetes引擎运行ApacheIgnite集群 在完成教程之后,这里有一些yaml文件 首先,我创建一个服务- 点火服务。yaml apiVersion: v1 kind: Service metadata: # Name of Ignite Service used by Kubernetes IP finder. # The name must be equal to TcpDiscoveryKubernetesIpFinder.serviceN
apiVersion: v1
kind: Service
metadata:
# Name of Ignite Service used by Kubernetes IP finder.
# The name must be equal to TcpDiscoveryKubernetesIpFinder.serviceName.
name: ignite
namespace: default
spec:
clusterIP: None # custom value.
ports:
- port: 9042 # custom value.
selector:
# Must be equal to one of the labels set in Ignite pods'
# deployement configuration.
app: ignite
kubectl create-f ignite service.yaml
其次,我为我的ignite节点创建一个部署ignite deployment.yaml
apiVersion: v1
kind: Service
metadata:
# Name of Ignite Service used by Kubernetes IP finder.
# The name must be equal to TcpDiscoveryKubernetesIpFinder.serviceName.
name: ignite
namespace: default
spec:
clusterIP: None # custom value.
ports:
- port: 9042 # custom value.
selector:
# Must be equal to one of the labels set in Ignite pods'
# deployement configuration.
app: ignite
Ignite吊舱部署的Kubernetes配置示例。
kubectl create-f ignite deployment.yaml
之后,我检查我的案例中运行的吊舱的状态。但是,当我检查任何pod的日志时,我得到以下错误:
java.io.IOException: Server returned HTTP response code: 403 for URL: https://kubernetes.default.svc.cluster.local:443/api/v1/namespaces/default/endpoints/ignite
我尝试过的事情:-
错误:验证“daemon.yaml”时出错:验证数据时出错:ValidationError(DaemonSet.spec.template.spec):io.k8s.api.core.v1.PodSpec中缺少必需字段“containers”;如果选择忽略这些错误,请使用--validate=false关闭验证
有人能指出我在这里可能犯的错误吗
谢谢。步骤1:kubectl apply-f ignite service.yaml
(带您所问的文件)
第2步:kubectl应用-f点燃rbac.yaml
ignite-rbac.yaml如下所示:
apiVersion: v1
kind: ServiceAccount
metadata:
name: ignite
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ignite-endpoint-access
namespace: default
labels:
app: ignite
rules:
- apiGroups: [""]
resources: ["endpoints"]
resourceNames: ["ignite"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ignite-role-binding
namespace: default
labels:
app: ignite
subjects:
- kind: ServiceAccount
name: ignite
roleRef:
kind: Role
name: ignite-endpoint-access
apiGroup: rbac.authorization.k8s.io
步骤3:kubectl apply-f ignite deployment.yaml
(与您的文件非常类似,我只添加了一行,servicecomport:ignite
:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
# Custom Ignite cluster's name.
name: ignite-cluster
namespace: default
spec:
# A number of Ignite pods to be started by Kubernetes initially.
replicas: 2
template:
metadata:
labels:
app: ignite
spec:
serviceAccount: ignite ## Added line
containers:
# Custom Ignite pod name.
- name: ignite-node
image: apacheignite/ignite:2.4.0
env:
- name: OPTION_LIBS
value: ignite-kubernetes
- name: CONFIG_URI
value: https://raw.githubusercontent.com/apache/ignite/master/modules/kubernetes/config/example-kube.xml
ports:
# Ports to open.
# Might be optional depending on your Kubernetes environment.
- containerPort: 11211 # REST port number.
- containerPort: 47100 # communication SPI port number.
- containerPort: 47500 # discovery SPI port number.
- containerPort: 49112 # JMX port number.
- containerPort: 10800 # SQL port number.
这应该可以正常工作。我在吊舱的日志(kubectl logs-f ignite cluster xx yy
)中找到了这一点,显示两个吊舱成功地相互定位:
[13:42:00] Ignite node started OK (id=f89698d6)
[13:42:00] Topology snapshot [ver=1, servers=1, clients=0, CPUs=1, offheap=0.72GB, heap=1.0GB]
[13:42:00] Data Regions Configured:
[13:42:00] ^-- default [initSize=256.0 MiB, maxSize=740.8 MiB, persistenceEnabled=false]
[13:42:01] Topology snapshot [ver=2, servers=2, clients=0, CPUs=2, offheap=1.4GB, heap=2.0GB]
[13:42:01] Data Regions Configured:
[13:42:01] ^-- default [initSize=256.0 MiB, maxSize=740.8 MiB, persistenceEnabled=false]
clusterrole和clusterrolebinding也适用于这种情况吗?会,但没有必要。clusterrole和clusterrolebinding适用于应用程序需要在群集范围内访问某些资源的情况。例如,入口控制器需要访问所有名称空间中的所有入口对象,而不仅仅是特定名称空间中的所有入口对象。所有这些都会点燃需要的是能够在同一服务中找到它的对等点;我们可以授予更多访问权限,但这会带来麻烦。比如说,我们授予ignite群集管理权限。这是可行的,但如果ignite中存在安全漏洞,恶意参与者将能够轻松接管整个群集。现在我已经在我的GKE上运行ignite群集。但我需要连接我的spark客户端/作业才能访问ignite服务器。你对此有什么想法吗?发布一个新问题并尽可能详细地说明,包括你尝试过的内容、错误等。请检查此处