侧边栏壁纸
博主头像
惊羽博主等级

hi ,我是惊羽,前生物学逃兵,现系统工程沉迷者 . 贝壳签约工程师 , 曾被雇佣为 联拓数科 · 支付研发工程师 、京东 · 京东数科 · 研发工程师、中国移动 · 雄安产业研究院 · 业务中台技术负责人 .

  • 累计撰写 100 篇文章
  • 累计创建 14 个标签
  • 累计收到 9 条评论

云实验室(25) - helm(k8s)安装apollo和ldap的集成

惊羽
2022-01-01 / 0 评论 / 1 点赞 / 186 阅读 / 5,768 字 / 正在检测是否收录...
温馨提示:
本文最后更新于 2022-01-01,若内容或图片失效,请留言反馈。部分素材来自网络,若不小心影响到您的利益,请联系我们删除。

参考官方文档 : 分布式部署指南

1. 准备

1.1 数据库

1.1.1 创建数据库

这里没有按照官方文档初始化
image.png

1.1.2 初始化数据

在apollo库执行脚本进行初始化
https://i.buukle.top/upload/2022/01/1-82de015d704b4948b723ddd68d038a13.sql
在apollo-portal执行脚本初始化
https://i.buukle.top/upload/2022/01/2-6af1f7f3a9ee473c9e47afecf8076134.sql

1.2 helm仓库

在k8s集群节点上执行以下命令:

helm repo add apollo https://charts.apolloconfig.com
helm search repo apollo
helm repo update

2. helm value配置

去官方github下载
service :
https://github.com/apolloconfig/apollo-helm-chart/tree/main/apollo-service
image.png
portal :
https://github.com/apolloconfig/apollo-helm-chart/tree/main/apollo-portal
image.png

2.1 数据源配置

service :
image.png
portal :
image.png

2.2 ldap配置

portal :
image.png

2.3 已经修改好的完整配置

service value.yaml

#
# Copyright 2021 Apollo Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
configdb:
  name: apollo-configdb
  # apolloconfigdb host
  host: mysql-5-7.middleware
  port: 3306
  dbName: apollo
  # apolloconfigdb user name
  userName: apollo
  # apolloconfigdb password
  password: apollo
  connectionStringProperties: characterEncoding=utf8&useSSL=false
  service:
    # whether to create a Service for this host or not
    enabled: false
    fullNameOverride: ""
    port: 3306
    type: ClusterIP

configService:
  name: apollo-configservice
  fullNameOverride: ""
  replicaCount: 2
  containerPort: 8080
  image:
    repository: apolloconfig/apollo-configservice
    tag: ""
    pullPolicy: IfNotPresent
  imagePullSecrets: []
  service:
    fullNameOverride: ""
    port: 8080
    targetPort: 8080
    type: ClusterIP
  ingress:
    enabled: false
    annotations: { }
    hosts:
      - host: ""
        paths: [ ]
    tls: [ ]
  liveness:
    initialDelaySeconds: 100
    periodSeconds: 10
  readiness:
    initialDelaySeconds: 30
    periodSeconds: 5
  config:
    # spring profiles to activate
    profiles: "github,kubernetes"
    # override apollo.config-service.url: config service url to be accessed by apollo-client 
    configServiceUrlOverride: ""
    # override apollo.admin-service.url: admin service url to be accessed by apollo-portal 
    adminServiceUrlOverride: ""
    # specify the context path, e.g. /apollo
    contextPath: ""
  # environment variables passed to the container, e.g. JAVA_OPTS
  env: {}
  strategy: {}
  resources: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}

adminService:
  name: apollo-adminservice
  fullNameOverride: ""
  replicaCount: 2
  containerPort: 8090
  image:
    repository: apolloconfig/apollo-adminservice
    tag: ""
    pullPolicy: IfNotPresent
  imagePullSecrets: []
  service:
    fullNameOverride: ""
    port: 8090
    targetPort: 8090
    type: ClusterIP
  ingress:
    enabled: false
    annotations: { }
    hosts:
      - host: ""
        paths: [ ]
    tls: [ ]
  liveness:
    initialDelaySeconds: 100
    periodSeconds: 10
  readiness:
    initialDelaySeconds: 30
    periodSeconds: 5
  config:
    # spring profiles to activate
    profiles: "github,kubernetes"
    # specify the context path, e.g. /apollo
    contextPath: ""
  # environment variables passed to the container, e.g. JAVA_OPTS
  env: {}
  strategy: {}
  resources: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}

portal value.yaml

#
# Copyright 2021 Apollo Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: apollo-portal
fullNameOverride: ""
replicaCount: 1
containerPort: 8070
image:
  repository: apolloconfig/apollo-portal
  tag: ""
  pullPolicy: IfNotPresent
imagePullSecrets: []
service:
  fullNameOverride: ""
  port: 8070
  targetPort: 8070
  type: ClusterIP
  sessionAffinity: ClientIP
ingress:
  enabled: false
  annotations: {}
  hosts:
    - host: ""
      paths: []
  tls: []
liveness:
  initialDelaySeconds: 100
  periodSeconds: 10
readiness:
  initialDelaySeconds: 30
  periodSeconds: 5
# environment variables passed to the container, e.g. JAVA_OPTS
env: {}
strategy: {}
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}

config:
  # spring profiles to activate
  profiles: "github,ldap"
  # specify the env names, e.g. dev,pro
  envs: pro
  # specify the meta servers, e.g.
  # dev: http://apollo-configservice-dev:8080
  # pro: http://apollo-configservice-pro:8080
  metaServers: 
    pro: http://apollo-service-apollo-configservice.arche:8080
  # specify the context path, e.g. /apollo
  contextPath: ""
  # extra config files for apollo-portal, e.g. application-ldap.yml
  files:
    application-ldap.yml: |
      spring:
        ldap:
          base: "ou=Users,dc=buukle,dc=top"
          username: "cn=admin,dc=buukle,dc=top"
          password: "******"
          searchFilter: "(uid={0})"
          urls:
          - "ldap://openldap-1-5-0.middleware:389"
      ldap:
        mapping:
          objectClass: "inetOrgPerson"
          loginId: "uid"
          userDisplayName: "uid"
          email: "mail"

portaldb:
  name: apollo-portaldb
  # apolloportaldb host
  host: mysql-5-7.middleware
  port: 3306
  dbName: apollo-portal
  # apolloportaldb user name
  userName: apollo
  # apolloportaldb password
  password: apollo
  connectionStringProperties: characterEncoding=utf8&useSSL=false
  service:
    # whether to create a Service for this host or not
    enabled: false
    fullNameOverride: ""
    port: 3306
    type: ClusterIP

3. 安装

shell 登录到k8s集群节点,执行命令

mkdir apollo
cd apollo
mkdir apollo-service
mkdir apollo-portal
cd apollo-service
## 执行以下命令前,需要先将service value.yaml 上传到该目录
helm install apollo-service -f values.yaml -n arche apollo/apollo-service
cd ../apollo-portal
## 执行以下命令前,需要先将portal value.yaml 上传到该目录
helm install apollo-portal -f values.yaml -n arche  apollo/apollo-portal

apollo-service :
image.png
apollo-portal :
image.png

4. ldap管理员权限

修改数据库,将超管用户权限赋给ldap存在的用户
image.png
注意:修改完后需要重新登陆,权限才生效

5. 修改部门

同样的,可以通过数据库配置进行修改
image.png
注意:修改完后需要重新登陆,权限才生效

6. 效果

ldap用户以超管身份登录
image.png
拉取ldap中的用户信息
image.png

0
广告 广告

评论区