参考官方文档 : 分布式部署指南
1. 准备
1.1 数据库
1.1.1 创建数据库
这里没有按照官方文档初始化
1.1.2 初始化数据
在apollo库执行脚本进行初始化
https://i.buukle.top/upload/2022/01/1-82de015d704b4948b723ddd68d038a13.sql
在apollo-portal执行脚本初始化
https://i.buukle.top/upload/2022/01/2-6af1f7f3a9ee473c9e47afecf8076134.sql
1.2 helm仓库
在k8s集群节点上执行以下命令:
helm repo add apollo https://charts.apolloconfig.com
helm search repo apollo
helm repo update
2. helm value配置
去官方github下载
service :
https://github.com/apolloconfig/apollo-helm-chart/tree/main/apollo-service
portal :
https://github.com/apolloconfig/apollo-helm-chart/tree/main/apollo-portal
2.1 数据源配置
service :
portal :
2.2 ldap配置
portal :
2.3 已经修改好的完整配置
service value.yaml
#
# Copyright 2021 Apollo Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
configdb:
name: apollo-configdb
# apolloconfigdb host
host: mysql-5-7.middleware
port: 3306
dbName: apollo
# apolloconfigdb user name
userName: apollo
# apolloconfigdb password
password: apollo
connectionStringProperties: characterEncoding=utf8&useSSL=false
service:
# whether to create a Service for this host or not
enabled: false
fullNameOverride: ""
port: 3306
type: ClusterIP
configService:
name: apollo-configservice
fullNameOverride: ""
replicaCount: 2
containerPort: 8080
image:
repository: apolloconfig/apollo-configservice
tag: ""
pullPolicy: IfNotPresent
imagePullSecrets: []
service:
fullNameOverride: ""
port: 8080
targetPort: 8080
type: ClusterIP
ingress:
enabled: false
annotations: { }
hosts:
- host: ""
paths: [ ]
tls: [ ]
liveness:
initialDelaySeconds: 100
periodSeconds: 10
readiness:
initialDelaySeconds: 30
periodSeconds: 5
config:
# spring profiles to activate
profiles: "github,kubernetes"
# override apollo.config-service.url: config service url to be accessed by apollo-client
configServiceUrlOverride: ""
# override apollo.admin-service.url: admin service url to be accessed by apollo-portal
adminServiceUrlOverride: ""
# specify the context path, e.g. /apollo
contextPath: ""
# environment variables passed to the container, e.g. JAVA_OPTS
env: {}
strategy: {}
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
adminService:
name: apollo-adminservice
fullNameOverride: ""
replicaCount: 2
containerPort: 8090
image:
repository: apolloconfig/apollo-adminservice
tag: ""
pullPolicy: IfNotPresent
imagePullSecrets: []
service:
fullNameOverride: ""
port: 8090
targetPort: 8090
type: ClusterIP
ingress:
enabled: false
annotations: { }
hosts:
- host: ""
paths: [ ]
tls: [ ]
liveness:
initialDelaySeconds: 100
periodSeconds: 10
readiness:
initialDelaySeconds: 30
periodSeconds: 5
config:
# spring profiles to activate
profiles: "github,kubernetes"
# specify the context path, e.g. /apollo
contextPath: ""
# environment variables passed to the container, e.g. JAVA_OPTS
env: {}
strategy: {}
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
portal value.yaml
#
# Copyright 2021 Apollo Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: apollo-portal
fullNameOverride: ""
replicaCount: 1
containerPort: 8070
image:
repository: apolloconfig/apollo-portal
tag: ""
pullPolicy: IfNotPresent
imagePullSecrets: []
service:
fullNameOverride: ""
port: 8070
targetPort: 8070
type: ClusterIP
sessionAffinity: ClientIP
ingress:
enabled: false
annotations: {}
hosts:
- host: ""
paths: []
tls: []
liveness:
initialDelaySeconds: 100
periodSeconds: 10
readiness:
initialDelaySeconds: 30
periodSeconds: 5
# environment variables passed to the container, e.g. JAVA_OPTS
env: {}
strategy: {}
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
config:
# spring profiles to activate
profiles: "github,ldap"
# specify the env names, e.g. dev,pro
envs: pro
# specify the meta servers, e.g.
# dev: http://apollo-configservice-dev:8080
# pro: http://apollo-configservice-pro:8080
metaServers:
pro: http://apollo-service-apollo-configservice.arche:8080
# specify the context path, e.g. /apollo
contextPath: ""
# extra config files for apollo-portal, e.g. application-ldap.yml
files:
application-ldap.yml: |
spring:
ldap:
base: "ou=Users,dc=buukle,dc=top"
username: "cn=admin,dc=buukle,dc=top"
password: "******"
searchFilter: "(uid={0})"
urls:
- "ldap://openldap-1-5-0.middleware:389"
ldap:
mapping:
objectClass: "inetOrgPerson"
loginId: "uid"
userDisplayName: "uid"
email: "mail"
portaldb:
name: apollo-portaldb
# apolloportaldb host
host: mysql-5-7.middleware
port: 3306
dbName: apollo-portal
# apolloportaldb user name
userName: apollo
# apolloportaldb password
password: apollo
connectionStringProperties: characterEncoding=utf8&useSSL=false
service:
# whether to create a Service for this host or not
enabled: false
fullNameOverride: ""
port: 3306
type: ClusterIP
3. 安装
shell 登录到k8s集群节点,执行命令
mkdir apollo
cd apollo
mkdir apollo-service
mkdir apollo-portal
cd apollo-service
## 执行以下命令前,需要先将service value.yaml 上传到该目录
helm install apollo-service -f values.yaml -n arche apollo/apollo-service
cd ../apollo-portal
## 执行以下命令前,需要先将portal value.yaml 上传到该目录
helm install apollo-portal -f values.yaml -n arche apollo/apollo-portal
apollo-service :
apollo-portal :
4. ldap管理员权限
修改数据库,将超管用户权限赋给ldap存在的用户
注意:修改完后需要重新登陆,权限才生效
5. 修改部门
同样的,可以通过数据库配置进行修改
注意:修改完后需要重新登陆,权限才生效
6. 效果
ldap用户以超管身份登录
拉取ldap中的用户信息
评论区