前言

最近忙的要死, 👻👻👻. 上一周来了一次比 996 更猛的 907. 这周二终于有点遭不住了, 调休一天, 稍微歇息一下.

同时手痒的不行, 把筹备了好久的重磅文章发上来哈哈. 😆😆😆

不过时间还是有点仓促, 所以这次就先开个头, 后面有时间再细化.

容器化应用系统上生产的最佳实践

1. 检查镜像、容器是否是用root启动以及配置其他特权. 如无必要, 一律使用普通用户.
2. 检查镜像LANG配置: LANG = en_US.UTF-8. 目的: 避免生产出现 乱码等问题
3. 检查镜像时区配置: TZ=Asia/Shanghai 目的: 避免生产出现时区不一致的问题
4. 配置外部化. 外部化手段有多种:
5. 同一个镜像, 从测试流转到生产. 给镜像打${version}或${gitCommitId}这一类的标签. 目的: 通过版本号或 commit id, 保证正确地的版本流转到生产
6. 讨论每个组件的
7. 日志输出优化:
8. (可选) 根据需要, 安装 redis/kafka/rabbitmq 集群(并配置 exporter 监控)
9. 微服务参数优化:
10. 制作 DEV, TEST, UAT, Pre-PROD, PROD 的 DevOps pipeline.
11. 配置 Readiness 和 Liveness 探针.
12. 增加 JMX-exporter 监控和 Tracing 监控.
13. NGINX conf 建议增加: worker_processes 1; 然后按需调节副本数.
14. (可选)配置 PDB, 指定升级或重启过程中:maxUnavailable 或minAvailable(特别适用于: 有状态应用. 典型如: redis, kafka, zookeeper 等)
15. 配置反亲和性podAntiAffinity. 保证同一组微服务/应用/组件尽可能打散在不同 node 上.

5-6 操作步骤:

      nodeSelector:zone: internet

11 步示例如下:

          livenessProbe:tcpSocket:port: 8080initialDelaySeconds: 60readinessProbe:httpGet:path: /myapp/services/port: 8080scheme: HTTPinitialDelaySeconds: 60

14 步示例如下: (注意关键词: maxUnavailable 和 minAvailable)

kind: PodDisruptionBudget
apiVersion: policy/v1beta1
metadata:name: kafka-prod-kafkalabels:app.kubernetes.io/instance: kafka-prodapp.kubernetes.io/managed-by: strimzi-cluster-operatorapp.kubernetes.io/name: strimzistrimzi.io/cluster: kafka-prodstrimzi.io/kind: Kafkastrimzi.io/name: kafka-prod-kafka
spec:selector:matchLabels:strimzi.io/cluster: kafka-prodstrimzi.io/kind: Kafkastrimzi.io/name: kafka-prod-kafkamaxUnavailable: 1

kind: PodDisruptionBudget
apiVersion: policy/v1beta1
metadata:name: redis-cluster-redisnamespace: myapplabels:app.kubernetes.io/component: redisapp.kubernetes.io/managed-by: redis-operatorapp.kubernetes.io/name: redisapp.kubernetes.io/part-of: redis-clusterredis.kun/v1beta1: myapp_redis
spec:minAvailable: 2selector:matchLabels:app.kubernetes.io/component: redisapp.kubernetes.io/managed-by: redis-operatorapp.kubernetes.io/name: redisapp.kubernetes.io/part-of: redis-clusterredis.kun/v1beta1: myapp_redis

15 步骤示例如下: (注意关键词: podAntiAffinity)

kind: StatefulSet
apiVersion: apps/v1
metadata:name: redis-cluster-redislabels:app.kubernetes.io/component: redisapp.kubernetes.io/managed-by: redis-operatorapp.kubernetes.io/name: redisapp.kubernetes.io/part-of: redis-clusterredis.kun/v1beta1: myapp_redis
spec:replicas: 3selector:matchLabels:app.kubernetes.io/component: redisapp.kubernetes.io/managed-by: redis-operatorapp.kubernetes.io/name: redisapp.kubernetes.io/part-of: redis-clusterredis.kun/v1beta1: myapp_redistemplate:metadata:creationTimestamp: nulllabels:app.kubernetes.io/component: redisapp.kubernetes.io/managed-by: redis-operatorapp.kubernetes.io/name: redisapp.kubernetes.io/part-of: redis-clusterredis.kun/v1beta1: myapp_redisspec:containers:<...>affinity:podAntiAffinity:preferredDuringSchedulingIgnoredDuringExecution:- weight: 100podAffinityTerm:labelSelector:matchLabels:app.kubernetes.io/component: redisapp.kubernetes.io/managed-by: redis-operatorapp.kubernetes.io/name: redisapp.kubernetes.io/part-of: redis-clusterredis.kun/v1beta1: myapp_redistopologyKey: kubernetes.io/hostname
...

完

🎉🎉🎉

本文由东风微鸣技术博客 EWhisper.cn 编写！