# alien-ack-cluster ä½¿ç”¨è¯´æ˜Žä¸Žç°åº¦å‘å¸?

é›†ç¾¤ï¼?*alien-ack-cluster**ï¼ˆACK æ‰˜ç®¡ç‰ˆï¼ŒKubernetes **v1.26.2**ï¼‰ã€‚èŠ‚ç‚¹æ±  **default-nodepool** å½“å‰ **3 èŠ‚ç‚¹**ï¼ˆæˆªå›¾ä¸­çŠ¶æ€ä¸º **Unknown** æ—¶é¡»å…ˆä¿®å¤ï¼Œå¦åˆ™ Pod æ— æ³•è°ƒåº¦ï¼‰ã€?

Harborï¼?*39.106.135.88**ï¼ˆä¸Ž Jenkins æž„å»ºæœºåŒåŒºåŸŸ/VPC ä¸ºä½³ï¼Œé¿å…è·¨å…¬ç½‘æ‹‰é•œåƒè¶…æ—¶ï¼‰ã€?

---

## ä¸€ã€ä¸Šçº¿å‰æ£€æŸ¥æ¸…å?

### 1. èŠ‚ç‚¹çŠ¶æ€ä¸º Ready

æŽ§åˆ¶å°èŠ‚ç‚¹ä¸º **Unknown** æ—¶ï¼Œåœ¨ä»»æ„èƒ½è®¿é—® API çš„æœºå™¨æ‰§è¡Œï¼š

```bash
kubectl get nodes -o wide
kubectl describe node <èŠ‚ç‚¹å?
```

å¸¸è§åŽŸå› ï¼?

| çŽ°è±¡ | å¤„ç† |
|------|------|
| NotReady + è¶…æ—¶ | èŠ‚ç‚¹å®‰å…¨ç»„æœªæ”¾è¡Œ **6443**ã€?*10250**ï¼›èŠ‚ç‚¹ä¸Ž API Server ç½‘ç»œä¸é€?|
| Kubelet æœªå¯åŠ?| SSH åˆ?ECSï¼Œ`systemctl status kubelet` |
| ç£ç›˜/å†…å­˜åŽ‹åŠ› | `df -h`ã€`free -h`ï¼Œæ¸…ç†é•œåƒæˆ–æ‰©å®¹ |
| å®¹å™¨è¿è¡Œæ—?| èŠ‚ç‚¹ä¸?**containerd 1.6.20**ï¼Œå‹¿æ··ç”¨ docker ä¸?containerd é…ç½® |

ä¿®å¤åŽåº”æ˜¾ç¤º **Ready**ï¼Œä¸” `kubectl get pods -n kube-system` ä¸?CoreDNSã€kube-proxy æ­£å¸¸ï¼ˆæŽ§åˆ¶å°ã€Œé›†ç¾¤å·¡æ£€ã€æ›¾æç¤º CoreDNS å¼‚å¸¸æ—¶ä¼˜å…ˆå¤„ç†ï¼‰ã€?

### 2. æœ¬åœ° kubectl æŽ¥å…¥ ACK

1. æŽ§åˆ¶å?â†?**alien-ack-cluster** â†?**è¿žæŽ¥ä¿¡æ¯** â†?å¤åˆ¶ **å…¬ç½‘/å†…ç½‘ kubeconfig**ï¼ˆå†…ç½?Jenkins ç”¨å†…ç½‘åœ°å€ï¼‰ã€? 
2. ä¿å­˜ä¸ºæ–‡ä»¶ï¼Œä¾‹å¦‚ `~/.kube/config-ack-alien`ã€? 
3. Jenkins å‡­æ®ç±»åž‹ **Secret file**ï¼ŒID å¦?`ack-kubeconfig-alien`ã€? 
4. æµæ°´çº¿ä¸­ï¼š`withCredentials([file(credentialsId: 'ack-kubeconfig-alien', variable: 'KUBECONFIG')]) { sh 'kubectl get ns' }`ã€?

### 3. Harbor ä¸?ACK æ‹‰é•œåƒ?

1. Harbor é¡¹ç›® `alien` è®¾ä¸º **ç§æœ‰**ï¼Œåˆ›å»?**æœºå™¨äººè´¦å?*ï¼ˆpush + pullï¼‰ã€? 
2. ACK å‘½åç©ºé—´åˆ›å»º **imagePullSecret**ï¼ˆè§ `k8s/examples/secret-harbor.example.yaml`ï¼‰ã€? 
3. å?Deployment `spec.template.spec.imagePullSecrets` å¼•ç”¨è¯?Secretã€? 
4. åœ?**æ¯å°èŠ‚ç‚¹** æˆ–ä»…ä¾èµ– K8S Secretï¼šæŽ¨èåªç”?`imagePullSecrets`ï¼Œæ— éœ€èŠ‚ç‚¹ docker loginã€? 
5. å°?Jenkins æœºæž„å»ºç”¨çš„åŸºç¡€é•œåƒ `my-openjdk8-ffmpeg:v1` æŽ¨é€åˆ° Harborï¼Œä¾‹å¦‚ï¼š  
   `docker tag my-openjdk8-ffmpeg:v1 39.106.135.88/alien_cloud/base/openjdk8-ffmpeg:v1`  
   `docker push 39.106.135.88/alien_cloud/base/openjdk8-ffmpeg:v1`

---

## äºŒã€æŽ¨è?K8S èµ„æºæ¨¡åž‹

```text
Namespace: alien-produ
â”œâ”€â”€ Deployment/gateway          (stable, å‰¯æœ¬æ•?N)
â”œâ”€â”€ Deployment/gateway-canary   (ç°åº¦, å‰¯æœ¬æ•?1~2ï¼Œä»… canary ç­–ç•¥æ—¶æ›´æ–?
â”œâ”€â”€ Service/gateway             â†?stable Pod
â”œâ”€â”€ Service/gateway-canary      â†?canary Pod
â”œâ”€â”€ Ingress/alien-gateway       â†?ä¸»è·¯ç”?+ Nginx ç°åº¦æ³¨è§£
â””â”€â”€ ConfigMap/Secret              â†?bootstrapã€Jasyptï¼ˆå‹¿æŠŠæ˜Žæ–‡å¯†ç æäº?Gitï¼?
```

Java å¾®æœåŠ¡ç«¯å£ä¸ŽçŽ°ç½‘ compose ä¸€è‡´ï¼ˆgateway **8000**ï¼Œstore **50014**ï¼Œâ€¦ï¼‰ï¼Œè§å?`deployment-*.yaml`ã€?

**é…ç½®ä¸­å¿ƒ**ï¼šACK ä¸?Nacos è‹¥ä»ç”?39.106.135.88 ä¸Šçš„å®žä¾‹ï¼Œé¡»åœ?Pod çŽ¯å¢ƒå˜é‡æˆ?`bootstrap-prod.yml` ä¸­å†™ **å¯è¾¾çš?K8S Service åœ°å€æˆ?SLB**ï¼Œä¸èƒ½å†™ Docker å®¹å™¨å?`nacos`ï¼ˆé™¤é?Nacos ä¹Ÿè¿è¿›åŒä¸€é›†ç¾¤ï¼‰ã€?

---

## ä¸‰ã€ç°åº¦å‘å¸ƒï¼ˆæŽ¨èï¼šNginx Ingress é‡‘ä¸é›€ï¼?

ACK æŽ§åˆ¶å?â†?**åº”ç”¨** â†?**Ingress** éœ€å·²å®‰è£?**Nginx Ingress Controller**ï¼ˆåº”ç”¨å¸‚åœºã€ŒNginx Ingress Controllerã€æˆ–ã€ŒALB Ingressã€ï¼›ä¸‹æ–‡ä»?**Nginx Ingress æ³¨è§£** ä¸ºä¾‹ï¼Œä¸Žä»“åº“ç¤ºä¾‹ä¸€è‡´ï¼‰ã€?

### åŽŸç†

```mermaid
flowchart LR
  User[å®¢æˆ·ç«¯] --> Ing[Ingress alien-gateway]
  Ing -->|æƒé‡ 90%| SvcStable[Service gateway]
  Ing -->|æƒé‡ 10%| SvcCanary[Service gateway-canary]
  SvcStable --> DepStable[Deployment gateway]
  SvcCanary --> DepCanary[Deployment gateway-canary]
```

- **stable**ï¼šå½“å‰çº¿ä¸Šç‰ˆæœ¬ï¼Œå‰¯æœ¬æ•°è¾ƒå¤šã€? 
- **canary**ï¼šæ–°ç‰ˆæœ¬ï¼Œå‰¯æœ¬æ•°å°‘ã€? 
- **Ingress** é€šè¿‡æ³¨è§£ `canary` + `canary-weight` æŒ‰ç™¾åˆ†æ¯”åˆ†æµã€? 

### æ“ä½œæ­¥éª¤ï¼ˆä¸Ž Jenkins å‚æ•°è”åŠ¨ï¼?

1. **é¦–æ¬¡**ï¼š`kubectl apply -f k8s/examples/namespace.yaml`  
2. **é¦–æ¬¡**ï¼š`kubectl apply -f k8s/examples/deployment-gateway.yaml`ï¼ˆåŠ stable Serviceï¼? 
3. **é¦–æ¬¡**ï¼š`kubectl apply -f k8s/examples/deployment-gateway-canary.yaml` + `service-gateway-canary.yaml`  
4. **é¦–æ¬¡**ï¼š`kubectl apply -f k8s/examples/ingress-gateway-canary.example.yaml`ï¼ˆæ”¹ hostã€TLSï¼? 
5. Jenkins æž„å»ºæ–°é•œåƒ?`39.106.135.88/alien_cloud/gateway:build-42`  
6. Job é€?**DEPLOY_STRATEGY=canary**ï¼?*CANARY_WEIGHT=10**ï¼? 
   - ä»…æ›´æ–?`gateway-canary` Deployment é•œåƒ  
   - å°?Ingress æ³¨è§£ `canary-weight` è®¾ä¸º `10`  
7. è§‚å¯Ÿç›‘æŽ§ä¸Žé”™è¯¯çŽ‡åŽï¼Œé€æ­¥æé«˜ `20` â†?`50` â†?`100`  
8. **å…¨é‡**ï¼šå°† **stable** Deployment é•œåƒæ”¹ä¸ºæ–°ç‰ˆæœ¬ï¼Œ**canary-weight ç½?0** æˆ–åˆ é™?canary Deploymentï¼Œé¿å…é•¿æœŸåŒè½? 

ç¤ºä¾‹æ³¨è§£ï¼ˆå®Œæ•´è§ `ingress-gateway-canary.example.yaml`ï¼‰ï¼š

```yaml
metadata:
  annotations:
    nginx.ingress.kubernetes.io/canary: "true"
    nginx.ingress.kubernetes.io/canary-weight: "10"
```

### ä¸?RollingUpdate çš„åŒºåˆ?

| æ–¹å¼ | K8S å†…ç½® RollingUpdate | Ingress ç°åº¦ï¼ˆæœ¬æ–¹æ¡ˆï¼?|
|------|------------------------|-------------------------|
| æµé‡ | é€?Pod æ›¿æ¢ï¼Œæ—§ç‰?Pod é€æ¸å‡å°‘ | æ–°æ—§ç‰ˆæœ¬ **åŒæ—¶** æŽ¥æµé‡ï¼Œå¯è°ƒæ¯”ä¾‹ |
| å›žæ»š | `kubectl rollout undo` | å°?`canary-weight` è®¾ä¸º `0` æˆ–å›žæ»?canary Deployment |
| Jenkins | `DEPLOY_STRATEGY=rolling` | `DEPLOY_STRATEGY=canary` |

---

## å››ã€ä¸‰èŠ‚ç‚¹èŠ‚ç‚¹æ± å®¹é‡å»ºè®?

å½“å‰çº?**25 æ ?/ 45Gi** é›†ç¾¤æ€»é‡ï¼ˆæŽ§åˆ¶å°èµ„æºç›‘æŽ§ï¼‰ã€? ä¸?Java æœåŠ¡è‹¥å„ **2 å‰¯æœ¬** + ç°åº¦ **1 å‰¯æœ¬**ï¼Œå³°å€?Pod æ•°çº¦ **7Ã—3=21**ï¼Œéœ€æŽ§åˆ¶æ¯?Pod **request**ï¼ˆç¤ºä¾?manifest ä¸?`512Mi`/`250m`ï¼‰ï¼Œé¿å… Pendingã€?

è°ƒåº¦å»ºè®®ï¼?

- æ— çŠ¶æ€æœåŠ¡ï¼š**podAntiAffinity** å°½é‡ spread åˆ?3 å°ï¼ˆç¤ºä¾‹ deployment å·²å«è½¯åäº²å’Œï¼? 
- **gateway** å?2 å‰¯æœ¬ + HPAï¼ˆéœ€ metrics-serverï¼›æŽ§åˆ¶å°è‹¥æç¤?APIService `metrics.k8s.io` ä¸å¯ç”¨ï¼Œå…ˆè£… metrics-server å†å¼€ HPAï¼? 
- **job**ã€å®šæ—¶ä»»åŠ¡ç±»å?1 å‰¯æœ¬  

---

## äº”ã€ä»Ž Docker Compose è¿åˆ° ACK çš„æ˜ å°?

| Composeï¼?9.105.153.68 produï¼?| ACK |
|------------------------------|-----|
| `gateway-produ` å®¹å™¨ | Deployment `gateway` |
| å·æŒ‚è½?jar | é•œåƒå†…æ‰“åŒ?jarï¼ˆæœ¬æµæ°´çº?Dockerfileï¼?|
| `common-network-produ` | ClusterIP Service + Ingress |
| çŽ¯å¢ƒå˜é‡ Jasypt | Secret `alien-jasypt` æˆ?ACK é…ç½®é¡?|
| æ”¯ä»˜è¯ä¹¦ç›®å½• | Secret volume `alien-pay-cert-store` ç­?|

è¿ç§»åŠ¨ä½œé¡ºåºå»ºè®®ï¼?*gateway â†?store â†?å…¶ä½™**ï¼›æ¯è¿ä¸€ä¸ªæœåŠ¡ï¼ŒIngress åˆ‡ä¸€æ?path æˆ–å­åŸŸåï¼Œä¿ç•?compose å›žæ»šè·¯å¾„ç›´è‡³ç¨³å®šã€?

---

## å…­ã€é˜¿é‡Œäº‘ ACK æŽ§åˆ¶å°å¸¸ç”¨å…¥å?

| ç›®æ ‡ | è·¯å¾„ |
|------|------|
| å·¥ä½œè´Ÿè½½ / Deployment | é›†ç¾¤ â†?å·¥ä½œè´Ÿè½½ â†?æ— çŠ¶æ€?|
| ç°åº¦ / Ingress | é›†ç¾¤ â†?ç½‘ç»œ â†?Ingress |
| é•œåƒæ‹‰å–å¤±è´¥äº‹ä»¶ | å·¥ä½œè´Ÿè½½ â†?Pod â†?äº‹ä»¶ |
| æ—¥å¿— | å·¥ä½œè´Ÿè½½ â†?Pod â†?æ—¥å¿—ï¼›æˆ–æŽ¥å…¥ SLS |
| èŠ‚ç‚¹æ± æ‰©å®?| èŠ‚ç‚¹ç®¡ç† â†?default-nodepool â†?æ‰©å®¹ |

---

## ä¸ƒã€ä¸Ž Jenkins produ æµæ°´çº¿è”è°?

1. æ‰‹å·¥ `kubectl apply` ç¤ºä¾‹ manifest ä¸€æ¬¡ã€? 
2. è·‘é€?`gateway-k8s` Jobï¼ˆrollingï¼Œæƒé‡?100% ç­‰ä»·å…¨é‡ï¼‰ã€? 
3. å†è·‘ `canary` + `CANARY_WEIGHT=5` éªŒè¯æµé‡åˆ†è£‚ã€? 
4. å…¶ä½™ 6 ä¸ªæœåŠ¡å¤åˆ?gateway çš?Ingress/Deployment å‘½åæ¨¡å¼ã€? 

é—®é¢˜æŽ’æŸ¥ï¼š`kubectl describe pod -n alien-produ`ã€`kubectl logs -n alien-produ deploy/gateway-canary`ã€?