diff --git a/docs-2.0/nebula-operator/4.connect-to-nebula-graph-service.md b/docs-2.0/nebula-operator/4.connect-to-nebula-graph-service.md index fcaef98f39..f0744e8db7 100644 --- a/docs-2.0/nebula-operator/4.connect-to-nebula-graph-service.md +++ b/docs-2.0/nebula-operator/4.connect-to-nebula-graph-service.md @@ -148,13 +148,13 @@ kubectl run -ti --image vesoft/nebula-console:{{console.branch}} --restart=Never ## 通过`Ingress`在Nebula Graph集群外部连接Nebula Graph数据库 -Nginx Ingress是Kubernetes Ingress的一个实现。Nginx Ingress观察Kubernetes集群的Ingress资源,将Ingress规则生成Nginx配置,使Nginx能够转发第7层流量。 +Nginx Ingress是Kubernetes Ingress的一个实现。Nginx Ingress通过Watch机制感知Kubernetes集群的Ingress资源,将Ingress规则生成Nginx配置,使Nginx能够转发7层流量。 用户可以通过HostNetwork和DaemonSet组合的模式使用Nginx Ingress从集群外部连接Nebula Graph集群。 -由于使用了HostNetwork,Nginx Ingress pods不能被安排在同一个节点上。为了避免监听端口冲突,可以事先选择一些节点并将其标记为边缘节点,专门用于部署Nginx Ingress。 然后,Nginx Ingress以DaemonSet模式部署在这些节点上。 +由于使用HostNetwork,Nginx Ingress的Pod就不能被调度在同一个节点上。为了避免监听端口冲突,可以事先选择一些节点并将其标记为边缘节点,专门用于部署Nginx Ingress。然后Nginx Ingress以DaemonSet模式部署在这些节点上。 -由于Ingress不支持TCP或UDP服务,为此nginx-ingress-controller使用`--tcp-services-configmap`和`--udp-services-configmap`参数指向一个ConfigMap,该ConfigMap中的键指需要使用的外部端口,值指要公开的服务的格式,值的格式为`<命名空间/服务名称>:<服务端口>`。 +由于Ingress不支持TCP或UDP服务,为此nginx-ingress-controller使用`--tcp-services-configmap`和`--udp-services-configmap`参数指向一个ConfigMap,该ConfigMap中的键指需要使用的外部端口,值指要公开的服务的格式,值的格式为`<命名空间/服务名称>:<服务端口>`。 例如指向名为`tcp-services`的ConfigMap的配置如下: @@ -195,377 +195,11 @@ spec: - `port`的值`9769`指外部端口,用户可自行设置。 - `targetPort`的值`9669`指要连接的graphd服务的端口。 -完整的示例及操作步骤如下: +操作步骤如下: -1. 创建名为`nginx-ingress-daemonset-hostnetwork.yaml`的文件。YAML文件内容如下: +1. 创建名为`nginx-ingress-daemonset-hostnetwork.yaml`的文件。 - ```yaml - apiVersion: v1 - kind: ConfigMap - metadata: - name: nginx-ingress-controller - namespace: nginx-ingress - data: - keep-alive-requests: "100" - upstream-keepalive-connections: "200" - max-worker-connections: "65536" - --- - apiVersion: v1 - kind: ConfigMap - metadata: - name: tcp-services - namespace: nginx-ingress - data: - 9769: "default/nebula-graphd-svc:9669" - --- - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app: nginx-ingress - name: nginx-ingress - namespace: nginx-ingress - --- - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app: nginx-ingress - name: nginx-ingress-backend - namespace: nginx-ingress - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app: nginx-ingress - name: nginx-ingress - rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - update - - watch - - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ - resources: - - ingresses/status - verbs: - - update - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app: nginx-ingress - name: nginx-ingress - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nginx-ingress - subjects: - - kind: ServiceAccount - name: nginx-ingress - namespace: nginx-ingress - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app: nginx-ingress - name: nginx-ingress - namespace: nginx-ingress - rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - update - - watch - - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - - ingress-controller-leader-nginx - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app: nginx-ingress - name: nginx-ingress - namespace: nginx-ingress - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: nginx-ingress - subjects: - - kind: ServiceAccount - name: nginx-ingress - namespace: nginx-ingress - --- - apiVersion: v1 - kind: Service - metadata: - labels: - app: nginx-ingress - component: controller - name: nginx-ingress-controller-metrics - namespace: nginx-ingress - spec: - ports: - - name: metrics - port: 9913 - targetPort: metrics - selector: - app: nginx-ingress - component: controller - type: "ClusterIP" - --- - apiVersion: v1 - kind: Service - metadata: - labels: - app: nginx-ingress - component: default-backend - name: nginx-ingress-default-backend - namespace: nginx-ingress - spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: nginx-ingress - component: default-backend - type: "ClusterIP" - --- - apiVersion: v1 - kind: Service - metadata: - labels: - app: nginx-ingress - component: default-backend - name: nginx-ingress-proxy-tcp - namespace: nginx-ingress - spec: - ports: - - name: proxied-tcp - port: 9769 - protocol: TCP - targetPort: 9669 - selector: - app: nginx-ingress - component: default-backend - type: "ClusterIP" - --- - apiVersion: apps/v1 - kind: DaemonSet - metadata: - labels: - app: nginx-ingress - component: controller - name: nginx-ingress-controller - namespace: nginx-ingress - spec: - selector: - matchLabels: - app: nginx-ingress - component: controller - template: - metadata: - labels: - app: nginx-ingress - component: controller - spec: - dnsPolicy: ClusterFirst - initContainers: - - name: setsysctl - image: busybox - securityContext: - privileged: true - command: - - sh - - -c - - | - sysctl -w net.core.somaxconn=65535 - sysctl -w net.ipv4.ip_local_port_range="1024 65535" - sysctl -w net.ipv4.tcp_tw_reuse=1 - sysctl -w fs.file-max=1048576 - containers: - - name: nginx-ingress-controller - image: "ccr.ccs.tencentyun.com/mirrors/nginx-ingress-controller:v0.34.1" - imagePullPolicy: IfNotPresent - args: - - /nginx-ingress-controller - - --default-backend-service=$(POD_NAMESPACE)/nginx-ingress-default-backend - - --election-id=ingress-controller-leader - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/nginx-ingress-controller - - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - securityContext: - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - runAsUser: 101 - allowPrivilegeEscalation: true - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - livenessProbe: - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: proxied-tcp - containerPort: 9769 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: metrics - containerPort: 10254 - protocol: TCP - readinessProbe: - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - hostNetwork: true - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: //为运行该DaemonSet的节点指定标签。 - - key: nginx-ingress - operator: In - values: - - "true" - serviceAccountName: nginx-ingress - terminationGracePeriodSeconds: 60 - ``` + 单击[nginx-ingress-daemonset-hostnetwork.yaml](https://github.com/vesoft-inc/nebula-operator/blob/{{operator.branch}}/config/samples/nginx-ingress-daemonset-hostnetwork.yaml)查看完整的YAML示例内容。 !!! note diff --git a/docs-2.0/nebula-operator/9.upgrade-nebula-cluster.md b/docs-2.0/nebula-operator/9.upgrade-nebula-cluster.md index 22ad1eb2f3..2d3eac2236 100644 --- a/docs-2.0/nebula-operator/9.upgrade-nebula-cluster.md +++ b/docs-2.0/nebula-operator/9.upgrade-nebula-cluster.md @@ -38,64 +38,74 @@ apiVersion: apps.nebula-graph.io/v1alpha1 kind: NebulaCluster metadata: - name: nebula + name: nebula spec: - graphd: - resources: - requests: - cpu: "500m" - memory: "500Mi" - limits: - cpu: "1" - memory: "1Gi" - replicas: 2 - image: vesoft/nebula-graphd - version: {{nebula.branch}} //将值从v2.5.1修改至{{nebula.branch}}。 - service: - type: NodePort - externalTrafficPolicy: Local - storageClaim: - resources: - requests: - storage: 2Gi - storageClassName: local-path - metad: - resources: - requests: - cpu: "500m" - memory: "500Mi" - limits: - cpu: "1" - memory: "1Gi" - replicas: 1 - image: vesoft/nebula-metad - version: {{nebula.branch}} //将值从v2.5.1修改至{{nebula.branch}}。 - storageClaim: - resources: - requests: - storage: 2Gi - storageClassName: local-path - storaged: - resources: - requests: - cpu: "500m" - memory: "500Mi" - limits: - cpu: "1" - memory: "1Gi" - replicas: 3 - image: vesoft/nebula-storaged - version: {{nebula.branch}} //将值从v2.5.1修改至{{nebula.branch}}。 - storageClaim: - resources: - requests: - storage: 2Gi - storageClassName: local-path - reference: - name: statefulsets.apps - version: v1 - schedulerName: default-scheduler - imagePullPolicy: IfNotPresent + graphd: + resources: + requests: + cpu: "500m" + memory: "500Mi" + limits: + cpu: "1" + memory: "1Gi" + replicas: 1 + image: vesoft/nebula-graphd + version: {{nebula.branch}} //将值从v2.5.1修改至{{nebula.branch}}。 + service: + type: NodePort + externalTrafficPolicy: Local + logVolumeClaim: + resources: + requests: + storage: 2Gi + storageClassName: gp2 + metad: + resources: + requests: + cpu: "500m" + memory: "500Mi" + limits: + cpu: "1" + memory: "1Gi" + replicas: 1 + image: vesoft/nebula-metad + version: {{nebula.branch}} //将值从v2.5.1修改至{{nebula.branch}}。 + dataVolumeClaim: + resources: + requests: + storage: 2Gi + storageClassName: gp2 + logVolumeClaim: + resources: + requests: + storage: 2Gi + storageClassName: gp2 + storaged: + resources: + requests: + cpu: "500m" + memory: "500Mi" + limits: + cpu: "1" + memory: "1Gi" + replicas: 3 + image: vesoft/nebula-storaged + version: {{nebula.branch}} //将值从v2.5.1修改至{{nebula.branch}}。 + dataVolumeClaim: + resources: + requests: + storage: 2Gi + storageClassName: gp2 + logVolumeClaim: + resources: + requests: + storage: 2Gi + storageClassName: gp2 + reference: + name: statefulsets.apps + version: v1 + schedulerName: default-scheduler + imagePullPolicy: Always ``` 3. 执行以下命令将版本升级的更新应用于集群CR中。