type
Post
status
Published
date
Apr 2, 2023
slug
summary
无感计算与数据服务如何协调一致?
tags
无感计算
服务器
category
技术分享
icon
GOOD Lab-serverless小组出品
一、引言
fission是一款生态完整、架构新颖的无感计算框架,其容器预热池
PoolManager
与上海交通大学IPADS团队的冷启动优化策略如出一撤。本篇博客通过无感计算框架fission的部署以及与分布式内存数据库redis的结合使用,带领读者入门fission。二、环境配置
- 主机软硬件:Intel i5-12400f,VMware16.0,Win11
- 虚拟机配置:2vCPU,4GB RAM(可能存在12代CPU的大小核问题)
- Kubernetes V1.22.4
- Docker CE V23.0.2
- Fission/ Fission CLI V1.18.0
- kube-state-metrics V2.2.1
- Prometheus V2.37.6
- Grafana V8.5.22
三、Kubernetes 安装
可以参考之前我写的OpenFaaS安装部分:https://blog.csdn.net/NCU_Good/article/details/128436373
【1】关闭内存缓冲区(云服务器上不需要这样做)
# 关闭内存缓存区 swapoff -a vim /etc/fstab # 注释掉swap的一行 vim /etc/sysctl.conf # 增加vm.swappiness=0 sysctl -p # 关闭SELinux setenforce 0 sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
【2】添加安装源
# 添加 k8s 安装源 cat <<EOF > kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF mv kubernetes.repo /etc/yum.repos.d/ # 添加 Docker 安装源 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
【3】执行安装
一次不成功就多来几次
yum install -y kubelet-1.22.4 kubeadm-1.22.4 kubectl-1.22.4 docker-ce
设置开机自启
systemctl enable kubelet systemctl start kubelet systemctl enable docker systemctl start docker
docker阿里云镜像加速器配置(
registry-mirrors
改成自己的)cat <<EOF > daemon.json { "exec-opts": ["native.cgroupdriver=systemd"], "registry-mirrors": ["https://ud6340vz.mirror.aliyuncs.com"] } EOF mv daemon.json /etc/docker/ systemctl daemon-reload systemctl restart docker
【4】配置IPtable(云服务器不需要)
cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 net.ipv4.tcp_tw_recycle=0 vm.swappiness=0 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_instances=8192 fs.inotify.max_user_watches=1048576 fs.file-max=52706963 fs.nr_open=52706963 net.ipv6.conf.all.disable_ipv6=1 net.netfilter.nf_conntrack_max=2310720 EOF sysctl --system
【5】使用kubeadm初始化集群(仅在主节点上运行)
# 修改192.168.31.128为自己的主节点内网地址 kubeadm init --apiserver-advertise-address=192.168.31.128 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.22.4 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 --v=5
【6】授权集群访问
# 复制授权文件,使得kubectl可以访问到集群 mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config
其他节点访问
# 传配置到其他节点上即可 scp /etc/kubernetes/admin.conf <hostname>:/etc/kubernetes/ export KUBECONFIG=/etc/kubernetes/admin.conf
【7】网络插件配置
# 无法安装的话需要自行前往github复制下来传到服务器上 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
【8】测试安装结果
kubectl get pods -A kubectl get nodes -A
全部ready即为安装成功
相关教程
四、fission 安装
这里很多地方因为没有国外的网络,故不按照官方的办法进行安装。
一、fission-K8s插件安装
下载fission github源码包(网页打开https://github.com/fission/fission/archive/refs/heads/main.zip),解压后将fission/crds/v1目录下的文件上传到服务器,然后执行脚本:
kubectl create -f fission.io_canaryconfigs.yaml kubectl create -f fission.io_functions.yaml kubectl create -f fission.io_kuberneteswatchtriggers.yaml kubectl create -f fission.io_packages.yaml kubectl create -f kustomization.yaml kubectl create -f fission.io_environments.yaml kubectl create -f fission.io_httptriggers.yaml kubectl create -f fission.io_messagequeuetriggers.yaml kubectl create -f fission.io_timetriggers.yaml
二、拉取fission必要镜像
docker pull index.docker.io/fission/fission-bundle:v1.18.0 docker pull fission/reporter:v1.18.0 docker pull fission/pre-upgrade-checks:v1.18.0 docker pull fission/python-env
三、搭建NFS服务器
由于fission的storageSvc必须配置PV存储卷,故需要选择三个节点中的一台服务器为NFS服务器,配置如下:
# 每台节点运行 yum -y install rpcbind nfs-utils systemctl start rpcbind systemctl start nfs systemctl enable rpcbind systemctl enable nfs # NFS节点运行 mkdir -p /nfs/fission chmod 777 -R /nfs vim /etc/exports /nfs *(rw,no_root_squash,no_all_squash,sync,no_subtree_check) exportfs -r exportfs systemctl restart rpcbind systemctl restart nfs
编写pv.yaml
apiVersion: v1 kind: PersistentVolume metadata: name: fission-storage spec: capacity: storage: 8Gi volumeMode: Filesystem accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle storageClassName: fission-storage nfs: server: 192.168.31.197 #修改这里 path: "/nfs/fission"
创建PV卷
kubectl apply -f pv.yaml
四、安装fission
安装前,需要先配置环境变量:
vim /etc/profile # 翻到最下面,输入: # fission系统组件 export FISSION_NAMESPACE="fission" # fission函数 export FISSION_FUNCTION_NAMESPACE="default" # fission对外暴露网关 export FISSION_ROUTER="192.168.31.195:31314" # fission监控组件 export METRICS_NAMESPACE="monitoring"
并创建命名空间
fission
:kubectl create ns $FISSION_NAMESPACE
完整配置文件fission-all-v1.18.0-K8s.yaml:
--- # Source: fission-all/templates/buildermgr/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fission-buildermgr namespace: fission --- # Source: fission-all/templates/executor/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fission-executor namespace: fission --- # Source: fission-all/templates/fluentbit/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fission-fluentbit namespace: fission --- # Source: fission-all/templates/kubewatcher/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fission-kubewatcher namespace: fission --- # Source: fission-all/templates/misc-functions/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fission-fetcher namespace: default --- # Source: fission-all/templates/misc-functions/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fission-builder namespace: default --- # Source: fission-all/templates/mqt-fission-kafka/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fission-kafka namespace: fission --- # Source: fission-all/templates/mqt-keda/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fission-keda namespace: fission --- # Source: fission-all/templates/router/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fission-router namespace: fission --- # Source: fission-all/templates/storagesvc/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fission-storagesvc namespace: fission --- # Source: fission-all/templates/timer/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fission-timer namespace: fission --- # Source: fission-all/templates/webhook-server/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fission-webhook namespace: fission --- # Source: fission-all/templates/webhook-server/cert.yaml kind: Secret apiVersion: v1 metadata: name: fission-webhook-certs labels: app.kubernetes.io/component: webhook-secret type: Opaque data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGakNDQWY2Z0F3SUJBZ0lSQUphQlRQY09jbzNsbTlpNXlYeG0wbVl3RFFZSktvWklodmNOQVFFTEJRQXcKRlRFVE1CRUdBMVVFQXhNS1ptbHpjMmx2YmkxallUQWVGdzB5TXpBeE1UTXdOakkyTWpSYUZ3MHlPREF4TVRJdwpOakkyTWpSYU1CVXhFekFSQmdOVkJBTVRDbVpwYzNOcGIyNHRZMkV3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBCkE0SUJEd0F3Z2dFS0FvSUJBUURMRXhZdGxCVjZvVEpTZmFhS3R3WUJZbWZKemp3cm4zekZRRmNDYytPU2JSMC8KQVF2S2hidVlnbFdFeFZkUmVRNTZiVjhKR205d096T285MnZkY0JOSFYwZy9lYkF4OHNrRTdBUjNSSXdVTWdNago1b1QxUmloQVh0eG1FZGhyQ0NlMHdwS2w3UFk2NHZmQVZHYnMySkpXUi9iZURxVlVCeW5NaUg4VlZPVERyTHkzClExZmNoS3RsWklkZzkrVm5OckpBVWdLaHlHaVBnTHBPRkJrKzBjN0drZWVwWkRHc2pYT2RpOUh3c0FUdWt2LzIKWHZTVTNBcVZLMzQrakp0QlYxeDNsMGs0aVRqSG9WZk9TR1BYNTFRckc4dFNkZ3QwbzFKQ05ucDJ1dTZCV1RCcwoxbWpNZGZnajdnZEt6Q0czN2VTMmtKVVZSZ1R5dU1uMWRhRG0xVUZIQWdNQkFBR2pZVEJmTUE0R0ExVWREd0VCCi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEd1lEVlIwVEFRSC8KQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVTXV0N29kWmZvWXkzRkpNeE9NcDArbFBzd01Fd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBRnlPTU9Rb1UxakpyNnFqSk5WcEVMV1BLU3NBRmlmYWdiTzdjSllGQVhYT3hISnEyQTIzCkVBVmJNeXZzMElsTTgwaDBWdGF3UnVqNlpuaEVuZ2VpVElpa1pTR2w0MmovWXFVN3ZnSW5sdEI2R3ZYZFJ5MkgKV1hVdmJNdnloSUk3d3lRUW45aWZlcUphUlcxYkdFVFlFOTMrdjZER2tHekZQbGZ6MFRDL0JCUm1IUWtlMXNqMQpSaDZCWlZNM05Yem9kTXlnQjJxaW5DaDlGalkyVWhIcUdjQ0h2Y0pOQk5mUUErOGJxSGJjQ3k0NXhEMk9wUjczCkxndDlIbGJBcURoMUt2ZTFrMEdKUnRScWc0WXA5OTJyRnlBbkxubWVRZmJESWdobzJmMnVadEJpZFNRdjQ2R28Kdm5Pd2dqaVZjMk1JVWsveElOY2V4L2ROeFdaeGs0VjBmUjA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlakNDQW1LZ0F3SUJBZ0lRU1dEQndVdGdleFM0Z1BaUkQzTDdvVEFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwbWFYTnphVzl1TFdOaE1CNFhEVEl6TURFeE16QTJNall5TlZvWERUSTRNREV4TWpBMgpNall5TlZvd0pqRWtNQ0lHQTFVRUF4TWJkMlZpYUc5dmF5MXpaWEoyYVdObExtWnBjM05wYjI0dWMzWmpNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyQktBeWVHd2Z6OVo1ckpRbmNveW5pRmEKay92ZWgrS2I4dFIweEJITjVBbXFPWHJGMmdQVVZZblFIS2pLUWNQNzV1SC9CdUdoQTRycXV3eTJQTTQ1dVBrNgppOXMrSnJpM2twUWJiME9Gd1lUd1lQcjhORlRlKzhPUFQxOTF1SGNnZGR2eW5JWUZEN1QyaXlCencrMUZHRUhGCk1JQi9uVVVOTHFDa3BxT1VMbzlJZnhxSUg5ajdkVi9yWTFDZXNmSTVkdHRhSXN5WThQUmIyMldEUFI0ZjlhTysKZXB0SmFTbjZOT3BpQjByU0ZYZUZSTE93cDNIWFpzSWVMYTZjZDhoOG9jY2E2RytINjhIM0N3N1VHYXlaOG9nNQpiQ3dKbzMzbElGRCtMZjlyWTJtTDhBYVl3N28yWEQ4TVZYVkJRZUppQlk2b3FYc3M4aFE3VXVpUkNKalk0UUlECkFRQUJvNEcwTUlHeE1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlF5NjN1aDFsK2hqTGNVa3pFNAp5blQ2VSt6QXdUQlJCZ05WSFJFRVNqQklnaHQzWldKb2IyOXJMWE5sY25acFkyVXVabWx6YzJsdmJpNXpkbU9DCktYZGxZbWh2YjJzdGMyVnlkbWxqWlM1bWFYTnphVzl1TG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQjR2SG00d3UyMDVDQ3JXZmtBUVUvcjIvVFlQY1MxbHdMVkJjcGpWajNmZGkxMQpoRjFJQm9IOWNsT25HSTNSYmR6czk2cTdGaVBuSkhOMFBhWWRtQ3liekdqZ2tMa09zYlZkbnMrNGRRVGQ0SkVNCk1URGQ1S1FhVk43L0V4dzBiNjA3MGZQVWpFelhxTkwyWEpsN1cvWEswTkNyZ2gwYUdEU044dHFhNnY1dGMrSXcKSTFHSjk1OWExSW02bnpuR0tMUEEyWUpNV0JIZk96Z3dtQk5xdlloOVQzMWNaZWZwSTVNSXJVcjJLNGM2U0ZjbgpmQmV1M2UwZTZadlRjcHBZeG5pZW5JeUFmRitzL0FwdFd0WHFLNk5kbVRDTGhSSWxOZGNwSXgyZWpGNU1JZmlrCmxaYnJKSlVWclZmTXd5OVlIWWluNEl5RjBOOWVnNENoZGx2enBxUVYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBckJLQXllR3dmejlaNXJKUW5jb3luaUZhay92ZWgrS2I4dFIweEJITjVBbXFPWHJGCjJnUFVWWW5RSEtqS1FjUDc1dUgvQnVHaEE0cnF1d3kyUE00NXVQazZpOXMrSnJpM2twUWJiME9Gd1lUd1lQcjgKTkZUZSs4T1BUMTkxdUhjZ2RkdnluSVlGRDdUMml5Qnp3KzFGR0VIRk1JQi9uVVVOTHFDa3BxT1VMbzlJZnhxSQpIOWo3ZFYvclkxQ2VzZkk1ZHR0YUlzeVk4UFJiMjJXRFBSNGY5YU8rZXB0SmFTbjZOT3BpQjByU0ZYZUZSTE93CnAzSFhac0llTGE2Y2Q4aDhvY2NhNkcrSDY4SDNDdzdVR2F5WjhvZzViQ3dKbzMzbElGRCtMZjlyWTJtTDhBYVkKdzdvMlhEOE1WWFZCUWVKaUJZNm9xWHNzOGhRN1V1aVJDSmpZNFFJREFRQUJBb0lCQUJzK01yWER6YlhYeWR3RQpqMDdzSEdkODBHSnRsaVhkY3VOWFQ4VmJMRVhXWWVVSDB4dFpUOXpiSE4vc3VWa0FObm12ZmprUXIvVm5vUkpNClNPNEhtSXY0cVpSSytlUVhpcmppU2hXcmt4bTRlblpnUmwzaXNnc2FReTVGNXRWMXh1WGlGTjlET0xucjVMelMKUG9IZXB2bllMK2dsOEE1dVNGQUJqdy96QmhyNHdlL1BkcHh6eGdKM1hQbWRxV2RjbTVrR0xmMlJqRjQxRFZtTgpPblZkTmxDSTNsSEt4elBEM1daTGVRanI4NENOajVpT2pmR1F0WTlyRXRjbFRIYzBxMmlTanUzdHl1MDZjb1dhCmxxMVczKzRqT0dZVTRPMGZRY2h1YmFqbFQ3ckZuVTFvei8vNExGb1ZxUEJRSk1kT0RzRk4yN1dLa2puNUFWUkYKdDlBRHhxRUNnWUVBeCtSWWNXSURzMTNkVVlDeWdMNmxaeHdtSG5zQ2s0N1VkeThxMzNGQ0JzbStnb3RRR0c3eApnWHZDdUJWazdrVGlPTWlSdzV3YWpLRlVJNlJQWGV0TkNpLy9waUdKY0FrZTNOUHQrVGJnMFVjWDQ0ajI2NnpyCkVwQXlycDdjR2E0ZGFVSkI3Tjhrb2xkSU84bG4yTzA1VjJyb3NRZnUrcnVwbFhiM2FJUXlrYXNDZ1lFQTNGOGQKZzVrUDE2RWwyTk1vTlIzN29FZFNMRjFqaUtWbFNHSW1BM1lDR2dRK0ZTN1NrWWdQWTFwa1JvNFpTK3RtaERFcwpueE9xQStpK3BwaVJGNDNWK3JRbUEwV3lXK2dIK0JGTmplajVwSitFczV3MzU2SjhXUzdPT09DVS9tbVJ6dXBvCjlFL0Jyek94ZGMyT0s0MDg3UU5Ycm9SZ3gxR1RPZlhTZHJ3clM2TUNnWUF5UC9JSDFzYnRZVXhRdjlTZnpzMVAKeFdERHl0S1QrNVRudlVDKzJQN3JLKzRyYlJBZWhFMUw2cXZCa1FkRmFxV2Y5clBHQThrY3p6V1NuQ3lqaEpKaQpYRHlkSzlNY0NmN3JMbytsVmFsZ2tzbXJsblBVUFN6L0JxYm5CT0o1eGk1NGxvSnlKSXBXRVRFRWJwWWZqMHNaCjhiTTdSYTVLODhBbTViZytXdlZIYndLQmdCbTRYRGg4eDlXUjhGbmpJMEUzMDZOOFQ0SHdFR3JsYXZITXlzVUMKby9JblpwdVFVSEU5NFJYbWVlZW1OQnVoU09ESzRIdGNqeTVQbnRqUTI3WlZEcEZwTHpxWWl0MmhNalRveUJWMQpDSllITERUT1dkUUdLZDg2MEVUaEtXS2NMYkZwdUlBelF0YlJBTGhRR25USTBrQ1RjRXRsRmVxTmdkSjA5M0IyCk85TmpBb0dBRExXeVEzaXpXemVrbjNMblloQlpYcnpRR0dDazN4TmcxYXUrME1jYVFqZ0lwQi9hVFBTdjVQQjQKMHZCMk9XNGZIcFhWczE5ZWZrZ3UyUWMzNEM1M3UrUitVUGRhdzBhdkd3OWRsalVieUVBampHbUg5b1Aya2Q5TAoralQ3MmhIWU8rNUdyVUdJVWQ1a3FuNmVjL2RGUXlYZnE1U2I1QmpLL2xDNHpISiszK2c9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== --- # Source: fission-all/templates/misc-functions/cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: feature-config namespace: fission data: "config.yaml": Y2FuYXJ5OgogIGVuYWJsZWQ6IGZhbHNlCiAgcHJvbWV0aGV1c1N2YzogIiIKYXV0aDoKICBlbmFibGVkOiBmYWxzZQ== --- # Source: fission-all/templates/storagesvc/pvc.yaml kind: PersistentVolumeClaim apiVersion: v1 metadata: name: fission-storage-pvc labels: app: fission-storage chart: "fission-all-v1.18.0" release: "fission-v1-18-0" spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "8Gi" storageClassName: fission-storage --- # Source: fission-all/templates/buildermgr/role-fission-cr.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-buildermgr-fission-cr" namespace: default rules: - apiGroups: - fission.io resources: - environments - functions - packages verbs: - create - get - list - watch - update - patch - delete --- # Source: fission-all/templates/buildermgr/role-kubernetes.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-buildermgr" namespace: default rules: - apiGroups: - "" resources: - pods - services verbs: - create - delete - get - list - watch - patch - apiGroups: - apps resources: - deployments verbs: - list - create - delete - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - watch --- # Source: fission-all/templates/controller/role-kubernetes.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-controller" namespace: default rules: - apiGroups: - "" resources: - services verbs: - list - apiGroups: - "" resources: - configmaps - secrets verbs: - get - apiGroups: - "" resources: - namespaces verbs: - get - apiGroups: - "" resources: - pods verbs: - get - list - watch - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - watch --- # Source: fission-all/templates/executor/role-fission-cr.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-executor-fission-cr" namespace: default rules: - apiGroups: - fission.io resources: - environments - functions - packages verbs: - create - get - list - watch - update - patch - delete --- # Source: fission-all/templates/executor/role-kubernetes.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-executor" namespace: default rules: - apiGroups: - "" resources: - pods - services - replicationcontrollers - events verbs: - create - delete - get - list - watch - patch - apiGroups: - "" resources: - configmaps - secrets verbs: - get - list - watch - apiGroups: - "" resources: - serviceaccounts verbs: - create - get - apiGroups: - authorization.k8s.io resources: - localsubjectaccessreviews verbs: - create - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings - roles verbs: - create - apiGroups: - apps resources: - deployments - deployments/scale - replicasets verbs: - create - get - list - watch - update - patch - delete - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - watch - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - create - get - list - watch - update - patch - delete - apiGroups: - metrics.k8s.io resources: - pods verbs: - get - list --- # Source: fission-all/templates/fluentbit/role-kubernetes.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-fluentbit" namespace: default rules: - apiGroups: - "" resources: - pods verbs: - get - list - watch --- # Source: fission-all/templates/kubewatcher/role-fission-cr.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-kubewatcher-fission-cr" namespace: default rules: - apiGroups: - fission.io resources: - environments - functions - kuberneteswatchtriggers - packages verbs: - create - get - list - watch - update - patch - delete --- # Source: fission-all/templates/kubewatcher/role-kubernetes.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-kubewatcher" namespace: default rules: - apiGroups: - "" resources: - configmaps - pods - secrets - services - replicationcontrollers - events verbs: - get - list - watch - apiGroups: - batch resources: - jobs verbs: - get - list - watch - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - watch --- # Source: fission-all/templates/misc-functions/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: fission-v1-18-0-fission-fetcher namespace: default rules: - apiGroups: - "" resources: - configmaps - secrets verbs: - get - apiGroups: - fission.io resources: - packages verbs: - get --- # Source: fission-all/templates/misc-functions/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: fission-v1-18-0-fission-builder namespace: default rules: - apiGroups: - fission.io resources: - packages verbs: - get - apiGroups: - "" resources: - configmaps - secrets verbs: - get --- # Source: fission-all/templates/misc-functions/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: default name: fission-v1-18-0-fission-fetcher-websocket rules: - apiGroups: - "" resources: - "events" verbs: - "get" - "list" - "watch" - "create" - "update" - "patch" - apiGroups: - "" resources: - pods verbs: - get --- # Source: fission-all/templates/mqt-fission-kafka/role-fission-cr.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-kafka-fission-cr" namespace: default rules: - apiGroups: - fission.io resources: - environments - functions - messagequeuetriggers - packages verbs: - create - get - list - watch - update - patch - delete --- # Source: fission-all/templates/mqt-fission-kafka/role-kubernetes.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-kafka" namespace: default rules: - apiGroups: - "" resources: - configmaps - pods - secrets - services - replicationcontrollers - events verbs: - create - delete - get - list - watch - patch - apiGroups: - "" resources: - configmaps - secrets verbs: - get - apiGroups: - apps resources: - deployments - deployments/scale - replicasets verbs: - create - get - list - watch - update - patch - delete - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - watch --- # Source: fission-all/templates/mqt-keda/role-fission-cr.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-keda-fission-cr" namespace: default rules: - apiGroups: - fission.io resources: - environments - functions - messagequeuetriggers - packages verbs: - create - get - list - watch - update - patch - delete --- # Source: fission-all/templates/mqt-keda/role-kubernetes.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-keda" namespace: default rules: - apiGroups: - "" resources: - pods - services - replicationcontrollers - events verbs: - create - delete - get - list - watch - patch - apiGroups: - "" resources: - configmaps - secrets verbs: - get - apiGroups: - apps resources: - deployments - deployments/scale - replicasets verbs: - create - get - list - watch - update - patch - delete - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - watch - apiGroups: - keda.sh resources: - scaledjobs - scaledobjects - scaledjobs/finalizers - scaledjobs/status - triggerauthentications - triggerauthentications/status verbs: - create - get - list - watch - update - patch - delete - apiGroups: - keda.k8s.io resources: - scaledjobs - scaledobjects - scaledjobs/finalizers - scaledjobs/status - triggerauthentications - triggerauthentications/status verbs: - create - get - list - watch - update - patch - delete - apiGroups: - metrics.k8s.io resources: - pods verbs: - get - list --- # Source: fission-all/templates/router/role-fission-cr.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-router-fission-cr" namespace: default rules: - apiGroups: - fission.io resources: - environments - functions - httptriggers - packages verbs: - create - get - list - watch - update - patch - delete --- # Source: fission-all/templates/router/role-kubernetes.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-router" namespace: default rules: - apiGroups: - networking.k8s.io resources: - ingresses verbs: - create - get - list - watch - update - patch - delete - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - watch --- # Source: fission-all/templates/storagesvc/role-fission-cr.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-storagesvc-fission-cr" namespace: default rules: - apiGroups: - fission.io resources: - packages verbs: - get - list --- # Source: fission-all/templates/timer/role-fission-cr.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-timer-fission-cr" namespace: default rules: - apiGroups: - fission.io resources: - environments - functions - packages - timetriggers verbs: - create - get - list - watch - update - patch - delete --- # Source: fission-all/templates/timer/role-kubernetes.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "fission-v1-18-0-timer" namespace: default rules: [] --- # Source: fission-all/templates/buildermgr/role-fission-cr.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-buildermgr-fission-cr" namespace: default subjects: - kind: ServiceAccount name: "fission-buildermgr" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-buildermgr-fission-cr" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/buildermgr/role-kubernetes.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-buildermgr" namespace: default subjects: - kind: ServiceAccount name: "fission-buildermgr" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-buildermgr" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/controller/role-kubernetes.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-controller" namespace: default subjects: - kind: ServiceAccount name: "fission-controller" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-controller" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/executor/role-fission-cr.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-executor-fission-cr" namespace: default subjects: - kind: ServiceAccount name: "fission-executor" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-executor-fission-cr" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/executor/role-kubernetes.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-executor" namespace: default subjects: - kind: ServiceAccount name: "fission-executor" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-executor" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/fluentbit/role-kubernetes.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-fluentbit" namespace: default subjects: - kind: ServiceAccount name: "fission-fluentbit" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-fluentbit" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/kubewatcher/role-fission-cr.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-kubewatcher-fission-cr" namespace: default subjects: - kind: ServiceAccount name: "fission-kubewatcher" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-kubewatcher-fission-cr" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/kubewatcher/role-kubernetes.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-kubewatcher" namespace: default subjects: - kind: ServiceAccount name: "fission-kubewatcher" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-kubewatcher" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/misc-functions/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: fission-v1-18-0-fission-fetcher namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: fission-v1-18-0-fission-fetcher subjects: - kind: ServiceAccount name: fission-fetcher namespace: default --- # Source: fission-all/templates/misc-functions/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: fission-v1-18-0-fission-builder namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: fission-v1-18-0-fission-builder subjects: - kind: ServiceAccount name: fission-builder namespace: default --- # Source: fission-all/templates/misc-functions/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: fission-v1-18-0-fission-fetcher-websocket namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: fission-v1-18-0-fission-fetcher-websocket subjects: - kind: ServiceAccount name: fission-fetcher namespace: default --- # Source: fission-all/templates/mqt-fission-kafka/role-fission-cr.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-kafka-fission-cr" namespace: default subjects: - kind: ServiceAccount name: "fission-kafka" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-kafka-fission-cr" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/mqt-fission-kafka/role-kubernetes.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-kafka" namespace: default subjects: - kind: ServiceAccount name: "fission-kafka" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-kafka" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/mqt-keda/role-fission-cr.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-keda-fission-cr" namespace: default subjects: - kind: ServiceAccount name: "fission-keda" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-keda-fission-cr" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/mqt-keda/role-kubernetes.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-keda" namespace: default subjects: - kind: ServiceAccount name: "fission-keda" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-keda" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/router/role-fission-cr.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-router-fission-cr" namespace: default subjects: - kind: ServiceAccount name: "fission-router" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-router-fission-cr" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/router/role-kubernetes.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-router" namespace: default subjects: - kind: ServiceAccount name: "fission-router" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-router" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/storagesvc/role-fission-cr.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-storagesvc-fission-cr" namespace: default subjects: - kind: ServiceAccount name: "fission-storagesvc" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-storagesvc-fission-cr" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/timer/role-fission-cr.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-timer-fission-cr" namespace: default subjects: - kind: ServiceAccount name: "fission-timer" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-timer-fission-cr" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/timer/role-kubernetes.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: "fission-v1-18-0-timer" namespace: default subjects: - kind: ServiceAccount name: "fission-timer" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-timer" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/executor/svc.yaml apiVersion: v1 kind: Service metadata: name: executor labels: svc: executor chart: "fission-all-v1.18.0" spec: type: ClusterIP ports: - port: 80 targetPort: 8888 selector: svc: executor --- # Source: fission-all/templates/router/svc.yaml apiVersion: v1 kind: Service metadata: name: router labels: svc: router application: fission-router chart: "fission-all-v1.18.0" spec: type: NodePort ports: - port: 80 targetPort: 8888 nodePort: 31314 selector: svc: router --- # Source: fission-all/templates/storagesvc/svc.yaml apiVersion: v1 kind: Service metadata: name: storagesvc labels: svc: storagesvc application: fission-storage chart: "fission-all-v1.18.0" spec: type: ClusterIP ports: - port: 80 targetPort: 8000 selector: svc: storagesvc --- # Source: fission-all/templates/webhook-server/webhook-service.yaml apiVersion: v1 kind: Service metadata: name: webhook-service labels: svc: webhook-service application: fission-webhook chart: "fission-all-v1.18.0" spec: type: NodePort ports: - port: 443 targetPort: 9443 selector: svc: webhook-service --- # Source: fission-all/templates/buildermgr/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: buildermgr labels: chart: "fission-all-v1.18.0" svc: buildermgr spec: replicas: 1 selector: matchLabels: svc: buildermgr template: metadata: labels: svc: buildermgr annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" prometheus.io/port: "8080" spec: securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 containers: - name: buildermgr image: "index.docker.io/fission/fission-bundle:v1.18.0" imagePullPolicy: IfNotPresent command: ["/fission-bundle"] args: ["--builderMgr", "--storageSvcUrl", "http://storagesvc.fission"] env: - name: FETCHER_IMAGE value: "fission/fetcher:v1.18.0" - name: FETCHER_IMAGE_PULL_POLICY value: "IfNotPresent" - name: BUILDER_IMAGE_PULL_POLICY value: "IfNotPresent" - name: FISSION_BUILDER_NAMESPACE value: "" - name: FISSION_FUNCTION_NAMESPACE value: "" - name: FISSION_DEFAULT_NAMESPACE value: "default" - name: ENABLE_ISTIO value: "false" - name: FETCHER_MINCPU value: "10m" - name: FETCHER_MINMEM value: "16Mi" - name: FETCHER_MAXCPU value: "" - name: FETCHER_MAXMEM value: "" - name: DEBUG_ENV value: "false" - name: PPROF_ENABLED value: "false" - name: HELM_RELEASE_NAME value: "fission-v1-18-0" - name: FISSION_RESOURCE_NAMESPACES value: default - name: OTEL_EXPORTER_OTLP_ENDPOINT value: "" - name: OTEL_EXPORTER_OTLP_INSECURE value: "true" - name: OTEL_TRACES_SAMPLER value: "parentbased_traceidratio" - name: OTEL_TRACES_SAMPLER_ARG value: "0.1" - name: OTEL_PROPAGATORS value: "tracecontext,baggage" ports: - containerPort: 8080 name: metrics resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File serviceAccountName: fission-buildermgr --- # Source: fission-all/templates/executor/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: executor labels: chart: "fission-all-v1.18.0" svc: executor spec: replicas: 1 selector: matchLabels: svc: executor template: metadata: labels: svc: executor annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" prometheus.io/port: "8080" spec: securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 containers: - name: executor image: "index.docker.io/fission/fission-bundle:v1.18.0" imagePullPolicy: IfNotPresent command: ["/fission-bundle"] args: ["--executorPort", "8888"] env: - name: FETCHER_IMAGE value: "fission/fetcher:v1.18.0" - name: FETCHER_IMAGE_PULL_POLICY value: "IfNotPresent" - name: FISSION_BUILDER_NAMESPACE value: "" - name: FISSION_FUNCTION_NAMESPACE value: "" - name: FISSION_DEFAULT_NAMESPACE value: "default" - name: RUNTIME_IMAGE_PULL_POLICY value: "IfNotPresent" - name: ADOPT_EXISTING_RESOURCES value: "false" - name: POD_READY_TIMEOUT value: "300s" - name: ENABLE_ISTIO value: "false" - name: FETCHER_MINCPU value: "10m" - name: FETCHER_MINMEM value: "16Mi" - name: FETCHER_MAXCPU value: "" - name: FETCHER_MAXMEM value: "" - name: DEBUG_ENV value: "false" - name: PPROF_ENABLED value: "false" - name: OBJECT_REAPER_INTERVAL value: "5" - name: SERVICEACCOUNT_CHECK_ENABLED value: "true" - name: SERVICEACCOUNT_CHECK_INTERVAL value: "0" - name: FISSION_RESOURCE_NAMESPACES value: default - name: HELM_RELEASE_NAME value: "fission-v1-18-0" - name: OTEL_EXPORTER_OTLP_ENDPOINT value: "" - name: OTEL_EXPORTER_OTLP_INSECURE value: "true" - name: OTEL_TRACES_SAMPLER value: "parentbased_traceidratio" - name: OTEL_TRACES_SAMPLER_ARG value: "0.1" - name: OTEL_PROPAGATORS value: "tracecontext,baggage" resources: {} readinessProbe: httpGet: path: "/healthz" port: 8888 initialDelaySeconds: 1 periodSeconds: 1 failureThreshold: 30 livenessProbe: httpGet: path: "/healthz" port: 8888 initialDelaySeconds: 35 periodSeconds: 5 ports: - containerPort: 8080 name: metrics - containerPort: 8888 name: http terminationMessagePath: /dev/termination-log terminationMessagePolicy: File serviceAccountName: fission-executor --- # Source: fission-all/templates/kubewatcher/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: kubewatcher labels: chart: "fission-all-v1.18.0" svc: kubewatcher spec: replicas: 1 selector: matchLabels: svc: kubewatcher template: metadata: labels: svc: kubewatcher spec: securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 containers: - name: kubewatcher image: "index.docker.io/fission/fission-bundle:v1.18.0" imagePullPolicy: IfNotPresent command: ["/fission-bundle"] args: ["--kubewatcher", "--routerUrl", "http://router.fission"] env: - name: DEBUG_ENV value: "false" - name: PPROF_ENABLED value: "false" - name: FISSION_RESOURCE_NAMESPACES value: default - name: OTEL_EXPORTER_OTLP_ENDPOINT value: "" - name: OTEL_EXPORTER_OTLP_INSECURE value: "true" - name: OTEL_TRACES_SAMPLER value: "parentbased_traceidratio" - name: OTEL_TRACES_SAMPLER_ARG value: "0.1" - name: OTEL_PROPAGATORS value: "tracecontext,baggage" resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File serviceAccountName: fission-kubewatcher --- # Source: fission-all/templates/mqt-keda/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: mqtrigger-keda labels: chart: "fission-all-v1.18.0" svc: mqtrigger-keda messagequeue: keda spec: replicas: 1 selector: matchLabels: svc: mqtrigger-keda messagequeue: keda template: metadata: labels: svc: mqtrigger-keda messagequeue: keda spec: containers: - name: mqtrigger-keda image: "index.docker.io/fission/fission-bundle:v1.18.0" imagePullPolicy: IfNotPresent command: ["/fission-bundle"] args: ["--mqt_keda", "--routerUrl", "http://router.fission"] env: - name: DEBUG_ENV value: "false" - name: CONNECTOR_IMAGE_PULL_POLICY value: "IfNotPresent" - name: KAFKA_IMAGE value: "fission/keda-kafka-http-connector:v0.11" - name: RABBITMQ_IMAGE value: "fission/keda-rabbitmq-http-connector:v0.10" - name: AWS-KINESIS-STREAM_IMAGE value: "fission/keda-aws-kinesis-http-connector:v0.10" - name: AWS-SQS-QUEUE_IMAGE value: "fission/keda-aws-sqs-http-connector:v0.10" - name: STAN_IMAGE value: "fission/keda-nats-streaming-http-connector:v0.12" - name: NATS-JETSTREAM_IMAGE value: "fission/keda-nats-jetstream-http-connector:v0.2" - name: GCP-PUBSUB_IMAGE value: "fission/keda-gcp-pubsub-http-connector:v0.5" - name: REDIS_IMAGE value: "fission/keda-redis-http-connector:v0.3" - name: FISSION_RESOURCE_NAMESPACES value: default - name: OTEL_EXPORTER_OTLP_ENDPOINT value: "" - name: OTEL_EXPORTER_OTLP_INSECURE value: "true" - name: OTEL_TRACES_SAMPLER value: "parentbased_traceidratio" - name: OTEL_TRACES_SAMPLER_ARG value: "0.1" - name: OTEL_PROPAGATORS value: "tracecontext,baggage" resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File serviceAccountName: fission-keda --- # Source: fission-all/templates/router/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: router labels: chart: "fission-all-v1.18.0" svc: router application: fission-router spec: replicas: 1 selector: matchLabels: application: fission-router svc: router template: metadata: labels: application: fission-router svc: router annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" prometheus.io/port: "8080" spec: securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 containers: - name: router image: "index.docker.io/fission/fission-bundle:v1.18.0" imagePullPolicy: IfNotPresent command: ["/fission-bundle"] args: ["--routerPort", "8888", "--executorUrl", "http://executor.fission"] env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: ROUTER_ROUND_TRIP_TIMEOUT value: "50ms" - name: ROUTER_ROUNDTRIP_TIMEOUT_EXPONENT value: "2" - name: ROUTER_ROUND_TRIP_KEEP_ALIVE_TIME value: "30s" - name: ROUTER_ROUND_TRIP_DISABLE_KEEP_ALIVE value: "true" - name: ROUTER_ROUND_TRIP_MAX_RETRIES value: "10" - name: ROUTER_SVC_ADDRESS_MAX_RETRIES value: "5" - name: ROUTER_SVC_ADDRESS_UPDATE_TIMEOUT value: "30s" - name: ROUTER_UNTAP_SERVICE_TIMEOUT value: "3600s" - name: USE_ENCODED_PATH value: "false" - name: DEBUG_ENV value: "false" - name: PPROF_ENABLED value: "false" - name: DISPLAY_ACCESS_LOG value: "false" - name: FISSION_RESOURCE_NAMESPACES value: default - name: OTEL_EXPORTER_OTLP_ENDPOINT value: "" - name: OTEL_EXPORTER_OTLP_INSECURE value: "true" - name: OTEL_TRACES_SAMPLER value: "parentbased_traceidratio" - name: OTEL_TRACES_SAMPLER_ARG value: "0.1" - name: OTEL_PROPAGATORS value: "tracecontext,baggage" resources: {} readinessProbe: httpGet: path: "/router-healthz" port: 8888 initialDelaySeconds: 1 periodSeconds: 1 failureThreshold: 30 livenessProbe: httpGet: path: "/router-healthz" port: 8888 initialDelaySeconds: 35 periodSeconds: 5 volumeMounts: - name: config-volume mountPath: /etc/config/config.yaml subPath: config.yaml ports: - containerPort: 8080 name: metrics - containerPort: 8888 name: http terminationMessagePath: /dev/termination-log terminationMessagePolicy: File serviceAccountName: fission-router volumes: - name: config-volume configMap: name: feature-config --- # Source: fission-all/templates/storagesvc/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: storagesvc labels: chart: "fission-all-v1.18.0" svc: storagesvc application: fission-storage spec: replicas: 1 selector: matchLabels: svc: storagesvc application: fission-storage template: metadata: labels: svc: storagesvc application: fission-storage annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" prometheus.io/port: "8080" spec: securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 containers: - name: storagesvc image: "index.docker.io/fission/fission-bundle:v1.18.0" imagePullPolicy: IfNotPresent command: ["/fission-bundle"] args: ["--storageServicePort", "8000", "--storageType", "local"] env: - name: PRUNE_ENABLED value: "true" - name: PRUNE_INTERVAL value: "60" - name: DEBUG_ENV value: "false" - name: PPROF_ENABLED value: "false" - name: FISSION_RESOURCE_NAMESPACES value: default - name: OTEL_EXPORTER_OTLP_ENDPOINT value: "" - name: OTEL_EXPORTER_OTLP_INSECURE value: "true" - name: OTEL_TRACES_SAMPLER value: "parentbased_traceidratio" - name: OTEL_TRACES_SAMPLER_ARG value: "0.1" - name: OTEL_PROPAGATORS value: "tracecontext,baggage" resources: {} volumeMounts: - name: fission-storage mountPath: /fission readinessProbe: httpGet: path: "/healthz" port: 8000 initialDelaySeconds: 1 periodSeconds: 1 failureThreshold: 30 livenessProbe: httpGet: path: "/healthz" port: 8000 initialDelaySeconds: 35 periodSeconds: 5 ports: - containerPort: 8080 name: metrics - containerPort: 8000 name: http terminationMessagePath: /dev/termination-log terminationMessagePolicy: File serviceAccountName: fission-storagesvc volumes: - name: fission-storage persistentVolumeClaim: claimName: fission-storage-pvc --- # Source: fission-all/templates/timer/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: timer labels: chart: "fission-all-v1.18.0" svc: timer spec: replicas: 1 selector: matchLabels: svc: timer template: metadata: labels: svc: timer spec: securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 containers: - name: timer image: "index.docker.io/fission/fission-bundle:v1.18.0" imagePullPolicy: IfNotPresent command: ["/fission-bundle"] args: ["--timer", "--routerUrl", "http://router.fission"] env: - name: DEBUG_ENV value: "false" - name: PPROF_ENABLED value: "false" - name: FISSION_RESOURCE_NAMESPACES value: default - name: OTEL_EXPORTER_OTLP_ENDPOINT value: "" - name: OTEL_EXPORTER_OTLP_INSECURE value: "true" - name: OTEL_TRACES_SAMPLER value: "parentbased_traceidratio" - name: OTEL_TRACES_SAMPLER_ARG value: "0.1" - name: OTEL_PROPAGATORS value: "tracecontext,baggage" resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File serviceAccountName: fission-timer --- # Source: fission-all/templates/webhook-server/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: webhook labels: chart: "fission-all-v1.18.0" svc: webhook-service application: fission-webhook spec: replicas: 1 selector: matchLabels: svc: webhook-service application: fission-webhook template: metadata: labels: svc: webhook-service application: fission-webhook annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" prometheus.io/port: "8080" spec: securityContext: fsGroup: 10001 runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 containers: - name: webhook image: "index.docker.io/fission/fission-bundle:v1.18.0" imagePullPolicy: IfNotPresent command: ["/fission-bundle"] args: ["--webhookPort", "9443"] volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: serving-certs readOnly: true ports: - containerPort: 8080 name: metrics volumes: - name: serving-certs secret: secretName: fission-webhook-certs serviceAccountName: fission-webhook --- # Source: fission-all/templates/analytics/nonhelm-install-job.yaml apiVersion: batch/v1 kind: Job metadata: name: fission-v1-18-0-fission-v1.18.0-835 labels: # The "release" convention makes it easy to tie a release to all of the # Kubernetes resources that were created as part of that release. release: fission-v1-18-0 # This makes it easy to audit chart usage. chart: fission-all-v1.18.0 app: fission-all spec: #ttlSecondsAfterFinished: 120 template: metadata: name: fission-v1-18-0-fission labels: release: fission-v1-18-0 app: fission-all annotations: spec: restartPolicy: Never containers: - name: post-install-job image: fission/reporter:v1.18.0 imagePullPolicy: IfNotPresent command: [ "/reporter" ] args: ["event", "-c", "fission-use", "-a", "yaml-post-install", "-l", "fission-all-v1.18.0"] env: - name: GA_TRACKING_ID value: "UA-196546703-1" --- # Source: fission-all/templates/webhook-server/webhooks.yaml --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: creationTimestamp: null name: mutating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlakNDQW1LZ0F3SUJBZ0lRU1dEQndVdGdleFM0Z1BaUkQzTDdvVEFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwbWFYTnphVzl1TFdOaE1CNFhEVEl6TURFeE16QTJNall5TlZvWERUSTRNREV4TWpBMgpNall5TlZvd0pqRWtNQ0lHQTFVRUF4TWJkMlZpYUc5dmF5MXpaWEoyYVdObExtWnBjM05wYjI0dWMzWmpNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyQktBeWVHd2Z6OVo1ckpRbmNveW5pRmEKay92ZWgrS2I4dFIweEJITjVBbXFPWHJGMmdQVVZZblFIS2pLUWNQNzV1SC9CdUdoQTRycXV3eTJQTTQ1dVBrNgppOXMrSnJpM2twUWJiME9Gd1lUd1lQcjhORlRlKzhPUFQxOTF1SGNnZGR2eW5JWUZEN1QyaXlCencrMUZHRUhGCk1JQi9uVVVOTHFDa3BxT1VMbzlJZnhxSUg5ajdkVi9yWTFDZXNmSTVkdHRhSXN5WThQUmIyMldEUFI0ZjlhTysKZXB0SmFTbjZOT3BpQjByU0ZYZUZSTE93cDNIWFpzSWVMYTZjZDhoOG9jY2E2RytINjhIM0N3N1VHYXlaOG9nNQpiQ3dKbzMzbElGRCtMZjlyWTJtTDhBYVl3N28yWEQ4TVZYVkJRZUppQlk2b3FYc3M4aFE3VXVpUkNKalk0UUlECkFRQUJvNEcwTUlHeE1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlF5NjN1aDFsK2hqTGNVa3pFNAp5blQ2VSt6QXdUQlJCZ05WSFJFRVNqQklnaHQzWldKb2IyOXJMWE5sY25acFkyVXVabWx6YzJsdmJpNXpkbU9DCktYZGxZbWh2YjJzdGMyVnlkbWxqWlM1bWFYTnphVzl1TG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQjR2SG00d3UyMDVDQ3JXZmtBUVUvcjIvVFlQY1MxbHdMVkJjcGpWajNmZGkxMQpoRjFJQm9IOWNsT25HSTNSYmR6czk2cTdGaVBuSkhOMFBhWWRtQ3liekdqZ2tMa09zYlZkbnMrNGRRVGQ0SkVNCk1URGQ1S1FhVk43L0V4dzBiNjA3MGZQVWpFelhxTkwyWEpsN1cvWEswTkNyZ2gwYUdEU044dHFhNnY1dGMrSXcKSTFHSjk1OWExSW02bnpuR0tMUEEyWUpNV0JIZk96Z3dtQk5xdlloOVQzMWNaZWZwSTVNSXJVcjJLNGM2U0ZjbgpmQmV1M2UwZTZadlRjcHBZeG5pZW5JeUFmRitzL0FwdFd0WHFLNk5kbVRDTGhSSWxOZGNwSXgyZWpGNU1JZmlrCmxaYnJKSlVWclZmTXd5OVlIWWluNEl5RjBOOWVnNENoZGx2enBxUVYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== service: name: webhook-service namespace: fission path: /mutate-fission-io-v1-package failurePolicy: Fail name: mpackage.fission.io rules: - apiGroups: - fission.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - packages sideEffects: None --- # Source: fission-all/templates/webhook-server/webhooks.yaml apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: creationTimestamp: null name: validating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlakNDQW1LZ0F3SUJBZ0lRU1dEQndVdGdleFM0Z1BaUkQzTDdvVEFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwbWFYTnphVzl1TFdOaE1CNFhEVEl6TURFeE16QTJNall5TlZvWERUSTRNREV4TWpBMgpNall5TlZvd0pqRWtNQ0lHQTFVRUF4TWJkMlZpYUc5dmF5MXpaWEoyYVdObExtWnBjM05wYjI0dWMzWmpNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyQktBeWVHd2Z6OVo1ckpRbmNveW5pRmEKay92ZWgrS2I4dFIweEJITjVBbXFPWHJGMmdQVVZZblFIS2pLUWNQNzV1SC9CdUdoQTRycXV3eTJQTTQ1dVBrNgppOXMrSnJpM2twUWJiME9Gd1lUd1lQcjhORlRlKzhPUFQxOTF1SGNnZGR2eW5JWUZEN1QyaXlCencrMUZHRUhGCk1JQi9uVVVOTHFDa3BxT1VMbzlJZnhxSUg5ajdkVi9yWTFDZXNmSTVkdHRhSXN5WThQUmIyMldEUFI0ZjlhTysKZXB0SmFTbjZOT3BpQjByU0ZYZUZSTE93cDNIWFpzSWVMYTZjZDhoOG9jY2E2RytINjhIM0N3N1VHYXlaOG9nNQpiQ3dKbzMzbElGRCtMZjlyWTJtTDhBYVl3N28yWEQ4TVZYVkJRZUppQlk2b3FYc3M4aFE3VXVpUkNKalk0UUlECkFRQUJvNEcwTUlHeE1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlF5NjN1aDFsK2hqTGNVa3pFNAp5blQ2VSt6QXdUQlJCZ05WSFJFRVNqQklnaHQzWldKb2IyOXJMWE5sY25acFkyVXVabWx6YzJsdmJpNXpkbU9DCktYZGxZbWh2YjJzdGMyVnlkbWxqWlM1bWFYTnphVzl1TG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQjR2SG00d3UyMDVDQ3JXZmtBUVUvcjIvVFlQY1MxbHdMVkJjcGpWajNmZGkxMQpoRjFJQm9IOWNsT25HSTNSYmR6czk2cTdGaVBuSkhOMFBhWWRtQ3liekdqZ2tMa09zYlZkbnMrNGRRVGQ0SkVNCk1URGQ1S1FhVk43L0V4dzBiNjA3MGZQVWpFelhxTkwyWEpsN1cvWEswTkNyZ2gwYUdEU044dHFhNnY1dGMrSXcKSTFHSjk1OWExSW02bnpuR0tMUEEyWUpNV0JIZk96Z3dtQk5xdlloOVQzMWNaZWZwSTVNSXJVcjJLNGM2U0ZjbgpmQmV1M2UwZTZadlRjcHBZeG5pZW5JeUFmRitzL0FwdFd0WHFLNk5kbVRDTGhSSWxOZGNwSXgyZWpGNU1JZmlrCmxaYnJKSlVWclZmTXd5OVlIWWluNEl5RjBOOWVnNENoZGx2enBxUVYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== service: name: webhook-service namespace: fission path: /validate-fission-io-v1-environment failurePolicy: Fail name: venvironment.fission.io rules: - apiGroups: - fission.io apiVersions: - v1 operations: - CREATE resources: - environments sideEffects: None - admissionReviewVersions: - v1 clientConfig: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlakNDQW1LZ0F3SUJBZ0lRU1dEQndVdGdleFM0Z1BaUkQzTDdvVEFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwbWFYTnphVzl1TFdOaE1CNFhEVEl6TURFeE16QTJNall5TlZvWERUSTRNREV4TWpBMgpNall5TlZvd0pqRWtNQ0lHQTFVRUF4TWJkMlZpYUc5dmF5MXpaWEoyYVdObExtWnBjM05wYjI0dWMzWmpNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyQktBeWVHd2Z6OVo1ckpRbmNveW5pRmEKay92ZWgrS2I4dFIweEJITjVBbXFPWHJGMmdQVVZZblFIS2pLUWNQNzV1SC9CdUdoQTRycXV3eTJQTTQ1dVBrNgppOXMrSnJpM2twUWJiME9Gd1lUd1lQcjhORlRlKzhPUFQxOTF1SGNnZGR2eW5JWUZEN1QyaXlCencrMUZHRUhGCk1JQi9uVVVOTHFDa3BxT1VMbzlJZnhxSUg5ajdkVi9yWTFDZXNmSTVkdHRhSXN5WThQUmIyMldEUFI0ZjlhTysKZXB0SmFTbjZOT3BpQjByU0ZYZUZSTE93cDNIWFpzSWVMYTZjZDhoOG9jY2E2RytINjhIM0N3N1VHYXlaOG9nNQpiQ3dKbzMzbElGRCtMZjlyWTJtTDhBYVl3N28yWEQ4TVZYVkJRZUppQlk2b3FYc3M4aFE3VXVpUkNKalk0UUlECkFRQUJvNEcwTUlHeE1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlF5NjN1aDFsK2hqTGNVa3pFNAp5blQ2VSt6QXdUQlJCZ05WSFJFRVNqQklnaHQzWldKb2IyOXJMWE5sY25acFkyVXVabWx6YzJsdmJpNXpkbU9DCktYZGxZbWh2YjJzdGMyVnlkbWxqWlM1bWFYTnphVzl1TG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQjR2SG00d3UyMDVDQ3JXZmtBUVUvcjIvVFlQY1MxbHdMVkJjcGpWajNmZGkxMQpoRjFJQm9IOWNsT25HSTNSYmR6czk2cTdGaVBuSkhOMFBhWWRtQ3liekdqZ2tMa09zYlZkbnMrNGRRVGQ0SkVNCk1URGQ1S1FhVk43L0V4dzBiNjA3MGZQVWpFelhxTkwyWEpsN1cvWEswTkNyZ2gwYUdEU044dHFhNnY1dGMrSXcKSTFHSjk1OWExSW02bnpuR0tMUEEyWUpNV0JIZk96Z3dtQk5xdlloOVQzMWNaZWZwSTVNSXJVcjJLNGM2U0ZjbgpmQmV1M2UwZTZadlRjcHBZeG5pZW5JeUFmRitzL0FwdFd0WHFLNk5kbVRDTGhSSWxOZGNwSXgyZWpGNU1JZmlrCmxaYnJKSlVWclZmTXd5OVlIWWluNEl5RjBOOWVnNENoZGx2enBxUVYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== service: name: webhook-service namespace: fission path: /validate-fission-io-v1-function failurePolicy: Fail name: vfunction.fission.io rules: - apiGroups: - fission.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - functions sideEffects: None - admissionReviewVersions: - v1 clientConfig: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlakNDQW1LZ0F3SUJBZ0lRU1dEQndVdGdleFM0Z1BaUkQzTDdvVEFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwbWFYTnphVzl1TFdOaE1CNFhEVEl6TURFeE16QTJNall5TlZvWERUSTRNREV4TWpBMgpNall5TlZvd0pqRWtNQ0lHQTFVRUF4TWJkMlZpYUc5dmF5MXpaWEoyYVdObExtWnBjM05wYjI0dWMzWmpNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyQktBeWVHd2Z6OVo1ckpRbmNveW5pRmEKay92ZWgrS2I4dFIweEJITjVBbXFPWHJGMmdQVVZZblFIS2pLUWNQNzV1SC9CdUdoQTRycXV3eTJQTTQ1dVBrNgppOXMrSnJpM2twUWJiME9Gd1lUd1lQcjhORlRlKzhPUFQxOTF1SGNnZGR2eW5JWUZEN1QyaXlCencrMUZHRUhGCk1JQi9uVVVOTHFDa3BxT1VMbzlJZnhxSUg5ajdkVi9yWTFDZXNmSTVkdHRhSXN5WThQUmIyMldEUFI0ZjlhTysKZXB0SmFTbjZOT3BpQjByU0ZYZUZSTE93cDNIWFpzSWVMYTZjZDhoOG9jY2E2RytINjhIM0N3N1VHYXlaOG9nNQpiQ3dKbzMzbElGRCtMZjlyWTJtTDhBYVl3N28yWEQ4TVZYVkJRZUppQlk2b3FYc3M4aFE3VXVpUkNKalk0UUlECkFRQUJvNEcwTUlHeE1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlF5NjN1aDFsK2hqTGNVa3pFNAp5blQ2VSt6QXdUQlJCZ05WSFJFRVNqQklnaHQzWldKb2IyOXJMWE5sY25acFkyVXVabWx6YzJsdmJpNXpkbU9DCktYZGxZbWh2YjJzdGMyVnlkbWxqWlM1bWFYTnphVzl1TG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQjR2SG00d3UyMDVDQ3JXZmtBUVUvcjIvVFlQY1MxbHdMVkJjcGpWajNmZGkxMQpoRjFJQm9IOWNsT25HSTNSYmR6czk2cTdGaVBuSkhOMFBhWWRtQ3liekdqZ2tMa09zYlZkbnMrNGRRVGQ0SkVNCk1URGQ1S1FhVk43L0V4dzBiNjA3MGZQVWpFelhxTkwyWEpsN1cvWEswTkNyZ2gwYUdEU044dHFhNnY1dGMrSXcKSTFHSjk1OWExSW02bnpuR0tMUEEyWUpNV0JIZk96Z3dtQk5xdlloOVQzMWNaZWZwSTVNSXJVcjJLNGM2U0ZjbgpmQmV1M2UwZTZadlRjcHBZeG5pZW5JeUFmRitzL0FwdFd0WHFLNk5kbVRDTGhSSWxOZGNwSXgyZWpGNU1JZmlrCmxaYnJKSlVWclZmTXd5OVlIWWluNEl5RjBOOWVnNENoZGx2enBxUVYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== service: name: webhook-service namespace: fission path: /validate-fission-io-v1-httptrigger failurePolicy: Fail name: vhttptrigger.fission.io rules: - apiGroups: - fission.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - httptriggers sideEffects: None - admissionReviewVersions: - v1 clientConfig: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlakNDQW1LZ0F3SUJBZ0lRU1dEQndVdGdleFM0Z1BaUkQzTDdvVEFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwbWFYTnphVzl1TFdOaE1CNFhEVEl6TURFeE16QTJNall5TlZvWERUSTRNREV4TWpBMgpNall5TlZvd0pqRWtNQ0lHQTFVRUF4TWJkMlZpYUc5dmF5MXpaWEoyYVdObExtWnBjM05wYjI0dWMzWmpNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyQktBeWVHd2Z6OVo1ckpRbmNveW5pRmEKay92ZWgrS2I4dFIweEJITjVBbXFPWHJGMmdQVVZZblFIS2pLUWNQNzV1SC9CdUdoQTRycXV3eTJQTTQ1dVBrNgppOXMrSnJpM2twUWJiME9Gd1lUd1lQcjhORlRlKzhPUFQxOTF1SGNnZGR2eW5JWUZEN1QyaXlCencrMUZHRUhGCk1JQi9uVVVOTHFDa3BxT1VMbzlJZnhxSUg5ajdkVi9yWTFDZXNmSTVkdHRhSXN5WThQUmIyMldEUFI0ZjlhTysKZXB0SmFTbjZOT3BpQjByU0ZYZUZSTE93cDNIWFpzSWVMYTZjZDhoOG9jY2E2RytINjhIM0N3N1VHYXlaOG9nNQpiQ3dKbzMzbElGRCtMZjlyWTJtTDhBYVl3N28yWEQ4TVZYVkJRZUppQlk2b3FYc3M4aFE3VXVpUkNKalk0UUlECkFRQUJvNEcwTUlHeE1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlF5NjN1aDFsK2hqTGNVa3pFNAp5blQ2VSt6QXdUQlJCZ05WSFJFRVNqQklnaHQzWldKb2IyOXJMWE5sY25acFkyVXVabWx6YzJsdmJpNXpkbU9DCktYZGxZbWh2YjJzdGMyVnlkbWxqWlM1bWFYTnphVzl1TG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQjR2SG00d3UyMDVDQ3JXZmtBUVUvcjIvVFlQY1MxbHdMVkJjcGpWajNmZGkxMQpoRjFJQm9IOWNsT25HSTNSYmR6czk2cTdGaVBuSkhOMFBhWWRtQ3liekdqZ2tMa09zYlZkbnMrNGRRVGQ0SkVNCk1URGQ1S1FhVk43L0V4dzBiNjA3MGZQVWpFelhxTkwyWEpsN1cvWEswTkNyZ2gwYUdEU044dHFhNnY1dGMrSXcKSTFHSjk1OWExSW02bnpuR0tMUEEyWUpNV0JIZk96Z3dtQk5xdlloOVQzMWNaZWZwSTVNSXJVcjJLNGM2U0ZjbgpmQmV1M2UwZTZadlRjcHBZeG5pZW5JeUFmRitzL0FwdFd0WHFLNk5kbVRDTGhSSWxOZGNwSXgyZWpGNU1JZmlrCmxaYnJKSlVWclZmTXd5OVlIWWluNEl5RjBOOWVnNENoZGx2enBxUVYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== service: name: webhook-service namespace: fission path: /validate-fission-io-v1-kuberneteswatchtrigger failurePolicy: Fail name: vkuberneteswatchtrigger.fission.io rules: - apiGroups: - fission.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - kuberneteswatchtriggers sideEffects: None - admissionReviewVersions: - v1 clientConfig: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlakNDQW1LZ0F3SUJBZ0lRU1dEQndVdGdleFM0Z1BaUkQzTDdvVEFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwbWFYTnphVzl1TFdOaE1CNFhEVEl6TURFeE16QTJNall5TlZvWERUSTRNREV4TWpBMgpNall5TlZvd0pqRWtNQ0lHQTFVRUF4TWJkMlZpYUc5dmF5MXpaWEoyYVdObExtWnBjM05wYjI0dWMzWmpNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyQktBeWVHd2Z6OVo1ckpRbmNveW5pRmEKay92ZWgrS2I4dFIweEJITjVBbXFPWHJGMmdQVVZZblFIS2pLUWNQNzV1SC9CdUdoQTRycXV3eTJQTTQ1dVBrNgppOXMrSnJpM2twUWJiME9Gd1lUd1lQcjhORlRlKzhPUFQxOTF1SGNnZGR2eW5JWUZEN1QyaXlCencrMUZHRUhGCk1JQi9uVVVOTHFDa3BxT1VMbzlJZnhxSUg5ajdkVi9yWTFDZXNmSTVkdHRhSXN5WThQUmIyMldEUFI0ZjlhTysKZXB0SmFTbjZOT3BpQjByU0ZYZUZSTE93cDNIWFpzSWVMYTZjZDhoOG9jY2E2RytINjhIM0N3N1VHYXlaOG9nNQpiQ3dKbzMzbElGRCtMZjlyWTJtTDhBYVl3N28yWEQ4TVZYVkJRZUppQlk2b3FYc3M4aFE3VXVpUkNKalk0UUlECkFRQUJvNEcwTUlHeE1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlF5NjN1aDFsK2hqTGNVa3pFNAp5blQ2VSt6QXdUQlJCZ05WSFJFRVNqQklnaHQzWldKb2IyOXJMWE5sY25acFkyVXVabWx6YzJsdmJpNXpkbU9DCktYZGxZbWh2YjJzdGMyVnlkbWxqWlM1bWFYTnphVzl1TG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQjR2SG00d3UyMDVDQ3JXZmtBUVUvcjIvVFlQY1MxbHdMVkJjcGpWajNmZGkxMQpoRjFJQm9IOWNsT25HSTNSYmR6czk2cTdGaVBuSkhOMFBhWWRtQ3liekdqZ2tMa09zYlZkbnMrNGRRVGQ0SkVNCk1URGQ1S1FhVk43L0V4dzBiNjA3MGZQVWpFelhxTkwyWEpsN1cvWEswTkNyZ2gwYUdEU044dHFhNnY1dGMrSXcKSTFHSjk1OWExSW02bnpuR0tMUEEyWUpNV0JIZk96Z3dtQk5xdlloOVQzMWNaZWZwSTVNSXJVcjJLNGM2U0ZjbgpmQmV1M2UwZTZadlRjcHBZeG5pZW5JeUFmRitzL0FwdFd0WHFLNk5kbVRDTGhSSWxOZGNwSXgyZWpGNU1JZmlrCmxaYnJKSlVWclZmTXd5OVlIWWluNEl5RjBOOWVnNENoZGx2enBxUVYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== service: name: webhook-service namespace: fission path: /validate-fission-io-v1-messagequeuetrigger failurePolicy: Fail name: vmessagequeuetrigger.fission.io rules: - apiGroups: - fission.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - messagequeuetriggers sideEffects: None - admissionReviewVersions: - v1 clientConfig: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlakNDQW1LZ0F3SUJBZ0lRU1dEQndVdGdleFM0Z1BaUkQzTDdvVEFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwbWFYTnphVzl1TFdOaE1CNFhEVEl6TURFeE16QTJNall5TlZvWERUSTRNREV4TWpBMgpNall5TlZvd0pqRWtNQ0lHQTFVRUF4TWJkMlZpYUc5dmF5MXpaWEoyYVdObExtWnBjM05wYjI0dWMzWmpNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyQktBeWVHd2Z6OVo1ckpRbmNveW5pRmEKay92ZWgrS2I4dFIweEJITjVBbXFPWHJGMmdQVVZZblFIS2pLUWNQNzV1SC9CdUdoQTRycXV3eTJQTTQ1dVBrNgppOXMrSnJpM2twUWJiME9Gd1lUd1lQcjhORlRlKzhPUFQxOTF1SGNnZGR2eW5JWUZEN1QyaXlCencrMUZHRUhGCk1JQi9uVVVOTHFDa3BxT1VMbzlJZnhxSUg5ajdkVi9yWTFDZXNmSTVkdHRhSXN5WThQUmIyMldEUFI0ZjlhTysKZXB0SmFTbjZOT3BpQjByU0ZYZUZSTE93cDNIWFpzSWVMYTZjZDhoOG9jY2E2RytINjhIM0N3N1VHYXlaOG9nNQpiQ3dKbzMzbElGRCtMZjlyWTJtTDhBYVl3N28yWEQ4TVZYVkJRZUppQlk2b3FYc3M4aFE3VXVpUkNKalk0UUlECkFRQUJvNEcwTUlHeE1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlF5NjN1aDFsK2hqTGNVa3pFNAp5blQ2VSt6QXdUQlJCZ05WSFJFRVNqQklnaHQzWldKb2IyOXJMWE5sY25acFkyVXVabWx6YzJsdmJpNXpkbU9DCktYZGxZbWh2YjJzdGMyVnlkbWxqWlM1bWFYTnphVzl1TG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQjR2SG00d3UyMDVDQ3JXZmtBUVUvcjIvVFlQY1MxbHdMVkJjcGpWajNmZGkxMQpoRjFJQm9IOWNsT25HSTNSYmR6czk2cTdGaVBuSkhOMFBhWWRtQ3liekdqZ2tMa09zYlZkbnMrNGRRVGQ0SkVNCk1URGQ1S1FhVk43L0V4dzBiNjA3MGZQVWpFelhxTkwyWEpsN1cvWEswTkNyZ2gwYUdEU044dHFhNnY1dGMrSXcKSTFHSjk1OWExSW02bnpuR0tMUEEyWUpNV0JIZk96Z3dtQk5xdlloOVQzMWNaZWZwSTVNSXJVcjJLNGM2U0ZjbgpmQmV1M2UwZTZadlRjcHBZeG5pZW5JeUFmRitzL0FwdFd0WHFLNk5kbVRDTGhSSWxOZGNwSXgyZWpGNU1JZmlrCmxaYnJKSlVWclZmTXd5OVlIWWluNEl5RjBOOWVnNENoZGx2enBxUVYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== service: name: webhook-service namespace: fission path: /validate-fission-io-v1-package failurePolicy: Fail name: vpackage.fission.io rules: - apiGroups: - fission.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - packages sideEffects: None - admissionReviewVersions: - v1 clientConfig: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlakNDQW1LZ0F3SUJBZ0lRU1dEQndVdGdleFM0Z1BaUkQzTDdvVEFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwbWFYTnphVzl1TFdOaE1CNFhEVEl6TURFeE16QTJNall5TlZvWERUSTRNREV4TWpBMgpNall5TlZvd0pqRWtNQ0lHQTFVRUF4TWJkMlZpYUc5dmF5MXpaWEoyYVdObExtWnBjM05wYjI0dWMzWmpNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyQktBeWVHd2Z6OVo1ckpRbmNveW5pRmEKay92ZWgrS2I4dFIweEJITjVBbXFPWHJGMmdQVVZZblFIS2pLUWNQNzV1SC9CdUdoQTRycXV3eTJQTTQ1dVBrNgppOXMrSnJpM2twUWJiME9Gd1lUd1lQcjhORlRlKzhPUFQxOTF1SGNnZGR2eW5JWUZEN1QyaXlCencrMUZHRUhGCk1JQi9uVVVOTHFDa3BxT1VMbzlJZnhxSUg5ajdkVi9yWTFDZXNmSTVkdHRhSXN5WThQUmIyMldEUFI0ZjlhTysKZXB0SmFTbjZOT3BpQjByU0ZYZUZSTE93cDNIWFpzSWVMYTZjZDhoOG9jY2E2RytINjhIM0N3N1VHYXlaOG9nNQpiQ3dKbzMzbElGRCtMZjlyWTJtTDhBYVl3N28yWEQ4TVZYVkJRZUppQlk2b3FYc3M4aFE3VXVpUkNKalk0UUlECkFRQUJvNEcwTUlHeE1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlF5NjN1aDFsK2hqTGNVa3pFNAp5blQ2VSt6QXdUQlJCZ05WSFJFRVNqQklnaHQzWldKb2IyOXJMWE5sY25acFkyVXVabWx6YzJsdmJpNXpkbU9DCktYZGxZbWh2YjJzdGMyVnlkbWxqWlM1bWFYTnphVzl1TG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQjR2SG00d3UyMDVDQ3JXZmtBUVUvcjIvVFlQY1MxbHdMVkJjcGpWajNmZGkxMQpoRjFJQm9IOWNsT25HSTNSYmR6czk2cTdGaVBuSkhOMFBhWWRtQ3liekdqZ2tMa09zYlZkbnMrNGRRVGQ0SkVNCk1URGQ1S1FhVk43L0V4dzBiNjA3MGZQVWpFelhxTkwyWEpsN1cvWEswTkNyZ2gwYUdEU044dHFhNnY1dGMrSXcKSTFHSjk1OWExSW02bnpuR0tMUEEyWUpNV0JIZk96Z3dtQk5xdlloOVQzMWNaZWZwSTVNSXJVcjJLNGM2U0ZjbgpmQmV1M2UwZTZadlRjcHBZeG5pZW5JeUFmRitzL0FwdFd0WHFLNk5kbVRDTGhSSWxOZGNwSXgyZWpGNU1JZmlrCmxaYnJKSlVWclZmTXd5OVlIWWluNEl5RjBOOWVnNENoZGx2enBxUVYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== service: name: webhook-service namespace: fission path: /validate-fission-io-v1-timetrigger failurePolicy: Fail name: vtimetrigger.fission.io rules: - apiGroups: - fission.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - timetriggers sideEffects: None --- # Source: fission-all/templates/pre-upgrade-checks/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fission-preupgrade namespace: fission annotations: helm.sh/hook: pre-upgrade helm.sh/hook-delete-policy: before-hook-creation helm.sh/hook-weight: "-1" --- # Source: fission-all/templates/pre-upgrade-checks/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: fission-v1-18-0-preupgrade annotations: helm.sh/hook: pre-upgrade helm.sh/hook-delete-policy: before-hook-creation helm.sh/hook-weight: "-2" rules: - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - watch --- # Source: fission-all/templates/pre-upgrade-checks/clusterrolebinding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: fission-v1-18-0-preupgrade annotations: helm.sh/hook: pre-upgrade helm.sh/hook-delete-policy: before-hook-creation subjects: - kind: ServiceAccount name: fission-preupgrade namespace: fission roleRef: kind: ClusterRole name: fission-v1-18-0-preupgrade apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/pre-upgrade-checks/role-fission-cr.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: helm.sh/hook: pre-upgrade helm.sh/hook-delete-policy: before-hook-creation helm.sh/hook-weight: "-2" name: "fission-v1-18-0-preupgrade-fission-cr" namespace: default rules: - apiGroups: - fission.io resources: - canaryconfigs - environments - functions - httptriggers - kuberneteswatchtriggers - messagequeuetriggers - packages - timetriggers verbs: - list --- # Source: fission-all/templates/pre-upgrade-checks/role-fission-cr.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: annotations: helm.sh/hook: pre-upgrade helm.sh/hook-delete-policy: before-hook-creation name: "fission-v1-18-0-preupgrade-fission-cr" namespace: default subjects: - kind: ServiceAccount name: "fission-preupgrade" namespace: fission roleRef: kind: Role name: "fission-v1-18-0-preupgrade-fission-cr" apiGroup: rbac.authorization.k8s.io --- # Source: fission-all/templates/pre-upgrade-checks/pre-upgrade-job.yaml apiVersion: batch/v1 kind: Job metadata: name: fission-v1-18-0-fission-v1.18.0-622 labels: # The "release" convention makes it easy to tie a release to all of the # Kubernetes resources that were created as part of that release. release: "fission-v1-18-0" # This makes it easy to audit chart usage. chart: fission-all-v1.18.0 app: fission-all annotations: # This is what defines this resource as a hook. Without this line, the # job is considered part of the release. "helm.sh/hook": pre-upgrade "helm.sh/hook-delete-policy": hook-succeeded "helm.sh/hook-weight": "1" spec: backoffLimit: 0 template: metadata: name: fission-v1-18-0-fission labels: release: "fission-v1-18-0" app: fission-all spec: restartPolicy: Never containers: - name: pre-upgrade-job image: fission/pre-upgrade-checks:v1.18.0 imagePullPolicy: IfNotPresent command: [ "/pre-upgrade-checks" ] env: - name: FISSION_RESOURCE_NAMESPACES value: default terminationMessagePath: /dev/termination-log terminationMessagePolicy: File serviceAccountName: fission-preupgrade
执行安装:
kubectl apply -f fission-all-v1.18.0-K8s.yaml
查看所有pod都顺利启动即完成部署。
五、redis集群安装
在三台服务器上搭建三主三从集群:
下载安装源码
http://download.redis.io/releases/redis-7.0.9.tar.gz
解压缩后编译源码到/usr/local
make make install PREFIX=/usr/local/redis
配置redis.conf文件/usr/local/redis/redis-cluster/6001/redis.conf、/usr/local/redis/bin/redis-server /usr/local/redis/redis-cluster/6002/redis.conf,注意两个文件只需要修改端口号,其他相同。
# redis 节点1端口 port 6001 # 启用集群 cluster-enabled yes # 6001节点名称 cluster-config-file nodes_6001.conf # 节点超时时间 cluster-node-timeout 5000 # 开启AOF模式 appendonly yes # 后台启动 daemonize yes # 如果设置为yes,那么只允许我们在本机的回环连接,其他机器无法连接。 protected-mode no # 进程文件 pidfile /var/run/redis_6001.pid # 绑定的端口,一般配置局域网,配置127.0.0.1则只允许本地访问 bind 192.168.0.113
在三台服务器上依次启动主节点6001和从节点6002,注意在传输配置文件后修改bind的IP
# 先创建不含从节点的集群 redis-cli --cluster create 192.168.0.21:6001 192.168.0.22:6001 192.168.0.23:6001 --cluster-replicas 0 # 再挂载每个主节点的从节点(这里的--cluster-master-id在上一步会打印出来) redis-cli --cluster add-node 192.168.0.21:6002 192.168.0.21:6001 --cluster-slave --cluster-master-id 640824955f28cdc86174fd9817a159a803f88b2b redis-cli --cluster add-node 192.168.0.22:6002 192.168.0.22:6001 --cluster-slave --cluster-master-id 126f37f6122f4c93dae9c78510a7a2b678eb88e8 redis-cli --cluster add-node 192.168.0.23:6002 192.168.0.23:6001 --cluster-slave --cluster-master-id 176b8c64945d0f4e0b2ec3ca767c24e8d955f77f
大致如这幅图情形
完成三主三从redis集群部署
六、创建fission读写redis集群的函数
【1】创建环境
fission env create --name python-build --image fission/python-env --builder fission/python-builder --namespace default
【2】创建读函数
read.py
from flask import request from rediscluster import RedisCluster import json import time def handle(): json_req = request.get_json() key = str(json_req["key"]) nodes = [ {'host': '192.168.0.11', 'port': '6001'}, {'host': '192.168.0.12', 'port': '6001'}, {'host': '192.168.0.13', 'port': '6001'}, ] start = time.time() src = RedisCluster(startup_nodes=nodes, decode_responses=True) res = src.get(key) t = float(time.time() - start) * 1000 return str(t)
requirements.txt
redis-py-cluster
build.sh
#!/bin/sh pip3 config set global.index-url https://mirrors.aliyun.com/pypi/simple pip3 install -r ${SRC_PKG}/requirements.txt -t ${SRC_PKG} && cp -r ${SRC_PKG} ${DEPLOY_PKG}
确保
build.sh
文件是可执行的:chmod +x build.sh
压缩这些文件:
cd .. zip -jr read-py.zip readpkg/
在 Fission 中创建一个
package
:fission package create --sourcearchive read-py.zip --env python-build --buildcmd "./build.sh" --namespace default # 注意记录打印出来的值,在未来用到
查看日志:
fission pkg info --name read-py-zip-7pdy --namespace default
构建函数,同时提供入口点:
fission fn create --name readpy --pkg read-py-zip-7pdy --entrypoint "read.handle" --namespace default --minscale 1 --maxscale 100 --executortype newdeploy
触发器配置:
fission ht create --url /readpy --method GET --method POST --function readpy --namespace default
【3】创建写函数
write.py
from flask import request from rediscluster import RedisCluster import json import time def handle(): json_req = request.get_json() key = str(json_req["key"]) value = str(json_req["value"]) nodes = [ {'host': '192.168.0.11', 'port': '6001'}, {'host': '192.168.0.12', 'port': '6001'}, {'host': '192.168.0.13', 'port': '6001'}, ] start = time.time() src = RedisCluster(startup_nodes=nodes, decode_responses=True) res = src.set(key, value) t = float(time.time() - start) * 1000 return str(t)
requirements.txt
redis-py-cluster
build.sh
#!/bin/sh pip3 config set global.index-url https://mirrors.aliyun.com/pypi/simple pip3 install -r ${SRC_PKG}/requirements.txt -t ${SRC_PKG} && cp -r ${SRC_PKG} ${DEPLOY_PKG}
确保
build.sh
文件是可执行的:chmod +x build.sh
压缩这些文件:
cd .. zip -jr write-py.zip writepkg/
在 Fission 中创建一个
package
:fission package create --sourcearchive write-py.zip --env python-build --buildcmd "./build.sh" --namespace default # 注意记录打印出来的值,在未来用到
查看日志:
fission pkg info --name write-py-zip-hiit --namespace default
构建函数,同时提供入口点:
fission fn create --name writepy --pkg write-py-zip-hiit --entrypoint "write.handle" --namespace default --minscale 1 --maxscale 100 --executortype newdeploy
触发器配置:
fission ht create --url /writepy --method GET --method POST --function writepy --namespace default
【4】调试
可以通过如下手段进行调试
# curl发POST请求本地测试 curl -X POST -H "Content-Type: application/json" -d '{ "key": "wx006" }' http://192.168.0.11:31314/readpy # 查看Pod中python-build容器的打印日志 kubectl get pods -n default kubectl -n default logs -f newdeploy-writepy-default-9ec1-5fdc82bc469d-d8fb8d864-phj7p -c python-build
七、部署Prometheus、Grafana监控
官方文档helm安装存在网络问题
【1】安装KSM
由于需要监控函数的副本数量,但fission官方非常离谱的没有提供函数副本数量的Prometheus监控指标,我们必须使用KSM(kube-state-metrics)直接获取函数deploy的available副本数,以确定函数当前的可用副本数。
1.配置镜像
docker pull bitnami/kube-state-metrics docker tag bitnami/kube-state-metrics k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.2.0
2.下载代码
3.修改文件
/fission_test/ksm/examples/standard/service.yaml
apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/version: 2.2.0 name: kube-state-metrics namespace: kube-system spec: ports: - name: http-metrics port: 8080 targetPort: http-metrics - name: telemetry port: 8081 targetPort: telemetry selector: app.kubernetes.io/name: kube-state-metrics
4.上传文件
将KSM代码路径
examples/standard
下的所有文件上传到服务器某目录dir
,执行:kubectl create -f dir/
看到pod都成功启动即可
【2】安装Prometheus、Grafana
install.sh(记得chmod 777 install.sh再执行)
#!/bin/bash kubectl create -f node-exporter.yaml kubectl create -f rbac-setup.yaml kubectl create -f configmap.yaml kubectl create -f prometheus-deploy.yaml kubectl create -f grafana.yaml
node-exporter.yaml
apiVersion: apps/v1 kind: DaemonSet metadata: name: node-exporter namespace: monitoring labels: k8s-app: node-exporter spec: selector: matchLabels: k8s-app: node-exporter template: metadata: labels: k8s-app: node-exporter spec: containers: - image: prom/node-exporter:v1.0.1 name: node-exporter ports: - containerPort: 9100 protocol: TCP name: http --- apiVersion: v1 kind: Service metadata: labels: k8s-app: node-exporter name: node-exporter namespace: monitoring spec: ports: - name: http port: 9100 nodePort: 31672 protocol: TCP type: NodePort selector: k8s-app: node-exporter
rbac-setup.yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: prometheus rules: - apiGroups: [""] resources: - nodes - nodes/proxy - services - endpoints - pods verbs: ["get", "list", "watch"] - apiGroups: - extensions resources: - ingresses verbs: ["get", "list", "watch"] - nonResourceURLs: ["/metrics"] verbs: ["get"] --- apiVersion: v1 kind: ServiceAccount metadata: name: prometheus namespace: monitoring --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: prometheus roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: prometheus subjects: - kind: ServiceAccount name: prometheus namespace: monitoring
configmap.yaml
apiVersion: v1 kind: ConfigMap metadata: name: prometheus-config namespace: monitoring data: prometheus.yml: | global: scrape_interval: 15s evaluation_interval: 15s scrape_configs: - job_name: "kubernetes-apiservers" kubernetes_sd_configs: - role: endpoints scheme: https tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token relabel_configs: - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] action: keep regex: default;kubernetes;https - job_name: "kubernetes-nodes" kubernetes_sd_configs: - role: node scheme: https tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token relabel_configs: - action: labelmap regex: __meta_kubernetes_node_label_(.+) - target_label: __address__ replacement: kubernetes.default.svc:443 - source_labels: [__meta_kubernetes_node_name] regex: (.+) target_label: __metrics_path__ replacement: /api/v1/nodes/${1}/proxy/metrics - job_name: "kubernetes-cadvisor" kubernetes_sd_configs: - role: node scheme: https tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token relabel_configs: - action: labelmap regex: __meta_kubernetes_node_label_(.+) - target_label: __address__ replacement: kubernetes.default.svc:443 - source_labels: [__meta_kubernetes_node_name] regex: (.+) target_label: __metrics_path__ replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - job_name: "kubernetes-service-endpoints" kubernetes_sd_configs: - role: endpoints relabel_configs: - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] action: keep regex: true - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] action: replace target_label: __scheme__ regex: (https?) - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] action: replace target_label: __metrics_path__ regex: (.+) - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] action: replace target_label: __address__ regex: ([^:]+)(?::\d+)?;(\d+) replacement: $1:$2 - action: labelmap regex: __meta_kubernetes_service_label_(.+) - source_labels: [__meta_kubernetes_namespace] action: replace target_label: kubernetes_namespace - source_labels: [__meta_kubernetes_service_name] action: replace target_label: kubernetes_name - job_name: "kubernetes-services" kubernetes_sd_configs: - role: service metrics_path: /probe params: module: [http_2xx] relabel_configs: - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] action: keep regex: true - source_labels: [__address__] target_label: __param_target - target_label: __address__ replacement: blackbox-exporter.example.com:9115 - source_labels: [__param_target] target_label: instance - action: labelmap regex: __meta_kubernetes_service_label_(.+) - source_labels: [__meta_kubernetes_namespace] target_label: kubernetes_namespace - source_labels: [__meta_kubernetes_service_name] target_label: kubernetes_name - job_name: "kubernetes-ingresses" kubernetes_sd_configs: - role: ingress relabel_configs: - source_labels: [__meta_kubernetes_ingress_annotation_prometheus_io_probe] action: keep regex: true - source_labels: [__meta_kubernetes_ingress_scheme,__address__,__meta_kubernetes_ingress_path] regex: (.+);(.+);(.+) replacement: ${1}://${2}${3} target_label: __param_target - target_label: __address__ replacement: blackbox-exporter.example.com:9115 - source_labels: [__param_target] target_label: instance - action: labelmap regex: __meta_kubernetes_ingress_label_(.+) - source_labels: [__meta_kubernetes_namespace] target_label: kubernetes_namespace - source_labels: [__meta_kubernetes_ingress_name] target_label: kubernetes_name - job_name: "kubernetes-pods" kubernetes_sd_configs: - role: pod relabel_configs: - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] action: keep regex: true - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] action: replace target_label: __metrics_path__ regex: (.+) - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] action: replace regex: ([^:]+)(?::\d+)?;(\d+) replacement: $1:$2 target_label: __address__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - source_labels: [__meta_kubernetes_namespace] action: replace target_label: kubernetes_namespace - source_labels: [__meta_kubernetes_pod_name] action: replace target_label: kubernetes_pod_name - job_name: kube-state-metrics # 注意这里是针对上述KSM的,需要kubectl get svc查看ksm的内网地址 static_configs: - targets: ['10.103.206.50:8080']
prometheus-deploy.yaml
apiVersion: apps/v1 kind: Deployment metadata: labels: name: prometheus-deployment name: prometheus namespace: monitoring spec: replicas: 1 selector: matchLabels: app: prometheus template: metadata: labels: app: prometheus spec: containers: - image: prom/prometheus:v2.37.6 name: prometheus command: - "/bin/prometheus" args: - "--config.file=/etc/prometheus/prometheus.yml" - "--storage.tsdb.path=/prometheus" - "--storage.tsdb.retention=24h" ports: - containerPort: 9090 protocol: TCP volumeMounts: - mountPath: "/prometheus" name: data - mountPath: "/etc/prometheus" name: config-volume resources: requests: cpu: 100m memory: 100Mi limits: cpu: 500m memory: 2500Mi serviceAccountName: prometheus volumes: - name: data emptyDir: {} - name: config-volume configMap: name: prometheus-config --- kind: Service apiVersion: v1 metadata: labels: app: prometheus name: prometheus namespace: monitoring spec: type: NodePort ports: - port: 9090 targetPort: 9090 nodePort: 30003 selector: app: prometheus
grafana.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: grafana namespace: monitoring spec: selector: matchLabels: app: grafana replicas: 1 template: metadata: labels: app: grafana spec: containers: - name: grafana image: grafana/grafana:8.5.22 imagePullPolicy: IfNotPresent ports: - containerPort: 3000 protocol: TCP env: - name: GF_AUTH_ANONYMOUS_ENABLED value: "true" - name: GF_AUTH_ANONYMOUS_ORG_ROLE value: "Viewer" - name: GF_SECURITY_ALLOW_EMBEDDING value: "true" volumes: - name: grafana-storage emptyDir: {} --- apiVersion: v1 kind: Service metadata: name: grafana namespace: monitoring spec: type: NodePort ports: - port: 80 targetPort: 3000 nodePort: 30006 selector: app: grafana
pod全部启动即安装成功
【3】Prometheus学习资料
搞明白PromQL就算成功入门
八、最终效果
执行
kubectl get pods -A
Grafana控制面板需要自己配置,使用的PromQL是KSM暴露的监控指标和fission官方监控指标,实验正在running...
致谢:
感谢GOOD Lab研二的各位损友~感谢老师对我云服务器使用的资助~
- 作者:GOODLab
- 链接:https://good.ncu.edu.cn/LabBlogs//LabBlogs/2c39410d-7fef-437e-a9dd-ac8587632206
- 声明:本文采用 CC BY-NC-SA 4.0 许可协议,转载请注明出处。