下载 docker-flink 仓库
1
2
3
|
git remote -v
origin git@github.com:apache/flink-docker.git (fetch)
origin git@github.com:apache/flink-docker.git (push)
|
编译开始了
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
./add-custom.sh -u http://10.7.20.12:60000/flink-1.18-SNAPSHOT.tgz -j 17
Generating Dockerfiles... done.
:~/workspace/bigdata/flink-docker 🍣 dev-master 📝 ×1
🌈 cd dev
custom-ubuntu/
:~/workspace/bigdata/flink-docker/dev 🍣 dev-master 📝 ×1
🌈 ls
custom-ubuntu/
:~/workspace/bigdata/flink-docker/dev 🍣 dev-master 📝 ×1
🌈 cd custom-ubuntu
docker-entrypoint.sh Dockerfile
:~/workspace/bigdata/flink-docker/dev/custom-ubuntu 🍣 dev-master 📝 ×1
🌈 docker build -t flink:1.18-SN .
[+] Building 282.0s (13/13) FINISHED docker:default
=> [internal] load .dockerignore 1.8s
=> => transferring context: 2B 0.0s
=> [internal] load build definition from Dockerfile 1.4s
=> => transferring dockerfile: 4.08kB 0.0s
=> [internal] load metadata for docker.io/library/eclipse-temurin:17-jre-jammy 75.0s
=> [auth] library/eclipse-temurin:pull token for registry-1.docker.io 0.0s
=> [1/7] FROM docker.io/library/eclipse-temurin:17-jre-jammy@sha256:716e9c69045a1ae0ea5c5a64930f14c7e43f0ff8e3a6c7751fe42e23ee8f643e 48.5s
=> => resolve docker.io/library/eclipse-temurin:17-jre-jammy@sha256:716e9c69045a1ae0ea5c5a64930f14c7e43f0ff8e3a6c7751fe42e23ee8f643e 1.1s
=> => sha256:716e9c69045a1ae0ea5c5a64930f14c7e43f0ff8e3a6c7751fe42e23ee8f643e 1.21kB / 1.21kB 0.0s
=> => sha256:2259083a148cbd83760a0f5c2ede81d762051ecdef39caa74ee06117df0936d8 1.37kB / 1.37kB 0.0s
=> => sha256:8ebc3806d6ddef6034b25b076cc98f25d99c05e130a2669220dcdf3ba936d6e3 6.54kB / 6.54kB 0.0s
=> => sha256:08bc8ffa8e991537c3aefdccb53f3a681735303cf5f851a861dba3835456ceef 161B / 161B 21.6s
=> => sha256:2e8d00d3cd21ab1461905d090b64208447c8d4ded1b3f5e97afe50eaab0948bd 47.21MB / 47.21MB 35.4s
=> => sha256:1ccd2d5dafe8ee2e15a3fbe193041c068fdadeda1797014f93048fa9a300e06e 17.46MB / 17.46MB 30.6s
=> => sha256:77a5ebc0e652dba949dc337249e9181f2a0103841f91c7cacf3225966748ca45 667B / 667B 42.8s
=> => extracting sha256:1ccd2d5dafe8ee2e15a3fbe193041c068fdadeda1797014f93048fa9a300e06e 1.4s
=> => extracting sha256:2e8d00d3cd21ab1461905d090b64208447c8d4ded1b3f5e97afe50eaab0948bd 1.7s
=> => extracting sha256:08bc8ffa8e991537c3aefdccb53f3a681735303cf5f851a861dba3835456ceef 0.0s
=> => extracting sha256:77a5ebc0e652dba949dc337249e9181f2a0103841f91c7cacf3225966748ca45 0.0s
=> [internal] load build context 1.4s
=> => transferring context: 5.33kB 0.0s
=> [2/7] RUN set -ex; apt-get update; apt-get -y install gpg libsnappy1v5 gettext-base libjemalloc-dev; rm -rf /var/lib/apt/lists/* 65.0s
=> [3/7] RUN set -ex; wget -nv -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/1.11/gosu-$(dpkg --print-architecture)"; 19.4s
=> [4/7] RUN groupadd --system --gid=9999 flink && useradd --system --home-dir /opt/flink --uid=9999 --gid=flink flink 4.2s
=> [5/7] WORKDIR /opt/flink 1.9s
=> [6/7] RUN set -ex; wget -nv -O flink.tgz "http://10.7.20.12:60000/flink-1.18-SNAPSHOT.tgz"; if [ "false" = "true" ]; then wget -nv -O f 57.8s
=> [7/7] COPY docker-entrypoint.sh / 1.8s
=> exporting to image 3.8s
=> => exporting layers 3.5s
=> => writing image sha256:7b191429d2d6c7489b199adfb51848c2044c3175a685cb1360dca4fbf3984ca9 0.1s
=> => naming to docker.io/library/flink:1.18-SN
|
docker-compose 启动一下 flink
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
version: '3.7'
services:
jobmanager:
image: 10.7.20.51/bcs_dev/flink:1.18-SN
volumes:
- /data/flink/job/flink-doris-connector-1.15-1.2.1.jar:/opt/flink/lib/flink-doris-connector-1.15-1.2.1.jar
- /data/flink/job/flink-sql-connector-mysql-cdc-2.2.1.jar:/opt/flink/lib/flink-sql-connector-mysql-cdc-2.2.1.jar
expose:
- "6123"
ports:
- "8081:8081"
command: jobmanager
environment:
- JOB_MANAGER_RPC_ADDRESS=jobmanager
taskmanager:
image: 10.7.20.51/bcs_dev/flink:1.18-SN
volumes:
- /data/flink/task/flink-doris-connector-1.15-1.2.1.jar:/opt/flink/lib/flink-doris-connector-1.15-1.2.1.jar
- /data/flink/task/flink-sql-connector-mysql-cdc-2.2.1.jar:/opt/flink/lib/flink-sql-connector-mysql-cdc-2.2.1.jar
expose:
- "6121"
- "6122"
depends_on:
- jobmanager
command: taskmanager
links:
- "jobmanager:jobmanager"
environment:
- JOB_MANAGER_RPC_ADDRESS=jobmanager
|
输入 wordcount,看看是否正常工作完毕
minikube 部署一下 flink
flink 集群部署
1.configmap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
tee flink-configmap.yaml <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
namespace: flink-standalone-session
name: flink-config
labels:
app: flink
data:
flink-conf.yaml: |+
jobmanager.rpc.address: session-jm-service
taskmanager.numberOfTaskSlots: 5
blob.server.port: 6124
jobmanager.rpc.port: 6123
taskmanager.rpc.port: 6122
jobmanager.heap.size: 1024m
taskmanager.memory.process.size: 1024m
log4j.properties: |+
log4j.rootLogger=INFO, file
log4j.logger.akka=INFO
log4j.logger.org.apache.kafka=INFO
log4j.logger.org.apache.hadoop=INFO
log4j.logger.org.apache.zookeeper=INFO
log4j.appender.file=org.apache.log4j.FileAppender
log4j.appender.file.file=\${log.file}
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p %-60c %x - %m%n
log4j.logger.org.apache.flink.shaded.akka.org.jboss.netty.channel.DefaultChannelPipeline=ERROR, file
EOF
|
2.jobmanager
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
tee session-jm-deploy.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: flink-standalone-session
name: session-jm-deploy
spec:
replicas: 1
selector:
matchLabels:
app: flink
component: jobmanager
template:
metadata:
labels:
app: flink
component: jobmanager
spec:
containers:
- name: jobmanager
image: 10.7.20.51/bcs_dev/flink:1.18-SN
workingDir: /opt/flink
command: ["/bin/bash", "-c", "\$FLINK_HOME/bin/jobmanager.sh start;
while :;
do
if [[ -f \$(find log -name '*jobmanager*.log' -print -quit) ]] ;
then tail -f -n +1 log/*jobmanager*.log;
fi;
done"]
ports:
- containerPort: 6123
name: rpc
- containerPort: 6124
name: blob
- containerPort: 8081
name: ui
resources:
limits:
cpu: "1"
memory: "1Gi"
requests:
cpu: 1
memory: "1Gi"
livenessProbe:
tcpSocket:
port: 6123
initialDelaySeconds: 30
periodSeconds: 60
volumeMounts:
- name: flink-config-volume
mountPath: /opt/flink/conf
securityContext:
runAsUser: 9999 # refers to user _flink_ from official flink image, change if necessary
volumes:
- name: flink-config-volume
configMap:
name: flink-config
items:
- key: flink-conf.yaml
path: flink-conf.yaml
- key: log4j.properties
path: log4j.properties
EOF
|
3.taskmanager
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
tee session-tm-deploy.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: flink-standalone-session
name: session-tm-deploy
spec:
replicas: 2
selector:
matchLabels:
app: flink
component: taskmanager
template:
metadata:
labels:
app: flink
component: taskmanager
spec:
containers:
- name: taskmanager
image: 10.7.20.51/bcs_dev/flink:1.18-SN
workingDir: /opt/flink
command: ["/bin/bash", "-c", "\$FLINK_HOME/bin/taskmanager.sh start;
while :;
do
if [[ -f \$(find log -name '*taskmanager*.log' -print -quit) ]] ;
then tail -f -n +1 log/*taskmanager*.log;
fi;
done"]
ports:
- containerPort: 6122
name: rpc
resources:
limits:
cpu: "2"
memory: "2Gi"
requests:
cpu: "2"
memory: "2Gi"
livenessProbe:
tcpSocket:
port: 6122
initialDelaySeconds: 30
periodSeconds: 60
volumeMounts:
- name: flink-config-volume
mountPath: /opt/flink/conf/
securityContext:
runAsUser: 9999 # refers to user _flink_ from official flink image, change if necessary
volumes:
- name: flink-config-volume
configMap:
name: flink-config
items:
- key: flink-conf.yaml
path: flink-conf.yaml
- key: log4j.properties
path: log4j.properties
EOF
|
4.jobmanager-sc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
tee session-jm-service.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
namespace: flink-standalone-session
name: session-jm-service
spec:
type: ClusterIP
ports:
- name: rpc
port: 6123
- name: blob
port: 6124
- name: ui
port: 8081
selector:
app: flink
component: jobmanager
EOF
|
接下来开始操作了
如果使用 MiniKube,请确保在部署 Flink 集群之前先执行 minikube ssh ‘sudo ip link set docker0 promisc on’
1
2
3
4
5
6
7
|
kubectl create ns flink-standalone-session
kubectl config set-context --current --namespace=flink-standalone-session
将本机默认路由上的8082端口转发到service session-jm-service中的8081端口上
kubectl -n flink-standalone-session port-forward --address 0.0.0.0 service/session-jm-service 8082:8081
|
部署 ingress 服务
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "traefik" # 从nginx修改traefik
name: flink-dashboard
namespace: flink-standalone-session
spec:
rules:
- host: flinkonk8s.console.lab.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: session-jm-service
port:
number: 8081
tls:
- secretName: flinkonk8s.console.lab.io
|
通过独立的 traefik 服务访问 flink
traefik 的 docker-compose 文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
version: "3"
# services:
# traefik:
# image: traefik:v3.0.0-beta3
# ports:
# - 8080:8080
# command: "--api=true --api.dashboard=true --api.insecure=true"
services:
traefik:
image: traefik:v3.0.0-beta3
restart: always
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
command:
- "--global.sendanonymoususage=false"
- "--global.checknewversion=false"
- "--api=true"
- "--api.dashboard=true"
- "--api.insecure=true"
- "--api.debug=false"
- "--ping=true"
- "--log.level=INFO"
- "--log.format=common"
- "--accesslog=false"
- "--entrypoints.http.address=:80"
- "--entrypoints.https.address=:443"
- "--providers.docker=true"
- "--providers.docker.watch=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.useBindPortIP=false"
- "--providers.docker.network=traefik"
- "--providers.file=true"
- "--providers.file.watch=true"
- "--providers.file.directory=/etc/traefik/config"
- "--providers.file.debugloggeneratedtemplate=true"
networks:
- minikube
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.middlewares.gzip.compress=true"
- "traefik.http.middlewares.redir-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redir-https.redirectscheme.permanent=false"
- "traefik.http.routers.traefik-dashboard.middlewares=redir-https@docker"
- "traefik.http.routers.traefik-dashboard-secure.middlewares=gzip@docker"
- "traefik.http.routers.traefik-dashboard-api-secure.middlewares=gzip@docker"
- "traefik.http.routers.traefik-dashboard.entrypoints=http"
- "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.console.lab.io`)"
- "traefik.http.routers.traefik-dashboard.service=noop@internal"
- "traefik.http.routers.traefik-dashboard-secure.entrypoints=https"
- "traefik.http.routers.traefik-dashboard-secure.tls=true"
- "traefik.http.routers.traefik-dashboard-secure.rule=Host(`traefik.console.lab.io`)"
- "traefik.http.routers.traefik-dashboard-secure.service=dashboard@internal"
- "traefik.http.routers.traefik-dashboard-api-secure.entrypoints=https"
- "traefik.http.routers.traefik-dashboard-api-secure.tls=true"
- "traefik.http.routers.traefik-dashboard-api-secure.rule=Host(`traefik.console.lab.io`) && PathPrefix(`/api`)"
- "traefik.http.routers.traefik-dashboard-api-secure.service=api@internal"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./certs/ssl/:/certs/:ro
- ./config/:/etc/traefik/config/:ro
healthcheck:
test: ["CMD-SHELL", "wget -q --spider --proxy off localhost:8080/ping || exit 1"]
interval: 3s
retries: 10
logging:
driver: "json-file"
options:
max-size: "1m"
extra_hosts:
# https://github.com/traefik/traefik/blob/master/pkg/version/version.go#L64
- "update.traefik.io:127.0.0.1"
# https://github.com/containous/traefik/blob/master/pkg/collector/collector.go#L20
- "collect.traefik.io:127.0.0.1"
- "stats.g.doubleclick.net:127.0.0.1"
networks:
minikube:
external: true
|
在 config 目录下配置路由文件
minikube.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[http.services]
[http.services.minikube.loadBalancer]
[[http.services.minikube.loadBalancer.servers]]
url = "http://192.168.49.2:80/"
[http.routers]
[http.routers.example]
entryPoints = ["http"]
rule = "Host(`flinkonk8s.console.lab.io`)"
service = "minikube"
[http.routers.dashboard]
entryPoints = ["https"]
tls = true
rule = "Host(`dashboard.console.lab.io`)"
service = "minikube"
|
tls.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
[tls]
[tls.options.default]
minVersion = "VersionTLS12"
sniStrict = true
cipherSuites = [
# TLS 1.3
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
# TLS 1.2
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
]
[tls.stores.default.defaultCertificate]
certFile = "/certs/lab.io.crt"
keyFile = "/certs/lab.io.key"
[[tls.certificates]]
certFile = "/certs/lab.com.crt"
keyFile = "/certs/lab.com.key"
[[tls.certificates]]
certFile = "/certs/lab.io.crt"
keyFile = "/certs/lab.io.key"
|
本地 https 安全化。
