pulsar的架构图:
参考官方文档进行pulsar的安装
增加pulsar的官方chart
1
2
|
helm repo add apache https://pulsar.apache.org/charts
helm repo update
|
复制pulsar-helm-chart
1
2
|
git clone https://github.com/apache/pulsar-helm-chart
cd pulsar-helm-chart
|
运行prepare_helm_release.sh,可以生成密码和密钥
1
2
3
4
|
./scripts/pulsar/prepare_helm_release.sh \
-n pulsar \
-k pulsar-mini \
-c
|
生成的secrets
上面的命令中:
-n指定的生成Secret Manifest中安装的命名空间,这里我是将其部署到K8S中的pulsar namespace中,所以指定为pulsar,当然也可以指定部署到其他的namespace中。-k指定的是使用helm部署时的helm release名称,这里指定为pulsar。-l指定只将生成的内容输出达到本地,而不会自动部署到K8S中。比较喜欢这种手动的方式,因为一切比较可控。- -c 是直接创建到了cluster上面。
- 注意这个脚本还有一个
-s,--symmetric参数,如果给这个参数的话,JWT认证将使用对称秘钥的方式,这里没有给这个参数,就使用非对称秘钥的方式。
执行上面的脚本会输出以下内容:
从输出可以看出,该脚本生成了4个K8S Secret的Manifest:
- pulsar-mini-token-asymmetric-key这个Secret中是用于生成Token和验证Token的私钥和公钥
- pulsar-mini-token-proxy-admin这个Secret中是用于proxy的超级用户角色Token
- pulsar-mini-token-broker-admin这个Secret中是用于broker的超级用户角色Token
- pulsar-mini-token-admin这个Secret中是用于管理客户端的超级用户角色Token
查看一下secret
1
2
3
4
5
6
7
8
9
10
|
kubectl get secret -n pulsar
NAME TYPE DATA AGE
pulsar-mini-pulsar-manager-secret Opaque 4 2d19h
pulsar-mini-token-admin Opaque 2 18d
pulsar-mini-token-asymmetric-key Opaque 2 18d
pulsar-mini-token-broker-admin Opaque 2 18d
pulsar-mini-token-proxy-admin Opaque 2 18d
sh.helm.release.v1.pulsar-mini.v1 helm.sh/release.v1 1 2d19h
sh.helm.release.v1.pulsar-mini.v2 helm.sh/release.v1 1 2d15h
sh.helm.release.v1.pulsar-mini.v3 helm.sh/release.v1 1 2d14h
|
实验一下是否能生成yaml文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
./scripts/pulsar/prepare_helm_release.sh \
-n pulsar \
-k pulsar \
-l
generate the token keys for the pulsar cluster
---
The private key and public key are generated to /tmp/tmp.PIxOIQYze1 and /tmp/tmp.mkkNU9CkHy successfully.
apiVersion: v1
data:
PRIVATEKEY: MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDAGHqYdqg7RTuxToSNl+T+K76fHyPDvRyAl1SyVP2hlBKg7kq9PESW535msg3fQIKvQvnyG59rYuC/qJYxU0vPpa9zh+97EFeu0rbSTTkPXmqJfiY/Rd9Ui5bfnld4ji4RJwJS7ak2LtbPxbCEv/IXmJKONEIOrWSta0bPTUBLDeOD333T0meI32gMrkfEwXEwKLEkvuiod7B0LjlfHurls3KxgXx3e+KO+Qcq0gg9eIaKo0RL9w28/Wn42JniCEFUBPiuNjFgb/LsMZlZR4fg0QkLBTHtCJ989pI2Ouyw5ATa9O/0e9Wd1wUaZ31WJ4W5wRFqrGbFti5yqie5ye1xAgMBAAECggEBAJGZfELXnUffgBEyXFIeUVk9uuxM5ATW8CWfjnjk5qFz5HLKayfn6G0g5bPdPZp8ARHqiBy0Ry9T8NoUZFLaudmX0daVsDTs/CjsWdoo4hj+DW5NiZvn0BD7BM5V7CLaUZx6ns5QiTMiaXtucg8MlejAokTa4z7QukCf0ToLabH4cq+YSKSwZyd6f0E5aaykrayotWRRi5kWmvYP+ZxwvdiwikjOF1d6NHmZ/6VJjYxGYUU7p5dDhHPHfE+MotteExNl7AODlokR6XnmJjqLVuPquQloNQNGk2EEP+mvNCJseplVC4HrARK0QkKWpgiA7piLtsbwqypM2tG2ris9KYkCgYEA5Adm0B1DMQZTq/a9JAOZkab1YyL1c6lSKmm04+/403ef+/ERIjgLmQsDVaQh685+1pjDMtecVyv+JTmxdDTbro/aBIG5CjVUKnKpGVjmvXfZpUQeEO4JeQec1suj1xB5+tDmQ0r0xzL8t1RkFatqGKHWTtDyvk91XI/3NxfSQoMCgYEA16ix0gp+8u/AoKOZyA+0g2nf9d1jKzRCMAti8Bd0Cx2lnXAiLpQSynBfpSP64A4GsoNogBj8T5nfORV7LgExkex+pr0Z2mhCRHNkXL9M9meuEdgmk+8ypuYH4Lft/ulVotBJi30Z02ZcvIpm7ZfCaL8ZKAfB6eByvgABQ9fYvfsCgYB2UtznyvdtvgG27u7QfEm4ybD1g1NodAkd1wI1cPVmDeHnYvzoC7sA7DULwIKVkO5CPryzaixHE53qBRju2urPlvejdQjmoiuNZzgV3grFcCZw2nrbgBlMQ0YAM2VOGM+i9bk2W/POVcfK/bB9ihggtgG1njkHxcV5hX7biLHjLwKBgQCmVeLxUk8gKXO1cvoFqLdeNKcdB6iZhjEWxXGGJVDH0hIPIJH8wxDLO2lKAjpZ3fekcF6Fjr/s1Y2qhbsAfMMy/emhyXDLWGbkTOw37QT7eHR2JvV6XKAAwqOI29ShLG90qJpRECh/ORCGC2ngD5FPITXR/km+jfNyQKa5IR53SQKBgQCqC/iqxzpZRFG0Y/xp5Mrw4W1Qek+i1JFaIww2O7xvKMUTtZhCgUJAIZk2UkvU3X+kaRHB3q/TPyHsOikn1RUOGqnVk814nfHgfEoXzibLHSHhyulwqodXm50WhvmDvlBCTc1dRjwP/INkyDIEZYDchB1oQIZ+oVLw1QWwiQ6VnQ==
PUBLICKEY: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBh6mHaoO0U7sU6EjZfk/iu+nx8jw70cgJdUslT9oZQSoO5KvTxElud+ZrIN30CCr0L58hufa2Lgv6iWMVNLz6Wvc4fvexBXrtK20k05D15qiX4mP0XfVIuW355XeI4uEScCUu2pNi7Wz8WwhL/yF5iSjjRCDq1krWtGz01ASw3jg99909JniN9oDK5HxMFxMCixJL7oqHewdC45Xx7q5bNysYF8d3vijvkHKtIIPXiGiqNES/cNvP1p+NiZ4ghBVAT4rjYxYG/y7DGZWUeH4NEJCwUx7QiffPaSNjrssOQE2vTv9HvVndcFGmd9VieFucERaqxmxbYucqonucntcQIDAQAB
kind: Secret
metadata:
creationTimestamp: null
name: pulsar-token-asymmetric-key
namespace: pulsar
generate the tokens for the super-users: proxy-admin,broker-admin,admin
generate the token for proxy-admin
---
pulsar-token-asymmetric-key
apiVersion: v1
data:
TOKEN: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnpkV0lpT2lKd2NtOTRlUzFoWkcxcGJpSjkuc3RSNmhVaXFqOFUtMHlMdnNOQ3laRkE0MkxLZVROWXo2ZTM0Rk91TEstWjRtd0M2QjhGWWx3aHZaZjI3SjZ1eE9mcGhNa29EOE1LeXJVMFhfUURFWlJlUmFoeVFBTGFfM1pLWHgyelp0ZTFJSDJwVUVIRXN5NDdiNjdNVmNuMjdXT05Xb3ZVUW4wU0QwVWNGZnoyOEpSTWd1T28tQWtEZW4xT2kxNmJ1b3RkcnZtSEM1NTVVcFBpMUZLa2RmRGtMaTBFYktlN3RhNTJQTS1FTlJHZVM5WVA3N1NSVzN1VmFTNlBSb2ZKMXJpZU9oSlNRUDFLdGNYcVFJZDlPMm53MGYzS1VhcG8zblVpQ09GMjQwcWVYNWRmZDdmbkFGcUg5ZmdxMnBKdUZJckRicjU0TW84U1NsNnRPOVU4WW8tU0FDZjFrSjBxc1FMcXRwMzN2Mk04R2NR
TYPE: YXN5bW1ldHJpYw==
kind: Secret
metadata:
creationTimestamp: null
name: pulsar-token-proxy-admin
namespace: pulsar
generate the token for broker-admin
---
pulsar-token-asymmetric-key
apiVersion: v1
data:
TOKEN: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnpkV0lpT2lKaWNtOXJaWEl0WVdSdGFXNGlmUS5wQzVxNGc4YnpyUHBwTVBoR1MyNE5ERHBKUENxc3FzYjVhOTROTkN2cGxaUkV6OG9GbXRDQ0R2WmVBOE92cExLZ0RnbExxRDk1bV9nV1VJdTZOYjFGSWEtZXlCMjBBRy1LV0V0ZEFxWmh3UU9iNnhHekp3Rzl3TzNBbVJhd3k0QVpSaGRPUi1HM2dBX2FkNVM5SUlyUFZ3MTVwNXp6THEyTl9nTElWR1ZBaGZVMFZqTlRGc3MwXzVpQkIyc00zdklCXzlyaGo5UmNHWVFySjRCVGQyT2RSNUdCSzJRRjNTRGRtanh3NkkxNXZfQ3RjWmgxU0dGdmd3SG9Qbkk1MzFDYU1udlJIRkJyaFZBZjJkaWtOTzBYeGRyQk1pcy1VZ2lsU2ZPeWxMY2VzRmkwd0lpd011dVZvZHVlczUwdjd4MHlYdVh4SDVzbXdScGx5VFdhXzVUTEE=
TYPE: YXN5bW1ldHJpYw==
kind: Secret
metadata:
creationTimestamp: null
name: pulsar-token-broker-admin
namespace: pulsar
generate the token for admin
---
pulsar-token-asymmetric-key
apiVersion: v1
data:
TOKEN: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnpkV0lpT2lKaFpHMXBiaUo5LkNHaF9nel9XLUhKWkZFRGRQQWdZd3IwbXB6MWVVUTZVLTA0LWFLRDMtSDVlY2NOdURJMTA1eWRRU3R5dUlLXzVXalhMLUQtR200cFNRS18xMU91LWk0UjFTS3Ztb1lyR2ZtbmxfVXpiYjRXTUFwS296Z3JPRlAtdUJvSENKTDIwb0ZxOXE1WjdzV0lVU2NtM18wQWVuVExGTmxQVEVDbGp5UkdacDVJRnNLZExkQnlRXzUxMThBRzFkcnJRLWNFR2hBbklaOHd4UmdKdzNIZ2JVcVZDSm9iemMyMnRwQ0Z5QV83RklrMGtIeU1ReVJMbS1rcGJfTEdOdk9ZZVkxNTY3cGFWcGFuSWxIdjZsTklCNEZtb1o2R1ZmZ3l5NTFjTEVzUy1PdEtEUjV6S2VjcTQtd3dsNVo1OG8zUWV3aC1EbXVPRGc0R2haMlhlNTk0NHhCc25BZw==
TYPE: YXN5bW1ldHJpYw==
kind: Secret
metadata:
creationTimestamp: null
name: pulsar-token-admin
namespace: pulsar
-------------------------------------
The jwt token secret keys are generated under:
- 'pulsar-token-asymmetric-key'
The jwt tokens for superusers are generated and stored as below:
- 'proxy-admin':secret('pulsar-token-proxy-admin')
- 'broker-admin':secret('pulsar-token-broker-admin')
- 'admin':secret('pulsar-token-admin')
|
上面就是生成的yaml文件。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
kubectl get pvc -n pulsar
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
pulsar-mini-bookie-journal-pulsar-mini-bookie-0 Bound pvc-d039d78f-e3f6-449d-9f88-d11a9bc6c9a9 10Gi RWO nfs-test 2d23h
pulsar-mini-bookie-journal-pulsar-mini-bookie-1 Bound pvc-47e86117-4b63-40d9-8549-b40224fe07c3 10Gi RWO nfs-test 2d23h
pulsar-mini-bookie-journal-pulsar-mini-bookie-2 Bound pvc-fe71fe6e-9df1-474d-ade1-870b18dc7133 10Gi RWO nfs-test 2d23h
pulsar-mini-bookie-journal-pulsar-mini-bookie-3 Bound pvc-c10f6229-f6c8-4548-af9c-979290367e78 10Gi RWO nfs-test 2d23h
pulsar-mini-bookie-ledgers-pulsar-mini-bookie-0 Bound pvc-4c849302-3abb-4fb5-b254-b353370ec72d 50Gi RWO nfs-test 2d23h
pulsar-mini-bookie-ledgers-pulsar-mini-bookie-1 Bound pvc-e7bb3502-e0b2-4f7b-832e-299b8fb570a0 50Gi RWO nfs-test 2d23h
pulsar-mini-bookie-ledgers-pulsar-mini-bookie-2 Bound pvc-f15adeff-a3cd-44cc-9fb7-76d05b42609c 50Gi RWO nfs-test 2d23h
pulsar-mini-bookie-ledgers-pulsar-mini-bookie-3 Bound pvc-db13b1da-1560-469f-8d3b-a3cbd598d813 50Gi RWO nfs-test 2d23h
pulsar-mini-pulsar-manager-data-pulsar-mini-pulsar-manager-0 Bound pvc-1327fa73-1646-407b-b9eb-4d6a5472b0b9 128Mi RWO nfs-test 2d23h
pulsar-mini-zookeeper-data-pulsar-mini-zookeeper-0 Bound pvc-4efc8bdb-16e6-4d1e-88e7-33133c8f1af8 20Gi RWO nfs-test 2d23h
pulsar-mini-zookeeper-data-pulsar-mini-zookeeper-1 Bound pvc-d471a2ff-7c7c-4674-b19a-03da954867fd 20Gi RWO nfs-test 2d23h
pulsar-mini-zookeeper-data-pulsar-mini-zookeeper-2 Bound pvc-7fe47414-56e6-4e55-be8e-98a578ab2209 20Gi RWO nfs-test 2d23h
|
这里创建的都是nfs-test存储类创建的pvc。
下面就来创建pulsar
修改pulsar的helm配置的文件,保证可以正确配置token来使用
enabled的属性要改为true,才可能生效验证。
另外需要配置token才能让pulsar-manger正常看到环境
其中:
JWT_TOKEN 就是pulsar-mini-token-admin的token
PRIVATE-KEY 就是pulsar-manger中private的key
PUBLIC-KEY就是pulsar-manger中public的key
这两个就是密钥 pulsar-mini-token-asymmetric-key
接下来就是部署命令了
1
2
3
4
|
helm install \
--values ./charts/values.yaml \
--set namespace=pulsar \
pulsar-mini ./charts/pulsar -n pulsar
|
放问pulsar-manger
这里需要先生成用户名和密码
1
|
CSRF_TOKEN=$(curl http://10.7.77.26:34986/pulsar-manager/csrf-token)\ncurl \\n -H 'X-XSRF-TOKEN: $CSRF_TOKEN' \\n -H 'Cookie: XSRF-TOKEN=$CSRF_TOKEN;' \\n -H "Content-Type: application/json" \\n -X PUT http://10.7.77.26:34986/pulsar-manager/users/superuser \\n -d '{"name": "admin", "password": "pulsar", "description": "test", "email": "username@test.org"}'
|
service url 就是pulsar-mini-proxy对应的80端口
Bookie Url就是pulsar-mini-proxy对应的6650端口
租户界面
token是可以生成的。注意只有当pulsar-manger正常配置才可以使用这个token生成
在pulsar-manger界面也可以看到
