KubernetesPodSidecar绠€浠婼idecar鏄竴涓嫭绔嬬殑瀹瑰櫒锛屽湪Kubernetespod涓笌搴旂敤瀹瑰櫒涓€璧疯繍琛岋紝鏄竴涓緟鍔╁簲鐢ㄣ€係idecar鏈夊嚑涓父瑙佺殑杈呭姪鍔熻兘锛歋ervicemesh锛堟湇鍔$綉鏍硷級proxy鐩戞帶Exporter锛堝redisexporter锛塁onfigMapor/andSecretReloader锛堝PrometheusConfigReloader锛堿uthProxy锛堝OAuthProxy绛夛級鏁村悎鏃ュ織鍒颁唬鐞嗗拰web鏈嶅姟鍣紙瀹¤鏃ュ織鍒嗗埆鍙戦€佸埌鏃ュ織閫氶亾...锛塂emo鎴朅llInOne搴旂敤锛堜緥濡俷extcloud鎴朖aegerAllInOne绛夌ず渚嬪簲鐢級...杩欓噷鏈夊嚑涓満鏅渶瑕佽缁嗚鏄庯紝鍦ㄦ湇鍔′腑鍦ㄧ綉缁滅綉鏍肩殑鎯呭喌涓嬶紝sidecar璐熻矗浠庡簲鐢ㄦ湰韬嵏杞芥湇鍔$綉鏍间腑搴旂敤鎵€闇€鐨勬墍鏈夊姛鑳解€斺€擲SL/mTLS銆佹祦閲忚矾鐢便€侀珮鍙敤绛夛紝骞跺疄鐜板悇绉嶉珮绾у彂甯冪殑閮ㄧ讲妯″紡锛屼緥濡傛柇璺櫒銆侀噾涓濋泙鍜岃摑缁胯壊绛夈€備綔涓烘暟鎹钩闈㈢粍浠讹紝杈硅溅閫氬父鐢辨湇鍔$綉鏍间腑鐨勬煇绉嶇被鍨嬬殑鎺у埗骞抽潰绠$悊銆傚綋sidecar璺敱搴旂敤绋嬪簭娴侀噺骞舵彁渚涘叾浠栨暟鎹钩闈㈡湇鍔℃椂锛屾帶鍒跺钩闈㈠湪蹇呰鏃跺皢sidecar娉ㄥ叆pod骞舵墽琛岀鐞嗕换鍔★紝渚嬪鏇存柊mTLS璇佷功骞跺湪闇€瑕佹椂灏嗗畠浠帹閫佸埌閫傚綋鐨剆idecar銆傚湪鏃ュ織鏁村悎鍦烘櫙涓嬶紝Sidecar鐢ㄤ簬灏嗗涓簲鐢ㄥ疄渚嬬殑鏃ュ織淇℃伅姹囨€绘牸寮忓寲鎴愪竴涓枃浠躲€傛帴涓嬫潵杩涘叆鏈枃姝i锛氫娇鐢∟GINX锛堟垨Caddy绛夛級浣滀负Sidecar锛屼富瑕侀拡瀵瑰弽浠e拰web鏈嶅姟鍣ㄥ満鏅亣璁炬湁杩欐牱涓€涓満鏅細鎴戜娇鐢ㄧ殑鏄師鐢熺殑PrometheusAlertManager锛屽苟涓旀垜宸茬粡鏈変簡Ingress銆傛垜鐜板湪鎯冲仛涓や欢浜嬶細鎻愰珮AlertManagerUI鐨勫苟鍙戣兘鍔涳紙澧炲姞buffer锛宑ache锛涘惎鐢╣zip绛夛級AlertManager鐨勬煇涓猨s锛堝亣璁炬槸script.js锛夛紝鎴戝仛浜嗕竴鐐逛慨鏀癸紝浣嗘槸鎴戜笉鎯充镜鍏ヤ慨鏀瑰師鐢熺殑AlertManager浜岃繘鍒舵枃浠讹紝鑰屾槸灏嗕慨鏀瑰悗鐨刯s鏀惧埌nginx鐨剋ww鐩綍涓嬶紝璁﹏ginx浣跨敤涓嶅悓鐨勪綅缃繘琛屽鐞嗐€傚湪杩欑鍦烘櫙涓嬶紝寰堟槑鏄綢ngress鏄笉鑳藉悓鏃舵弧瓒崇殑銆傝繖鏃跺€欏彲浠ュ湪AlertManagerPod涓坊鍔犱竴涓狽GINXsidecar鏉ュ疄鐜般€傝鎯呭涓婲GINXSidecar鍏稿瀷浣跨敤姝ラ鍒涘缓NGINXConfconfigmap锛涳紙鐩戞帶8080锛屽弽鍚戜唬鐞嗗埌鍚庣9093锛塩reatealertmanagerscript.jsconfigmap锛涗慨鏀瑰師鏉ョ殑AlertManagerStatefulSets锛屽鍔狅細NGINXSidecar3鍗凤細鍏朵腑2涓敤浜庢寕杞戒笂闈㈢殑ConfigMap锛屽彟涓€涓狤mptyDir鐢ㄤ簬鎸傝浇nginx缂撳瓨銆傚皢AlertManager鏈嶅姟鐨勭鍙d粠9093淇敼涓?080锛屽悕绉扮敱http鏀逛负nginx-http锛堝彲閫夛級銆備慨鏀瑰叾浠栭儴鍒嗭紝濡侷ngress绛夛紝璋冩暣绔彛銆侼GINXConf鐨凜onfigMap鍏蜂綋濡備笅锛歛piVersion:v1kind:ConfigMapmetadata:name:alertmanager-nginx-proxy-configlabels:app.kubernetes.io/name:alertmanagerdata:nginx.conf:|-worker_processesauto;error_log/dev/stdout璀﹀憡锛沺id/var/cache/nginx/nginx.pid锛涗簨浠秢worker_connections1024;}http{鍖呮嫭/etc/nginx/mime.types;log_formatmain'[$time_local-$status]$remote_addr-$remote_user$request($http_referer)';proxy_connect_timeout10锛沺roxy_read_timeout180锛沺roxy_send_timeout5;proxy_buffering鍏抽棴锛沺roxy_cache_path/var/cache/nginx/cachelevels=1:2keys_zone=my_zone:100minactive=1dmax_size=10g;鏈嶅姟鍣▄鍚?080;access_log鍏抽棴锛沢zip涓婏紱gzip_min_length1k;gzip_comp_level2锛沢zip_types鏂囨湰/鏅€氬簲鐢ㄧ▼搴廼cation/javascript搴旂敤绋嬪簭/x-javascript鏂囨湰/css搴旂敤绋嬪簭/xml鏂囨湰/javascript鍥惧儚/jpeg鍥惧儚/gif鍥惧儚/png锛沢zip_vary寮€鍚紱gzip_disable"MSIE[1-6]\.";proxy_set_header涓绘満$host;location=/script.js{root/usr/share/nginx/html;90澶╁悗鍒版湡锛泒location/{proxy_cachemy_zone;proxy_cache_valid2003021d锛沺roxy_cache_valid30130d锛沺roxy_cache_valid浠绘剰5m锛沺roxy_cache_bypass$http_cache_control锛沘dd_headerX-Proxy-Cache$upstream_cache_status;add_header缂撳瓨鎺у埗鈥滃叕鍏扁€濓紱proxy_passhttp://localhost:9093/;濡傛灉($request_filename~.*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){鍒版湡90d;}}}}AlertManagerscript.jsConfigMap璇︾粏鍐呭鑽g暐鍏堥€氳繃娴忚鍣ㄤ笅杞絪cript.js銆傜劧鍚庢牴鎹渶瑕佷慨鏀癸細apiVersion:v1kind:ConfigMapmetadata:name:alertmanager-script-jslabels:app.kubernetes.io/name:alertmanagerdata:script.js:>-...淇敼StatefulSets锛屼慨鏀归儴鍒嗗唴瀹瑰涓嬶細apiVersion:apps/v1kind:StatefulSetmetadata:name:monitor-alertmanagerspec:template:spec:volumes:#娣诲姞3涓嵎-name:nginx-homeemptyDir:{}-name:htmlconfigMap:name:alertmanager-script-jsitems:-key:script.jsmode:438path:script.js-name:alertmanager-nginxconfigMap:name:alertmanager-nginx-proxy-configitems:-key:nginx.confmode:438path:nginx.confcontainers:#娣诲姞NGINXsidecar-鍚嶇О锛歛lertmanager-proxyargs锛?nginx--g-瀹堟姢杩涚▼鍏抽棴锛?-c-/nginx/nginx.conf鍥剧墖锛氣€渘ginx:stable"绔彛锛?瀹瑰櫒绔彛锛?080鍚嶇О锛歯ginx-http鍗忚锛歍CPvolumeMounts锛?mountPath锛?nginx鍚嶇О锛歛lertmanager-nginx-mountPath锛?var/cache/nginx鍚嶇О锛歯ginx-home-mountPath锛?usr/share/nginx/htmlname:htmlsecurityContext:runAsUser:101runAsGroup:101淇敼Service绔彛濡備笅锛歛piVersion:v1kind:Servicemetadata:name:monitor-alertmanagerlabels:app.kubernetes.io/name:alertmanagerspec:ports:-name:nginx-httpprotocol:TCP#淇敼浠ヤ笅2椤筽ort:8080targetPort:nginx-http鏈€缁堟晥鏋滀互杩欎釜AlertManager涓轰緥锛屼慨鏀瑰墠锛氫慨鏀瑰悗锛氾紙matcher鐨勪緥瀛愭洿绗﹀悎瀹為檯鍦烘櫙,骞朵笖澧炲姞浜嗗嚑涓緥瀛愭槸涓€涓皬鏀瑰姩)缁间笂鎵€杩帮紝Kubernetes鐨凱od璁捐鍦ㄤ竴寮€濮嬫槸杩欐牱瀹氫箟鐨勶細涓€涓狿od鍙互鍖呭惈澶氫釜Container锛岃繖缁橮od鐨凷idecar鐨勪娇鐢ㄧ暀涓嬩簡鏃犻檺鐨勬兂璞$┖闂村簱浼唴鏂€係idecar涓€鑸敤浜庤緟鍔╁姛鑳斤紝姣斿锛歴ervicemesh锛堟湇鍔$綉鏍硷級proxy鐩戞帶Exporter锛堟瘮濡俽edisexporter锛塁onfigMap鎴栬€?鍜孲ecretReloader锛堟瘮濡侾rometheus鐨凜onfigReloader锛堿uthProxy锛堟瘮濡侽AuthProxy绛夛級)Layer7Reverseproxyandwebserverlogintegration(auditlogsaresenttoalogchannelseparately...)DemoorAllInOneapplications(nextcloudorJaegerAllInOneandothersampleapplications)...鎴戜滑杩欐閫氳繃娣诲姞NGINX浣滀负涓€涓敤浜庝唬鐞嗗拰web鏈嶅姟鍣ㄧ殑7灞傚弽鍚慡idecar浣跨敤婕旂ず锛屽舰璞″湴璇存槑浜哠idecar鐨勭敤澶勩€傪煄夝煄夝煄夝煋氾笍鍙傝€冩枃妗od|Kubernetes鏈枃鐢卞崥瀹㈠彂甯冨钩鍙癘penWrite鍙戝竷锛?/p>
