当前位置：首页 > news >正文

skywalking镜像应用springboot的例子

news 2025/7/13 8:46:19

1、skywalking-ui连接skywalking-oap服务失败问题

报下面的错误，skywalking-ui.yml执行启动报错，连接skywalking-oap的地址必须加上http或者https协议的前缀，否则报错

2025-07-12 03:09:11,602 com.linecorp.armeria.common.util.SystemInfo 525 [main] INFO [] - IPv6: disabled (no IPv6 network interface)

Exception in thread "main" java.lang.NullPointerException: authority

    at java.base/java.util.Objects.requireNonNull(Unknown Source)

    at com.linecorp.armeria.client.Endpoint.parse(Endpoint.java:97)

    at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)

    at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)

    at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)

    at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Unknown Source)

    at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)

    at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)

    at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source)

    at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)

    at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source)

    at org.apache.skywalking.oap.server.webapp.OapProxyService.<init>(OapProxyService.java:50)

    at org.apache.skywalking.oap.server.webapp.ApplicationStartUp.main(ApplicationStartUp.java:69)

2、k8s环境检查skywalking-oap服务状态

# 检查 OAP 服务是否存在
kubectl get svc skywalking-oap -n default

# 测试 OAP 连通性（在集群内部）
kubectl run test-pod --rm -it --image=curlimages/curl -- sh
curl -X POST http://skywalking-oap:12800/graphql -H "Content-Type: application/json" -d '{"query": "query { status }"}'

3、本地iidea启动服务连接skywalking oap服务

"D:\Program Files\Java\jdk-17\bin\java" -javaagent:J:\my-example\nacos3.0.1-spring-boot-app\skywalking-agent\skywalking-agent.jar -DSW_AGENT_NAME=spring-boot-admin -DSW_AGENT_COLLECTOR_BACKEND_SERVICES=10.10.10.99:32662 -Dloader.path=config,lib -jar spring-boot-admin.jar

4、基于apache-skywalking-java-agent-9.4.0.tgz构建skywalking-agent镜像

4.1、Dockerfile内容如下

FROM centos:7.9.2009
USER root

# 定义 Arthas 目录环境变量
ENV ARTHAS_HOME=/opt/arthas

# 更改 YUM 源并清理缓存
RUN mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak && \
rm -rf /etc/yum.repos.d/* && \
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo && \
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo && \
yum clean all && yum makecache fast && yum update -y && \
yum install -y \
gcc gcc-c++ kernel-devel yum-utils device-mapper-persistent-data lvm2 \
tcpdump vim git wget net-tools libpcap libpcap-devel automake make \
pam-devel openldap-devel cyrus-sasl-devel openssl-devel telnet rsync \
bzip2 iptables lsof curl su-exec expect net-tools \
gcc-c++ make gd-devel libxml2-devel libcurl-devel libjpeg-devel \
libpng-devel openssl-devel bison flex \
glibc-devel libstdc++ && \
yum clean all && rm -rf /var/cache/yum/*

# 设置时区
RUN rm -f /etc/localtime && \
ln -sv /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
echo "Asia/Shanghai" > /etc/timezone && \
echo "TZ=Asia/Shanghai" >> /etc/profile

# 安装 JDK 17
COPY jdk-17.0.14_linux-x64_bin.rpm /home/
RUN rpm -ivh --nodeps /home/jdk-17.0.14_linux-x64_bin.rpm && \
rm -f /home/jdk-17.0.14_linux-x64_bin.rpm && \
echo "export JAVA_HOME=/usr/java/jdk-17" >> /etc/profile && \
echo "export CLASSPATH=.:\$JAVA_HOME/lib" >> /etc/profile && \
echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile && \
source /etc/profile

COPY arthas-bin /opt/arthas/
ENV ARTHAS_HOME=/opt/arthas
# 赋予可执行权限
RUN chmod +x $ARTHAS_HOME/*

# 安装 Arthas（修正版本和链接）
#RUN mkdir -p $ARTHAS_HOME && wget -O $ARTHAS_HOME/arthas-boot.jar https://repo1.maven.org/maven2/com/aliyun/arthas/arthas-boot/3.7.8/arthas-boot-3.7.8.jar && echo "alias arthas='java -jar $ARTHAS_HOME/arthas-boot.jar'" >> /etc/profile

# 处理 SkyWalking Agent

# 处理 SkyWalking Agent（修复目录不存在问题）
RUN mkdir -p /usr/skywalking/agent # 提前创建上级目录
ADD skywalking-agent /tmp/skywalking-agent
# 验证解压后的目录名称，若正确则继续移动
RUN if [ -d "/tmp/skywalking-agent" ]; then \
mv /tmp/skywalking-agent/* /usr/skywalking/agent && \
ls /usr/skywalking/agent/ && \
#cp -r /usr/skywalking/agent/optional-plugins/* /usr/skywalking/agent/plugins/ && \
#cp -r /usr/skywalking/agent/optional-reporter-plugins/* /usr/skywalking/agent/plugins/ && \
rm -rf /tmp/*; \
else \
echo "Error: /tmp/skywalking-agent not found"; \
exit 1; \
fi

# 系统配置（最终修复 exit code:1 问题）
RUN set -ex && \
# 安装必要组件：SELinux 工具、iptables 基础命令
yum install -y selinux-policy-targeted policycoreutils iptables && \
# 修改 SELinux 配置文件为 disabled
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config && \
# 优化 SELinux 状态判断语法（添加括号确保优先级）
if (sestatus 2>/dev/null || true) | grep -q "SELinux status:.*enabled"; then \
# 容错处理：即使 setenforce 失败（如 SELinux 已禁用），也不终止步骤
setenforce 0 || true; \
else \
echo "SELinux is already disabled, skipping setenforce"; \
fi && \
# 确保 iptables 命令存在后清理规则，容错执行失败
if [ -x "$(command -v iptables)" ]; then \
iptables -F && iptables -X || true; \
else \
echo "iptables command not found, skipping cleanup"; \
fi && \
# 清理 yum 缓存
yum clean all

# 环境变量
ENV LANG=C.UTF-8 \
TZ=Asia/Shanghai \
MYPATH=/ \
JAVA_HOME=/usr/java/jdk-17 \
PATH=$PATH:/usr/java/jdk-17/bin

# 处理入口脚本
COPY docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-entrypoint.sh

WORKDIR $MYPATH

EXPOSE 22 8080 8888 8563 3568 6123 6122 6124 8081 443

MAINTAINER app

ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]

4.2、AbstractBuilder.METER_SERVICE" is null报错

报错内容

Exception in thread "Thread-1" java.lang.NullPointerException: Cannot invoke "org.apache.skywalking.apm.agent.core.meter.MeterService.register(org.apache.skywalking.apm.agent.core.meter.BaseMeter)" because "org.apache.skywalking.apm.agent.core.meter.AbstractBuilder.METER_SERVICE" is null

描述：上面构建镜像，执行下面的命令，在k8s环境运行会出现错误

cp -r /usr/skywalking/agent/optional-plugins/* /usr/skywalking/agent/plugins/ && \
cp -r /usr/skywalking/agent/optional-reporter-plugins/* /usr/skywalking/agent/plugins/

所以构建镜像的时候，把这两个注释了。

github上的issue

[Bug] skywalking swck inject bug · apache/skywalking · Discussion #13241

4.3、应用的Dockerfile

## AdoptOpenJDK 停止发布 OpenJDK 二进制，而 Eclipse Temurin 是它的延伸，提供更好的稳定性

FROM openjdk:17-jdk-oracle

## 创建目录，并使用它作为工作目录
RUN mkdir -p /opt/spring-boot-admin/
WORKDIR /opt/spring-boot-admin/
COPY /target/lib /opt/spring-boot-admin/lib
COPY /target/config /opt/spring-boot-admin/config
COPY /target/spring-boot-admin.jar /opt/spring-boot-admin/spring-boot-admin.jar

## 设置 TZ 时区
## 设置 JAVA_OPTS 环境变量，可通过 docker run -e "JAVA_OPTS=" 进行覆盖
ENV TZ=Asia/Shanghai

## 暴露后端项目的 8080 端口

EXPOSE 8080 9527
ENV JAVA_OPT="-Xms1024m -Xmx1024m -Xss1m -Xshare:off -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5555 -XX:ReservedCodeCacheSize=50m -XX:+TieredCompilation -XX:TieredStopAtLevel=1 -XX:MaxDirectMemorySize=100m"
ENTRYPOINT exec java $JAVA_OPT -Dloader.path=/opt/spring-boot-admin/config,/opt/spring-boot-admin/lib -jar /opt/spring-boot-admin/spring-boot-admin.jar

5、spring-boo-adming使用skywalking-agent的yaml

apiVersion: apps/v1
kind: Deployment
metadata:
name: spring-boot-admin
namespace: default
labels:
app: spring-boot-admin
spec:
replicas: 1
selector:
matchLabels:
app: spring-boot-admin
template:
metadata:
labels:
app: spring-boot-admin
spec:
initContainers:
- name: skywalking-agent
image: skywalking-agent:2.0
imagePullPolicy: IfNotPresent
workingDir: /
command: ["sh"]
args:
[
"-c",
"mkdir -p /skywalking/agent && cp -r /usr/skywalking/agent/* /skywalking/agent",
]
volumeMounts:
- name: skywalking-agent
mountPath: /skywalking/agent
containers:
- name: spring-boot-admin
image: spring-boot-admin
imagePullPolicy: IfNotPresent
env:
- name: JAVA_TOOL_OPTIONS
value: -javaagent:/usr/skywalking/agent/skywalking-agent.jar
- name: SW_AGENT_NAME
value: spring-boot-admin
- name: SW_LOGGING_LEVEL
value: DEBUG
- name: SW_AGENT_COLLECTOR_BACKEND_SERVICES
value: skywalking-oap.default.svc.cluster.local:11800
- name: SW_METER_ACTIVE
value: "false"
- name: SERVER_PORT
value: "8080"
- name: "JAVA_OPT"
value: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=9527"
resources:
limits:
memory: "2Gi"
requests:
memory: "1Gi"
ports:
- name: http
containerPort: 8080
protocol: TCP
- name: debug
containerPort: 9527
protocol: TCP
volumeMounts:
- name: date
mountPath: /etc/localtime
- name: skywalking-agent
mountPath: /usr/skywalking/agent
volumes:
- name: date
hostPath:
path: /etc/localtime
- name: skywalking-agent
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: spring-boot-admin
namespace: default
labels:
app: spring-boot-admin
spec:
type: NodePort
ports:
- name: http
port: 8080
targetPort: 8080
nodePort: 30315
- name: debug
port: 9527
targetPort: 9527
nodePort: 30316
selector:
app: spring-boot-admin

6、MySQL数据库

# ======================
# MySQL 初始化配置 (修复公钥检索和用户权限)
# ======================
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql-initdb-config
namespace: default
data:
01-change-auth.sql: |
-- 确保 root 用户存在并设置正确密码
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '${MYSQL_ROOT_PASSWORD}';

-- 创建/更新 root 用户允许从任何主机访问
CREATE USER IF NOT EXISTS 'root'@'%' IDENTIFIED WITH mysql_native_password BY '${MYSQL_ROOT_PASSWORD}';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;

-- 刷新权限使更改生效
FLUSH PRIVILEGES;
---
# ======================
# MySQL 主配置 (修复变量名错误)
# ======================
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql-config
namespace: default
data:
my.cnf: |
[mysqld]
bind-address = 0.0.0.0
port = 3306
server-id = 1
skip-host-cache
skip-name-resolve
skip_name_resolve = ON
datadir = /var/lib/mysql
socket = /var/run/mysqld/mysqld.sock
pid-file = /var/run/mysqld/mysqld.pid
secure-file-priv = /var/lib/mysql-files
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
init_connect = 'SET NAMES utf8mb4, collation_connection = utf8mb4_unicode_ci'
default-time-zone = '+8:00'
skip-character-set-client-handshake
log_bin = mysql-bin
binlog_format = ROW
expire_logs_days = 7
max_binlog_size = 100M
max_connections = 500
max_connect_errors = 1000
wait_timeout = 300
innodb_buffer_pool_size = 4G
innodb_log_file_size = 1G
innodb_flush_log_at_trx_commit = 1
local_infile = OFF

# 关键：使用正确的变量名设置认证插件
default_authentication_plugin = mysql_native_password

[client]
socket = /var/run/mysqld/mysqld.sock
default-character-set = utf8mb4

[mysql]
default-character-set = utf8mb4
---
# ======================
# MySQL Secret 配置 (确保密码正确)
# ======================
apiVersion: v1
kind: Secret
metadata:
name: mysql-secret
namespace: default
type: Opaque
data:
# 确认密码是 "123456" 的 base64 编码
root-password: MTIzNDU2 # echo -n '123456' | base64
---
# ======================
# MySQL 持久卷声明
# ======================
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pvc
namespace: default
labels:
app: mysql
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 160Gi
storageClassName: nfs-client
---
# ======================
# MySQL 服务
# ======================
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: default
spec:
selector:
app: mysql
type: ClusterIP
ports:
- name: mysql
protocol: TCP
port: 3306
targetPort: 3306
---
# ======================
# MySQL 部署 (完整修复)
# ======================
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
namespace: default
spec:
selector:
matchLabels:
app: mysql
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: mysql
spec:
# 安全上下文
securityContext:
runAsUser: 999
fsGroup: 999
runAsNonRoot: true

# 存储卷
volumes:
- name: mysql-data
persistentVolumeClaim:
claimName: mysql-pvc
- name: mysql-config
configMap:
name: mysql-config
items:
- key: my.cnf
path: my.cnf
- name: initdb
configMap:
name: mysql-initdb-config

# 主容器
containers:
- name: mysql
image: mysql:8.0.33
imagePullPolicy: IfNotPresent
args:
- "--defaults-file=/etc/mysql/my.cnf"
- "--character-set-server=utf8mb4"
- "--collation-server=utf8mb4_unicode_ci"
- "--default-authentication-plugin=mysql_native_password" # 强制使用旧版认证
ports:
- containerPort: 3306
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secret
key: root-password
- name: TZ
value: Asia/Shanghai
- name: MYSQL_ROOT_HOST
value: "%" # 允许所有主机连接
volumeMounts:
- name: mysql-data
mountPath: /var/lib/mysql
- name: mysql-config
mountPath: /etc/mysql/my.cnf
subPath: my.cnf
- name: initdb
mountPath: /docker-entrypoint-initdb.d
# 添加启动前命令创建sock文件目录
lifecycle:
postStart:
exec:
command:
- "/bin/sh"
- "-c"
- |
mkdir -p /var/run/mysqld
chown -R mysql:mysql /var/run/mysqld
chmod 777 /var/run/mysqld
livenessProbe:
exec:
command:
- mysqladmin
- ping
- "-uroot"
- "-p$(MYSQL_ROOT_PASSWORD)"
- "--protocol=socket"
initialDelaySeconds: 90 # 增加延迟确保MySQL完全启动
periodSeconds: 20
timeoutSeconds: 10
readinessProbe:
exec:
command:
- mysqladmin
- ping
- "-uroot"
- "-p$(MYSQL_ROOT_PASSWORD)"
- "--protocol=socket"
initialDelaySeconds: 60
periodSeconds: 15
timeoutSeconds: 5
resources:
requests:
memory: "4Gi"
cpu: "1000m"
limits:
memory: "8Gi"
cpu: "2000m"
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false

7、Elasticsearch

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es7-cluster
namespace: default
spec:
serviceName: elasticsearch7
replicas: 1
selector:
matchLabels:
app: elasticsearch7
template:
metadata:
labels:
app: elasticsearch7
spec:
containers:
- name: elasticsearch7
image: elasticsearch:7.16.2
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 1000m
requests:
cpu: 100m
ports:
- containerPort: 9200
name: rest
protocol: TCP
- containerPort: 9300
name: inter-node
protocol: TCP
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
env:
- name: cluster.name
value: k8s-es
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: discovery.zen.minimum_master_nodes
value: "1"
- name: discovery.seed_hosts
value: "es7-cluster-0.elasticsearch7"
- name: cluster.initial_master_nodes
value: "es7-cluster-0"
- name: ES_JAVA_OPTS
value: "-Xms1g -Xmx1g"
initContainers:
- name: fix-permissions
image: busybox
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
securityContext:
privileged: true
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
- name: increase-vm-max-map
image: busybox
imagePullPolicy: IfNotPresent
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
- name: increase-fd-ulimit
image: busybox
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "ulimit -n 65536"]
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "nfs-client"
resources:
requests:
storage: 200Gi
---
apiVersion: v1
kind: Service
metadata:
name: elasticsearch7
namespace: default
spec:
selector:
app: elasticsearch7
type: NodePort
ports:
- port: 9200
nodePort: 30002
targetPort: 9200

8、Kibana

apiVersion: v1
kind: Service
metadata:
name: kibana
namespace: default
labels:
app: kibana
component: ui
spec:
ports:
- name: http
port: 5601
targetPort: 5601
nodePort: 30001
type: NodePort
selector:
app: kibana
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kibana
namespace: default
labels:
app: kibana
spec:
replicas: 1
selector:
matchLabels:
app: kibana
strategy:
type: Recreate
template:
metadata:
labels:
app: kibana
annotations:
co.elastic.logs/enabled: "true"
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
containers:
- name: kibana
image: kibana:7.16.2
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: "500m"
memory: "1Gi"
requests:
cpu: "200m"
memory: "512Mi"
env:
- name: ELASTICSEARCH_HOSTS
value: http://elasticsearch7.default.svc.cluster.local:9200
- name: SERVER_HOST
value: "0.0.0.0"
- name: I18N_LOCALE
value: "zh-CN"
- name: SERVER_PUBLICBASEURL
value: "http://localhost:30001"
- name: NODE_OPTIONS
value: "--max-old-space-size=700"
ports:
- containerPort: 5601
name: http
livenessProbe:
httpGet:
path: /api/status
port: 5601
initialDelaySeconds: 120
periodSeconds: 30
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /api/status
port: 5601
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 3
securityContext:
readOnlyRootFilesystem: true # 保持根文件系统只读
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 15"]
volumeMounts:
- name: kibana-data
mountPath: /usr/share/kibana/data # 挂载数据目录
volumes:
- name: kibana-data
emptyDir: {} # 使用临时存储（生产环境建议使用持久卷）

9、nacos

# ======================
# ConfigMap
# ======================
apiVersion: v1
kind: ConfigMap
metadata:
name: nacos-cm
namespace: default
data:
application.properties: |
nacos.standalone=true
nacos.core.member.lookup.type=file
nacos.server.main.port=8848
nacos.core.protocol.raft.data.enabled=false
nacos.core.distro.enabled=false
nacos.core.cluster.enabled=false
nacos.core.raft.enabled=false
nacos.naming.data.warmup=true
nacos.naming.data.warmup.delay=0
spring.sql.init.platform=mysql
db.num=1
db.url.0=jdbc:mysql://mysql:3306/nacos?characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useUnicode=true&useSSL=false&serverTimezone=UTC
db.user=${MYSQL_USER}
db.password=${MYSQL_PASSWORD}
nacos.core.auth.enabled=true
nacos.core.auth.server.identity.key=serverIdentity
nacos.core.auth.server.identity.value=security
nacos.core.auth.plugin.nacos.token.secret.key=${NACOS_AUTH_TOKEN}
nacos.security.ignore.urls=/,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-ui/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/**
nacos.console.port=12306
nacos.remote.server.grpc.port=9848
nacos.core.protocol.raft.data.port=7848
management.endpoints.web.exposure.include=prometheus
nacos.server.contextPath=/nacos
nacos.console.contextPath=
nacos.console.ui.enabled=true
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.max-days=30
server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D %{User-Agent}i %{Request-Source}i

nacos-logback.xml: |
<?xml version="1.0" encoding="UTF-8"?>
<configuration scan="true" scanPeriod="10 seconds">
<contextName>nacos</contextName>
<property name="LOG_HOME" value="/home/nacos/logs"/>
<property name="APP_NAME" value="nacos"/>
<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger - %msg%n</pattern>
</encoder>
</appender>
<appender name="naming-server" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${LOG_HOME}/naming-server.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<fileNamePattern>${LOG_HOME}/naming-server.log.%d{yyyy-MM-dd}.%i</fileNamePattern>
<maxFileSize>1GB</maxFileSize>
<maxHistory>7</maxHistory>
<totalSizeCap>7GB</totalSizeCap>
</rollingPolicy>
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger - %msg%n</pattern>
</encoder>
</appender>
<appender name="config-server" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${LOG_HOME}/config-server.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<fileNamePattern>${LOG_HOME}/config-server.log.%d{yyyy-MM-dd}.%i</fileNamePattern>
<maxFileSize>1GB</maxFileSize>
<maxHistory>7</maxHistory>
<totalSizeCap>7GB</totalSizeCap>
</rollingPolicy>
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger - %msg%n</pattern>
</encoder>
</appender>
<appender name="config-dump" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${LOG_HOME}/config-dump.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<fileNamePattern>${LOG_HOME}/config-dump.log.%d{yyyy-MM-dd}.%i</fileNamePattern>
<maxFileSize>1GB</maxFileSize>
<maxHistory>7</maxHistory>
<totalSizeCap>7GB</totalSizeCap>
</rollingPolicy>
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger - %msg%n</pattern>
</encoder>
</appender>
<root level="INFO">
<appender-ref ref="CONSOLE"/>
<appender-ref ref="naming-server"/>
<appender-ref ref="config-server"/>
<appender-ref ref="config-dump"/>
</root>
<logger name="com.alibaba.nacos" level="INFO" additivity="false">
<appender-ref ref="CONSOLE"/>
<appender-ref ref="naming-server"/>
<appender-ref ref="config-server"/>
<appender-ref ref="config-dump"/>
</logger>
</configuration>

---
apiVersion: v1
kind: Secret
metadata:
name: nacos-db-secret
namespace: default
type: Opaque
data:
mysql-user: "cm9vdA=="
mysql-password: "MTIzNDU2"

---
apiVersion: v1
kind: Secret
metadata:
name: nacos-token-secret
namespace: default
type: Opaque
data:
auth-token: "ZmYxMjM0NTY3ODkwYWFhYmJiY2NjZGRkZWVlZmZmZGRkY2JiYWFiYWExMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTA="

---
apiVersion: v1
kind: Service
metadata:
name: nacos-headless
namespace: default
labels:
app: nacos
spec:
clusterIP: None
ports:
- name: http
port: 8848
targetPort: 8848
- name: rpc
port: 7848
targetPort: 7848
- name: grpc
port: 9848
targetPort: 9848
- name: console
port: 12306
targetPort: 12306
selector:
app: nacos

---
apiVersion: v1
kind: Service
metadata:
name: nacos
namespace: default
labels:
app: nacos
spec:
type: ClusterIP
ports:
- name: http
port: 8848
targetPort: 8848
- name: rpc
port: 7848
targetPort: 7848
- name: grpc
port: 9848
targetPort: 9848
- name: console
port: 12306
targetPort: 12306
selector:
app: nacos

---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: nacos
namespace: default
labels:
app: nacos
spec:
serviceName: nacos-headless
replicas: 1
podManagementPolicy: Parallel
selector:
matchLabels:
app: nacos
template:
metadata:
labels:
app: nacos
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8848"
spec:
securityContext:
fsGroup: 1000
containers:
- name: nacos
image: nacos/nacos-server:v3.0.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8848
name: http
- containerPort: 7848
name: rpc
- containerPort: 9848
name: grpc
- containerPort: 12306
name: console
#resources:
#limits:
#cpu: "1"
#memory: "1.5Gi"
#requests:
#cpu: "500m"
#memory: "1Gi"
env:
- name: MODE
value: "standalone"
- name: SERVICE_NAME
value: "nacos-headless"
- name: SPRING_DATASOURCE_PLATFORM
value: "mysql"
- name: NACOS_SERVER_PORT
value: "8848"
- name: NACOS_APPLICATION_PORT
value: "8848"
- name: PREFER_HOST_MODE
value: "hostname"
- name: TZ
value: "Asia/Shanghai"
- name: NACOS_REPLICAS
value: "1"
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: nacos-db-secret
key: mysql-user
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: nacos-db-secret
key: mysql-password
- name: NACOS_AUTH_TOKEN
valueFrom:
secretKeyRef:
name: nacos-token-secret
key: auth-token
- name: NACOS_SERVER_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: LOG_HOME
value: "/home/nacos/logs"
- name: JAVA_OPT
value: "-Xms1g -Xmx1g -Xmn512m -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=320m -Dnacos.standalone=true -Dnacos.core.auth.enabled=true -Djava.security.egd=file:/dev/./urandom -Drocksdb.tmp.path=/home/nacos/tmp -Dserver.max-http-header-size=524288 -Dnacos.core.cluster.enabled=false -Dnacos.core.distro.enabled=false -Dnacos.core.raft.enabled=false -Dnacos.core.protocol.raft.data.enabled=false -Dnacos.naming.data.warmup=true"
- name: NACOS_TMP_DIR
value: "/home/nacos/tmp"
securityContext:
runAsUser: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 30"]
volumeMounts:
- name: config
mountPath: /home/nacos/conf/application.properties
subPath: application.properties
- name: config
mountPath: /home/nacos/conf/nacos-logback.xml
subPath: nacos-logback.xml
- name: data
mountPath: /home/nacos/data
- name: logs
mountPath: /home/nacos/logs
- name: rocksdb-tmp
mountPath: /home/nacos/tmp
command: ["/bin/sh", "-c"]
args:
- |
exec java $JAVA_OPT \
-Xlog:gc*:file=/home/nacos/logs/nacos_gc.log:time,tags:filecount=10,filesize=102400 \
-Dloader.path=/home/nacos/plugins,/home/nacos/plugins/health,/home/nacos/plugins/cmdb,/home/nacos/plugins/selector \
-Dnacos.home=/home/nacos \
-jar /home/nacos/target/nacos-server.jar \
--spring.config.additional-location=file:/home/nacos/conf/ \
--spring.config.name=application \
--logging.config=/home/nacos/conf/nacos-logback.xml
initContainers:
- name: fix-permissions
image: busybox:1.35
imagePullPolicy: IfNotPresent
command:
- "/bin/sh"
- "-c"
- |
mkdir -p /home/nacos/tmp
chown -R 1000:1000 /home/nacos
chmod 777 /home/nacos/tmp
securityContext:
runAsUser: 0
volumeMounts:
- name: data
mountPath: /home/nacos/data
- name: logs
mountPath: /home/nacos/logs
- name: rocksdb-tmp
mountPath: /home/nacos/tmp
volumes:
- name: config
configMap:
name: nacos-cm
items:
- key: application.properties
path: application.properties
- key: nacos-logback.xml
path: nacos-logback.xml
- name: rocksdb-tmp
emptyDir: {}
volumeClaimTemplates:
- metadata:
name: data
labels:
type: nacos-data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "nfs-client"
resources:
requests:
storage: 5Gi
- metadata:
name: logs
labels:
type: nacos-logs
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "nfs-client"
resources:
requests:
storage: 5Gi

10、skywalking-oap

apiVersion: v1
kind: ServiceAccount
metadata:
name: skywalking-oap
namespace: default
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: skywalking-oap
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: skywalking-oap
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: skywalking-oap
subjects:
- kind: ServiceAccount
name: skywalking-oap
namespace: default
---
apiVersion: v1
kind: ConfigMap
metadata:
name: oap-config
namespace: default
data:
application.yml: |
cluster:
selector: ${SW_CLUSTER:standalone}
standalone:
zookeeper:
namespace: ${SW_NAMESPACE:""}
hostPort: ${SW_CLUSTER_ZK_HOST_PORT:localhost:2181}
baseSleepTimeMs: ${SW_CLUSTER_ZK_SLEEP_TIME:1000} # initial amount of time to wait between retries
maxRetries: ${SW_CLUSTER_ZK_MAX_RETRIES:3} # max number of times to retry
enableACL: ${SW_ZK_ENABLE_ACL:false} # disable ACL in default
schema: ${SW_ZK_SCHEMA:digest} # only support digest schema
expression: ${SW_ZK_EXPRESSION:skywalking:skywalking}
internalComHost: ${SW_CLUSTER_INTERNAL_COM_HOST:""}
internalComPort: ${SW_CLUSTER_INTERNAL_COM_PORT:-1}
kubernetes:
namespace: ${SW_CLUSTER_K8S_NAMESPACE:default}
labelSelector: ${SW_CLUSTER_K8S_LABEL:app=collector,release=skywalking}
uidEnvName: ${SW_CLUSTER_K8S_UID:SKYWALKING_COLLECTOR_UID}
consul:
serviceName: ${SW_SERVICE_NAME:"SkyWalking_OAP_Cluster"}
hostPort: ${SW_CLUSTER_CONSUL_HOST_PORT:localhost:8500}
aclToken: ${SW_CLUSTER_CONSUL_ACLTOKEN:""}
internalComHost: ${SW_CLUSTER_INTERNAL_COM_HOST:""}
internalComPort: ${SW_CLUSTER_INTERNAL_COM_PORT:-1}
etcd:
endpoints: ${SW_CLUSTER_ETCD_ENDPOINTS:localhost:2379}
namespace: ${SW_CLUSTER_ETCD_NAMESPACE:/skywalking}
serviceName: ${SW_CLUSTER_ETCD_SERVICE_NAME:"SkyWalking_OAP_Cluster"}
authentication: ${SW_CLUSTER_ETCD_AUTHENTICATION:false}
user: ${SW_CLUSTER_ETCD_USER:}
password: ${SW_CLUSTER_ETCD_PASSWORD:}
internalComHost: ${SW_CLUSTER_INTERNAL_COM_HOST:""}
internalComPort: ${SW_CLUSTER_INTERNAL_COM_PORT:-1}
nacos:
serviceName: ${SW_SERVICE_NAME:"SkyWalking_OAP_Cluster"}
hostPort: ${SW_CLUSTER_NACOS_HOST_PORT:localhost:8848}
namespace: ${SW_CLUSTER_NACOS_NAMESPACE:"public"}
contextPath: ${SW_CLUSTER_NACOS_CONTEXT_PATH:""}
username: ${SW_CLUSTER_NACOS_USERNAME:""}
password: ${SW_CLUSTER_NACOS_PASSWORD:""}
# Nacos auth accessKey
accessKey: ${SW_CLUSTER_NACOS_ACCESSKEY:""}
secretKey: ${SW_CLUSTER_NACOS_SECRETKEY:""}
internalComHost: ${SW_CLUSTER_INTERNAL_COM_HOST:""}
internalComPort: ${SW_CLUSTER_INTERNAL_COM_PORT:-1}
core:
selector: ${SW_CORE:default}
default:
# Mixed: Receive agent data, Level 1 aggregate, Level 2 aggregate
# Receiver: Receive agent data, Level 1 aggregate
# Aggregator: Level 2 aggregate
role: ${SW_CORE_ROLE:Mixed} # Mixed/Receiver/Aggregator
restHost: ${SW_CORE_REST_HOST:0.0.0.0}
restPort: ${SW_CORE_REST_PORT:12800}
restContextPath: ${SW_CORE_REST_CONTEXT_PATH:/}
restMaxThreads: ${SW_CORE_REST_MAX_THREADS:200}
restIdleTimeOut: ${SW_CORE_REST_IDLE_TIMEOUT:30000}
restAcceptQueueSize: ${SW_CORE_REST_QUEUE_SIZE:0}
httpMaxRequestHeaderSize: ${SW_CORE_HTTP_MAX_REQUEST_HEADER_SIZE:8192}
gRPCHost: ${SW_CORE_GRPC_HOST:0.0.0.0}
gRPCPort: ${SW_CORE_GRPC_PORT:11800}
maxConcurrentCallsPerConnection: ${SW_CORE_GRPC_MAX_CONCURRENT_CALL:0}
maxMessageSize: ${SW_CORE_GRPC_MAX_MESSAGE_SIZE:52428800} #50MB
gRPCThreadPoolSize: ${SW_CORE_GRPC_THREAD_POOL_SIZE:-1}
gRPCSslEnabled: ${SW_CORE_GRPC_SSL_ENABLED:false}
gRPCSslKeyPath: ${SW_CORE_GRPC_SSL_KEY_PATH:""}
gRPCSslCertChainPath: ${SW_CORE_GRPC_SSL_CERT_CHAIN_PATH:""}
gRPCSslTrustedCAPath: ${SW_CORE_GRPC_SSL_TRUSTED_CA_PATH:""}
downsampling:
- Hour
- Day
# Set a timeout on metrics data. After the timeout has expired, the metrics data will automatically be deleted.
enableDataKeeperExecutor: ${SW_CORE_ENABLE_DATA_KEEPER_EXECUTOR:true} # Turn it off then automatically metrics data delete will be close.
dataKeeperExecutePeriod: ${SW_CORE_DATA_KEEPER_EXECUTE_PERIOD:5} # How often the data keeper executor runs periodically, unit is minute
recordDataTTL: ${SW_CORE_RECORD_DATA_TTL:3} # Unit is day
metricsDataTTL: ${SW_CORE_METRICS_DATA_TTL:7} # Unit is day
# The period of L1 aggregation flush to L2 aggregation. Unit is ms.
l1FlushPeriod: ${SW_CORE_L1_AGGREGATION_FLUSH_PERIOD:500}
# The threshold of session time. Unit is ms. Default value is 70s.
storageSessionTimeout: ${SW_CORE_STORAGE_SESSION_TIMEOUT:70000}
# The period of doing data persistence. Unit is second.Default value is 25s
persistentPeriod: ${SW_CORE_PERSISTENT_PERIOD:25}
topNReportPeriod: ${SW_CORE_TOPN_REPORT_PERIOD:10} # top_n record worker report cycle, unit is minute
# Extra model column are the column defined by in the codes, These columns of model are not required logically in aggregation or further query,
# and it will cause more load for memory, network of OAP and storage.
# But, being activated, user could see the name in the storage entities, which make users easier to use 3rd party tool, such as Kibana->ES, to query the data by themselves.
activeExtraModelColumns: ${SW_CORE_ACTIVE_EXTRA_MODEL_COLUMNS:false}
# The max length of service + instance names should be less than 200
serviceNameMaxLength: ${SW_SERVICE_NAME_MAX_LENGTH:70}
# The period(in seconds) of refreshing the service cache. Default value is 10s.
serviceCacheRefreshInterval: ${SW_SERVICE_CACHE_REFRESH_INTERVAL:10}
instanceNameMaxLength: ${SW_INSTANCE_NAME_MAX_LENGTH:70}
# The max length of service + endpoint names should be less than 240
endpointNameMaxLength: ${SW_ENDPOINT_NAME_MAX_LENGTH:150}
# Define the set of span tag keys, which should be searchable through the GraphQL.
# The max length of key=value should be less than 256 or will be dropped.
searchableTracesTags: ${SW_SEARCHABLE_TAG_KEYS:http.method,http.status_code,rpc.status_code,db.type,db.instance,mq.queue,mq.topic,mq.broker}
# Define the set of log tag keys, which should be searchable through the GraphQL.
# The max length of key=value should be less than 256 or will be dropped.
searchableLogsTags: ${SW_SEARCHABLE_LOGS_TAG_KEYS:level,http.status_code}
# Define the set of alarm tag keys, which should be searchable through the GraphQL.
# The max length of key=value should be less than 256 or will be dropped.
searchableAlarmTags: ${SW_SEARCHABLE_ALARM_TAG_KEYS:level}
# The max size of tags keys for autocomplete select.
autocompleteTagKeysQueryMaxSize: ${SW_AUTOCOMPLETE_TAG_KEYS_QUERY_MAX_SIZE:100}
# The max size of tags values for autocomplete select.
autocompleteTagValuesQueryMaxSize: ${SW_AUTOCOMPLETE_TAG_VALUES_QUERY_MAX_SIZE:100}
# The number of threads used to prepare metrics data to the storage.
prepareThreads: ${SW_CORE_PREPARE_THREADS:2}
# Turn it on then automatically grouping endpoint by the given OpenAPI definitions.
enableEndpointNameGroupingByOpenapi: ${SW_CORE_ENABLE_ENDPOINT_NAME_GROUPING_BY_OPENAPI:true}
# The period of HTTP URI pattern recognition. Unit is second.
syncPeriodHttpUriRecognitionPattern: ${SW_CORE_SYNC_PERIOD_HTTP_URI_RECOGNITION_PATTERN:10}
# The training period of HTTP URI pattern recognition. Unit is second.
trainingPeriodHttpUriRecognitionPattern: ${SW_CORE_TRAINING_PERIOD_HTTP_URI_RECOGNITION_PATTERN:60}
# The max number of HTTP URIs per service for further URI pattern recognition.
maxHttpUrisNumberPerService: ${SW_CORE_MAX_HTTP_URIS_NUMBER_PER_SVR:3000}
# If disable the hierarchy, the service and instance hierarchy relation will not be built. And the query of hierarchy will return empty result.
# All the hierarchy relations are defined in the `hierarchy-definition.yml`.
# Notice: some of the configurations only available for kubernetes environments.
enableHierarchy: ${SW_CORE_ENABLE_HIERARCHY:true}
# The int value of the max heap memory usage percent. The default value is 96%.
maxHeapMemoryUsagePercent: ${SW_CORE_MAX_HEAP_MEMORY_USAGE_PERCENT:96}
# The long value of the max direct memory usage. The default max value is -1, representing no limit. The unit is in bytes.
maxDirectMemoryUsage: ${SW_CORE_MAX_DIRECT_MEMORY_USAGE:-1}
storage:
selector: ${SW_STORAGE:banyandb}
banyandb:
# Since 10.2.0, the banyandb configuration is separated to an independent configuration file: `bydb.yaml`.
elasticsearch:
namespace: ${SW_NAMESPACE:""}
clusterNodes: ${SW_STORAGE_ES_CLUSTER_NODES:localhost:9200}
protocol: ${SW_STORAGE_ES_HTTP_PROTOCOL:"http"}
connectTimeout: ${SW_STORAGE_ES_CONNECT_TIMEOUT:3000}
socketTimeout: ${SW_STORAGE_ES_SOCKET_TIMEOUT:30000}
responseTimeout: ${SW_STORAGE_ES_RESPONSE_TIMEOUT:15000}
numHttpClientThread: ${SW_STORAGE_ES_NUM_HTTP_CLIENT_THREAD:0}
user: ${SW_ES_USER:""}
password: ${SW_ES_PASSWORD:""}
trustStorePath: ${SW_STORAGE_ES_SSL_JKS_PATH:""}
trustStorePass: ${SW_STORAGE_ES_SSL_JKS_PASS:""}
secretsManagementFile: ${SW_ES_SECRETS_MANAGEMENT_FILE:""} # Secrets management file in the properties format includes the username, password, which are managed by 3rd party tool.
dayStep: ${SW_STORAGE_DAY_STEP:1} # Represent the number of days in the one minute/hour/day index.
indexShardsNumber: ${SW_STORAGE_ES_INDEX_SHARDS_NUMBER:1} # Shard number of new indexes
indexReplicasNumber: ${SW_STORAGE_ES_INDEX_REPLICAS_NUMBER:1} # Replicas number of new indexes
# Specify the settings for each index individually.
# If configured, this setting has the highest priority and overrides the generic settings.
specificIndexSettings: ${SW_STORAGE_ES_SPECIFIC_INDEX_SETTINGS:""}
# Super data set has been defined in the codes, such as trace segments.The following 3 config would be improve es performance when storage super size data in es.
superDatasetDayStep: ${SW_STORAGE_ES_SUPER_DATASET_DAY_STEP:-1} # Represent the number of days in the super size dataset record index, the default value is the same as dayStep when the value is less than 0
superDatasetIndexShardsFactor: ${SW_STORAGE_ES_SUPER_DATASET_INDEX_SHARDS_FACTOR:5} # This factor provides more shards for the super data set, shards number = indexShardsNumber * superDatasetIndexShardsFactor. Also, this factor effects Zipkin traces.
superDatasetIndexReplicasNumber: ${SW_STORAGE_ES_SUPER_DATASET_INDEX_REPLICAS_NUMBER:0} # Represent the replicas number in the super size dataset record index, the default value is 0.
indexTemplateOrder: ${SW_STORAGE_ES_INDEX_TEMPLATE_ORDER:0} # the order of index template
bulkActions: ${SW_STORAGE_ES_BULK_ACTIONS:5000} # Execute the async bulk record data every ${SW_STORAGE_ES_BULK_ACTIONS} requests
batchOfBytes: ${SW_STORAGE_ES_BATCH_OF_BYTES:10485760} # A threshold to control the max body size of ElasticSearch Bulk flush.
# flush the bulk every 5 seconds whatever the number of requests
flushInterval: ${SW_STORAGE_ES_FLUSH_INTERVAL:5}
concurrentRequests: ${SW_STORAGE_ES_CONCURRENT_REQUESTS:2} # the number of concurrent requests
resultWindowMaxSize: ${SW_STORAGE_ES_QUERY_MAX_WINDOW_SIZE:10000}
metadataQueryMaxSize: ${SW_STORAGE_ES_QUERY_MAX_SIZE:10000}
scrollingBatchSize: ${SW_STORAGE_ES_SCROLLING_BATCH_SIZE:5000}
segmentQueryMaxSize: ${SW_STORAGE_ES_QUERY_SEGMENT_SIZE:200}
profileTaskQueryMaxSize: ${SW_STORAGE_ES_QUERY_PROFILE_TASK_SIZE:200}
asyncProfilerTaskQueryMaxSize: ${SW_STORAGE_ES_QUERY_ASYNC_PROFILER_TASK_SIZE:200}
profileDataQueryBatchSize: ${SW_STORAGE_ES_QUERY_PROFILE_DATA_BATCH_SIZE:100}
oapAnalyzer: ${SW_STORAGE_ES_OAP_ANALYZER:"{\"analyzer\":{\"oap_analyzer\":{\"type\":\"stop\"}}}"} # the oap analyzer.
oapLogAnalyzer: ${SW_STORAGE_ES_OAP_LOG_ANALYZER:"{\"analyzer\":{\"oap_log_analyzer\":{\"type\":\"standard\"}}}"} # the oap log analyzer. It could be customized by the ES analyzer configuration to support more language log formats, such as Chinese log, Japanese log and etc.
advanced: ${SW_STORAGE_ES_ADVANCED:""}
# Enable shard metrics and records indices into multi-physical indices, one index template per metric/meter aggregation function or record.
logicSharding: ${SW_STORAGE_ES_LOGIC_SHARDING:false}
# Custom routing can reduce the impact of searches. Instead of having to fan out a search request to all the shards in an index, the request can be sent to just the shard that matches the specific routing value (or values).
enableCustomRouting: ${SW_STORAGE_ES_ENABLE_CUSTOM_ROUTING:false}
mysql:
properties:
jdbcUrl: ${SW_JDBC_URL:"jdbc:mysql://localhost:3306/swtest?rewriteBatchedStatements=true&allowMultiQueries=true"}
dataSource.user: ${SW_DATA_SOURCE_USER:root}
dataSource.password: ${SW_DATA_SOURCE_PASSWORD:root@1234}
dataSource.cachePrepStmts: ${SW_DATA_SOURCE_CACHE_PREP_STMTS:true}
dataSource.prepStmtCacheSize: ${SW_DATA_SOURCE_PREP_STMT_CACHE_SQL_SIZE:250}
dataSource.prepStmtCacheSqlLimit: ${SW_DATA_SOURCE_PREP_STMT_CACHE_SQL_LIMIT:2048}
dataSource.useServerPrepStmts: ${SW_DATA_SOURCE_USE_SERVER_PREP_STMTS:true}
metadataQueryMaxSize: ${SW_STORAGE_MYSQL_QUERY_MAX_SIZE:5000}
maxSizeOfBatchSql: ${SW_STORAGE_MAX_SIZE_OF_BATCH_SQL:2000}
asyncBatchPersistentPoolSize: ${SW_STORAGE_ASYNC_BATCH_PERSISTENT_POOL_SIZE:4}
postgresql:
properties:
jdbcUrl: ${SW_JDBC_URL:"jdbc:postgresql://localhost:5432/skywalking"}
dataSource.user: ${SW_DATA_SOURCE_USER:postgres}
dataSource.password: ${SW_DATA_SOURCE_PASSWORD:123456}
dataSource.cachePrepStmts: ${SW_DATA_SOURCE_CACHE_PREP_STMTS:true}
dataSource.prepStmtCacheSize: ${SW_DATA_SOURCE_PREP_STMT_CACHE_SQL_SIZE:250}
dataSource.prepStmtCacheSqlLimit: ${SW_DATA_SOURCE_PREP_STMT_CACHE_SQL_LIMIT:2048}
dataSource.useServerPrepStmts: ${SW_DATA_SOURCE_USE_SERVER_PREP_STMTS:true}
metadataQueryMaxSize: ${SW_STORAGE_MYSQL_QUERY_MAX_SIZE:5000}
maxSizeOfBatchSql: ${SW_STORAGE_MAX_SIZE_OF_BATCH_SQL:2000}
asyncBatchPersistentPoolSize: ${SW_STORAGE_ASYNC_BATCH_PERSISTENT_POOL_SIZE:4}
agent-analyzer:
selector: ${SW_AGENT_ANALYZER:default}
default:
# The default sampling rate and the default trace latency time configured by the 'traceSamplingPolicySettingsFile' file.
traceSamplingPolicySettingsFile: ${SW_TRACE_SAMPLING_POLICY_SETTINGS_FILE:trace-sampling-policy-settings.yml}
slowDBAccessThreshold: ${SW_SLOW_DB_THRESHOLD:default:200,mongodb:100} # The slow database access thresholds. Unit ms.
forceSampleErrorSegment: ${SW_FORCE_SAMPLE_ERROR_SEGMENT:true} # When sampling mechanism active, this config can open(true) force save some error segment. true is default.
segmentStatusAnalysisStrategy: ${SW_SEGMENT_STATUS_ANALYSIS_STRATEGY:FROM_SPAN_STATUS} # Determine the final segment status from the status of spans. Available values are `FROM_SPAN_STATUS` , `FROM_ENTRY_SPAN` and `FROM_FIRST_SPAN`. `FROM_SPAN_STATUS` represents the segment status would be error if any span is in error status. `FROM_ENTRY_SPAN` means the segment status would be determined by the status of entry spans only. `FROM_FIRST_SPAN` means the segment status would be determined by the status of the first span only.
# Nginx and Envoy agents can't get the real remote address.
# Exit spans with the component in the list would not generate the client-side instance relation metrics.
noUpstreamRealAddressAgents: ${SW_NO_UPSTREAM_REAL_ADDRESS:6000,9000}
meterAnalyzerActiveFiles: ${SW_METER_ANALYZER_ACTIVE_FILES:datasource,threadpool,satellite,go-runtime,python-runtime,continuous-profiling,java-agent,go-agent} # Which files could be meter analyzed, files split by ","
slowCacheReadThreshold: ${SW_SLOW_CACHE_SLOW_READ_THRESHOLD:default:20,redis:10} # The slow cache read operation thresholds. Unit ms.
slowCacheWriteThreshold: ${SW_SLOW_CACHE_SLOW_WRITE_THRESHOLD:default:20,redis:10} # The slow cache write operation thresholds. Unit ms.
log-analyzer:
selector: ${SW_LOG_ANALYZER:default}
default:
lalFiles: ${SW_LOG_LAL_FILES:envoy-als,mesh-dp,mysql-slowsql,pgsql-slowsql,redis-slowsql,k8s-service,nginx,default}
malFiles: ${SW_LOG_MAL_FILES:"nginx"}
event-analyzer:
selector: ${SW_EVENT_ANALYZER:default}
default:
receiver-sharing-server:
selector: ${SW_RECEIVER_SHARING_SERVER:default}
default:
# For HTTP server
restHost: ${SW_RECEIVER_SHARING_REST_HOST:0.0.0.0}
restPort: ${SW_RECEIVER_SHARING_REST_PORT:0}
restContextPath: ${SW_RECEIVER_SHARING_REST_CONTEXT_PATH:/}
restMaxThreads: ${SW_RECEIVER_SHARING_REST_MAX_THREADS:200}
restIdleTimeOut: ${SW_RECEIVER_SHARING_REST_IDLE_TIMEOUT:30000}
restAcceptQueueSize: ${SW_RECEIVER_SHARING_REST_QUEUE_SIZE:0}
httpMaxRequestHeaderSize: ${SW_RECEIVER_SHARING_HTTP_MAX_REQUEST_HEADER_SIZE:8192}
# For gRPC server
gRPCHost: ${SW_RECEIVER_GRPC_HOST:0.0.0.0}
gRPCPort: ${SW_RECEIVER_GRPC_PORT:0}
maxConcurrentCallsPerConnection: ${SW_RECEIVER_GRPC_MAX_CONCURRENT_CALL:0}
maxMessageSize: ${SW_RECEIVER_GRPC_MAX_MESSAGE_SIZE:52428800} #50MB
gRPCThreadPoolSize: ${SW_RECEIVER_GRPC_THREAD_POOL_SIZE:0}
gRPCSslEnabled: ${SW_RECEIVER_GRPC_SSL_ENABLED:false}
gRPCSslKeyPath: ${SW_RECEIVER_GRPC_SSL_KEY_PATH:""}
gRPCSslCertChainPath: ${SW_RECEIVER_GRPC_SSL_CERT_CHAIN_PATH:""}
gRPCSslTrustedCAsPath: ${SW_RECEIVER_GRPC_SSL_TRUSTED_CAS_PATH:""}
authentication: ${SW_AUTHENTICATION:""}
receiver-register:
selector: ${SW_RECEIVER_REGISTER:default}
default:
receiver-trace:
selector: ${SW_RECEIVER_TRACE:default}
default:
receiver-jvm:
selector: ${SW_RECEIVER_JVM:default}
default:
receiver-clr:
selector: ${SW_RECEIVER_CLR:default}
default:
receiver-profile:
selector: ${SW_RECEIVER_PROFILE:default}
default:
receiver-async-profiler:
selector: ${SW_RECEIVER_ASYNC_PROFILER:default}
default:
# Used to manage the maximum size of the jfr file that can be received, the unit is Byte, default is 30M
jfrMaxSize: ${SW_RECEIVER_ASYNC_PROFILER_JFR_MAX_SIZE:31457280}
# Used to determine whether to receive jfr in memory file or physical file mode
#
# The memory file mode have fewer local file system limitations, so they are by default. But it costs more memory.
#
# The physical file mode will use less memory when parsing and is more friendly to parsing large files.
# However, if the storage of the tmp directory in the container is insufficient, the oap server instance may crash.
# It is recommended to use physical file mode when volume mounting is used or the tmp directory has sufficient storage.
memoryParserEnabled: ${SW_RECEIVER_ASYNC_PROFILER_MEMORY_PARSER_ENABLED:true}
receiver-zabbix:
selector: ${SW_RECEIVER_ZABBIX:-}
default:
port: ${SW_RECEIVER_ZABBIX_PORT:10051}
host: ${SW_RECEIVER_ZABBIX_HOST:0.0.0.0}
activeFiles: ${SW_RECEIVER_ZABBIX_ACTIVE_FILES:agent}
service-mesh:
selector: ${SW_SERVICE_MESH:default}
default:
envoy-metric:
selector: ${SW_ENVOY_METRIC:default}
default:
acceptMetricsService: ${SW_ENVOY_METRIC_SERVICE:true}
alsHTTPAnalysis: ${SW_ENVOY_METRIC_ALS_HTTP_ANALYSIS:""}
alsTCPAnalysis: ${SW_ENVOY_METRIC_ALS_TCP_ANALYSIS:""}
# `k8sServiceNameRule` allows you to customize the service name in ALS via Kubernetes metadata,
# the available variables are `pod`, `service`, f.e., you can use `${service.metadata.name}-${pod.metadata.labels.version}`
# to append the version number to the service name.
# Be careful, when using environment variables to pass this configuration, use single quotes(`''`) to avoid it being evaluated by the shell.
k8sServiceNameRule: ${K8S_SERVICE_NAME_RULE:"${pod.metadata.labels.(service.istio.io/canonical-name)}.${pod.metadata.namespace}"}
istioServiceNameRule: ${ISTIO_SERVICE_NAME_RULE:"${serviceEntry.metadata.name}.${serviceEntry.metadata.namespace}"}
# When looking up service informations from the Istio ServiceEntries, some
# of the ServiceEntries might be created in several namespaces automatically
# by some components, and OAP will randomly pick one of them to build the
# service name, users can use this config to exclude ServiceEntries that
# they don't want to be used. Comma separated.
istioServiceEntryIgnoredNamespaces: ${SW_ISTIO_SERVICE_ENTRY_IGNORED_NAMESPACES:""}
gRPCHost: ${SW_ALS_GRPC_HOST:0.0.0.0}
gRPCPort: ${SW_ALS_GRPC_PORT:0}
maxConcurrentCallsPerConnection: ${SW_ALS_GRPC_MAX_CONCURRENT_CALL:0}
maxMessageSize: ${SW_ALS_GRPC_MAX_MESSAGE_SIZE:0}
gRPCThreadPoolSize: ${SW_ALS_GRPC_THREAD_POOL_SIZE:0}
gRPCSslEnabled: ${SW_ALS_GRPC_SSL_ENABLED:false}
gRPCSslKeyPath: ${SW_ALS_GRPC_SSL_KEY_PATH:""}
gRPCSslCertChainPath: ${SW_ALS_GRPC_SSL_CERT_CHAIN_PATH:""}
gRPCSslTrustedCAsPath: ${SW_ALS_GRPC_SSL_TRUSTED_CAS_PATH:""}
kafka-fetcher:
selector: ${SW_KAFKA_FETCHER:-}
default:
bootstrapServers: ${SW_KAFKA_FETCHER_SERVERS:localhost:9092}
namespace: ${SW_NAMESPACE:""}
partitions: ${SW_KAFKA_FETCHER_PARTITIONS:3}
replicationFactor: ${SW_KAFKA_FETCHER_PARTITIONS_FACTOR:2}
enableNativeProtoLog: ${SW_KAFKA_FETCHER_ENABLE_NATIVE_PROTO_LOG:true}
enableNativeJsonLog: ${SW_KAFKA_FETCHER_ENABLE_NATIVE_JSON_LOG:true}
consumers: ${SW_KAFKA_FETCHER_CONSUMERS:1}
kafkaHandlerThreadPoolSize: ${SW_KAFKA_HANDLER_THREAD_POOL_SIZE:-1}
kafkaHandlerThreadPoolQueueSize: ${SW_KAFKA_HANDLER_THREAD_POOL_QUEUE_SIZE:-1}
cilium-fetcher:
selector: ${SW_CILIUM_FETCHER:-}
default:
peerHost: ${SW_CILIUM_FETCHER_PEER_HOST:hubble-peer.kube-system.svc.cluster.local}
peerPort: ${SW_CILIUM_FETCHER_PEER_PORT:80}
fetchFailureRetrySecond: ${SW_CILIUM_FETCHER_FETCH_FAILURE_RETRY_SECOND:10}
sslConnection: ${SW_CILIUM_FETCHER_SSL_CONNECTION:false}
sslPrivateKeyFile: ${SW_CILIUM_FETCHER_PRIVATE_KEY_FILE_PATH:}
sslCertChainFile: ${SW_CILIUM_FETCHER_CERT_CHAIN_FILE_PATH:}
sslCaFile: ${SW_CILIUM_FETCHER_CA_FILE_PATH:}
convertClientAsServerTraffic: ${SW_CILIUM_FETCHER_CONVERT_CLIENT_AS_SERVER_TRAFFIC:true}
receiver-meter:
selector: ${SW_RECEIVER_METER:default}
default:
receiver-otel:
selector: ${SW_OTEL_RECEIVER:default}
default:
enabledHandlers: ${SW_OTEL_RECEIVER_ENABLED_HANDLERS:"otlp-metrics,otlp-logs"}
enabledOtelMetricsRules: ${SW_OTEL_RECEIVER_ENABLED_OTEL_METRICS_RULES:"apisix,nginx/*,k8s/*,istio-controlplane,vm,mysql/*,postgresql/*,oap,aws-eks/*,windows,aws-s3/*,aws-dynamodb/*,aws-gateway/*,redis/*,elasticsearch/*,rabbitmq/*,mongodb/*,kafka/*,pulsar/*,bookkeeper/*,rocketmq/*,clickhouse/*,activemq/*,kong/*"}
receiver-zipkin:
selector: ${SW_RECEIVER_ZIPKIN:-}
default:
# Defines a set of span tag keys which are searchable.
# The max length of key=value should be less than 256 or will be dropped.
searchableTracesTags: ${SW_ZIPKIN_SEARCHABLE_TAG_KEYS:http.method}
# The sample rate precision is 1/10000, should be between 0 and 10000
sampleRate: ${SW_ZIPKIN_SAMPLE_RATE:10000}
## The below configs are for OAP collect zipkin trace from HTTP
enableHttpCollector: ${SW_ZIPKIN_HTTP_COLLECTOR_ENABLED:true}
restHost: ${SW_RECEIVER_ZIPKIN_REST_HOST:0.0.0.0}
restPort: ${SW_RECEIVER_ZIPKIN_REST_PORT:9411}
restContextPath: ${SW_RECEIVER_ZIPKIN_REST_CONTEXT_PATH:/}
restMaxThreads: ${SW_RECEIVER_ZIPKIN_REST_MAX_THREADS:200}
restIdleTimeOut: ${SW_RECEIVER_ZIPKIN_REST_IDLE_TIMEOUT:30000}
restAcceptQueueSize: ${SW_RECEIVER_ZIPKIN_REST_QUEUE_SIZE:0}
## The below configs are for OAP collect zipkin trace from kafka
enableKafkaCollector: ${SW_ZIPKIN_KAFKA_COLLECTOR_ENABLED:false}
kafkaBootstrapServers: ${SW_ZIPKIN_KAFKA_SERVERS:localhost:9092}
kafkaGroupId: ${SW_ZIPKIN_KAFKA_GROUP_ID:zipkin}
kafkaTopic: ${SW_ZIPKIN_KAFKA_TOPIC:zipkin}
# Kafka consumer config, JSON format as Properties. If it contains the same key with above, would override.
kafkaConsumerConfig: ${SW_ZIPKIN_KAFKA_CONSUMER_CONFIG:"{\"auto.offset.reset\":\"earliest\",\"enable.auto.commit\":true}"}
# The Count of the topic consumers
kafkaConsumers: ${SW_ZIPKIN_KAFKA_CONSUMERS:1}
kafkaHandlerThreadPoolSize: ${SW_ZIPKIN_KAFKA_HANDLER_THREAD_POOL_SIZE:-1}
kafkaHandlerThreadPoolQueueSize: ${SW_ZIPKIN_KAFKA_HANDLER_THREAD_POOL_QUEUE_SIZE:-1}
receiver-browser:
selector: ${SW_RECEIVER_BROWSER:default}
default:
# The sample rate precision is 1/10000. 10000 means 100% sample in default.
sampleRate: ${SW_RECEIVER_BROWSER_SAMPLE_RATE:10000}
receiver-log:
selector: ${SW_RECEIVER_LOG:default}
default:
query:
selector: ${SW_QUERY:graphql}
graphql:
# Enable the log testing API to test the LAL.
# NOTE: This API evaluates untrusted code on the OAP server.
# A malicious script can do significant damage (steal keys and secrets, remove files and directories, install malware, etc).
# As such, please enable this API only when you completely trust your users.
enableLogTestTool: ${SW_QUERY_GRAPHQL_ENABLE_LOG_TEST_TOOL:false}
# Maximum complexity allowed for the GraphQL query that can be used to
# abort a query if the total number of data fields queried exceeds the defined threshold.
maxQueryComplexity: ${SW_QUERY_MAX_QUERY_COMPLEXITY:3000}
# Allow user add, disable and update UI template
enableUpdateUITemplate: ${SW_ENABLE_UPDATE_UI_TEMPLATE:false}
# "On demand log" allows users to fetch Pod containers' log in real time,
# because this might expose secrets in the logs (if any), users need
# to enable this manually, and add permissions to OAP cluster role.
enableOnDemandPodLog: ${SW_ENABLE_ON_DEMAND_POD_LOG:false}
# This module is for Zipkin query API and support zipkin-lens UI
query-zipkin:
selector: ${SW_QUERY_ZIPKIN:-}
default:
# For HTTP server
restHost: ${SW_QUERY_ZIPKIN_REST_HOST:0.0.0.0}
restPort: ${SW_QUERY_ZIPKIN_REST_PORT:9412}
restContextPath: ${SW_QUERY_ZIPKIN_REST_CONTEXT_PATH:/zipkin}
restMaxThreads: ${SW_QUERY_ZIPKIN_REST_MAX_THREADS:200}
restIdleTimeOut: ${SW_QUERY_ZIPKIN_REST_IDLE_TIMEOUT:30000}
restAcceptQueueSize: ${SW_QUERY_ZIPKIN_REST_QUEUE_SIZE:0}
# Default look back for traces and autocompleteTags, 1 day in millis
lookback: ${SW_QUERY_ZIPKIN_LOOKBACK:86400000}
# The Cache-Control max-age (seconds) for serviceNames, remoteServiceNames and spanNames
namesMaxAge: ${SW_QUERY_ZIPKIN_NAMES_MAX_AGE:300}
## The below config are OAP support for zipkin-lens UI
# Default traces query max size
uiQueryLimit: ${SW_QUERY_ZIPKIN_UI_QUERY_LIMIT:10}
# Default look back on the UI for search traces, 15 minutes in millis
uiDefaultLookback: ${SW_QUERY_ZIPKIN_UI_DEFAULT_LOOKBACK:900000}
#This module is for PromQL API.
promql:
selector: ${SW_PROMQL:default}
default:
# For HTTP server
restHost: ${SW_PROMQL_REST_HOST:0.0.0.0}
restPort: ${SW_PROMQL_REST_PORT:9090}
restContextPath: ${SW_PROMQL_REST_CONTEXT_PATH:/}
restMaxThreads: ${SW_PROMQL_REST_MAX_THREADS:200}
restIdleTimeOut: ${SW_PROMQL_REST_IDLE_TIMEOUT:30000}
restAcceptQueueSize: ${SW_PROMQL_REST_QUEUE_SIZE:0}
# The below config is for the API buildInfo, set the value to mock the build info.
buildInfoVersion: ${SW_PROMQL_BUILD_INFO_VERSION:"2.45.0"}
buildInfoRevision: ${SW_PROMQL_BUILD_INFO_REVISION:""}
buildInfoBranch: ${SW_PROMQL_BUILD_INFO_BRANCH:""}
buildInfoBuildUser: ${SW_PROMQL_BUILD_INFO_BUILD_USER:""}
buildInfoBuildDate: ${SW_PROMQL_BUILD_INFO_BUILD_DATE:""}
buildInfoGoVersion: ${SW_PROMQL_BUILD_INFO_GO_VERSION:""}
#This module is for LogQL API.
logql:
selector: ${SW_LOGQL:default}
default:
# For HTTP server
restHost: ${SW_LOGQL_REST_HOST:0.0.0.0}
restPort: ${SW_LOGQL_REST_PORT:3100}
restContextPath: ${SW_LOGQL_REST_CONTEXT_PATH:/}
restMaxThreads: ${SW_LOGQL_REST_MAX_THREADS:200}
restIdleTimeOut: ${SW_LOGQL_REST_IDLE_TIMEOUT:30000}
restAcceptQueueSize: ${SW_LOGQL_REST_QUEUE_SIZE:0}
alarm:
selector: ${SW_ALARM:default}
default:
telemetry:
selector: ${SW_TELEMETRY:prometheus}
none:
prometheus:
host: ${SW_TELEMETRY_PROMETHEUS_HOST:0.0.0.0}
port: ${SW_TELEMETRY_PROMETHEUS_PORT:1234}
sslEnabled: ${SW_TELEMETRY_PROMETHEUS_SSL_ENABLED:false}
sslKeyPath: ${SW_TELEMETRY_PROMETHEUS_SSL_KEY_PATH:""}
sslCertChainPath: ${SW_TELEMETRY_PROMETHEUS_SSL_CERT_CHAIN_PATH:""}
configuration:
selector: ${SW_CONFIGURATION:none}
none:
grpc:
host: ${SW_DCS_SERVER_HOST:""}
port: ${SW_DCS_SERVER_PORT:80}
clusterName: ${SW_DCS_CLUSTER_NAME:SkyWalking}
period: ${SW_DCS_PERIOD:20}
maxInboundMessageSize: ${SW_DCS_MAX_INBOUND_MESSAGE_SIZE:4194304}
apollo:
apolloMeta: ${SW_CONFIG_APOLLO:http://localhost:8080}
apolloCluster: ${SW_CONFIG_APOLLO_CLUSTER:default}
apolloEnv: ${SW_CONFIG_APOLLO_ENV:""}
appId: ${SW_CONFIG_APOLLO_APP_ID:skywalking}
zookeeper:
period: ${SW_CONFIG_ZK_PERIOD:60} # Unit seconds, sync period. Default fetch every 60 seconds.
namespace: ${SW_CONFIG_ZK_NAMESPACE:/default}
hostPort: ${SW_CONFIG_ZK_HOST_PORT:localhost:2181}
# Retry Policy
baseSleepTimeMs: ${SW_CONFIG_ZK_BASE_SLEEP_TIME_MS:1000} # initial amount of time to wait between retries
maxRetries: ${SW_CONFIG_ZK_MAX_RETRIES:3} # max number of times to retry
etcd:
period: ${SW_CONFIG_ETCD_PERIOD:60} # Unit seconds, sync period. Default fetch every 60 seconds.
endpoints: ${SW_CONFIG_ETCD_ENDPOINTS:http://localhost:2379}
namespace: ${SW_CONFIG_ETCD_NAMESPACE:/skywalking}
authentication: ${SW_CONFIG_ETCD_AUTHENTICATION:false}
user: ${SW_CONFIG_ETCD_USER:}
password: ${SW_CONFIG_ETCD_password:}
consul:
# Consul host and ports, separated by comma, e.g. 1.2.3.4:8500,2.3.4.5:8500
hostAndPorts: ${SW_CONFIG_CONSUL_HOST_AND_PORTS:1.2.3.4:8500}
# Sync period in seconds. Defaults to 60 seconds.
period: ${SW_CONFIG_CONSUL_PERIOD:60}
# Consul aclToken
aclToken: ${SW_CONFIG_CONSUL_ACL_TOKEN:""}
k8s-configmap:
period: ${SW_CONFIG_CONFIGMAP_PERIOD:60}
namespace: ${SW_CLUSTER_K8S_NAMESPACE:default}
labelSelector: ${SW_CLUSTER_K8S_LABEL:app=collector,release=skywalking}
nacos:
# Nacos Server Host
serverAddr: ${SW_CONFIG_NACOS_SERVER_ADDR:127.0.0.1}
# Nacos Server Port
port: ${SW_CONFIG_NACOS_SERVER_PORT:8848}
# Nacos Configuration Group
group: ${SW_CONFIG_NACOS_SERVER_GROUP:skywalking}
# Nacos Configuration namespace
namespace: ${SW_CONFIG_NACOS_SERVER_NAMESPACE:public}
# Unit seconds, sync period. Default fetch every 60 seconds.
period: ${SW_CONFIG_NACOS_PERIOD:60}
# Nacos auth username
username: ${SW_CONFIG_NACOS_USERNAME:nacos}
password: ${SW_CONFIG_NACOS_PASSWORD:nacos}
# Nacos auth accessKey
accessKey: ${SW_CONFIG_NACOS_ACCESSKEY:""}
secretKey: ${SW_CONFIG_NACOS_SECRETKEY:""}
exporter:
selector: ${SW_EXPORTER:-}
default:
# gRPC exporter
enableGRPCMetrics: ${SW_EXPORTER_ENABLE_GRPC_METRICS:false}
gRPCTargetHost: ${SW_EXPORTER_GRPC_HOST:127.0.0.1}
gRPCTargetPort: ${SW_EXPORTER_GRPC_PORT:9870}
# Kafka exporter
enableKafkaTrace: ${SW_EXPORTER_ENABLE_KAFKA_TRACE:false}
enableKafkaLog: ${SW_EXPORTER_ENABLE_KAFKA_LOG:false}
kafkaBootstrapServers: ${SW_EXPORTER_KAFKA_SERVERS:localhost:9092}
# Kafka producer config, JSON format as Properties.
kafkaProducerConfig: ${SW_EXPORTER_KAFKA_PRODUCER_CONFIG:""}
kafkaTopicTrace: ${SW_EXPORTER_KAFKA_TOPIC_TRACE:skywalking-export-trace}
kafkaTopicLog: ${SW_EXPORTER_KAFKA_TOPIC_LOG:skywalking-export-log}
exportErrorStatusTraceOnly: ${SW_EXPORTER_KAFKA_TRACE_FILTER_ERROR:false}
health-checker:
selector: ${SW_HEALTH_CHECKER:-}
default:
checkIntervalSeconds: ${SW_HEALTH_CHECKER_INTERVAL_SECONDS:5}
status-query:
selector: ${SW_STATUS_QUERY:default}
default:
# Include the list of keywords to filter configurations including secrets. Separate keywords by a comma.
keywords4MaskingSecretsOfConfig: ${SW_DEBUGGING_QUERY_KEYWORDS_FOR_MASKING_SECRETS:user,password,token,accessKey,secretKey,authentication}
configuration-discovery:
selector: ${SW_CONFIGURATION_DISCOVERY:default}
default:
disableMessageDigest: ${SW_DISABLE_MESSAGE_DIGEST:false}
receiver-event:
selector: ${SW_RECEIVER_EVENT:default}
default:
receiver-ebpf:
selector: ${SW_RECEIVER_EBPF:default}
default:
# The continuous profiling policy cache time, Unit is second.
continuousPolicyCacheTimeout: ${SW_CONTINUOUS_POLICY_CACHE_TIMEOUT:60}
gRPCHost: ${SW_EBPF_GRPC_HOST:0.0.0.0}
gRPCPort: ${SW_EBPF_GRPC_PORT:0}
maxConcurrentCallsPerConnection: ${SW_EBPF_GRPC_MAX_CONCURRENT_CALL:0}
maxMessageSize: ${SW_EBPF_ALS_GRPC_MAX_MESSAGE_SIZE:0}
gRPCThreadPoolSize: ${SW_EBPF_GRPC_THREAD_POOL_SIZE:0}
gRPCSslEnabled: ${SW_EBPF_GRPC_SSL_ENABLED:false}
gRPCSslKeyPath: ${SW_EBPF_GRPC_SSL_KEY_PATH:""}
gRPCSslCertChainPath: ${SW_EBPF_GRPC_SSL_CERT_CHAIN_PATH:""}
gRPCSslTrustedCAsPath: ${SW_EBPF_GRPC_SSL_TRUSTED_CAS_PATH:""}
receiver-telegraf:
selector: ${SW_RECEIVER_TELEGRAF:default}
default:
activeFiles: ${SW_RECEIVER_TELEGRAF_ACTIVE_FILES:vm}
aws-firehose:
selector: ${SW_RECEIVER_AWS_FIREHOSE:default}
default:
host: ${SW_RECEIVER_AWS_FIREHOSE_HTTP_HOST:0.0.0.0}
port: ${SW_RECEIVER_AWS_FIREHOSE_HTTP_PORT:12801}
contextPath: ${SW_RECEIVER_AWS_FIREHOSE_HTTP_CONTEXT_PATH:/}
maxThreads: ${SW_RECEIVER_AWS_FIREHOSE_HTTP_MAX_THREADS:200}
idleTimeOut: ${SW_RECEIVER_AWS_FIREHOSE_HTTP_IDLE_TIME_OUT:30000}
acceptQueueSize: ${SW_RECEIVER_AWS_FIREHOSE_HTTP_ACCEPT_QUEUE_SIZE:0}
maxRequestHeaderSize: ${SW_RECEIVER_AWS_FIREHOSE_HTTP_MAX_REQUEST_HEADER_SIZE:8192}
firehoseAccessKey: ${SW_RECEIVER_AWS_FIREHOSE_ACCESS_KEY:}
enableTLS: ${SW_RECEIVER_AWS_FIREHOSE_HTTP_ENABLE_TLS:false}
tlsKeyPath: ${SW_RECEIVER_AWS_FIREHOSE_HTTP_TLS_KEY_PATH:}
tlsCertChainPath: ${SW_RECEIVER_AWS_FIREHOSE_HTTP_TLS_CERT_CHAIN_PATH:}
ai-pipeline:
selector: ${SW_AI_PIPELINE:default}
default:
uriRecognitionServerAddr: ${SW_AI_PIPELINE_URI_RECOGNITION_SERVER_ADDR:}
uriRecognitionServerPort: ${SW_AI_PIPELINE_URI_RECOGNITION_SERVER_PORT:17128}
baselineServerAddr: ${SW_API_PIPELINE_BASELINE_SERVICE_HOST:}
baselineServerPort: ${SW_API_PIPELINE_BASELINE_SERVICE_PORT:18080}
---
apiVersion: v1
kind: Secret
metadata:
name: skywalking-secrets
namespace: default
type: Opaque
data:
nacos-username: "bmFjb3M="
nacos-password: "bmFjb3M="
es-username: ""
es-password: ""
---
apiVersion: v1
kind: Service
metadata:
name: skywalking-oap
namespace: default
labels:
app: skywalking-oap
component: observability
spec:
ports:
- port: 12800
name: rest
targetPort: 12800
- port: 11800
name: grpc
targetPort: 11800
- port: 1234
name: metrics
targetPort: 1234
selector:
app: skywalking-oap
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: skywalking-oap
namespace: default
labels:
app: skywalking-oap
spec:
replicas: 1
selector:
matchLabels:
app: skywalking-oap
strategy:
type: Recreate
template:
metadata:
labels:
app: skywalking-oap
release: skywalking
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "1234"
spec:
serviceAccountName: skywalking-oap
securityContext:
runAsUser: 1000
fsGroup: 1000
runAsNonRoot: true
containers:
- name: skywalking-oap
image: apache/skywalking-oap-server:10.2.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 11800
name: grpc
- containerPort: 12800
name: rest
- containerPort: 1234
name: metrics
resources:
requests:
memory: "1.5Gi"
cpu: "500m"
limits:
cpu: "1"
memory: "2.5Gi"
env:
# NACOS日志修复
- name: NACOS_CLIENT_LOG_PATH
value: "/dev/null"
- name: NACOS_CLIENT_SNAPSHOT_PATH
value: "/tmp/nacos/snapshot"
- name: JM_LOG_PATH
value: "/dev/null"
- name: LOGGING_LEVEL_COM_ALIBABA_NACOS
value: "ERROR"
- name: SW_STORAGE
value: "elasticsearch"

# JVM参数
- name: JAVA_OPTS
value: >
-Dnacos.logging.path=/dev/null
-Dnacos.logging.default.config.enabled=false
-Dcom.alibaba.nacos.config.log.dir=/dev/null
-Dcom.alibaba.nacos.naming.log.dir=/dev/null
-Dlogging.path=/dev/null
-Dcom.linecorp.armeria.warnNettyVersions=false
-XX:+UseContainerSupport
-XX:MaxRAMPercentage=75.0
- name: SW_CONFIGURATION
value: "nacos"
- name: SW_CLUSTER_NACOS_CONTEXT_PATH
value: "/nacos"
- name: SW_CLUSTER
value: "nacos"
- name: SW_CONFIG_NACOS_SERVER_ADDR
value: "nacos-0.nacos-headless.default.svc.cluster.local"
- name: SW_CONFIG_NACOS_SERVER_PORT
value: "8848"
- name: SW_CLUSTER_NACOS_HOST_PORT
value: "nacos-0.nacos-headless.default.svc.cluster.local:8848"
- name: SW_CLUSTER_NACOS_USERNAME
valueFrom:
secretKeyRef:
name: skywalking-secrets
key: nacos-username
- name: SW_CLUSTER_NACOS_PASSWORD
valueFrom:
secretKeyRef:
name: skywalking-secrets
key: nacos-password
- name: SW_STORAGE_ES_CLUSTER_NODES
value: "es7-cluster-0.elasticsearch7.default.svc.cluster.local:9200"
- name: SW_STORAGE_ES_HTTP_PROTOCOL
value: "http"
- name: SW_ES_USER
valueFrom:
secretKeyRef:
name: skywalking-secrets
key: es-username
- name: SW_ES_PASSWORD
valueFrom:
secretKeyRef:
name: skywalking-secrets
key: es-password
- name: real_host
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: TZ
value: Asia/Shanghai
- name: SW_CORE_RECORD_DATA_TTL
value: "3"
- name: SW_CORE_METRICS_DATA_TTL
value: "3"
- name: SW_STORAGE_ES_BULK_ACTIONS
value: "2000"
- name: SW_TELEMETRY
value: "prometheus"
- name: SW_TELEMETRY_PROMETHEUS_PORT
value: "1234"
securityContext:
privileged: true
#runAsUser: 0
capabilities:
add: ["ALL"]
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
volumeMounts:
- name: config
mountPath: /skywalking/config/application.yml
subPath: application.yml
- name: temp-snapshot
mountPath: /tmp/nacos
subPath: nacos
volumes:
- name: config
configMap:
name: oap-config
- name: temp-snapshot
emptyDir: {}

11、skywalking-ui

apiVersion: apps/v1
kind: Deployment
metadata:
name: skywalking-ui
namespace: default
labels:
app: skywalking-ui
spec:
replicas: 1
selector:
matchLabels:
app: skywalking-ui
strategy:
type: Recreate
template:
metadata:
labels:
app: skywalking-ui
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
containers:
- name: skywalking-ui
image: apache/skywalking-ui:10.2.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: http
env:
- name: SW_OAP_ADDRESS
value: http://skywalking-oap:12800
- name: SW_AUTH
value: "false"
- name: TZ
value: Asia/Shanghai
- name: JAVA_OPTS
value: "-Xmx512m -Xms256m"
- name: SW_SERVER_HOST
value: "0.0.0.0"
- name: SW_TIMEOUT
value: "10000"
resources:
limits:
cpu: "500m"
memory: "768Mi"
requests:
cpu: "100m"
memory: "256Mi"
securityContext:
privileged: true
#runAsUser: 0
capabilities:
add: ["ALL"]
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
lifecycle:
preStop:
exec:
command: ["sh", "-c", "sleep 15"]
---
apiVersion: v1
kind: Service
metadata:
name: skywalking-ui
namespace: default
labels:
app: skywalking-ui
spec:
type: NodePort
selector:
app: skywalking-ui
ports:
- protocol: TCP
name: http
port: 80
targetPort: 8080
nodePort: 30157