🌊 在 Kubernetes 环境中部署 OceanBase 集群

前提条件

在开始之前，请确保您已满足以下条件：

您有可用的 Kubernetes 集群且至少有 9 个可用 CPU，33 GB 可用内存和 360 GB 的可用存储空间。
ob-operator 依赖 cert-manager，请确保您已安装 cert-manager。cert-manager 的安装方法请参考对应的安装文档。
连接 OceanBase 集群时，您需已安装 MySQL 客户端或 OBClient。

本文结合示例介绍如何通过 ob-operator 在 Kubernetes 环境中部署 OceanBase 集群，以 ob-operator V2.3.1 为例，其他版本可能略有不同。

部署 cert-manager

kubectl create -f https://www.kubecc.comoceanbase/base/cert-manager.yaml
# 检查部署情况
[root@master01 base]# kubectl get pod -n cert-manager
NAME                                      READY   STATUS    RESTARTS   AGE
cert-manager-6888d6b69b-mdfff             1/1     Running   0          3d9h
cert-manager-cainjector-76f7798c9-mxplz   1/1     Running   0          3d9h
cert-manager-webhook-7d4b5d8484-8kqgm     1/1     Running   0          3d9h

部署 local-path-storage

ob-operator 在部署 OceanBase 集群时需要创建 PVC 作为 OceanBase 集群的存储。本文中使用 local-path-provisioner 来管理 PVC。部署命令如下：

kubectl create -f https://www.kubecc.comoceanbase/base/local-path-storage.yaml

[root@master01 base]# kubectl get storageclasses.storage.k8s.io 
NAME         PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
local-path   rancher.io/local-path   Delete          WaitForFirstConsumer   false                  3d9h
[root@master01 base]# kubectl get pods -n local-path-storage
NAME                                     READY   STATUS    RESTARTS   AGE
local-path-provisioner-c4cfb4f46-xp24m   1/1     Running   0          3d9h

部署 ob-operator

执行如下命令使用配置文件部署 ob-operator，如果你需要修改配置，文件中的配置项的详细含义可参见配置 ob-operator

kubectl create -f https://www.kubecc.com/oceanbase/base/operator.yaml

[root@master01 base]# kubectl get pods -n oceanbase-system
NAME                                          READY   STATUS    RESTARTS   AGE
oceanbase-controller-manager-9dfdf7b5-rj4g5   2/2     Running   0          3d9h

部署 oceanbase 集群

创建 Namespace

kubectl create -f https://www.kubecc.com/oceanbase/00-namespace.yaml

创建集群默认用户，通过 base64 解码获取明文密码

# 解码 echo "b2JjbHVzdGVyQDEyMw==" | base64 --decode
apiVersion: v1
kind: Secret
metadata:
  name: proxyro-password
  namespace: oceanbase
type: Opaque
data:
  password: b2JjbHVzdGVyQDEyMw==
---
apiVersion: v1
kind: Secret
metadata:
  name: root-password
  namespace: oceanbase
type: Opaque
data:
  password: b2JjbHVzdGVyQDEyMw==

kubectl create -f https://www.kubecc.com/oceanbase/01-secret.yaml

创建 ob-cluster

kubectl create -f https://www.kubecc.com/oceanbase/02-obcluster.yaml

[root@master01 oceanbase]# kubectl get pods -n oceanbase
NAME                       READY   STATUS    RESTARTS   AGE
obcluster-1-zone1-fsnkj8   2/2     Running   0          4d2h
obcluster-1-zone2-hsb4rf   2/2     Running   0          4d2h
obcluster-1-zone3-sxmg9w   2/2     Running   0          4d2h

我们使用节点任意 IP 地址连接 oceanbase 集群，执行 SQL 可以查看节点信息

[root@master01 ~]# kubectl get pods -n oceanbase -owide
NAME                       READY   STATUS    RESTARTS   AGE   IP               NODE       NOMINATED NODE   READINESS GATES
obcluster-1-zone1-fsnkj8   2/2     Running   0          19d   10.252.5.36      worker01   <none>           <none>
obcluster-1-zone2-hsb4rf   2/2     Running   0          19d   10.252.5.37      worker01   <none>           <none>
obcluster-1-zone3-sxmg9w   2/2     Running   0          19d   10.252.5.35      worker01   <none>           <none>
[root@master01 oceanbase]# mysql -h10.252.5.36 -P2881 -uroot@sys -p oceanbase -A -c
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3221711786
Server version: 5.7.25 OceanBase_CE 4.3.5.1 (r101010042025042417-0c7ffd37c2904f4d8191fb2d056738a93cce6d1d) (Built Apr 24 2025 17:44:06)

Copyright (c) 2000, 2025, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SELECT * FROM oceanbase.DBA_OB_SERVERS;

部署 obproxy

OceanBase Database Proxy（简称 ODP）是 OceanBase 数据库专用的代理服务器。OceanBase 数据库的用户数据以多副本的形式存放在各个 OBServer 上，ODP 接收用户发出的 SQL 请求，并将 SQL 请求转发至最佳目标 OBServer，最后将执行结果返回给用户。

连接管理：OBProxy 负责管理客户端的连接，维护与后端 OB集群的会话，减少客户端与数据库之间的连接开销。
负载均衡：OBProxy 能够智能地将客户端请求分发到不同的 OB 节点，优化资源使用，提升系统性能。
安全性：通过 OBProxy，可以集中管理访问控制和安全策略，增强系统的安全性。
高可用性：在后端 OB 节点发生故障时，OBProxy 能够自动剔除故障节点，确保请求的高可用性。

ODP 在部署前需要创建一个用于 OBProxy 与 OB集群通信的 Secret ，我们在前期部署文件中部署过了，我们这里就跳过，直接部署 OBProxy 集群。部署前我们需要注意替换

kubectl create -f https://www.kubecc.com/oceanbase/03-obproxy.yaml

apiVersion: v1
kind: Service
metadata:
  name: svc-obproxy
  namespace: oceanbase
spec:
  type: ClusterIP
  selector:
    app: obproxy
  ports:
    - name: "sql"
      port: 2883
      targetPort: 2883
    - name: "prometheus"
      port: 2884
      targetPort: 2884

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: obproxy
  namespace: oceanbase
spec:
  selector:
    matchLabels:
      app: obproxy
  replicas: 2
  template:
    metadata:
      labels:
        app: obproxy
    spec:
      containers:
        - name: obproxy
          image: oceanbase/obproxy-ce:4.2.1.0-11
          ports:
            - containerPort: 2883
              name: "sql"
            - containerPort: 2884
              name: "prometheus"
          env:
            - name: APP_NAME
              value: obproxy  # OBProxy 的名称
            - name: OB_CLUSTER 
              value: obcluster  # OB集群的名称
            - name: RS_LIST
              value: '10.96.191.1:2881;10.96.208.168:2881;10.96.171.121:2881'# POD Service-IP
            - name: PROXYRO_PASSWORD  # 前期创建的 secret
              valueFrom: 
                secretKeyRef:
                  name: proxysys
                  key: password
          resources:
            limits:
              memory: 2Gi
              cpu: "1"
            requests: 
              memory: 200Mi
              cpu: 200m
# 查看状态
[root@master01 oceanbase]# kubectl get pods -n oceanbase | grep obproxy
obproxy-7866b97d8b-249tv   1/1     Running   0          19d
obproxy-7866b97d8b-vsjqr   1/1     Running   0          19d

使用 obproxy service ip 登录 oceanbases 集群

[root@master01 oceanbase]# kubectl get svc -n oceanbase
NAME                           TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                         AGE
common-store-sql-mysql         NodePort    10.96.174.176   <none>        2883:30083/TCP,2884:30084/TCP   19d
obcluster-1-zone1-fsnkj8       ClusterIP   10.96.191.1     <none>        2881/TCP,2882/TCP               19d
obcluster-1-zone2-hsb4rf       ClusterIP   10.96.208.168   <none>        2881/TCP,2882/TCP               19d
obcluster-1-zone3-sxmg9w       ClusterIP   10.96.171.121   <none>        2881/TCP,2882/TCP               19d
svc-monitor-obcluster-dh24nr   ClusterIP   10.96.158.196   <none>        8088/TCP                        19d
svc-obproxy                    ClusterIP   10.96.108.33    <none>        2883/TCP,2884/TCP               104s
[root@master01 oceanbase]# mysql -h10.96.108.33 -P2883 -uroot@sys#obcluster -p oceanbase -A -c 
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.6.25 OceanBase_CE 4.3.5.1 (r101010042025042417-0c7ffd37c2904f4d8191fb2d056738a93cce6d1d) (Built Apr 24 2025 17:44:06)

Copyright (c) 2000, 2025, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SELECT * FROM oceanbase.DBA_OB_SERVERS;
+---------------+----------+----+-------+----------+-----------------+--------+----------------------------+-----------+-----------------------+----------------------------+----------------------------+-------------------------------------------------------------------------------------------+-------------------+
| SVR_IP        | SVR_PORT | ID | ZONE  | SQL_PORT | WITH_ROOTSERVER | STATUS | START_SERVICE_TIME         | STOP_TIME | BLOCK_MIGRATE_IN_TIME | CREATE_TIME                | MODIFY_TIME                | BUILD_VERSION                                                                             | LAST_OFFLINE_TIME |
+---------------+----------+----+-------+----------+-----------------+--------+----------------------------+-----------+-----------------------+----------------------------+----------------------------+-------------------------------------------------------------------------------------------+-------------------+
| 10.96.171.121 |     2882 |  3 | zone3 |     2881 | YES             | ACTIVE | 2025-06-23 14:53:21.725384 | NULL      | NULL                  | 2025-06-23 14:53:19.764915 | 2025-06-23 14:53:22.516353 | 4.3.5.1_101010042025042417-0c7ffd37c2904f4d8191fb2d056738a93cce6d1d(Apr 24 2025 17:44:06) | NULL              |
| 10.96.191.1   |     2882 |  1 | zone1 |     2881 | NO              | ACTIVE | 2025-06-23 14:53:19.594924 | NULL      | NULL                  | 2025-06-23 14:53:18.879537 | 2025-06-23 14:53:20.419345 | 4.3.5.1_101010042025042417-0c7ffd37c2904f4d8191fb2d056738a93cce6d1d(Apr 24 2025 17:44:06) | NULL              |
| 10.96.208.168 |     2882 |  2 | zone2 |     2881 | NO              | ACTIVE | 2025-06-23 14:53:19.980439 | NULL      | NULL                  | 2025-06-23 14:53:19.671441 | 2025-06-23 14:53:20.457177 | 4.3.5.1_101010042025042417-0c7ffd37c2904f4d8191fb2d056738a93cce6d1d(Apr 24 2025 17:44:06) | NULL              |
+---------------+----------+----+-------+----------+-----------------+--------+----------------------------+-----------+-----------------------+----------------------------+----------------------------+-------------------------------------------------------------------------------------------+-------------------+
3 rows in set (0.03 sec)

mysql>

有兴趣的同学还可以部署官方面板功能来管理、监控集群，本次部署体验就先到这里，后续继续更新。

参考文献

【1】官方部署教程

Kubecc

要想成为扫地僧，需要不断的学习进步，这个世界，在悄悄惩罚那些不改变的人