碼上歡樂
相關內容    簡體    繁體

k8s服務網關ambassador部署

本文轉載自   查看原文   2018-10-17 18:21   3567    docker-kubernetes

1、ambassador是datawire開源的服務網關,很好的支持kubernetes。具體詳細介紹參考官網:https://www.getambassador.io/about/why-ambassador

 

本節主要講述整個部署過程和簡單實用,具體詳細的資料搶參考官網。

2、部署

本次主要介紹將ambassador部署到自己的kubernetes集群里面,根據官網介紹部署方式有幾種:

1)yaml部署,即定義yaml文件,使用kubectl 直接部署

2) helm部署,如果用helm部署則需要在kubernetes中現安裝tiller(helm的server端)

yaml部署:

新版本的k8s集群都開啟了rbac認證,所以需要提前創建rbac文件,進行授權:

wget   https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml
--- apiVersion: v1 kind: Service metadata: labels: service: ambassador-admin name: ambassador-admin namespace: tiller-world spec: type: NodePort ports: - name: ambassador-admin port: 8877 targetPort: 8877 selector: service: ambassador--- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: ambassador rules: - apiGroups: [""] resources: - services verbs: ["get", "list", "watch"] - apiGroups: [""] resources: - configmaps verbs: ["create", "update", "patch", "get", "list", "watch"] - apiGroups: [""] resources: - secrets verbs: ["get", "list", "watch"] - apiGroups: [""] resources: - namespaces verbs: ["get", "list", "watch"] --- apiVersion: v1 kind: ServiceAccount metadata: name: ambassador namespace: tiller-world --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: ambassador roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: ambassador subjects: - kind: ServiceAccount name: ambassador namespace: tiller-world --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: ambassador namespace: tiller-world spec: replicas: 3 template: metadata: annotations: sidecar.istio.io/inject: "false"
        "consul.hashicorp.com/connect-inject": "false" labels: service: ambassador spec: serviceAccountName: ambassador containers: - name: ambassador image: quay.io/datawire/ambassador:0.50.0-rc5 resources: limits: cpu: 200m memory: 200Mi requests: cpu: 100m memory: 100Mi env: - name: AMBASSADOR_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: http containerPort: 80
        - name: https containerPort: 443
        - name: admin containerPort: 8877 livenessProbe: httpGet: path: /ambassador/v0/check_alive port: 8877 initialDelaySeconds: 30 periodSeconds: 3 readinessProbe: httpGet: path: /ambassador/v0/check_ready port: 8877 initialDelaySeconds: 30 periodSeconds: 3 restartPolicy: Always

 

我只修改了部署的namespace,tiller-world這個namespace是創建用helm部署程序用的。

創建角色及權限 kubectl apply -f  ambassador-rbac.yaml

接下來創建ambassador的service:

暴漏服務有多種方式:LoadBalancer、NodePort、Ingress

這里我們使用NodePort暴漏服務,k8s默認的服務暴漏端口范圍是30000~32767,當然這個端口的范圍可以在啟動apiserver的時候進行修改,指定--service-node-port-range=1-65535,修改為需要的端口范圍,最好是不要將常見服務的端口包含在內,否則容易沖突。

# cat ambassador-svc.yaml --- apiVersion: v1 kind: Service metadata: labels: service: ambassador name: ambssador
 namespace: tiller-world spec: type: NodePort ports: - port: 80 targetPort: 80 nodePort: 30009 selector: service: ambassador

這里采用NodePort方式暴漏到服務器的30009端口。可以根據需要自己制定。

 

創建一個測試route:

# cat httpbin.yaml --- apiVersion: v1 kind: Service metadata: name: httpbin annotations: getambassador.io/config: |
       --- apiVersion: ambassador/v0 kind: Mapping name: httpbin_mapping prefix: /httpbin/ service: httpbin.org:80 host_rewrite: httpbin.org spec: ports: - name: httpbin port: 80
# kubectl apply -f httpbin.yaml

查看部署:

# kubectl get pods -n tiller-world NAME READY STATUS RESTARTS AGE ambassador-5f66f5fd89-b2tqh      1/1     Running   0 138m ambassador-5f66f5fd89-nbrgj      1/1     Running   0 138m ambassador-5f66f5fd89-qxz55      1/1     Running   0          138m
# kubectl get  svc -n tiller-world NAME TYPE CLUSTER-IP       EXTERNAL-IP PORT(S) AGE ambassador-admin   NodePort    10.108.245.217   <none>        8877:30051/TCP 138m ambssador NodePort 10.105.112.156   <none>        80:30009/TCP 104m httpbin ClusterIP 10.103.94.31     <none>        80/TCP           104m

測試訪問:

訪問的url:http://ip:30009/httpbin/,ip為kubernetes服務器的ip

 

 

部署一個service測試,部署qotm服務:

# cat qotm.yaml --- apiVersion: v1 kind: Service metadata: name: qotm annotations: getambassador.io/config: |
      --- apiVersion: ambassador/v0 kind: Mapping name: qot_mapping prefix: /qotm/ service: qotm spec: selector: app: qotm ports: - port: 80 name: http-qotm targetPort: http-api --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: qotm spec: replicas: 1 strategy: type: RollingUpdate template: metadata: labels: app: qotm spec: containers: - name: qotm image: datawire/qotm:1.1 ports: - name: http-api containerPort: 5000 resources: limits: cpu: "0.1" memory: 100Mi
kubectl  apply  -f  qotm.yaml

service使用ambassador,只需要在service的定義里面添加注解就可以自動識別:

 annotations: getambassador.io/config: |
      --- apiVersion: ambassador/v0 kind: Mapping name: qot_mapping prefix: /qotm/ service: qotm

這里使用的是Mapping,uri前綴是/qotm/。詳細的配置參考官網:https://www.getambassador.io/reference/mappings

先查看一下部署的服務:

# kubectl get svc  -n tiller-world NAME TYPE CLUSTER-IP       EXTERNAL-IP PORT(S) AGE ambassador-admin   NodePort    10.108.245.217   <none>        8877:30051/TCP 147m ambssador NodePort 10.105.112.156   <none>        80:30009/TCP 113m httpbin ClusterIP 10.103.94.31     <none>        80/TCP 113m qotm ClusterIP 10.108.253.202   <none>        80/TCP 72m tiller-deploy      ClusterIP   10.102.176.214   <none>        44134/TCP        4h47m

訪問地址:http://ip:30009/qotm/

 

 

 

helm部署:

helm repo add datawire https://www.getambassador.io
 helm upgrade --install --wait ambassador datawire/ambassador

當然也可以直接將chart  fetch到本地,自己根據需求進行定制:

helm  fetch --name ambassador datawire/ambassador

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 基於ambassador實現K8S灰度發布 微服務從代碼到k8s部署應有盡有系列(二、網關) K8S(四)——部署master節點服務 k8s部署http服務 服務部署之k8s Bumblebee微服務網關的部署和擴展 k8s部署 部署k8s(一) Istio最佳實踐:在K8s上通過Istio服務網格進行灰度發布 微服務從代碼到k8s部署應有盡有大結局(k8s部署)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM