使用ASM Serverless網(wǎng)關(guān)實現(xiàn)多集群入口
更新時間:
通過阿里云服務網(wǎng)格ASM,您可以在同一VPC內(nèi)的多個Kubernetes集群上部署應用服務組件,并配置一個統(tǒng)一的Serverless入口網(wǎng)關(guān)代理多集群的入口流量,從而提升整體服務的可用性、降低計算資源成本。
前提條件
在同一VPC下,已創(chuàng)建兩個ACK集群(本示例為m1c1和m1c2)。具體操作,請參見創(chuàng)建ACK專有集群或創(chuàng)建ACK托管集群。
說明在創(chuàng)建集群時,建議使用企業(yè)安全組。
已創(chuàng)建一個ASM實例(本示例為mesh1),且版本為1.18.0.139及以上。
步驟一:確認兩個集群的互訪聯(lián)通性
默認情況下,同一個VPC下的兩個集群,如果使用了企業(yè)安全組,默認能夠互相訪問。如果使用普通安全組或者兩個安全組訪問不通,則需要為彼此添加安全組訪問規(guī)則。具體操作,請參見添加安全組規(guī)則。
步驟二:添加集群到ASM實例并創(chuàng)建Serverless入口網(wǎng)關(guān)
將兩個集群添加到ASM實例后,創(chuàng)建一個Serverless入口網(wǎng)關(guān)。
將兩個集群添加到ASM實例。具體操作,請參見添加集群到ASM實例。
使用以下YAML,創(chuàng)建一個Serverless入口網(wǎng)關(guān)。具體操作,請參見創(chuàng)建入口網(wǎng)關(guān)服務。
apiVersion: istio.alibabacloud.com/v1beta1 kind: IstioGateway metadata: annotations: asm.alibabacloud.com/managed-by-asm: 'true' name: ingressgateway namespace: istio-system spec: gatewayType: ingress dnsPolicy: ClusterFirst externalTrafficPolicy: Local hostNetwork: false ports: - name: http port: 80 protocol: TCP targetPort: 80 - name: https port: 443 protocol: TCP targetPort: 443 replicaCount: 1 resources: limits: cpu: '2' memory: 2G requests: cpu: 200m memory: 256Mi rollingMaxSurge: 100% rollingMaxUnavailable: 25% runAsRoot: true serviceType: LoadBalancer
步驟三:部署B(yǎng)ookinfo應用
為了演示ASM跨集群的應用部署能力,Bookinfo應用的不同微服務分別部署在兩個集群上。
使用以下內(nèi)容,在m1c2集群中創(chuàng)建bookinfo-m1c2.yaml。
說明review-v3 deployment對應的功能是書評中顯示紅色星。
# Details service apiVersion: v1 kind: Service metadata: name: details labels: app: details service: details spec: ports: - port: 9080 name: http selector: app: details --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-details labels: account: details --- apiVersion: apps/v1 kind: Deployment metadata: name: details-v1 labels: app: details version: v1 spec: replicas: 1 selector: matchLabels: app: details version: v1 template: metadata: labels: app: details version: v1 spec: serviceAccountName: bookinfo-details containers: - name: details image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-bookinfo-details-v1:1.19.1 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 --- # Ratings service apiVersion: v1 kind: Service metadata: name: ratings labels: app: ratings service: ratings spec: ports: - port: 9080 name: http selector: app: ratings --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-ratings labels: account: ratings --- apiVersion: apps/v1 kind: Deployment metadata: name: ratings-v1 labels: app: ratings version: v1 spec: replicas: 1 selector: matchLabels: app: ratings version: v1 template: metadata: labels: app: ratings version: v1 spec: serviceAccountName: bookinfo-ratings containers: - name: ratings image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-bookinfo-ratings-v1:1.19.1 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 --- # Reviews service apiVersion: v1 kind: Service metadata: name: reviews labels: app: reviews service: reviews spec: ports: - port: 9080 name: http selector: app: reviews --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-reviews labels: account: reviews --- apiVersion: apps/v1 kind: Deployment metadata: name: reviews-v1 labels: app: reviews version: v1 spec: replicas: 1 selector: matchLabels: app: reviews version: v1 template: metadata: labels: app: reviews version: v1 spec: serviceAccountName: bookinfo-reviews containers: - name: reviews image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-bookinfo-reviews-v1:1.19.1 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 --- apiVersion: apps/v1 kind: Deployment metadata: name: reviews-v2 labels: app: reviews version: v2 spec: replicas: 1 selector: matchLabels: app: reviews version: v2 template: metadata: labels: app: reviews version: v2 spec: serviceAccountName: bookinfo-reviews containers: - name: reviews image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-bookinfo-reviews-v2:1.19.1 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 --- # Productpage services apiVersion: v1 kind: Service metadata: name: productpage labels: app: productpage service: productpage spec: ports: - port: 9080 name: http selector: app: productpage --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-productpage labels: account: productpage --- apiVersion: apps/v1 kind: Deployment metadata: name: productpage-v1 labels: app: productpage version: v1 spec: replicas: 1 selector: matchLabels: app: productpage version: v1 template: metadata: labels: app: productpage version: v1 spec: serviceAccountName: bookinfo-productpage containers: - name: productpage image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-bookinfo-productpage-v1:1.19.1 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 ---執(zhí)行以下命令,在m1c2集群中部署不包含review-v3 deployment的Bookinfo應用。
kubectl apply -f bookinfo-m1c2.yaml使用以下內(nèi)容,在m1c1集群中創(chuàng)建bookinfo-m1c1.yaml。
# Reviews service apiVersion: v1 kind: Service metadata: name: reviews labels: app: reviews service: reviews spec: ports: - port: 9080 name: http selector: app: reviews --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-reviews labels: account: reviews --- apiVersion: apps/v1 kind: Deployment metadata: name: reviews-v3 labels: app: reviews version: v3 spec: replicas: 1 selector: matchLabels: app: reviews version: v3 template: metadata: labels: app: reviews version: v3 spec: serviceAccountName: bookinfo-reviews containers: - name: reviews image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-bookinfo-reviews-v3:1.19.1 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 --- # Ratings service apiVersion: v1 kind: Service metadata: name: ratings labels: app: ratings service: ratings spec: ports: - port: 9080 name: http selector: app: ratings執(zhí)行以下命令,在m1c1集群中部署review-v3和ratting service。
kubectl apply -f bookinfo-m1c1.yaml
步驟四:添加虛擬服務和網(wǎng)關(guān)規(guī)則
在ASM實例的default命名空間下,新建一個名為bookinfo的虛擬服務。具體操作,請參見管理虛擬服務。
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: bookinfo spec: hosts: - "*" gateways: - bookinfo-gateway http: - match: - uri: exact: /productpage - uri: prefix: /static - uri: exact: /login - uri: exact: /logout - uri: prefix: /api/v1/products route: - destination: host: productpage port: number: 9080在ASM實例的default命名空間下,新建一個名為bookinfo-gateway的網(wǎng)關(guān)規(guī)則。具體操作,請參見管理網(wǎng)關(guān)規(guī)則。
apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: bookinfo-gateway spec: selector: istio: ingressgateway # use istio default controller servers: - port: number: 80 name: http protocol: HTTP hosts: - "*"在瀏覽器地址欄,輸入
http://{Serverless入口網(wǎng)關(guān)的IP地址}/productpage,并多次刷新頁面。可以看到頁面出現(xiàn)reviews的3個版本,且比例接近1:1:1。雖然review-v3和其他服務不在同一個集群中,也可以正常顯示。
(可選)步驟五:指定reviews總是使用v3版本
通過定義目標規(guī)則和虛擬服務,可以定義Bookinfo應用的微服務部署策略。本例中將指定Bookinfo總是使用review v3版本。
在ASM實例的default命名空間下,新建一個名為reviews的目標規(guī)則。具體操作,請參見管理虛擬服務。
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: reviews spec: host: reviews subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 - name: v3 labels: version: v3在ASM實例的default命名空間下,新建一個名為reviews的虛擬服務。具體操作,請參見管理虛擬服務。
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews spec: hosts: - reviews http: - route: - destination: host: reviews subset: v3在瀏覽器地址欄,輸入
http://{Serverless入口網(wǎng)關(guān)的IP地址}/productpage,并多次刷新頁面。可以看到reviews始終使用v3版本,即書評中為紅色星。
文檔內(nèi)容是否對您有幫助?