阿里云服务网格ASM(Alibaba Cloud Service Mesh)除了可以通过控制台创建默认的入口网关服务之外,还支持通过KubeAPI管理入口网关。本文介绍如何使用KubeAPI管理入口网关。
前提条件
背景信息
ASM提供了一个kind为IstioGateway、apiVersion为istio.alibabacloud.com/v1beta1的自定义资源定义CRD,并提供了相应的Controller。通过监听该CRD资源变化事件,对应的Controller可以在相应的Kubernetes集群中同步对应的Service、Deployment以及相关联的ServiceAccount等。您可以通过KubeAPI对CRD进行管理。部署自定义网关
重要 新增入口网关必须创建在命名空间istio-system中,以获取相关的配置信息。如果部署到其他命名空间,在Istio 1.6及以后的版本中,将因为不能获取相关配置而导致入口网关无法正常启动。
- 使用以下内容,创建myexample-customingressgateway.yaml文件。关于字段的说明,请参见网关CRD字段说明。
apiVersion: istio.alibabacloud.com/v1beta1 kind: IstioGateway metadata: name: "myexample-customingressgateway" namespace: "istio-system" spec: clusterIds: - "cluster1Id" - "cluster2Id" cpu: targetAverageUtilization: 80 env: - name: "envname1" value: "envvalue1" externalTrafficPolicy: Local podLabels: key1: value1 ports: - name: status-port port: 15020 targetPort: 15020 - name: http2 port: 80 targetPort: 80 - name: https port: 443 targetPort: 0 - name: tls port: 15443 targetPort: 15443 replicaCount: 1 resources: limits: cpu: '2' memory: 2G requests: cpu: 200m memory: 256Mi # - name: config-volume-lua # configMapName: lua-libs # mountPath: /var/lib/lua # secretVolumes: # - name: myexample-customingressgateway-certs # secretName: istio-myexample-customingressgateway-certs # mountPath: /etc/istio/myexample-customingressgateway-certs serviceType: LoadBalancer serviceAnnotations: service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet serviceLabels: serviceLabelKey1: "serviceLabelValue1" podAnnotations: podAnnotationsKey1: "podAnnotationsValue1" rollingMaxSurge: "100%" rollingMaxUnavailable: "25%" overrides: cluster1Id: replicaCount: 1 resources: limits: cpu: '2' memory: 2G requests: cpu: 200m memory: 256Mi serviceAnnotations: service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: "slb.s1.small" cluster2Id: replicaCount: 2 resources: limits: cpu: '4' memory: 4G requests: cpu: 400m memory: 512Mi serviceAnnotations: service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: "slb.s2.small" hostNetwork: true dnsPolicy: "ClusterFirstWithHostNet"说明 若您需要使用Kubernetes Client操作入口网关,请参考Istiogateway的Go Types文件示例。 - 使用kubectl切换到服务网格实例对应的KubeConfig环境下。具体操作,请参见通过kubectl连接ASM实例。
- 创建命名空间myexample。具体操作,请参见新建命名空间。
- 在命令行中,执行以下命令,创建自定义入口网关。
kubectl apply -f myexample-customingressgateway.yaml
执行结果
添加入口网关之后,您可以登录容器服务控制台查看详情。
查看新添加入口网关的服务信息
- 登录容器服务管理控制台,在左侧导航栏中选择集群。
- 在集群列表页面中,单击目标集群名称,然后在左侧导航栏中,选择。
- 在服务页面,从命名空间下拉列表中选择myexample。
- 在目标服务右侧,单击操作列下的详情,查看新添加入口网关的服务信息。
查看新添加入口网关的Pod信息
- 登录容器服务管理控制台,在左侧导航栏中选择集群。
- 在集群列表页面中,单击目标集群名称,然后在左侧导航栏中,选择。
- 在容器组页面,从命名空间下拉列表中选择myexample。
- 在目标Pod右侧,单击操作列下的详情,查看新添加入口网关的Pod信息。
参考文件
展开查看Istiogateway的Go Types文件示例。
package v1beta1
import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
type GatewayType string
type ConfigState string
const (
GatewayTypeIngress GatewayType = "ingress"
GatewayTypeEgress GatewayType = "egress"
)
// IstioGatewaySpec defines the desired state of Istio
// +k8s:openapi-gen=true
type IstioGatewaySpec struct {
// +kubebuilder:validation:Enum=ingress;egress
GatewayType GatewayType `json:"gatewayType,omitempty"`
IstioGatewayBasicConfiguration `json:",inline"`
ClusterIds []string `json:"clusterIds,omitempty"`
clusterId string `json:"clusterId,omitempty"`
Overrides map[string]IstioGatewayBasicConfiguration `json:"overrides,omitempty"`
}
type KernelParameters struct {
NetCoreSoMaxConn *string `json:"net.core.somaxconn,omitempty"`
NetCoreNetdevMaxBacklog *string `json:"net.core.netdev_max_backlog,omitempty"`
NetIpv4TcpRMem *string `json:"net.ipv4.tcp_rmem,omitempty"`
NetIpv4TcpWMem *string `json:"net.ipv4.tcp_wmem,omitempty"`
NetIpv4IpLocalPortRange *string `json:"net.ipv4.ip_local_port_range,omitempty"`
NetIpv4TcpFinTimeout *string `json:"net.ipv4.tcp_fin_timeout,omitempty"`
NetIpv4TcpTwTimeout *string `json:"net.ipv4.tcp_tw_timeout,omitempty"`
NetIpv4TcpTwReuse *string `json:"net.ipv4.tcp_tw_reuse,omitempty"`
NetIpv4TcpTwRecycle *string `json:"net.ipv4.tcp_tw_recycle,omitempty"`
NetIpv4TcpTimestamps *string `json:"net.ipv4.tcp_timestamps,omitempty"`
NetIpv4TcpRetries2 *string `json:"net.ipv4.tcp_retries2,omitempty"`
NetIpv4TcpSlowStartAfterIdle *string `json:"net.ipv4.tcp_slow_start_after_idle,omitempty"`
NetIpv4TcpMaxOrphans *string `json:"net.ipv4.tcp_max_orphans,omitempty"`
NetIpv4TcpMaxSynBacklog *string `json:"net.ipv4.tcp_max_syn_backlog,omitempty"`
NetIpv4TcpNoMetricsSave *string `json:"net.ipv4.tcp_no_metrics_save,omitempty"`
NetIpv4TcpAutocorking *string `json:"net.ipv4.tcp_autocorking,omitempty"`
KernelPrintk *string `json:"kernel.printk,omitempty"`
VmSwappiness *string `json:"vm.swappiness,omitempty"`
}
type KernelConfiguration struct {
Enabled *bool `json:"enabled,omitempty"`
Parameters KernelParameters `json:"parameters,omitempty"`
}
type GzipCompressorConfiguration struct {
MemoryLevel *uint32 `json:"memory_level,omitempty"`
CompressionLevel *string `json:"compression_level,omitempty"`
CompressionStrategy *string `json:"compression_strategy,omitempty"`
WindowBits *uint32 `json:"window_bits,omitempty"`
ChunkSize *uint32 `json:"chunk_size,omitempty"`
}
type CompressorConfiguration struct {
Enabled *bool `json:"enabled,omitempty"`
MinContentLength *uint32 `json:"min_content_length,omitempty"`
ContentType *[]string `json:"content_type,omitempty"`
DisableOnETagHeader *bool `json:"disable_on_etag_header,omitempty"`
RemoveAcceptEncodingHeader *bool `json:"remove_accept_encoding_header,omitempty"`
Gzip *GzipCompressorConfiguration `json:"gzip,omitempty"`
}
type ReadinessProbeConfiguration struct {
FailureThreshold int32 `json:"failureThreshold,omitempty"`
PeriodSeconds int32 `json:"periodSeconds,omitempty"`
SuccessThreshold int32 `json:"successThreshold,omitempty"`
}
// +k8s:openapi-gen=true
type IstioGatewayBasicConfiguration struct {
ReplicaCount int32 `json:"replicaCount,omitempty"`
AutoscaleEnabled bool `json:"autoscaleEnabled,omitempty"`
MinReplicas int32 `json:"minReplicas,omitempty"`
MaxReplicas int32 `json:"maxReplicas,omitempty"`
// +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer
ServiceType corev1.ServiceType `json:"serviceType,omitempty"`
LoadBalancerIP string `json:"loadBalancerIP,omitempty"`
ExternalTrafficPolicy string `json:"externalTrafficPolicy,omitempty"`
ServiceAnnotations map[string]string `json:"serviceAnnotations,omitempty"`
PodAnnotations map[string]string `json:"podAnnotations,omitempty"`
ServiceLabels map[string]string `json:"serviceLabels,omitempty"`
PodLabels map[string]string `json:"podLabels,omitempty"`
Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
EnvVars []corev1.EnvVar `json:"env,omitempty"`
Ports []corev1.ServicePort `json:"ports,omitempty"`
MeshExpansionPorts []corev1.ServicePort `json:"meshExpansionPorts,omitempty"`
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
ApplicationPorts string `json:"applicationPorts,omitempty"`
RequestedNetworkView string `json:"requestedNetworkView,omitempty"`
Affinity *corev1.Affinity `json:"affinity,omitempty"`
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
SecretVolumes []SecretVolume `json:"secretVolumes,omitempty"`
ConfigVolumes []ConfigVolume `json:"configVolumes,omitempty"`
RollingMaxSurge *string `json:"rollingMaxSurge,omitempty"`
RollingMaxUnavailable *string `json:"rollingMaxUnavailable,omitempty"`
CPU HpaCPU `json:"cpu,omitempty"`
Memory HpaMemory `json:"memory,omitempty"`
Kernel KernelConfiguration `json:"kernel,omitempty"`
Compressor CompressorConfiguration `json:"compression,omitempty"`
RunAsRoot *bool `json:"runAsRoot,omitempty"`
Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty"`
ReadinessProbe ReadinessProbeConfiguration `json:"readinessProbe,omitempty"`
HostNetwork *bool `json:"hostNetwork,omitempty"`
DnsPolicy corev1.DNSPolicy `json:"dnsPolicy,omitempty"`
AutoCreateGatewayYaml *bool `json:"autoCreateGatewayYaml,omitempty"`
}
type SecretVolume struct {
Name string `json:"name,omitempty"`
SecretName string `json:"secretName,omitempty"`
MountPath string `json:"mountPath,omitempty"`
}
type ConfigVolume struct {
Name string `json:"name,omitempty"`
ConfigMapName string `json:"configMapName,omitempty"`
MountPath string `json:"mountPath,omitempty"`
}
// +k8s:openapi-gen=true
type HpaCPU struct {
TargetAverageUtilization *int32 `json:"targetAverageUtilization,omitempty"`
}
// +k8s:openapi-gen=true
type HpaMemory struct {
TargetAverageUtilization *int32 `json:"targetAverageUtilization,omitempty"`
}
// +k8s:openapi-gen=true
type IstioGatewayStatus struct {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
// Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file
// Add custom validation using kubebuilder tags: https://book.kubebuilder.io/beyond_basics/generating_crd.html
Status ConfigState `json:"Status,omitempty"`
GatewayAddress []string `json:"GatewayAddress,omitempty"`
ClusterIdGatewayAddressMap []GatewayAddress `json:"ClusterIdGatewayAddressMap,omitempty"`
ErrorMessage string `json:"ErrorMessage,omitempty"`
}
// +k8s:openapi-gen=true
type GatewayAddress struct {
IPAddress string `json:"ipAddress,omitempty"`
ClusterId string `json:"clusterId,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// IstioGateway is the Schema for the istiogateways API
// +k8s:openapi-gen=true
// +kubebuilder:subresource:status
type IstioGateway struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec IstioGatewaySpec `json:"spec,omitempty"`
Status IstioGatewayStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// IstioGatewayList contains a list of IstioGateway
type IstioGatewayList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []IstioGateway `json:"items"`
}