當前位置：首頁 > 编程资源 > 综合教程 >内容正文

综合教程

k8s服务网关ambassador部署

發布時間：2023/12/13 综合教程 29 生活家

生活随笔收集整理的這篇文章主要介紹了 k8s服务网关ambassador部署小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

1、ambassador是datawire開源的服務網關，很好的支持kubernetes。具體詳細介紹參考官網：https://www.getambassador.io/about/why-ambassador

本節主要講述整個部署過程和簡單實用，具體詳細的資料搶參考官網。

2、部署

本次主要介紹將ambassador部署到自己的kubernetes集群里面，根據官網介紹部署方式有幾種：

1）yaml部署，即定義yaml文件，使用kubectl 直接部署

2) helm部署，如果用helm部署則需要在kubernetes中現安裝tiller（helm的server端）

yaml部署：

新版本的k8s集群都開啟了rbac認證，所以需要提前創建rbac文件，進行授權：

wget   https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml

---
apiVersion: v1
kind: Service
metadata:
  labels:
    service: ambassador-admin
  name: ambassador-admin
  namespace: tiller-world
spec:
  type: NodePort
  ports:
  - name: ambassador-admin
    port: 8877
    targetPort: 8877
  selector:
    service: ambassador---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: ambassador
rules:
- apiGroups: [""]
  resources:
  - services
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources:
  - configmaps
  verbs: ["create", "update", "patch", "get", "list", "watch"]
- apiGroups: [""]
  resources:
  - secrets
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources:
  - namespaces
  verbs: ["get", "list", "watch"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ambassador
  namespace: tiller-world
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: ambassador
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ambassador
subjects:
- kind: ServiceAccount
  name: ambassador
  namespace: tiller-world
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: ambassador
  namespace: tiller-world
spec:
  replicas: 3
  template:
    metadata:
      annotations:
        sidecar.istio.io/inject: "false"
        "consul.hashicorp.com/connect-inject": "false"
      labels:
        service: ambassador
    spec:
      serviceAccountName: ambassador
      containers:
      - name: ambassador
        image: quay.io/datawire/ambassador:0.50.0-rc5
        resources:
          limits:
            cpu: 200m
            memory: 200Mi
          requests:
            cpu: 100m
            memory: 100Mi
        env:
        - name: AMBASSADOR_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        ports:
        - name: http
          containerPort: 80
        - name: https
          containerPort: 443
        - name: admin
          containerPort: 8877
        livenessProbe:
          httpGet:
            path: /ambassador/v0/check_alive
            port: 8877
          initialDelaySeconds: 30
          periodSeconds: 3
        readinessProbe:
          httpGet:
            path: /ambassador/v0/check_ready
            port: 8877
          initialDelaySeconds: 30
          periodSeconds: 3
      restartPolicy: Always

我只修改了部署的namespace，tiller-world這個namespace是創建用helm部署程序用的。

創建角色及權限

kubectl  apply -f  ambassador-rbac.yaml

接下來創建ambassador的service：

暴漏服務有多種方式：LoadBalancer、NodePort、Ingress

這里我們使用NodePort暴漏服務，k8s默認的服務暴漏端口范圍是30000～32767，當然這個端口的范圍可以在啟動apiserver的時候進行修改，指定--service-node-port-range=1-65535，修改為需要的端口范圍，最好是不要將常見服務的端口包含在內，否則容易沖突。

# cat ambassador-svc.yaml
---
apiVersion: v1
kind: Service
metadata:
  labels:
    service: ambassador
  name: ambssador
  namespace: tiller-world
spec:
  type: NodePort
  ports:
  - port: 80
    targetPort: 80
    nodePort: 30009
  selector:
    service: ambassador

這里采用NodePort方式暴漏到服務器的30009端口。可以根據需要自己制定。

創建一個測試route：

# cat httpbin.yaml
---
apiVersion: v1
kind: Service
metadata:
  name: httpbin
  annotations:
    getambassador.io/config: |
       ---
       apiVersion: ambassador/v0
       kind: Mapping
       name: httpbin_mapping
       prefix: /httpbin/
       service: httpbin.org:80
       host_rewrite: httpbin.org
spec:
  ports:
  - name: httpbin
    port: 80

# kubectl apply -f httpbin.yaml

查看部署：

# kubectl get pods -n tiller-world
NAME                             READY   STATUS    RESTARTS   AGE
ambassador-5f66f5fd89-b2tqh      1/1     Running   0          138m
ambassador-5f66f5fd89-nbrgj      1/1     Running   0          138m
ambassador-5f66f5fd89-qxz55      1/1     Running   0          138m

# kubectl get  svc -n tiller-world
NAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
ambassador-admin   NodePort    10.108.245.217   <none>        8877:30051/TCP   138m
ambssador          NodePort    10.105.112.156   <none>        80:30009/TCP     104m
httpbin            ClusterIP   10.103.94.31     <none>        80/TCP           104m

測試訪問：

訪問的url：http://ip:30009/httpbin/,ip為kubernetes服務器的ip

部署一個service測試，部署qotm服務：

# cat qotm.yaml
---
apiVersion: v1
kind: Service
metadata:
  name: qotm
  annotations:
    getambassador.io/config: |
      ---
      apiVersion: ambassador/v0
      kind: Mapping
      name: qot_mapping
      prefix: /qotm/
      service: qotm
spec:
  selector:
    app: qotm
  ports:
  - port: 80
    name: http-qotm
    targetPort: http-api
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: qotm
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: qotm
    spec:
      containers:
      - name: qotm
        image: datawire/qotm:1.1
        ports:
        - name: http-api
          containerPort: 5000
        resources:
          limits:
            cpu: "0.1"
            memory: 100Mi

kubectl  apply  -f  qotm.yaml

service使用ambassador，只需要在service的定義里面添加注解就可以自動識別：

 annotations:
    getambassador.io/config: |
      ---
      apiVersion: ambassador/v0
      kind: Mapping
      name: qot_mapping
      prefix: /qotm/
      service: qotm

這里使用的是Mapping,uri前綴是/qotm/。詳細的配置參考官網：https://www.getambassador.io/reference/mappings

先查看一下部署的服務：

# kubectl get svc  -n tiller-world
NAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
ambassador-admin   NodePort    10.108.245.217   <none>        8877:30051/TCP   147m
ambssador          NodePort    10.105.112.156   <none>        80:30009/TCP     113m
httpbin            ClusterIP   10.103.94.31     <none>        80/TCP           113m
qotm               ClusterIP   10.108.253.202   <none>        80/TCP           72m
tiller-deploy      ClusterIP   10.102.176.214   <none>        44134/TCP        4h47m

訪問地址：http://ip:30009/qotm/

helm部署：

helm repo add datawire https://www.getambassador.io

helm upgrade --install --wait ambassador datawire/ambassador

當然也可以直接將chart fetch到本地，自己根據需求進行定制：

helm  fetch --name ambassador datawire/ambassador

總結

以上是生活随笔為你收集整理的k8s服务网关ambassador部署的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。