步骤一:确认两个集群的互访联通性
默认情况下,同一个VPC下的两个集群,如果使用了企业安全组,默认能够互相访问。如果使用普通安全组或者两个安全组访问不通,则需要为彼此添加安全组访问规则。具体操作,请参见添加安全组规则。
步骤二:添加集群到ASM实例并创建Serverless入口网关
将两个集群添加到ASM实例后,创建一个Serverless入口网关。
将两个集群添加到ASM实例。具体操作,请参见添加集群到ASM实例。
使用以下YAML,创建一个Serverless入口网关。具体操作,请参见创建入口网关服务。
展开查看Serverless入口网关YAML
apiVersion: istio.alibabacloud.com/v1beta1
kind: IstioGateway
metadata:
annotations:
asm.alibabacloud.com/managed-by-asm: 'true'
name: ingressgateway
namespace: istio-system
spec:
gatewayType: ingress
dnsPolicy: ClusterFirst
externalTrafficPolicy: Local
hostNetwork: false
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
replicaCount: 1
resources:
limits:
cpu: '2'
memory: 2G
requests:
cpu: 200m
memory: 256Mi
rollingMaxSurge: 100%
rollingMaxUnavailable: 25%
runAsRoot: true
serviceType: LoadBalancer
步骤三:部署Bookinfo应用
为了演示ASM跨集群的应用部署能力,Bookinfo应用的不同微服务分别部署在两个集群上。
使用以下内容,在m1c2集群中创建bookinfo-m1c2.yaml。
说明 review-v3 deployment对应的功能是书评中显示红色星。
展开查看Bookinfo应用YAML
# Details service
apiVersion: v1
kind: Service
metadata:
name: details
labels:
app: details
service: details
spec:
ports:
- port: 9080
name: http
selector:
app: details
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-details
labels:
account: details
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: details-v1
labels:
app: details
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: details
version: v1
template:
metadata:
labels:
app: details
version: v1
spec:
serviceAccountName: bookinfo-details
containers:
- name: details
image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-bookinfo-details-v1:1.19.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
# Ratings service
apiVersion: v1
kind: Service
metadata:
name: ratings
labels:
app: ratings
service: ratings
spec:
ports:
- port: 9080
name: http
selector:
app: ratings
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-ratings
labels:
account: ratings
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ratings-v1
labels:
app: ratings
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: ratings
version: v1
template:
metadata:
labels:
app: ratings
version: v1
spec:
serviceAccountName: bookinfo-ratings
containers:
- name: ratings
image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-bookinfo-ratings-v1:1.19.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
# Reviews service
apiVersion: v1
kind: Service
metadata:
name: reviews
labels:
app: reviews
service: reviews
spec:
ports:
- port: 9080
name: http
selector:
app: reviews
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-reviews
labels:
account: reviews
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v1
labels:
app: reviews
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v1
template:
metadata:
labels:
app: reviews
version: v1
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-bookinfo-reviews-v1:1.19.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v2
labels:
app: reviews
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v2
template:
metadata:
labels:
app: reviews
version: v2
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-bookinfo-reviews-v2:1.19.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
# Productpage services
apiVersion: v1
kind: Service
metadata:
name: productpage
labels:
app: productpage
service: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-productpage
labels:
account: productpage
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: productpage-v1
labels:
app: productpage
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: productpage
version: v1
template:
metadata:
labels:
app: productpage
version: v1
spec:
serviceAccountName: bookinfo-productpage
containers:
- name: productpage
image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-bookinfo-productpage-v1:1.19.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
执行以下命令,在m1c2集群中部署不包含review-v3 deployment的Bookinfo应用。
kubectl apply -f bookinfo-m1c2.yaml
使用以下内容,在m1c1集群中创建bookinfo-m1c1.yaml。
展开查看YAML内容
# Reviews service
apiVersion: v1
kind: Service
metadata:
name: reviews
labels:
app: reviews
service: reviews
spec:
ports:
- port: 9080
name: http
selector:
app: reviews
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-reviews
labels:
account: reviews
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v3
labels:
app: reviews
version: v3
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v3
template:
metadata:
labels:
app: reviews
version: v3
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-bookinfo-reviews-v3:1.19.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
# Ratings service
apiVersion: v1
kind: Service
metadata:
name: ratings
labels:
app: ratings
service: ratings
spec:
ports:
- port: 9080
name: http
selector:
app: ratings
执行以下命令,在m1c1集群中部署review-v3和ratting service。
kubectl apply -f bookinfo-m1c1.yaml
步骤四:添加虚拟服务和网关规则
在ASM实例的default命名空间下,新建一个名为bookinfo的虚拟服务。具体操作,请参见管理虚拟服务。
展开查看虚拟服务YAML
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
在ASM实例的default命名空间下,新建一个名为bookinfo-gateway的网关规则。具体操作,请参见管理网关规则。
展开查看网关规则YAML
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
在浏览器地址栏,输入http://{Serverless入口网关的IP地址}/productpage,并多次刷新页面。
可以看到页面出现reviews的3个版本,且比例接近1:1:1。虽然review-v3和其他服务不在同一个集群中,也可以正常显示。
(可选)步骤五:指定reviews总是使用v3版本
通过定义目标规则和虚拟服务,可以定义Bookinfo应用的微服务部署策略。本例中将指定Bookinfo总是使用review v3版本。
在ASM实例的default命名空间下,新建一个名为reviews的目标规则。具体操作,请参见管理虚拟服务。
展开查看目标规则YAML
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
- name: v3
labels:
version: v3
在ASM实例的default命名空间下,新建一个名为reviews的虚拟服务。具体操作,请参见管理虚拟服务。
展开查看虚拟服务YAML
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v3
在浏览器地址栏,输入http://{Serverless入口网关的IP地址}/productpage,并多次刷新页面。
可以看到reviews始终使用v3版本,即书评中为红色星。