准备工作

服务网格 ASM(Service Mesh)支持两种Sidecarless模式,Ambient模式和ACMG模式。本文将介绍这两种模式的入门示例应用的部署步骤,帮助您提前准备环境,以便尽快体验Sidecarless模式的特性。

前提条件

  • 已创建符合条件的Kubernetes集群。更多信息,请参见适合的Kubernetes集群及配置

  • 已创建启用Ambient Mesh模式或ACMG模式的ASM实例。

    创建服务网格页面的数据面模式区域,选中启用Ambient Mesh模式启用ACMG模式,其他配置项请按照实际情况进行配置。具体操作,请参见创建ASM实例

  • 已为ASM实例添加ACK集群。具体操作,请参见添加集群到ASM实例

  • 已创建入口网关。具体操作,请参见创建入口网关

部署示例应用

本文使用bookinfo作为示例应用。更多信息,请参见ASM实例关联的集群中部署应用

ACK集群中部署示例应用

  1. 登录ASM控制台,在左侧导航栏,选择服务网格 > 网格管理

  2. 网格管理页面,单击目标实例名称,然后在左侧导航栏,选择网格实例 > 全局命名空间

  3. 开启Ambient模式或ACMG模式。

    1. Ambient模式

      1. 全局命名空间页面的数据面模式列,单击default命名空间对应的切换为Ambient Mesh模式,然后在确认对话框,单击确定

    2. ACMG模式

      1. 通过ASM实例的kubeconfig操作控制面集群,开启ACMG模式。

        kubectl label namespace default istio.io/dataplane-mode=acmg
  4. 部署Bookinfo应用。

    1. 使用以下内容创建bookinfo.yaml。

      展开查看YAML内容

      apiVersion: v1
      kind: Service
      metadata:
        name: details
        labels:
          app: details
          service: details
      spec:
        ports:
        - port: 9080
          name: http
        selector:
          app: details
      ---
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: bookinfo-details
        labels:
          account: details
      ---
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: details-v1
        labels:
          app: details
          version: v1
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: details
            version: v1
        template:
          metadata:
            labels:
              app: details
              version: v1
          spec:
            serviceAccountName: bookinfo-details
            containers:
            - name: details
              image: registry-cn-hangzhou.ack.aliyuncs.com/acs/examples-bookinfo-details-v1:1.19.1
              imagePullPolicy: IfNotPresent
              ports:
              - containerPort: 9080
      ---
      ##################################################################################################
      # Ratings service
      ##################################################################################################
      apiVersion: v1
      kind: Service
      metadata:
        name: ratings
        labels:
          app: ratings
          service: ratings
      spec:
        ports:
        - port: 9080
          name: http
        selector:
          app: ratings
      ---
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: bookinfo-ratings
        labels:
          account: ratings
      ---
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: ratings-v1
        labels:
          app: ratings
          version: v1
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: ratings
            version: v1
        template:
          metadata:
            labels:
              app: ratings
              version: v1
          spec:
            serviceAccountName: bookinfo-ratings
            containers:
            - name: ratings
              image: registry-cn-hangzhou.ack.aliyuncs.com/acs/examples-bookinfo-ratings-v1:1.19.1
              imagePullPolicy: IfNotPresent
              ports:
              - containerPort: 9080
      ---
      ##################################################################################################
      # Reviews service
      ##################################################################################################
      apiVersion: v1
      kind: Service
      metadata:
        name: reviews
        labels:
          app: reviews
          service: reviews
      spec:
        ports:
        - port: 9080
          name: http
        selector:
          app: reviews
      ---
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: bookinfo-reviews
        labels:
          account: reviews
      ---
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: reviews-v1
        labels:
          app: reviews
          version: v1
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: reviews
            version: v1
        template:
          metadata:
            labels:
              app: reviews
              version: v1
          spec:
            serviceAccountName: bookinfo-reviews
            containers:
            - name: reviews
              image: registry-cn-hangzhou.ack.aliyuncs.com/acs/examples-bookinfo-reviews-v1:1.19.1
              imagePullPolicy: IfNotPresent
              env:
              - name: LOG_DIR
                value: "/tmp/logs"
              ports:
              - containerPort: 9080
              volumeMounts:
              - name: tmp
                mountPath: /tmp
              - name: wlp-output
                mountPath: /opt/ibm/wlp/output
            volumes:
            - name: wlp-output
              emptyDir: {}
            - name: tmp
              emptyDir: {}
      ---
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: reviews-v2
        labels:
          app: reviews
          version: v2
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: reviews
            version: v2
        template:
          metadata:
            labels:
              app: reviews
              version: v2
          spec:
            serviceAccountName: bookinfo-reviews
            containers:
            - name: reviews
              image: registry-cn-hangzhou.ack.aliyuncs.com/acs/examples-bookinfo-reviews-v2:1.19.1
              imagePullPolicy: IfNotPresent
              env:
              - name: LOG_DIR
                value: "/tmp/logs"
              ports:
              - containerPort: 9080
              volumeMounts:
              - name: tmp
                mountPath: /tmp
              - name: wlp-output
                mountPath: /opt/ibm/wlp/output
            volumes:
            - name: wlp-output
              emptyDir: {}
            - name: tmp
              emptyDir: {}
      ---
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: reviews-v3
        labels:
          app: reviews
          version: v3
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: reviews
            version: v3
        template:
          metadata:
            labels:
              app: reviews
              version: v3
          spec:
            serviceAccountName: bookinfo-reviews
            containers:
            - name: reviews
              image: registry-cn-hangzhou.ack.aliyuncs.com/acs/examples-bookinfo-reviews-v3:1.19.1
              imagePullPolicy: IfNotPresent
              env:
              - name: LOG_DIR
                value: "/tmp/logs"
              ports:
              - containerPort: 9080
              volumeMounts:
              - name: tmp
                mountPath: /tmp
              - name: wlp-output
                mountPath: /opt/ibm/wlp/output
            volumes:
            - name: wlp-output
              emptyDir: {}
            - name: tmp
              emptyDir: {}
      ---
      ##################################################################################################
      # Productpage services
      ##################################################################################################
      apiVersion: v1
      kind: Service
      metadata:
        name: productpage
        labels:
          app: productpage
          service: productpage
      spec:
        ports:
        - port: 9080
          name: http
        selector:
          app: productpage
      ---
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: bookinfo-productpage
        labels:
          account: productpage
      ---
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: productpage-v1
        labels:
          app: productpage
          version: v1
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: productpage
            version: v1
        template:
          metadata:
            annotations:
              prometheus.io/scrape: "true"
              prometheus.io/port: "9080"
              prometheus.io/path: "/metrics"
            labels:
              app: productpage
              version: v1
          spec:
            serviceAccountName: bookinfo-productpage
            containers:
            - name: productpage
              image: registry-cn-hangzhou.ack.aliyuncs.com/acs/examples-bookinfo-productpage-v1:1.19.1
              imagePullPolicy: IfNotPresent
              ports:
              - containerPort: 9080
              volumeMounts:
              - name: tmp
                mountPath: /tmp
            volumes:
            - name: tmp
              emptyDir: {}
      ---
    2. 执行以下命令,在default命名空间中部署该示例应用。

      kubectl apply -f  bookinfo.yaml
  5. 部署Sleep应用。

    1. 使用以下内容创建sleep.yaml。

      展开查看YAML内容

      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: sleep
      ---
      apiVersion: v1
      kind: Service
      metadata:
        name: sleep
        labels:
          app: sleep
          service: sleep
      spec:
        ports:
        - port: 80
          name: http
        selector:
          app: sleep
      ---
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: sleep
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: sleep
        template:
          metadata:
            labels:
              app: sleep
          spec:
            terminationGracePeriodSeconds: 0
            serviceAccountName: sleep
            containers:
            - name: sleep
              image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/curl:asm-sleep
              command: ["/bin/sleep", "infinity"]
              imagePullPolicy: IfNotPresent
              volumeMounts:
              - mountPath: /etc/sleep/tls
                name: secret-volume
            volumes:
            - name: secret-volume
              secret:
                secretName: sleep-secret
                optional: true
      ---
    2. 执行以下命令,在default命名空间中部署该示例应用。

      kubectl apply -f  sleep.yaml
  6. 部署Notsleep应用。

    1. 使用以下内容创建notsleep.yaml。

      展开查看YAML内容

      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: notsleep
      ---
      apiVersion: v1
      kind: Service
      metadata:
        name: notsleep
        labels:
          app: notsleep
          service: notsleep
      spec:
        ports:
        - port: 80
          name: http
        selector:
          app: notsleep
      ---
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: notsleep
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: notsleep
        template:
          metadata:
            labels:
              app: notsleep
          spec:
            affinity:
              podAntiAffinity:
                preferredDuringSchedulingIgnoredDuringExecution:
                - weight: 100
                  podAffinityTerm:
                    labelSelector:
                      matchExpressions:
                      - key: app
                        operator: In
                        values:
                        - productpage
                    topologyKey: kubernetes.io/hostname 
            terminationGracePeriodSeconds: 0
            serviceAccountName: notsleep
            containers:
            - name: notsleep
              image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/curl:asm-sleep
              command: ["/bin/sleep", "3650d"]
              imagePullPolicy: IfNotPresent
              volumeMounts:
              - mountPath: /etc/sleep/tls
                name: secret-volume
            volumes:
            - name: secret-volume
              secret:
                secretName: notsleep-secret
                optional: true
      ---
    2. 执行以下命令,在default命名空间中部署该示例应用。

      kubectl apply -f  notsleep.yaml

ASM实例中部署网格资源

  1. 使用以下内容,创建bookinfo-gateway.yaml文件。

    YAML文件用于创建网关规则Gateway对象和虚拟服务VirtualService对象。

    展开查看bookinfo-gateway.yaml

    apiVersion: networking.istio.io/v1alpha3
    kind: Gateway
    metadata:
      name: bookinfo-gateway
    spec:
      selector:
        istio: ingressgateway # use istio default controller
      servers:
      - port:
          number: 80
          name: http
          protocol: HTTP
        hosts:
        - "*"
    ---
    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: bookinfo
    spec:
      hosts:
      - "*"
      gateways:
      - bookinfo-gateway
      http:
      - match:
        - uri:
            exact: /productpage
        - uri:
            prefix: /static
        - uri:
            exact: /login
        - uri:
            exact: /logout
        - uri:
            prefix: /api/v1/products
        route:
        - destination:
            host: productpage
            port:
              number: 9080
    
  2. ASM实例对应的KubeConfig环境下,执行以下命令,部署网格资源。

    kubectl apply -f bookinfo-gateway.yaml

验证基本功能

  1. 执行以下命令,设置入口网关的环境变量。

    export GATEWAY_HOST=istio-ingressgateway.istio-system
    export GATEWAY_SERVICE_ACCOUNT=ns/istio-system/sa/istio-ingressgateway
  2. 测试bookinfo应用程序,查看在有无网关的情况下能否正常运行。

    1. 执行以下命令:

      kubectl exec deploy/sleep -- curl -s "http://$GATEWAY_HOST/productpage" | grep -o "<title>.*</title>"

      预期输出:

      <title>Simple Bookstore App</title>
    2. 执行以下命令:

      kubectl exec deploy/sleep -- curl -s http://productpage:9080/ | grep -o "<title>.*</title>"

      预期输出:

      <title>Simple Bookstore App</title>
    3. 执行以下命令:

      kubectl exec deploy/notsleep -- curl -s http://productpage:9080/ | grep -o "<title>.*</title>"

      预期输出:

      <title>Simple Bookstore App</title>

      以上结果表明在有无网关的情况下,bookinfo应用程序均可以正常运行。