Langkah ini menjelaskan cara mendownload dan menginstal cert-manager dan Anthos Service Mesh (ASM), diperlukan agar Apigee Hybrid dapat beroperasi.
Menginstal cert-manager
Gunakan salah satu dari dua perintah berikut untuk menginstal cert-manager v0.14.2 dari GitHub.
Untuk menemukan versi Kubernetes Anda, gunakan kubectl version
perintah.
- Jika Anda memiliki Kubernetes versi 1.15 atau yang lebih baru:
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.2/cert-manager.yaml
- Versi Kubernetes yang lebih lama dari 1.15:
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.2/cert-manager-legacy.yaml
Anda akan melihat respons bahwa namespace cert-manager dan beberapa resource cert-manager telah dibuat.
Instal ASM
Apigee Hybrid menggunakan distribusi Istio yang disediakan dengan Anthos Service Mesh (ASM). Ikuti langkah-langkah berikut untuk menginstal ASM di cluster Anda.
Versi ASM yang didukung
Untuk penginstalan hybrid baru, instal ASM 1.6.x ke cluster Anda. Jika Anda meng-upgrade dari hibrida versi 1.2.x, instal ASM versi 1.5.x ke cluster Anda.
Melakukan langkah-langkah penyiapan dan konfigurasi ASM
Untuk menyelesaikan penginstalan ASM, Anda harus terlebih dahulu mengikuti penyiapan dan konfigurasi khusus ASM langkah-langkah ini dalam dokumentasi ASM. Kemudian, Anda harus kembali ke sini untuk menyelesaikan solusi khusus campuran sebelum menerapkan konfigurasi ke cluster.
- Ikuti langkah-langkah penyiapan dan konfigurasi ASM:
- Jika ini adalah penginstalan baru Apigee Hybrid Install, versi ASM 1,6 x. Buka: Perkenalan hingga penginstalan dan migrasi.
- Jika Anda meningkatkan dari versi hibrida sebelumnya, gunakan ASM 1.5.x. Buka: Menginstal Anthos Service Mesh di cluster yang ada.
Setelah menyelesaikan langkah-langkah konfigurasi dan penyiapan ASM, buka bagian berikutnya untuk menyelesaikan langkah-langkah konfigurasi hybrid dan instalasi ASM.
Melakukan konfigurasi hybrid akhir dan menginstal ASM
Terakhir, tambahkan konfigurasi khusus hybrid ke file istio-operator.yaml dan
menginstal ASM.
-
Pastikan Anda berada di direktori utama penginstalan ASM. Misalnya:
1.6.11-asm.1. - Buka file
./asm/cluster/istio-operator.yamldi editor. - Tambahkan baris berikut yang diindentasi di bawah
spec.meshConfig::Teks yang akan disalin
# This disables Istio from configuring workloads for mTLS if TLSSettings are not specified. 1.4 defaulted to false. enableAutoMtls: false accessLogFile: "/dev/stdout" accessLogEncoding: 1 # This is Apigee's custom access log format. Changes should not be made to this # unless first working with the Data and AX teams as they parse these logs for # SLOs. accessLogFormat: '{"start_time":"%START_TIME%","remote_address":"%DOWNSTREAM_DIRECT_REMOTE_ADDRESS%","user_agent":"%REQ(USER-AGENT)%","host":"%REQ(:AUTHORITY)%","request":"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%","request_time":"%DURATION%","status":"%RESPONSE_CODE%","status_details":"%RESPONSE_CODE_DETAILS%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","upstream_address":"%UPSTREAM_HOST%","upstream_response_flags":"%RESPONSE_FLAGS%","upstream_response_time":"%RESPONSE_DURATION%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_cluster":"%UPSTREAM_CLUSTER%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","request_method":"%REQ(:METHOD)%","request_path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","request_protocol":"%PROTOCOL%","tls_protocol":"%DOWNSTREAM_TLS_VERSION%","request_id":"%REQ(X-REQUEST-ID)%","sni_host":"%REQUESTED_SERVER_NAME%","apigee_dynamic_data":"%DYNAMIC_METADATA(envoy.lua)%"}'Contoh yang menampilkan penempatan
Jeda baris disisipkan agar mudah dibaca
apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: clusterName: "hybrid-example/us-central1/example-cluster" # {"$ref":"#/definitions/io.k8s.cli.substitutions.cluster-name"} spec: profile: asm hub: gcr.io/gke-release/asm # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.hub"} tag: 1.5.7-asm.0 # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.tag"} meshConfig: # This disables Istio from configuring workloads for mTLS if TLSSettings are not specified. # 1.4 defaulted to false. enableAutoMtls: false accessLogFile: "/dev/stdout" accessLogEncoding: 1 # This is Apigee's custom access log format. Changes should not be made to this # unless first working with the Data and AX teams as they parse these logs for # SLOs. accessLogFormat: '{"start_time":"%START_TIME%","remote_address":"%DOWNSTREAM_DIRECT_REMOTE _ADDRESS%","user_agent":"%REQ(USER-AGENT)%","host":"%REQ(:AUTHORITY)%","request":"%REQ(: METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%","request_time":"%DURATION%","status":"%RE SPONSE_CODE%","status_details":"%RESPONSE_CODE_DETAILS%","bytes_received":"%BYTES_RECEIV ED%","bytes_sent":"%BYTES_SENT%","upstream_address":"%UPSTREAM_HOST%","upstream_response _flags":"%RESPONSE_FLAGS%","upstream_response_time":"%RESPONSE_DURATION%","upstream_serv ice_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_cluster":"%UPSTREAM_CLUSTER% ","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","request_method":"%REQ(:METHOD)%","request_ path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","request_protocol":"%PROTOCOL%","tls_protocol ":"%DOWNSTREAM_TLS_VERSION%","request_id":"%REQ(X-REQUEST-ID)%","sni_host":"%REQUESTED_S ERVER_NAME%","apigee_dynamic_data":"%DYNAMIC_METADATA(envoy.lua)%"}' defaultConfig: proxyMetadata: GCP_METADATA: "hybrid-example|123456789123|example-cluster|us-central1" # {"$ref":"#/definitions/io.k8s.cli.substitutions.gke-metadata"}
- Tambahkan (atau perbarui) stanza
spec:componentsdiistio-operator.yamlfile di bawah bagianmeshConfig:dan tepat di atasvalues:, dengan reserved_static_ip adalah alamat IP yang Anda cadangkan untuk gateway masuk runtime di Penyiapan Project dan Org - Langkah 5: Konfigurasikan Cloud DNS.Teks yang akan disalin
ingressGateways: - name: istio-ingressgateway enabled: true k8s: service: type: LoadBalancer loadBalancerIP: reserved_static_ip ports: - name: status-port port: 15020 targetPort: 15020 - name: http2 port: 80 targetPort: 80 - name: https port: 443 - name: prometheus port: 15030 targetPort: 15030 - name: tcp port: 31400 targetPort: 31400 - name: tls port: 15443 targetPort: 15443Contoh yang menampilkan penempatan
Jeda baris disisipkan agar mudah dibaca
apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: clusterName: "hybrid-example/us-central1/example-cluster" # {"$ref":"#/definitions/io.k8s.cli.substitutions.cluster-name"} spec: profile: asm hub: gcr.io/gke-release/asm # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.hub"} tag: 1.5.7-asm.0 # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.tag"} meshConfig: # This disables Istio from configuring workloads for mTLS if TLSSettings are not specified. # 1.4 defaulted to false. enableAutoMtls: false accessLogFile: "/dev/stdout" accessLogEncoding: 1 # This is Apigee's custom access log format. Changes should not be made to this # unless first working with the Data and AX teams as they parse these logs for # SLOs. accessLogFormat: '{"start_time":"%START_TIME%","remote_address":"%DOWNSTREAM_DIRECT_REMOTE _ADDRESS%","user_agent":"%REQ(USER-AGENT)%","host":"%REQ(:AUTHORITY)%","request":"%REQ(: METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%","request_time":"%DURATION%","status":"%RE SPONSE_CODE%","status_details":"%RESPONSE_CODE_DETAILS%","bytes_received":"%BYTES_RECEIV ED%","bytes_sent":"%BYTES_SENT%","upstream_address":"%UPSTREAM_HOST%","upstream_response _flags":"%RESPONSE_FLAGS%","upstream_response_time":"%RESPONSE_DURATION%","upstream_serv ice_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_cluster":"%UPSTREAM_CLUSTER% ","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","request_method":"%REQ(:METHOD)%","request_ path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","request_protocol":"%PROTOCOL%","tls_protocol ":"%DOWNSTREAM_TLS_VERSION%","request_id":"%REQ(X-REQUEST-ID)%","sni_host":"%REQUESTED_S ERVER_NAME%","apigee_dynamic_data":"%DYNAMIC_METADATA(envoy.lua)%"}' defaultConfig: proxyMetadata: GCP_METADATA: "hybrid-example|123456789123|example-cluster|us-central1" # {"$ref":"#/definitions/io.k8s.cli.substitutions.gke-metadata"} components: pilot: k8s: hpaSpec: maxReplicas: 2 ingressGateways: - name: istio-ingressgateway enabled: true k8s: service: type: LoadBalancer loadBalancerIP: 123.234.56.78 ports: - name: status-port port: 15020 targetPort: 15020 - name: http2 port: 80 targetPort: 80 - name: https port: 443 - name: prometheus port: 15030 targetPort: 15030 - name: tcp port: 31400 targetPort: 31400 - name: tls port: 15443 targetPort: 15443 hpaSpec: maxReplicas: 2 values: . . .
- Kembali sekarang ke dokumentasi ASM yang Anda gunakan sebelumnya, dan selesaikan penginstalan ASM
(instal atau terapkan file
istio-operator.yamlke cluster). Saat diberi pilihan, pilih PERMISSIVE mTLS.
Ringkasan
Sekarang Anda telah menginstal cert-manager dan ASM, dan Anda siap untuk menginstal Alat command line hybrid Apigee di komputer lokal.
1 2 (BERIKUTNYA) Langkah 3: Instal apigeectl 4 5