部署 Online Boutique 示例应用
本指南介绍如何安装 Online Boutique 示例应用来演示 Cloud Service Mesh。如果您尚未安装 Cloud Service Mesh,请参阅安装指南。
下载和部署示例
要部署应用,您首先需要使用 kpt
从 anthos-service-mesh-packages
代码库下载 Online Boutique 清单。anthos-service-mesh-packages
代码库中的 Online Boutique 示例应用在 microservices-demo
代码库中原始清单集的基础上进行了修改。按照最佳做法,每项服务都会部署在具有唯一服务账号的单独命名空间中。
如果您尚未安装
kpt
,请进行安装:gcloud components install kpt
使用
kpt
下载示例:kpt pkg get \ https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages.git/samples/online-boutique \ online-boutique
预期输出
Package "online-boutique": Fetching https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages@main From https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages * branch main -> FETCH_HEAD Adding package "samples/online-boutique". Fetched 1 package(s).
导航到
online-boutique
目录:cd online-boutique
为应用创建命名空间:
kubectl apply -f kubernetes-manifests/namespaces
预期输出:
namespace/ad created namespace/cart created namespace/checkout created namespace/currency created namespace/email created namespace/frontend created namespace/loadgenerator created namespace/payment created namespace/product-catalog created namespace/recommendation created namespace/shipping created
将示例部署到集群。
创建服务账号和部署:
kubectl apply -f kubernetes-manifests/deployments
预期输出:
serviceaccount/ad created deployment.apps/adservice created serviceaccount/cart created deployment.apps/cartservice created serviceaccount/checkout created deployment.apps/checkoutservice created serviceaccount/currency created deployment.apps/currencyservice created serviceaccount/email created deployment.apps/emailservice created serviceaccount/frontend created deployment.apps/frontend created serviceaccount/loadgenerator created deployment.apps/loadgenerator created serviceaccount/payment created deployment.apps/paymentservice created serviceaccount/product-catalog created deployment.apps/productcatalogservice created serviceaccount/recommendation created deployment.apps/recommendationservice created serviceaccount/shipping created deployment.apps/shippingservice created
创建服务:
kubectl apply -f kubernetes-manifests/services
预期输出:
service/adservice created service/cartservice created service/checkoutservice created service/currencyservice created service/emailservice created service/frontend created service/frontend-external created service/paymentservice created service/productcatalogservice created service/recommendationservice created service/shippingservice created
创建服务条目:
kubectl apply -f istio-manifests/allow-egress-googleapis.yaml
预期输出:
serviceentry.networking.istio.io/allow-egress-googleapis created serviceentry.networking.istio.io/allow-egress-google-metadata created
启用 Sidecar 自动注入功能
如需启用自动注入功能,请使用默认注入标签(如果设置了默认标记)或名称空间的修订版本标签为您的命名空间添加标签。您添加的标签还取决于您是部署了代管式 Cloud Service Mesh,还是安装了集群内控制平面。Sidecar 注入器 Webhook 会使用标签将注入的 Sidecar 与特定控制层面修订版本相关联。
集群内
使用以下命令查找
istiod
的标签:kubectl get deploy -n istio-system -l app=istiod -o \ jsonpath={.items[*].metadata.labels.'istio\.io\/rev'}'{"\n"}'
该命令会输出与 Cloud Service Mesh 版本对应的修订版本标签,例如:
asm-1234-1
将修订版本标签应用于应用命名空间。在以下命令中,REVISION 是您在上一步中记下的
istiod
修订版本标签的值。for ns in ad cart checkout currency email frontend loadgenerator \ payment product-catalog recommendation shipping; do kubectl label namespace $ns istio.io/rev=REVISION --overwrite done;
预期输出:
namespace/ad labeled namespace/cart labeled namespace/checkout labeled namespace/currency labeled namespace/email labeled namespace/frontend labeled namespace/loadgenerator labeled namespace/payment labeled namespace/product-catalog labeled namespace/recommendation labeled namespace/shipping labeled
重启 pod:
for ns in ad cart checkout currency email frontend loadgenerator \ payment product-catalog recommendation shipping; do kubectl rollout restart deployment -n ${ns} done;
预期输出:
deployment.apps/adservice restarted deployment.apps/cartservice restarted deployment.apps/checkoutservice restarted deployment.apps/currencyservice restarted deployment.apps/emailservice restarted deployment.apps/frontend restarted deployment.apps/loadgenerator restarted deployment.apps/paymentservice restarted deployment.apps/productcatalogservice restarted deployment.apps/recommendationservice restarted deployment.apps/shippingservice restarted
代管式服务网格
将修订版本标签应用于应用命名空间。在以下命令中,REVISION 标签必须是您受管的 Cloud Service Mesh 发布渠道的值:
asm-managed
(表示常规渠道)、asm-managed-rapid
(表示快速渠道)或asm-managed-stable
(表示稳定渠道)。for ns in ad cart checkout currency email frontend loadgenerator \ payment product-catalog recommendation shipping; do kubectl label namespace $ns istio.io/rev=REVISION --overwrite done;
预期输出:
namespace/ad labeled namespace/cart labeled namespace/checkout labeled namespace/currency labeled namespace/email labeled namespace/frontend labeled namespace/loadgenerator labeled namespace/payment labeled namespace/product-catalog labeled namespace/recommendation labeled namespace/shipping labeled
如果您还部署了可选的代管式数据平面,请按如下方式为应用命名空间添加注解:
for ns in ad cart checkout currency email frontend loadgenerator \ payment product-catalog recommendation shipping; do kubectl annotate --overwrite namespace $ns mesh.cloud.google.com/proxy='{"managed":"true"}' done;
重启 pod:
for ns in ad cart checkout currency email frontend loadgenerator \ payment product-catalog recommendation shipping; do kubectl rollout restart deployment -n ${ns} done;
预期输出:
deployment.apps/adservice restarted deployment.apps/cartservice restarted deployment.apps/checkoutservice restarted deployment.apps/currencyservice restarted deployment.apps/emailservice restarted deployment.apps/frontend restarted deployment.apps/loadgenerator restarted deployment.apps/paymentservice restarted deployment.apps/productcatalogservice restarted deployment.apps/recommendationservice restarted deployment.apps/shippingservice restarted
公开和访问应用
您在网格外部公开应用的方式取决于您是否部署了入站流量网关。您可以选择使用 istio 入站流量网关或使用 Kubernetes 服务公开应用。
使用入站流量网关
如果您按照前提条件中指定的方式将入站流量网关部署到集群,请执行以下步骤以使用该网关公开应用。
为前端服务部署
Gateway
和VirtualService
kubectl apply -f istio-manifests/frontend-gateway.yaml
预期输出:
gateway.networking.istio.io/frontend-gateway created virtualservice.networking.istio.io/frontend-ingress created
获取入站流量网关的外部 IP 地址。将占位符替换为以下信息:
GATEWAY_SERVICE_NAME:入站流量网关服务的名称。如果您部署了示例网关而未进行修改,或者您已部署默认入站流量网关,则名称为
istio-ingressgateway
。GATEWAY_NAMESPACE:部署入站流量网关的命名空间。如果您部署了默认入站流量网关,则命名空间为
istio-system
。
kubectl get service GATEWAY_SERVICE_NAME -n GATEWAY_NAMESPACE
输出类似于以下内容:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-ingressgateway LoadBalancer 10.19.247.233 35.239.7.64 80:31380/TCP,443:31390/TCP,31400:31400/TCP 27m
在此示例中,入站流量网关的 IP 地址为
35.239.7.64
。使用浏览器访问应用,以确认安装:
http://EXTERNAL_IP/
无入站流量网关
如果您未部署入站流量网关或选择使用 Kubernetes 服务公开应用,请执行以下步骤:
部署
LoadBalancer
类型的服务以公开前端服务kubectl apply -f frontend-external.yaml
找到
frontend-external
Service 的外部 IP 地址:kubectl get service frontend-external -n frontend
使用浏览器访问应用,以确认安装:
http://EXTERNAL_IP/
您可以在 Google Cloud 控制台中探索 Cloud Service Mesh 可观测性功能。请注意,拓扑图最长可能需要 10 分钟才会显示网格中的服务。
清理
在删除 Online Boutique 之前,您可能希望通过示例使用 Cloud Service Mesh:mTLS,其使用该示例。探索完毕后,请使用以下命令移除 Online Boutique 示例:
删除应用命名空间:
kubectl delete -f kubernetes-manifests/namespaces
预期输出:
namespace "ad" deleted namespace "cart" deleted namespace "checkout" deleted namespace "currency" deleted namespace "email" deleted namespace "frontend" deleted namespace "loadgenerator" deleted namespace "payment" deleted namespace "product-catalog" deleted namespace "recommendation" deleted namespace "shipping" deleted
删除服务条目:
kubectl delete -f istio-manifests/allow-egress-googleapis.yaml
预期输出:
serviceentry.networking.istio.io "allow-egress-googleapis" deleted serviceentry.networking.istio.io "allow-egress-google-metadata" deleted