部署 Online Boutique 示例应用

本指南介绍如何安装 Online Boutique 示例应用来演示 Cloud Service Mesh。如果您需要预配 Cloud Service Mesh,请参阅预配指南

下载和部署示例

要部署应用,您首先需要使用 kptanthos-service-mesh-packages 代码库下载 Online Boutique 清单。anthos-service-mesh-packages 代码库中的 Online Boutique 示例应用在 microservices-demo 代码库中原始清单集的基础上进行了修改。按照最佳做法,每项服务都会部署在具有唯一服务账号的单独命名空间中。

  1. 如果您尚未安装 kpt,请进行安装:

    gcloud components install kpt
    
  2. 使用 kpt 下载示例:

    kpt pkg get \
      https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages.git/samples/online-boutique \
      online-boutique
    

    预期输出

    Package "online-boutique":
    Fetching https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages@main
    From https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages
    * branch            main       -> FETCH_HEAD
    Adding package "samples/online-boutique".
    Fetched 1 package(s).
    
  3. 导航到 online-boutique 目录:

    cd online-boutique
    
  4. 为应用创建命名空间:

    kubectl apply -f kubernetes-manifests/namespaces
    

    预期输出:

    namespace/ad created
    namespace/cart created
    namespace/checkout created
    namespace/currency created
    namespace/email created
    namespace/frontend created
    namespace/loadgenerator created
    namespace/payment created
    namespace/product-catalog created
    namespace/recommendation created
    namespace/shipping created
    
  5. 将示例部署到集群。

    1. 创建服务账号和部署:

      kubectl apply -f kubernetes-manifests/deployments
      

      预期输出:

      serviceaccount/ad created
      deployment.apps/adservice created
      serviceaccount/cart created
      deployment.apps/cartservice created
      serviceaccount/checkout created
      deployment.apps/checkoutservice created
      serviceaccount/currency created
      deployment.apps/currencyservice created
      serviceaccount/email created
      deployment.apps/emailservice created
      serviceaccount/frontend created
      deployment.apps/frontend created
      serviceaccount/loadgenerator created
      deployment.apps/loadgenerator created
      serviceaccount/payment created
      deployment.apps/paymentservice created
      serviceaccount/product-catalog created
      deployment.apps/productcatalogservice created
      serviceaccount/recommendation created
      deployment.apps/recommendationservice created
      serviceaccount/shipping created
      deployment.apps/shippingservice created
      
    2. 创建服务:

      kubectl apply -f kubernetes-manifests/services
      

      预期输出:

      service/adservice created
      service/cartservice created
      service/checkoutservice created
      service/currencyservice created
      service/emailservice created
      service/frontend created
      service/frontend-external created
      service/paymentservice created
      service/productcatalogservice created
      service/recommendationservice created
      service/shippingservice created
      
    3. 创建服务条目:

      kubectl apply -f istio-manifests/allow-egress-googleapis.yaml
      

      预期输出:

      serviceentry.networking.istio.io/allow-egress-googleapis created
      serviceentry.networking.istio.io/allow-egress-google-metadata created
      

启用 Sidecar 自动注入功能

  1. 将默认注入标签应用于应用命名空间。

    for ns in ad cart checkout currency email frontend loadgenerator \
       payment product-catalog recommendation shipping; do
          kubectl label namespace $ns istio-injection=enabled --overwrite
    done;
    

    预期输出:

    namespace/ad labeled
    namespace/cart labeled
    namespace/checkout labeled
    namespace/currency labeled
    namespace/email labeled
    namespace/frontend labeled
    namespace/loadgenerator labeled
    namespace/payment labeled
    namespace/product-catalog labeled
    namespace/recommendation labeled
    namespace/shipping labeled
    
  2. 如果您使用的是托管式 Cloud Service Mesh 且部署了可选的代管式数据平面,请按如下方式为应用命名空间添加注解:

    for ns in ad cart checkout currency email frontend loadgenerator \
       payment product-catalog recommendation shipping; do
          kubectl annotate --overwrite namespace $ns mesh.cloud.google.com/proxy='{"managed":"true"}'
    done;
    
  3. 重启 pod:

    for ns in ad cart checkout currency email frontend loadgenerator \
       payment product-catalog recommendation shipping; do
          kubectl rollout restart deployment -n ${ns}
    done;
    

    预期输出:

    deployment.apps/adservice restarted
    deployment.apps/cartservice restarted
    deployment.apps/checkoutservice restarted
    deployment.apps/currencyservice restarted
    deployment.apps/emailservice restarted
    deployment.apps/frontend restarted
    deployment.apps/loadgenerator restarted
    deployment.apps/paymentservice restarted
    deployment.apps/productcatalogservice restarted
    deployment.apps/recommendationservice restarted
    deployment.apps/shippingservice restarted
    

公开和访问应用

您在网格外部公开应用的方式取决于您是否部署了入站流量网关。您可以选择使用 istio 入站流量网关或使用 Kubernetes 服务公开应用。

使用入站流量网关

如果您按照前提条件中指定的方式将入站流量网关部署到集群,请执行以下步骤以使用该网关公开应用。

  1. 为前端服务部署 GatewayVirtualService

    kubectl apply -f istio-manifests/frontend-gateway.yaml
    

    预期输出:

    gateway.networking.istio.io/frontend-gateway created
    virtualservice.networking.istio.io/frontend-ingress created
    
  2. 获取入站流量网关的外部 IP 地址。将占位符替换为以下信息:

    • GATEWAY_SERVICE_NAME:入站流量网关服务的名称。如果您部署了示例网关而未进行修改,或者您已部署默认入站流量网关,则名称为 istio-ingressgateway

    • GATEWAY_NAMESPACE:部署入站流量网关的命名空间。如果您部署了默认入站流量网关,则命名空间为 istio-system

    kubectl get service GATEWAY_SERVICE_NAME  -n GATEWAY_NAMESPACE
    

    输出类似于以下内容:

    NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                                      AGE
    istio-ingressgateway   LoadBalancer   10.19.247.233   35.239.7.64   80:31380/TCP,443:31390/TCP,31400:31400/TCP   27m
    

    在此示例中,入站流量网关的 IP 地址为 35.239.7.64

  3. 使用浏览器访问应用,以确认安装:

    http://EXTERNAL_IP/
    

无入站流量网关

如果您未部署入站流量网关或选择使用 Kubernetes 服务公开应用,请执行以下步骤:

  1. 部署 LoadBalancer 类型的服务以公开前端服务

    kubectl apply -f frontend-external.yaml
    
  2. 找到 frontend-external Service 的外部 IP 地址:

    kubectl get service frontend-external -n frontend
    
  3. 使用浏览器访问应用,以确认安装:

    http://EXTERNAL_IP/
    

您可以在 Google Cloud 控制台中探索 Cloud Service Mesh 可观测性功能。请注意,拓扑图最长可能需要 10 分钟才会显示网格中的服务。

清理

在删除 Online Boutique 之前,您可能希望通过示例使用 Cloud Service Mesh:mTLS,其使用该示例。探索完毕后,请使用以下命令移除 Online Boutique 示例:

  1. 删除应用命名空间:

    kubectl delete -f kubernetes-manifests/namespaces
    

    预期输出:

    namespace "ad" deleted
    namespace "cart" deleted
    namespace "checkout" deleted
    namespace "currency" deleted
    namespace "email" deleted
    namespace "frontend" deleted
    namespace "loadgenerator" deleted
    namespace "payment" deleted
    namespace "product-catalog" deleted
    namespace "recommendation" deleted
    namespace "shipping" deleted
    
  2. 删除服务条目:

    kubectl delete -f istio-manifests/allow-egress-googleapis.yaml
    

    预期输出:

    serviceentry.networking.istio.io "allow-egress-googleapis" deleted
    serviceentry.networking.istio.io "allow-egress-google-metadata" deleted
    

后续步骤