詳細教程丨如何利用Rancher和Kong實現服務網格？

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"服務網格（Service mesh）是當前新興的架構模式，越來越受到人們的青睞。與Kubernetes一起，服務網格可以形成一個強大的平臺，它可以解決在微服務集羣或服務基礎設施上發現的高度分佈式環境中出現的技術需求。服務網格是一個專門的基礎設施層，用於促進微服務之間的服務到服務通信。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"服務網格解決了基於微服務的應用中典型的通信需求，包括加密隧道、健康檢查、斷路器、負載均衡以及流量許可。如果離開微服務來解決這些需求，會導致開發過程中產生高昂的費用和耗時。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在本文中，我們將對服務網格架構模式解決的最常見的微服務通信需求進行概述。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"微服務動態和內在挑戰","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當你意識到微服務實現了相當多的與最初分配給它們的業務邏輯無關的代碼時，問題就出現了。此外，有可能你有多個微服務在非標準化的流程中實現了類似的功能。換句話說，微服務開發團隊應該專注於業務邏輯，並將低級通信能力留給特定的層。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"繼續推進我們的方案，需要考慮微服務的內在動態。在給定的時間內，你可能由於以下幾個原因而擁有一個微服務的多個實例：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"吞吐量（Throughput）：根據傳入的請求，你可能擁有更多或更少的微服務實例","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"金絲雀發佈","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"藍綠部署","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"A/B測試","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"簡而言之，微服務到微服務的通信有特定的需求和問題需要解決。以下圖片展示了這一方案：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/5c/5c0eba59547a63c0f688d9b253a4c075.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"該圖示描述了幾個技術挑戰。顯然，Microservice 1的主要職責是均衡所有Microservice 2實例之間的負載。因此，Microservice 1必須弄清楚我們在請求時刻有多少個Microservice 2實例。換句話說，Microservice 1必須實現服務發現和負載均衡。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"另一方面，Microservice 2必須實現一些服務註冊功能以告知Microservice 1何時有全新的實例。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"想要擁有一個完全動態的環境，以下這些功能應該是微服務開發的一部分：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"流量控制：負載均衡的自然演變。我們想指定應該發送到每個Microservice 2實例的請求數量。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在Microservice 1和2之間加密通信","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"藉助斷路器和健康檢查以解決和克服網絡問題","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總而言之，主要問題是開發團隊花費了大量資源編寫十分複雜的代碼，而這些代碼與微服務預期交付的業務邏輯不直接相關。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"有潛力的解決方案","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如何將所有微服務都可以調用的外部標準化組件中的所有非功能和操作功能外部化？例如，下圖編譯了所有功能，這些功能不屬於給定的微服務。因此，在確定所有功能之後，我們需要決定在哪裏實現它們。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/32/32266ed72a3964ebaf6ada2b91f28635.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Solution #1 ：將所有功能封裝在一個library中","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"開發者將負責調用library提供的函數來解決微服務通信需求。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這個解決方案有幾個缺點：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這是一個緊密耦合的解決方案，意味着微服務高度依賴於library","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這個模式對於分佈和升級新版本的library來說並不容易","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這不符合微服務多語言的原則，因爲這會將不同的編程語言應用於不同的上下文。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Solution #2：透明代理（Transparent Proxy）","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/0d/0d2099e6e74dbf74e6337eca78ca6ee0.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這個解決方案實現了同樣的功能集合。但是，採用了一種非常不同的方法：每個微服務都有一個特定的組件，扮演代理的角色，負責處理它的傳入和傳出流量。代理解決了我們之前描述的庫的缺點，具體如下：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"代理是透明的，這意味着微服務不會意識到它正在附近運行並實現了與其他微服務進行通信所需的所有功能。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於它是一個透明的代理，開發者不需要改變代碼來引用代理。因此，從微服務開發的角度來看，升級代理將是一個並不會對開發流程造成太大影響。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"代理可以使用微服務使用的不同技術和編程語言進行開發。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"服務網格架構模式","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雖然透明代理的方法給微服務開發團隊和微服務通信需求帶來了一些好處，但仍有一些缺失的部分：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"代理只是執行策略來實現通信需求，例如負載均衡、金絲雀發佈等。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由什麼來負責定義這樣的策略，並在所有運行的代理上發佈呢？","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"解決方案架構需要另一個組件，這些組件將被管理員用來定義策略，它將負責向代理傳播策略。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以下圖片展示了最終架構，也就是服務網格模式：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d7/d75a1f89d3f4c3cb8d7b9f33e910458a.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如你所見，該模式包含了我們所描述的兩個主要組件。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"數據平面：也被稱爲sidecar，它扮演着透明代理的角色。同樣，每個微服務都會有自己的數據平面，攔截所有的入站和出站流量，並應用之前描述的策略。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"控制平面：由管理員用來定義策略併發布到數據平面。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一些重要的事情需要注意：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這是一個 \"push-based \"的架構。數據平面不做 \"調用 \"來獲取策略——那將會消耗網絡。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"數據平面通常向控制平面或特定的基礎設施報告使用指標。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"手把手教你使用Rancher、Kong和Kong Mesh","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong提供了一個企業級的綜合服務連接平臺，其包括了API gateway、Kubernetes ingress controller以及服務網格實現。該平臺允許用戶部署多個環境，如本地、混合雲、多區域以及多雲環境。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"讓我們藉助運行在獨立於雲架構（cloud-agnostic）的Kubernetes集羣上的金絲雀發佈來實現服務網格，該集羣可能包括GKE集羣或任何其他的Kubernetes發行版。服務網格將由Kong Mesh實現，並由Kong for Kubernetes作爲Kubernetes Ingress Controller。一般而言，ingress controller負責定義進入你的Kubernetes集羣的入口點，暴露部署在其內部的微服務，並對其實行消費策略。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先，確保你已經安裝Rancher以及正在運行一個由Rancher管理的Kubernetes集羣。在登錄到Rancher之後，選在我們將要使用的Kubernetes集羣，在本例中爲“kong-rancher”。點擊","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Cluster Explorer","attrs":{}},{"type":"text","text":"。你將會重定向到以下頁面：","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/56/56007e22c3f661281c8d392ca8210a12.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"現在，讓我們從服務網格開始：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、 Kong Mesh Helm Chart","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"回到Rancher Cluster Manger主頁並再次選擇你的集羣。點擊菜單欄的“Tools”選項然後點擊","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Catalogs","attrs":{}},{"type":"text","text":"，以創建一個新的catalog。點擊","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Add Catalog","attrs":{}},{"type":"text","text":"按鈕，將Kong Mesh的Helm chart收錄其中（h","attrs":{}},{"type":"text","marks":[{"type":"underline","attrs":{}}],"text":"ttps://kong.github.io/kong-mesh-charts/","attrs":{}},{"type":"text","text":"）。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"選擇","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Global","attrs":{}},{"type":"text","text":"作爲範圍，","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Helm v3","attrs":{}},{"type":"text","text":"作爲Helm版本。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/2d/2df128706fc3de02ad62e1e0bcb3a913.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"現在點擊","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Apps","attrs":{}},{"type":"text","text":"和","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Launch","attrs":{}},{"type":"text","text":"來查看在Catalog中可用的Kong Mesh。請注意，Kong作爲Rancher的合作伙伴默認提供了Kong for Kubernetes的Helm chart：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/1c/1ccbb45a4f4fcd49b4bd42839f1097c0.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、 安裝Kong Mesh","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"點擊頂部菜單欄","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Namespaces","attrs":{}},{"type":"text","text":"選項並創建一個“kong-mesh-system”命名空間。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/f9/f9fd77efca876d8779b45f7cd88afde4.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"將鼠標移到","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"kong-rancher","attrs":{}},{"type":"text","text":"頂部菜單選項上，點擊kong-rancher活動集羣。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/90/904fa3393ede02fc0933a5a30ecaf23a.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"點擊","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Launch kubetcl","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/76/76e4cbe15ca82ddac27a720e6e290250.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"創建一個名爲“license.json”的文件，用於存放你從Kong Mesh收到的license。格式如下：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"\n{“license”:\n{“version”:1,“signature”:“6a7c81af4b0a42b380be25c2816a2bb1d761c0f906ae884f93eeca1fd16c8b5107cb6997c958f45d247078ca50a25399a5f87d546e59ea3be28284c3075a9769”,“payload”:\n{“customer”:“Kong_SE_Demo_H1FY22”,“license_creation_date”:“2020-11-30”,“product_subscription”:“Kong Enterprise Edition”,“support_plan”:“None”,“admin_seats”:“5”,“dataplanes”:“5”,“license_expiration_date”:“2021-06-30”,“license_key”:“XXXXXXXXXXXXX”}}}","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"現在使用以下命令創建一個Kubernetes通用密鑰：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"kubectl create secret generic kong-mesh-license -n kong-mesh-system --from-file=./license.json","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"關閉kubectl會話，點擊","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Default","attrs":{}},{"type":"text","text":"項目以及頂部菜單欄的","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Apps","attrs":{}},{"type":"text","text":"。點擊Launch按鈕並選擇","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"kong-mesh","attrs":{}},{"type":"text","text":" Helm chart。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/41/41690f512002fd9791acc7c76b78c07b.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"點擊","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Use an existing namespace","attrs":{}},{"type":"text","text":"並選擇我們剛剛創建的那個。這有幾個參數(","attrs":{}},{"type":"text","marks":[{"type":"underline","attrs":{}}],"text":"https://artifacthub.io/packages/helm/kong-mesh/kong-mesh","attrs":{}},{"type":"text","text":")來配置Kong Mesh，但我們將保留所有默認值。點擊","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Launch","attrs":{}},{"type":"text","text":"之後，你應該看到Kong Mesh應用程序部署完成。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/84/842b53eb5b85c295891273742829150c.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"你可以再次使用Rancher Cluster Explorer來檢查安裝。點擊左側菜單的","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Pods","attrs":{}},{"type":"text","text":"並選擇","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"kong-mesh-system","attrs":{}},{"type":"text","text":"的命名空間。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/84/842e6d368289068612b5c3d651be0438.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"你也可以像這樣使用kubectl：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"NAMESPACE NAME READY STATUS RESTARTS AGE\ncattle-system cattle-cluster-agent-785fd5f54d-r7x8r 1/1 Running 0 75m\nfleet-system fleet-agent-77c78f9c74-f97tv 1/1 Running 0 75m\nkong-mesh-system kuma-control-plane-5b9c6f4598-nvq8q 1/1 Running 0 16m\nkube-system event-exporter-gke-666b7ffbf7-n9lfl 2/2 Running 0 76m\nkube-system fluentbit-gke-xqsdv 2/2 Running 0 76m\nkube-system gke-metrics-agent-gjrqr 1/1 Running 0 76m\nkube-system konnectivity-agent-4c4hf 1/1 Running 0 76m\nkube-system kube-dns-66d6b7c877-tq877 4/4 Running 0 76m\nkube-system kube-dns-autoscaler-5c78d65cd9-5hcxs 1/1 Running 0 76m\nkube-system kube-proxy-gke-c-kpwnf-default-0-be059c1c-49qp 1/1 Running 0 76m\nkube-system l7-default-backend-5b76b455d-v6dvg 1/1 Running 0 76m\nkube-system metrics-server-v0.3.6-547dc87f5f-qntjf 2/2 Running 0 75m\nkube-system prometheus-to-sd-fdf9j 1/1 Running 0 76m\nkube-system stackdriver-metadata-agent-cluster-level-68d94db6-64n4r 2/2 Running 1 75m","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3、 微服務部署","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們的Service Mesh部署是基於一個簡單的微服務到微服務的通信場景。由於我們運行的是金絲雀發佈，被調用的微服務有兩個版本：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“magnanimo”：通過Kong暴露Kubernetes ingress controller。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“benigno”：提供了一個 “hello” endpoint，在這個端點中，它呼應了當前的datetime。它有一個金絲雀發佈，會發送一個稍微不同的響應。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"下圖展示了這一架構：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/19/194f7f5d10f2c6a81219164cd50157e6.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"創建一個帶有sidecar注入註釋的命名空間。你可以再次使用Rancher Cluster Manager：選擇你的集羣，然後單擊","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Projects/Namespaces","attrs":{}},{"type":"text","text":"。點擊","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Add Namespace","attrs":{}},{"type":"text","text":"。輸入 “kong-mesh-app” 作爲名稱，幷包含一個帶有 “kuma.io/sidecar-injection” 鍵和 “enabled” 作爲其值的註釋。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a0/a05e84bf74cff3536ab0e8dae70973f4.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當然，你也可以選擇使用kubectl","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"kubectl create namespace kong-mesh-app\n\nkubectl annotate namespace kong-mesh-app kuma.io/sidecar-injection=enabled\n\nSubmit the following declaration to deploy Magnanimo injecting the Kong Mesh data plane\n\ncat < 443/TCP 79m\nkong-mesh-app benigno ClusterIP 10.0.20.52 5000/TCP 4m6s\nkong-mesh-app magnanimo ClusterIP 10.0.30.251 4000/TCP 7m18s\nkong-mesh-system kuma-control-plane ClusterIP 10.0.21.228 5681/TCP,5682/TCP,443/TCP,5676/TCP,5678/TCP,5653/UDP 18m\nkube-system default-http-backend NodePort 10.0.19.10 80:32296/TCP 79m\nkube-system kube-dns ClusterIP 10.0.16.10 53/UDP,53/TCP 79m\nkube-system metrics-server ClusterIP 10.0.20.174 443/TCP 79m","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"你也可以使用Kong Mesh控制檯來檢查微服務和數據平面。在Terminal上運行以下命令：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"kubectl port-forward service/kuma-control-plane -n kong-mesh-system 5681","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"重定向你的瀏覽器到","attrs":{}},{"type":"text","marks":[{"type":"underline","attrs":{}}],"text":"http://localhost:5681/gui","attrs":{}},{"type":"text","text":"。點擊","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Skip to Dashboard","attrs":{}},{"type":"text","text":"和","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"All Data Plane Proxies","attrs":{}},{"type":"text","text":"：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/38/386c59f05292a09c73cfaaf720b343b9.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"啓動一個循環，看看金絲雀發佈的運行情況。注意服務已經被部署爲ClusterIP類型，所以你需要用 “port-forward”直接暴露它們。下一步將展示如何用Ingress Controller暴露服務。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在本地terminal上運行：","attrs":{}}]},{"type":"codeblock","attrs":{"lang":null},"content":[{"type":"text","text":"kubectl port-forward service/magnanimo -n kong-mesh-app 4000","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"打開另一個Terminal，開始循環。請求要到Magnanimo提供的4000端口。路徑“/hw2 ”將請求路由到Benigno服務，它後面有兩個endpoint，與Benigno兩個版本有關：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":null},"content":[{"type":"text","text":"while [1]; do curl http://localhost:4000/hw2; echo; done","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"你應該看到類似下方的結果：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"Hello World, Benigno: 2020-11-20 12:57:05.811667\nHello World, Benigno: 2020-11-20 12:57:06.304731\nHello World, Benigno, Canary Release: 2020-11-20 12:57:06.789208\nHello World, Benigno: 2020-11-20 12:57:07.269674\nHello World, Benigno, Canary Release: 2020-11-20 12:57:07.755884\nHello World, Benigno, Canary Release: 2020-11-20 12:57:08.240453\nHello World, Benigno: 2020-11-20 12:57:08.728465\nHello World, Benigno: 2020-11-20 12:57:09.208588\nHello World, Benigno, Canary Release: 2020-11-20 12:57:09.689478\nHello World, Benigno, Canary Release: 2020-11-20 12:57:10.179551\nHello World, Benigno: 2020-11-20 12:57:10.662465\nHello World, Benigno: 2020-11-20 12:57:11.145237\nHello World, Benigno, Canary Release: 2020-11-20 12:57:11.618557\nHello World, Benigno: 2020-11-20 12:57:12.108586\nHello World, Benigno, Canary Release: 2020-11-20 12:57:12.596296\nHello World, Benigno, Canary Release: 2020-11-20 12:57:13.093329\nHello World, Benigno: 2020-11-20 12:57:13.593487\nHello World, Benigno, Canary Release: 2020-11-20 12:57:14.068870","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"4、 控制金絲雀發佈的成本","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"正如我們所見，兩個Benigno微服務發佈的請求使用了循環策略。也就是說，我們無法控制金絲雀發佈的花銷。Service Mesh允許我們定義何時以及如何將金絲雀發佈暴露給我們的consumer（在本例中指Magnanimo微服務）。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"要定義一個策略來控制流向兩個版本的流量，需要使用下面這個聲明。它說90%的流量應該流向當前版本，而只有10%的流量應該重定向到金絲雀發佈。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"cat < 443/TCP 85m\nkong-mesh-app benigno ClusterIP 10.0.20.52 5000/TCP 10m\nkong-mesh-app magnanimo ClusterIP 10.0.30.251 4000/TCP 13m\nkong-mesh-system kuma-control-plane ClusterIP 10.0.21.228 5681/TCP,5682/TCP,443/TCP,5676/TCP,5678/TCP,5653/UDP 24m\nkong kong-kong-proxy LoadBalancer 10.0.26.38 35.222.91.194 80:31867/TCP,443:31039/TCP 78s\nkube-system default-http-backend NodePort 10.0.19.10 80:32296/TCP 85m\nkube-system kube-dns ClusterIP 10.0.16.10 53/UDP,53/TCP 85m\nkube-system metrics-server ClusterIP 10.0.20.174 443/TCP 85m\n","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"6、 創建Ingress","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過下面的聲明，我們將通過一個Ingress和它的路由 “/route1” 來暴露Magnanimo微服務。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"cat <