Ambassador 服務配置
Ambassador提供了三種服務配置方法。
- CRDs方式:Customer Resource Definitions
- 註解方式:Kubernetes Service Annotations
- Ingress方式:Kubernetes Ingress
CRDs方式
Ambassador系列-01-介紹、安裝和使用一節中使用的就是CRDs方式,路由規則都定義在Mapping CRD中。
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: echo-server-mapping
spec:
prefix: /
service: echo:8080
註解方式
在Service中增加Mapping註解,該Mapping只對該Service生效。prefix爲路徑前綴,service爲服務名+端口,後面有詳細解釋。
vi httpbin-service.yaml
---
apiVersion: v1
kind: Service
metadata:
name: httpbin
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v1
kind: Mapping
name: httpbin-mapping
prefix: /http
service: httpbin:80
labels:
app: httpbin
spec:
ports:
- name: http
port: 80
targetPort: 80
selector:
app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
template:
metadata:
labels:
app: httpbin
spec:
containers:
- image: docker.io/kennethreitz/httpbin
name: httpbin
ports:
- containerPort: 80
kubectl apply -f httpbin-service.yaml
service/httpbin created
deployment.apps/httpbin created
kubectl get pod
NAME READY STATUS RESTARTS AGE
ambassador-877b57b69-cvzbl 1/1 Running 1 8d
ambassador-877b57b69-rtgcq 1/1 Running 1 8d
echo-5599595fd9-2vfnt 1/1 Running 1 8d
echo-5599595fd9-ffxpn 1/1 Running 1 8d
httpbin-8c4b74ffb-f5j6b 1/1 Running 0 7m54s
驗證一下。
curl -i http://192.168.1.50:38080/http/status/200
HTTP/1.1 200 OK
server: envoy
date: Sat, 07 Dec 2019 03:35:56 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0
x-envoy-upstream-service-time: 6
lua-scripts-enabled: Processed
Ingress方式
Ambassador支持Ingress Controller,在Ingress中的配置下發給Ambassador,最終應用到Envoy中。
vi echo-server-ingress.yaml
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: ambassador
name: echo-server-ingress
spec:
rules:
- http:
paths:
- path: /bar/
backend:
serviceName: echo
servicePort: 8080
kubectl apply -f echo-server-ingress.yaml
curl -i http://192.168.1.50:38080/bar
HTTP/1.1 200 OK
date: Sat, 07 Dec 2019 03:57:59 GMT
content-type: text/plain
server: envoy
x-envoy-upstream-service-time: 2
lua-scripts-enabled: Processed
transfer-encoding: chunked
Hostname: echo-5599595fd9-2vfnt
Pod Information:
node name: k8s-node1
pod name: echo-5599595fd9-2vfnt
pod namespace: default
pod IP: 10.244.1.4
Server values:
server_version=nginx: 1.14.2 - lua: 10015
Request Information:
client_address=10.244.1.5
method=GET
real path=/
query=
request_version=1.1
request_scheme=http
request_uri=http://192.168.1.50:8080/
Request Headers:
accept=*/*
content-length=0
host=192.168.1.50:38080
user-agent=curl/7.29.0
x-envoy-expected-rq-timeout-ms=3000
x-envoy-internal=true
x-envoy-original-path=/bar
x-forwarded-for=10.244.0.0
x-forwarded-proto=http
x-request-id=b7463d93-bf82-483c-8717-ad55c4d2088d
Request Body:
-no body in request-
服務發現
Ambassador支持三種服務發現機制。
- Kubernetes服務級別發現Kubernetes service-level discovery
默認情況下,Ambassador使用Kubernetes DNS和服務級別發現。根據Mapping的配置,Ambassador查詢Service的DNS地址。流量將被路由到Service。然後,Kubernetes將負載均衡多個Pod之間的流量。
- Kubernetes端點級發現Kubernetes endpoint-level discovery
在負載均衡中使用,如回話親和ring_hash負載均衡算法,Ambassador繞過服務級別發現,直接通過端點發現服務。
- Consul端點級發現
Ambassador可以和Consul集成,以進行端點級服務發現。Ambassador從Consul中獲取端點信息。
服務定義
Ambassador服務定義爲[scheme://]service[.namespace][:port]
- scheme:http/https;默認值爲http。
- service:服務名稱,Kubernetes、Consul的服務名稱,或者外部服務地址。
- namespace:如果未指定,則默認爲Ambassador的名稱空間。
- port:服務對應的port,如果爲未指定,則當http時默認爲80,當https時默認爲443。
Ambassador系列文章
Ambassador系列-06-金絲雀發佈、斷路器、CORS和流量鏡像
Ambassador系列-07-TCP映射TCPMapping
Ambassador系列-08-TLS配置-HTTPS重定向和TLS終結
Ambassador系列-09-AuthService認證服務