內容目錄
目前已經是K8S SIG的標準API,稱為Gateway API。
安裝 Gateway API CRDs
目前 Gateway API 還不包含在 K8S 中,下面會安裝基本的三種資源:
-
GatewayClass
-
Gateway
-
HTTPRoute
[root@dev-rancher ContourGatewayApi]# kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v0.6.0/standard-install.yaml customresourcedefinition.apiextensions.k8s.io/gatewayclasses.gateway.networking.k8s.io configured customresourcedefinition.apiextensions.k8s.io/gateways.gateway.networking.k8s.io configured customresourcedefinition.apiextensions.k8s.io/httproutes.gateway.networking.k8s.io configured customresourcedefinition.apiextensions.k8s.io/referencegrants.gateway.networking.k8s.io configured namespace/gateway-system unchanged validatingwebhookconfiguration.admissionregistration.k8s.io/gateway-api-admission configured service/gateway-api-admission-server unchanged deployment.apps/gateway-api-admission-server configured serviceaccount/gateway-api-admission unchanged clusterrole.rbac.authorization.k8s.io/gateway-api-admission unchanged clusterrolebinding.rbac.authorization.k8s.io/gateway-api-admission unchanged role.rbac.authorization.k8s.io/gateway-api-admission unchanged rolebinding.rbac.authorization.k8s.io/gateway-api-admission unchanged job.batch/gateway-api-admission unchanged job.batch/gateway-api-admission-patch unchanged
安裝 Contour Gateway
Contour 替我們準備了「懶人安裝包」:
[root@dev-rancher ContourGatewayApi]# kubectl apply -f https://projectcontour.io/quickstart/contour-gateway-provisioner.yaml customresourcedefinition.apiextensions.k8s.io/contourconfigurations.projectcontour.io created customresourcedefinition.apiextensions.k8s.io/contourdeployments.projectcontour.io created customresourcedefinition.apiextensions.k8s.io/extensionservices.projectcontour.io created customresourcedefinition.apiextensions.k8s.io/httpproxies.projectcontour.io created customresourcedefinition.apiextensions.k8s.io/tlscertificatedelegations.projectcontour.io created customresourcedefinition.apiextensions.k8s.io/gatewayclasses.gateway.networking.k8s.io configured customresourcedefinition.apiextensions.k8s.io/gateways.gateway.networking.k8s.io configured customresourcedefinition.apiextensions.k8s.io/httproutes.gateway.networking.k8s.io configured customresourcedefinition.apiextensions.k8s.io/referencegrants.gateway.networking.k8s.io configured customresourcedefinition.apiextensions.k8s.io/referencepolicies.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/tcproutes.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/tlsroutes.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/udproutes.gateway.networking.k8s.io created namespace/gateway-system unchanged validatingwebhookconfiguration.admissionregistration.k8s.io/gateway-api-admission configured service/gateway-api-admission-server unchanged deployment.apps/gateway-api-admission-server configured serviceaccount/gateway-api-admission unchanged clusterrole.rbac.authorization.k8s.io/gateway-api-admission unchanged clusterrolebinding.rbac.authorization.k8s.io/gateway-api-admission unchanged role.rbac.authorization.k8s.io/gateway-api-admission unchanged rolebinding.rbac.authorization.k8s.io/gateway-api-admission unchanged job.batch/gateway-api-admission unchanged job.batch/gateway-api-admission-patch unchanged namespace/projectcontour created serviceaccount/contour-gateway-provisioner created clusterrole.rbac.authorization.k8s.io/contour-gateway-provisioner created role.rbac.authorization.k8s.io/contour-gateway-provisioner created rolebinding.rbac.authorization.k8s.io/contour-gateway-provisioner-leader-election created clusterrolebinding.rbac.authorization.k8s.io/contour-gateway-provisioner created deployment.apps/contour-gateway-provisioner created
然後等待 projectcontournamespace 下的 contour-gateway-provisioner這個 pod 啟動:
[root@dev-rancher ContourGatewayApi]# kubectl get pods -n projectcontour -o wide --watch NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES contour-echo-gateway-847f9494f4-j2z9c 1/1 Running 0 30m 10.42.1.174 node3 <none> <none> contour-echo-gateway-847f9494f4-xkvbt 1/1 Running 0 30m 10.42.2.201 node2 <none> <none> contour-gateway-provisioner-7c9896c66-hp2j7 1/1 Running 0 35m 10.42.1.172 node3 <none> <none>
測試資源:echo.yaml
這個 manifest 定義了所有東西:
-
Deployment:3 個 echo-serverpod (port 3000)
-
ClusterIP Service (port 8080)
-
GatewayClass (Contour)
-
Gateway (Contour, port 80)
-
HTTPRoute (/echo)
這裡建的 GatewayClass 一定會在 projectcontournamespace,但 Gateway 可以在別的地方。
HTTPRoute 會同時指向 Gateway 以及它要對應的服務,而就筆者草率測試,HTTPRoute 似乎必須服務位在同一個 namespace,而這也反映了各 namespace 可以管理自己的 HTTPRoute 而不影響其他 namespace。
#
# Deployment
#
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo-deployment
namespace: echo
spec:
selector:
matchLabels:
app: echo-app
replicas: 3
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: echo-app
spec:
containers:
- name: echo-app
image: ealen/echo-server:latest
imagePullPolicy: Always
env:
- name: PORT
value: "3000"
ports:
- containerPort: 3000
---
#
# Service
#
apiVersion: v1
kind: Service
metadata:
name: echo-service
namespace: echo
spec:
type: ClusterIP
selector:
app: echo-app
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 3000
---
#
# GatewayClass
#
apiVersion: gateway.networking.k8s.io/v1beta1
kind: GatewayClass
metadata:
name: contour
namespace: projectcontour
spec:
controllerName: projectcontour.io/gateway-controller
---
#
# Gateway
#
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: echo-gateway
namespace: projectcontour
spec:
gatewayClassName: contour
listeners:
- name: http
protocol: HTTP
port: 80
allowedRoutes:
kinds:
- kind: HTTPRoute
namespaces:
from: All
---
#
# HTTPRoute
#
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: echo-route
namespace: echo
spec:
parentRefs:
- name: echo-gateway
namespace: projectcontour
rules:
- backendRefs:
- name: echo-service
namespace: echo
port: 8080
matches:
- path:
type: PathPrefix
value: /echo
首先建立 echonamespace:
kubectl create ns echo
然後部署以上資源:
kubectl apply -f echo.yaml
來查看一下 HTTPRoute 的內容:
kubectl describe -n echo httproute
得到
[root@dev-rancher ContourGatewayApi]# kubectl describe -n echo httproute
Name: echo-route
Namespace: echo
Labels: <none>
Annotations: <none>
API Version: gateway.networking.k8s.io/v1beta1
Kind: HTTPRoute
Metadata:
Creation Timestamp: 2022-12-28T06:06:19Z
Generation: 1
Managed Fields:
API Version: gateway.networking.k8s.io/v1beta1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:parentRefs:
f:rules:
Manager: kubectl-client-side-apply
Operation: Update
Time: 2022-12-28T06:06:19Z
API Version: gateway.networking.k8s.io/v1beta1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:parents:
Manager: contour
Operation: Update
Subresource: status
Time: 2022-12-28T06:06:31Z
Resource Version: 37097190
UID: 5dbd95e1-d09a-4d37-b78e-a1cdb18a85b8
Spec:
Parent Refs:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: echo-gateway
Namespace: projectcontour
Rules:
Backend Refs:
Group:
Kind: Service
Name: echo-service
Namespace: echo
Port: 8080
Weight: 1
Matches:
Path:
Type: PathPrefix
Value: /echo
Status:
Parents:
Conditions:
Last Transition Time: 2022-12-28T06:06:31Z
Message: Accepted HTTPRoute
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Controller Name: projectcontour.io/gateway-controller
Parent Ref:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: echo-gateway
Namespace: projectcontour
Events: <none>
瀏覽器開啟
