1、ambassador是datawire開源的服務網關，很好的支持kubernetes。具體詳細介紹參考官網：https://www.getambassador.io/about/why-ambassador

?

本節主要講述整個部署過程和簡單實用，具體詳細的資料搶參考官網。

2、部署

本次主要介紹將ambassador部署到自己的kubernetes集群里面，根據官網介紹部署方式有幾種：

1）yaml部署，即定義yaml文件，使用kubectl 直接部署

2) helm部署，如果用helm部署則需要在kubernetes中現安裝tiller（helm的server端）

yaml部署：

新版本的k8s集群都開啟了rbac認證，所以需要提前創建rbac文件，進行授權：

wget https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml --- apiVersion: v1 kind: Service metadata:labels:service: ambassador-adminname: ambassador-adminnamespace: tiller-world spec:type: NodePortports:- name: ambassador-adminport: 8877targetPort: 8877selector:service: ambassador--- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata:name: ambassador rules: - apiGroups: [""]resources:- servicesverbs: ["get", "list", "watch"] - apiGroups: [""]resources:- configmapsverbs: ["create", "update", "patch", "get", "list", "watch"] - apiGroups: [""]resources:- secretsverbs: ["get", "list", "watch"] - apiGroups: [""]resources:- namespacesverbs: ["get", "list", "watch"] --- apiVersion: v1 kind: ServiceAccount metadata:name: ambassadornamespace: tiller-world --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata:name: ambassador roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: ambassador subjects: - kind: ServiceAccountname: ambassadornamespace: tiller-world --- apiVersion: extensions/v1beta1 kind: Deployment metadata:name: ambassadornamespace: tiller-world spec:replicas: 3template:metadata:annotations:sidecar.istio.io/inject: "false""consul.hashicorp.com/connect-inject": "false"labels:service: ambassadorspec:serviceAccountName: ambassadorcontainers:- name: ambassadorimage: quay.io/datawire/ambassador:0.50.0-rc5resources:limits:cpu: 200mmemory: 200Mirequests:cpu: 100mmemory: 100Mienv:- name: AMBASSADOR_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespaceports:- name: httpcontainerPort: 80- name: httpscontainerPort: 443- name: admincontainerPort: 8877livenessProbe:httpGet:path: /ambassador/v0/check_aliveport: 8877initialDelaySeconds: 30periodSeconds: 3readinessProbe:httpGet:path: /ambassador/v0/check_readyport: 8877initialDelaySeconds: 30periodSeconds: 3restartPolicy: Always

?

我只修改了部署的namespace，tiller-world這個namespace是創建用helm部署程序用的。

創建角色及權限kubectl apply -f ambassador-rbac.yaml

接下來創建ambassador的service：

暴漏服務有多種方式：LoadBalancer、NodePort、Ingress

這里我們使用NodePort暴漏服務，k8s默認的服務暴漏端口范圍是30000～32767，當然這個端口的范圍可以在啟動apiserver的時候進行修改，指定--service-node-port-range=1-65535，修改為需要的端口范圍，最好是不要將常見服務的端口包含在內，否則容易沖突。

# cat ambassador-svc.yaml --- apiVersion: v1 kind: Service metadata:labels:service: ambassadorname: ambssador
namespace: tiller-world spec:type: NodePortports:- port: 80targetPort: 80nodePort: 30009selector:service: ambassador

這里采用NodePort方式暴漏到服務器的30009端口。可以根據需要自己制定。

?

創建一個測試route：

# cat httpbin.yaml --- apiVersion: v1 kind: Service metadata:name: httpbinannotations:getambassador.io/config: |---apiVersion: ambassador/v0kind: Mappingname: httpbin_mappingprefix: /httpbin/service: httpbin.org:80host_rewrite: httpbin.org spec:ports:- name: httpbinport: 80 # kubectl apply -f httpbin.yaml

查看部署：

# kubectl get pods -n tiller-world NAME READY STATUS RESTARTS AGE ambassador-5f66f5fd89-b2tqh 1/1 Running 0 138m ambassador-5f66f5fd89-nbrgj 1/1 Running 0 138m ambassador-5f66f5fd89-qxz55 1/1 Running 0 138m # kubectl get svc -n tiller-world NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ambassador-admin NodePort 10.108.245.217 <none> 8877:30051/TCP 138m ambssador NodePort 10.105.112.156 <none> 80:30009/TCP 104m httpbin ClusterIP 10.103.94.31 <none> 80/TCP 104m

測試訪問：

訪問的url：http://ip:30009/httpbin/,ip為kubernetes服務器的ip

?

?

部署一個service測試，部署qotm服務：

# cat qotm.yaml --- apiVersion: v1 kind: Service metadata:name: qotmannotations:getambassador.io/config: |---apiVersion: ambassador/v0kind: Mappingname: qot_mappingprefix: /qotm/service: qotm spec:selector:app: qotmports:- port: 80name: http-qotmtargetPort: http-api --- apiVersion: extensions/v1beta1 kind: Deployment metadata:name: qotm spec:replicas: 1strategy:type: RollingUpdatetemplate:metadata:labels:app: qotmspec:containers:- name: qotmimage: datawire/qotm:1.1ports:- name: http-apicontainerPort: 5000resources:limits:cpu: "0.1"memory: 100Mi kubectl apply -f qotm.yaml

service使用ambassador，只需要在service的定義里面添加注解就可以自動識別：

annotations:getambassador.io/config: |---apiVersion: ambassador/v0kind: Mappingname: qot_mappingprefix: /qotm/service: qotm

這里使用的是Mapping,uri前綴是/qotm/。詳細的配置參考官網：https://www.getambassador.io/reference/mappings

先查看一下部署的服務：

# kubectl get svc -n tiller-world NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ambassador-admin NodePort 10.108.245.217 <none> 8877:30051/TCP 147m ambssador NodePort 10.105.112.156 <none> 80:30009/TCP 113m httpbin ClusterIP 10.103.94.31 <none> 80/TCP 113m qotm ClusterIP 10.108.253.202 <none> 80/TCP 72m tiller-deploy ClusterIP 10.102.176.214 <none> 44134/TCP 4h47m

訪問地址：http://ip:30009/qotm/

?

?

?

helm部署：

helm repo add datawire https://www.getambassador.io helm upgrade --install --wait ambassador datawire/ambassador

當然也可以直接將chart? fetch到本地，自己根據需求進行定制：

helm fetch --name ambassador datawire/ambassador

?

轉載于:https://www.cnblogs.com/cuishuai/p/9806007.html

總結

以上是生活随笔為你收集整理的k8s服务网关ambassador部署的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。