通过Ambassador暴露部署在ACK集群中的应用API

本文将介绍如何使用Ambassador Edge Stack(AES)暴露应用API, AES通过Custom Resource Definitions(CRD)来使用Enovy提供的功能,并集成了速率限制、身份认证、负载均衡和可观测性等功能。

前提条件


操作步骤


步骤一:部署AES

1、执行以下命令部署AES。

# kubectl apply -f https://www.getambassador.io/yaml/aes-crds.yaml
# kubectl wait --for condition=established --timeout=90s crd -lproduct=aes
# kubectl apply -f https://www.getambassador.io/yaml/aes.yaml
# kubectl -n ambassador wait --for condition=available --timeout=90s deploy -lproduct=aes

2、执行以下命令确认AES部署成功。

# kubectl get pod -n ambassador
NAME                                READY   STATUS    RESTARTS   AGE
ambassador-566d496b77-tg6ng         1/1     Running   0          2m
ambassador-redis-5fbd59f4fb-88gm8   1/1     Running   0          2m

步骤二:暴露应用API

1、创建一个测试应用及对应的Service。

# cat <<-EOF | kubectl apply -f -
---
apiVersion: v1
kind: Service
metadata:
  name: quote
  namespace: ambassador
spec:
  ports:
  - name: http
    port: 80
    targetPort: 8080
  selector:
    app: quote
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: quote
  namespace: ambassador
spec:
  replicas: 1
  selector:
    matchLabels:
      app: quote
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: quote
    spec:
      containers:
      - name: backend
        image: docker.io/datawire/quote:0.4.1
        ports:
        - name: http
          containerPort: 8080
EOF

2、确认应用及对应的Service创建成功。

# kubectl get pod -n ambassador -l app=quote
NAME                    READY   STATUS    RESTARTS   AGE
quote-d57b799b4-jdt7r   1/1     Running   0          6m29s
# kubectl get svc -n ambassador quote
NAME    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
quote   ClusterIP   172.23.11.161   <none>        80/TCP    5m45s

3、创建Mapping CRD,暴露应用API。

cat <<-EOF | kubectl apply -f -
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
    name: backend
spec:
    prefix: /backend/
    service: quote
EOF

4、确认Mapping CRD资源创建成功。

# kubectl get mappings -n ambassador
NAME                       PREFIX      SERVICE          STATE   REASON
ambassador-devportal       /docs/      127.0.0.1:8500
ambassador-devportal-api   /openapi/   127.0.0.1:8500
quote-backend              /backend/   quote

5、获取AES服务的IP地址。

# kubectl get -n ambassador service ambassador -o "go-template={{range .status.loadBalancer.ingress}}{{or .ip .hostname}}{{end}}"
47.94.xx.xxx

6、访问暴露的应用API,请将${IP}替换为上述获取的AES服务IP地址。

# curl -k https://{{IP}}/backend/
  {
    "server": "frosty-kiwi-ewe7vk96",
    "quote": "A principal idea is omnipresent, much like candy.",
    "time": "2020-08-01T08:41:37.054259819Z"
  }

参考文档