OSM 的全称为 open service mesh 是由微软发起的开源项目,OSM 定义为轻量可扩展皆在解决 istio 慢、卡、重的问题
测试平台
- k3d(k3s)
- k9s
- arch
k3d 依赖于 k3s 是 kuberntes 的一个轻量级的发行版,同样还有 kind 等发行版。由于 kind 在 mac 环境下有各式各样的问题,作者便在 linux 环境下选择了 k3d。
k3d 的安装与集群创建
安装
k3d 在 arch 下安装非常方便 https://aur.archlinux.org/packages/rancher-k3d-bin/ 注意包名为 rancher-k3d-bin
ysy -s rancher-k3d-bin
创建集群环境
这里创建集群为 osm-demo
k3d cluster create osm-demo
验证集群
打开 k9s 切换查看所有节点,读者也可以使用 kubectl 等工具。
Context: k3d-osm-demo <0> all <a> Attach <l> Logs ____ __.________
Cluster: k3d-osm-demo <1> default <ctrl-d> Delete <shift-l> Logs Previous | |/ _/ __ \______
User: admin@k3d-osm-demo <d> Describe <shift-f> Port-Forward | < \____ / ___/
K9s Rev: v0.21.7 [56412] <e> Edit <s> Shell | | \ / /\___ \
K8s Rev: v1.18.6+k3s1 <?> Help <f> Show PortForward |____|__ \ /____//____ >
CPU: 4% <ctrl-k> Kill <y> YAML \/ \/
MEM: 3%
┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Pods(all)[6] ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ NAMESPACE↑ NAME PF READY RESTARTS STATUS CPU MEM %CPU/R %MEM/R %CPU/L %MEM/L IP NODE AGE │
│ kube-system coredns-8655855d6-l8gh2 ● 1/1 0 Running 6 8 6 11 n/a 4 10.42.0.3 k3d-osm-demo-server-0 30m │
│ kube-system helm-install-traefik-c5vgb ● 0/1 0 Completed n/a n/a n/a n/a n/a n/a 10.42.0.2 k3d-osm-demo-server-0 30m │
│ kube-system local-path-provisioner-6d59f47c7-lldps ● 1/1 0 Running 6 7 n/a n/a n/a n/a 10.42.0.5 k3d-osm-demo-server-0 30m │
│ kube-system metrics-server-7566d596c8-z6xbw ● 1/1 0 Running 3 11 n/a n/a n/a n/a 10.42.0.4 k3d-osm-demo-server-0 30m │
│ kube-system svclb-traefik-5nx96 ● 2/2 0 Running 0 2 n/a n/a n/a n/a 10.42.0.7 k3d-osm-demo-server-0 29m │
│ kube-system traefik-758cd5fc85-svxmw ● 1/1 0 Running 9 13 n/a n/a n/a n/a 10.42.0.6 k3d-osm-demo-server-0 29m │
可以看到集群已经创建成功啦。
OSM 相关环境安装
OSM 安装
OSM 安装在本机作为客户端的存在,主要是为了轻便的操作 service mesh,例如安装 OSM 到集群。
同样 aur 仓库页提供了 osm https://aur.archlinux.org/packages/osm-bin/
的安装包。大家如果未使用 arch 也可以直接拷贝目标平台的可执行文件到 bin 目录。
yay -s osm-bin
验证 OSM
osm -h
The osm cli enables you to install and manage the
Open Service Mesh (OSM) in your Kubernetes cluster
To install and configure OSM, run:
$ osm install
Usage:
osm [command]
Available Commands:
dashboard open grafana dashboard through ssh redirection
env osm client environment information
help Help about any command
install install osm control plane
mesh manage osm installations
namespace manage osm namespaces
version osm cli version
Flags:
-h, --help help for osm
-n, --namespace string namespace scope for this request (default "osm-system")
Use "osm [command] --help" for more information about a command.
至此,OSM 客户端已经安装成功。
安装 OSM 到集群
安装 osm 到当前集群,若kube config 中有多个集群请注意切换环境,作者本地仅有一个集群,那就直接安装了。
osm install
OSM installed successfully in namespace [osm-system] with mesh name [osm]
osm 已经成功安装到集群啦。
验证集群 OSM
Context: k3d-osm-demo <0> all <a> Attach <l> Logs ____ __.________
Cluster: k3d-osm-demo <1> default <ctrl-d> Delete <shift-l> Logs Previous | |/ _/ __ \______
User: admin@k3d-osm-demo <d> Describe <shift-f> Port-Forward | < \____ / ___/
K9s Rev: v0.21.7 [56412] <e> Edit <s> Shell | | \ / /\___ \
K8s Rev: v1.18.6+k3s1 <?> Help <f> Show PortForward |____|__ \ /____//____ >
CPU: 6% <ctrl-k> Kill <y> YAML \/ \/
MEM: 3%
┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Pods(all)[10] ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ NAMESPACE↑ NAME PF READY RESTARTS STATUS CPU MEM %CPU/R %MEM/R %CPU/L %MEM/L IP NODE AGE │
│ kube-system coredns-8655855d6-l8gh2 ● 1/1 0 Running 6 8 6 11 n/a 4 10.42.0.3 k3d-osm-demo-server-0 39m │
│ kube-system helm-install-traefik-c5vgb ● 0/1 0 Completed n/a n/a n/a n/a n/a n/a 10.42.0.2 k3d-osm-demo-server-0 39m │
│ kube-system local-path-provisioner-6d59f47c7-lldps ● 1/1 0 Running 5 7 n/a n/a n/a n/a 10.42.0.5 k3d-osm-demo-server-0 39m │
│ kube-system metrics-server-7566d596c8-z6xbw ● 1/1 0 Running 2 11 n/a n/a n/a n/a 10.42.0.4 k3d-osm-demo-server-0 39m │
│ kube-system svclb-traefik-5nx96 ● 2/2 0 Running 0 2 n/a n/a n/a n/a 10.42.0.7 k3d-osm-demo-server-0 38m │
│ kube-system traefik-758cd5fc85-svxmw ● 1/1 0 Running 9 13 n/a n/a n/a n/a 10.42.0.6 k3d-osm-demo-server-0 38m │
│ osm-system osm-controller-5779b54f7f-q8b6d ● 1/1 0 Running n/a n/a n/a n/a n/a n/a 10.42.0.10 k3d-osm-demo-server-0 75s │
│ osm-system osm-grafana-58ff65dfb7-6hjq2 ● 1/1 0 Running n/a n/a n/a n/a n/a n/a 10.42.0.12 k3d-osm-demo-server-0 75s │
│ osm-system osm-prometheus-5756769877-24n8n ● 1/1 0 Running n/a n/a n/a n/a n/a n/a 10.42.0.9 k3d-osm-demo-server-0 75s │
│ osm-system zipkin-6df4b57677-2l9w5 ● 1/1 0 Running n/a n/a n/a n/a n/a n/a 10.42.0.11 k3d-osm-demo-server-0 75s │
注意在 osm-system 命名空间下多了一些组件,分别是 controller grafana prometheus zipkin 主要负责:控制平面,仪表盘,时许数据库,链路追踪等。
测试
集群和 osm 已经安装成功,下面我们上线几个服务进行测试是否工作正常。
下载 demo
将 osm 仓库 clone 到本地
git clone https://github.com/openservicemesh/osm.git
部署
第一步创建相关命名空间
for i in bookstore bookbuyer bookthief bookwarehouse; do kubectl create ns $i; done
namespace/bookstore created
namespace/bookbuyer created
namespace/bookthief created
namespace/bookwarehouse created
第二步将命名空间添加到网格中
for i in bookstore bookbuyer bookthief bookwarehouse; do osm namespace add $i; done
Namespace [bookstore] succesfully added to mesh [osm]
Namespace [bookbuyer] succesfully added to mesh [osm]
Namespace [bookthief] succesfully added to mesh [osm]
Namespace [bookwarehouse] succesfully added to mesh [osm]
第三部部署服务到集群
注意在 osm 本地仓库目录中执行。
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
namespace/bookbuyer configured
serviceaccount/bookbuyer created
service/bookbuyer created
deployment.apps/bookbuyer created
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
namespace/bookstore configured
service/bookstore created
service/bookstore-v1 created
serviceaccount/bookstore-v1 created
deployment.apps/bookstore-v1 created
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
namespace/bookthief configured
serviceaccount/bookthief created
service/bookthief created
deployment.apps/bookthief created
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
namespace/bookwarehouse configured
serviceaccount/bookwarehouse created
service/bookwarehouse created
deployment.apps/bookwarehouse created
trafficsplit.split.smi-spec.io/bookstore-split created
PS: 其实第一步的 namesapce 的创建可以也在 yaml 中配置嘛。
验证服务是否上线
Context: k3d-osm-demo <0> all <a> Attach <l> Logs ____ __.________
Cluster: k3d-osm-demo <1> default <ctrl-d> Delete <shift-l> Logs Previous | |/ _/ __ \______
User: admin@k3d-osm-demo <d> Describe <shift-f> Port-Forward | < \____ / ___/
K9s Rev: v0.21.7 [90794] <e> Edit <s> Shell | | \ / /\___ \
K8s Rev: v1.18.6+k3s1 <?> Help <f> Show PortForward |____|__ \ /____//____ >
CPU: 35% <ctrl-k> Kill <y> YAML \/ \/
MEM: 6%
┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Pods(all)[14] ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ NAMESPACE↑ NAME PF READY RESTARTS STATUS CPU MEM %CPU/R %MEM/R %CPU/L %MEM/L IP NODE AGE │
│ bookbuyer bookbuyer-8465f7dfc-xzhnw ● 2/2Δ 0 RunningΔ n/a n/a n/a n/a n/a n/a 10.42.0.13 k3d-osm-demo-server-0 75s │
│ bookstore bookstore-v1-6cfc68bdd4-cnqjc ● 2/2Δ 0 RunningΔ n/a n/a n/a n/a n/a n/a 10.42.0.16 k3d-osm-demo-server-0 72s │
│ bookthief bookthief-554cdbfbd4-wvr5p ● 2/2Δ 0 RunningΔ n/a n/a n/a n/a n/a n/a 10.42.0.15 k3d-osm-demo-server-0 74s │
│ bookwarehouse bookwarehouse-d979b859f-w9hp2 ● 2/2Δ 0 RunningΔ n/a n/a n/a n/a n/a n/a 10.42.0.14 k3d-osm-demo-server-0 77s │
│ kube-system coredns-8655855d6-l8gh2 ● 1/1 0 Running 4 11 4 15 n/a 6 10.42.0.3 k3d-osm-demo-server-0 53m │
│ kube-system helm-install-traefik-c5vgb ● 0/1 0 Completed n/a n/a n/a n/a n/a n/a 10.42.0.2 k3d-osm-demo-server-0 53m │
│ kube-system local-path-provisioner-6d59f47c7-lldps ● 1/1 0 Running 5 7 n/a n/a n/a n/a 10.42.0.5 k3d-osm-demo-server-0 53m │
│ kube-system metrics-server-7566d596c8-z6xbw ● 1/1 0 Running 1 11 n/a n/a n/a n/a 10.42.0.4 k3d-osm-demo-server-0 53m │
│ kube-system svclb-traefik-5nx96 ● 2/2 0 Running 0 2 n/a n/a n/a n/a 10.42.0.7 k3d-osm-demo-server-0 52m │
│ kube-system traefik-758cd5fc85-svxmw ● 1/1 0 Running 6 13 n/a n/a n/a n/a 10.42.0.6 k3d-osm-demo-server-0 52m │
│ osm-system osm-controller-5779b54f7f-q8b6d ● 1/1 0 Running 2 14 0 46 0 11 10.42.0.10 k3d-osm-demo-server-0 15m │
│ osm-system osm-grafana-58ff65dfb7-6hjq2 ● 1/1 0 Running 2 23 2 37 0 18 10.42.0.12 k3d-osm-demo-server-0 15m │
│ osm-system osm-prometheus-5756769877-24n8n ● 1/1 0 Running 10 186 10 76 2 38 10.42.0.9 k3d-osm-demo-server-0 15m │
│ osm-system zipkin-6df4b57677-2l9w5 ● 1/1 0 Running 1 121 1 49 0 24 10.42.0.11 k3d-osm-demo-server-0 15m │
可以看到:Bookstore, Bookbuyer, Bookthief, Bookwarehouse 已经部署到集群相关命名空间了,等待组件镜像拉取完毕。
第四步拷贝本地环境变量,为集群服务端口配置本地代理
同样在 osm 本地路径中执行
cp .env.example .env
./scripts/port-forward-all.sh
...
Forwarding from 127.0.0.1:3000 -> 3000
Forwarding from [::1]:3000 -> 3000
error: resource name may not be empty
Forwarding from 127.0.0.1:8080 -> 80
Forwarding from [::1]:8080 -> 80
Forwarding from 127.0.0.1:8081 -> 80
Forwarding from [::1]:8081 -> 80
Forwarding from 127.0.0.1:8083 -> 80
Forwarding from [::1]:8083 -> 80
大家感兴趣的话可以看下 ./scripts/port-forward-all.sh 就是利用 kubectl proxy 将端口暴露到本地。
查看服务
- http://localhost:8080 - Bookbuyer
- http://localhost:8081 - bookstore-v1
- http://localhost:8082 - bookstore-v2
-
http://localhost:8083 - bookthief
目前相关服务的数据还不正常,而且bookstore-v2 暂时是不可以用的,后面会通过控制策略进行演示。
至此,基本的环境和服务已经搞定,下面主要演示osm相关功能。
OSM 控制
部署访问控制(SMI Access Control Policies)
kubectl create -f docs/example/manifests/access/
traffictarget.access.smi-spec.io/bookstore-v1 created
httproutegroup.specs.smi-spec.io/bookstore-service-routes created
浏览器验证
打开 http://localhost:8080/ http://localhost:8081/
可以看到相关数据已经开始流动了。
未完
网友评论