namespace/metallb-system created
➜ cilium-mesh kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey=“$(openssl rand -base64 128)”
secret/memberlist created
➜ cilium-mesh kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/master/manifests/metallb.yaml
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/controller created
podsecuritypolicy.policy/speaker created
serviceaccount/controller created
serviceaccount/speaker created
clusterrole.rbac.authorization.k8s.io/metallb-system:controller created
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created
role.rbac.authorization.k8s.io/config-watcher created
role.rbac.authorization.k8s.io/pod-lister created
role.rbac.authorization.k8s.io/controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created
rolebinding.rbac.authorization.k8s.io/config-watcher created
rolebinding.rbac.authorization.k8s.io/pod-lister created
rolebinding.rbac.authorization.k8s.io/controller created
daemonset.apps/speaker created
deployment.apps/controller created
➜ cilium-mesh docker network inspect -f ‘{ {.IPAM.Config}}’ kind
[{172.18.0.0/16 172.18.0.1 map[]} {fc00:f853:ccd:e793::/64 fc00:f853:ccd:e793::1 map[]}]
➜ cilium-mesh vim kind-lb-cm.yaml
➜ cilium-mesh cat kind-lb-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 172.18.255.200-172.18.255.250
➜ cilium-mesh kubectl apply -f kind-lb-cm.yaml
configmap/config created
复制代码
加载镜像
这里我们使用 hashicorp/http-echo:0.2.3
作为示例程序,它们可以按照启动参数的不同响应不同的内容。
➜ cilium-mesh docker pull hashicorp/http-echo:0.2.3
0.2.3: Pulling from hashicorp/http-echo
86399148984b: Pull complete
Digest: sha256:ba27d460cd1f22a1a4331bdf74f4fccbc025552357e8a3249c40ae216275de96
Status: Downloaded newer image for hashicorp/http-echo:0.2.3
docker.io/hashicorp/http-echo:0.2.3
➜ cilium-mesh kind load docker-image hashicorp/http-echo:0.2.3
Image: “hashicorp/http-echo:0.2.3” with ID “sha256:a6838e9a6ff6ab3624720a7bd36152dda540ce3987714398003e14780e61478a” not yet present on node “kind-worker”, loading…
Image: “hashicorp/http-echo:0.2.3” with ID “sha256:a6838e9a6ff6ab3624720a7bd36152dda540ce3987714398003e14780e61478a” not yet present on node “kind-worker2”, loading…
Image: “hashicorp/http-echo:0.2.3” with ID “sha256:a6838e9a6ff6ab3624720a7bd36152dda540ce3987714398003e14780e61478a” not yet present on node “kind-control-plane”, loading…
Image: “hashicorp/http-echo:0.2.3” with ID “sha256:a6838e9a6ff6ab3624720a7bd36152dda540ce3987714398003e14780e61478a” not yet present on node “kind-worker3”, loading…
复制代码
部署测试服务
本文中的所有配置文件均可在 github.com/tao12345666… 代码仓库中获取。
我们使用如下配置进行测试服务的部署:
apiVersion: v1
kind: Pod
metadata:
labels:
run: foo-app
name: foo-app
spec:
containers:
- image: hashicorp/http-echo:0.2.3
args:
- “-text=foo”
name: foo-app
ports:
- containerPort: 5678
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
apiVersion: v1
kind: Service
metadata:
labels:
run: foo-app
name: foo-app
spec:
ports:
- port: 5678
protocol: TCP
targetPort: 5678
selector:
run: foo-app
apiVersion: v1
kind: Pod
metadata:
labels:
run: bar-app
name: bar-app
spec:
containers:
- image: hashicorp/http-echo:0.2.3
args:
- “-text=bar”
name: bar-app
ports:
- containerPort: 5678
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
apiVersion: v1
kind: Service
metadata:
labels:
run: bar-app
name: bar-app
spec:
ports:
- port: 5678
protocol: TCP
targetPort: 5678
selector:
run: bar-app
复制代码
新建如下的 Ingress 资源文件:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cilium-ingress
namespace: default
spec:
ingressClassName: cilium
rules:
- http:
paths:
- backend:
service:
name: foo-app
port:
number: 5678
path: /foo
pathType: Prefix
- backend:
service:
name: bar-app
port:
number: 5678
path: /bar
pathType: Prefix
复制代码
创建 Ingress 资源,然后可以看到产生了一个新的 LoadBalancer 类型的 svc 。
➜ cilium-mesh kubectl apply -f cilium-ingress.yaml
ingress.networking.k8s.io/cilium-ingress created
➜ cilium-mesh kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
bar-app ClusterIP 10.96.229.141 5678/TCP 106s
cilium-ingress-cilium-ingress LoadBalancer 10.96.161.128 172.18.255.200 80:31643/TCP 4s
foo-app ClusterIP 10.96.166.212 5678/TCP 106s
kubernetes ClusterIP 10.96.0.1 443/TCP 81m
➜ cilium-mesh kubectl get ing
NAME CLASS HOSTS ADDRESS PORTS AGE
cilium-ingress cilium * 172.18.255.200 80 1m
复制代码
测试
使用 curl 命令进行测试访问,发现可以按照 Ingress 资源中的配置得到正确的响应。查看响应头,我们会发现这里的代理实际上还是使用的 Envoy 来完成的。
➜ cilium-mesh curl 172.18.255.200
➜ cilium-mesh curl 172.18.255.200/foo
foo
➜ cilium-mesh curl 172.18.255.200/bar
bar
➜ cilium-mesh curl -I 172.18.255.200/bar
HTTP/1.1 200 OK
Content-Length: 4
Connection: keep-alive
Content-Type: text/plain; charset=ut