我们选择使用apisix ingress作为外部服务访问k8s集群内部服务的方案
1. 安装helm
2. 添加helm的repo
helm repo add apisix https://charts.apiseven.com
helm repo update
3. 创建namespace
kubectl create namespace apisix
4. 添加apisix的configuration文件 apisix_configuration.yaml
这是dapr的配置文件,使用之前文章讲到的etcd服务发现和链路追踪
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: ingress-apisix-config
namespace: apisix
spec:
metric:
enabled: false
metrics:
enabled: false
mtls:
enabled: false
nameResolution:
component: "etcd"
version: v1
configuration:
endpoints: ["127.0.0.1:2379"]
namespace: apisix
tracing:
samplingRate: "1"
otel:
endpointAddress: "127.0.0.1:4317"
isSecure: false
protocol: grpc
kubectl create -f apisix_configuration.yaml -n apisix
5. 创建配置文件 apisix_charts.yaml
apisix:
podAnnotations:
dapr.io/app-id: daprproxy
dapr.io/app-port: '9080'
dapr.io/enabled: 'true'
dapr.io/sidecar-listen-addresses: 0.0.0.0
dapr.io/config: ingress-apisix-config
replicaCount: 3
gateway:
type: LoadBalancer
admin:
enabled: true
allow:
ipList: ""
ingress-controller:
enabled: true
config:
apisix:
serviceNamespace: apisix
dashboard:
enabled: true
config:
conf:
etcd:
endpoints: ["127.0.0.1:2379"]
etcd:
enabled: false
host: ["http://127.0.0.1:2379"]
logs:
enableAccessLog: false
6. 使用helm安装
helm install apisix apisix/apisix -f apisix_charts.yaml -n apisix
使用apisix-dashboard-ui创建可以跳过步骤7和8
7. 创建upstreams
kubectl exec -ti <apisix-pod-id> -n apisix -- curl -X POST '<apisix-admin-ip>:9180/apisix/admin/upstreams' -d '{"nodes":[{"host":"daprproxy-dapr","port":3500,"weight":1}],"timeout":{"connect":6,"send":6,"read":6},"type":"roundrobin","scheme":"http","pass_host":"pass","name":"apisix-dapr","keepalive_pool":{"idle_timeout":60,"requests":1000,"size":320}}' -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1'
8. 创建routers
kubectl exec -ti <apisix-pod-id> -n apisix -- curl -X POST '<apisix-admin-ip>:9180/apisix/admin/routes' -d '{"name":"dapr-gateway","desc":"","status":1,"methods":[],"priority":0,"labels":{},"plugins":{"proxy-rewrite":{"regex_uri":["^/daprproxy/(.*)","/v1.0/invoke/$1"]}},"uri":"/daprproxy/*","upstream_id":"<upstream-id>"}' -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1'
9. 调用案例(集群外调用集群内服务)
curl -X POST '<apisix-gateway-external-ip>/daprproxy/<服务名>.<namespace>/method/<方法>'
参考文档:Enable Dapr with Apache APISIX Ingress Controller | Dapr Blog