All Products
Search
Document Center

Alibaba Cloud Service Mesh:Use an ASM serverless gateway to act as a single entry point for access to multiple clusters

Last Updated:Sep 02, 2024

Service Mesh (ASM) allows you to deploy application services in multiple Kubernetes clusters in the same virtual private cloud (VPC) and configure a serverless ingress gateway as the proxy of the inbound traffic of these clusters. This improves overall service availability and reduces computing resource costs.

Prerequisites

  • Two Container Service for Kubernetes (ACK) clusters, m1c1 and m1c2 in this example, are created in the same VPC. For more information, see Create an ACK dedicated cluster or Create an ACK managed cluster.

    Note

    When you create a cluster, we recommend that you configure advanced security groups for the cluster.

  • An ASM instance of v1.18.0.139 or later is created. The ASM instance mesh1 is used in this example. For more information about how to create an ASM instance, see Create an ASM instance.

Step 1: Make sure that the two clusters can communicate with each other

By default, two clusters in the same VPC can communicate with each other if they are associated with advanced security groups. If one cluster is associated with a basic security group or the two security groups cannot communicate with each other, you must configure security group rules for the clusters. For more information, see Add a security group rule.

Step 2: Add the clusters to the ASM instance and create a serverless ingress gateway

After you add the two clusters to the ASM instance, create a serverless ingress gateway.

  1. Add the two clusters to the ASM instance. For more information, see Add a cluster to an ASM instance.

  2. Use the following YAML file to create a serverless ingress gateway. For more information, see Create an ingress gateway.

    Expand to view the YAML file of the serverless ingress gateway

    apiVersion: istio.alibabacloud.com/v1beta1
    kind: IstioGateway
    metadata:
      annotations:
        asm.alibabacloud.com/managed-by-asm: 'true'
      name: ingressgateway
      namespace: istio-system
    spec:
      gatewayType: ingress
      dnsPolicy: ClusterFirst
      externalTrafficPolicy: Local
      hostNetwork: false
      ports:
        - name: http
          port: 80
          protocol: TCP
          targetPort: 80
        - name: https
          port: 443
          protocol: TCP
          targetPort: 443
      replicaCount: 1
      resources:
        limits:
          cpu: '2'
          memory: 2G
        requests:
          cpu: 200m
          memory: 256Mi
      rollingMaxSurge: 100%
      rollingMaxUnavailable: 25%
      runAsRoot: true
      serviceType: LoadBalancer

Step 3: Deploy the Bookinfo application

ASM allows you to deploy an application across clusters. You can deploy the microservices of the Bookinfo application in the two clusters.

  1. Use the following content to create resources configured in the bookinfo-m1c2.yaml file in the m1c2 cluster:

    Note

    The v3 version of the reviews microservice displays ratings as red stars.

    Show the YAML file of the Bookinfo application

    # Details service
    apiVersion: v1
    kind: Service
    metadata:
      name: details
      labels:
        app: details
        service: details
    spec:
      ports:
      - port: 9080
        name: http
      selector:
        app: details
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: bookinfo-details
      labels:
        account: details
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: details-v1
      labels:
        app: details
        version: v1
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: details
          version: v1
      template:
        metadata:
          labels:
            app: details
            version: v1
        spec:
          serviceAccountName: bookinfo-details
          containers:
          - name: details
            image: docker.io/istio/examples-bookinfo-details-v1:1.15.0
            imagePullPolicy: IfNotPresent
            ports:
            - containerPort: 9080
    ---
    # Ratings service
    apiVersion: v1
    kind: Service
    metadata:
      name: ratings
      labels:
        app: ratings
        service: ratings
    spec:
      ports:
      - port: 9080
        name: http
      selector:
        app: ratings
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: bookinfo-ratings
      labels:
        account: ratings
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: ratings-v1
      labels:
        app: ratings
        version: v1
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: ratings
          version: v1
      template:
        metadata:
          labels:
            app: ratings
            version: v1
        spec:
          serviceAccountName: bookinfo-ratings
          containers:
          - name: ratings
            image: docker.io/istio/examples-bookinfo-ratings-v1:1.15.0
            imagePullPolicy: IfNotPresent
            ports:
            - containerPort: 9080
    ---
    # Reviews service
    apiVersion: v1
    kind: Service
    metadata:
      name: reviews
      labels:
        app: reviews
        service: reviews
    spec:
      ports:
      - port: 9080
        name: http
      selector:
        app: reviews
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: bookinfo-reviews
      labels:
        account: reviews
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: reviews-v1
      labels:
        app: reviews
        version: v1
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: reviews
          version: v1
      template:
        metadata:
          labels:
            app: reviews
            version: v1
        spec:
          serviceAccountName: bookinfo-reviews
          containers:
          - name: reviews
            image: docker.io/istio/examples-bookinfo-reviews-v1:1.15.0
            imagePullPolicy: IfNotPresent
            ports:
            - containerPort: 9080
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: reviews-v2
      labels:
        app: reviews
        version: v2
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: reviews
          version: v2
      template:
        metadata:
          labels:
            app: reviews
            version: v2
        spec:
          serviceAccountName: bookinfo-reviews
          containers:
          - name: reviews
            image: docker.io/istio/examples-bookinfo-reviews-v2:1.15.0
            imagePullPolicy: IfNotPresent
            ports:
            - containerPort: 9080
    ---
    # Productpage services
    apiVersion: v1
    kind: Service
    metadata:
      name: productpage
      labels:
        app: productpage
        service: productpage
    spec:
      ports:
      - port: 9080
        name: http
      selector:
        app: productpage
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: bookinfo-productpage
      labels:
        account: productpage
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: productpage-v1
      labels:
        app: productpage
        version: v1
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: productpage
          version: v1
      template:
        metadata:
          labels:
            app: productpage
            version: v1
        spec:
          serviceAccountName: bookinfo-productpage
          containers:
          - name: productpage
            image: docker.io/istio/examples-bookinfo-productpage-v1:1.15.0
            imagePullPolicy: IfNotPresent
            ports:
            - containerPort: 9080
    ---
  2. Run the following command to deploy the Bookinfo application that does not contain the v3 version of the reviews microservice in the m1c2 cluster:

    kubectl apply -f bookinfo-m1c2.yaml
  3. Use the following content to create resources configured in the bookinfo-m1c1.yaml file in the m1c1 cluster:

    Show the YAML file

    # Reviews service
    apiVersion: v1
    kind: Service
    metadata:
      name: reviews
      labels:
        app: reviews
        service: reviews
    spec:
      ports:
      - port: 9080
        name: http
      selector:
        app: reviews
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: bookinfo-reviews
      labels:
        account: reviews
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: reviews-v3
      labels:
        app: reviews
        version: v3
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: reviews
          version: v3
      template:
        metadata:
          labels:
            app: reviews
            version: v3
        spec:
          serviceAccountName: bookinfo-reviews
          containers:
          - name: reviews
            image: docker.io/istio/examples-bookinfo-reviews-v3:1.15.0
            imagePullPolicy: IfNotPresent
            ports:
            - containerPort: 9080
    ---
    # Ratings service
    apiVersion: v1
    kind: Service
    metadata:
      name: ratings
      labels:
        app: ratings
        service: ratings
    spec:
      ports:
      - port: 9080
        name: http
      selector:
        app: ratings
  4. Run the following command to deploy the v3 version of the reviews microservice and the ratings microservice in the m1c1 cluster:

    kubectl apply -f bookinfo-m1c1.yaml

Step 4: Add a virtual service and an Istio gateway

  1. Create a virtual service named bookinfo in the default namespace of the ASM instance. For more information, see Manage virtual services.

    Expand to view the YAML file of the virtual service

    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: bookinfo
    spec:
      hosts:
      - "*"
      gateways:
      - bookinfo-gateway
      http:
      - match:
        - uri:
            exact: /productpage
        - uri:
            prefix: /static
        - uri:
            exact: /login
        - uri:
            exact: /logout
        - uri:
            prefix: /api/v1/products
        route:
        - destination:
            host: productpage
            port:
              number: 9080
  2. Create an Istio gateway named bookinfo-gateway in the default namespace of the ASM instance. For more information, see Manage Istio gateways.

    Expand to view the YAML file of the Istio gateway

    apiVersion: networking.istio.io/v1alpha3
    kind: Gateway
    metadata:
      name: bookinfo-gateway
    spec:
      selector:
        istio: ingressgateway # use istio default controller
      servers:
      - port:
          number: 80
          name: http
          protocol: HTTP
        hosts:
        - "*"
  3. In the address bar of your browser, enter http://{IP address of the serverless ingress gateway}/productpage and refresh the page multiple times.

    You can see that the ratio of the requests routed to the three versions of the reviews microservice is close to 1:1:1. The v3 version of the reviews microservice can take effect normally though it is not deployed in the same cluster as other microservices.

(Optional) Step 5: Specify that requests are always routed to the v3 version of the reviews microservice

You can define a destination rule and a virtual service to set a policy for deploying the microservices of the Bookinfo application. The following example specifies that requests are always routed to the v3 version of the reviews microservice.

  1. Create a destination rule named reviews in the default namespace of the ASM instance. For more information, see Manage virtual services.

    Expand to view the YAML file of the destination rule

    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: reviews
    spec:
      host: reviews
      subsets:
      - name: v1
        labels:
          version: v1
      - name: v2
        labels:
          version: v2
      - name: v3
        labels:
          version: v3
  2. Create a virtual service named reviews in the default namespace of the ASM instance. For more information, see Manage virtual services.

    Expand to view the YAML file of the virtual service

    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: reviews
    spec:
      hosts:
        - reviews
      http:
      - route:
        - destination:
            host: reviews
            subset: v3
  3. In the address bar of your browser, enter http://{IP address of the serverless ingress gateway}/productpage and refresh the page multiple times.

    You can see that requests are always routed to the v3 version of the reviews microservice. In this case, ratings are displayed as red stars.书评用红星