创建Product Catalog应用
让我们创建Product Catalog应用!
构建应用
为三个微服务构建容器镜像并将其推送到 ECR:
cd eks-app-mesh-polyglot-demo
aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com
PROJECT_NAME=eks-app-mesh-demo
export APP_VERSION=1.0
for app in catalog_detail product_catalog frontend_node; do
aws ecr describe-repositories --repository-name $PROJECT_NAME/$app >/dev/null 2>&1 || \
aws ecr create-repository --repository-name $PROJECT_NAME/$app >/dev/null
TARGET=$ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$PROJECT_NAME/$app:$APP_VERSION
docker build -t $TARGET apps/$app
docker push $TARGET
done
第一次构建/推送容器镜像到 ECR 可能需要大约 3-5 分钟
完成后,您可以通过登录控制台确认镜像推送到 ECR 中:
将应用部署到 EKS
envsubst < ./deployment/base_app.yaml | kubectl apply -f -
deployment.apps/prodcatalog created
service/prodcatalog created
deployment.apps/proddetail created
service/proddetail created
deployment.apps/frontend-node created
service/frontend-node created
为 prodcatalog 服务创建 Fargate pod 可能需要 3 到 4 分钟
确认部署的细节
kubectl get deployment,pods,svc -n prodcatalog-ns -o wide
可以看到:
- Product Catalog服务被部署到
Fargatepod,因为它匹配我们在创建 fargate Profile时指定的配置(命名空间为prodcatalog-ns和 pod label为app= prodcatalog) - 前端服务和Catalog Product Detail服务部署到托管节点组中
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/frontend-node 1/1 1 1 44h frontend-node $ACCOUNT_ID.dkr.ecr.us-west-2.amazonaws.com/frontend-node:4.6 app=frontend-node
deployment.apps/prodcatalog 1/1 1 1 22h prodcatalog $ACCOUNT_ID.dkr.ecr.us-west-2.amazonaws.com/product-catalog:1.2 app=prodcatalog
deployment.apps/proddetail 1/1 1 1 44h proddetail $ACCOUNT_ID.dkr.ecr.us-west-2.amazonaws.com/product-detail:1.1 app=proddetail
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/frontend-node-77d64585d4-xxxx 1/1 Running 0 13h 192.168.X.6 ip-192-168-X-X.us-west-2.compute.internal <none> <none>
pod/prodcatalog-98f7c5f87-xxxxx 1/1 Running 0 13h 192.168.X.17 fargate-ip-192-168-X-X.us-west-2.compute.internal <none> <none>
pod/proddetail-5b558df99d-xxxxx 1/1 Running 0 18h 192.168.24.X ip-192-168-X-X.us-west-2.compute.internal <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/frontend-node ClusterIP 10.100.X.X <none> 9000/TCP 44h app=frontend-node
service/prodcatalog ClusterIP 10.100.X.X <none> 5000/TCP 41h app=prodcatalog
service/proddetail ClusterIP 10.100.X.X <none> 3000/TCP 44h app=proddetail 3000/TCP 103m
确认fargate pod使用Service Account role
export BE_POD_NAME=$(kubectl get pods -n prodcatalog-ns -l app=prodcatalog -o jsonpath='{.items[].metadata.name}')
kubectl describe pod ${BE_POD_NAME} -n prodcatalog-ns | grep 'AWS_ROLE_ARN\|AWS_WEB_IDENTITY_TOKEN_FILE\|serviceaccount'
您应该会看到以下输出,其Role与我们在 Fargate 设置过程中与Service Account关联的Role相同:
AWS_ROLE_ARN: arn:aws:iam::$ACCOUNT_ID:role/eksctl-eksworkshop-eksctl-addon-iamserviceac-Role1-1PWNQ4AJFMVBF
AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token
/var/run/secrets/eks.amazonaws.com/serviceaccount from aws-iam-token (ro)
/var/run/secrets/kubernetes.io/serviceaccount from prodcatalog-envoy-proxies-token-69pql (ro)
确认已启用 fargate pod 日志记录
kubectl describe pod ${BE_POD_NAME} -n prodcatalog-ns | grep LoggingEnabled
我们可以在pod事件中看到Successfully enabled logging for pod:
Normal LoggingEnabled 2m7s fargate-scheduler Successfully enabled logging for pod