创建VirtualGateway

创建App Mesh VirtualGateway

gateway 到目前为止,我们已经验证了服务之间的通信是通过 Envoy 代理做路由的,现在,我们准备使用 AWS App Mesh VirtualGateway 暴露 frontend-node服务到公网。

使用 virtual_gateway.yaml 创建 VirtualGateway 。 这个yaml会创建LoadBalancer类型的kubernetes service,并使用 AWS NLB路由外部的流量。

kubectl apply -f deployment/virtual_gateway.yaml 
virtualgateway.appmesh.k8s.aws/ingress-gw created    
gatewayroute.appmesh.k8s.aws/gateway-route-frontend created 
service/ingress-gw created 
deployment.apps/ingress-gw created

yaml内容如下:

---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualGateway
metadata:
  name: ingress-gw
  namespace: prodcatalog-ns
spec:
  namespaceSelector:
    matchLabels:
      gateway: ingress-gw
  podSelector:
    matchLabels:
      app: ingress-gw
  listeners:
    - portMapping:
        port: 8088
        protocol: http
  logging:
    accessLog:
      file:
        path: /dev/stdout
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: GatewayRoute
metadata:
  name: gateway-route-frontend
  namespace: prodcatalog-ns
spec:
  httpRoute:
    match:
      prefix: "/"
    action:
      target:
        virtualService:
          virtualServiceRef:
            name: frontend-node
---
apiVersion: v1
kind: Service
metadata:
  name: ingress-gw
  namespace: prodcatalog-ns
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
  type: LoadBalancer
  ports:
    - port: 80
      targetPort: 8088
      name: http
  selector:
    app: ingress-gw
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ingress-gw
  namespace: prodcatalog-ns
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ingress-gw
  template:
    metadata:
      labels:
        app: ingress-gw
    spec:
      serviceAccountName: prodcatalog-envoy-proxies
      securityContext:
        fsGroup: 65534
      containers:
        - name: envoy
          image: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy:v1.17.2.0
          ports:
            - containerPort: 8088

获取Namespace中运行的相关资源

可以看到名为ingress-gw的 VirtualGateway 组件:

kubectl get all  -n prodcatalog-ns -o wide | grep ingress
pod/ingress-gw-5fb995f6fd-45nnm      2/2     Running   0          35s     192.168.24.144    ip-192-168-21-156.us-west-2.compute.internal            <none>           <none>
service/ingress-gw      LoadBalancer   10.100.24.17     ad34ee9dea9944ed78e78d0578060ba6-869c67fd174d0f4d.elb.us-west-2.amazonaws.com   80:31569/TCP   35s   app=ingress-gw
deployment.apps/ingress-gw      1/1     1            1           35s   envoy           840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy:v1.15.1.0-prod        app=ingress-gw
replicaset.apps/ingress-gw-5fb995f6fd      1         1         1       35s     envoy           840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy:v1.15.1.0-prod        app=ingress-gw,pod-template-hash=5fb995f6fd
virtualgateway.appmesh.k8s.aws/ingress-gw   arn:aws:appmesh:us-west-2:405710966773:mesh/prodcatalog-mesh/virtualGateway/ingress-gw_prodcatalog-ns   35s
gatewayroute.appmesh.k8s.aws/gateway-route-frontend   arn:aws:appmesh:us-west-2:405710966773:mesh/prodcatalog-mesh/virtualGateway/ingress-gw_prodcatalog-ns/gatewayRoute/gateway-route-frontend_prodcatalog-ns   35s

image-20210714215831336 登录控制台并进入到 AWS App Mesh -> 单击 prodcatalog-mesh -> 单击 Virtual gateways,您应该会看到以下页面:

vgateway

image-20210714215918452