组件管理
更新时间:2025-05-28
概述
本节介绍服务网格CSM提供支持注册中心(consul)等组件管理功能(只有独立网格有此功能,托管网格没有)。
创建实例
按以下步骤在控制台上创建独立网格实例。
- 登录百度智能云控制台,选择“产品服务 > 云计算 > 容器 > 服务网格 CSM”;
- 在全局概览页面通过“创建实例”按钮进入实例创建页面;
- 在创建服务网格页面,完成基础配置;
- 查看网络实例组件详情,如下所示:
部署consul
在CCE集群部署consul服务。
测试的consul的Yaml文件如下所示:
Plain Text
1apiVersion: v1
2kind: ConfigMap
3metadata:
4 name: consul
5data:
6 k8s-consul-config.json: |
7 {
8 "skip_leave_on_interrupt": true,
9 "acl": {
10 "enabled": true,
11 "default_policy": "deny",
12 "down_policy": "extend-cache",
13 "tokens": {
14 "master": "14d54c5e-24ca-41cc-8c9e-987ba7a96ffv"
15 }
16 }
17 }
18
19---
20apiVersion: apps/v1
21kind: Deployment
22metadata:
23 name: consul
24 labels:
25 app: consul
26spec:
27 selector:
28 matchLabels:
29 app: consul
30 replicas: 1
31 template:
32 metadata:
33 annotations:
34 sidecar.istio.io/inject: "false"
35 labels:
36 app: consul
37 spec:
38 containers:
39 - name: consul
40 image: registry.baidubce.com/csm-offline/consul:1.9.17
41 args:
42 - "agent"
43 - "-server"
44 - "-bootstrap-expect=1"
45 - "-ui"
46 - "-node=server1"
47 - "-data-dir=/consul/data"
48 - "-config-file=/etc/consul/config/k8s-consul-config.json"
49 - "-bind=0.0.0.0"
50 - "-client=0.0.0.0"
51 - "-datacenter=dc1"
52 - "-enable-script-checks=true"
53 ports:
54 - containerPort: 8500
55 volumeMounts:
56 - name: data
57 mountPath: /consul/data
58 - name: config
59 mountPath: /etc/consul/config
60 volumes:
61 - name: data
62 emptyDir: {}
63 - name: config
64 configMap:
65 name: consul
66---
67apiVersion: v1
68kind: Service
69metadata:
70 name: consul
71spec:
72 type: LoadBalancer
73 selector:
74 app: consul
75 ports:
76 - name: tcp
77 port: 8500
78 protocol: TCP
79 targetPort: 8500安装registry2istio组件
- 点击服务网格实例,在组件管理处点击安装registry2istio,填写consul地址与acl token(看consul集群是否开启acl token认证)。
- consul信息填写如下所示:
- 安装成功,如下所示:
部署应用
在CCE集群部署应用:
- 在CSM注入配置处,给default命名空间开启自动注入;
- 通过CSM页面跳转到CCE集群,部署应用;
- 在工作负载/无状态部署新建测试应用;
测试Yaml文件如下所示:
Plain Text
1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 name: provider-demo-v1
5 labels:
6 app: provider-demo
7spec:
8 selector:
9 matchLabels:
10 app: provider-demo
11 replicas: 1
12 template:
13 metadata:
14 labels:
15 app: provider-demo
16 version: v1
17 spec:
18 containers:
19 - name: provider-demo
20 image: registry.baidubce.com/csm-offline/csm-consul-mesh-provider:dev-consul-acl-token
21 imagePullPolicy: Always
22 ports:
23 - containerPort: 10001
24---
25apiVersion: apps/v1
26kind: Deployment
27metadata:
28 name: consumer-demo
29 labels:
30 app: consumer-demo
31spec:
32 selector:
33 matchLabels:
34 app: consumer-demo
35 replicas: 1
36 template:
37 metadata:
38 labels:
39 app: consumer-demo
40 spec:
41 containers:
42 - name: consumer-demo
43 image: registry.baidubce.com/csm-offline/csm-consul-mesh-consumer:dev-consul-acl-token
44 imagePullPolicy: Always
45 ports:
46 - containerPort: 9999- 工作负载如下所示:
流量验证
- 通过CCE集群中的工作负载consumer-demo访问provider-demo,测试流量是否能够正常通信;
Bash
1➜ registry2istio git:(master) kubectl exec -it consumer-demo-8696cd6b8c-l8dr4 -- curl 10.0.1.167:9999/echo-rest/aaaaaaaaaaa
2echo() -> ip [ 10.0.0.84 ] param [ aaaaaaaaaaa ] %
3➜ registry2istio git:(master) kubectl exec -it consumer-demo-8696cd6b8c-l8dr4 -- curl 10.0.1.167:9999/echo-rest/aaaaaaaaaaa
4echo() -> ip [ 10.0.0.84 ] param [ aaaaaaaaaaa ] %- 测试结果如下所示:
- consul中的consumer-demo与provider-demo服务成功被istiod管理,流量请求成功。