在K3s上使用Kong閘道器外掛,開啟K3s的無限可能!
阿新 • • 發佈:2020-08-14
我的工作中很重要的一部分是參加各種各樣的技術會議。最近參加的是去年11月的北美KubeCon,在會議的最後一天,所有人都焦頭爛額,我也一直機械地向不同的人重複我的自我介紹。後來,我已經十分煩躁,決定逃離人群好好聽一場演講。無意間,我碰上了Darren Shepherd的演講,他是Rancher的CTO,他的演講主題是“K3s的背後:構建一個生產級輕量Kubernetes發行版”。我被演講深深吸引,此後我開始慢慢深入瞭解K3s。
K3s是由業界應用最為廣泛的Kubernetes管理平臺建立者Rancher Labs打造的面向物聯網和邊緣計算的輕量級Kubernetes發行版,它是100%開源的。它擁有小型的二進位制檔案並且針對ARM進行了優化使得它非常適合我的IoT家庭專案。接著,我開始思考如何讓K3s上執行的Kong閘道器暴露K3s server內的服務。
出乎我意料的是,K3s在預設情況下是帶有一個Ingress controller的。雖然預設的proxy/負載均衡器可以工作,但我需要一些外掛的功能它並不支援,除非我使用Kong閘道器。所以,讓我們通過一個快速指南來了解如何在Ubuntu中啟動K3s,配置它以支援Kubernetes的Kong,並部署一些服務/外掛。
## 配置K3s以部署Kong Ingress Controller
首先,從https://get.k3s.io 使用安裝指令碼在systemd和基於openrc的系統上將K3s作為一個服務進行安裝。但是我們需要新增一些額外的環境變數來配置安裝。首先`--no-deploy`,這一命令可以關掉現有的ingress controller,因為我們想要部署Kong以利用一些外掛。其次`--write-kubeconfig-mode`,它允許寫入kubeconfig檔案。這對於允許將K3s叢集匯入Rancher很有用。
```
$ curl -sfL https://get.k3s.io | sh -s - --no-deploy traefik --write-kubeconfig-mode 644
[INFO] Finding release for channel stable
[INFO] Using v1.18.4+k3s1 as release
[INFO] Downloading hash https://github.com/rancher/k3s/releases/download/v1.18.4+k3s1/sha256sum-amd64.txt
[INFO] Downloading binary https://github.com/rancher/k3s/releases/download/v1.18.4+k3s1/k3s
[INFO] Verifying binary download
[INFO] Installing k3s to /usr/local/bin/k3s
[INFO] Skipping /usr/local/bin/kubectl symlink to k3s, already exists
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Skipping /usr/local/bin/ctr symlink to k3s, command exists in PATH at /usr/bin/ctr
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s.service
[INFO] systemd: Enabling k3s unit
Created symlink from /etc/systemd/system/multi-user.target.wants/k3s.service to /etc/systemd/system/k3s.service.
[INFO] systemd: Starting k3s
```
要檢查節點和 pod是否都已啟動並執行,使用 `k3s kubectl...`執行與 kubectl 相同的命令。
```
$ k3s kubectl get nodes
NAME STATUS ROLES AGE VERSION
ubuntu-xenial Ready master 4m38s v1.18.4+k3s1
$ k3s kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system metrics-server-7566d596c8-vqqz7 1/1 Running 0 4m30s
kube-system local-path-provisioner-6d59f47c7-tcs2l 1/1 Running 0 4m30s
kube-system coredns-8655855d6-rjzrq 1/1 Running 0 4m30s
```
## 在K3s 上安裝Kong for Kubernetes
K3s啟動並執行後,你可以按照正常的步驟安裝Kong for Kubernetes,比如如下所示的manifest:
```
$ k3s kubectl create -f https://bit.ly/k4k8s
namespace/kong created
customresourcedefinition.apiextensions.k8s.io/kongclusterplugins.configuration.konghq.com created
customresourcedefinition.apiextensions.k8s.io/kongconsumers.configuration.konghq.com created
customresourcedefinition.apiextensions.k8s.io/kongcredentials.configuration.konghq.com created
customresourcedefinition.apiextensions.k8s.io/kongingresses.configuration.konghq.com created
customresourcedefinition.apiextensions.k8s.io/kongplugins.configuration.konghq.com created
customresourcedefinition.apiextensions.k8s.io/tcpingresses.configuration.konghq.com created
serviceaccount/kong-serviceaccount created
clusterrole.rbac.authorization.k8s.io/kong-ingress-clusterrole created
clusterrolebinding.rbac.authorization.k8s.io/kong-ingress-clusterrole-nisa-binding created
service/kong-proxy created
service/kong-validation-webhook created
deployment.apps/ingress-kong created
```
當Kong proxy和ingress controller安裝到K3s server上後,你檢查服務應該能看到kong-proxy LoadBalancer的外部IP。
```
$ k3s kubectl get svc --namespace kong
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kong-validation-webhook ClusterIP 10.43.15