简介
正常我是不会写这种博客的,因为很无聊,但是这篇不一样,涉及到了vcluster的使用,gateway class 的使用
介绍下kite
kite是一个现代、轻量级的 Kubernetes 仪表板
https://github.com/zxh326/kite
背景补充
- 为什么用 vcluster?
本地开发时常遇到环境隔离不足、配额影响他人等问题,用 vcluster 可以在单一 K8s 集群下定制出独立的“虚拟集群”,高度隔离,适合多开发者/多租户/实验环境。 - 为什么不用 Ingress 而用 Gateway?
Kubernetes Gateway API 设计更现代,解耦了流量入口、路由、底层实现,便于可插拔、可扩展和定制,配合 Envoy Proxy 可实现企业级网关能力。
创建一个新的vcluster
首先安装vcluster
brew install loft-sh/tap/vcluster
之后创建一个集群
vcluster create kite-cluster --namespace kite-cluster
bboysoul~/trash/test on ☁️ (ap-northeast-1)
❯ vcluster create kite-cluster --namespace kite-cluster
15:27:43 info Creating namespace kite-cluster
15:27:43 info Create vcluster kite-cluster...
15:27:43 info execute command: helm upgrade kite-cluster /var/folders/g3/l8p2vcrx71l527zk65w78czm0000gn/T/vcluster-0.27.0-alpha.4.tgz-1290611838 --create-namespace --kubeconfig /var/folders/g3/l8p2vcrx71l527zk65w78czm0000gn/T/2193626761 --namespace kite-cluster --install --repository-config='' --values /var/folders/g3/l8p2vcrx71l527zk65w78czm0000gn/T/1950695875
15:27:48 done Successfully created virtual cluster kite-cluster in namespace kite-cluster
15:27:51 info Waiting for vcluster to come up...
15:28:09 done vCluster is up and running
Forwarding from 127.0.0.1:12083 -> 8443
Forwarding from [::1]:12083 -> 8443
Handling connection for 12083
15:28:10 done Switched active kube context to vcluster_kite-cluster_kite-cluster_home
15:28:10 warn Since you are using port-forwarding to connect, you will need to leave this terminal open
- Use CTRL+C to return to your previous kube context
- Use `kubectl get namespaces` in another terminal to access the vcluster
这里介绍下一种切换到vcluster的方法
vcluster connect kite-cluster -n kite-cluster --print > ./vcluster-kite.config
export KUBECONFIG=$(pwd)/vcluster-kite.config
现在你所有 kubectl 命令都针对虚拟集群生效!
部署Envoy Gateway
可通过官方 release 的 yaml 一键部署
wget https://github.com/envoyproxy/gateway/releases/download/v1.4.2/install.yaml
kubectl apply -f install.yaml
部署kite
获取 kite 的部署文件,并创建资源
wget https://raw.githubusercontent.com/zxh326/kite/refs/heads/main/deploy/install.yaml
kubectl apply -f install.yaml
我们用 Gateway API 来暴露 kite 服务。以下示例资源 yaml 包括 HTTPRoute、Gateway、EnvoyProxy 自定义参数及 GatewayClass。
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: kite
namespace: kube-system
spec:
parentRefs:
- name: eg
hostnames:
- "kite.example.com"
rules:
- backendRefs:
- group: ""
kind: Service
name: kite
port: 80
weight: 1
matches:
- path:
type: PathPrefix
value: /
timeouts:
request: "60s"
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: eg
namespace: kube-system
spec:
gatewayClassName: eg
infrastructure:
parametersRef:
group: gateway.envoyproxy.io
kind: EnvoyProxy
name: custom-proxy-config
listeners:
- name: http
protocol: HTTP
port: 80
---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
metadata:
name: custom-proxy-config
namespace: kube-system
spec:
provider:
type: Kubernetes
kubernetes:
envoyService:
type: NodePort
envoyDeployment:
replicas: 2
---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: eg
spec:
controllerName: gateway.envoyproxy.io/gatewayclass-controller
这里 custom-proxy-config 的 envoyService.type 配置成 NodePort,因为在本地或某些云/k8s集群环境下无法直接用 LoadBalancer。想了解更多自定义参数和使用方式可查阅
https://gateway.envoyproxy.io/docs/tasks/operations/customize-envoyproxy/
访问
首先获取 Gateway 暴露的 NodePort
kubectl get service -A -o wide | grep envoy
如果端口是 30695 那么本地hosts绑定下kite.example.com这个域名就可以访问了kite.example.com:30695
欢迎关注我的博客www.bboy.app
Have Fun