请参阅以下说明,在使用适用于 vSphere 7.x 的 TKr 置备的 TKG 集群上安装标准软件包。
必备条件
安装 Contour with Envoy
安装 Contour ingress with Envoy 服务。
- 列出存储库中的可用 Contour 版本。
kubectl get packages -n tkg-system | grep contour
- 创建
contour.yaml规范请参见#GUID-ED287018-E690-4993-9D34-F10BCFEE7609__GUID-CC995CF8-0F4B-4D92-A782-A3832C0EA5AE。
- 如有必要,为您的环境自定义
contour-data-values。请参见Contour 软件包参考。
- 安装 Contour。
kubectl apply -f contour.yaml
serviceaccount/contour-sa createdclusterrolebinding.rbac.authorization.k8s.io/contour-role-binding created packageinstall.packaging.carvel.dev/contour created secret/contour-data-values created
- 验证 Contour 软件包安装。
kubectl get pkgi -A
- 验证 Contour 对象。
kubectl get all -n contour-ingress
NAME READY STATUS RESTARTS AGE pod/contour-777bdddc69-fqnsp 1/1 Running 0 102s pod/contour-777bdddc69-gs5xv 1/1 Running 0 102s pod/envoy-d4jtt 2/2 Running 0 102s pod/envoy-g5h72 2/2 Running 0 102s pod/envoy-pjpzc 2/2 Running 0 102s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/contour ClusterIP 10.105.242.46 <none> 8001/TCP 102s service/envoy LoadBalancer 10.103.245.57 10.197.154.69 80:32642/TCP,443:30297/TCP 102s NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/envoy 3 3 3 3 3 <none> 102s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/contour 2/2 2 2 102s NAME DESIRED CURRENT READY AGE replicaset.apps/contour-777bdddc69 2 2 2 102s
Contour 软件包将安装 2 个 Contour Pod 和 3 个 Envoy Pod。Contour 和 Envoy 均作为服务公开。在此示例中,Envoy 服务具有外部 IP 地址 10.197.154.69。此 IP 地址从为 指定的 CIDR 获得。将为此 IP 地址创建负载均衡器实例。此负载均衡器的服务器池成员是 Envoy Pod。Envoy Pod 会假定运行这些 Envoy Pod 的工作节点的 IP 地址。您可以通过查询集群节点 (
kubectl get nodes -o wide) 来查看这些 IP。
contour.yaml
使用以下
contour.yaml 安装 Contour with Envoy。更新版本变量以匹配目标软件包版本。
apiVersion: v1
kind: ServiceAccount
metadata:
name: contour-sa
namespace: tkg-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: contour-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: contour-sa
namespace: tkg-system
---
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
name: contour
namespace: tkg-system
spec:
serviceAccountName: contour-sa
packageRef:
refName: contour.tanzu.vmware.com
versionSelection:
constraints: 1.26.1+vmware.1-tkg.1 #PKG-VERSION
values:
- secretRef:
name: contour-data-values
---
apiVersion: v1
kind: Secret
metadata:
name: contour-data-values
namespace: tkg-system
stringData:
values.yml: |
---
namespace: tanzu-system-ingress
contour:
configFileContents: {}
useProxyProtocol: false
replicas: 2
pspNames: "vmware-system-restricted"
logLevel: info
envoy:
service:
type: LoadBalancer
annotations: {}
externalTrafficPolicy: Cluster
disableWait: false
hostPorts:
enable: true
http: 80
https: 443
hostNetwork: false
terminationGracePeriodSeconds: 300
logLevel: info
certificates:
duration: 8760h
renewBefore: 360h
