請按照以下指示,在使用適用於 vSphere 7.x 的 TKr 佈建的 TKG 叢集上安裝標準套件。

必要條件

請參閱在適用於 vSphere 7.x 的 TKr 上安裝標準套件的工作流程

安裝 Contour with Envoy

安裝 Contour Ingress with Envoy 服務。
  1. 列出存放庫中的可用 Contour 版本。
    kubectl get packages -n tkg-system | grep contour
  2. 建立 contour.yaml 規格。

    請參閱#GUID-ED287018-E690-4993-9D34-F10BCFEE7609__GUID-CC995CF8-0F4B-4D92-A782-A3832C0EA5AE

  3. 如有必要,請為您的環境自訂 contour-data-values

    請參閱Contour 套件參考

  4. 安裝 Contour。
    kubectl apply -f contour.yaml
    serviceaccount/contour-sa
    createdclusterrolebinding.rbac.authorization.k8s.io/contour-role-binding created
    packageinstall.packaging.carvel.dev/contour created
    secret/contour-data-values created
  5. 確認 Contour 套件安裝。
    kubectl get pkgi -A
  6. 確認 Contour 物件。
    kubectl get all -n contour-ingress
    NAME                           READY   STATUS    RESTARTS   AGE
    pod/contour-777bdddc69-fqnsp   1/1     Running   0          102s
    pod/contour-777bdddc69-gs5xv   1/1     Running   0          102s
    pod/envoy-d4jtt                2/2     Running   0          102s
    pod/envoy-g5h72                2/2     Running   0          102s
    pod/envoy-pjpzc                2/2     Running   0          102s
    
    NAME              TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                      AGE
    service/contour   ClusterIP      10.105.242.46   <none>          8001/TCP                     102s
    service/envoy     LoadBalancer   10.103.245.57   10.197.154.69   80:32642/TCP,443:30297/TCP   102s
    
    NAME                   DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
    daemonset.apps/envoy   3         3         3       3            3           <none>          102s
    
    NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
    deployment.apps/contour   2/2     2            2           102s
    
    NAME                                 DESIRED   CURRENT   READY   AGE
    replicaset.apps/contour-777bdddc69   2         2         2       102s

    Contour 套件將安裝 2 個 Contour 網繭和 3 個 Envoy 網繭。Contour 和 Envoy 均作為服務公開。在此範例中,Envoy 服務具有外部 IP 位址 10.197.154.69。此 IP 位址從為工作負載網路 > 入口指定的 CIDR 獲得。已為此 IP 位址建立負載平衡器執行個體。此負載平衡器的伺服器集區成員是 Envoy 網繭。Envoy 網繭會假定執行這些網繭的 worker 節點的 IP 位址。可以透過查詢叢集節點 (kubectl get nodes -o wide) 來查看這些 IP。

contour.yaml

使用下列 contour.yaml 安裝 Contour with Envoy。更新版本變數以匹配目標套件版本。
apiVersion: v1
kind: ServiceAccount
metadata:
  name: contour-sa
  namespace: tkg-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: contour-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: contour-sa
    namespace: tkg-system
---
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
  name: contour
  namespace: tkg-system
spec:
  serviceAccountName: contour-sa
  packageRef:
    refName: contour.tanzu.vmware.com
    versionSelection:
      constraints: 1.26.1+vmware.1-tkg.1 #PKG-VERSION
  values:
  - secretRef:
      name: contour-data-values
---
apiVersion: v1
kind: Secret
metadata:
  name: contour-data-values
  namespace: tkg-system
stringData:
  values.yml: |
    ---
    namespace: tanzu-system-ingress
    contour:
      configFileContents: {}
      useProxyProtocol: false
      replicas: 2
      pspNames: "vmware-system-restricted"
      logLevel: info
    envoy:
      service:
        type: LoadBalancer
        annotations: {}
        externalTrafficPolicy: Cluster
        disableWait: false
      hostPorts:
        enable: true
        http: 80
        https: 443
      hostNetwork: false
      terminationGracePeriodSeconds: 300
      logLevel: info
    certificates:
      duration: 8760h
      renewBefore: 360h