請按照以下指示,在使用適用於 vSphere 7.x 的 TKr 佈建的 TKG 叢集上安裝標準套件。
必要條件
安裝 Contour with Envoy
安裝 Contour Ingress with Envoy 服務。
- 列出存放庫中的可用 Contour 版本。
kubectl get packages -n tkg-system | grep contour
- 建立
contour.yaml規格。請參閱#GUID-ED287018-E690-4993-9D34-F10BCFEE7609__GUID-CC995CF8-0F4B-4D92-A782-A3832C0EA5AE。
- 如有必要,請為您的環境自訂
contour-data-values。請參閱Contour 套件參考。
- 安裝 Contour。
kubectl apply -f contour.yaml
serviceaccount/contour-sa createdclusterrolebinding.rbac.authorization.k8s.io/contour-role-binding created packageinstall.packaging.carvel.dev/contour created secret/contour-data-values created
- 確認 Contour 套件安裝。
kubectl get pkgi -A
- 確認 Contour 物件。
kubectl get all -n contour-ingress
NAME READY STATUS RESTARTS AGE pod/contour-777bdddc69-fqnsp 1/1 Running 0 102s pod/contour-777bdddc69-gs5xv 1/1 Running 0 102s pod/envoy-d4jtt 2/2 Running 0 102s pod/envoy-g5h72 2/2 Running 0 102s pod/envoy-pjpzc 2/2 Running 0 102s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/contour ClusterIP 10.105.242.46 <none> 8001/TCP 102s service/envoy LoadBalancer 10.103.245.57 10.197.154.69 80:32642/TCP,443:30297/TCP 102s NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/envoy 3 3 3 3 3 <none> 102s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/contour 2/2 2 2 102s NAME DESIRED CURRENT READY AGE replicaset.apps/contour-777bdddc69 2 2 2 102s
Contour 套件將安裝 2 個 Contour 網繭和 3 個 Envoy 網繭。Contour 和 Envoy 均作為服務公開。在此範例中,Envoy 服務具有外部 IP 位址 10.197.154.69。此 IP 位址從為指定的 CIDR 獲得。已為此 IP 位址建立負載平衡器執行個體。此負載平衡器的伺服器集區成員是 Envoy 網繭。Envoy 網繭會假定執行這些網繭的 worker 節點的 IP 位址。可以透過查詢叢集節點 (
kubectl get nodes -o wide) 來查看這些 IP。
contour.yaml
使用下列
contour.yaml 安裝 Contour with Envoy。更新版本變數以匹配目標套件版本。
apiVersion: v1
kind: ServiceAccount
metadata:
name: contour-sa
namespace: tkg-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: contour-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: contour-sa
namespace: tkg-system
---
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
name: contour
namespace: tkg-system
spec:
serviceAccountName: contour-sa
packageRef:
refName: contour.tanzu.vmware.com
versionSelection:
constraints: 1.26.1+vmware.1-tkg.1 #PKG-VERSION
values:
- secretRef:
name: contour-data-values
---
apiVersion: v1
kind: Secret
metadata:
name: contour-data-values
namespace: tkg-system
stringData:
values.yml: |
---
namespace: tanzu-system-ingress
contour:
configFileContents: {}
useProxyProtocol: false
replicas: 2
pspNames: "vmware-system-restricted"
logLevel: info
envoy:
service:
type: LoadBalancer
annotations: {}
externalTrafficPolicy: Cluster
disableWait: false
hostPorts:
enable: true
http: 80
https: 443
hostNetwork: false
terminationGracePeriodSeconds: 300
logLevel: info
certificates:
duration: 8760h
renewBefore: 360h
