Langkah ini menjelaskan cara mendownload dan menginstal cert-manager dan Anthos Service Mesh (ASM), yang diperlukan agar Apigee Hybrid dapat beroperasi.
Instal cert-manager
Gunakan salah satu dari dua perintah berikut untuk menginstal cert-manager v0.14.2 dari GitHub.
Untuk menemukan versi Kubernetes Anda, gunakan perintah kubectl version.
- Jika Anda memiliki Kubernetes 1.15 atau yang lebih baru:
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.2/cert-manager.yaml
- Versi Kubernetes yang lebih lama dari 1.15:
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.2/cert-manager-legacy.yaml
Anda akan melihat respons bahwa namespace cert-manager dan beberapa resource cert-manager telah dibuat.
Menginstal ASM
Hybrid Apigee menggunakan distribusi Istio yang disediakan dengan Anthos Service Mesh (ASM). Ikuti langkah-langkah berikut untuk menginstal ASM di cluster Anda.
Versi ASM yang didukung
Untuk penginstalan hybrid baru, instal ASM 1.6.x ke dalam cluster Anda. Jika Anda mengupgrade dari versi hybrid 1.2.x, instal ASM versi 1.5.x ke dalam cluster Anda.
Lakukan langkah-langkah penyiapan dan konfigurasi ASM
Untuk menyelesaikan penginstalan ASM, Anda harus mengikuti langkah-langkah penyiapan dan konfigurasi khusus ASM terlebih dahulu dalam dokumentasi ASM. Kemudian, Anda harus kembali ke sini untuk menyelesaikan konfigurasi khusus hybrid sebelum menerapkan konfigurasi ke cluster.
- Ikuti langkah-langkah penyiapan dan konfigurasi ASM:
- Jika ini adalah penginstalan baru Apigee hybrid, instal ASM versi 1.6.x. Buka: Pengantar penginstalan dan migrasi.
- Jika Anda melakukan upgrade dari versi hybrid sebelumnya, gunakan ASM 1.5.x. Buka: Menginstal Anthos Service Mesh di cluster yang sudah ada.
Setelah Anda menyelesaikan langkah-langkah penyiapan dan konfigurasi ASM, buka bagian berikutnya untuk menyelesaikan langkah-langkah konfigurasi hybrid dan penginstalan ASM.
Lakukan konfigurasi hybrid akhir dan instal ASM
Terakhir, tambahkan konfigurasi khusus hybrid ke file istio-operator.yaml dan
instal ASM.
-
Pastikan Anda berada di direktori root penginstalan ASM. Misalnya:
1.6.11-asm.1. - Buka file
./asm/cluster/istio-operator.yamldi editor. - Tambahkan baris berikut yang diindentasi di bawah
spec.meshConfig::Teks yang akan disalin
# This disables Istio from configuring workloads for mTLS if TLSSettings are not specified. 1.4 defaulted to false. enableAutoMtls: false accessLogFile: "/dev/stdout" accessLogEncoding: 1 # This is Apigee's custom access log format. Changes should not be made to this # unless first working with the Data and AX teams as they parse these logs for # SLOs. accessLogFormat: '{"start_time":"%START_TIME%","remote_address":"%DOWNSTREAM_DIRECT_REMOTE_ADDRESS%","user_agent":"%REQ(USER-AGENT)%","host":"%REQ(:AUTHORITY)%","request":"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%","request_time":"%DURATION%","status":"%RESPONSE_CODE%","status_details":"%RESPONSE_CODE_DETAILS%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","upstream_address":"%UPSTREAM_HOST%","upstream_response_flags":"%RESPONSE_FLAGS%","upstream_response_time":"%RESPONSE_DURATION%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_cluster":"%UPSTREAM_CLUSTER%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","request_method":"%REQ(:METHOD)%","request_path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","request_protocol":"%PROTOCOL%","tls_protocol":"%DOWNSTREAM_TLS_VERSION%","request_id":"%REQ(X-REQUEST-ID)%","sni_host":"%REQUESTED_SERVER_NAME%","apigee_dynamic_data":"%DYNAMIC_METADATA(envoy.lua)%"}'Contoh yang menampilkan penempatan
Jeda baris disisipkan agar mudah dibaca
apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: clusterName: "hybrid-example/us-central1/example-cluster" # {"$ref":"#/definitions/io.k8s.cli.substitutions.cluster-name"} spec: profile: asm hub: gcr.io/gke-release/asm # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.hub"} tag: 1.5.7-asm.0 # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.tag"} meshConfig: # This disables Istio from configuring workloads for mTLS if TLSSettings are not specified. # 1.4 defaulted to false. enableAutoMtls: false accessLogFile: "/dev/stdout" accessLogEncoding: 1 # This is Apigee's custom access log format. Changes should not be made to this # unless first working with the Data and AX teams as they parse these logs for # SLOs. accessLogFormat: '{"start_time":"%START_TIME%","remote_address":"%DOWNSTREAM_DIRECT_REMOTE _ADDRESS%","user_agent":"%REQ(USER-AGENT)%","host":"%REQ(:AUTHORITY)%","request":"%REQ(: METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%","request_time":"%DURATION%","status":"%RE SPONSE_CODE%","status_details":"%RESPONSE_CODE_DETAILS%","bytes_received":"%BYTES_RECEIV ED%","bytes_sent":"%BYTES_SENT%","upstream_address":"%UPSTREAM_HOST%","upstream_response _flags":"%RESPONSE_FLAGS%","upstream_response_time":"%RESPONSE_DURATION%","upstream_serv ice_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_cluster":"%UPSTREAM_CLUSTER% ","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","request_method":"%REQ(:METHOD)%","request_ path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","request_protocol":"%PROTOCOL%","tls_protocol ":"%DOWNSTREAM_TLS_VERSION%","request_id":"%REQ(X-REQUEST-ID)%","sni_host":"%REQUESTED_S ERVER_NAME%","apigee_dynamic_data":"%DYNAMIC_METADATA(envoy.lua)%"}' defaultConfig: proxyMetadata: GCP_METADATA: "hybrid-example|123456789123|example-cluster|us-central1" # {"$ref":"#/definitions/io.k8s.cli.substitutions.gke-metadata"}
- Tambahkan (atau perbarui) stanza
spec:componentsdi fileistio-operator.yamldi bawah bagianmeshConfig:dan tepat di atasvalues:, dengan reserved_static_ip adalah alamat IP yang Anda cadangkan untuk gateway ingress runtime di Project and Org Setup - Step 5: Configure Cloud DNS.Teks yang akan disalin
ingressGateways: - name: istio-ingressgateway enabled: true k8s: service: type: LoadBalancer loadBalancerIP: reserved_static_ip ports: - name: status-port port: 15020 targetPort: 15020 - name: http2 port: 80 targetPort: 80 - name: https port: 443 - name: prometheus port: 15030 targetPort: 15030 - name: tcp port: 31400 targetPort: 31400 - name: tls port: 15443 targetPort: 15443Contoh yang menampilkan penempatan
Jeda baris disisipkan agar mudah dibaca
apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: clusterName: "hybrid-example/us-central1/example-cluster" # {"$ref":"#/definitions/io.k8s.cli.substitutions.cluster-name"} spec: profile: asm hub: gcr.io/gke-release/asm # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.hub"} tag: 1.5.7-asm.0 # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.tag"} meshConfig: # This disables Istio from configuring workloads for mTLS if TLSSettings are not specified. # 1.4 defaulted to false. enableAutoMtls: false accessLogFile: "/dev/stdout" accessLogEncoding: 1 # This is Apigee's custom access log format. Changes should not be made to this # unless first working with the Data and AX teams as they parse these logs for # SLOs. accessLogFormat: '{"start_time":"%START_TIME%","remote_address":"%DOWNSTREAM_DIRECT_REMOTE _ADDRESS%","user_agent":"%REQ(USER-AGENT)%","host":"%REQ(:AUTHORITY)%","request":"%REQ(: METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%","request_time":"%DURATION%","status":"%RE SPONSE_CODE%","status_details":"%RESPONSE_CODE_DETAILS%","bytes_received":"%BYTES_RECEIV ED%","bytes_sent":"%BYTES_SENT%","upstream_address":"%UPSTREAM_HOST%","upstream_response _flags":"%RESPONSE_FLAGS%","upstream_response_time":"%RESPONSE_DURATION%","upstream_serv ice_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_cluster":"%UPSTREAM_CLUSTER% ","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","request_method":"%REQ(:METHOD)%","request_ path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","request_protocol":"%PROTOCOL%","tls_protocol ":"%DOWNSTREAM_TLS_VERSION%","request_id":"%REQ(X-REQUEST-ID)%","sni_host":"%REQUESTED_S ERVER_NAME%","apigee_dynamic_data":"%DYNAMIC_METADATA(envoy.lua)%"}' defaultConfig: proxyMetadata: GCP_METADATA: "hybrid-example|123456789123|example-cluster|us-central1" # {"$ref":"#/definitions/io.k8s.cli.substitutions.gke-metadata"} components: pilot: k8s: hpaSpec: maxReplicas: 2 ingressGateways: - name: istio-ingressgateway enabled: true k8s: service: type: LoadBalancer loadBalancerIP: 123.234.56.78 ports: - name: status-port port: 15020 targetPort: 15020 - name: http2 port: 80 targetPort: 80 - name: https port: 443 - name: prometheus port: 15030 targetPort: 15030 - name: tcp port: 31400 targetPort: 31400 - name: tls port: 15443 targetPort: 15443 hpaSpec: maxReplicas: 2 values: . . .
- Sekarang kembali ke dokumentasi ASM yang Anda gunakan sebelumnya, lalu selesaikan penginstalan ASM
(instal atau terapkan file
istio-operator.yamlke cluster). Jika diberi pilihan, pilih PERMISSIVE mTLS.
Ringkasan
Anda kini telah menginstal cert-manager dan ASM, dan Anda siap menginstal alat command line hybrid Apigee di komputer lokal Anda.
1 2 (NEXT) Langkah 3: Instal apigeectl 4 5