1.18.
1.18.1.
1.18.2.
1.18.3.
1.18.4.
1.18.5.
1.18.6.
- 참고
1.18.7.
1.18.7.1.
1.18.7.2.
1.18.7.3.
service.beta.kubernetes.io/aws-load-balancer-type: nlb
1.18.7.4.
1.18.7.5.
1.18.8.
1.18.9.
apiVersion: maistra.io/v2
kind: ServiceMeshControlPlane
metadata:
name: red-mesh
namespace: red-mesh-system
spec:
version: v2.3
runtime:
defaults:
container:
imagePullPolicy: Always
gateways:
additionalEgress:
egress-green-mesh:
enabled: true
requestedNetworkView:
- green-network
routerMode: sni-dnat
service:
metadata:
labels:
federation.maistra.io/egress-for: egress-green-mesh
ports:
- port: 15443
name: tls
- port: 8188
name: http-discovery #note HTTP here
egress-blue-mesh:
enabled: true
requestedNetworkView:
- blue-network
routerMode: sni-dnat
service:
metadata:
labels:
federation.maistra.io/egress-for: egress-blue-mesh
ports:
- port: 15443
name: tls
- port: 8188
name: http-discovery #note HTTP here
additionalIngress:
ingress-green-mesh:
enabled: true
routerMode: sni-dnat
service:
type: LoadBalancer
metadata:
labels:
federation.maistra.io/ingress-for: ingress-green-mesh
ports:
- port: 15443
name: tls
- port: 8188
name: https-discovery #note HTTPS here
ingress-blue-mesh:
enabled: true
routerMode: sni-dnat
service:
type: LoadBalancer
metadata:
labels:
federation.maistra.io/ingress-for: ingress-blue-mesh
ports:
- port: 15443
name: tls
- port: 8188
name: https-discovery #note HTTPS here
security:
trust:
domain: red-mesh.local
표 1.6.
| 매개변수 | 설명 | 값 | 기본값 |
|---|---|---|---|
spec:
cluster:
name:
|
| 문자열 | 해당 없음 |
spec:
cluster:
network:
|
| 문자열 | 해당 없음 |
1.18.9.1.
표 1.7.
| 매개변수 | 설명 | 값 | 기본값 |
|---|---|---|---|
spec:
gateways:
additionalEgress:
<egressName>:
|
| ||
spec:
gateways:
additionalEgress:
<egressName>:
enabled:
|
|
|
|
spec:
gateways:
additionalEgress:
<egressName>:
requestedNetworkView:
|
|
| |
spec:
gateways:
additionalEgress:
<egressName>:
routerMode:
|
|
| |
spec:
gateways:
additionalEgress:
<egressName>:
service:
metadata:
labels:
federation.maistra.io/egress-for:
|
| ||
spec:
gateways:
additionalEgress:
<egressName>:
service:
ports:
|
|
| |
spec:
gateways:
additionalIngress:
|
| ||
spec:
gateways:
additionalIgress:
<ingressName>:
enabled:
|
|
|
|
spec:
gateways:
additionalIngress:
<ingressName>:
routerMode:
|
|
| |
spec:
gateways:
additionalIngress:
<ingressName>:
service:
type:
|
|
| |
spec:
gateways:
additionalIngress:
<ingressName>:
service:
type:
|
|
| |
spec:
gateways:
additionalIngress:
<ingressName>:
service:
metadata:
labels:
federation.maistra.io/ingress-for:
|
| ||
spec:
gateways:
additionalIngress:
<ingressName>:
service:
ports:
|
|
| |
spec:
gateways:
additionalIngress:
<ingressName>:
service:
ports:
nodePort:
|
|
|
gateways:
additionalIngress:
ingress-green-mesh:
enabled: true
routerMode: sni-dnat
service:
type: NodePort
metadata:
labels:
federation.maistra.io/ingress-for: ingress-green-mesh
ports:
- port: 15443
nodePort: 30510
name: tls
- port: 8188
nodePort: 32359
name: https-discovery
1.18.9.2.
kind: ServiceMeshControlPlane
metadata:
name: red-mesh
namespace: red-mesh-system
spec:
security:
trust:
domain: red-mesh.local표 1.8.
| 매개변수 | 설명 | 값 | 기본값 |
|---|---|---|---|
spec:
security:
trust:
domain:
|
|
| 해당 없음 |
- Operators → 설치된 Operator로 이동합니다.
- Red Hat OpenShift Service Mesh Operator를 클릭합니다.
-
ServiceMeshControlPlane 세부 정보 만들기 페이지에서
YAML을 클릭하여 구성을 수정합니다. - 저장을 클릭합니다.
다음 절차에 따라 명령줄로 ServiceMeshControlPlane을 생성하거나 편집합니다.
다음 명령을 입력합니다. 메시지가 표시되면 사용자 이름과 암호를 입력합니다.
$ oc login --username=<NAMEOFUSER> https://<HOSTNAME>:6443
$ oc project red-mesh-system
$ oc edit -n red-mesh-system smcp red-mesh
$ oc get smcp -n red-mesh-system
NAME READY STATUS PROFILES VERSION AGE red-mesh 10/10 ComponentsReady ["default"] 2.1.0 4m25s
1.18.10.
[D]
kind: ServiceMeshPeer
apiVersion: federation.maistra.io/v1
metadata:
name: green-mesh
namespace: red-mesh-system
spec:
remote:
addresses:
- ingress-red-mesh.green-mesh-system.apps.domain.com
gateways:
ingress:
name: ingress-green-mesh
egress:
name: egress-green-mesh
security:
trustDomain: green-mesh.local
clientID: green-mesh.local/ns/green-mesh-system/sa/egress-red-mesh-service-account
certificateChain:
kind: ConfigMap
name: green-mesh-ca-root-cert
표 1.9.
| 매개변수 | 설명 | 값 |
|---|---|---|
metadata: name: |
| 문자열 |
metadata: namespace: |
| 문자열 |
spec:
remote:
addresses:
|
| |
spec:
remote:
discoveryPort:
|
|
|
spec:
remote:
servicePort:
|
|
|
spec:
gateways:
ingress:
name:
|
| |
spec:
gateways:
egress:
name:
|
| |
spec:
security:
trustDomain:
|
| <peerMeshName>.local |
spec:
security:
clientID:
|
| <peerMeshTrustDomain>/ns/<peerMeshSystem>/sa/<peerMeshEgressGatewayName>-service-account |
spec:
security:
certificateChain:
kind: ConfigMap
name:
|
|
|
1.18.10.1.
사전 요구 사항
-
cluster-admin역할이 있는 계정.
다음 명령을 입력합니다. 메시지가 표시되면 사용자 이름과 암호를 입력합니다.
$ oc login --username=<NAMEOFUSER> <API token> https://<HOSTNAME>:6443
$ oc project red-mesh-system
kind: ServiceMeshPeer apiVersion: federation.maistra.io/v1 metadata: name: green-mesh namespace: red-mesh-system spec: remote: addresses: - ingress-red-mesh.green-mesh-system.apps.domain.com gateways: ingress: name: ingress-green-mesh egress: name: egress-green-mesh security: trustDomain: green-mesh.local clientID: green-mesh.local/ns/green-mesh-system/sa/egress-red-mesh-service-account certificateChain: kind: ConfigMap name: green-mesh-ca-root-cert$ oc create -n red-mesh-system -f servicemeshpeer.yaml
$ oc -n red-mesh-system get servicemeshpeer green-mesh -o yaml
status: discoveryStatus: active: - pod: istiod-red-mesh-b65457658-9wq5j remotes: - connected: true lastConnected: "2021-10-05T13:02:25Z" lastFullSync: "2021-10-05T13:02:25Z" source: 10.128.2.149 watch: connected: true lastConnected: "2021-10-05T13:02:55Z" lastDisconnectStatus: 503 Service Unavailable lastFullSync: "2021-10-05T13:05:43Z"
1.18.11.
[D]
kind: ExportedServiceSet
apiVersion: federation.maistra.io/v1
metadata:
name: green-mesh
namespace: red-mesh-system
spec:
exportRules:
# export ratings.mesh-x-bookinfo as ratings.bookinfo
- type: NameSelector
nameSelector:
namespace: red-mesh-bookinfo
name: red-ratings
alias:
namespace: bookinfo
name: ratings
# export any service in red-mesh-bookinfo namespace with label export-service=true
- type: LabelSelector
labelSelector:
namespace: red-mesh-bookinfo
selector:
matchLabels:
export-service: "true"
aliases: # export all matching services as if they were in the bookinfo namespace
- namespace: "*"
name: "*"
alias:
namespace: bookinfo
표 1.10.
| 매개변수 | 설명 | 값 |
|---|---|---|
metadata: name: |
|
|
metadata: namespace: |
| |
spec: exportRules: - type: |
|
|
spec:
exportRules:
- type: NameSelector
nameSelector:
namespace:
name:
|
| |
spec:
exportRules:
- type: NameSelector
nameSelector:
alias:
namespace:
name:
|
| |
spec:
exportRules:
- type: LabelSelector
labelSelector:
namespace: <exportingMesh>
selector:
matchLabels:
<labelKey>: <labelValue>
|
| |
spec:
exportRules:
- type: LabelSelector
labelSelector:
namespace: <exportingMesh>
selector:
matchLabels:
<labelKey>: <labelValue>
aliases:
- namespace:
name:
alias:
namespace:
name:
|
|
kind: ExportedServiceSet
apiVersion: federation.maistra.io/v1
metadata:
name: blue-mesh
namespace: red-mesh-system
spec:
exportRules:
- type: NameSelector
nameSelector:
namespace: "*"
name: ratings
kind: ExportedServiceSet
apiVersion: federation.maistra.io/v1
metadata:
name: green-mesh
namespace: red-mesh-system
spec:
exportRules:
- type: NameSelector
nameSelector:
namespace: west-data-center
name: "*"
1.18.11.1.
사전 요구 사항
-
cluster-admin역할이 있는 계정.
다음 명령을 입력합니다. 메시지가 표시되면 사용자 이름과 암호를 입력합니다.
$ oc login --username=<NAMEOFUSER> <API token> https://<HOSTNAME>:6443
$ oc project red-mesh-system
apiVersion: federation.maistra.io/v1 kind: ExportedServiceSet metadata: name: green-mesh namespace: red-mesh-system spec: exportRules: - type: NameSelector nameSelector: namespace: red-mesh-bookinfo name: ratings alias: namespace: bookinfo name: red-ratings - type: NameSelector nameSelector: namespace: red-mesh-bookinfo name: reviews$ oc create -n <ControlPlaneNamespace> -f <ExportedServiceSet.yaml>
예를 들면 다음과 같습니다.
$ oc create -n red-mesh-system -f export-to-green-mesh.yaml
$ oc get exportedserviceset <PeerMeshExportedTo> -o yaml
예를 들면 다음과 같습니다.
$ oc get exportedserviceset green-mesh -o yaml
$ oc get exportedserviceset <PeerMeshExportedTo> -o yaml
예를 들면 다음과 같습니다.
$ oc -n red-mesh-system get exportedserviceset green-mesh -o yaml
status: exportedServices: - exportedName: red-ratings.bookinfo.svc.green-mesh-exports.local localService: hostname: ratings.red-mesh-bookinfo.svc.cluster.local name: ratings namespace: red-mesh-bookinfo - exportedName: reviews.red-mesh-bookinfo.svc.green-mesh-exports.local localService: hostname: reviews.red-mesh-bookinfo.svc.cluster.local name: reviews namespace: red-mesh-bookinfo
1.18.12.
[D]
kind: ImportedServiceSet
apiVersion: federation.maistra.io/v1
metadata:
name: red-mesh #name of mesh that exported the service
namespace: green-mesh-system #mesh namespace that service is being imported into
spec:
importRules: # first matching rule is used
# import ratings.bookinfo as ratings.bookinfo
- type: NameSelector
importAsLocal: false
nameSelector:
namespace: bookinfo
name: ratings
alias:
# service will be imported as ratings.bookinfo.svc.red-mesh-imports.local
namespace: bookinfo
name: ratings
표 1.11.
| 매개변수 | 설명 | 값 |
|---|---|---|
metadata: name: |
| |
metadata: namespace: |
| |
spec: importRules: - type: |
|
|
spec:
importRules:
- type: NameSelector
nameSelector:
namespace:
name:
|
| |
spec:
importRules:
- type: NameSelector
importAsLocal:
|
|
|
spec:
importRules:
- type: NameSelector
nameSelector:
namespace:
name:
alias:
namespace:
name:
|
|
kind: ImportedServiceSet
apiVersion: federation.maistra.io/v1
metadata:
name: red-mesh
namespace: blue-mesh-system
spec:
importRules:
- type: NameSelector
importAsLocal: false
nameSelector:
namespace: bookinfo
name: ratings
kind: ImportedServiceSet
apiVersion: federation.maistra.io/v1
metadata:
name: red-mesh
namespace: green-mesh-system
spec:
importRules:
- type: NameSelector
importAsLocal: false
nameSelector:
namespace: west-data-center
name: "*"
1.18.12.1.
사전 요구 사항
-
cluster-admin역할이 있는 계정.
다음 명령을 입력합니다. 메시지가 표시되면 사용자 이름과 암호를 입력합니다.
$ oc login --username=<NAMEOFUSER> <API token> https://<HOSTNAME>:6443
$ oc project green-mesh-system
kind: ImportedServiceSet apiVersion: federation.maistra.io/v1 metadata: name: red-mesh namespace: green-mesh-system spec: importRules: - type: NameSelector importAsLocal: false nameSelector: namespace: bookinfo name: red-ratings alias: namespace: bookinfo name: ratings$ oc create -n <ControlPlaneNamespace> -f <ImportedServiceSet.yaml>
예를 들면 다음과 같습니다.
$ oc create -n green-mesh-system -f import-from-red-mesh.yaml
$ oc get importedserviceset <PeerMeshImportedInto> -o yaml
예를 들면 다음과 같습니다.
$ oc get importedserviceset green-mesh -o yaml
$ oc get importedserviceset <PeerMeshImportedInto> -o yaml
$ oc -n green-mesh-system get importedserviceset/red-mesh -o yaml
status: importedServices: - exportedName: red-ratings.bookinfo.svc.green-mesh-exports.local localService: hostname: ratings.bookinfo.svc.red-mesh-imports.local name: ratings namespace: bookinfo - exportedName: reviews.red-mesh-bookinfo.svc.green-mesh-exports.local localService: hostname: "" name: "" namespace: ""
1.18.13.
사전 요구 사항
-
cluster-admin역할이 있는 계정.
1.18.13.1.
kind: ImportedServiceSet
apiVersion: federation.maistra.io/v1
metadata:
name: red-mesh #name of mesh that exported the service
namespace: green-mesh-system #mesh namespace that service is being imported into
spec:
importRules: # first matching rule is used
# import ratings.bookinfo as ratings.bookinfo
- type: NameSelector
importAsLocal: true
nameSelector:
namespace: bookinfo
name: ratings
alias:
# service will be imported as ratings.bookinfo.svc.red-mesh-imports.local
namespace: bookinfo
name: ratings
#Locality within which imported services should be associated.
locality:
region: us-west
표 1.12.
| 이름 | 설명 | 유형 |
|---|---|---|
|
|
| string |
|
|
| string |
|
|
| string |
절차
$ oc login --username=<NAMEOFUSER> <API token> https://<HOSTNAME>:6443
$ oc project <smcp-system>
$ oc project green-mesh-system
$ oc edit -n <smcp-system> -f <ImportedServiceSet.yaml>
$ oc edit -n green-mesh-system -f import-from-red-mesh.yaml
- 변경 사항을 저장하십시오.
1.18.13.2.
절차
다음 명령을 입력합니다. 메시지가 표시되면 사용자 이름과 암호를 입력합니다.
$ oc login --username=<NAMEOFUSER> <API token> https://<HOSTNAME>:6443
$ oc project <smcp-system>
$ oc project green-mesh-system
apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: default-failover namespace: bookinfo spec: host: "ratings.bookinfo.svc.cluster.local" trafficPolicy: loadBalancer: localityLbSetting: enabled: true failover: - from: us-east to: us-west outlierDetection: consecutive5xxErrors: 3 interval: 10s baseEjectionTime: 1m$ oc create -n <application namespace> -f <DestinationRule.yaml>
예를 들면 다음과 같습니다.
$ oc create -n bookinfo -f green-mesh-us-west-DestinationRule.yaml
1.18.14.
1.18.14.1.
1.18.14.2.
1.18.15.