Các bạn đã triển khai xong Tanzu, bây giờ hãy demo trên TKG bằng một Microservice Application từ github
Tắt PSP
Mặc định, TKG sẽ bật PSP (Pod Security Policies). Cho nên bạn phải tắt PSP trước khi deploy ứng dụng
Sử dụng depoyment sau. Lưu nội dung thành file psp.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: clusterrole:psp:restricted
rules:
- apiGroups:
- extensions
resources:
- podsecuritypolicies
resourceNames:
- vmware-system-privileged # the psp we are giving access to
- vmware-system-restricted # the psp we are giving access to
verbs:
- use
---
#This applies psp/restricted to all authenticated users
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: clusterrolebind:psp:restricted
subjects:
- kind: Group
name: system:authenticated # All authenticated users
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: clusterrole:psp:restricted # A references to the role above
apiGroup: rbac.authorization.k8s.io
Apply deployment
tamtran20@cli-vm:~$ kubectl apply -f psp.yaml
clusterrole.rbac.authorization.k8s.io/clusterrole:psp:restricted created
clusterrolebinding.rbac.authorization.k8s.io/clusterrolebind:psp:restricted created
Triển khai ứng dụng Shop Sock
https://microservices-demo.github.io/deployment/kubernetes-start.html
Ứng dụng này là phần user-facing của một cửa hàng trực tuyến bán tất. Nó nhằm mục đích hỗ trợ demo và thử nghiệm microservice và cloud native .
Nó được xây dựng bằng Spring Boot, Go kit và Node.js và được đóng gói trong các Docker containers
Download microservices-demo từ github https://github.com/microservices-demo/microservices-demo
Nháy phải vào Download ZIP -> Copy Link Address
Download về máy
tamtran20@cli-vm:~$ wget https://github.com/microservices-demo/microservices-demo/archive/refs/heads/master.zip
Unzip file, chúng ta sẽ được package mong muốn.
tamtran20@cli-vm:~$ unzip master.zip.1
Tìm đến file complete-demo.yaml ở /deploy/kubernetes, và review file
Thực hiện deploy ứng dụng
tamtran20@cli-vm:~$ kubectl apply -f complete-demo.yaml
namespace/sock-shop created
deployment.apps/carts created
service/carts created
deployment.apps/carts-db created
service/carts-db created
deployment.apps/catalogue created
service/catalogue created
deployment.apps/catalogue-db created
service/catalogue-db created
deployment.apps/front-end created
service/front-end created
deployment.apps/orders created
service/orders created
deployment.apps/orders-db created
service/orders-db created
deployment.apps/payment created
service/payment created
deployment.apps/queue-master created
service/queue-master created
deployment.apps/rabbitmq created
service/rabbitmq created
deployment.apps/session-db created
service/session-db created
deployment.apps/shipping created
service/shipping created
deployment.apps/user created
service/user created
deployment.apps/user-db created
service/user-db created
Đảm bảo lớp mạng của worker nodes có thể đi ra internet để get file image từ public repo về.
Kiểm tra quá trình deploy
tamtran20@cli-vm:~$ kubectl get all -n sock-shop
NAME READY STATUS RESTARTS AGE
pod/carts-b4d4ffb5c-cwslq 1/1 Running 0 9h
pod/carts-db-6c6c68b747-pqjwc 1/1 Running 0 9h
pod/catalogue-759cc6b86-n9npn 1/1 Running 0 9h
pod/catalogue-db-96f6f6b4c-whlqw 1/1 Running 0 9h
pod/front-end-5c89db9f57-85bbr 1/1 Running 0 9h
pod/orders-7664c64d75-4xsk6 1/1 Running 0 9h
pod/orders-db-659949975f-2q2jv 1/1 Running 0 9h
pod/payment-7bcdbf45c9-qn5hf 1/1 Running 0 9h
pod/queue-master-5f6d6d4796-s4rg5 1/1 Running 0 9h
pod/rabbitmq-5bcbb547d7-bbvnc 2/2 Running 0 9h
pod/session-db-7cf97f8d4f-4vchk 1/1 Running 0 9h
pod/shipping-7f7999ffb7-bmq5w 1/1 Running 0 9h
pod/user-68df64db9c-x5v2b 1/1 Running 0 9h
pod/user-db-6df7444fc-ssjpv 1/1 Running 0 9h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/carts ClusterIP 100.71.57.117 80/TCP 9h
service/carts-db ClusterIP 100.68.73.85 27017/TCP 9h
service/catalogue ClusterIP 100.71.75.98 80/TCP 9h
service/catalogue-db ClusterIP 100.67.157.227 3306/TCP 9h
service/front-end NodePort 100.71.97.83 80:30001/TCP 9h
service/orders ClusterIP 100.70.1.110 80/TCP 9h
service/orders-db ClusterIP 100.67.230.21 27017/TCP 9h
service/payment ClusterIP 100.67.209.50 80/TCP 9h
service/queue-master ClusterIP 100.66.244.130 80/TCP 9h
service/rabbitmq ClusterIP 100.66.46.206 5672/TCP,9090/TCP 9h
service/session-db ClusterIP 100.66.242.39 6379/TCP 9h
service/shipping ClusterIP 100.65.252.113 80/TCP 9h
service/user ClusterIP 100.64.192.33 80/TCP 9h
service/user-db ClusterIP 100.71.127.62 27017/TCP 9h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/carts 1/1 1 1 9h
deployment.apps/carts-db 1/1 1 1 9h
deployment.apps/catalogue 1/1 1 1 9h
deployment.apps/catalogue-db 1/1 1 1 9h
deployment.apps/front-end 1/1 1 1 9h
deployment.apps/orders 1/1 1 1 9h
deployment.apps/orders-db 1/1 1 1 9h
deployment.apps/payment 1/1 1 1 9h
deployment.apps/queue-master 1/1 1 1 9h
deployment.apps/rabbitmq 1/1 1 1 9h
deployment.apps/session-db 1/1 1 1 9h
deployment.apps/shipping 1/1 1 1 9h
deployment.apps/user 1/1 1 1 9h
deployment.apps/user-db 1/1 1 1 9h
NAME DESIRED CURRENT READY AGE
replicaset.apps/carts-b4d4ffb5c 1 1 1 9h
replicaset.apps/carts-db-6c6c68b747 1 1 1 9h
replicaset.apps/catalogue-759cc6b86 1 1 1 9h
replicaset.apps/catalogue-db-96f6f6b4c 1 1 1 9h
replicaset.apps/front-end-5c89db9f57 1 1 1 9h
replicaset.apps/orders-7664c64d75 1 1 1 9h
replicaset.apps/orders-db-659949975f 1 1 1 9h
replicaset.apps/payment-7bcdbf45c9 1 1 1 9h
replicaset.apps/queue-master-5f6d6d4796 1 1 1 9h
replicaset.apps/rabbitmq-5bcbb547d7 1 1 1 9h
replicaset.apps/session-db-7cf97f8d4f 1 1 1 9h
replicaset.apps/shipping-7f7999ffb7 1 1 1 9h
replicaset.apps/user-68df64db9c 1 1 1 9h
replicaset.apps/user-db-6df7444fc 1 1 1 9h
Quá trình deploy đang xảy ra
Kiểm tra service
tamtran20@cli-vm:~$ kubectl get services --namespace=sock-shop
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
carts ClusterIP 100.71.57.117 80/TCP 10h
carts-db ClusterIP 100.68.73.85 27017/TCP 10h
catalogue ClusterIP 100.71.75.98 80/TCP 10h
catalogue-db ClusterIP 100.67.157.227 3306/TCP 10h
front-end NodePort 100.71.97.83 80:30001/TCP 10h
orders ClusterIP 100.70.1.110 80/TCP 10h
orders-db ClusterIP 100.67.230.21 27017/TCP 10h
payment ClusterIP 100.67.209.50 80/TCP 10h
queue-master ClusterIP 100.66.244.130 80/TCP 10h
rabbitmq ClusterIP 100.66.46.206 5672/TCP,9090/TCP 10h
session-db ClusterIP 100.66.242.39 6379/TCP 10h
shipping ClusterIP 100.65.252.113 80/TCP 10h
user ClusterIP 100.64.192.33 80/TCP 10h
user-db ClusterIP 100.71.127.62 27017/TCP 10h
Expose service front-end để user kết nối vào
tamtran20@cli-vm:~$ kubectl expose service front-end --name=front-end-lb --port=80 --target-port=8079 --type=LoadBalancer --namespace=sock-shop
service/front-end-lb exposed
Trên NSX-ALB một loadbalancer sẽ được tạo; Address: 192.168.22.26
Loadbalacing về 3 worker nodes
Kiểm tra lại external IP
tamtran20@cli-vm:~$ kubectl get services --namespace=sock-shop
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
.....
front-end NodePort 100.71.97.83 80:30001/TCP 10h
front-end-lb LoadBalancer 100.68.246.3 192.168.22.26 80:30827/TCP 12m
...
Bây giờ user có thể truy cập vào web thông qua front-end network
