Istio 서비스 메시

서비스 메시 없이 멀티 클러스터 MongoDB Ops Manager, 멀티 클러스터 샤드 클러스터 및 멀티 클러스터 복제본 세트 구성 을 배포 할 수 있지만, 권장되는 접근 방식(여기 참조)은 서비스 메시를 활용하여 다음을 처리하다 것입니다. 여러 Kubernetes 클러스터에 걸쳐 네트워킹. 자세한 학습 은 Kubernetes Operator의 연결 설정 방법을 참조하세요.

이 페이지에서는 여러 Kubernetes 클러스터에 Istio 서비스 메시를 배포하고 유효성을 검사하는 프로세스 안내합니다. Istio는 서비스 메시를 배포하기 위한 많은 옵션 중 하나일 뿐이며 MongoDB 에서는 지원되지 않습니다.

참고

Istio는 MongoDB 에서 지원되지 않습니다.

Istio는 MongoDB 에서 지원되지 않으며, Kubernetes 클러스터 전체에 서비스 메시를 배포 데 사용할 수 있는 많은 도구 중 하나일 뿐입니다.

전제 조건

시작하기 전에 다음 작업을 수행합니다.

kubectl를 설치합니다.
GKE 클러스터 가이드에 설명된 대로 K8S_CLUSTER_*_CONTEXT_NAME 환경 변수를 설정합니다.

소스 코드

포함된 모든 소스 코드MongoDB Kubernetes Operator 리포지토리에서 찾을 수 있습니다.

절차

Kubernetes Operator 리포지토리 복제합니다.

다음 명령을 실행하여 리포지토리 복제합니다.

git clone https://github.com/mongodb/mongodb-kubernetes.git
cd mongodb-kubernetes
git checkout 1.2.0
cd public/architectures

Istio 서비스 메시를 설치합니다.

Istio 서비스 메시를 설치하여 클러스터 간 DNS 확인 및 Kubernetes 클러스터 간의 네트워크 연결을 허용합니다.

1 CTX_CLUSTER1=${K8S_CLUSTER_0_CONTEXT_NAME} \
2 CTX_CLUSTER2=${K8S_CLUSTER_1_CONTEXT_NAME} \
3 CTX_CLUSTER3=${K8S_CLUSTER_2_CONTEXT_NAME} \
4 ISTIO_VERSION="1.20.2" \
5 ./install_istio_separate_network.sh

Kubernetes 네임스페이스에 레이블을 지정합니다.

각 클러스터 의 Kubernetes 네임스페이스에 레이블을 지정하여 Istio 사이드카 삽입을 활성화 .

kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" label namespace "${OPERATOR_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" label namespace "${OPERATOR_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" label namespace "${OPERATOR_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" label namespace "${OM_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" label namespace "${OM_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" label namespace "${OM_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" label namespace "${MDB_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" label namespace "${MDB_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" label namespace "${MDB_NAMESPACE}" istio-injection=enabled --overwrite

선택 사항. 클러스터 연결을 확인합니다.

다음 선택적 스크립트는 서비스 메시가 클러스터 간 DNS 확인 및 연결을 위해 올바르게 구성되었는지 확인합니다.

연결 테스트를 위한 Kubernetes 네임스페이스 를 생성합니다.

1 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" create namespace "connectivity-test"
2 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite
3 
4 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" create namespace "connectivity-test"
5 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite
6 
7 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" create namespace "connectivity-test"
8 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite

클러스터 0 에서 이 스크립트를 실행합니다.

1 kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2   apiVersion: apps/v1
3   kind: StatefulSet
4   metadata:
5     name: echoserver0
6   spec:
7     replicas: 1
8     selector:
9       matchLabels:
10         app: echoserver0
11     template:
12       metadata:
13         labels:
14           app: echoserver0
15       spec:
16         containers:
17           - image: k8s.gcr.io/echoserver:1.10
18             imagePullPolicy: Always
19             name: echoserver0
20             ports:
21               - containerPort: 8080
22 EOF

클러스터 1 에서 이 스크립트를 실행합니다.

1 kubectl apply --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2   apiVersion: apps/v1
3   kind: StatefulSet
4   metadata:
5     name: echoserver1
6   spec:
7     replicas: 1
8     selector:
9       matchLabels:
10         app: echoserver1
11     template:
12       metadata:
13         labels:
14           app: echoserver1
15       spec:
16         containers:
17           - image: k8s.gcr.io/echoserver:1.10
18             imagePullPolicy: Always
19             name: echoserver1
20             ports:
21               - containerPort: 8080
22 EOF

클러스터 2 에서 이 스크립트를 실행합니다.

1 kubectl apply --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2   apiVersion: apps/v1
3   kind: StatefulSet
4   metadata:
5     name: echoserver2
6   spec:
7     replicas: 1
8     selector:
9       matchLabels:
10         app: echoserver2
11     template:
12       metadata:
13         labels:
14           app: echoserver2
15       spec:
16         containers:
17           - image: k8s.gcr.io/echoserver:1.10
18             imagePullPolicy: Always
19             name: echoserver2
20             ports:
21               - containerPort: 8080
22 EOF

이 스크립트를 실행하여 StatefulSet가 생성될 때까지 기다립니다.

1 kubectl wait --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver0-0 --timeout=60s
2 kubectl wait --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver1-0 --timeout=60s
3 kubectl wait --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver2-0 --timeout=60s

클러스터 0 에 Pod 서비스를 만듭니다.

1 kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver0-0
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     statefulset.kubernetes.io/pod-name: "echoserver0-0"
13 EOF

클러스터 1 에 Pod 서비스를 만듭니다.

1 kubectl apply --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver1-0
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     statefulset.kubernetes.io/pod-name: "echoserver1-0"
13 EOF

클러스터 2 에 Pod 서비스를 만듭니다.

1 kubectl apply --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver2-0
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     statefulset.kubernetes.io/pod-name: "echoserver2-0"
13 EOF

클러스터 0 에 라운드 로빈 서비스를 생성합니다.

1 kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     app: echoserver0
13 EOF

클러스터 1 에 라운드 로빈 서비스를 생성합니다.

1 kubectl apply --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     app: echoserver1
13 EOF

클러스터 2 에 라운드 로빈 서비스를 생성합니다.

1 kubectl apply --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     app: echoserver2
13 EOF

클러스터 1 에서 Pod 0 을(를) 확인합니다.

1 source_cluster=${K8S_CLUSTER_1_CONTEXT_NAME}
2 target_pod="echoserver0-0"
3 source_pod="echoserver1-0"
4 target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5 echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6 out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7   /bin/bash -c "curl -v ${target_url}" 2>&1);
8 
9 if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10 then
11   echo "SUCCESS"
12 else
13   echo "ERROR: ${out}"
14   return 1
15 fi

1 Checking cross-cluster DNS resolution and connectivity from echoserver1-0 in gke_scratch-kubernetes-team_europe-central2-b_k8s-mdb-1-682f2df6e1745e000788a1d5-24552 to echoserver0-0
2 SUCCESS

클러스터 0 에서 Pod 1 을(를) 확인합니다.

1 source_cluster=${K8S_CLUSTER_0_CONTEXT_NAME}
2 target_pod="echoserver1-0"
3 source_pod="echoserver0-0"
4 target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5 echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6 out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7   /bin/bash -c "curl -v ${target_url}" 2>&1);
8 
9 if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10 then
11   echo "SUCCESS"
12 else
13   echo "ERROR: ${out}"
14   return 1
15 fi

1 Checking cross-cluster DNS resolution and connectivity from echoserver0-0 in gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-682f2df6e1745e000788a1d5-24552 to echoserver1-0
2 SUCCESS

클러스터 2 에서 Pod 1 을(를) 확인합니다.

1 source_cluster=${K8S_CLUSTER_2_CONTEXT_NAME}
2 target_pod="echoserver1-0"
3 source_pod="echoserver2-0"
4 target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5 echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6 out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7   /bin/bash -c "curl -v ${target_url}" 2>&1);
8 
9 if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10 then
11   echo "SUCCESS"
12 else
13   echo "ERROR: ${out}"
14   return 1
15 fi

1 Checking cross-cluster DNS resolution and connectivity from echoserver2-0 in gke_scratch-kubernetes-team_europe-central2-c_k8s-mdb-2-682f2df6e1745e000788a1d5-24552 to echoserver1-0
2 SUCCESS

클러스터 0 에서 Pod 2 을(를) 확인합니다.

1 source_cluster=${K8S_CLUSTER_0_CONTEXT_NAME}
2 target_pod="echoserver2-0"
3 source_pod="echoserver0-0"
4 target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5 echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6 out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7   /bin/bash -c "curl -v ${target_url}" 2>&1);
8 
9 if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10 then
11   echo "SUCCESS"
12 else
13   echo "ERROR: ${out}"
14   return 1
15 fi

1 Checking cross-cluster DNS resolution and connectivity from echoserver0-0 in gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-682f2df6e1745e000788a1d5-24552 to echoserver2-0
2 SUCCESS

정리 스크립트를 실행합니다.

1 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" delete statefulset echoserver0
2 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" delete statefulset echoserver1
3 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" delete statefulset echoserver2
4 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver
5 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver
6 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver
7 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver0-0
8 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver1-0
9 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver2-0
10 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" delete ns "connectivity-test"
11 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" delete ns "connectivity-test"
12 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" delete ns "connectivity-test"

돌아가기

GKE 클러스터

TLS 인증서

1	CTX_CLUSTER1=${K8S_CLUSTER_0_CONTEXT_NAME} \
2	CTX_CLUSTER2=${K8S_CLUSTER_1_CONTEXT_NAME} \
3	CTX_CLUSTER3=${K8S_CLUSTER_2_CONTEXT_NAME} \
4	ISTIO_VERSION="1.20.2" \
5	./install_istio_separate_network.sh

1	kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" create namespace "connectivity-test"
2	kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite
3
4	kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" create namespace "connectivity-test"
5	kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite
6
7	kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" create namespace "connectivity-test"
8	kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite

1	kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2	apiVersion: apps/v1
3	kind: StatefulSet
4	metadata:
5	name: echoserver0
6	spec:
7	replicas: 1
8	selector:
9	matchLabels:
10	app: echoserver0
11	template:
12	metadata:
13	labels:
14	app: echoserver0
15	spec:
16	containers:
17	- image: k8s.gcr.io/echoserver:1.10
18	imagePullPolicy: Always
19	name: echoserver0
20	ports:
21	- containerPort: 8080
22	EOF

1	kubectl apply --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2	apiVersion: apps/v1
3	kind: StatefulSet
4	metadata:
5	name: echoserver1
6	spec:
7	replicas: 1
8	selector:
9	matchLabels:
10	app: echoserver1
11	template:
12	metadata:
13	labels:
14	app: echoserver1
15	spec:
16	containers:
17	- image: k8s.gcr.io/echoserver:1.10
18	imagePullPolicy: Always
19	name: echoserver1
20	ports:
21	- containerPort: 8080
22	EOF

1	kubectl apply --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2	apiVersion: apps/v1
3	kind: StatefulSet
4	metadata:
5	name: echoserver2
6	spec:
7	replicas: 1
8	selector:
9	matchLabels:
10	app: echoserver2
11	template:
12	metadata:
13	labels:
14	app: echoserver2
15	spec:
16	containers:
17	- image: k8s.gcr.io/echoserver:1.10
18	imagePullPolicy: Always
19	name: echoserver2
20	ports:
21	- containerPort: 8080
22	EOF

1	kubectl wait --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver0-0 --timeout=60s
2	kubectl wait --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver1-0 --timeout=60s
3	kubectl wait --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver2-0 --timeout=60s

1	kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2	apiVersion: v1
3	kind: Service
4	metadata:
5	name: echoserver0-0
6	spec:
7	ports:
8	- port: 8080
9	targetPort: 8080
10	protocol: TCP
11	selector:
12	statefulset.kubernetes.io/pod-name: "echoserver0-0"
13	EOF

1	source_cluster=${K8S_CLUSTER_1_CONTEXT_NAME}
2	target_pod="echoserver0-0"
3	source_pod="echoserver1-0"
4	target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5	echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6	out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7	/bin/bash -c "curl -v ${target_url}" 2>&1);
8
9	if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10	then
11	echo "SUCCESS"
12	else
13	echo "ERROR: ${out}"
14	return 1
15	fi

1	Checking cross-cluster DNS resolution and connectivity from echoserver1-0 in gke_scratch-kubernetes-team_europe-central2-b_k8s-mdb-1-682f2df6e1745e000788a1d5-24552 to echoserver0-0
2	SUCCESS

1	source_cluster=${K8S_CLUSTER_0_CONTEXT_NAME}
2	target_pod="echoserver1-0"
3	source_pod="echoserver0-0"
4	target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5	echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6	out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7	/bin/bash -c "curl -v ${target_url}" 2>&1);
8
9	if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10	then
11	echo "SUCCESS"
12	else
13	echo "ERROR: ${out}"
14	return 1
15	fi

1	source_cluster=${K8S_CLUSTER_2_CONTEXT_NAME}
2	target_pod="echoserver1-0"
3	source_pod="echoserver2-0"
4	target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5	echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6	out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7	/bin/bash -c "curl -v ${target_url}" 2>&1);
8
9	if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10	then
11	echo "SUCCESS"
12	else
13	echo "ERROR: ${out}"
14	return 1
15	fi

1	source_cluster=${K8S_CLUSTER_0_CONTEXT_NAME}
2	target_pod="echoserver2-0"
3	source_pod="echoserver0-0"
4	target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5	echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6	out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7	/bin/bash -c "curl -v ${target_url}" 2>&1);
8
9	if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10	then
11	echo "SUCCESS"
12	else
13	echo "ERROR: ${out}"
14	return 1
15	fi