Malha de serviços do Sistema

O MongoDB Enterprise Kubernetes Operator está obsoleto. O novo Operador MongoDB Controladores para Kubernetes substitui o MongoDB Enterprise Kubernetes Operator. A primeira versão dos Controladores para o Operador Kubernetes é funcionalmente equivalente à v1.33 do Enterprise Kubernetes Operator. Para obter mais informações sobre essa alteração e orientações sobre como migrar para o novo Operador, consulte as notas de versão da primeira nova versão. Não haverá versões futuras do MongoDB Enterprise Kubernetes Operator. Cada versão chegará ao fim da vida útil de acordo com a política de suporte de um ano existente. Migre para o Controladores para Operador Kubernetes para obter suporte contínuo.

Embora seja possível implantar configurações de Multi-Cluster Ops Manager, Multi-Cluster Sharded Cluster e Multi-Cluster Replica Set sem uma interface de rede, a abordagem recomendada (apresentada aqui) é aproveitar uma interface de serviço para lidar com a rede em vários Kubernetes. cluster. Para saber mais, consulte Como o operador do Kubernetes estabelece conectividade.

Esta página orienta você pelo processo de implantação e validação de uma malha de serviço Isio em vários clusters Kubernetes. O Isthio é apenas uma das muitas opções para implantar uma Service Mesh e não é compatível com o MongoDB.

Observação

O Istion não é suportado pelo MongoDB

O Isthio não é compatível com o MongoDB e é apenas uma das muitas ferramentas que você pode usar para implantar uma service interface nos clusters do Kubernetes.

Pré-requisitos

Antes de começar, execute as seguintes tarefas:

Instale o kubectl.
Defina as variáveis de ambiente do K8S_CLUSTER_*_CONTEXT_NAME conforme explicado no guia Clusters GKE.

código fonte

Você pode encontrar todo o código-fonte incluído no repositório do MongoDB Kubernetes Operator.

Procedimento

Clone o repositório do operador Kubernetes.

Execute o comando a seguir para clonar o repositório.

git clone https://github.com/mongodb/mongodb-enterprise-kubernetes.git
cd mongodb-enterprise-kubernetes
git checkout 1.33.0
cd architectures

Instale a malha de serviço do Isto.

Instale a malha de serviço do Istipo para permitir a resolução deDNS entre clusters e a conectividade de rede entre clusters do Kubernetes.

1 CTX_CLUSTER1=${K8S_CLUSTER_0_CONTEXT_NAME} \
2 CTX_CLUSTER2=${K8S_CLUSTER_1_CONTEXT_NAME} \
3 CTX_CLUSTER3=${K8S_CLUSTER_2_CONTEXT_NAME} \
4 ISTIO_VERSION="1.20.2" \
5 ./install_istio_separate_network.sh

Identifique os namespaces do Kubernetes.

Rotule os namespaces do Kubernetes em cada cluster para habilitar a injeção de sidecar do Istion.

kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" label namespace "${OPERATOR_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" label namespace "${OPERATOR_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" label namespace "${OPERATOR_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" label namespace "${OM_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" label namespace "${OM_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" label namespace "${OM_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" label namespace "${MDB_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" label namespace "${MDB_NAMESPACE}" istio-injection=enabled --overwrite
kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" label namespace "${MDB_NAMESPACE}" istio-injection=enabled --overwrite

Opcional. Verifique a conectividade do cluster.

Os scripts opcionais a seguir verificam se a interface de serviço está configurada corretamente para resolução e conectividade de DNS entre clusters.

Crie um namespace Kubernetes para o teste de conectividade.

1 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" create namespace "connectivity-test"
2 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite
3 
4 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" create namespace "connectivity-test"
5 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite
6 
7 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" create namespace "connectivity-test"
8 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite

Execute este script no cluster 0:

1 kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2   apiVersion: apps/v1
3   kind: StatefulSet
4   metadata:
5     name: echoserver0
6   spec:
7     replicas: 1
8     selector:
9       matchLabels:
10         app: echoserver0
11     template:
12       metadata:
13         labels:
14           app: echoserver0
15       spec:
16         containers:
17           - image: k8s.gcr.io/echoserver:1.10
18             imagePullPolicy: Always
19             name: echoserver0
20             ports:
21               - containerPort: 8080
22 EOF

Execute este script no cluster 1:

1 kubectl apply --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2   apiVersion: apps/v1
3   kind: StatefulSet
4   metadata:
5     name: echoserver1
6   spec:
7     replicas: 1
8     selector:
9       matchLabels:
10         app: echoserver1
11     template:
12       metadata:
13         labels:
14           app: echoserver1
15       spec:
16         containers:
17           - image: k8s.gcr.io/echoserver:1.10
18             imagePullPolicy: Always
19             name: echoserver1
20             ports:
21               - containerPort: 8080
22 EOF

Execute este script no cluster 2:

1 kubectl apply --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2   apiVersion: apps/v1
3   kind: StatefulSet
4   metadata:
5     name: echoserver2
6   spec:
7     replicas: 1
8     selector:
9       matchLabels:
10         app: echoserver2
11     template:
12       metadata:
13         labels:
14           app: echoserver2
15       spec:
16         containers:
17           - image: k8s.gcr.io/echoserver:1.10
18             imagePullPolicy: Always
19             name: echoserver2
20             ports:
21               - containerPort: 8080
22 EOF

Execute este script para aguardar a criação do StatefulSets:

1 kubectl wait --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver0-0 --timeout=60s
2 kubectl wait --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver1-0 --timeout=60s
3 kubectl wait --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver2-0 --timeout=60s

Criar serviço de Pod no cluster 0:

1 kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver0-0
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     statefulset.kubernetes.io/pod-name: "echoserver0-0"
13 EOF

Criar serviço de Pod no cluster 1:

1 kubectl apply --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver1-0
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     statefulset.kubernetes.io/pod-name: "echoserver1-0"
13 EOF

Criar serviço de Pod no cluster 2:

1 kubectl apply --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver2-0
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     statefulset.kubernetes.io/pod-name: "echoserver2-0"
13 EOF

Criar serviço de round robin no cluster 0:

1 kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     app: echoserver0
13 EOF

Criar serviço de round robin no cluster 1:

1 kubectl apply --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     app: echoserver1
13 EOF

Criar serviço de round robin no cluster 2:

1 kubectl apply --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     app: echoserver2
13 EOF

Verifique o Pod 0 do cluster 1:

1 source_cluster=${K8S_CLUSTER_1_CONTEXT_NAME}
2 target_pod="echoserver0-0"
3 source_pod="echoserver1-0"
4 target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5 echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6 out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7   /bin/bash -c "curl -v ${target_url}" 2>&1);
8 
9 if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10 then
11   echo "SUCCESS"
12 else
13   echo "ERROR: ${out}"
14   return 1
15 fi

1 Checking cross-cluster DNS resolution and connectivity from echoserver1-0 in gke_scratch-kubernetes-team_europe-central2-b_k8s-mdb-1-67d0389d75b70a0007e5894a to echoserver0-0
2 SUCCESS

Verifique o Pod 1 do cluster 0:

1 source_cluster=${K8S_CLUSTER_0_CONTEXT_NAME}
2 target_pod="echoserver1-0"
3 source_pod="echoserver0-0"
4 target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5 echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6 out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7   /bin/bash -c "curl -v ${target_url}" 2>&1);
8 
9 if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10 then
11   echo "SUCCESS"
12 else
13   echo "ERROR: ${out}"
14   return 1
15 fi

1 Checking cross-cluster DNS resolution and connectivity from echoserver0-0 in gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-67d0389d75b70a0007e5894a to echoserver1-0
2 SUCCESS

Verifique o Pod 1 do cluster 2:

1 source_cluster=${K8S_CLUSTER_2_CONTEXT_NAME}
2 target_pod="echoserver1-0"
3 source_pod="echoserver2-0"
4 target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5 echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6 out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7   /bin/bash -c "curl -v ${target_url}" 2>&1);
8 
9 if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10 then
11   echo "SUCCESS"
12 else
13   echo "ERROR: ${out}"
14   return 1
15 fi

1 Checking cross-cluster DNS resolution and connectivity from echoserver2-0 in gke_scratch-kubernetes-team_europe-central2-c_k8s-mdb-2-67d0389d75b70a0007e5894a to echoserver1-0
2 SUCCESS

Verifique o Pod 2 do cluster 0:

1 source_cluster=${K8S_CLUSTER_0_CONTEXT_NAME}
2 target_pod="echoserver2-0"
3 source_pod="echoserver0-0"
4 target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5 echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6 out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7   /bin/bash -c "curl -v ${target_url}" 2>&1);
8 
9 if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10 then
11   echo "SUCCESS"
12 else
13   echo "ERROR: ${out}"
14   return 1
15 fi

1 Checking cross-cluster DNS resolution and connectivity from echoserver0-0 in gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-67d0389d75b70a0007e5894a to echoserver2-0
2 SUCCESS

Execute o script de limpeza:

1 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" delete statefulset echoserver0
2 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" delete statefulset echoserver1
3 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" delete statefulset echoserver2
4 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver
5 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver
6 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver
7 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver0-0
8 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver1-0
9 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver2-0
10 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" delete ns "connectivity-test"
11 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" delete ns "connectivity-test"
12 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" delete ns "connectivity-test"

Voltar

Clusters GKE

Certificados TLS

1	CTX_CLUSTER1=${K8S_CLUSTER_0_CONTEXT_NAME} \
2	CTX_CLUSTER2=${K8S_CLUSTER_1_CONTEXT_NAME} \
3	CTX_CLUSTER3=${K8S_CLUSTER_2_CONTEXT_NAME} \
4	ISTIO_VERSION="1.20.2" \
5	./install_istio_separate_network.sh

1	kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" create namespace "connectivity-test"
2	kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite
3
4	kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" create namespace "connectivity-test"
5	kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite
6
7	kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" create namespace "connectivity-test"
8	kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite

1	kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2	apiVersion: apps/v1
3	kind: StatefulSet
4	metadata:
5	name: echoserver0
6	spec:
7	replicas: 1
8	selector:
9	matchLabels:
10	app: echoserver0
11	template:
12	metadata:
13	labels:
14	app: echoserver0
15	spec:
16	containers:
17	- image: k8s.gcr.io/echoserver:1.10
18	imagePullPolicy: Always
19	name: echoserver0
20	ports:
21	- containerPort: 8080
22	EOF

1	kubectl apply --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2	apiVersion: apps/v1
3	kind: StatefulSet
4	metadata:
5	name: echoserver1
6	spec:
7	replicas: 1
8	selector:
9	matchLabels:
10	app: echoserver1
11	template:
12	metadata:
13	labels:
14	app: echoserver1
15	spec:
16	containers:
17	- image: k8s.gcr.io/echoserver:1.10
18	imagePullPolicy: Always
19	name: echoserver1
20	ports:
21	- containerPort: 8080
22	EOF

1	kubectl apply --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2	apiVersion: apps/v1
3	kind: StatefulSet
4	metadata:
5	name: echoserver2
6	spec:
7	replicas: 1
8	selector:
9	matchLabels:
10	app: echoserver2
11	template:
12	metadata:
13	labels:
14	app: echoserver2
15	spec:
16	containers:
17	- image: k8s.gcr.io/echoserver:1.10
18	imagePullPolicy: Always
19	name: echoserver2
20	ports:
21	- containerPort: 8080
22	EOF

1	kubectl wait --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver0-0 --timeout=60s
2	kubectl wait --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver1-0 --timeout=60s
3	kubectl wait --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver2-0 --timeout=60s

1	kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2	apiVersion: v1
3	kind: Service
4	metadata:
5	name: echoserver0-0
6	spec:
7	ports:
8	- port: 8080
9	targetPort: 8080
10	protocol: TCP
11	selector:
12	statefulset.kubernetes.io/pod-name: "echoserver0-0"
13	EOF

1	source_cluster=${K8S_CLUSTER_1_CONTEXT_NAME}
2	target_pod="echoserver0-0"
3	source_pod="echoserver1-0"
4	target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5	echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6	out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7	/bin/bash -c "curl -v ${target_url}" 2>&1);
8
9	if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10	then
11	echo "SUCCESS"
12	else
13	echo "ERROR: ${out}"
14	return 1
15	fi

1	Checking cross-cluster DNS resolution and connectivity from echoserver1-0 in gke_scratch-kubernetes-team_europe-central2-b_k8s-mdb-1-67d0389d75b70a0007e5894a to echoserver0-0
2	SUCCESS

1	source_cluster=${K8S_CLUSTER_0_CONTEXT_NAME}
2	target_pod="echoserver1-0"
3	source_pod="echoserver0-0"
4	target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5	echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6	out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7	/bin/bash -c "curl -v ${target_url}" 2>&1);
8
9	if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10	then
11	echo "SUCCESS"
12	else
13	echo "ERROR: ${out}"
14	return 1
15	fi

1	source_cluster=${K8S_CLUSTER_2_CONTEXT_NAME}
2	target_pod="echoserver1-0"
3	source_pod="echoserver2-0"
4	target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5	echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6	out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7	/bin/bash -c "curl -v ${target_url}" 2>&1);
8
9	if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10	then
11	echo "SUCCESS"
12	else
13	echo "ERROR: ${out}"
14	return 1
15	fi

1	source_cluster=${K8S_CLUSTER_0_CONTEXT_NAME}
2	target_pod="echoserver2-0"
3	source_pod="echoserver0-0"
4	target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5	echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6	out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7	/bin/bash -c "curl -v ${target_url}" 2>&1);
8
9	if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10	then
11	echo "SUCCESS"
12	else
13	echo "ERROR: ${out}"
14	return 1
15	fi