簡單記錄下對(duì)kuma（居于1.4.1版本）的初步學(xué)習(xí)，kuma 本質(zhì)綁定Envoy，以Envoy作為底層、sidecar模式的mesh。
Kuma的一個(gè)特點(diǎn)是不僅僅支持kubernetes，還支持Universal模式：裸機(jī)模式部署，核心模塊
1、kuma-cp
2、kuma-dp
3、kumactl
4、GUI
其中kumactl是類似kubectl的命令行工具、CP和dp如下圖描述。dp會(huì)拉起一個(gè)Envoy。

項(xiàng)目的文檔還不完善，kubernetes 下的demo有問題，缺少DP操作部分，universal 可以跑通，以docker 模式啟動(dòng)測(cè)試universal大致過程如下。

啟動(dòng)CP、redis及demo

以docker-compose模式啟動(dòng)CP、redis及demo

version: "3"services:redis:image: redishostname: rediscontainer_name: redis network_mode: host command: ["redis-server" , "--port" , "26379"]kuma-demo:image: thefosk/kuma-demohostname: kuma-democontainer_name: kuma-demo network_mode: host #user: root##command: ["bundle", "exec", "thin", "-p", "3000"] kuma-cp:image: kumahq/kuma-cp:1.4.1hostname: kuma-cpcontainer_name: kuma-cp network_mode: host #user: root#command: ["run"]

生成Token

docker run -v `pwd`/tokens:/tokens --net=host kumahq/kumactl:1.4.1 kumactl generate dataplane-token --name=redis >./tokens/kuma-token-redisdocker run -v `pwd`/tokens:/tokens --net=host kumahq/kumactl:1.4.1 kumactl generate dataplane-token --name=app >./tokens/kuma-token-app

注意，沒有使用PG作為后臺(tái)數(shù)據(jù)保存，因此每次CP重新啟動(dòng)，都可能要重新生成token

啟動(dòng)DP

docker run -v `pwd`/tokens:/tokens --net=host kumahq/kuma-dp:1.4.1 run \--cp-address=https://localhost:5678/ \--dns-enabled=false \--dataplane-token-file=/tokens/kuma-token-redis \--dataplane="type: Dataplanemesh: defaultname: redisnetworking: address: 127.0.0.1inbound: - port: 18379servicePort: 26379serviceAddress: 192.168.157.140tags: kuma.io/service: rediskuma.io/protocol: tcp"docker run -v `pwd`/tokens:/tokens --net=host kumahq/kuma-dp:1.4.1 run \--cp-address=https://localhost:5678/ \--dns-enabled=false \--dataplane-token-file=/tokens/kuma-token-app \--dataplane="type: Dataplanemesh: defaultname: appnetworking: address: 127.0.0.1outbound:- port: 6379tags:kuma.io/service: redisinbound: - port: 15000servicePort: 5000serviceAddress: 0.0.0.0tags: kuma.io/service: appkuma.io/protocol: http"

按service尋找地址，所以redis inbound的端口不關(guān)鍵，可以隨意調(diào)整

Envoy 查看

可以看到啟動(dòng)了2個(gè)envoy 進(jìn)程

[root@140 kuma]# ps -ef|grep envoy 65534 114597 114571 1 15:15 ? 00:00:08 /usr/bin/envoy --config-path /tmp/kuma-dp-3068338705/bootstrap.yaml --drain-time-s 30 --disable-hot-restart --log-level info --cpuset-threads 65534 114831 114803 2 15:17 ? 00:00:05 /usr/bin/envoy --config-path /tmp/kuma-dp-1250744453/bootstrap.yaml --drain-time-s 30 --disable-hot-restart --log-level info --cpuset-threads root 114879 111510 0 15:22 pts/3 00:00:00 grep --color=auto envoy

進(jìn)入容器查看一個(gè)Envoy配置

~ $ cat /tmp/kuma-dp-919007131/bootstrap.yaml admin:accessLogPath: /dev/nulladdress:socketAddress:address: 127.0.0.1portValue: 30002 dynamicResources:adsConfig:apiType: GRPCgrpcServices:- envoyGrpc:clusterName: ads_clusterinitialMetadata:- key: authorizationvalue: eyJhbGciOiJSUzI1NiIsImtpZCI6IjEiLCJ0eXAiOiJKV1QifQ.eyJOYW1lIjoiYXBwIiwiTWVzaCI6ImRlZmF1bHQiLCJUYWdzIjp7fSwiVHlwZSI6IiIsImV4cCI6MTk1ODM2Nzg5MCwibmJmIjoxNjQzMDA3NTkwLCJpYXQiOjE2NDMwMDc4OTAsImp0aSI6IjljYmQ3NmQwLTFhODctNDNjNC04YjRmLWY2ZmEyMTAzNDNkNiJ9.BZfaOg0LMyMYDlnCosk_wJMT9uiH_B1E2vd3bvw9662vDDdssIAKNphMIkpSAJkB2mq96__6yUNETTDzVdemtu6479SZIwS9qn1eraSKIF70M_L8xfym0b7WY2dWQvKWIV9mFKeixj4U7z69GmBeeWuNqvTE0UgCJwap8nvk5Kbnkbaq0C4l5lpVqH3OICFSBV7uAdXDeBOftw_yw1qixmHze3yTudqtR2dEFUkx9jUShHhc2Talas7QEWsOGXefF0hYY7G5Sxs1_XJ7IHZSZekj8ENs-HAqVtpen4S-C3L-rHHb0Wzbmj6kUUkb4wJmUu9wpg_AEyPkPwFdEvxTRgsetNodeOnFirstMessageOnly: truetransportApiVersion: V3cdsConfig:ads: {}resourceApiVersion: V3ldsConfig:ads: {}resourceApiVersion: V3 hdsConfig:apiType: GRPCgrpcServices:- envoyGrpc:clusterName: ads_clusterinitialMetadata:- key: authorizationvalue: eyJhbGciOiJSUzI1NiIsImtpZCI6IjEiLCJ0eXAiOiJKV1QifQ.eyJOYW1lIjoiYXBwIiwiTWVzaCI6ImRlZmF1bHQiLCJUYWdzIjp7fSwiVHlwZSI6IiIsImV4cCI6MTk1ODM2Nzg5MCwibmJmIjoxNjQzMDA3NTkwLCJpYXQiOjE2NDMwMDc4OTAsImp0aSI6IjljYmQ3NmQwLTFhODctNDNjNC04YjRmLWY2ZmEyMTAzNDNkNiJ9.BZfaOg0LMyMYDlnCosk_wJMT9uiH_B1E2vd3bvw9662vDDdssIAKNphMIkpSAJkB2mq96__6yUNETTDzVdemtu6479SZIwS9qn1eraSKIF70M_L8xfym0b7WY2dWQvKWIV9mFKeixj4U7z69GmBeeWuNqvTE0UgCJwap8nvk5Kbnkbaq0C4l5lpVqH3OICFSBV7uAdXDeBOftw_yw1qixmHze3yTudqtR2dEFUkx9jUShHhc2Talas7QEWsOGXefF0hYY7G5Sxs1_XJ7IHZSZekj8ENs-HAqVtpen4S-C3L-rHHb0Wzbmj6kUUkb4wJmUu9wpg_AEyPkPwFdEvxTRgsetNodeOnFirstMessageOnly: truetransportApiVersion: V3 layeredRuntime:layers:- name: kumastaticLayer:envoy.restart_features.use_apple_api_for_dns_lookups: falsere2.max_program_size.error_level: 4294967295re2.max_program_size.warn_level: 1000 node:cluster: appid: default.appmetadata:dataplane.admin.port: "30002"dataplane.proxyType: dataplanedataplane.resource: '{"type":"Dataplane","mesh":"default","name":"app","creationTime":"0001-01-01T00:00:00Z","modificationTime":"0001-01-01T00:00:00Z","networking":{"address":"192.168.157.140","inbound":[{"port":15000,"servicePort":5000,"serviceAddress":"192.168.157.140","tags":{"kuma.io/protocol":"http","kuma.io/service":"app"}}],"outbound":[{"port":6379,"tags":{"kuma.io/service":"redis"}}]}}'version:dependencies: {}envoy:build: bef18019d8fc33a4ed6aca3679aff2100241ac5e/1.18.4/Clean/RELEASE/BoringSSLversion: 1.18.4kumaDp:buildDate: "2021-12-15T17:24:46Z"gitCommit: 3c4abe0a99674550eaa3c3624dcf322f278633b9gitTag: 1.4.1version: 1.4.1 staticResources:clusters:- connectTimeout: 1shttp2ProtocolOptions: {}loadAssignment:clusterName: access_log_sinkendpoints:- lbEndpoints:- endpoint:address:pipe:path: /tmp/kuma-al-app-default.sockname: access_log_sinktype: STATICupstreamConnectionOptions:tcpKeepalive:keepaliveInterval: 10keepaliveProbes: 3keepaliveTime: 10- connectTimeout: 1shttp2ProtocolOptions: {}loadAssignment:clusterName: ads_clusterendpoints:- lbEndpoints:- endpoint:address:socketAddress:address: localhostportValue: 5678name: ads_clustertransportSocket:name: envoy.transport_sockets.tlstypedConfig:'@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContextcommonTlsContext:tlsParams:tlsMinimumProtocolVersion: TLSv1_2validationContextSdsSecretConfig:name: cp_validation_ctxsni: localhosttype: STRICT_DNSupstreamConnectionOptions:tcpKeepalive:keepaliveInterval: 10keepaliveProbes: 3keepaliveTime: 10secrets:- name: cp_validation_ctxvalidationContext:matchSubjectAltNames:- exact: localhosttrustedCa:inlineBytes: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoVENDQW0yZ0F3SUJBZ0lSQUpoaklva2w5MGFEWDNFUkJNaEh1Y3N3RFFZSktvWklodmNOQVFFTEJRQXcKSFRFYk1Ca0dBMVVFQXhNU2EzVnRZUzFqYjI1MGNtOXNMWEJzWVc1bE1CNFhEVEl5TURFeU5EQTNNRFF5TjFvWApEVE15TURFeU1qQTNNRFF5TjFvd0hURWJNQmtHQTFVRUF4TVNhM1Z0WVMxamIyNTBjbTlzTFhCc1lXNWxNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2L1RGL2JyOGpuczM4cjhhaHVjSkNKajUKUldEY2N0aXVURmZudXJUQTNBQ09sb1BYbmsvWG9iSXN4NC9pSTA2UTBMM0drM3hFVUcvaXZVNlVyMm9DV3VCeApHVWc3SzdvNStlWmZlc1BDakhxKzV6TjIxSGs5bVFUcE5ZY1hqT2FuTmt6NHhFVUpURVF5NWtBVjNiWXR4RTJoCi83WHB6NElGN05kUFBPSnU0ZEpHeXJyMmhjK1VmRUxweXkybjRYK1gySnE1Tjc4aE5EQzJpQmhkU1I5cWdZNVoKRTdqeHdLZGlNb3NMeldMYzVacHRiOWdxSlp1Y1J5WWpwaS9UaW10U2JGdkdQQ3oxWkhzN1ZHaWFzMHE3TWhrSQowS21FMkRuSE5RNjNycUlFMTBNNElBQVFpYUFtZlpzMCtnVHZZQWpxZVJVS3poditMSVB5Q0VxTmVCemNLd0lECkFRQUJvNEcvTUlHOE1BNEdBMVVkRHdFQi93UUVBd0lDcERBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREFUQVAKQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlRmblI5U2FHc1dhaVh2bUt1U003YlZTMUI0aXpCbApCZ05WSFJFRVhqQmNnZ2RyZFcxaExXTndnZ2xzYjJOaGJHaHZjM1NIQkg4QUFBR0hCS3dSQUFHSEJNQ29uWXlICkVBQUFBQUFBQUFBQUFBQUFBQUFBQUFHSEVQNkFBQUFBQUFBQUFnd3AvLzZlZ1NtSEVQNkFBQUFBQUFBQUFFSjEKLy81dUUra3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSTZkMUF4OHVtTVVqWk1wWGNBNG1nOTNHdTF1ck1rUwpYMEptdDh5TWNoVUFpVEQ4V1VjU1hBL21ENGhhU1hoQWtrVmVWRCtFejlQdXhjVndFWENhUHpIU1JVQkVBWHRzCk82aGczRlhZb3FqNGorTVVKSDl0MGhXSWJCRy9HZTVuNVRtMXFnMEo1VGg0K21UUDJ4N0VBTzVJS0VtZVByaUMKaFpiM3RlZHZIemVvYmNXK1FuaWFLQkcycG0yS0ZyTW5hMzR3VU5ZaFZRTm1ZNklEdXVSeEZER3RXLzFrbkNadApUMExpUE92YUsxUkdLSVMybjFKcmRjbG85cDNXbC9XYTIwTXhmSU5tVUxSTXY1UWFsQ3N5eHNwUnFpckkwOHp3CmJvU0twRGw2cmJHa3o2c3R5Q2czYmJ5WTVjL3VjemJ5Y3FCdTVycU5za3EzVFhoMFlVNXpBQ1k9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K statsConfig:statsTags:- regex: ^grpc\.((.+)\.)tagName: name- regex: ^grpc.*streams_closed(_([0-9]+))tagName: status- regex: ^kafka(\.(\S*[0-9]))\.tagName: kafka_name- regex: ^kafka\..*\.(.*)tagName: kafka_type- regex: (worker_([0-9]+)\.)tagName: worker- regex: ((.+?)\.)rbac\.tagName: listener

可以看到用到了生成的token及service等信息。

Kumactl

可以使用kumactl 查看相關(guān)信息

[root@140 kuma]# docker run --net=host kumahq/kumactl:1.4.1 kumactl get dataplanes MESH NAME TAGS ADDRESS AGE default app kuma.io/protocol=http kuma.io/service=app 192.168.157.140 21m default redis kuma.io/protocol=tcp kuma.io/service=redis 192.168.157.140 23m

但感覺不如直接使用GUI全面

總結(jié)

以上是生活随笔為你收集整理的Kuma初步学习笔记-universal 模式的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。