在 Azure Kubernetes 服务 (AKS) 中安装并使用 ConsulInstall and use Consul in Azure Kubernetes Service (AKS)

Consul 是跨 Kubernetes 群集中的微服务提供关键功能集的开源服务网格。Consul is an open-source service mesh that provides a key set of functionality across the microservices in a Kubernetes cluster. 这些功能包括服务发现、运行状况检查、服务分段和可观察性。These features include service discovery, health checking, service segmentation, and observability. 有关 Consul 的详细信息,请参阅官方文档什么是 Consul?For more information about Consul, see the official What is Consul? documentation.

本文介绍如何安装 Consul。This article shows you how to install Consul. Consul 组件安装在 AKS 上的 Kubernetes 群集中。The Consul components are installed into a Kubernetes cluster on AKS.

备注

这些说明引用 Consul 版本 1.6.0,并至少使用 Helm 版本 2.14.2These instructions reference Consul version 1.6.0, and use at least Helm version 2.14.2.

可针对 Kubernetes 版本 1.13+ 运行 Consul 1.6.x 版本。The Consul 1.6.x releases can be run against Kubernetes versions 1.13+. 可以在 GitHub - Consul 版本中找到其他 Consul 版本,并可以在 Consul - 发行说明中找到有关每个版本的信息。You can find additional Consul versions at GitHub - Consul Releases and information about each of the releases at Consul- Release Notes.

在本文中,学习如何:In this article, you learn how to:

  • 在 AKS 上安装 Consul 组件Install the Consul components on AKS
  • 验证 Consul 安装Validate the Consul installation
  • 从 AKS 中卸载 ConsulUninstall Consul from AKS

准备阶段Before you begin

本文中详述的步骤假设已创建 AKS 群集(已启用 RBAC 的 Kubernetes 1.13 及更高版本)并已与该群集建立 kubectl 连接。The steps detailed in this article assume that you've created an AKS cluster (Kubernetes 1.13 and above, with RBAC enabled) and have established a kubectl connection with the cluster. 如果需要帮助完成这些项目,请参阅 AKS 快速入门If you need help with any of these items, then see the AKS quickstart. 确保群集在 Linux 节点池中至少有 3 个节点。Ensure that your cluster has at least 3 nodes in the Linux node pool.

需要使用 Helm 按照这些说明安装 Consul。You'll need Helm to follow these instructions and install Consul. 建议在群集中正确安装和配置最新的稳定版本。It's recommended that you have the latest stable version correctly installed and configured in your cluster. 安装 Helm 时如需帮助,请参阅 AKS Helm 安装指南If you need help with installing Helm, then see the AKS Helm installation guidance. 所有 Consul Pod 也必须按计划在 Linux 节点上运行。All Consul pods must also be scheduled to run on Linux nodes.

本文将 Consul 安装指南分为多个独立步骤。This article separates the Consul installation guidance into several discrete steps. 最终结果的结构与官方 Consul 安装指南相同。The end result is the same in structure as the official Consul installation guidance.

在 AKS 上安装 Consul 组件Install the Consul components on AKS

首先,下载 Consul Helm 图表的 v0.10.0 版本。We'll start by downloading version v0.10.0 of the Consul Helm chart. 此版本的图表包括 Consul 版本 1.6.0This version of the chart includes Consul version 1.6.0.

在 Linux 或适用于 Linux 的 Windows 子系统或 MacOS 上的基于 bash 的 shell 中,使用 curl 下载 Consul Helm 图表版本,如下所示:In a bash-based shell on Linux, Windows Subsystem for Linux or MacOS, use curl to download the Consul Helm chart release as follows:

# Specify the Consul Helm chart version that will be leveraged throughout these instructions
CONSUL_HELM_VERSION=0.10.0

curl -sL "https://github.com/hashicorp/consul-helm/archive/v$CONSUL_HELM_VERSION.tar.gz" | tar xz
mv consul-helm-$CONSUL_HELM_VERSION consul-helm

在 Linux 或适用于 Linux 的 Windows 子系统或 MacOS 上的基于 bash 的 shell 中,使用 curl 下载 Consul Helm 图表版本,如下所示:In a bash-based shell on Linux, Windows Subsystem for Linux or MacOS, use curl to download the Consul Helm chart release as follows:

# Specify the Consul Helm chart version that will be leveraged throughout these instructions
CONSUL_HELM_VERSION=0.10.0

curl -sL "https://github.com/hashicorp/consul-helm/archive/v$CONSUL_HELM_VERSION.tar.gz" | tar xz
mv consul-helm-$CONSUL_HELM_VERSION consul-helm

在 Windows 上基于 PowerShell 的 shell 中,使用 Invoke-WebRequest 下载 Consul Helm 图表版本,然后使用 Expand-Archive 进行解压缩,如下所示:In a PowerShell-based shell on Windows, use Invoke-WebRequest to download the Consul Helm chart release and then extract with Expand-Archive as follows:

# Specify the Consul Helm chart version that will be leveraged throughout these instructions
$CONSUL_HELM_VERSION="0.10.0"

# Enforce TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = "tls12"
$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -URI "https://github.com/hashicorp/consul-helm/archive/v$CONSUL_HELM_VERSION.zip" -OutFile "consul-helm-$CONSUL_HELM_VERSION.zip"
Expand-Archive -Path "consul-helm-$CONSUL_HELM_VERSION.zip" -DestinationPath .
Move-Item -Path consul-helm-$CONSUL_HELM_VERSION -Destination consul-helm

使用 Helm 和下载的 consul-helm 图表将 Consul 组件安装到 AKS 群集的 consul 命名空间中。Use Helm and the downloaded consul-helm chart to install the Consul components into the consul namespace in your AKS cluster.

备注

安装选项Installation options

我们将在安装过程中使用以下选项:We are using the following options as part of our installation:

  • connectInject.enabled=true - 启用要注入到 pod 中的代理connectInject.enabled=true - enable proxies to be injected into pods
  • client.enabled=true - 允许 Consul 客户端在每个节点上运行client.enabled=true - enable Consul clients to run on every node
  • client.grpc=true - 为 connectInject 启用 gRPC 侦听器client.grpc=true - enable gRPC listener for connectInject
  • syncCatalog.enabled=true - 同步 Kubernetes 和 Consul 服务syncCatalog.enabled=true - sync Kubernetes and Consul services

节点选择器Node selectors

Consul 目前必须安排在 Linux 节点上运行。Consul currently must be scheduled to run on Linux nodes. 如果群集中有 Windows Server 节点,则必须确保 Consul Pod 仅安排在 Linux 节点上运行。If you have Windows Server nodes in your cluster, you must ensure that the Consul pods are only scheduled to run on Linux nodes. 我们将使用节点选择器来确保将 Pod 安排到正确的节点。We'll use node selectors to make sure pods are scheduled to the correct nodes.

helm install -f consul-helm/values.yaml --name consul --namespace consul ./consul-helm \
  --set connectInject.enabled=true --set connectInject.nodeSelector="beta.kubernetes.io/os: linux" \
  --set client.enabled=true --set client.grpc=true --set client.nodeSelector="beta.kubernetes.io/os: linux" \
  --set server.nodeSelector="beta.kubernetes.io/os: linux" \
  --set syncCatalog.enabled=true --set syncCatalog.nodeSelector="beta.kubernetes.io/os: linux"
helm install -f consul-helm/values.yaml --name consul --namespace consul ./consul-helm \
  --set connectInject.enabled=true --set connectInject.nodeSelector="beta.kubernetes.io/os: linux" \
  --set client.enabled=true --set client.grpc=true --set client.nodeSelector="beta.kubernetes.io/os: linux" \
  --set server.nodeSelector="beta.kubernetes.io/os: linux" \
  --set syncCatalog.enabled=true --set syncCatalog.nodeSelector="beta.kubernetes.io/os: linux"
helm install -f consul-helm/values.yaml --name consul --namespace consul ./consul-helm `
  --set connectInject.enabled=true --set connectInject.nodeSelector="beta.kubernetes.io/os: linux" `
  --set client.enabled=true --set client.grpc=true --set client.nodeSelector="beta.kubernetes.io/os: linux" `
  --set server.nodeSelector="beta.kubernetes.io/os: linux" `
  --set syncCatalog.enabled=true --set syncCatalog.nodeSelector="beta.kubernetes.io/os: linux"

Consul Helm 图表将部署许多对象。The Consul Helm chart deploys a number of objects. 上述 helm install 命令的输出会显示对象列表。You can see the list from the output of your helm install command above. 部署 Consul 组件可能需要大约 3 分钟才能完成,具体取决于群集环境。The deployment of the Consul components can take around 3 minutes to complete, depending on your cluster environment.

此时,已将 Consul 部署到 AKS 群集。At this point, you've deployed Consul to your AKS cluster. 为确保成功部署 Consul,让我们转到下一部分来验证 Consul 安装。To ensure that we have a successful deployment of Consul, let's move on to the next section to validate the Consul installation.

验证 Consul 安装Validate the Consul installation

确认已成功创建资源。Confirm that the resources have been successfully created. 使用 kubectl get svckubectl get pod 命令查询 consul 命名空间,在该命名空间中已通过 helm install 命令安装了 Consul 组件:Use the kubectl get svc and kubectl get pod commands to query the consul namespace, where the Consul components were installed by the helm install command:

kubectl get svc --namespace consul --output wide
kubectl get pod --namespace consul --output wide

以下示例输出显示了现在应该正在运行的服务和 Pod(安排在 Linux 节点上):The following example output shows the services and pods (scheduled on Linux nodes) that should now be running:

NAME                                 TYPE           CLUSTER-IP    EXTERNAL-IP             PORT(S)                                                                   AGE     SELECTOR
consul                               ExternalName   <none>        consul.service.consul   <none>                                                                    38s     <none>
consul-consul-connect-injector-svc   ClusterIP      10.0.98.102   <none>                  443/TCP                                                                   3m26s   app=consul,component=connect-injector,release=consul
consul-consul-dns                    ClusterIP      10.0.46.194   <none>                  53/TCP,53/UDP                                                             3m26s   app=consul,hasDNS=true,release=consul
consul-consul-server                 ClusterIP      None          <none>                  8500/TCP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP,8600/TCP,8600/UDP   3m26s   app=consul,component=server,release=consul
consul-consul-ui                     ClusterIP      10.0.50.188   <none>                  80/TCP                                                                    3m26s   app=consul,component=server,release=consul

NAME                                                              READY   STATUS    RESTARTS   AGE    IP            NODE                            NOMINATED NODE   READINESS GATES
consul-consul-connect-injector-webhook-deployment-99f74fdbcr5zj   1/1     Running   0          3m9s   10.240.0.68   aks-linux-92468653-vmss000002   <none>           <none>
consul-consul-jbksc                                               1/1     Running   0          3m9s   10.240.0.44   aks-linux-92468653-vmss000001   <none>           <none>
consul-consul-jkwtq                                               1/1     Running   0          3m9s   10.240.0.70   aks-linux-92468653-vmss000002   <none>           <none>
consul-consul-server-0                                            1/1     Running   0          3m9s   10.240.0.91   aks-linux-92468653-vmss000002   <none>           <none>
consul-consul-server-1                                            1/1     Running   0          3m9s   10.240.0.38   aks-linux-92468653-vmss000001   <none>           <none>
consul-consul-server-2                                            1/1     Running   0          3m9s   10.240.0.10   aks-linux-92468653-vmss000000   <none>           <none>
consul-consul-sync-catalog-d846b79c-8ssr8                         1/1     Running   2          3m9s   10.240.0.94   aks-linux-92468653-vmss000002   <none>           <none>
consul-consul-tz2t5                                               1/1     Running   0          3m9s   10.240.0.12   aks-linux-92468653-vmss000000   <none>           <none>

所有 pod 应显示 Running 状态。All of the pods should show a status of Running. 如果 Pod 没有这些状态,请在运行之前等待一两分钟。If your pods don't have these statuses, wait a minute or two until they do. 如果任何 Pod 报告问题,请使用 kubectl describe pod 命令查看其输出和状态。If any pods report an issue, use the kubectl describe pod command to review their output and status.

访问 Consul UIAccessing the Consul UI

Consul UI 在上述安装过程中已进行了安装,它为 Consul 提供基于 UI 的配置。The Consul UI was installed in our setup above and provides UI based configuration for Consul. Consul 的 UI 不会通过外部 IP 地址公开。The UI for Consul is not exposed publicly via an external ip address. 若要访问 Consul 用户界面,请使用 kubectl port-forward 命令。To access the Consul user interface, use the kubectl port-forward command. 此命令在客户端计算机与 AKS 群集中相关 Pod 之间建立安全连接。This command creates a secure connection between your client machine and the relevant pod in your AKS cluster.

kubectl port-forward -n consul svc/consul-consul-ui 8080:80

现在可以打开一个浏览器并指向 http://localhost:8080/ui,以打开 Consul UI。You can now open a browser and point it to http://localhost:8080/ui to open the Consul UI. 打开 UI 时,应会看到以下内容:You should see the following when you open the UI:

Consul UI

从 AKS 中卸载 ConsulUninstall Consul from AKS

警告

从正在运行的系统中删除 Consul 可能会导致服务之间出现流量相关的问题。Deleting Consul from a running system may result in traffic related issues between your services. 在继续之前,请确保对系统进行预配,以便在没有 Consul 的情况下系统仍可正常运行。Ensure that you have made provisions for your system to still operate correctly without Consul before proceeding.

删除 Consul 组件和命名空间Remove Consul components and namespace

若要从 AKS 群集中删除 Consul,请使用以下命令。To remove Consul from your AKS cluster, use the following commands. helm delete 命令将删除 consul 图表,kubectl delete namespace 命令将删除 consul 命名空间。The helm delete commands will remove the consul chart, and the kubectl delete namespace command will remove the consul namespace.

helm delete --purge consul
kubectl delete namespace consul

后续步骤Next steps

若要了解 Consul 的更多安装和配置选项,请参阅以下官方 Consul 文章:To explore more installation and configuration options for Consul, see the following official Consul articles:

也可以使用以下示例应用程序按照其他方案操作:You can also follow additional scenarios using: