在 K8s 中使用云原生API网关 Higress

在标准 K8s 集群中使用

在Docker中启动

Higress 只需 Docker 即可启动，方便个人开发者在本地搭建学习，或者用于搭建简易站点:

1
2
3
4
5
6


# 创建一个工作目录
mkdir higress; cd higress
# 启动 higress，配置文件会写到工作目录下
docker run -d --rm --name higress-ai -v ${PWD}:/data \
        -p 8001:8001 -p 8080:8080 -p 8443:8443  \
                higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/all-in-one:latest

监听端口说明如下：

8001 端口：Higress UI 控制台入口
8080 端口：网关 HTTP 协议入口
8443 端口：网关 HTTPS 协议入口

Higress 的所有 Docker 镜像都一直使用自己独享的仓库，不受 Docker Hub 境内不可访问的影响

使用helm在k8s中部署

添加helm安装源

1
2
3
4
5
6
7
8


➜  ~ helm repo add higress.cn https://higress.cn/helm-charts
"higress.cn" has been added to your repositories

➜  ~ helm repo list
NAME            URL
higress.io      https://higress.io/helm-charts
higress.cn      https://higress.cn/helm-charts

安装 Higress

本地安装开关: --set global.local=true

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22


➜  ~ helm install higress -n higress-system higress.io/higress --create-namespace --render-subchart-notes --set global.local=true --set global.o11y.enabled=false
NAME: higress
LAST DEPLOYED: Wed Sep 18 19:57:46 2024
NAMESPACE: higress-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Higress successfully installed!

To learn more about the release, try:
  $ helm status higress -n higress-system
  $ helm get all higress -n higress-system

Use the following command to access the console:
  hgctl dashboard console

Because you choose to create an Ingress resource for Higress Console, you can use the following URL to access it as well:
  http://console.higress.io/
And since Higress Console is running in local mode, you may need to add the following line into your hosts file before accessing it:
  127.0.0.1 console.higress.io

安装完成后，通过本地的 80 和 443 端口即可访问本地集群内的 Higress Gateway。

注：如果您使用的是本地现存的 K8s 集群，那么可能需要先执行下方命令将 K8s 集群内的端口映射出来，然后再尝试访问本地端口。

1
2
3
4
5
6


➜  ~ sudo kubectl port-forward service/higress-gateway -n higress-system 80:80 443:443
Password:
Forwarding from 127.0.0.1:80 -> 80
Forwarding from [::1]:80 -> 80
Forwarding from 127.0.0.1:443 -> 443
Forwarding from [::1]:443 -> 443

注： 80，443 端口需要主账号权限启动，否则会失败

查看安装状态

1
2
3
4


➜  ~ helm ls -A
NAME    NAMESPACE       REVISION        UPDATED                                 STATUS          CHART           APP VERSION
higress higress-system  1               2024-09-18 19:57:46.950036 +0800 CST    deployed        higress-2.0.0   2.0.0

k8s安装状态信息

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25


➜  ~ kubectl get pods,rc,svc,deployment,ns -n higress-system
NAME                                      READY   STATUS              RESTARTS   AGE
pod/higress-console-5999f44b4c-ft8j7      0/1     ContainerCreating   0          60s
pod/higress-controller-588945479f-gcrw2   0/2     ContainerCreating   0          60s
pod/higress-gateway-847ccc4666-szmzl      0/1     ContainerCreating   0          60s

NAME                         TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)                                                             AGE
service/higress-controller   ClusterIP      10.43.217.49   <none>        8888/TCP,8889/TCP,15051/TCP,15010/TCP,15012/TCP,443/TCP,15014/TCP   62s
service/higress-console      ClusterIP      10.43.138.8    <none>        8080/TCP                                                            62s
service/higress-gateway      LoadBalancer   10.43.203.95   <pending>     80:31110/TCP,443:32662/TCP                                          62s

NAME                                 READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/higress-console      0/1     1            0           61s
deployment.apps/higress-gateway      0/1     1            0           61s
deployment.apps/higress-controller   0/1     1            0           61s

NAME                              STATUS   AGE
namespace/kube-system             Active   135d
namespace/kube-public             Active   135d
namespace/kube-node-lease         Active   135d
namespace/default                 Active   135d
namespace/bitnami-ingress-nginx   Active   111d
namespace/shortcode-ns            Active   111d
namespace/higress-system          Active   63s

可以看到service/higress-gateway的端口并没有映射到本地端口上，所以这里在浏览器访问是无效的。

这是因为当前本地k8s是运行在colima中的，如下：

1
2
3
4


➜  ~ kubectl get nodes -o wide
NAME               STATUS   ROLES                  AGE    VERSION        INTERNAL-IP   EXTERNAL-IP   OS-IMAGE       KERNEL-VERSION     CONTAINER-RUNTIME
colima-helm-test   Ready    control-plane,master   135d   v1.28.3+k3s2   192.168.5.3   <none>        Ubuntu 23.10   6.5.0-15-generic   docker://24.0.9

怎么解决这个问题，可以尝试下面方法

更新 Higress 的部署参，比如将service.type由LoadBalancer改为ClusterIP

1
2
3
4
5
6
7
8
9


➜  ~ helm upgrade higress -n higress-system --set higress-core.gateway.service.type=ClusterIP higress.io/higress --reuse-values
Release "higress" has been upgraded. Happy Helming!
NAME: higress
LAST DEPLOYED: Wed Sep 18 21:40:23 2024
NAMESPACE: higress-system
STATUS: deployed
REVISION: 2
TEST SUITE: None

在线修改service配置

1

kubectl -n higress-system edit service higress-gateway

helm拉取到本地安装

1
2
3
4


helm pull higress.io/higress-local

# 解压
tar -zxf higress-local-0.6.1.tgz

部署了一个名为 foo 的服务

创建一个对应 http://foo.bar.com/foo 的路由指向该服务。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23


kind: Pod
apiVersion: v1
metadata:
  name: foo-app
  labels:
    app: foo
spec:
  containers:
  - name: foo-app
    image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/http-echo:0.2.4-alpine
    args:
    - "-text=foo"
---
kind: Service
apiVersion: v1
metadata:
  name: foo-service
spec:
  selector:
    app: foo
  ports:
  # Default port used by the image
  - port: 5678

运行

1

kubectl apply -f foo.yaml

启动成功后，hosts配置foo.bar.com 路由，然后就可以访问服务

删除higress

1

> helm delete higress -n higress-system