-
Notifications
You must be signed in to change notification settings - Fork 341
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(zh): translate Install docs into Chinese (#3403)
* translate Install docs into Chinese Signed-off-by: Wilson Wu <iwilsonwu@gmail.com> * Apply suggestions from code review Co-authored-by: sh2 <shawnhxh@outlook.com> Signed-off-by: Wilson Wu <iwilsonwu@gmail.com> * Fix the en link Signed-off-by: Wilson Wu <iwilsonwu@gmail.com> * Apply suggestions Signed-off-by: Wilson Wu <iwilsonwu@gmail.com> --------- Signed-off-by: Wilson Wu <iwilsonwu@gmail.com> Co-authored-by: sh2 <shawnhxh@outlook.com>
- Loading branch information
Showing
5 changed files
with
390 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
+++ | ||
title = "gateway-helm" | ||
+++ | ||
|
||
|
||
![Version: v0.0.0-latest](https://img.shields.io/badge/Version-v0.0.0--latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) | ||
|
||
The Helm chart for Envoy Gateway | ||
|
||
**Homepage:** <https://gateway.envoyproxy.io/> | ||
|
||
## Maintainers | ||
|
||
| Name | Email | Url | | ||
| ---- | ------ | --- | | ||
| envoy-gateway-steering-committee | | <https://github.com/envoyproxy/gateway/blob/main/GOVERNANCE.md> | | ||
| envoy-gateway-maintainers | | <https://github.com/envoyproxy/gateway/blob/main/CODEOWNERS> | | ||
|
||
## Source Code | ||
|
||
* <https://github.com/envoyproxy/gateway> | ||
|
||
## Values | ||
|
||
| Key | Type | Default | Description | | ||
|-----|------|---------|-------------| | ||
| certgen.job.annotations | object | `{}` | | | ||
| certgen.job.resources | object | `{}` | | | ||
| certgen.job.ttlSecondsAfterFinished | int | `30` | | | ||
| certgen.rbac.annotations | object | `{}` | | | ||
| certgen.rbac.labels | object | `{}` | | | ||
| config.envoyGateway.gateway.controllerName | string | `"gateway.envoyproxy.io/gatewayclass-controller"` | | | ||
| config.envoyGateway.logging.level.default | string | `"info"` | | | ||
| config.envoyGateway.provider.type | string | `"Kubernetes"` | | | ||
| createNamespace | bool | `false` | | | ||
| deployment.envoyGateway.image.repository | string | `"docker.io/envoyproxy/gateway"` | | | ||
| deployment.envoyGateway.image.tag | string | `"latest"` | | | ||
| deployment.envoyGateway.imagePullPolicy | string | `"IfNotPresent"` | | | ||
| deployment.envoyGateway.imagePullSecrets | list | `[]` | | | ||
| deployment.envoyGateway.resources.limits.cpu | string | `"500m"` | | | ||
| deployment.envoyGateway.resources.limits.memory | string | `"1024Mi"` | | | ||
| deployment.envoyGateway.resources.requests.cpu | string | `"100m"` | | | ||
| deployment.envoyGateway.resources.requests.memory | string | `"256Mi"` | | | ||
| deployment.pod.affinity | object | `{}` | | | ||
| deployment.pod.annotations."prometheus.io/port" | string | `"19001"` | | | ||
| deployment.pod.annotations."prometheus.io/scrape" | string | `"true"` | | | ||
| deployment.pod.labels | object | `{}` | | | ||
| deployment.ports[0].name | string | `"grpc"` | | | ||
| deployment.ports[0].port | int | `18000` | | | ||
| deployment.ports[0].targetPort | int | `18000` | | | ||
| deployment.ports[1].name | string | `"ratelimit"` | | | ||
| deployment.ports[1].port | int | `18001` | | | ||
| deployment.ports[1].targetPort | int | `18001` | | | ||
| deployment.ports[2].name | string | `"metrics"` | | | ||
| deployment.ports[2].port | int | `19001` | | | ||
| deployment.ports[2].targetPort | int | `19001` | | | ||
| deployment.replicas | int | `1` | | | ||
| kubernetesClusterDomain | string | `"cluster.local"` | | | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,149 @@ | ||
--- | ||
title: 使用自定义证书的控制平面身份验证 | ||
weight: -70 | ||
--- | ||
|
||
Envoy Gateway 为 Envoy Gateway Pod 和 Envoy 代理队列之间的控制平面通信建立了安全的 TLS 连接。 | ||
此处使用的 TLS 证书是自签名的,并使用在创建 Envoy Gateway 之前运行的 Job 生成, | ||
并且这些证书被安装到 Envoy Gateway 和 Envoy 代理 Pod 上。 | ||
|
||
此任务将引导您完成为控制平面身份验证配置自定义证书。 | ||
|
||
## 开始之前 {#before-you-begin} | ||
|
||
我们使用 Cert-Manager 来管理证书。 | ||
您可以按照[官方指南](https://cert-manager.io/docs/installation/kubernetes/)安装它。 | ||
|
||
## 为控制平面配置自定义证书 {#configure-custom-certs-for-control-plane} | ||
|
||
1. 首先您需要设置 CA 颁发者,在此任务中,我们以 `selfsigned-issuer` 为例。 | ||
|
||
**您不应在生产中使用自签名颁发者,您应该使用真实的 CA 颁发者。** | ||
|
||
```shell | ||
cat <<EOF | kubectl apply -f - | ||
apiVersion: cert-manager.io/v1 | ||
kind: Issuer | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: envoy-gateway | ||
name: selfsigned-issuer | ||
namespace: envoy-gateway-system | ||
spec: | ||
selfSigned: {} | ||
--- | ||
apiVersion: cert-manager.io/v1 | ||
kind: Certificate | ||
metadata: | ||
name: envoy-gateway-ca | ||
namespace: envoy-gateway-system | ||
spec: | ||
isCA: true | ||
commonName: envoy-gateway | ||
secretName: envoy-gateway-ca | ||
privateKey: | ||
algorithm: RSA | ||
size: 2048 | ||
issuerRef: | ||
name: selfsigned-issuer | ||
kind: Issuer | ||
group: cert-manager.io | ||
--- | ||
apiVersion: cert-manager.io/v1 | ||
kind: Issuer | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: envoy-gateway | ||
name: eg-issuer | ||
namespace: envoy-gateway-system | ||
spec: | ||
ca: | ||
secretName: envoy-gateway-ca | ||
EOF | ||
``` | ||
2. 为 Envoy Gateway 控制器创建一个证书,该证书将存储在 `envoy-gatewy` Secret 中。 | ||
```shell | ||
cat<<EOF | kubectl apply -f - | ||
apiVersion: cert-manager.io/v1 | ||
kind: Certificate | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: envoy-gateway | ||
name: envoy-gateway | ||
namespace: envoy-gateway-system | ||
spec: | ||
commonName: envoy-gateway | ||
dnsNames: | ||
- "envoy-gateway" | ||
- "envoy-gateway.envoy-gateway-system" | ||
- "envoy-gateway.envoy-gateway-system.svc" | ||
- "envoy-gateway.envoy-gateway-system.svc.cluster.local" | ||
issuerRef: | ||
kind: Issuer | ||
name: eg-issuer | ||
usages: | ||
- "digital signature" | ||
- "data encipherment" | ||
- "key encipherment" | ||
- "content commitment" | ||
secretName: envoy-gateway | ||
EOF | ||
``` | ||
3. 为 Envoy 代理创建一个证书,该证书将存储在 `envoy` Secret 中。 | ||
```shell | ||
cat<<EOF | kubectl apply -f - | ||
apiVersion: cert-manager.io/v1 | ||
kind: Certificate | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: envoy-gateway | ||
name: envoy | ||
namespace: envoy-gateway-system | ||
spec: | ||
commonName: "*" | ||
dnsNames: | ||
- "*.envoy-gateway-system" | ||
issuerRef: | ||
kind: Issuer | ||
name: eg-issuer | ||
usages: | ||
- "digital signature" | ||
- "data encipherment" | ||
- "key encipherment" | ||
- "content commitment" | ||
secretName: envoy | ||
EOF | ||
``` | ||
4. 创建限流证书,该证书将存储在 `envoy-rate-limit` Secret 中。 | ||
```shell | ||
cat<<EOF | kubectl apply -f - | ||
apiVersion: cert-manager.io/v1 | ||
kind: Certificate | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: envoy-gateway | ||
name: envoy-rate-limit | ||
namespace: envoy-gateway-system | ||
spec: | ||
commonName: "*" | ||
dnsNames: | ||
- "*.envoy-gateway-system" | ||
issuerRef: | ||
kind: Issuer | ||
name: eg-issuer | ||
usages: | ||
- "digital signature" | ||
- "data encipherment" | ||
- "key encipherment" | ||
- "content commitment" | ||
secretName: envoy-rate-limit | ||
EOF | ||
``` | ||
5. 现在您可以按照 helm Chart [安装指南](../install-helm)使用自定义证书安装 Envoy Gateway。 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,143 @@ | ||
+++ | ||
title = "使用 Helm 安装" | ||
weight = -100 | ||
+++ | ||
|
||
[Helm](https://helm.sh) 是 Kubernetes 的包管理器,可自动在 Kubernetes 上发布和管理软件。 | ||
|
||
Envoy Gateway 可以通过 Helm Chart 经过几个简单的步骤进行安装, | ||
具体取决于您是首次部署、从现有安装升级 Envoy Gateway 还是从 Envoy Gateway 迁移。 | ||
|
||
## 开始之前 {#before-you-begin} | ||
|
||
{{% alert title="兼容性矩阵" color="warning" %}} | ||
请参阅[版本兼容性矩阵](./matrix)了解更多信息。 | ||
{{% /alert %}} | ||
|
||
Envoy Gateway Helm Chart 托管在 DockerHub 中。 | ||
|
||
它发布在 `oci://docker.io/envoyproxy/gateway-helm`。 | ||
|
||
{{% alert title="注意" color="primary" %}} | ||
我们使用 `v0.0.0-latest` 作为最新的开发版本。 | ||
|
||
您可以访问 [Envoy Gateway Helm Chart](https://hub.docker.com/r/envoyproxy/gateway-helm/tags) 了解更多版本。 | ||
{{% /alert %}} | ||
|
||
## 使用 Helm 安装 {#install-with-helm} | ||
|
||
Envoy Gateway 通常从命令行部署到 Kubernetes。如果您没有 Kubernetes,则应该使用 `kind` 来创建一个。 | ||
|
||
{{% alert title="开发者指南" color="primary" %}} | ||
请参阅[开发者指南](../../contributions/develop)了解更多信息。 | ||
{{% /alert %}} | ||
|
||
安装 Gateway API CRD 和 Envoy Gateway: | ||
|
||
```shell | ||
helm install eg oci://docker.io/envoyproxy/gateway-helm --version v0.0.0-latest -n envoy-gateway-system --create-namespace | ||
``` | ||
|
||
等待 Envoy Gateway 变为可用: | ||
|
||
```shell | ||
kubectl wait --timeout=5m -n envoy-gateway-system deployment/envoy-gateway --for=condition=Available | ||
``` | ||
|
||
安装 GatewayClass、Gateway、HTTPRoute 和示例应用程序: | ||
|
||
```shell | ||
kubectl apply -f https://github.com/envoyproxy/gateway/releases/download/latest/quickstart.yaml -n default | ||
``` | ||
|
||
**注意**:[`quickstart.yaml`] 定义 Envoy Gateway 将侦听 80 端口及其全局可路由 IP 地址的流量, | ||
以便轻松使用浏览器测试 Envoy Gateway。当 Envoy Gateway 发现其侦听器正在使用特权端口(<1024)时, | ||
它会在内部将其映射到非特权端口,以便 Envoy Gateway 不需要额外的特权。了解此映射很重要,因为您在调试时可能需要考虑它。 | ||
|
||
[`quickstart.yaml`]: https://github.com/envoyproxy/gateway/releases/download/latest/quickstart.yaml | ||
|
||
## 自定义 Helm Chart {#helm-chart-customizations} | ||
|
||
下面是使用 helm install 命令进行 Envoy Gateway 安装的一些快速方法。 | ||
|
||
### 增加副本数 {#increase-the-replicas} | ||
|
||
```shell | ||
helm install eg oci://docker.io/envoyproxy/gateway-helm --version v0.0.0-latest -n envoy-gateway-system --create-namespace --set deployment.replicas=2 | ||
``` | ||
|
||
### 更改 kubernetesClusterDomain 名称 {#change-the-kubernetesclusterdomain-name} | ||
|
||
如果您使用不同的域名安装了集群,则可以使用以下命令。 | ||
|
||
```shell | ||
helm install eg oci://docker.io/envoyproxy/gateway-helm --version v0.0.0-latest -n envoy-gateway-system --create-namespace --set kubernetesClusterDomain=<domain name> | ||
``` | ||
|
||
**注意**:以上是我们可以直接用于自定义安装的一些方法。但如果您正在寻找更复杂的更改, | ||
[values.yaml](https://helm.sh/docs/chart_template_guide/values_files/) 可以帮助您。 | ||
|
||
### 使用 values.yaml 文件进行复杂安装 {#using-values-yaml-file-for-complex-installation} | ||
|
||
```yaml | ||
deployment: | ||
envoyGateway: | ||
resources: | ||
limits: | ||
cpu: 700m | ||
memory: 128Mi | ||
requests: | ||
cpu: 10m | ||
memory: 64Mi | ||
ports: | ||
- name: grpc | ||
port: 18005 | ||
targetPort: 18000 | ||
- name: ratelimit | ||
port: 18006 | ||
targetPort: 18001 | ||
|
||
config: | ||
envoyGateway: | ||
logging: | ||
level: | ||
default: debug | ||
``` | ||
在这里,我们对 value.yaml 文件进行了三处更改。将 CPU 的资源限制增加到 `700m`, | ||
将 gRPC 的端口更改为 `18005`,将限流端口更改为 `18006`,并将日志记录级别更新为 `debug`。 | ||
|
||
您可以通过以下命令使用 value.yaml 文件安装 Envoy Gateway。 | ||
|
||
```shell | ||
helm install eg oci://docker.io/envoyproxy/gateway-helm --version v0.0.0-latest -n envoy-gateway-system --create-namespace -f values.yaml | ||
``` | ||
|
||
{{% alert title="Helm Chart Values" color="primary" %}} | ||
如果您想了解 values.yaml 文件中的所有可用字段,请参阅 [Helm Chart Values](./api)。 | ||
{{% /alert %}} | ||
|
||
## 开放端口 {#open-ports} | ||
|
||
这些是 Envoy Gateway 和托管 Envoy 代理使用的端口。 | ||
|
||
### Envoy Gateway {#envoy-gateway} | ||
|
||
| Envoy Gateway | 地址 | 端口 | 是否可配置 | | ||
|:----------------------:|:---------:|:------:| :------: | | ||
| Xds EnvoyProxy Server | 0.0.0.0 | 18000 | No | | ||
| Xds RateLimit Server | 0.0.0.0 | 18001 | No | | ||
| Admin Server | 127.0.0.1 | 19000 | Yes | | ||
| Metrics Server | 0.0.0.0 | 19001 | No | | ||
| Health Check | 127.0.0.1 | 8081 | No | | ||
|
||
### EnvoyProxy {#envoyproxy} | ||
|
||
| Envoy Proxy | 地址 | 端口 | | ||
|:---------------------------------:|:-----------:| :-----: | | ||
| Admin Server | 127.0.0.1 | 19000 | | ||
| Heath Check | 0.0.0.0 | 19001 | | ||
|
||
{{% alert title="后续步骤" color="warning" %}} | ||
Envoy Gateway 现在应该已成功安装并运行。要体验 Envoy Gateway 的更多功能,请参阅[任务](../tasks)。 | ||
{{% /alert %}} |
Oops, something went wrong.