apisix生产部署

1. apisix 架构图

• apisix-gateway. 网关入口，接入外部流量
• apisix-dashboard. 管理api接口
• etcd. apisix后端存储
• apisix-ingress. 类似于k8s ingress，不同的是，实际的流量承载还是在apisix-gateway

2.核心组件部署

2.1 etcd部署(无证书版)

当前部署版本

etcd Version: 3.5.10
Git SHA: 0223ca52b
Go Version: go1.20.10
Go OS/Arch: linux/amd64

由于使用带证书版，apisix本身兼容性有些问题，暂时使用无证书版本,部署采用ansible脚本部署,先下载 deployetcd.zip

# 在有ansible节点上执行
mkdir -p /data/deployetcd && mv deployetcd.zip /data/deployetcd
cd /data/deployetcd && unzip deployetcd.zip && rm -f deployetcd.zip
# 修改hosts里面关于etcd节点ip的配置
ansible-playbook -i hosts-lg playbooks/etcd-nocert.yml

host-lg 代表对应etcd集群的配置文件，一定要填写正确

#etcd其他命令

# 清理etcd集群
ansible-playbook -i hosts-lg playbooks/etcd-clean.yml
# 添加etcd节点
./ezetcd add-etcd hosts-lg $ip
# 删除etcd节点
./ezetcd del-etcd hosts-lg $ip

# 备份etcd集群 (已经在控制节点添加了crontab 任务)
./ezetcd backup hosts-lg
# 备份恢复
./ezetcd restore hosts-lg

2.2 apisix-gateway apisix-ingress apisix-dashboard部署 先下载 apisix-1.11.0.zip

• 1.下载apisix-helm包

  mkdir /data/apisix && mv apisix-1.11.0.zip  /data/apisix/
  unzip  apisix-1.11.0.zip && rm -f mv apisix-1.11.0.zip 

• 2.修改values-add.yaml

  apisix:
    enabled: true
    image:
      repository: registry.jlpay.io/posp-prod/apisix-plugs-feature/1035072
      pullPolicy: IfNotPresent
      tag: 276782-c417d7c2
    kind: Deployment
    replicaCount: 3
  
    podAnnotations: 
      
  
    hostNetwork: true
  
    nodeSelector: {}
  
    timezone: "Asia/Shanghai"
  
  # 和开发相关
    enableCustomizedConfig: false
    customizedConfig: {}
  
  
  
  
  
  
  
  admin:
  
    credentials:
      admin: edd1c9f034335f136f87ad84b625c8f1
      viewer: 4054f7cf07e344346cd3f287985e76a2
  
  
  nginx:
    workerRlimitNofile: "20480"
    workerConnections: "10620"
    workerProcesses: auto
    enableCPUAffinity: true
  
    meta: |
      lua_shared_dict:
        prometheus-metrics: 15m
  # 和开发相关
  plugins: []
  # 和开发相关
  pluginAttrs: {}
  # 和开发相关
  extPlugin:
    enabled: false
    cmd: ["/path/to/apisix-plugin-runner/runner", "run"]
  
  
  # 和开发相关
  customPlugins:
    enabled: false
    luaPath: "/opts/custom_plugins/?.lua"
    plugins:
      - name: "plugin-name"
        attrs: {}
        configMap:
          name: "configmap-name"
          mounts:
            - key: "the-file-name"
              path: "mount-path"
  
  
  
  
  extraInitContainers:
    - name: init-sysctl
      image: registry.jlpay.io/middleware/busybox:1.28
  
  
  
  
  
  
  initContainer:
    image: registry.jlpay.io/middleware/busybox
    tag: 1.28
  
  
  
  # etcd相关配置
  etcd:
  # 不启用k8s部署etcd集群
    enabled: false
    host:
      - http://172.20.20.39:2379
      - http://172.20.20.37:2379
      - http://172.20.20.38:2379
  
    prefix: "/apisix"
  
  
    service:
      port: 2379
  
  
  
  dashboard:
    image:
      repository: "registry.jlpay.io/middleware/apisix-dashboard"
    enabled: true
    config:
      conf:
        etcd:
          endpoints:
            - http://172.20.20.39:2379
            - http://172.20.20.37:2379
            - http://172.20.20.38:2379
  
          prefix: "/apisix"     
    service:
      type: NodePort
  
            
  
  # ingress-controller相关
  ingress-controller:
    initContainer:
      image: registry.jlpay.io/middleware/busybox
    image:
      repository: registry.jlpay.io/middleware/apisix-ingress-controller
      pullPolicy: IfNotPresent
      tag: "1.8.0"
    enabled: true
    config:
      apisix:
        adminAPIVersion: "v3"
    config:
      kubernetes:
        ingressVersion: "networking/v1beta1"
      apisix:
      #和apisix部署的命名空间对应
        serviceNamespace: apisix
        servicePort: 9180
        adminKey: "edd1c9f034335f136f87ad84b625c8f1"

• 3. 部署

     helm create ns apisix
     helm install  -n apisix apisix -f values-add.yaml .

3.可观测性对接

3.1 对接prometheus

3.2 对接opentelemetry

3.3 对接es日志

4.需要确定的点