我的书签
添加书签
移除书签Installation
To install Maesh, the installation method is quite simple:
helm repo add maesh https://containous.github.io/maesh/chartshelm repo update
Install Maesh Helm Chart:
helm install maesh maesh/maesh
Install from source
Supported Installations
Please be aware that the supported installation method is via Helm, using official releases. If you want to build/install/run Maesh from source, we may not be able to provide support. Installing from source is intended for development/contributing.
To build the image locally, run:
make
You will then be able to use the tagged image as your image in your values.yaml file.
Deploy Helm Chart
To deploy the Helm Chart, run:
helm install maesh helm/chart/maesh --set image.pullPolicy=IfNotPresent --set image.tag=latest
KubeDNS support
Maesh supports KubeDNS:
helm install maesh maesh/maesh --set kubedns=true
With the kubedns parameter Maesh will install CoreDNS and patch KubeDNS to use it as a stubDomain.
Custom cluster domain
If you use a cluster domain other than cluster.local set it by using the clusterDomain parameter:
helm install maesh maesh/maesh --set clusterDomain=my.custom.domain.com
Access Control List
By default, Maesh does not restrict traffic between pods and services. However, some scenarios require more control over the rules for internal communication. The Access Control List mode (ACL) requires a set of rules to explicitly allow traffic between different resources.
To enable ACL, install Maesh in ACL mode by setting the acl Helm Chart option to true.
helm install maesh --namespace=maesh maesh/maesh --set acl=true
Maesh supports the SMI specification which defines a set of custom resources to provide a fine-grained control over instrumentation, routing and access control of east-west communications.
CRDs
Helm v3 will install automatically the CRDs in the /crds directory. If you are (re)installing into a cluster with the CRDs already present, Helm may print a warning. If you do not want to install them, or want to avoid the warning, use the new --skip-crds flag. More information can be found in the Helm documentation.
Platform recommendations
Maesh works on Kubernetes environments that conforms to the global Kubernetes specification. That being said, we have had users encounter issues when using variants such as minikube, microk8s, and other development distributions.
Maesh runs without issue on most public clouds (AWS, GKE, Azure, DigitalOcean, and more). If you want to run Maesh in development, we would recommend using k3s, as it is fully conformant. We use k3s in Maesh’s integration tests, so you can be sure that it works properly.
If you encounter issues on variants such as minikube or microk8s, please try and reproduce the issue on k3s. If you are unable to reproduce, it may be an issue with the distribution behaving differently than official Kubernetes.
Verify your installation
You can check that Maesh has been installed properly by running the following command:
Command
kubectl get all -n maesh
Expected Output
NAME READY STATUS RESTARTS AGEpod/maesh-controller-676fb86b89-pj8ph 1/1 Running 0 11spod/maesh-mesh-w62z5 1/1 Running 0 11spod/maesh-mesh-zjlpf 1/1 Running 0 11sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/maesh-mesh-api ClusterIP 100.69.177.254 <none> 8080/TCP 29sNAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGEdaemonset.apps/maesh-mesh 2 2 0 2 0 <none> 29sNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdeployment.apps/maesh-controller 1 1 1 0 28sNAME DESIRED CURRENT READY AGEreplicaset.apps/maesh-controller-676fb86b89 1 1 0 28s
Usage
To use Maesh, instead of referencing services via their normal <servicename>.<namespace>, instead use <servicename>.<namespace>.maesh. This will access the Maesh service mesh, and will allow you to route requests through Maesh.
By default, Maesh is opt-in, meaning you have to use the Maesh service names to access the mesh, so you can have some services running through the mesh, and some services not.
