查看需要的镜像
发现有gcr.io的镜像,国内是下载不了的,因此使用代理下载,然后重新打tag
# 下载镜像
crictl pull gcr.dockerproxy.com/spiffe-io/spire-server:1.5.6
crictl pull gcr.dockerproxy.com/spiffe-io/k8s-workload-registrar:1.5.6
crictl pull gcr.dockerproxy.com/spiffe-io/spire-agent:1.5.6
# 重新打tag
ctr -n k8s.io i tag gcr.dockerproxy.com/spiffe-io/spire-server:1.5.6 gcr.io/spiffe-io/spire-server:1.5.6
ctr -n k8s.io i tag gcr.dockerproxy.com/spiffe-io/k8s-workload-registrar:1.5.6 gcr.io/spiffe-io/k8s-workload-registrar:1.5.6
ctr -n k8s.io i tag gcr.dockerproxy.com/spiffe-io/spire-agent:1.5.6 gcr.io/spiffe-io/spire-agent:1.5.6
部署nginx service mesh
nginx-meshctl deploy --mtls-mode strict --persistent-storage off
查看结果
# --persistent-storage off 参数为关闭使用storageClass存储
[root@master ~]# nginx-meshctl deploy --mtls-mode strict --persistent-storage off
Warning: Deploying without persistent storage, not suitable for production environments.
For production environments ensure a default StorageClass is set.
Deploying NGINX Service Mesh...
All resources created. Testing the connection to the Service Mesh control plane...
Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running.
也可以不指定参数直接部署
[root@master ~]# nginx-meshctl deploy
Deploying NGINX Service Mesh...
All resources created. Testing the connection to the Service Mesh control plane...
Connected to the NGINX Service Mesh API successfully.
NGINX Service Mesh is running.
