istio小結
1、概述html
測試環境已經跑了很長時間的istio了,也更新到了最新的istio-1.1。性能相較以前提高很大,官方給出的測試數聽說是延遲下降到了8ms,可是實際測試確實訪問速度有很大的提高,可是確實仍是比直接訪問pod速度差別很明顯,sidecar的引入使數據流向變得層數更多,致使訪問性能上的一些損耗。總結下來的使用建議就是不要盲目的使用service-mesh,服務網格是解決了不少問題,但同時也帶來不少新的問題。可是istio的pilot和mixer仍是能夠用的。具體詳細的istio介紹直接參考官網:https://istio.io/docs/concepts/what-is-istio/node
2、部署linux
參考GitHub上的install,而後我這裏根據本身的使用作了一份,只是定製了一下values文件,沒有作很大的修改。nginx
https://github.com/cuishuaigit/istio-chartgit
這裏使用的是istio的自動注入,因此須要設置一下namespace的label:github
kubectl label namespace default istio-injection=enabled
首先是部署helm,如今最新版本的helm:https://github.com/helm/helm/releasesapi
wget https://storage.googleapis.com/kubernetes-helm/helm-v2.13.1-linux-amd64.tar.gz
建立serviceaccountapp
kubectl create helm-service-account.yaml
安裝tillerdom
helm init --service-account tiller
生產使用都是TLS的:curl
參考https://helm.sh/docs/using_helm/#using-ssl-between-helm-and-tiller
istio的安裝參考我github的README。
安裝完的效果:
root@k3-1:/data/appswitch# kubectl get pods -n istio-system NAME READY STATUS RESTARTS AGE grafana-5758685b-9qk5z 1/1 Running 0 4d8h istio-citadel-5f88c9b4-wwz2d 1/1 Running 0 4d8h istio-galley-689b8d98-c5pw8 1/1 Running 0 4d8h istio-ingressgateway-744855f4-x8jkl 1/1 Running 0 4d7h istio-init-crd-10-68cgn 0/1 Completed 0 4d8h istio-init-crd-11-fsb6w 0/1 Completed 0 4d8h istio-init-crd-certmanager-10-64btr 0/1 Completed 0 4d8h istio-init-crd-certmanager-11-8qzrg 0/1 Completed 0 4d8h istio-pilot-6cd56bb6cb-6t78m 2/2 Running 0 4d8h istio-policy-54686485-lsfxt 2/2 Running 0 4d7h istio-sidecar-injector-746b458c-6rbdz 1/1 Running 0 4d8h istio-telemetry-77b97547-2pdpq 1/2 Running 0 4d7h istio-telemetry-77b96547-8gmd8 2/2 Running 0 4d7h istio-tracing-656fc99c-xggq8 1/1 Running 0 4d8h istiocoredns-bd4885d-x9hwt 2/2 Running 0 4d8h kiali-69d68b45-2sxzj 1/1 Running 0 4d4h prometheus-66f5694-bn622 1/1 Running 0 4d8h servicegraph-759c7d9b-sjdfg 1/1 Running 0 4d8h tiller-deploy-556f6dd9-jhpt4 1/1 Running 0 6d6h
3、使用
4、Appswitch
istio存在代理多層的問題,還有就是Envoy代理延時設置的問題,考慮引入Appswitch能夠將這些層都刪減掉,引入一個說明圖(侵刪),同時appswitch也能解決k8s的跨網段通訊問題。
appswitch測試demo:
以daemonset的方式部署Appswitch:
git clone https://github.com/cuishuaigit/appswitch.git kubectl apply -f appswitch.yaml
root@ku13-1:~# ax get nodes NAME CLUSTER IP EXTERNALIP ROLE APPCOUNT ----------------------------------------------------------------- ku13-5 cluster0 10.1.80.149 [compute] 0 ku13-1 cluster0 10.2.68.77 [compute] 0 ku13-2 cluster0 10.2.73.110 [compute] 1 ku13-3 cluster0 10.2.83.248 [compute] 0
部署nginx-demo:
kubectl apply -f nginx-demo.yaml
訪問:
root@k3-1:/data/appswitch# ax get vservices VSNAME VSTYPE VSIP VSPORTS VSBACKENDIPS VSAPPIDS ---------------------------------------------------------------------------------------------- nginx-demo Random 1.1.1.1 [{80 80}] [] [30d2f4g1-6194-4d95-bcvc-6c785c9f0237]
root@k3-1:/data/appswitch# ax run -- curl -I nginx-demo HTTP/1.1 200 OK Server: nginx/1.15.10 Date: Mon, 01 Apr 2019 13:52:24 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Tue, 26 Mar 2019 14:04:38 GMT Connection: keep-alive ETag: "5c9a3176-264" Accept-Ranges: bytes
跨網段訪問:
root@ku13-5:~# ax run -- curl -I nginx-demo HTTP/1.1 200 OK Server: nginx/1.15.11 Date: Tue, 16 Apr 2019 08:39:17 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Tue, 09 Apr 2019 11:20:51 GMT Connection: keep-alive ETag: "5cac8013-264" Accept-Ranges: bytes
參考:
http://appswitch.io/blog/kubernetes_istio_and_network_function_devirtualization_with_appswitch/
https://appswitch.readthedocs.io/en/latest/reading.html
https://appswitch.readthedocs.io/en/latest/integrations.html
https://istio.io/blog/2018/delayering-istio/
- 1. Istio思惟導圖總結
- 2. istio部署-istio prometheus
- 3. Istio
- 4. Istio - - 概念 - - 什麼是 istio
- 5. istio 1.2.5及istio-cni 部署
- 6. istio部署-istio jaeger & kiali
- 7. Istio Sidecar
- 8. ServiceMesh-Istio:2. Istio架構和原理
- 9. istio淺析(二)istio-pilot配置分發
- 10. 淺析ServiceMesh & Istio
- 更多相關文章...
- • Rust 結構體 - RUST 教程
- • XML 樹結構 - XML 教程
- • 算法總結-雙指針
- • 算法總結-回溯法
-
每一个你不满意的现在,都有一个你没有努力的曾经。