Istio 快速入門
- 下載 istio:
curl -L https://istio.io/downloadIstio | sh -cd istio-1.9.0export PATH=$PWD/bin:$PATH #將 istioctl 加入環境變量
而後須要經過 helm 部署好 istio,此處省略。html
- 命名空間添加標籤:
方便 Istio 在部署應用的時候,自動的注入 Envoy sidecar 代理:node
kubectl label namespace default istio-injection=enabled
- 部署 Bookinfo 示例應用:
cat samples/bookinfo/platform/kube/bookinfo.yaml
apiVersion: v1kind: Servicemetadata:
name: details labels:
app: details service: detailsspec:
ports:
- port: 9080
name: http selector:
app: details---apiVersion: v1kind: ServiceAccountmetadata:
name: bookinfo-details labels:
account: details---apiVersion: apps/v1kind: Deploymentmetadata:
name: details-v1 labels:
app: details version: v1spec:
replicas: 1
selector:
matchLabels:
app: details version: v1 template:
metadata:
labels:
app: details version: v1 spec:
serviceAccountName: bookinfo-details containers:
- name: details image: docker.io/istio/examples-bookinfo-details-v1:1.16.2 imagePullPolicy: IfNotPresent ports:
- containerPort: 9080
securityContext:
runAsUser: 1000---apiVersion: v1kind: Servicemetadata:
name: ratings labels:
app: ratings service: ratingsspec:
ports:
- port: 9080
name: http selector:
app: ratings---apiVersion: v1kind: ServiceAccountmetadata:
name: bookinfo-ratings labels:
account: ratings---apiVersion: apps/v1kind: Deploymentmetadata:
name: ratings-v1 labels:
app: ratings version: v1spec:
replicas: 1
selector:
matchLabels:
app: ratings version: v1 template:
metadata:
labels:
app: ratings version: v1 spec:
serviceAccountName: bookinfo-ratings containers:
- name: ratings image: docker.io/istio/examples-bookinfo-ratings-v1:1.16.2 imagePullPolicy: IfNotPresent ports:
- containerPort: 9080
securityContext:
runAsUser: 1000---apiVersion: v1kind: Servicemetadata:
name: reviews labels:
app: reviews service: reviewsspec:
ports:
- port: 9080
name: http selector:
app: reviews---apiVersion: v1kind: ServiceAccountmetadata:
name: bookinfo-reviews labels:
account: reviews---apiVersion: apps/v1kind: Deploymentmetadata:
name: reviews-v1 labels:
app: reviews version: v1spec:
replicas: 1
selector:
matchLabels:
app: reviews version: v1 template:
metadata:
labels:
app: reviews version: v1 spec:
serviceAccountName: bookinfo-reviews containers:
- name: reviews image: docker.io/istio/examples-bookinfo-reviews-v1:1.16.2 imagePullPolicy: IfNotPresent env:
- name: LOG_DIR value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp mountPath: /tmp - name: wlp-output mountPath: /opt/ibm/wlp/output securityContext:
runAsUser: 1000
volumes:
- name: wlp-output emptyDir: {}
- name: tmp emptyDir: {}---apiVersion: apps/v1kind: Deploymentmetadata:
name: reviews-v2 labels:
app: reviews version: v2spec:
replicas: 1
selector:
matchLabels:
app: reviews version: v2 template:
metadata:
labels:
app: reviews version: v2 spec:
serviceAccountName: bookinfo-reviews containers:
- name: reviews image: docker.io/istio/examples-bookinfo-reviews-v2:1.16.2 imagePullPolicy: IfNotPresent env:
- name: LOG_DIR value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp mountPath: /tmp - name: wlp-output mountPath: /opt/ibm/wlp/output securityContext:
runAsUser: 1000
volumes:
- name: wlp-output emptyDir: {}
- name: tmp emptyDir: {}---apiVersion: apps/v1kind: Deploymentmetadata:
name: reviews-v3 labels:
app: reviews version: v3spec:
replicas: 1
selector:
matchLabels:
app: reviews version: v3 template:
metadata:
labels:
app: reviews version: v3 spec:
serviceAccountName: bookinfo-reviews containers:
- name: reviews image: docker.io/istio/examples-bookinfo-reviews-v3:1.16.2 imagePullPolicy: IfNotPresent env:
- name: LOG_DIR value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp mountPath: /tmp - name: wlp-output mountPath: /opt/ibm/wlp/output securityContext:
runAsUser: 1000
volumes:
- name: wlp-output emptyDir: {}
- name: tmp emptyDir: {}---apiVersion: v1kind: Servicemetadata:
name: productpage labels:
app: productpage service: productpagespec:
ports:
- port: 9080
name: http selector:
app: productpage---apiVersion: v1kind: ServiceAccountmetadata:
name: bookinfo-productpage labels:
account: productpage---apiVersion: apps/v1kind: Deploymentmetadata:
name: productpage-v1 labels:
app: productpage version: v1spec:
replicas: 1
selector:
matchLabels:
app: productpage version: v1 template:
metadata:
labels:
app: productpage version: v1 spec:
serviceAccountName: bookinfo-productpage containers:
- name: productpage image: docker.io/istio/examples-bookinfo-productpage-v1:1.16.2 imagePullPolicy: IfNotPresent ports:
- containerPort: 9080
volumeMounts:
- name: tmp mountPath: /tmp securityContext:
runAsUser: 1000
volumes:
- name: tmp emptyDir: {}
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml kubectl get pod NAME READY STATUS RESTARTS AGE details-v1-66b6955995-wmghv 2/2 Running 0 3m35s productpage-v1-5d9b4c9849-d96lb 2/2 Running 0 3m35s ratings-v1-fd78f799f-mhp49 2/2 Running 0 3m35s reviews-v1-6549ddccc5-675t5 2/2 Running 0 3m35s reviews-v2-76c4865449-24pmj 2/2 Running 0 3m36s reviews-v3-6b554c875-gn2d6 2/2 Running 0 3m36s
- 驗證:
經過檢查返回的頁面標題,來驗證應用是否已在集羣中運行,並已提供網頁服務:nginx
kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -s productpage:9080/productpage | grep -o ".*"<title>Simple Bookstore App</title>
- 對外開放應用程序:
此時,BookInfo 應用已經部署,但還不能被外界訪問。 要開放訪問,你須要建立 Istio 入站網關(Ingress Gateway), 它會在網格邊緣把一個路徑映射到路由。docker
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
istioctl analyze #確保配置文件沒有問題✔ No validation issues found when analyzing namespace: default.
- 肯定入站 IP 和端口:
按照說明,爲訪問網關設置兩個變量:INGRESS_HOST 和 INGRESS_PORT。json
執行下面命令進行判斷:Kubernetes 集羣環境是否支持外部負載均衡:vim
kubectl get svc istio-ingressgateway -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-ingressgateway LoadBalancer 10.105.62.5 <pending> 15021:31847/TCP,80:30108/TCP,443:31550/TCP,15012:31559/TCP,15443:31955/TCP 43m
因爲 EXTERNAL-IP 一直顯示爲 ,因此當前環境中沒有提供可做爲入站流量網關的外部負載均衡,這樣能夠選擇一個節點端口來代替。api
設置入站的端口:瀏覽器
export INGRESS_PORT=$(kubectl get service -n istio-system istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl get service -n istio-system istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
設置入站的 IP:網絡
export INGRESS_HOST=$(kubectl get pod -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')
設置環境變量 GATEWAY_URL:app
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORTecho "$GATEWAY_URL"192.168.30.130:30108
- 驗證外部訪問:
用瀏覽器查看 Bookinfo 應用的產品頁面,驗證 Bookinfo 已經實現了外部訪問。
運行下面命令,獲取 Bookinfo 應用的外部訪問地址。
echo "http://$GATEWAY_URL/productpage"http://192.168.30.130:30108/productpage
把上面命令的輸出地址複製粘貼到瀏覽器並訪問,確認 Bookinfo 應用的產品頁面是否能夠打開。
- 查看儀表板:
Istio 和幾個遙測應用作了集成。遙測能幫助瞭解服務網格的結構、展現網絡的拓撲結構、分析網格的健康狀態。
使用下面說明部署 Kiali 儀表板、Prometheus、Grafana 以及 Jaeger。
安裝 Kiali 和其餘插件:
kubectl apply -f samples/addons #報錯則運行兩次kubectl rollout status deployment/kiali -n istio-system
訪問 Kiali 儀表板:
istioctl dashboard kiali http://localhost:20001/kiali Failed to open browser; open http://localhost:20001/kiali in your browser.
netstat -lntp |grep 20001 tcp 0 0 127.0.0.1:20001 0.0.0.0:* LISTEN 60323/istioctl tcp6 0 0 ::1:20001 :::* LISTEN 60323/istioctl
因爲此處是虛擬機,因此瀏覽器沒法訪問虛擬機上綁定 127.0.0.1 的端口,所以須要作轉發。
yum install -y nginx vim /etc/nginx/conf.d/kiali.conf
server {
listen 20002;
server_name 192.168.30.128;
access_log /var/log/nginx/kiali.access.log main;
error_log /var/log/nginx/kiali.error.log;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
location / {
proxy_pass http://localhost:20001;
proxy_set_header Origin "" ;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 120s;
proxy_read_timeout 120s;
proxy_send_timeout 120s;
}}
systemctl enable nginx && systemctl start nginx
訪問 http://192.168.30.128:20002/kiali,
Kiali 儀表板展現了網格的概覽、以及 Bookinfo 示例應用的各個服務之間的關係,它還提供過濾器來可視化流量的流動。在左側的導航菜單,選擇 Graph ,而後在 Namespace 下拉列表中,選擇 default。
相關文章
- 1. Kubernetes Python API快速入門
- 2. ES6快速入門 ES6 快速入門
- 3. 快速入門
- 4. 如何用minikube快速入門kubernetes-minikube 安裝istio
- 5. Istio 入門
- 6. istio入門
- 7. Kubernetes/4.Kubernetes快速入門
- 8. Hadoop快速入門
- 9. Sqoop 快速入門
- 10. Shell快速入門
- 更多相關文章...
- • SQL 快速參考 - SQL 教程
- • Eclipse 快速修復 - Eclipse 教程
- • YAML 入門教程
- • Java Agent入門實戰(一)-Instrumentation介紹與使用
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Kubernetes Python API快速入門
- 2. ES6快速入門 ES6 快速入門
- 3. 快速入門
- 4. 如何用minikube快速入門kubernetes-minikube 安裝istio
- 5. Istio 入門
- 6. istio入門
- 7. Kubernetes/4.Kubernetes快速入門
- 8. Hadoop快速入門
- 9. Sqoop 快速入門
- 10. Shell快速入門