zoukankan      html  css  js  c++  java
  • 第四章 istio快速入门(快速安装)

    4.1 环境介绍

      K8s 1.9 以上版本。

    4.2 快速部署Istio

      下载:  https://github.com/istio/istio/releases/,  下载 1.1.0-snapshot.5/istio-1.1.0-snapshot.5-linux.tar.gz

       1:   wget   https://github.com/istio/istio/releases/download/1.1.0-snapshot.5/istio-1.1.0-snapshot.5-linux.tar.gz

            2:    tar       -xzvf     istio-1.1.0-snapshot.5-linux.tar.gz

       3:   将bin目录中的istioctl复制到一个PATH包含的路径中:

        cp     bin/istioctl      /usr/local/bin

            4:  kubectl    apply    -f      install/kubernetes/istio-demo.yaml           

    namespace "istio-system" created
    customresourcedefinition.apiextensions.k8s.io "virtualservices.networking.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "destinationrules.networking.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "serviceentries.networking.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "gateways.networking.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "envoyfilters.networking.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "clusterrbacconfigs.rbac.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "policies.authentication.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "meshpolicies.authentication.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "httpapispecbindings.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "httpapispecs.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "quotaspecbindings.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "quotaspecs.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "rules.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "attributemanifests.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "bypasses.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "circonuses.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "deniers.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "fluentds.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "kubernetesenvs.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "listcheckers.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "memquotas.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "noops.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "opas.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "prometheuses.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "rbacs.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "redisquotas.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "servicecontrols.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "signalfxs.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "solarwindses.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "stackdrivers.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "statsds.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "stdios.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "apikeys.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "authorizations.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "checknothings.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "kuberneteses.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "listentries.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "logentries.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "edges.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "metrics.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "quotas.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "reportnothings.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "servicecontrolreports.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "tracespans.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "rbacconfigs.rbac.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "serviceroles.rbac.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "servicerolebindings.rbac.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "adapters.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "instances.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "templates.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "handlers.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "cloudwatches.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "dogstatsds.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "sidecars.networking.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "clusterissuers.certmanager.k8s.io" created
    customresourcedefinition.apiextensions.k8s.io "issuers.certmanager.k8s.io" created
    customresourcedefinition.apiextensions.k8s.io "certificates.certmanager.k8s.io" created
    configmap "istio-galley-configuration" created
    configmap "istio-grafana-custom-resources" created
    configmap "istio-grafana-configuration-dashboards-galley-dashboard" created
    configmap "istio-grafana-configuration-dashboards-istio-mesh-dashboard" created
    configmap "istio-grafana-configuration-dashboards-istio-performance-dashboard" created
    configmap "istio-grafana-configuration-dashboards-istio-service-dashboard" created
    configmap "istio-grafana-configuration-dashboards-istio-workload-dashboard" created
    configmap "istio-grafana-configuration-dashboards-mixer-dashboard" created
    configmap "istio-grafana-configuration-dashboards-pilot-dashboard" created
    configmap "istio-grafana" created
    configmap "kiali" created
    configmap "prometheus" created
    configmap "istio-security-custom-resources" created
    configmap "istio" created
    configmap "istio-sidecar-injector" created
    serviceaccount "istio-galley-service-account" created
    serviceaccount "istio-egressgateway-service-account" created
    serviceaccount "istio-ingressgateway-service-account" created
    serviceaccount "istio-grafana-post-install-account" created
    clusterrole.rbac.authorization.k8s.io "istio-grafana-post-install-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-grafana-post-install-role-binding-istio-system" created
    job.batch "istio-grafana-post-install-1.1.0-snapshot.5" created
    serviceaccount "kiali-service-account" created
    serviceaccount "istio-mixer-service-account" created
    serviceaccount "istio-pilot-service-account" created
    serviceaccount "prometheus" created
    serviceaccount "istio-cleanup-secrets-service-account" created
    clusterrole.rbac.authorization.k8s.io "istio-cleanup-secrets-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-cleanup-secrets-istio-system" created
    job.batch "istio-cleanup-secrets-1.1.0-snapshot.5" created
    serviceaccount "istio-security-post-install-account" created
    clusterrole.rbac.authorization.k8s.io "istio-security-post-install-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-security-post-install-role-binding-istio-system" created
    job.batch "istio-security-post-install-1.1.0-snapshot.5" created
    serviceaccount "istio-citadel-service-account" created
    serviceaccount "istio-sidecar-injector-service-account" created
    clusterrole.rbac.authorization.k8s.io "istio-galley-istio-system" created
    clusterrole.rbac.authorization.k8s.io "istio-egressgateway-istio-system" created
    clusterrole.rbac.authorization.k8s.io "istio-ingressgateway-istio-system" created
    clusterrole.rbac.authorization.k8s.io "kiali" created
    clusterrole.rbac.authorization.k8s.io "istio-mixer-istio-system" created
    clusterrole.rbac.authorization.k8s.io "istio-pilot-istio-system" created
    clusterrole.rbac.authorization.k8s.io "prometheus-istio-system" created
    clusterrole.rbac.authorization.k8s.io "istio-citadel-istio-system" created
    clusterrole.rbac.authorization.k8s.io "istio-sidecar-injector-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-galley-admin-role-binding-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-egressgateway-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-ingressgateway-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-kiali-admin-role-binding-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-mixer-admin-role-binding-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-pilot-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "prometheus-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-citadel-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-sidecar-injector-admin-role-binding-istio-system" created
    role.rbac.authorization.k8s.io "istio-ingressgateway-sds" created
    rolebinding.rbac.authorization.k8s.io "istio-ingressgateway-sds" created
    service "istio-galley" created
    service "istio-egressgateway" created
    service "istio-ingressgateway" created
    service "grafana" created
    service "kiali" created
    service "istio-policy" created
    service "istio-telemetry" created
    service "istio-pilot" created
    service "prometheus" created
    service "istio-citadel" created
    service "servicegraph" created
    service "istio-sidecar-injector" created
    deployment.extensions "istio-galley" created
    deployment.extensions "istio-egressgateway" created
    deployment.extensions "istio-ingressgateway" created
    deployment.extensions "grafana" created
    deployment.extensions "kiali" created
    deployment.extensions "istio-policy" created
    deployment.extensions "istio-telemetry" created
    deployment.extensions "istio-pilot" created
    deployment.extensions "prometheus" created
    deployment.extensions "istio-citadel" created
    deployment.extensions "servicegraph" created
    deployment.extensions "istio-sidecar-injector" created
    deployment.extensions "istio-tracing" created
    horizontalpodautoscaler.autoscaling "istio-egressgateway" created
    horizontalpodautoscaler.autoscaling "istio-ingressgateway" created
    horizontalpodautoscaler.autoscaling "istio-policy" created
    horizontalpodautoscaler.autoscaling "istio-telemetry" created
    horizontalpodautoscaler.autoscaling "istio-pilot" created
    service "jaeger-query" created
    service "jaeger-collector" created
    service "jaeger-agent" created
    service "zipkin" created
    service "tracing" created
    mutatingwebhookconfiguration.admissionregistration.k8s.io "istio-sidecar-injector" created
    poddisruptionbudget.policy "istio-galley" created
    poddisruptionbudget.policy "istio-egressgateway" created
    poddisruptionbudget.policy "istio-ingressgateway" created
    poddisruptionbudget.policy "istio-policy" created
    poddisruptionbudget.policy "istio-telemetry" created
    poddisruptionbudget.policy "istio-pilot" created
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "attributemanifest" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "attributemanifest" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "handler" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "logentry" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "logentry" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "handler" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "handler" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "kubernetes" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "DestinationRule" in version "networking.istio.io/v1alpha3"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "DestinationRule" in version "networking.istio.io/v1alpha3"

             5   运行  kubectl get pods -n istio-system -w  查看pod状态

    NAME                                                 READY     STATUS                       RESTARTS   AGE
    grafana-f8467cc6-lkrfq                               1/1       Running                      0          7m
    istio-citadel-676c58584b-drnnm                       1/1       Running                      0          7m
    istio-cleanup-secrets-1.1.0-snapshot.5-hhwbl         0/1       Completed                    0          7m
    istio-egressgateway-54477c6569-gk5bj                 1/1       Running                      0          7m
    istio-galley-58b7c6b6bb-8sqc2                        1/1       Running                      0          7m
    istio-grafana-post-install-1.1.0-snapshot.5-655cz    0/1       Completed                    0          7m
    istio-ingressgateway-f6c4b779b-g8cpd                 1/1       Running                      0          7m
    istio-pilot-595d5949f8-rlv8f                         2/2       Running                      0          7m
    istio-policy-755cf49c4f-xwm64                        2/2       Running                      4          7m
    istio-security-post-install-1.1.0-snapshot.5-x6c6z   0/1       Completed                    0          7m
    istio-sidecar-injector-6d7586f8cd-pntbg              1/1       Running                      0          7m
    istio-telemetry-7c7ff645cf-dhk7w                     2/2       Running                      3          7m
    istio-tracing-6849759bc8-mhjjs                       1/1       Running                      0          7m
    kiali-7766b75767-p6ws6                               0/1       CreateContainerConfigError   0          7m
    prometheus-849b9cddff-xf4f4                          1/1       Running                      0          7m
    servicegraph-655755f6c9-s7qtr                        1/1       Running                      0          7m

       6 部署两个版本的服务

           (服务的项目地址: https://github.com/fleeto/flaskapp

      flask.istio.yaml:

    apiVersion: v1
    kind: Service
    metadata:
      name: flaskapp
      labels:
        app: flaskapp
    spec:
      selector:
        app: flaskapp
      ports:
        - name: http
          port: 80
    ---
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: flaskapp-v1
    spec:
      replicas: 1
      template:
        metadata:
          labels:
            app: flaskapp
            version: v1
        spec:
          containers:
          - name: flaskapp
            image: dustise/flaskapp
            imagePullPolicy: Always
            env:
            - name: version
              value: v1
    ---
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: flaskapp-v2
    spec:
      replicas: 1
      template:
        metadata:
          labels:
            app: flaskapp
            version: v2
        spec:
          containers:
          - name: flaskapp
            image: dustise/flaskapp
            imagePullPolicy: Always
            env:
            - name: version
              value: v2
    XXXXXXXXXXXXXX:~$ istioctl kube-inject -f flask.istio.yaml | kubectl apply -f - service "flaskapp" created deployment.extensions "flaskapp-v1" created deployment.extensions "flaskapp-v2" created

    运行上面的命令,用istioctl kube-inject进行注入: 这个命令的作用是: 修改kubernetes Deployment, 在Pod中注入在前面提到的Sidecar容器,然后再用管道命令输出给kubectl, 提交到K8s集群。

    ~$ kubectl get pods
    NAME                           READY     STATUS    RESTARTS   AGE
    flaskapp-v1-d94f5cd8d-7lbbf    2/2       Running   0          10m
    flaskapp-v2-86dfb8d97f-s9hgq   2/2       Running   0          10m

    查看Pod详情:

    XXXXXXXXXXXXXX:~$ kubectl describe po flaskapp-v1-d94f5cd8d-7lbbf
    Name:           flaskapp-v1-d94f5cd8d-7lbbf
    Namespace:      default
    Node:           galaxykubernetes01/9.37.138.215
    Start Time:     Fri, 01 Feb 2019 03:50:35 -0500
    Labels:         app=flaskapp
                    pod-template-hash=850917848
                    version=v1
    Annotations:    sidecar.istio.io/status={"version":"84d7067e1bc34e8101e25667c84926d857e8d6ca3873a5dfd78345f405087030","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs...
    Status:         Running
    IP:             10.244.4.174
    Controlled By:  ReplicaSet/flaskapp-v1-d94f5cd8d
    Init Containers:
      istio-init:
        Container ID:  docker://cbb03a144c2a4d68b5d8a60562750073bdde9f59558b1c654d9348e8c5ab2b4d
        Image:         docker.io/istio/proxy_init:1.1.0-snapshot.5
        Image ID:      docker-pullable://istio/proxy_init@sha256:817dde540690a8ead6f24acc1dfbef3b9cc18996943983d6688b510b8ccf1c77
        Port:          <none>
        Host Port:     <none>
        Args:
          -p
          15001
          -u
          1337
          -m
          REDIRECT
          -i
          *
          -x
    
          -b
    
          -d
          15020
        State:          Terminated
          Reason:       Completed
          Exit Code:    0
          Started:      Fri, 01 Feb 2019 03:50:53 -0500
          Finished:     Fri, 01 Feb 2019 03:50:59 -0500
        Ready:          True
        Restart Count:  0
        Limits:
          cpu:     10m
          memory:  10Mi
        Requests:
          cpu:        10m
          memory:     10Mi
        Environment:  <none>
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-qjj5t (ro)
    Containers:
      flaskapp:
        Container ID:   docker://2e037f2213d58d2de0a4e3f7bd5e9b64fe30f8be41c1e15612d1308ee00aa50b
        Image:          dustise/flaskapp
        Image ID:       docker-pullable://dustise/flaskapp@sha256:fe21074376c36bb86358135f82c35ad40be99698ebd3cf277cbda1044308a255
        Port:           <none>
        Host Port:      <none>
        State:          Running
          Started:      Fri, 01 Feb 2019 03:51:10 -0500
        Ready:          True
        Restart Count:  0
        Environment:
          version:  v1
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-qjj5t (ro)
      istio-proxy:
        Container ID:  docker://7935bf3e9599a330d19deaea242dbd58e941e72b02d9d02010cc001d1a4f3558
        Image:         docker.io/istio/proxyv2:1.1.0-snapshot.5
        Image ID:      docker-pullable://istio/proxyv2@sha256:2329bed32fde5d3ed0c4d3f7f0594e8258573226c50406e7d25d0298cd119685
        Port:          15090/TCP
        Host Port:     0/TCP
        Args:
          proxy
          sidecar
          --domain
          $(POD_NAMESPACE).svc.cluster.local
          --configPath
          /etc/istio/proxy
          --binaryPath
          /usr/local/bin/envoy
          --serviceCluster
          flaskapp.default
          --drainDuration
          45s
          --parentShutdownDuration
          1m0s
          --discoveryAddress
          istio-pilot.istio-system:15010
          --zipkinAddress
          zipkin.istio-system:9411
          --connectTimeout
          10s
          --proxyAdminPort
          15000
          --controlPlaneAuthPolicy
          NONE
          --statusPort
          15020
          --applicationPorts
    
        State:          Running
          Started:      Fri, 01 Feb 2019 03:51:25 -0500
        Ready:          True
        Restart Count:  0
        Requests:
          cpu:      10m
        Readiness:  http-get http://:15020/healthz/ready delay=1s timeout=1s period=2s #success=1 #failure=30
        Environment:
          POD_NAME:                      flaskapp-v1-d94f5cd8d-7lbbf (v1:metadata.name)
          POD_NAMESPACE:                 default (v1:metadata.namespace)
          INSTANCE_IP:                    (v1:status.podIP)
          ISTIO_META_POD_NAME:           flaskapp-v1-d94f5cd8d-7lbbf (v1:metadata.name)
          ISTIO_META_CONFIG_NAMESPACE:   default (v1:metadata.namespace)
          ISTIO_META_INTERCEPTION_MODE:  REDIRECT
          ISTIO_METAJSON_LABELS:         {"app":"flaskapp","version":"v1"}
    
        Mounts:
          /etc/certs/ from istio-certs (ro)
          /etc/istio/proxy from istio-envoy (rw)
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-qjj5t (ro)
    Conditions:
      Type           Status
      Initialized    True
      Ready          True
      PodScheduled   True
    Volumes:
      istio-envoy:
        Type:    EmptyDir (a temporary directory that shares a pod's lifetime)
        Medium:  Memory
      istio-certs:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  istio.default
        Optional:    true
      default-token-qjj5t:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  default-token-qjj5t
        Optional:    false
    QoS Class:       Burstable
    Node-Selectors:  <none>
    Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                     node.kubernetes.io/unreachable:NoExecute for 300s
    Events:
      Type    Reason                 Age   From                         Message
      ----    ------                 ----  ----                         -------
      Normal  Scheduled              11m   default-scheduler            Successfully assigned flaskapp-v1-d94f5cd8d-7lbbf to galaxykubernetes01
      Normal  SuccessfulMountVolume  11m   kubelet, galaxykubernetes01  MountVolume.SetUp succeeded for volume "istio-envoy"
      Normal  SuccessfulMountVolume  11m   kubelet, galaxykubernetes01  MountVolume.SetUp succeeded for volume "default-token-qjj5t"
      Normal  SuccessfulMountVolume  11m   kubelet, galaxykubernetes01  MountVolume.SetUp succeeded for volume "istio-certs"
      Normal  Pulling                11m   kubelet, galaxykubernetes01  pulling image "docker.io/istio/proxy_init:1.1.0-snapshot.5"
      Normal  Pulled                 11m   kubelet, galaxykubernetes01  Successfully pulled image "docker.io/istio/proxy_init:1.1.0-snapshot.5"
      Normal  Created                11m   kubelet, galaxykubernetes01  Created container
      Normal  Started                11m   kubelet, galaxykubernetes01  Started container
      Normal  Pulling                11m   kubelet, galaxykubernetes01  pulling image "dustise/flaskapp"
      Normal  Pulled                 11m   kubelet, galaxykubernetes01  Successfully pulled image "dustise/flaskapp"
      Normal  Created                11m   kubelet, galaxykubernetes01  Created container
      Normal  Started                11m   kubelet, galaxykubernetes01  Started container
      Normal  Pulling                11m   kubelet, galaxykubernetes01  pulling image "docker.io/istio/proxyv2:1.1.0-snapshot.5"
      Normal  Pulled                 10m   kubelet, galaxykubernetes01  Successfully pulled image "docker.io/istio/proxyv2:1.1.0-snapshot.5"
      Normal  Created                10m   kubelet, galaxykubernetes01  Created container
      Normal  Started                10m   kubelet, galaxykubernetes01  Started container

           从上面的详情看出,在这个Pod中多了一个容器, 名称是 istio-proxy, 这就是注入的结果。另外还有一个名是 istio-init的初始化容器,这个容器是用于初始化劫持的。

      4.4 部署客户端服务

        (客户端项目地址: https://github.com/fleeto/flaskapp)

    apiVersion: v1
    kind: Service
    metadata:
      name: sleep
      labels:
        app: sleep
    spec:
      selector:
        app: sleep
      ports:
        - name: ssh
          port: 80
    ---
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: sleep-v1
    spec:
      replicas: 1
      template:
        metadata:
          labels:
            app: sleep
            version: v1
        spec:
          containers:
          - name: sleep
            image: dustise/sleep
            imagePullPolicy: Always
    ---
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: sleep-v2
    spec:
      replicas: 1
      template:
        metadata:
          labels:
            app: sleep
            version: v2
        spec:
          containers:
          - name: sleep
            image: dustise/sleep
            imagePullPolicy: Always

      没有service的Deployment是无法被Istio发现并进行操作的。

      同样,对该文件进行注入,并提交到K8s上运行:

    XXXXXXXXXXXXXX:~$ istioctl kube-inject -f sleep.yaml | kubectl apply -f -
    service "sleep" created
    deployment.extensions "sleep-v1" created
    deployment.extensions "sleep-v2" created

      4.5 验证服务

      通过kubectl exec -it 命令进入客户端Pod, 来测试flaskapp服务的具体表现。

    XXXXXXXXXXXXXX:~$ kubectl get po

    NAME READY STATUS RESTARTS AGE
    flaskapp-v1-d94f5cd8d-7lbbf 2/2 Running 0 17h
    flaskapp-v2-86dfb8d97f-s9hgq 2/2 Running 0 17h
    sleep-v1-5f6946dcf8-sf94h 2/2 Running 0 1m
    sleep-v2-bbb4cc688-bwm7q 2/2 Running 0 1m
    kubeusr@GalaxyKubernetesMaster:~$ kubectl exec -it sleep-v1-5f6946dcf8-sf94h -c sleep bash

    bash-4.4# for i in `seq 10`;do http --body http://flaskapp/env/version;done  (进行10次调用)
    v1

    v2

    v1

    v1

    v2

    v1

    v2

    v1

    v2

    v1

     从上面的结果可以看出,v2和v1两种结果随机出现,大约各占一半。

      4.6 创建目标规则和默认路由

      接下来使用Istio来管理这两个服务的流量。

      定义一个名称为flaskapp的DestinationRule,它利Pod标签flaskapp服务分成两个subset, 分别命名为v1和v2.

    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: flaskapp
    spec:
      host: flaskapp
      subsets:
      - name: v1
        labels:
          version: v1
      - name: v2
        labels:
          version: v2

      XXXXXXXXXXXXXXXXXX:~$  kubectl apply -f flaskapp-destinationrule.yaml     # 部署到集群上

    destinationrule.networking.istio.io "flaskapp" created

      接下来,为flaskapp服务创建默认的路由规则,不论是否进行进一步的流量控制,都建议为网格中的服务创建默认的路由规则,以防止发生意料之外的路由规则。

       定义一个VirtualService对象,它负责接管对 “flaskapp”这一主机名的访问,将流量都转发到DestinationRule定义的v2 subset上。

    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: flaskapp-default-v2
    spec:
      hosts:
        - flaskapp
      http:
      - route:
        - destination:
            host: flaskapp
            subset: v2
    XXXXXXXXXXXXXXXXXXX:~$ kubectl apply -f flaskapp-default-vs-v2.yaml
    virtualservice.networking.istio.io "flaskapp-default-v2" created

     再次进入客户端Pod, 看看新定义的流量管理规则是否生效

    XXXXXXXXXXXXXXXXX:~$ kubectl exec -it sleep-v1-5f6946dcf8-sf94h -c sleep bash
    bash-4.4# for i in `seq 10`;do http --body http://flaskapp/env/version;done
    v2
    v2
    v2
    v2
    v2
    v2
    v2
    v2
    v2
    v2

        

  • 相关阅读:
    7个技巧,帮你完美搞定网页首图设计(必看)
    听说你想跳槽?ARM和PowerPC分析,你知道吗?(速进)
    C语言必学7大步骤!(必看)
    单片机电机必不可少的30条常识!你知道吗?(欢迎大家进行补充)
    单片机外围电路设计攻略(终结版)! 不看哭一年!
    3天”速成“嵌入式之后,我明白了六件事!!!
    前端就不需要掌握算法与数据结构?
    嵌入式软件必学知识总结!
    字节跳动2017客户端工程师实习生笔试题-第四题
    并查集
  • 原文地址:https://www.cnblogs.com/liufei1983/p/10344310.html
Copyright © 2011-2022 走看看