• 第四章 istio快速入门(快速安装)


    4.1 环境介绍

      K8s 1.9 以上版本。

    4.2 快速部署Istio

      下载:  https://github.com/istio/istio/releases/,  下载 1.1.0-snapshot.5/istio-1.1.0-snapshot.5-linux.tar.gz

       1:   wget   https://github.com/istio/istio/releases/download/1.1.0-snapshot.5/istio-1.1.0-snapshot.5-linux.tar.gz

            2:    tar       -xzvf     istio-1.1.0-snapshot.5-linux.tar.gz

       3:   将bin目录中的istioctl复制到一个PATH包含的路径中:

        cp     bin/istioctl      /usr/local/bin

            4:  kubectl    apply    -f      install/kubernetes/istio-demo.yaml           

    namespace "istio-system" created
    customresourcedefinition.apiextensions.k8s.io "virtualservices.networking.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "destinationrules.networking.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "serviceentries.networking.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "gateways.networking.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "envoyfilters.networking.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "clusterrbacconfigs.rbac.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "policies.authentication.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "meshpolicies.authentication.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "httpapispecbindings.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "httpapispecs.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "quotaspecbindings.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "quotaspecs.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "rules.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "attributemanifests.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "bypasses.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "circonuses.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "deniers.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "fluentds.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "kubernetesenvs.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "listcheckers.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "memquotas.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "noops.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "opas.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "prometheuses.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "rbacs.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "redisquotas.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "servicecontrols.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "signalfxs.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "solarwindses.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "stackdrivers.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "statsds.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "stdios.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "apikeys.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "authorizations.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "checknothings.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "kuberneteses.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "listentries.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "logentries.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "edges.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "metrics.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "quotas.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "reportnothings.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "servicecontrolreports.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "tracespans.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "rbacconfigs.rbac.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "serviceroles.rbac.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "servicerolebindings.rbac.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "adapters.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "instances.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "templates.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "handlers.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "cloudwatches.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "dogstatsds.config.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "sidecars.networking.istio.io" created
    customresourcedefinition.apiextensions.k8s.io "clusterissuers.certmanager.k8s.io" created
    customresourcedefinition.apiextensions.k8s.io "issuers.certmanager.k8s.io" created
    customresourcedefinition.apiextensions.k8s.io "certificates.certmanager.k8s.io" created
    configmap "istio-galley-configuration" created
    configmap "istio-grafana-custom-resources" created
    configmap "istio-grafana-configuration-dashboards-galley-dashboard" created
    configmap "istio-grafana-configuration-dashboards-istio-mesh-dashboard" created
    configmap "istio-grafana-configuration-dashboards-istio-performance-dashboard" created
    configmap "istio-grafana-configuration-dashboards-istio-service-dashboard" created
    configmap "istio-grafana-configuration-dashboards-istio-workload-dashboard" created
    configmap "istio-grafana-configuration-dashboards-mixer-dashboard" created
    configmap "istio-grafana-configuration-dashboards-pilot-dashboard" created
    configmap "istio-grafana" created
    configmap "kiali" created
    configmap "prometheus" created
    configmap "istio-security-custom-resources" created
    configmap "istio" created
    configmap "istio-sidecar-injector" created
    serviceaccount "istio-galley-service-account" created
    serviceaccount "istio-egressgateway-service-account" created
    serviceaccount "istio-ingressgateway-service-account" created
    serviceaccount "istio-grafana-post-install-account" created
    clusterrole.rbac.authorization.k8s.io "istio-grafana-post-install-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-grafana-post-install-role-binding-istio-system" created
    job.batch "istio-grafana-post-install-1.1.0-snapshot.5" created
    serviceaccount "kiali-service-account" created
    serviceaccount "istio-mixer-service-account" created
    serviceaccount "istio-pilot-service-account" created
    serviceaccount "prometheus" created
    serviceaccount "istio-cleanup-secrets-service-account" created
    clusterrole.rbac.authorization.k8s.io "istio-cleanup-secrets-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-cleanup-secrets-istio-system" created
    job.batch "istio-cleanup-secrets-1.1.0-snapshot.5" created
    serviceaccount "istio-security-post-install-account" created
    clusterrole.rbac.authorization.k8s.io "istio-security-post-install-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-security-post-install-role-binding-istio-system" created
    job.batch "istio-security-post-install-1.1.0-snapshot.5" created
    serviceaccount "istio-citadel-service-account" created
    serviceaccount "istio-sidecar-injector-service-account" created
    clusterrole.rbac.authorization.k8s.io "istio-galley-istio-system" created
    clusterrole.rbac.authorization.k8s.io "istio-egressgateway-istio-system" created
    clusterrole.rbac.authorization.k8s.io "istio-ingressgateway-istio-system" created
    clusterrole.rbac.authorization.k8s.io "kiali" created
    clusterrole.rbac.authorization.k8s.io "istio-mixer-istio-system" created
    clusterrole.rbac.authorization.k8s.io "istio-pilot-istio-system" created
    clusterrole.rbac.authorization.k8s.io "prometheus-istio-system" created
    clusterrole.rbac.authorization.k8s.io "istio-citadel-istio-system" created
    clusterrole.rbac.authorization.k8s.io "istio-sidecar-injector-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-galley-admin-role-binding-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-egressgateway-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-ingressgateway-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-kiali-admin-role-binding-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-mixer-admin-role-binding-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-pilot-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "prometheus-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-citadel-istio-system" created
    clusterrolebinding.rbac.authorization.k8s.io "istio-sidecar-injector-admin-role-binding-istio-system" created
    role.rbac.authorization.k8s.io "istio-ingressgateway-sds" created
    rolebinding.rbac.authorization.k8s.io "istio-ingressgateway-sds" created
    service "istio-galley" created
    service "istio-egressgateway" created
    service "istio-ingressgateway" created
    service "grafana" created
    service "kiali" created
    service "istio-policy" created
    service "istio-telemetry" created
    service "istio-pilot" created
    service "prometheus" created
    service "istio-citadel" created
    service "servicegraph" created
    service "istio-sidecar-injector" created
    deployment.extensions "istio-galley" created
    deployment.extensions "istio-egressgateway" created
    deployment.extensions "istio-ingressgateway" created
    deployment.extensions "grafana" created
    deployment.extensions "kiali" created
    deployment.extensions "istio-policy" created
    deployment.extensions "istio-telemetry" created
    deployment.extensions "istio-pilot" created
    deployment.extensions "prometheus" created
    deployment.extensions "istio-citadel" created
    deployment.extensions "servicegraph" created
    deployment.extensions "istio-sidecar-injector" created
    deployment.extensions "istio-tracing" created
    horizontalpodautoscaler.autoscaling "istio-egressgateway" created
    horizontalpodautoscaler.autoscaling "istio-ingressgateway" created
    horizontalpodautoscaler.autoscaling "istio-policy" created
    horizontalpodautoscaler.autoscaling "istio-telemetry" created
    horizontalpodautoscaler.autoscaling "istio-pilot" created
    service "jaeger-query" created
    service "jaeger-collector" created
    service "jaeger-agent" created
    service "zipkin" created
    service "tracing" created
    mutatingwebhookconfiguration.admissionregistration.k8s.io "istio-sidecar-injector" created
    poddisruptionbudget.policy "istio-galley" created
    poddisruptionbudget.policy "istio-egressgateway" created
    poddisruptionbudget.policy "istio-ingressgateway" created
    poddisruptionbudget.policy "istio-policy" created
    poddisruptionbudget.policy "istio-telemetry" created
    poddisruptionbudget.policy "istio-pilot" created
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "attributemanifest" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "attributemanifest" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "handler" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "logentry" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "logentry" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "handler" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "handler" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "kubernetes" in version "config.istio.io/v1alpha2"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "DestinationRule" in version "networking.istio.io/v1alpha3"
    unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "DestinationRule" in version "networking.istio.io/v1alpha3"

             5   运行  kubectl get pods -n istio-system -w  查看pod状态

    NAME                                                 READY     STATUS                       RESTARTS   AGE
    grafana-f8467cc6-lkrfq                               1/1       Running                      0          7m
    istio-citadel-676c58584b-drnnm                       1/1       Running                      0          7m
    istio-cleanup-secrets-1.1.0-snapshot.5-hhwbl         0/1       Completed                    0          7m
    istio-egressgateway-54477c6569-gk5bj                 1/1       Running                      0          7m
    istio-galley-58b7c6b6bb-8sqc2                        1/1       Running                      0          7m
    istio-grafana-post-install-1.1.0-snapshot.5-655cz    0/1       Completed                    0          7m
    istio-ingressgateway-f6c4b779b-g8cpd                 1/1       Running                      0          7m
    istio-pilot-595d5949f8-rlv8f                         2/2       Running                      0          7m
    istio-policy-755cf49c4f-xwm64                        2/2       Running                      4          7m
    istio-security-post-install-1.1.0-snapshot.5-x6c6z   0/1       Completed                    0          7m
    istio-sidecar-injector-6d7586f8cd-pntbg              1/1       Running                      0          7m
    istio-telemetry-7c7ff645cf-dhk7w                     2/2       Running                      3          7m
    istio-tracing-6849759bc8-mhjjs                       1/1       Running                      0          7m
    kiali-7766b75767-p6ws6                               0/1       CreateContainerConfigError   0          7m
    prometheus-849b9cddff-xf4f4                          1/1       Running                      0          7m
    servicegraph-655755f6c9-s7qtr                        1/1       Running                      0          7m

       6 部署两个版本的服务

           (服务的项目地址: https://github.com/fleeto/flaskapp

      flask.istio.yaml:

    apiVersion: v1
    kind: Service
    metadata:
      name: flaskapp
      labels:
        app: flaskapp
    spec:
      selector:
        app: flaskapp
      ports:
        - name: http
          port: 80
    ---
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: flaskapp-v1
    spec:
      replicas: 1
      template:
        metadata:
          labels:
            app: flaskapp
            version: v1
        spec:
          containers:
          - name: flaskapp
            image: dustise/flaskapp
            imagePullPolicy: Always
            env:
            - name: version
              value: v1
    ---
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: flaskapp-v2
    spec:
      replicas: 1
      template:
        metadata:
          labels:
            app: flaskapp
            version: v2
        spec:
          containers:
          - name: flaskapp
            image: dustise/flaskapp
            imagePullPolicy: Always
            env:
            - name: version
              value: v2
    XXXXXXXXXXXXXX:~$ istioctl kube-inject -f flask.istio.yaml | kubectl apply -f - service "flaskapp" created deployment.extensions "flaskapp-v1" created deployment.extensions "flaskapp-v2" created

    运行上面的命令,用istioctl kube-inject进行注入: 这个命令的作用是: 修改kubernetes Deployment, 在Pod中注入在前面提到的Sidecar容器,然后再用管道命令输出给kubectl, 提交到K8s集群。

    ~$ kubectl get pods
    NAME                           READY     STATUS    RESTARTS   AGE
    flaskapp-v1-d94f5cd8d-7lbbf    2/2       Running   0          10m
    flaskapp-v2-86dfb8d97f-s9hgq   2/2       Running   0          10m

    查看Pod详情:

    XXXXXXXXXXXXXX:~$ kubectl describe po flaskapp-v1-d94f5cd8d-7lbbf
    Name:           flaskapp-v1-d94f5cd8d-7lbbf
    Namespace:      default
    Node:           galaxykubernetes01/9.37.138.215
    Start Time:     Fri, 01 Feb 2019 03:50:35 -0500
    Labels:         app=flaskapp
                    pod-template-hash=850917848
                    version=v1
    Annotations:    sidecar.istio.io/status={"version":"84d7067e1bc34e8101e25667c84926d857e8d6ca3873a5dfd78345f405087030","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs...
    Status:         Running
    IP:             10.244.4.174
    Controlled By:  ReplicaSet/flaskapp-v1-d94f5cd8d
    Init Containers:
      istio-init:
        Container ID:  docker://cbb03a144c2a4d68b5d8a60562750073bdde9f59558b1c654d9348e8c5ab2b4d
        Image:         docker.io/istio/proxy_init:1.1.0-snapshot.5
        Image ID:      docker-pullable://istio/proxy_init@sha256:817dde540690a8ead6f24acc1dfbef3b9cc18996943983d6688b510b8ccf1c77
        Port:          <none>
        Host Port:     <none>
        Args:
          -p
          15001
          -u
          1337
          -m
          REDIRECT
          -i
          *
          -x
    
          -b
    
          -d
          15020
        State:          Terminated
          Reason:       Completed
          Exit Code:    0
          Started:      Fri, 01 Feb 2019 03:50:53 -0500
          Finished:     Fri, 01 Feb 2019 03:50:59 -0500
        Ready:          True
        Restart Count:  0
        Limits:
          cpu:     10m
          memory:  10Mi
        Requests:
          cpu:        10m
          memory:     10Mi
        Environment:  <none>
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-qjj5t (ro)
    Containers:
      flaskapp:
        Container ID:   docker://2e037f2213d58d2de0a4e3f7bd5e9b64fe30f8be41c1e15612d1308ee00aa50b
        Image:          dustise/flaskapp
        Image ID:       docker-pullable://dustise/flaskapp@sha256:fe21074376c36bb86358135f82c35ad40be99698ebd3cf277cbda1044308a255
        Port:           <none>
        Host Port:      <none>
        State:          Running
          Started:      Fri, 01 Feb 2019 03:51:10 -0500
        Ready:          True
        Restart Count:  0
        Environment:
          version:  v1
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-qjj5t (ro)
      istio-proxy:
        Container ID:  docker://7935bf3e9599a330d19deaea242dbd58e941e72b02d9d02010cc001d1a4f3558
        Image:         docker.io/istio/proxyv2:1.1.0-snapshot.5
        Image ID:      docker-pullable://istio/proxyv2@sha256:2329bed32fde5d3ed0c4d3f7f0594e8258573226c50406e7d25d0298cd119685
        Port:          15090/TCP
        Host Port:     0/TCP
        Args:
          proxy
          sidecar
          --domain
          $(POD_NAMESPACE).svc.cluster.local
          --configPath
          /etc/istio/proxy
          --binaryPath
          /usr/local/bin/envoy
          --serviceCluster
          flaskapp.default
          --drainDuration
          45s
          --parentShutdownDuration
          1m0s
          --discoveryAddress
          istio-pilot.istio-system:15010
          --zipkinAddress
          zipkin.istio-system:9411
          --connectTimeout
          10s
          --proxyAdminPort
          15000
          --controlPlaneAuthPolicy
          NONE
          --statusPort
          15020
          --applicationPorts
    
        State:          Running
          Started:      Fri, 01 Feb 2019 03:51:25 -0500
        Ready:          True
        Restart Count:  0
        Requests:
          cpu:      10m
        Readiness:  http-get http://:15020/healthz/ready delay=1s timeout=1s period=2s #success=1 #failure=30
        Environment:
          POD_NAME:                      flaskapp-v1-d94f5cd8d-7lbbf (v1:metadata.name)
          POD_NAMESPACE:                 default (v1:metadata.namespace)
          INSTANCE_IP:                    (v1:status.podIP)
          ISTIO_META_POD_NAME:           flaskapp-v1-d94f5cd8d-7lbbf (v1:metadata.name)
          ISTIO_META_CONFIG_NAMESPACE:   default (v1:metadata.namespace)
          ISTIO_META_INTERCEPTION_MODE:  REDIRECT
          ISTIO_METAJSON_LABELS:         {"app":"flaskapp","version":"v1"}
    
        Mounts:
          /etc/certs/ from istio-certs (ro)
          /etc/istio/proxy from istio-envoy (rw)
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-qjj5t (ro)
    Conditions:
      Type           Status
      Initialized    True
      Ready          True
      PodScheduled   True
    Volumes:
      istio-envoy:
        Type:    EmptyDir (a temporary directory that shares a pod's lifetime)
        Medium:  Memory
      istio-certs:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  istio.default
        Optional:    true
      default-token-qjj5t:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  default-token-qjj5t
        Optional:    false
    QoS Class:       Burstable
    Node-Selectors:  <none>
    Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                     node.kubernetes.io/unreachable:NoExecute for 300s
    Events:
      Type    Reason                 Age   From                         Message
      ----    ------                 ----  ----                         -------
      Normal  Scheduled              11m   default-scheduler            Successfully assigned flaskapp-v1-d94f5cd8d-7lbbf to galaxykubernetes01
      Normal  SuccessfulMountVolume  11m   kubelet, galaxykubernetes01  MountVolume.SetUp succeeded for volume "istio-envoy"
      Normal  SuccessfulMountVolume  11m   kubelet, galaxykubernetes01  MountVolume.SetUp succeeded for volume "default-token-qjj5t"
      Normal  SuccessfulMountVolume  11m   kubelet, galaxykubernetes01  MountVolume.SetUp succeeded for volume "istio-certs"
      Normal  Pulling                11m   kubelet, galaxykubernetes01  pulling image "docker.io/istio/proxy_init:1.1.0-snapshot.5"
      Normal  Pulled                 11m   kubelet, galaxykubernetes01  Successfully pulled image "docker.io/istio/proxy_init:1.1.0-snapshot.5"
      Normal  Created                11m   kubelet, galaxykubernetes01  Created container
      Normal  Started                11m   kubelet, galaxykubernetes01  Started container
      Normal  Pulling                11m   kubelet, galaxykubernetes01  pulling image "dustise/flaskapp"
      Normal  Pulled                 11m   kubelet, galaxykubernetes01  Successfully pulled image "dustise/flaskapp"
      Normal  Created                11m   kubelet, galaxykubernetes01  Created container
      Normal  Started                11m   kubelet, galaxykubernetes01  Started container
      Normal  Pulling                11m   kubelet, galaxykubernetes01  pulling image "docker.io/istio/proxyv2:1.1.0-snapshot.5"
      Normal  Pulled                 10m   kubelet, galaxykubernetes01  Successfully pulled image "docker.io/istio/proxyv2:1.1.0-snapshot.5"
      Normal  Created                10m   kubelet, galaxykubernetes01  Created container
      Normal  Started                10m   kubelet, galaxykubernetes01  Started container

           从上面的详情看出,在这个Pod中多了一个容器, 名称是 istio-proxy, 这就是注入的结果。另外还有一个名是 istio-init的初始化容器,这个容器是用于初始化劫持的。

      4.4 部署客户端服务

        (客户端项目地址: https://github.com/fleeto/flaskapp)

    apiVersion: v1
    kind: Service
    metadata:
      name: sleep
      labels:
        app: sleep
    spec:
      selector:
        app: sleep
      ports:
        - name: ssh
          port: 80
    ---
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: sleep-v1
    spec:
      replicas: 1
      template:
        metadata:
          labels:
            app: sleep
            version: v1
        spec:
          containers:
          - name: sleep
            image: dustise/sleep
            imagePullPolicy: Always
    ---
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: sleep-v2
    spec:
      replicas: 1
      template:
        metadata:
          labels:
            app: sleep
            version: v2
        spec:
          containers:
          - name: sleep
            image: dustise/sleep
            imagePullPolicy: Always

      没有service的Deployment是无法被Istio发现并进行操作的。

      同样,对该文件进行注入,并提交到K8s上运行:

    XXXXXXXXXXXXXX:~$ istioctl kube-inject -f sleep.yaml | kubectl apply -f -
    service "sleep" created
    deployment.extensions "sleep-v1" created
    deployment.extensions "sleep-v2" created

      4.5 验证服务

      通过kubectl exec -it 命令进入客户端Pod, 来测试flaskapp服务的具体表现。

    XXXXXXXXXXXXXX:~$ kubectl get po

    NAME READY STATUS RESTARTS AGE
    flaskapp-v1-d94f5cd8d-7lbbf 2/2 Running 0 17h
    flaskapp-v2-86dfb8d97f-s9hgq 2/2 Running 0 17h
    sleep-v1-5f6946dcf8-sf94h 2/2 Running 0 1m
    sleep-v2-bbb4cc688-bwm7q 2/2 Running 0 1m
    kubeusr@GalaxyKubernetesMaster:~$ kubectl exec -it sleep-v1-5f6946dcf8-sf94h -c sleep bash

    bash-4.4# for i in `seq 10`;do http --body http://flaskapp/env/version;done  (进行10次调用)
    v1

    v2

    v1

    v1

    v2

    v1

    v2

    v1

    v2

    v1

     从上面的结果可以看出,v2和v1两种结果随机出现,大约各占一半。

      4.6 创建目标规则和默认路由

      接下来使用Istio来管理这两个服务的流量。

      定义一个名称为flaskapp的DestinationRule,它利Pod标签flaskapp服务分成两个subset, 分别命名为v1和v2.

    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: flaskapp
    spec:
      host: flaskapp
      subsets:
      - name: v1
        labels:
          version: v1
      - name: v2
        labels:
          version: v2

      XXXXXXXXXXXXXXXXXX:~$  kubectl apply -f flaskapp-destinationrule.yaml     # 部署到集群上

    destinationrule.networking.istio.io "flaskapp" created

      接下来,为flaskapp服务创建默认的路由规则,不论是否进行进一步的流量控制,都建议为网格中的服务创建默认的路由规则,以防止发生意料之外的路由规则。

       定义一个VirtualService对象,它负责接管对 “flaskapp”这一主机名的访问,将流量都转发到DestinationRule定义的v2 subset上。

    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: flaskapp-default-v2
    spec:
      hosts:
        - flaskapp
      http:
      - route:
        - destination:
            host: flaskapp
            subset: v2
    XXXXXXXXXXXXXXXXXXX:~$ kubectl apply -f flaskapp-default-vs-v2.yaml
    virtualservice.networking.istio.io "flaskapp-default-v2" created

     再次进入客户端Pod, 看看新定义的流量管理规则是否生效

    XXXXXXXXXXXXXXXXX:~$ kubectl exec -it sleep-v1-5f6946dcf8-sf94h -c sleep bash
    bash-4.4# for i in `seq 10`;do http --body http://flaskapp/env/version;done
    v2
    v2
    v2
    v2
    v2
    v2
    v2
    v2
    v2
    v2

        

  • 相关阅读:
    eclipse环境:把jdk1.6 改 jdk1.7或jdk1.8(改回也可以)(图文详解)
    SVN 将文件还原到之前的指定版本
    用起来很方便的枚举扩展类
    VS2015新功能
    EasyUi 动态列
    基于EasyUi的快速开发框架
    深圳某保险公司招聘职位列表
    考勤系统之计算工作小时数
    考勤系统之状态管理
    第一次裁员
  • 原文地址:https://www.cnblogs.com/liufei1983/p/10344310.html
Copyright © 2020-2023  润新知