istio-1.11.5 安装
安装
安装前先确认 istio 与 k8s 的版本支持情况
https://istio.io/latest/docs/releases/supported-releases/#support-status-of-istio-releases
mkdir -p /data/istio && cd /data/istio
# 安装 istio
wget --no-check-certificate https://github.com/istio/istio/releases/download/1.11.5/istio-1.11.5-linux-amd64.tar.gz
tar zxvf istio-1.11.5-linux-amd64.tar.gz
# 配置命令路径
vi ~/.bash_profile
ISTIOS=/data/istio/istio-1.11.5/bin
PATH=$PATH:$HOME/bin:$ISTIOS
source ~/.bash_profile
# 安装配置
cd /data/istio/istio-1.11.5/
istioctl install --set profile=demo -y
# 设置 default 命名空间自动注入
kubectl label namespace default istio-injection=enabled
# 获取 istio-ingressgateway 的 nodeport 地址
kubectl get svc istio-ingressgateway -n istio-system
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
echo "$GATEWAY_URL"
# 开启 kiali 监控
kubectl apply -f samples/addons
kubectl rollout status deployment/kiali -n istio-system
istioctl dashboard kiali --address=0.0.0.0
kubectl edit svc kiali -n -n istio-system # 类型改为 NodePort
其他操作
# 取消命名空间自动注入
kubectl get ns --show-labels
kubectl label namespace default istio-injection-
# 单个应用注入
kubectl apply -f <(istioctl kube-inject -f samples/httpbin/httpbin.yaml)
# 列出 istio DestinationRule, VirtualService, Gateway
kubectl get dr.networking.istio.io -A
kubectl get gw.networking.istio.io -A
kubectl get vs.networking.istio.io -A
例子
cat myapp-demo2.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp-svc
namespace: test
labels:
app: myapp
spec:
ports:
- port: 80
name: http
selector:
app: myapp-pod
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-v1
namespace: test
labels:
app: myapp-pod
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: myapp-pod
version: v1
template:
metadata:
labels:
app: myapp-pod
version: v1
spec:
containers:
- name: myapp-pod
image: ikubernetes/myapp:v1
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-v2
namespace: test
labels:
app: myapp-pod
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: myapp-pod
version: v2
template:
metadata:
labels:
app: myapp-pod
version: v2
spec:
containers:
- name: myapp-pod
image: ikubernetes/myapp:v2
ports:
- containerPort: 80
kubectl apply -f myapp-demo2.yaml
cat gw-vs-dr.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: myapp-gateway
namespace: test
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: myapp-vs
namespace: test
spec:
hosts:
- "*"
gateways:
- myapp-gateway # 名字与上面定义的Gateway一致
http:
- match:
- uri:
prefix: /
route:
- destination:
host: myapp-svc.test.svc.cluster.local # 指定 K8S 中的 svc 资源名字
subset: v1
port:
number: 80
weight: 90
- destination:
host: myapp-svc.test.svc.cluster.local # 指定 K8S 中的 svc 资源名字
subset: v2
port:
number: 80
weight: 10
---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: myapp-dr
namespace: test
spec:
host: myapp-svc.test.svc.cluster.local # 指定 K8S 中的 svc 资源名字
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
kubectl apply -f gw-vs-dr.yaml
v1 版本与 v2 版本的比例大约为 9:1
参考
https://istio.io/latest/docs/releases/supported-releases/#support-status-of-istio-releases
https://istio.io/latest/docs/setup/getting-started/
https://istio.io/latest/docs/tasks/traffic-management/ingress/kubernetes-ingress/
浙公网安备 33010602011771号