Istio 例子(采用API Gateway + Sidecar Proxy作为服务网格的流量入口)

由于API Gateway已经具备七层网关的功能,Mesh Ingress中的Sidecar只需要提供VirtualService资源的路由能力,并不需要提供Gateway资源的网关能力,因此采用Sidecar Proxy即可。网络入口处的Sidecar Proxy和网格内部应用Pod中Sidecar Proxy的唯一一点区别是:该Sidecar只接管API Gateway向Mesh内部的流量,并不接管外部流向API Gateway的流量;而应用Pod中的Sidecar需要接管进入应用的所有流量。

注意:在实际部署时,API Gateway前端需要采用NodePort和LoadBalancer提供外部流量入口。这里 API GateWay 需要注入 Istio ~

创建应用

vi myapp-demo.yaml 

apiVersion: v1
kind: Service
metadata:
  name: myapp-svc
spec:
  ports:
  - port: 80
    name: http
  selector:
    app: myapp-pod
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-v1
  labels:
    app: myapp-pod
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: myapp-pod
      version: v1
  template:
    metadata:
      labels:
        app: myapp-pod
        version: v1
    spec:
      containers:
      - name: myapp-pod
        image: ikubernetes/myapp:v1
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-v2
  labels:
    app: myapp-pod
    version: v2
spec:
  replicas: 1
  selector:
    matchLabels:
      app: myapp-pod
      version: v2
  template:
    metadata:
      labels:
        app: myapp-pod
        version: v2
    spec:
      containers:
      - name: myapp-pod
        image: ikubernetes/myapp:v2

kubectl apply -f myapp-demo.yaml 

# 检查 
kubectl get pod,svc

# 创建 VirtualService 和 DestinationRule
vi myapp-vsdr.yaml 

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myapp-vs
spec:
  hosts:
  - myapp-svc                      # 在这个例子中 hosts 需要与下面的 host 值一致
  http:
  - route:
    - destination:
        subset: v1
        host: myapp-svc            # 指定 K8S 中的 svc 资源名字
      weight: 90
    - destination:
        subset: v2
        host: myapp-svc            # 指定 K8S 中的 svc 资源名字
      weight: 10
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: myapp-dr
spec:
  host: myapp-svc                  # 指定 K8S 中的 svc 资源名字
  subsets:
  - labels:
      version: v1
    name: v1
  - labels:
      version: v2
    name: v2

kubectl apply -f myapp-vsdr.yaml

# 检查 
kubectl get vs,dr

因为没有 API gateway, 所以创建一个容器使用 curl 来进行测试

vi curl.yaml 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: curl
spec:
  replicas: 1
  selector:
    matchLabels:
      app: curl
  template:
    metadata:
      labels:
        app: curl
    spec:
      containers:
      - name: curl
        image: appropriate/curl
        command:
        - "/bin/sh"
        - "-c"
        - "sleep 3600"

kubectl apply -f curl.yaml

kubectl get pod |grep curl
curl-6d57cddc64-kxrpx         2/2     Running   0          14m

# 进入容器,测试
kubectl exec -it curl-6d57cddc64-kxrpx /bin/sh

curl myapp-svc
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

curl myapp-svc
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

curl myapp.com
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>

curl myapp.com
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
posted @ 2020-11-05 17:46  klvchen  阅读(914)  评论(0编辑  收藏  举报