安装Istio及基础用法

  1. 下载istio
curl -L https://istio.io/downloadIstio | sh

创建符号链接

ln -sv istio-1.14.1 istio
ln -sv /root/istio/bin/istioctl /usr/local/bin/istioctl

查看版本

istioctl version

列出istio配置文件

istioctl profile list

  default:生产可用

  demo:测试环境

 

部署

istioctl install --set profile=demo

第二种部署方法并检查,二次修改后进行部署(两种方法自己选择)

istioctl profile dump demo >/root/istio-profiles/demo.yaml
vim /root/istio-profiles/demo.yaml  #根据自己的需求修改
istioctl apply -f /root/istio-profiles/demo.yaml -y

istioctl verify-install -f /root/istio-profiles/demo.yaml

再次查看version多了数据平面和控制平面

 

 查看istio的pod、svc

手动添加外部ip

kubectl edit svc istio-ingressgateway  -n istio-system

在查看svc

打标签 允许自动注入

 kubectl label namespace default istio-injection=enabled

 

 运行一个容器尝试一下

kubectl run client-$RANDOM --image=ikubernetes/admin-box:v1.2 --restart=Never -it --rm --command -- /bin/bash

查看下第二个容器

kubectl get pods -o yaml

   

安装istio插件

cd istio

 kubectl apply -f samples/addons/

 

创建sleep pod

[root@master 01-demoapp-v10]# kubectl apply -f /usr/local/istio/samples/sleep/sleep.yaml 

创建demoapp v10

[root@master 01-demoapp-v10]# git clone https://github.com/iKubernetes/istio-in-practise.git
[root@master 01-demoapp-v10]# /root/istio-in-practise/Traffic-Management-Basics/ms-demo/01-demoapp-v10
[root@master 01-demoapp-v10]# kubectl apply -f deploy-demoapp.yaml 
deployment.apps/demoappv10 created
service/demoappv10 created
[root@master 01-demoapp-v10]# kubectl get pods 
NAME                          READY   STATUS    RESTARTS   AGE
demoappv10-85cf87cdb4-2gg6q   2/2     Running   0          32m
demoappv10-85cf87cdb4-v5pz9   2/2     Running   0          32m
demoappv10-85cf87cdb4-wfh5r   2/2     Running   0          32m
sleep-78ff5975c6-m2dr8        2/2     Running   0          30m

访问测试

[root@master 01-demoapp-v10]# kubectl exec -it sleep-78ff5975c6-m2dr8 -- /bin/sh
/ $ 
/ $ 
/ $ 
/ $ curl demoappv10:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-85cf87cdb4-2gg6q, ServerIP: 10.244.104.7!
/ $ curl demoappv10:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-85cf87cdb4-v5pz9, ServerIP: 10.244.166.159!
/ $ curl demoappv10:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-85cf87cdb4-wfh5r, ServerIP: 10.244.104.24!
/ $ curl demoappv10:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-85cf87cdb4-2gg6q, ServerIP: 10.244.104.7!

 查看网格中每个Envoy的同步状态 SYNCED表示同步完成了

[root@master 01-demoapp-v10]# istioctl proxy-status
NAME                                                   CLUSTER        CDS        LDS        EDS        RDS          ECDS         ISTIOD                      VERSION
demoappv10-85cf87cdb4-2gg6q.default                    Kubernetes     SYNCED     SYNCED     SYNCED     SYNCED       NOT SENT     istiod-58c6454c57-5dkp9     1.14.1
demoappv10-85cf87cdb4-v5pz9.default                    Kubernetes     SYNCED     SYNCED     SYNCED     SYNCED       NOT SENT     istiod-58c6454c57-5dkp9     1.14.1
demoappv10-85cf87cdb4-wfh5r.default                    Kubernetes     SYNCED     SYNCED     SYNCED     SYNCED       NOT SENT     istiod-58c6454c57-5dkp9     1.14.1
istio-egressgateway-5bdd756dfd-wzfcn.istio-system      Kubernetes     SYNCED     SYNCED     SYNCED     NOT SENT     NOT SENT     istiod-58c6454c57-5dkp9     1.14.1
istio-ingressgateway-67f7b5f88d-5stjr.istio-system     Kubernetes     SYNCED     SYNCED     SYNCED     NOT SENT     NOT SENT     istiod-58c6454c57-5dkp9     1.14.1
sleep-78ff5975c6-m2dr8.default                         Kubernetes     SYNCED     SYNCED     SYNCED     SYNCED       NOT SENT     istiod-58c6454c57-5dkp9     1.14.1

查看istio侦听器

[root@master 01-demoapp-v10]# istioctl proxy-config listeners sleep-78ff5975c6-m2dr8

查看侦听器8080被路由给谁了

[root@master 01-demoapp-v10]# istioctl proxy-config route sleep-78ff5975c6-m2dr8

查看路由到的集群

[root@master 01-demoapp-v10]# istioctl proxy-config clusters sleep-78ff5975c6-m2dr8

查看后端端点

[root@master 01-demoapp-v10]# istioctl proxy-config endpoints sleep-78ff5975c6-m2dr8 | grep demoapp
10.244.104.24:8080                                      HEALTHY     OK                outbound|8080||demoappv10.default.svc.cluster.local
10.244.104.7:8080                                       HEALTHY     OK                outbound|8080||demoappv10.default.svc.cluster.local
10.244.166.159:8080                                     HEALTHY     OK                outbound|8080||demoappv10.default.svc.cluster.local

创建一个gateway,istio-ingressgatewa多了一个8080端口的侦听器,就是我们新创建的gateway生成的  注意:80端口会默认显示为8080端口

[root@master 04-proxy-gateway]# cat /tmp/gateway-demoapp.yaml 
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: demoapp-gateway
  namespace: istio-system        # 要指定为ingress gateway pod所在名称空间
spec:
  selector:
    app: istio-ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "demoapp.yang.com"
[root@master 04-proxy-gateway]# kubectl apply -f /tmp/gateway-demoapp.yaml 
gateway.networking.istio.io/demoapp-gateway created
[root@master 04-proxy-gateway]# kubectl get gw -n istio-system
NAME              AGE
demoapp-gateway   11s
[root@master 04-proxy-gateway]# kubectl get pods -n istio-system
NAME                                    READY   STATUS    RESTARTS      AGE
grafana-56bdf8bf85-jh7bg                1/1     Running   1 (12h ago)   15h
istio-egressgateway-5bdd756dfd-wzfcn    1/1     Running   1 (12h ago)   17h
istio-ingressgateway-67f7b5f88d-5stjr   1/1     Running   1 (12h ago)   17h
istiod-58c6454c57-5dkp9                 1/1     Running   2 (12h ago)   17h
jaeger-c4fdf6674-tk9bj                  1/1     Running   1 (12h ago)   15h
kiali-5ff49b9f69-q5nb9                  1/1     Running   1 (12h ago)   15h
prometheus-85949fddb-jwngv              2/2     Running   2 (12h ago)   15h
[root@master 04-proxy-gateway]# istioctl pc listeners istio-ingressgateway-67f7b5f88d-5stjr.istio-system
ADDRESS PORT  MATCH DESTINATION
0.0.0.0 8080  ALL   Route: http.8080
0.0.0.0 15021 ALL   Inline Route: /healthz/ready*
0.0.0.0 15090 ALL   Inline Route: /stats/prometheus*
[root@master tmp]# kubectl describe svc istio-ingressgateway  -n istio-system

在创建一个kiali的gateway

[root@master tmp]# kubectl apply -f kiali-gateway.yaml 
gateway.networking.istio.io/kiali-gateway created
[root@master tmp]# cat kiali-gateway.yaml 
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: kiali-gateway
  namespace: istio-system        # 要指定为ingress gateway pod所在名称空间
spec:
  selector:
    app: istio-ingressgateway
  servers:
  - port:
      number: 20001
      name: http
      protocol: HTTP
    hosts:
    - "kiali.yang.com"
[root@master tmp]# istioctl pc listeners istio-ingressgateway-67f7b5f88d-5stjr.istio-system
ADDRESS PORT  MATCH DESTINATION
0.0.0.0 8080  ALL   Route: http.8080
0.0.0.0 15021 ALL   Inline Route: /healthz/ready*
0.0.0.0 15090 ALL   Inline Route: /stats/prometheus*
0.0.0.0 20001 ALL   Route: http.20001

 创建一个virtualservice,将网关上主机头为demoapp.yang.com目标的流量,将其转到网格内部 default下的demoappv10

[root@master tmp]# kubectl apply -f virtualservice-demoapp.yaml 
virtualservice.networking.istio.io/demoapp created
[root@master tmp]# cat virtualservice-demoapp.yaml 
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: demoapp
spec:
  hosts:
  - "demoapp.yang.com"                     # 对应于gateways/demoapp-gateway
  gateways:
  - istio-system/demoapp-gateway       # 相关定义仅应用于Ingress Gateway上
  #- mesh
  http:
  - name: default
    route:
    - destination:
        host: demoappv10
[root@master tmp]# kubectl get vs
NAME      GATEWAYS                           HOSTS                  AGE
demoapp   ["istio-system/demoapp-gateway"]   ["demoapp.yang.com"]   2m59s
#可以看到8080端口DOMAINSdemoapp.yang.com已经路由到VIRTUAL SERVICE已经到demoapp.default了
[root@master tmp]# istioctl pc routes istio-ingressgateway-67f7b5f88d-5stjr.istio-system
NAME           DOMAINS              MATCH                  VIRTUAL SERVICE
http.8080      demoapp.yang.com     /*                     demoapp.default
http.20001     *                    /*                     404
               *                    /healthz/ready*        
               *                    /stats/prometheus*  

做好本地域名解析直接浏览器访问,这样就把网格内部的服务发布到集群外了。

创建一个destinationrule

[root@master tmp]# kubectl apply -f destinationrule-demoapp.yaml 
destinationrule.networking.istio.io/demoapp created
[root@master tmp]# cat destinationrule-demoapp.yaml 
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: demoapp
spec:
  host: demoappv10            #必须为后端SVC服务名
  trafficPolicy:
    loadBalancer:
      simple: LEAST_CONN      #负载均衡算法
[root@master tmp]# kubectl get dr
NAME      HOST         AGE
demoapp   demoappv10   7s

可以看到 demoappv10.default.svc.cluster.local已经有了DESTNATION RULE规则了

[root@master tmp]# istioctl pc cluster sleep-78ff5975c6-m2dr8 
SERVICE FQDN                                            PORT      SUBSET     DIRECTION     TYPE             DESTINATION RULE
                                                        80        -          inbound       ORIGINAL_DST     
BlackHoleCluster                                        -         -          -             STATIC           
InboundPassthroughClusterIpv4                           -         -          -             ORIGINAL_DST     
PassthroughCluster                                      -         -          -             ORIGINAL_DST     
agent                                                   -         -          -             STATIC           
demoappv10.default.svc.cluster.local                    8080      -          outbound      EDS              demoapp.default
grafana.istio-system.svc.cluster.local                  3000      -          outbound      EDS              
istio-egressgateway.istio-system.svc.cluster.local      80        -          outbound      EDS              
istio-egressgateway.istio-system.svc.cluster.local      443       -          outbound      EDS              
istio-ingressgateway.istio-system.svc.cluster.local     80        -          outbound      EDS              
istio-ingressgateway.istio-system.svc.cluster.local     443       -          outbound      EDS              
istio-ingressgateway.istio-system.svc.cluster.local     15021     -          outbound      EDS              
istio-ingressgateway.istio-system.svc.cluster.local     15443     -          outbound      EDS              
istio-ingressgateway.istio-system.svc.cluster.local     31400     -          outbound      EDS              
istiod.istio-system.svc.cluster.local                   443       -          outbound      EDS              
istiod.istio-system.svc.cluster.local                   15010     -          outbound      EDS              
istiod.istio-system.svc.cluster.local                   15012     -          outbound      EDS              
istiod.istio-system.svc.cluster.local                   15014     -          outbound      EDS              
jaeger-collector.istio-system.svc.cluster.local         9411      -          outbound      EDS              
jaeger-collector.istio-system.svc.cluster.local         14250     -          outbound      EDS              
jaeger-collector.istio-system.svc.cluster.local         14268     -          outbound      EDS              
kiali.istio-system.svc.cluster.local                    9090      -          outbound      EDS              
kiali.istio-system.svc.cluster.local                    20001     -          outbound      EDS              
kube-dns.kube-system.svc.cluster.local                  53        -          outbound      EDS              
kube-dns.kube-system.svc.cluster.local                  9153      -          outbound      EDS              
kubelet.kube-system.svc.cluster.local                   4194      -          outbound      ORIGINAL_DST     
kubelet.kube-system.svc.cluster.local                   10250     -          outbound      ORIGINAL_DST     
kubelet.kube-system.svc.cluster.local                   10255     -          outbound      ORIGINAL_DST     
kubernetes.default.svc.cluster.local                    443       -          outbound      EDS              
prometheus.istio-system.svc.cluster.local               9090      -          outbound      EDS              
prometheus_stats                                        -         -          -             STATIC           
sds-grpc                                                -         -          -             STATIC           
sleep.default.svc.cluster.local                         80        -          outbound      EDS              
tracing.istio-system.svc.cluster.local                  80        -          outbound      EDS              
tracing.istio-system.svc.cluster.local                  16685     -          outbound      EDS              
xds-grpc                                                -         -          -             STATIC           
zipkin                                                  -         -          -             STRICT_DNS       
zipkin.istio-system.svc.cluster.local                   9411      -          outbound      EDS              
[root@master tmp]# istioctl pc clusters --fqdn demoappv10.default.svc.cluster.local sleep-78ff5975c6-m2dr8
SERVICE FQDN                             PORT     SUBSET     DIRECTION     TYPE     DESTINATION RULE
demoappv10.default.svc.cluster.local     8080     -          outbound      EDS      demoapp.default

查看创建的负载均衡规则

下载马哥的相关代码 ,并创建kiali

git clone https://github.com/iKubernetes/istio-in-practise.git
cd istio-in-practise/Traffic-Management-Basics
kubectl apply -f kiali-port-80/

 在自己本地的hosts文件添加解析

10.211.55.23    kiail.magedu.com

直接浏览器访问 kiail.magedu.com

 

部署bookinfo 

 kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml 

 

创建客户端

 kubectl apply -f samples/sleep/sleep.yaml

 

 进入到sleep中直接productpage

 

将 productpage开放外部访问

 kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

直接浏览器访问外部IP

 

 模拟持续访问

 while true; do elinks --dump 10.211.55.24/productpage; sleep 0.$RANDOM; done

回到kiali查看采集信息

创建destination-rule

kubectl apply -f samples/bookinfo/networking/destination-rule-all.yaml

创建访问v1的定义

kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml

 

创建v2规则

kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml

直接访问web是不带星的版本

 

 登陆jason访问是带星的版本

 

 再次查看kiali也访问到了v2

 

部署档案:profile

        istioctl apply/install --set profile=<PROFILE> --set ...

        istioctl profile dump <NAME>  > /path/to/profile.yaml

        istioctl apply/install -f /path/to/profile.yaml

        部署在istio-system名称空间下
            控制平面的名称空间,服务网格的root namespace

        istioctl x uninstall --purge:卸载控制平面组件

        调整网格级别控制平面的配置:支持基于已经部署调整配置

            istioctl apply/install

        部署档案对应存在Kubernetes原生格式的资源配置:

            istioctl manifest generate --set profile=demo | kubectl apply -f -
posted @ 2022-07-19 15:39  Maniana  阅读(200)  评论(0编辑  收藏  举报