第四章 istio快速入门(快速安装)
4.1 环境介绍
K8s 1.9 以上版本。
4.2 快速部署Istio
下载: https://github.com/istio/istio/releases/, 下载 1.1.0-snapshot.5/istio-1.1.0-snapshot.5-linux.tar.gz
1: wget https://github.com/istio/istio/releases/download/1.1.0-snapshot.5/istio-1.1.0-snapshot.5-linux.tar.gz
2: tar -xzvf istio-1.1.0-snapshot.5-linux.tar.gz
3: 将bin目录中的istioctl复制到一个PATH包含的路径中:
cp bin/istioctl /usr/local/bin
4: kubectl apply -f install/kubernetes/istio-demo.yaml
namespace "istio-system" created customresourcedefinition.apiextensions.k8s.io "virtualservices.networking.istio.io" created customresourcedefinition.apiextensions.k8s.io "destinationrules.networking.istio.io" created customresourcedefinition.apiextensions.k8s.io "serviceentries.networking.istio.io" created customresourcedefinition.apiextensions.k8s.io "gateways.networking.istio.io" created customresourcedefinition.apiextensions.k8s.io "envoyfilters.networking.istio.io" created customresourcedefinition.apiextensions.k8s.io "clusterrbacconfigs.rbac.istio.io" created customresourcedefinition.apiextensions.k8s.io "policies.authentication.istio.io" created customresourcedefinition.apiextensions.k8s.io "meshpolicies.authentication.istio.io" created customresourcedefinition.apiextensions.k8s.io "httpapispecbindings.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "httpapispecs.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "quotaspecbindings.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "quotaspecs.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "rules.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "attributemanifests.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "bypasses.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "circonuses.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "deniers.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "fluentds.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "kubernetesenvs.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "listcheckers.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "memquotas.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "noops.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "opas.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "prometheuses.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "rbacs.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "redisquotas.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "servicecontrols.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "signalfxs.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "solarwindses.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "stackdrivers.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "statsds.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "stdios.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "apikeys.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "authorizations.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "checknothings.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "kuberneteses.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "listentries.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "logentries.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "edges.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "metrics.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "quotas.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "reportnothings.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "servicecontrolreports.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "tracespans.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "rbacconfigs.rbac.istio.io" created customresourcedefinition.apiextensions.k8s.io "serviceroles.rbac.istio.io" created customresourcedefinition.apiextensions.k8s.io "servicerolebindings.rbac.istio.io" created customresourcedefinition.apiextensions.k8s.io "adapters.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "instances.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "templates.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "handlers.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "cloudwatches.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "dogstatsds.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "sidecars.networking.istio.io" created customresourcedefinition.apiextensions.k8s.io "clusterissuers.certmanager.k8s.io" created customresourcedefinition.apiextensions.k8s.io "issuers.certmanager.k8s.io" created customresourcedefinition.apiextensions.k8s.io "certificates.certmanager.k8s.io" created configmap "istio-galley-configuration" created configmap "istio-grafana-custom-resources" created configmap "istio-grafana-configuration-dashboards-galley-dashboard" created configmap "istio-grafana-configuration-dashboards-istio-mesh-dashboard" created configmap "istio-grafana-configuration-dashboards-istio-performance-dashboard" created configmap "istio-grafana-configuration-dashboards-istio-service-dashboard" created configmap "istio-grafana-configuration-dashboards-istio-workload-dashboard" created configmap "istio-grafana-configuration-dashboards-mixer-dashboard" created configmap "istio-grafana-configuration-dashboards-pilot-dashboard" created configmap "istio-grafana" created configmap "kiali" created configmap "prometheus" created configmap "istio-security-custom-resources" created configmap "istio" created configmap "istio-sidecar-injector" created serviceaccount "istio-galley-service-account" created serviceaccount "istio-egressgateway-service-account" created serviceaccount "istio-ingressgateway-service-account" created serviceaccount "istio-grafana-post-install-account" created clusterrole.rbac.authorization.k8s.io "istio-grafana-post-install-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-grafana-post-install-role-binding-istio-system" created job.batch "istio-grafana-post-install-1.1.0-snapshot.5" created serviceaccount "kiali-service-account" created serviceaccount "istio-mixer-service-account" created serviceaccount "istio-pilot-service-account" created serviceaccount "prometheus" created serviceaccount "istio-cleanup-secrets-service-account" created clusterrole.rbac.authorization.k8s.io "istio-cleanup-secrets-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-cleanup-secrets-istio-system" created job.batch "istio-cleanup-secrets-1.1.0-snapshot.5" created serviceaccount "istio-security-post-install-account" created clusterrole.rbac.authorization.k8s.io "istio-security-post-install-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-security-post-install-role-binding-istio-system" created job.batch "istio-security-post-install-1.1.0-snapshot.5" created serviceaccount "istio-citadel-service-account" created serviceaccount "istio-sidecar-injector-service-account" created clusterrole.rbac.authorization.k8s.io "istio-galley-istio-system" created clusterrole.rbac.authorization.k8s.io "istio-egressgateway-istio-system" created clusterrole.rbac.authorization.k8s.io "istio-ingressgateway-istio-system" created clusterrole.rbac.authorization.k8s.io "kiali" created clusterrole.rbac.authorization.k8s.io "istio-mixer-istio-system" created clusterrole.rbac.authorization.k8s.io "istio-pilot-istio-system" created clusterrole.rbac.authorization.k8s.io "prometheus-istio-system" created clusterrole.rbac.authorization.k8s.io "istio-citadel-istio-system" created clusterrole.rbac.authorization.k8s.io "istio-sidecar-injector-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-galley-admin-role-binding-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-egressgateway-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-ingressgateway-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-kiali-admin-role-binding-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-mixer-admin-role-binding-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-pilot-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "prometheus-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-citadel-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-sidecar-injector-admin-role-binding-istio-system" created role.rbac.authorization.k8s.io "istio-ingressgateway-sds" created rolebinding.rbac.authorization.k8s.io "istio-ingressgateway-sds" created service "istio-galley" created service "istio-egressgateway" created service "istio-ingressgateway" created service "grafana" created service "kiali" created service "istio-policy" created service "istio-telemetry" created service "istio-pilot" created service "prometheus" created service "istio-citadel" created service "servicegraph" created service "istio-sidecar-injector" created deployment.extensions "istio-galley" created deployment.extensions "istio-egressgateway" created deployment.extensions "istio-ingressgateway" created deployment.extensions "grafana" created deployment.extensions "kiali" created deployment.extensions "istio-policy" created deployment.extensions "istio-telemetry" created deployment.extensions "istio-pilot" created deployment.extensions "prometheus" created deployment.extensions "istio-citadel" created deployment.extensions "servicegraph" created deployment.extensions "istio-sidecar-injector" created deployment.extensions "istio-tracing" created horizontalpodautoscaler.autoscaling "istio-egressgateway" created horizontalpodautoscaler.autoscaling "istio-ingressgateway" created horizontalpodautoscaler.autoscaling "istio-policy" created horizontalpodautoscaler.autoscaling "istio-telemetry" created horizontalpodautoscaler.autoscaling "istio-pilot" created service "jaeger-query" created service "jaeger-collector" created service "jaeger-agent" created service "zipkin" created service "tracing" created mutatingwebhookconfiguration.admissionregistration.k8s.io "istio-sidecar-injector" created poddisruptionbudget.policy "istio-galley" created poddisruptionbudget.policy "istio-egressgateway" created poddisruptionbudget.policy "istio-ingressgateway" created poddisruptionbudget.policy "istio-policy" created poddisruptionbudget.policy "istio-telemetry" created poddisruptionbudget.policy "istio-pilot" created unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "attributemanifest" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "attributemanifest" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "handler" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "logentry" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "logentry" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "handler" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "handler" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "kubernetes" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "DestinationRule" in version "networking.istio.io/v1alpha3" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "DestinationRule" in version "networking.istio.io/v1alpha3"
5 运行 kubectl get pods -n istio-system -w 查看pod状态
NAME READY STATUS RESTARTS AGE grafana-f8467cc6-lkrfq 1/1 Running 0 7m istio-citadel-676c58584b-drnnm 1/1 Running 0 7m istio-cleanup-secrets-1.1.0-snapshot.5-hhwbl 0/1 Completed 0 7m istio-egressgateway-54477c6569-gk5bj 1/1 Running 0 7m istio-galley-58b7c6b6bb-8sqc2 1/1 Running 0 7m istio-grafana-post-install-1.1.0-snapshot.5-655cz 0/1 Completed 0 7m istio-ingressgateway-f6c4b779b-g8cpd 1/1 Running 0 7m istio-pilot-595d5949f8-rlv8f 2/2 Running 0 7m istio-policy-755cf49c4f-xwm64 2/2 Running 4 7m istio-security-post-install-1.1.0-snapshot.5-x6c6z 0/1 Completed 0 7m istio-sidecar-injector-6d7586f8cd-pntbg 1/1 Running 0 7m istio-telemetry-7c7ff645cf-dhk7w 2/2 Running 3 7m istio-tracing-6849759bc8-mhjjs 1/1 Running 0 7m kiali-7766b75767-p6ws6 0/1 CreateContainerConfigError 0 7m prometheus-849b9cddff-xf4f4 1/1 Running 0 7m servicegraph-655755f6c9-s7qtr 1/1 Running 0 7m
6 部署两个版本的服务
(服务的项目地址: https://github.com/fleeto/flaskapp)
flask.istio.yaml:
apiVersion: v1 kind: Service metadata: name: flaskapp labels: app: flaskapp spec: selector: app: flaskapp ports: - name: http port: 80 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: flaskapp-v1 spec: replicas: 1 template: metadata: labels: app: flaskapp version: v1 spec: containers: - name: flaskapp image: dustise/flaskapp imagePullPolicy: Always env: - name: version value: v1 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: flaskapp-v2 spec: replicas: 1 template: metadata: labels: app: flaskapp version: v2 spec: containers: - name: flaskapp image: dustise/flaskapp imagePullPolicy: Always env: - name: version value: v2
XXXXXXXXXXXXXX:~$ istioctl kube-inject -f flask.istio.yaml | kubectl apply -f - service "flaskapp" created deployment.extensions "flaskapp-v1" created deployment.extensions "flaskapp-v2" created
运行上面的命令,用istioctl kube-inject进行注入: 这个命令的作用是: 修改kubernetes Deployment, 在Pod中注入在前面提到的Sidecar容器,然后再用管道命令输出给kubectl, 提交到K8s集群。
~$ kubectl get pods NAME READY STATUS RESTARTS AGE flaskapp-v1-d94f5cd8d-7lbbf 2/2 Running 0 10m flaskapp-v2-86dfb8d97f-s9hgq 2/2 Running 0 10m
查看Pod详情:
XXXXXXXXXXXXXX:~$ kubectl describe po flaskapp-v1-d94f5cd8d-7lbbf
Name: flaskapp-v1-d94f5cd8d-7lbbf Namespace: default Node: galaxykubernetes01/9.37.138.215 Start Time: Fri, 01 Feb 2019 03:50:35 -0500 Labels: app=flaskapp pod-template-hash=850917848 version=v1 Annotations: sidecar.istio.io/status={"version":"84d7067e1bc34e8101e25667c84926d857e8d6ca3873a5dfd78345f405087030","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs... Status: Running IP: 10.244.4.174 Controlled By: ReplicaSet/flaskapp-v1-d94f5cd8d Init Containers: istio-init: Container ID: docker://cbb03a144c2a4d68b5d8a60562750073bdde9f59558b1c654d9348e8c5ab2b4d Image: docker.io/istio/proxy_init:1.1.0-snapshot.5 Image ID: docker-pullable://istio/proxy_init@sha256:817dde540690a8ead6f24acc1dfbef3b9cc18996943983d6688b510b8ccf1c77 Port: <none> Host Port: <none> Args: -p 15001 -u 1337 -m REDIRECT -i * -x -b -d 15020 State: Terminated Reason: Completed Exit Code: 0 Started: Fri, 01 Feb 2019 03:50:53 -0500 Finished: Fri, 01 Feb 2019 03:50:59 -0500 Ready: True Restart Count: 0 Limits: cpu: 10m memory: 10Mi Requests: cpu: 10m memory: 10Mi Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-qjj5t (ro) Containers: flaskapp: Container ID: docker://2e037f2213d58d2de0a4e3f7bd5e9b64fe30f8be41c1e15612d1308ee00aa50b Image: dustise/flaskapp Image ID: docker-pullable://dustise/flaskapp@sha256:fe21074376c36bb86358135f82c35ad40be99698ebd3cf277cbda1044308a255 Port: <none> Host Port: <none> State: Running Started: Fri, 01 Feb 2019 03:51:10 -0500 Ready: True Restart Count: 0 Environment: version: v1 Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-qjj5t (ro) istio-proxy: Container ID: docker://7935bf3e9599a330d19deaea242dbd58e941e72b02d9d02010cc001d1a4f3558 Image: docker.io/istio/proxyv2:1.1.0-snapshot.5 Image ID: docker-pullable://istio/proxyv2@sha256:2329bed32fde5d3ed0c4d3f7f0594e8258573226c50406e7d25d0298cd119685 Port: 15090/TCP Host Port: 0/TCP Args: proxy sidecar --domain $(POD_NAMESPACE).svc.cluster.local --configPath /etc/istio/proxy --binaryPath /usr/local/bin/envoy --serviceCluster flaskapp.default --drainDuration 45s --parentShutdownDuration 1m0s --discoveryAddress istio-pilot.istio-system:15010 --zipkinAddress zipkin.istio-system:9411 --connectTimeout 10s --proxyAdminPort 15000 --controlPlaneAuthPolicy NONE --statusPort 15020 --applicationPorts State: Running Started: Fri, 01 Feb 2019 03:51:25 -0500 Ready: True Restart Count: 0 Requests: cpu: 10m Readiness: http-get http://:15020/healthz/ready delay=1s timeout=1s period=2s #success=1 #failure=30 Environment: POD_NAME: flaskapp-v1-d94f5cd8d-7lbbf (v1:metadata.name) POD_NAMESPACE: default (v1:metadata.namespace) INSTANCE_IP: (v1:status.podIP) ISTIO_META_POD_NAME: flaskapp-v1-d94f5cd8d-7lbbf (v1:metadata.name) ISTIO_META_CONFIG_NAMESPACE: default (v1:metadata.namespace) ISTIO_META_INTERCEPTION_MODE: REDIRECT ISTIO_METAJSON_LABELS: {"app":"flaskapp","version":"v1"} Mounts: /etc/certs/ from istio-certs (ro) /etc/istio/proxy from istio-envoy (rw) /var/run/secrets/kubernetes.io/serviceaccount from default-token-qjj5t (ro) Conditions: Type Status Initialized True Ready True PodScheduled True Volumes: istio-envoy: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: Memory istio-certs: Type: Secret (a volume populated by a Secret) SecretName: istio.default Optional: true default-token-qjj5t: Type: Secret (a volume populated by a Secret) SecretName: default-token-qjj5t Optional: false QoS Class: Burstable Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 11m default-scheduler Successfully assigned flaskapp-v1-d94f5cd8d-7lbbf to galaxykubernetes01 Normal SuccessfulMountVolume 11m kubelet, galaxykubernetes01 MountVolume.SetUp succeeded for volume "istio-envoy" Normal SuccessfulMountVolume 11m kubelet, galaxykubernetes01 MountVolume.SetUp succeeded for volume "default-token-qjj5t" Normal SuccessfulMountVolume 11m kubelet, galaxykubernetes01 MountVolume.SetUp succeeded for volume "istio-certs" Normal Pulling 11m kubelet, galaxykubernetes01 pulling image "docker.io/istio/proxy_init:1.1.0-snapshot.5" Normal Pulled 11m kubelet, galaxykubernetes01 Successfully pulled image "docker.io/istio/proxy_init:1.1.0-snapshot.5" Normal Created 11m kubelet, galaxykubernetes01 Created container Normal Started 11m kubelet, galaxykubernetes01 Started container Normal Pulling 11m kubelet, galaxykubernetes01 pulling image "dustise/flaskapp" Normal Pulled 11m kubelet, galaxykubernetes01 Successfully pulled image "dustise/flaskapp" Normal Created 11m kubelet, galaxykubernetes01 Created container Normal Started 11m kubelet, galaxykubernetes01 Started container Normal Pulling 11m kubelet, galaxykubernetes01 pulling image "docker.io/istio/proxyv2:1.1.0-snapshot.5" Normal Pulled 10m kubelet, galaxykubernetes01 Successfully pulled image "docker.io/istio/proxyv2:1.1.0-snapshot.5" Normal Created 10m kubelet, galaxykubernetes01 Created container Normal Started 10m kubelet, galaxykubernetes01 Started container
从上面的详情看出,在这个Pod中多了一个容器, 名称是 istio-proxy, 这就是注入的结果。另外还有一个名是 istio-init的初始化容器,这个容器是用于初始化劫持的。
4.4 部署客户端服务
(客户端项目地址: https://github.com/fleeto/flaskapp)
apiVersion: v1 kind: Service metadata: name: sleep labels: app: sleep spec: selector: app: sleep ports: - name: ssh port: 80 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: sleep-v1 spec: replicas: 1 template: metadata: labels: app: sleep version: v1 spec: containers: - name: sleep image: dustise/sleep imagePullPolicy: Always --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: sleep-v2 spec: replicas: 1 template: metadata: labels: app: sleep version: v2 spec: containers: - name: sleep image: dustise/sleep imagePullPolicy: Always
没有service的Deployment是无法被Istio发现并进行操作的。
同样,对该文件进行注入,并提交到K8s上运行:
XXXXXXXXXXXXXX:~$ istioctl kube-inject -f sleep.yaml | kubectl apply -f - service "sleep" created deployment.extensions "sleep-v1" created deployment.extensions "sleep-v2" created
4.5 验证服务
通过kubectl exec -it 命令进入客户端Pod, 来测试flaskapp服务的具体表现。
XXXXXXXXXXXXXX:~$ kubectl get po
NAME READY STATUS RESTARTS AGE
flaskapp-v1-d94f5cd8d-7lbbf 2/2 Running 0 17h
flaskapp-v2-86dfb8d97f-s9hgq 2/2 Running 0 17h
sleep-v1-5f6946dcf8-sf94h 2/2 Running 0 1m
sleep-v2-bbb4cc688-bwm7q 2/2 Running 0 1m
kubeusr@GalaxyKubernetesMaster:~$ kubectl exec -it sleep-v1-5f6946dcf8-sf94h -c sleep bash
bash-4.4# for i in `seq 10`;do http --body http://flaskapp/env/version;done (进行10次调用)
v1
v2
v1
v1
v2
v1
v2
v1
v2
v1
从上面的结果可以看出,v2和v1两种结果随机出现,大约各占一半。
4.6 创建目标规则和默认路由
接下来使用Istio来管理这两个服务的流量。
定义一个名称为flaskapp的DestinationRule,它利用Pod标签把flaskapp服务分成两个subset, 分别命名为v1和v2.
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: flaskapp spec: host: flaskapp subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2
XXXXXXXXXXXXXXXXXX:~$ kubectl apply -f flaskapp-destinationrule.yaml # 部署到集群上
destinationrule.networking.istio.io "flaskapp" created
接下来,为flaskapp服务创建默认的路由规则,不论是否进行进一步的流量控制,都建议为网格中的服务创建默认的路由规则,以防止发生意料之外的路由规则。
定义一个VirtualService对象,它负责接管对 “flaskapp”这一主机名的访问,将流量都转发到DestinationRule定义的v2 subset上。
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: flaskapp-default-v2 spec: hosts: - flaskapp http: - route: - destination: host: flaskapp subset: v2
XXXXXXXXXXXXXXXXXXX:~$ kubectl apply -f flaskapp-default-vs-v2.yaml virtualservice.networking.istio.io "flaskapp-default-v2" created
再次进入客户端Pod, 看看新定义的流量管理规则是否生效
XXXXXXXXXXXXXXXXX:~$ kubectl exec -it sleep-v1-5f6946dcf8-sf94h -c sleep bash bash-4.4# for i in `seq 10`;do http --body http://flaskapp/env/version;done v2 v2 v2 v2 v2 v2 v2 v2 v2 v2
