istio部署demoapp应用 (十四)sidecar
创建client
~# kubectl run client --image=ikubernetes/admin-box -it --rm --restart=Never --command -- /bin/sh
If you don't see a command prompt, try pressing enter.
root@client #
查看pod
# kubectl get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
client 2/2 Running 0 30s run=client,security.istio.io/tlsMode=istio,service.istio.io/canonical-name=client,service.istio.io/canonical-revision=latest
demoappv10-78b6586d58-7jm25 2/2 Running 0 30m app=demoapp,pod-template-hash=78b6586d58,security.istio.io/tlsMode=istio,service.istio.io/canonical-name=demoapp,service.istio.io/canonical-revision=v1.0,version=v1.0
demoappv10-78b6586d58-jmjrs 2/2 Running 0 30m app=demoapp,pod-template-hash=78b6586d58,security.istio.io/tlsMode=istio,service.istio.io/canonical-name=demoapp,service.istio.io/canonical-revision=v1.0,version=v1.0
demoappv11-78bf898c74-5r78m 2/2 Running 0 30m app=demoapp,pod-template-hash=78bf898c74,security.istio.io/tlsMode=istio,service.istio.io/canonical-name=demoapp,service.istio.io/canonical-revision=v1.1,version=v1.1
demoappv11-78bf898c74-f6xzm 2/2 Running 0 30m app=demoapp,pod-template-hash=78bf898c74,security.istio.io/tlsMode=istio,service.istio.io/canonical-name=demoapp,service.istio.io/canonical-revision=v1.1,version=v1.1
proxy-649b4d887d-g6bnm 2/2 Running 0 28m app=proxy,pod-template-hash=649b4d887d,security.istio.io/tlsMode=istio,service.istio.io/canonical-name=proxy,service.istio.io/canonical-revision=latest
查看svc
~# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
demoapp ClusterIP 10.100.127.199 <none> 8080/TCP 46m
kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 18d
proxy ClusterIP 10.100.229.205 <none> 80/TCP 44m
查看listeners
~# kubectl exec -it client -c istio-proxy -- pilot-agent request GET /listeners
42ebe263-b277-409b-83a9-c66c184e710e::0.0.0.0:15090
5182c664-4c5a-4407-8a89-2b762113de65::0.0.0.0:15021
10.100.0.2_53::10.100.0.2:53
10.100.149.76_15012::10.100.149.76:15012
10.100.121.95_443::10.100.121.95:443
10.100.145.112_15443::10.100.145.112:15443
10.100.0.1_443::10.100.0.1:443
10.100.145.112_443::10.100.145.112:443
10.100.145.112_31400::10.100.145.112:31400
10.100.149.76_443::10.100.149.76:443
0.0.0.0_80::0.0.0.0:80
0.0.0.0_9090::0.0.0.0:9090
0.0.0.0_8080::0.0.0.0:8080
10.100.0.2_9153::10.100.0.2:9153
10.100.107.86_443::10.100.107.86:443
0.0.0.0_15014::0.0.0.0:15014
10.100.145.112_15021::10.100.145.112:15021
0.0.0.0_16685::0.0.0.0:16685
10.100.126.122_14268::10.100.126.122:14268
10.100.128.238_8000::10.100.128.238:8000
0.0.0.0_15010::0.0.0.0:15010
0.0.0.0_20001::0.0.0.0:20001
10.100.126.122_14250::10.100.126.122:14250
0.0.0.0_9411::0.0.0.0:9411
10.100.162.68_3000::10.100.162.68:3000
virtualOutbound::0.0.0.0:15001
virtualInbound::0.0.0.0:15006
创建sidecar
sidecar-demo.yaml
apiVersion: networking.istio.io/v1beta1
kind: Sidecar
metadata:
name: client
namespace: default
spec:
workloadSelector:
labels:
run: client
outboundTrafficPolicy:
# mode: REGISTRY_ONLY
mode: ALLOW_ANY
egress:
- port:
number: 8080
protocol: HTTP
name: demoapp
hosts:
- "./*"
or
apiVersion: networking.istio.io/v1beta1
kind: Sidecar
metadata:
name: client
namespace: default
spec:
workloadSelector:
labels:
run: client
outboundTrafficPolicy:
mode: REGISTRY_ONLY
#mode: ALLOW_ANY
egress:
- port:
number: 8080
protocol: HTTP
name: demoapp
hosts:
- "./*"
- port:
number: 80
protocol: HTTP
name: proxy
hosts:
- "./*"
创建sidecar资源
# kubectl apply -f sidecar-demo.yaml
sidecar.networking.istio.io/proxy created
查看sidecar资源
# kubectl get sidecar
NAME AGE
client 52s
查看proxy pod listeners
~# kubectl exec -it client -c istio-proxy -- pilot-agent request GET /listeners
42ebe263-b277-409b-83a9-c66c184e710e::0.0.0.0:15090
5182c664-4c5a-4407-8a89-2b762113de65::0.0.0.0:15021
0.0.0.0_8080::0.0.0.0:8080
virtualOutbound::0.0.0.0:15001
virtualInbound::0.0.0.0:15006
# 0.0.0.0_80::0.0.0.0:80
访问demoapp
root@client # while true;do curl demoapp:8080;curl proxy ; sleep 0.5 ;done
查看kiali
参考文档
https://istio.io/latest/zh/docs/reference/config/networking/sidecar/