安装
[root@master ~]# wget https://github.com/istio/istio/releases/download/1.1.5/istio-1.1.5-linux.tar.gz[root@master ~]# tar -zxvf istio-1.1.5-linux.tar.gz[root@master ~]# cd istio-1.1.5
安装所有Istio自定义资源定义
[root@master istio-1.1.5]# for i in install/kubernetes/helm/istio-init/files/crd*yaml; do kubectl apply -f $i; done[root@master istio-1.1.5]# kubectl apply -f install/kubernetes/istio-demo.yaml[root@master istio-1.1.5]# kubectl get svc -n istio-systemNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEgrafana ClusterIP 10.105.112.216 <none> 3000/TCP 19sistio-citadel ClusterIP 10.104.129.126 <none> 8060/TCP,15014/TCP 19sistio-egressgateway ClusterIP 10.96.68.169 <none> 80/TCP,443/TCP,15443/TCP 19sistio-galley ClusterIP 10.101.195.214 <none> 443/TCP,15014/TCP,9901/TCP 19sistio-ingressgateway LoadBalancer 10.102.30.240 <pending> 15020:31109/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32481/TCP,15030:30697/TCP,15031:32508/TCP,15032:31496/TCP,15443:30329/TCP 19sistio-pilot ClusterIP 10.105.128.66 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 19sistio-policy ClusterIP 10.97.159.124 <none> 9091/TCP,15004/TCP,15014/TCP 19sistio-sidecar-injector ClusterIP 10.99.226.143 <none> 443/TCP 19sistio-telemetry ClusterIP 10.109.97.180 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 19sjaeger-agent ClusterIP None <none> 5775/UDP,6831/UDP,6832/UDP 19sjaeger-collector ClusterIP 10.96.209.196 <none> 14267/TCP,14268/TCP 19sjaeger-query ClusterIP 10.110.178.26 <none> 16686/TCP 19skiali ClusterIP 10.103.103.154 <none> 20001/TCP 19sprometheus ClusterIP 10.102.6.211 <none> 9090/TCP 19stracing ClusterIP 10.110.154.208 <none> 80/TCP 19szipkin ClusterIP 10.98.186.181 <none> 9411/TCP
当前 EXTERNAL-IP 处于 pending 状态,我们目前的环境并没有可用于Istio Ingress Gateway外部的负载均衡器,为了使得可以从外部访问,通过修改 istio-ingressgateway 这个Service的externalIps,以为当前Kubernetes集群的kube-proxy启用了ipvs,所以这个指定一个VIP 10.0.1.111作为externalIp。也可以把externalIp改为clusterIP
[root@master istio-1.1.5]# kubectl edit svc istio-ingressgateway -n istio-system......spec: externalIPs: - 10.0.1.111......//再次查看[root@master istio-1.1.5]# kubectl get svc istio-ingressgateway -n istio-systemNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEistio-ingressgateway LoadBalancer 10.102.30.240 10.0.1.111 15020:31109/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32481/TCP,15030:30697/TCP,15031:32508/TCP,15032:31496/TCP,15443:30329/TCP 7m54s[root@master istio-1.1.5]# kubectl label namespace default istio-injection=enabled //为需要自动注入sidecar的namespace打label[root@master istio-1.1.5]# kubectl get namespace -L istio-systemNAME STATUS AGE ISTIO-SYSTEMdefault Active 13d enabledistio-system Active 22m kube-node-lease Active 13d kube-public Active 13d kube-system Active 13d
部署案例
[root@master istio-1.1.5]# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yamlservice/details createddeployment.extensions/details-v1 createdservice/ratings createddeployment.extensions/ratings-v1 createdservice/reviews createddeployment.extensions/reviews-v1 createddeployment.extensions/reviews-v2 createddeployment.extensions/reviews-v3 createdservice/productpage createddeployment.extensions/productpage-v1 created[root@master istio-1.1.5]# kubectl get svcNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdetails ClusterIP 10.106.209.133 <none> 9080/TCP 84skubernetes ClusterIP 10.96.0.1 <none> 443/TCP 13dproductpage ClusterIP 10.96.27.39 <none> 9080/TCP 84sratings ClusterIP 10.109.45.236 <none> 9080/TCP 84sreviews ClusterIP 10.102.249.50 <none> 9080/TCP 84s[root@master istio-1.1.5]# kubectl get podsNAME READY STATUS RESTARTS AGEdetails-v1-79c6548b59-d8448 1/1 Running 0 3m1sproductpage-v1-95d579cd5-62s8v 1/1 Running 0 3m1sratings-v1-7665579b75-jjvv7 1/1 Running 0 3m1sreviews-v1-67446f7d9b-hrhbj 1/1 Running 0 3m1sreviews-v2-6bc7b4f678-vhjwh 1/1 Running 0 3m1sreviews-v3-59b5b6948-sxxhj 1/1 Running 0 3m1s[root@master istio-1.1.5]# kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath=‘{.items[0].metadata.name}‘) -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"<title>Simple Bookstore App</title>
使用Istio Gateway接入集群外部流量
现在Bookinfo服务已启动并运行,您需要从Kubernetes集群外部访问应用程序,例如,从浏览器访问。一个Istio网关 用于此目的。
1.为应用程序定义入口网关:
[root@master istio-1.1.5]# kubectl apply -f samples/bookinfo/networking/destination-rule-all.yaml //此处不能楼,不然http://NodeIP:31380/productpage访问不了[root@master istio-1.1.5]# kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yamlgateway.networking.istio.io/bookinfo-gateway createdvirtualservice.networking.istio.io/bookinfo created[root@master istio-1.1.5]# kubectl get gatewayNAME AGEbookinfo-gateway 22s[root@master istio-1.1.5]# kubectl get gateway bookinfo-gateway -o yamlapiVersion: networking.istio.io/v1alpha3kind: Gatewaymetadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"networking.istio.io/v1alpha3","kind":"Gateway","metadata":{"annotations":{},"name":"bookinfo-gateway","namespace":"default"},"spec":{"selector":{"istio":"ingressgateway"},"servers":[{"hosts":["istio.haipai.com"],"port":{"name":"http","number":80,"protocol":"HTTP"}}]}} creationTimestamp: "2019-05-24T09:03:51Z" generation: 1 name: bookinfo-gateway namespace: default resourceVersion: "1649570" selfLink: /apis/networking.istio.io/v1alpha3/namespaces/default/gateways/bookinfo-gateway uid: d93469d6-7e02-11e9-9cfc-fa163ec472b0spec: selector: istio: ingressgateway servers: - hosts: - istio.haipai.com port: name: http number: 80 protocol: HTTP[root@master istio-1.1.5]# kubectl get VirtualService -o wideNAME GATEWAYS HOSTS AGEbookinfo [bookinfo-gateway] [*] 4m51s
浏览器访问http://NodeIP:31380/productpage
然后创建v3的再去浏览器刷新几次就会发现有红有黑
[root@master istio-1.1.5]# kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-v3.yaml virtualservice.networking.istio.io/reviews created
我们再建一个virtual-service-reviews-jason-v2-v3.yaml此service不登陆的话默认转发到v3(红色),登陆就转发到v2(黑色)
[root@master istio-1.1.5]# ls samples/bookinfo/networking/bookinfo-gateway.yaml virtual-service-all-v1.yaml virtual-service-reviews-80-20.yamlcertmanager-gateway.yaml virtual-service-details-v2.yaml virtual-service-reviews-90-10.yamldestination-rule-all-mtls.yaml virtual-service-ratings-db.yaml virtual-service-reviews-jason-v2-v3.yamldestination-rule-all.yaml virtual-service-ratings-mysql-vm.yaml virtual-service-reviews-test-v2.yamldestination-rule-reviews.yaml virtual-service-ratings-mysql.yaml virtual-service-reviews-v2-v3.yamlegress-rule-google-apis.yaml virtual-service-ratings-test-abort.yaml virtual-service-reviews-v3.yamlfault-injection-details-v1.yaml virtual-service-ratings-test-delay.yamlROUTING_RULE_MIGRATION.md virtual-service-reviews-50-v3.yaml[root@master istio-1.1.5]# kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yamlvirtualservice.networking.istio.io/reviews configured
//此时不登陆刷新都是红色,登陆用户jason,密码jason刷新都是黑色