一. Istio 是什么
Istio 提供一种简单的方式来为已部署的服务建立网络,该网络具有负载均衡、服务间认证、监控等功能,而不需要对服务的代码做任何改动。istio 适用于容器或虚拟机环境(特别是 k8s),兼容异构架构, 使用 sidecar(边车模式)代理服务的网络,不需要对业务代码本身做任何的改动。能对HTTP、gRPC、WebSocket 和 TCP 流量的自动负载均衡。并通过丰富的路由规则、重试、故障转移和故障注入,可以对流量行为进行细粒度控制;支持访问控制、速率限制和配额。同时对出入集群入口和出口中所有流量的自动度量指标、日志记录和跟踪。
二. 安装Istio
1. 下载istio安装包
https://github.com/istio/istio/releases
2. 将安装包解压
解压缩到某个目录,在/etc/profile中添加path
export PATH="/opt/k8s/workspaces/istio/istio-1.6.7/bin:$PATH"
使配置生效:
source /etc/profile
3. 执行
istioctl manifest apply –set profile=demo
注意:上述命令使用的是demo配置,里面加入了大量的追踪设置,非常不适合生产环境。同时上述命令需要拉取很多docker image,我们可以提前将需要的镜像拉下来,在执行命令,需要拉取的镜像可以在安装目录istio-1.6.7/samples/addons下的yaml文件中可以找到
4. 检查istio的服务是否正常
kubectl get all -n istio-system
5. 如果发现ingressgateway的EXTERNAL-IP显示为none或pending,可以执行下述命令来修改:
kubectl edit -n istio-system svc istio-ingressgateway
增加箭头处的externalIPs属性,将其修改为节点地址
6. 卸载
istioctl manifest generate --set profile=demo | kubectl delete -f -
三. 部署bookinfo应用
bookinfo示例部署了一个用于演示多种 Istio 特性的应用,该应用由四个单独的微服务构成。 这个应用模仿在线书店的一个分类,显示一本书的信息。 页面上会显示一本书的描述,书籍的细节(ISBN、页数等),以及关于这本书的一些评论。
1. bookinfo应用的架构
2. Bookinfo 应用分为四个单独的微服务
(1). productpage. 这个微服务会调用 details 和 reviews 两个微服务,用来生成页面。
(2). details. 这个微服务中包含了书籍的详细信息。
(3). reviews. 这个微服务中包含了书籍相关的评论。它还会调用 ratings 微服务。
(4). ratings. 这个微服务中包含了由书籍评价组成的评级信息。
3. reviews微服务有三个版本
(1). v1 版本不会调用 ratings 服务。
(2). v2 版本会调用 ratings 服务,并使用 1 到 5 个黑色星形图标来显示评分信息。
(3). v3 版本会调用 ratings 服务,并使用 1 到 5 个红色星形图标来显示评分信息。
4. bookinfo的编排文件bookinfo.yaml(目录samples/bookinfo/platform/kube)
(1). 书籍的详细信息details
##################################################################################################
# Details service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: details
labels:
app: details
service: details
spec:
ports:
- port: 9080
name: http
selector:
app: details
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-details
labels:
account: details
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: details-v1
labels:
app: details
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: details
version: v1
template:
metadata:
labels:
app: details
version: v1
spec:
serviceAccountName: bookinfo-details
containers:
- name: details
image: docker.io/istio/examples-bookinfo-details-v1:1.16.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
(2). 书籍的评级信息Ratings
##################################################################################################
# Ratings service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: ratings
labels:
app: ratings
service: ratings
spec:
ports:
- port: 9080
name: http
selector:
app: ratings
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-ratings
labels:
account: ratings
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ratings-v1
labels:
app: ratings
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: ratings
version: v1
template:
metadata:
labels:
app: ratings
version: v1
spec:
serviceAccountName: bookinfo-ratings
containers:
- name: ratings
image: docker.io/istio/examples-bookinfo-ratings-v1:1.16.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
(3). 书籍相关的评论Reviews(包含三个版本)
##################################################################################################
# Reviews service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: reviews
labels:
app: reviews
service: reviews
spec:
ports:
- port: 9080
name: http
selector:
app: reviews
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-reviews
labels:
account: reviews
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v1
labels:
app: reviews
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v1
template:
metadata:
labels:
app: reviews
version: v1
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v1:1.16.2 #版本V1
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v2
labels:
app: reviews
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v2
template:
metadata:
labels:
app: reviews
version: v2
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v2:1.16.2 #版本V2
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v3
labels:
app: reviews
version: v3
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v3
template:
metadata:
labels:
app: reviews
version: v3
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v3:1.16.2 #版本V3
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
d. 产品页puductpage
##################################################################################################
# Productpage services
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: productpage
labels:
app: productpage
service: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-productpage
labels:
account: productpage
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: productpage-v1
labels:
app: productpage
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: productpage
version: v1
template:
metadata:
labels:
app: productpage
version: v1
spec:
serviceAccountName: bookinfo-productpage
containers:
- name: productpage
image: docker.io/istio/examples-bookinfo-productpage-v1:1.16.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
volumes:
- name: tmp
emptyDir: {}
---
5. 给default命名空间打一个特定的标签,Istio根据特定标签 默认自动注入 Sidecar
kubectl label namespace default istio-injection=enabled
6. 部署bookinfo的所有微服务
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
7. 查看部署情况
8. 通过istio-ingressgateway网关对外提供服务(目录:samples/bookinfo/networking/bookinfo-gateway.yaml)
apiVersion: networking.istio.io/v1alpha3
kind: Gateway #网关
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80 #默认80端口
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService #网关的路由功能
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match: #请求连接匹配
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route: #路由到productpage服务
- destination:
host: productpage
port:
number: 9080
执行:
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
9. 访问页面并不断刷新
http://172.16.133.96/productpage
刷新几次,可以发现它在三个版本中随机改变,这是因为我们还没有对productpage服务和review服务中间进行路由和流量治理
10. 进行reviews的路由(samples/bookinfo/networking/virtual-service-reviews-v3.yaml)
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews # 访问reviews
http:
- route:
- destination:
host: reviews #路由到reviews的v3版本
subset: v3
执行:
```bash
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-v3.yaml
11. 进行reviews的路由(samples/bookinfo/networking/virtual-service-reviews-v2-v3.yaml)
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews #请求reviews服务
http:
- route:
- destination:
host: reviews
subset: v2 #路由到reviews的v2版本
weight: 50
- destination:
host: reviews
subset: v3 #路由到reviews的v3版本
weight: 50
12. 路由到不同的reviews版本是怎么确定的呢?需要定义目标规则(samples/bookinfo/networking/destination-rule-all.yaml)
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: productpage
spec:
host: productpage
subsets:
- name: v1
labels:
version: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- name: v1 #路由中用到的subset: v1
labels:
version: v1 #对应的deployment中reviews的标签
- name: v2
labels:
version: v2
- name: v3
labels:
version: v3
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: ratings
spec:
host: ratings
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
- name: v2-mysql
labels:
version: v2-mysql
- name: v2-mysql-vm
labels:
version: v2-mysql-vm
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: details
spec:
host: details
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
13. 清理部署的bookinfo
samples/bookinfo/platform/kube/cleanup.sh
五. 最终应用部署的示意图
要在 Istio 中运行这一应用,无需对应用自身做出任何改变。 您只要简单的在 Istio 环境中对服务进行配置和运行,具体一点说就是把 Envoy sidecar 注入到每个服务之中。 最终的部署结果将如下图所示(注意前面步骤中对default命名空间打了标签):
所有的微服务都和 Envoy sidecar 集成在一起,被集成服务所有的出入流量都被 sidecar 所劫持,这样就为外部控制准备了所需的 Hook,然后就可以利用 Istio 控制平面为应用提供服务路由、遥测数据收集以及策略实施等功能。
六. 参考文章
https://istio.io/latest/docs/concepts/what-is-istio/
https://istio.io/latest/zh/docs/examples/microservices-istio/production-testing/
3888
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
