minikube + Istio 1.7.4 部署demo项目
引言
之前的文章:
什么是服务网格(Service Mesh)
Istio 架构简单说明
这次写这个也是因为第一篇文章说要写实际例子的原因。
环境:阿里云ECS
Minikube已安装
使用Minikube的原因是在我妹这里,电脑懒得装环境,所以租了个阿里的ECS
Istio 安装
下载Istio
curl -L https://git.io/getLatestIstio | sh -
# 我自己阿里云这边提示访问raw.githubusercontent.com失败
# 把下面保存成sh文件直接运行也行。
#!/bin/sh
# Copyright Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file will be fetched as: curl -L https://git.io/getLatestIstio | sh -
# so it should be pure bourne shell, not bash (and not reference other scripts)
#
# The script fetches the latest Istio release candidate and untars it.
# You can pass variables on the command line to download a specific version
# or to override the processor architecture. For example, to download
# Istio 1.6.8 for the x86_64 architecture,
# run curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.6.8 TARGET_ARCH=x86_64 sh -.
set -e
# Determines the operating system.
OS="$(uname)"
if [ "x${OS}" = "xDarwin" ] ; then
OSEXT="osx"
else
OSEXT="linux"
fi
ISTIO_VERSION="$(curl -sL https://github.com/istio/istio/releases | \
grep -o 'releases/[0-9]*.[0-9]*.[0-9]*/' | sort --version-sort | \
tail -1 | awk -F'/' '{ print $2}')"
ISTIO_VERSION="${ISTIO_VERSION##*/}"
LOCAL_ARCH=${TARGET_ARCH}
fi
case "${LOCAL_ARCH}" in
x86_64)
ISTIO_ARCH=amd64
;;
armv8*)
ISTIO_ARCH=arm64
;;
aarch64*)
ISTIO_ARCH=arm64
;;
armv*)
ISTIO_ARCH=armv7
;;
amd64|arm64)
ISTIO_ARCH=${LOCAL_ARCH}
;;
*)
echo "This system's architecture, ${LOCAL_ARCH}, isn't supported"
exit 1
;;
esac
if [ "x${ISTIO_VERSION}" = "x" ] ; then
exit;
fi
NAME="istio-$ISTIO_VERSION"
with_arch() {
printf "\nDownloading %s from %s ...\n" "$NAME" "$ARCH_URL"
if ! curl -o /dev/null -sIf "$ARCH_URL"; then
printf "\n%s is not found, please specify a valid ISTIO_VERSION and TARGET_ARCH\n" "$ARCH_URL"
exit
fi
curl -fsLO "$ARCH_URL"
filename="istio-${ISTIO_VERSION}-${OSEXT}-${ISTIO_ARCH}.tar.gz"
tar -xzf "${filename}"
rm "${filename}"
}
without_arch() {
printf "\nDownloading %s from %s ..." "$NAME" "$URL"
if ! curl -o /dev/null -sIf "$URL"; then
printf "\n%s is not found, please specify a valid ISTIO_VERSION\n" "$URL"
exit
fi
curl -fsLO "$URL"
filename="istio-${ISTIO_VERSION}-${OSEXT}.tar.gz"
tar -xzf "${filename}"
rm "${filename}"
}
# Istio 1.6 and above support arch
# Istio 1.5 and below do not have arch support
ARCH_UNSUPPORTED="1.5"
if [ "${OS}" = "Linux" ] ; then
# This checks if 1.6 <= 1.5 or 1.4 <= 1.5
if [ "$(expr "${ARCH_SUPPORTED}" \<= "${ARCH_UNSUPPORTED}")" -eq 1 ]; then
without_arch
else
with_arch
fi
elif [ "x${OS}" = "xDarwin" ] ; then
without_arch
else
printf "\n\n"
printf "Unable to download Istio %s at this moment!\n" "$ISTIO_VERSION"
printf "Please verify the version you are trying to download.\n\n"
exit
fi
printf ""
printf "\nIstio %s Download Complete!\n" "$ISTIO_VERSION"
printf "\n"
printf "Istio has been successfully downloaded into the %s folder on your system.\n" "$NAME"
printf "\n"
BINDIR="$(cd "$NAME/bin" && pwd)"
printf "Next Steps:\n"
printf "See https://istio.io/latest/docs/setup/install/ to add Istio to your Kubernetes cluster.\n"
printf "\n"
printf "To configure the istioctl client tool for your workstation,\n"
printf "add the %s directory to your environment path variable with:\n" "$BINDIR"
printf "\t export PATH=\"\$PATH:%s\"\n" "$BINDIR"
printf "\n"
printf "Begin the Istio pre-installation check by running:\n"
printf "\t istioctl x precheck \n"
printf "\n"
printf "Need more information? Visit https://istio.io/latest/docs/setup/install/ \n"
安装Istio
上面的sh脚本运行完就会在当前目录多一个istio-1.7.4
的目录,进去后将bin
目录加入到$PATH
中,如果需要自动补全
,再source tools/istioctl.bash
。
# 如果要使用zipkin追踪调用链,可以添加 —set values.global.tracer.zipkin.address=zipkinServiceName.zipkinNameSpace:port
istioctl install #如果需要可以根据profile选择 --set profile=demo
#默认情况下 1.7版本不会安装kiali之类的东西,如果需要可以在istio-1.7.4路径下运行
kubectl apply -f samples/addons
kubectl apply -f samples/addons/extras
修改istio-ingressgateway
kubectl edit svc istio-ingressgateway -n istio-system
将type
从LoadBalancer
改成NodePort
查看dashboard及kiali Service
kubectl get svc -A
可以看见kiali
的端口是30120
,dashboard
是32674
,注意因为我用的阿里云的ECS,所以得在安全组里添加端口去,否则无法访问。
开启Istio自动注入
如果不开启需要K8S
部署完后需要istioctl
手动注入
# 其意义在于给default这个命名空间加入一个标签
# 标签内容为istio-injection=enabled
# 以后对部署进default命名空间的服务自动注入istio.
kubectl label namespace default istio-injection=enabled
部署示例项目
# 在K8S上部署项目及Service
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yml
# 在istio-system中部署一个gateway
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yml
首先
bookinfo
部署了一个productpage
,ratings
和reviews
注意:
其中reviews
有3个版本,但是Service
中的Selector
只匹配的APP的名称
。端口用的都是9080
。
我们主要看看istio做了什么?
建立一个名称为
bookinfo-gateway
的ingressgateway
端口是80
。
建立一个VirtualService
并且使用bookinfo-gateway
,并且定义了路由规则
。
destination
说明了真实service
(因为有K8S的DNS服务发现
)及端口号。
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
我们如何访问呢?
kubectl get svc -n istio-system # 查看在istio-system下的所有service
kubectl get gateways -A # 可以看到刚刚创建的bookinfo-gateway
看见istio-ingressgateway
了吗,内网就访问这个CLUSTER IP
即可,我们bookinfo-gateway
的ingressgateway
端口是80
,所以内网只需要访问http://10.107.76.201/productpage
即可。
而外网访问的就是外网IP:31766
,因为这里默认是将80
映射到了31766
。