Istio 测试环境搭建和功能演示
本文提供Windows 10下Istio环境的配置安装步骤,以及简单的Bookinfo示例功能验证。首先搭建一个基于Minikube和VirtualBox的本地Kubernetes集群,随后安装配置Istio,最后验证Bookinfo示例。
Istio 介绍: https://istio.io/docs/concepts/what-is-istio/
1. 本地环境
2. 安装 VirtualBox
https://download.virtualbox.org/virtualbox/6.0.12/VirtualBox-6.0.12-133076-Win.exe
3. 安装 Git
https://git-scm.com/download/win
安装后续软件使用 Git Bash,可以直接运行类Linux命令。
4. 安装 Kubectl
Git Bash下执行命令:
(1) curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.16.0/bin/windows/amd64/kubectl.exe
(2) 将kubectl.exe所在目录加入到系统环境变量
(3)验证kubectl工作是否正常
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.0", GitCommit:"e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529", GitTreeState:"clean", BuildDate:"2019-06-19T16:40:16Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"windows/amd64"}
5. 安装 Minikube
(1)下载安装 https://storage.googleapis.com/minikube/releases/v1.3.1/minikube-windows-amd64.exe
(2)设置系统环境变量
(3)验证minikube
$ minikube version
minikube version: v1.3.1
commit: ca60a424ce69a4d79f502650199ca2b52f29e631
6. 创建本地Kubernetes集群
(1)创建集群命令
minikube -v=9 start --memory=8192 --cpus=4 --kubernetes-version=v1.15.3 \
--extra-config=controller-manager.cluster-signing-cert-file="/var/lib/localkube/certs/ca.crt" \
--extra-config=controller-manager.cluster-signing-key-file="/var/lib/localkube/certs/ca.key" \
--vm-driver=virtualbox
(2)验证创建结果
$ minikube ip
192.168.99.100
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
minikube Ready master 47h v1.15.3
如果失败,可以执行以下命令,之后重新创建集群。
minikube delete
rm -rf C:\Users*your-username*.minikube
7. 安装配置Istio
(1)下载解压Windows版本Istio
https://github.com/istio/istio/releases/download/1.2.6/istio-1.2.6-win.zip
(2)将istio-1.2.6-win/bin/istioctl.exe拷贝至kubectl.exe所在目录
(3)验证和配置Istio
$ which istioctl
/c/Users/your-username/Desktop/work/k8s/kubectl/istioctl
$ cd ./istio-*
$ for i in install/kubernetes/helm/istio-init/files/crd*yaml; do kubectl apply -f $i; done
$ kubectl apply -f install/kubernetes/istio-demo-auth.yaml
$ kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
grafana ClusterIP 10.99.187.90 <none> 3000/TCP 45h
istio-citadel ClusterIP 10.104.37.15 <none> 8060/TCP,15014/TCP 45h
istio-egressgateway ClusterIP 10.103.42.176 <none> 80/TCP,443/TCP,15443/TCP 45h
istio-galley ClusterIP 10.102.157.153 <none> 443/TCP,15014/TCP,9901/TCP 45h
istio-ingressgateway LoadBalancer 10.97.52.238 <pending> 15020:31041/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:30619/TCP,15030:30708/TCP,15031:31966/TCP,15032:32377/TCP,15443:31632/TCP 45h
istio-pilot ClusterIP 10.96.222.75 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 45h
istio-policy ClusterIP 10.105.67.226 <none> 9091/TCP,15004/TCP,15014/TCP 45h
istio-sidecar-injector ClusterIP 10.97.96.12 <none> 443/TCP,15014/TCP 45h
istio-telemetry ClusterIP 10.104.21.26 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 45h
jaeger-agent ClusterIP None <none> 5775/UDP,6831/UDP,6832/UDP 45h
jaeger-collector ClusterIP 10.105.100.53 <none> 14267/TCP,14268/TCP 45h
jaeger-query ClusterIP 10.99.174.212 <none> 16686/TCP 45h
kiali ClusterIP 10.105.246.44 <none> 20001/TCP 45h
prometheus ClusterIP 10.99.26.56 <none> 9090/TCP 45h
tracing ClusterIP 10.96.39.56 <none> 80/TCP 45h
zipkin ClusterIP 10.104.108.48 <none> 9411/TCP 45h
$ kubectl get pods -n istio-system
NAME READY STATUS RESTARTS AGE
grafana-59d57c5c56-52q4f 1/1 Running 0 45h
istio-citadel-67fbbbd796-7s7f6 1/1 Running 0 45h
istio-cleanup-secrets-1.3.0-rc.3-nfx6f 0/1 Completed 0 45h
istio-egressgateway-7464447ccc-tnlf2 1/1 Running 0 45h
istio-galley-6949869b89-k2rrw 1/1 Running 0 45h
istio-grafana-post-install-1.3.0-rc.3-gpf2r 0/1 Completed 0 45h
istio-ingressgateway-754876f9d8-52zv4 1/1 Running 0 45h
istio-pilot-7f74b7dbb6-c4gvx 2/2 Running 0 45h
istio-policy-5fddb7bb4c-2s9pd 2/2 Running 4 45h
istio-security-post-install-1.3.0-rc.3-dsfx4 0/1 Completed 0 45h
istio-sidecar-injector-6b8fb9c4cc-78xpv 1/1 Running 0 45h
istio-telemetry-8b6bf59cf-4zvkf 2/2 Running 5 45h
istio-tracing-6bbdc67d6c-n7jxn 1/1 Running 0 45h
kiali-678c57d9d8-hsffp 1/1 Running 0 45h
prometheus-7d7b9f7844-8cx7s 1/1 Running 0 45h
Pod需要几分钟变成Running状态。
8. 部署验证Bookinfo
可以通过连接了解bookinfo服务的架构信息:https://istio.io/docs/examples/bookinfo/
(1)手动将边车插入pod
istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml | less
(2)为边车注入添加标签
$ kubectl label namespace default istio-injection=enabled
$ kubectl get ns default -o yaml
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: "2019-09-17T07:30:18Z"
labels:
istio-injection: enabled
name: default
resourceVersion: "97946"
selfLink: /api/v1/namespaces/default
uid: 96b640f7-e7be-448f-b947-7b2bb021a1ca
spec:
finalizers:
- kubernetes
status:
phase: Active
(3)部署bookinfo应用
$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 10.106.0.17 <none> 9080/TCP 25h
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 47h
productpage ClusterIP 10.110.60.39 <none> 9080/TCP 25h
ratings ClusterIP 10.97.158.27 <none> 9080/TCP 25h
reviews ClusterIP 10.109.12.122 <none> 9080/TCP 25h
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-74f858558f-fbkld 2/2 Running 0 25h
productpage-v1-8554d58bff-v84wv 2/2 Running 0 25h
ratings-v1-7855f5bcb9-pp6f5 2/2 Running 0 25h
reviews-v1-59fd8b965b-24mpn 2/2 Running 0 25h
reviews-v2-d6cfdb7d6-wphd6 2/2 Running 0 25h
reviews-v3-75699b5cfb-4ldmk 2/2 Running 0 25h
(4) 配置上行网关
$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
$ kubectl create -f samples/bookinfo/networking/destination-rule-all-mtls.yaml
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.97.52.238 <pending> 15020:31041/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:30619/TCP,15030:30708/TCP,15031:31966/TCP,15032:32377/TCP,15443:31632/TCP 46h
$export GATEWAY_URL=$(minikube ip):$(kubectl get svc istio-ingressgateway -n istio-system -o 'jsonpath={.spec.ports[1].nodePort}')
// 1为端口80:31380/TCP的索引,需要根据实际输出进行修改。
// 网页访问测试,200表示成功。
$ curl -o /dev/null -s -w "%{http_code}\n" http://${GATEWAY_URL}/productpage
200
$ istioctl get virtualservice
Command "get" is deprecated, Use `kubectl get` instead (see https://kubernetes.io/docs/tasks/tools/install-kubectl)
VIRTUAL-SERVICE NAME GATEWAYS HOSTS #HTTP #TCP NAMESPACE AGE
bookinfo bookinfo-gateway * 1 0 default 1d
details details 1 0 default 22h
productpage productpage 1 0 default 22h
ratings ratings 1 0 default 22h
reviews reviews 1 0 default 22h
$ echo $GATEWAY_URL
192.168.99.100:31380
(5) 浏览器访问http://192.168.99.100:31380/productpage 进行测试,刷新页面可以看到Reviewer位置轮流显示红星、黑星或者没有星号
(6)查看当前目标访问规则
$ istioctl get destinationrules
Command "get" is deprecated, Use `kubectl get` instead (see https://kubernetes.io/docs/tasks/tools/install-kubectl)
DESTINATION-RULE NAME HOST SUBSETS NAMESPACE AGE
details details v1,v2 default 1d
productpage productpage v1 default 1d
ratings ratings v1,v2,v2-mysql,v2-mysql-vm default 1d
reviews reviews v1,v2,v3 default 1d
(7)执行下面的命令,并且多次刷新浏览器,观察变化
$ kubectl create -f samples/bookinfo/networking/virtual-service-all-v1.yaml
$ kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
$ kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml
9. 清除环境
$ kubectl delete -f samples/bookinfo/platform/kube/bookinfo.yaml
$ kubectl delete -f install/kubernetes/istio-demo-auth.yaml
$ minikube delete
转载:https://blog.csdn.net/weixin_42354900/article/details/101014218
查看评论