安装istio
安装方式并不是官方推荐安装方式
下载安装包
wget https://github.com/istio/istio/releases/download/1.1.7/istio-1.1.7-linux.tar.gz
解压安装包
tar -zxvf istio-1.1.7-linux.tar.gz
安装istio
cd istio-1.1.7/install/kubernetes
kubectl apply -f istio-demo.yaml
安装时可能出现报错,与资源新建顺序有关,无需处理
查看相关pod
kubectl -n istio-system get pod
NAME READY STATUS RESTARTS AGE
grafana-67c69bb567-ft5vh 1/1 Running 0 59m
istio-citadel-fc966574d-prvt9 1/1 Running 0 58m
istio-cleanup-secrets-1.1.7-sj2c2 0/1 Completed 0 59m
istio-egressgateway-6b4cd4d9f-p8gfn 1/1 Running 0 59m
istio-galley-cf776876f-wbnt8 1/1 Running 0 59m
istio-grafana-post-install-1.1.7-s4hnv 0/1 Completed 0 59m
istio-ingressgateway-59cc6ccbcb-6gqj9 1/1 Running 0 59m
istio-pilot-7b4dd9b748-vs6vz 2/2 Running 0 58m
istio-policy-5bcc859488-2dxgm 2/2 Running 6 59m
istio-security-post-install-1.1.7-n4579 0/1 Completed 0 59m
istio-sidecar-injector-c8ddbb99c-mxtjl 1/1 Running 0 58m
istio-telemetry-7678c9bb4d-btm2j 2/2 Running 2 59m
istio-tracing-5d8f57c8ff-kvgwq 1/1 Running 0 58m
kiali-d4d886dd7-74zf9 1/1 Running 0 59m
prometheus-d8d46c5b5-7zwwr 1/1 Running 0 59m
设置命令istio链接
ln -s /root/istio-1.1.7/bin/istioctl /usr/sbin/istioctl
部署测试应用
下载应用软件
git clone https://github.com/fleeto/flaskapp.git
查看应用配置文件flask.istio.yaml,包含Service和2个Deployment
apiVersion: v1
kind: Service
metadata:
name: flaskapp
labels:
app: flaskapp
spec:
selector:
app: flaskapp
ports:
- name: http
port: 80
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: flaskapp-v1
spec:
replicas: 1
template:
metadata:
labels:
app: flaskapp
version: v1
spec:
containers:
- name: flaskapp
image: dustise/flaskapp
imagePullPolicy: Always
env:
- name: version
value: v1
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: flaskapp-v2
spec:
replicas: 1
template:
metadata:
labels:
app: flaskapp
version: v2
spec:
containers:
- name: flaskapp
image: dustise/flaskapp
imagePullPolicy: Always
env:
- name: version
value: v2
两个版本的镜像是一样,只是标签和环境变量不同
注入sidecar容器
istioctl kube-inject -f /root/flaskapp/flask.istio.yaml | kubectl apply -f -
查看pod,可以看到增加了一个init container istio-init和一个container istio-proxy
kubectl get pods
NAME READY STATUS RESTARTS AGE
flaskapp-v1-66b59cdfc6-brhcp 2/2 Running 0 16h
flaskapp-v2-d687d9977-4zk4q 2/2 Running 0 16h
kubectl describe pod flaskapp-v1-66b59cdfc6-brhcp
Name: flaskapp-v1-66b59cdfc6-brhcp
Namespace: default
IP: 10.244.9.106
Controlled By: ReplicaSet/flaskapp-v1-66b59cdfc6
Init Containers:
istio-init:
Image: docker.io/istio/proxy_init:1.1.7
Port:
Containers:
flaskapp:
Image: dustise/flaskapp
Port:
istio-proxy:
Image: docker.io/istio/proxyv2:1.1.7
Port: 15090/TCP
新建client.istio.yaml,用于创建Daemonset testpod和service test,便于在所有node上作为客户端测试,由于没有service的pod无法被istio发现,所以必须创建service。
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: testpod
labels:
app: fortest
spec:
template:
metadata:
labels:
app: fortest
spec:
containers:
- name: busybox
image: busybox:v1
command:
- /bin/sh
- -c
- 'sleep 365d'
imagePullPolicy: IfNotPresent
---
apiVersion: v1
kind: Service
metadata:
labels:
app: svc
name: test
namespace: default
spec:
ports:
- name: "22"
port: 22
protocol: TCP
targetPort: 22
selector:
app: fortest
sessionAffinity: None
type: ClusterIP
同样注入sidecar容器
istioctl kube-inject -f client.istio.yaml | kubectl apply -f -
daemonset.extensions/testpod created
service/test created
在客端段验证目前svc的负载情况,可以看到v1和v2交替出现
kubectl exec -it testpod-7zzxt /bin/sh
for i in `seq 10`; do wget http://flaskapp/env/version -q -O - ; done
v1v1v2v2v1v1v2v2v1v1/
使用istio来控制路由
image.png
Istio/VirtualService 负责接管 kubernetes/Service,VirtualService会将流量转发到istio/destinationRule中的subsets
新建istio/destinationRule:flaskapp-destinationrule.yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: flaskapp
spec:
host: flaskapp
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
新建Istio/VirtualService: flaskapp-default-vs-v2.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: flaskapp-default-v2
spec:
hosts:
- flaskapp
http:
- route:
- destination:
host: flaskapp
subset: v2
创建这两个资源
kubectl apply -f flaskapp-destinationrule.yaml
destinationrule.networking.istio.io/flaskapp created
kubectl apply -f flaskapp-default-vs-v2.yaml
virtualservice.networking.istio.io/flaskapp-default-v2 created
在客端段验证目前svc的负载情况,只看到v2出现
kubectl exec -it testpod-7zzxt /bin/sh
for i in `seq 10`; do wget http://flaskapp/env/version -q -O - ; done
v2v2v2v2v2v2v2v2v2v2/
修改Istio/VirtualService,匹配到'/env'路径的路由到v1
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: flaskapp-default-v2
spec:
hosts:
- flaskapp
http:
- match:
- uri:
prefix: "/env"
route:
- destination:
host: flaskapp
subset: v1
- route:
- destination:
host: flaskapp
subset: v2
应用修改
kubectl apply -f flaskapp-default-vs-v2.yaml
查看结果
kubectl exec -it testpod-7zzxt /bin/sh
/ # for i in `seq 10`; do wget http://flaskapp/env/version -q -O - ; done
v1v1v1v1v1v1v1v1v1v1
修改Istio/VirtualService,将负载权重改为3:1
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: flaskapp-default-v2
spec:
hosts:
- flaskapp
http:
- match:
- uri:
prefix: "/env"
route:
- destination:
host: flaskapp
subset: v1
weight: 75
- destination:
host: flaskapp
subset: v2
weight: 25
- route:
- destination:
host: flaskapp
subset: v2
应用修改
kubectl apply -f flaskapp-default-vs-v2.yaml
查看结果,基本为3:1,并不是严格的3:1
kubectl exec -it testpod-7zzxt /bin/sh
for i in `seq 100`; do wget http://flaskapp/env/version -q -O - ; done
v1v1v1v1v1v1v2v1v1v1v2v1v1v2v1v1v1v1v1v1v1v1v1v1v2v2v1v1v1v1v1v1v1v1v2v2v1v1v1v1v2v1v2v1v1v1v1v1v1v2v1v2v1v2v1v1v1v1v2v1v1v1v1v1v1v1v1v2v1v1v1v1v2v2v2v1v2v1v1v1v1v2v1v1v1v1v1v1v1v2v2v1v1v1v1v1v1v2v1v1
```2