4.1 環境介紹
K8s 1.9 以上版本。
4.2 快速部署Istio
下載: https://github.com/istio/istio/releases/, 下載 1.1.0-snapshot.5/istio-1.1.0-snapshot.5-linux.tar.gz
1: wget https://github.com/istio/istio/releases/download/1.1.0-snapshot.5/istio-1.1.0-snapshot.5-linux.tar.gz
2: tar -xzvf istio-1.1.0-snapshot.5-linux.tar.gz
3: 將bin目錄中的istioctl復制到一個PATH包含的路徑中:
cp bin/istioctl /usr/local/bin
4: kubectl apply -f install/kubernetes/istio-demo.yaml
namespace "istio-system" created customresourcedefinition.apiextensions.k8s.io "virtualservices.networking.istio.io" created customresourcedefinition.apiextensions.k8s.io "destinationrules.networking.istio.io" created customresourcedefinition.apiextensions.k8s.io "serviceentries.networking.istio.io" created customresourcedefinition.apiextensions.k8s.io "gateways.networking.istio.io" created customresourcedefinition.apiextensions.k8s.io "envoyfilters.networking.istio.io" created customresourcedefinition.apiextensions.k8s.io "clusterrbacconfigs.rbac.istio.io" created customresourcedefinition.apiextensions.k8s.io "policies.authentication.istio.io" created customresourcedefinition.apiextensions.k8s.io "meshpolicies.authentication.istio.io" created customresourcedefinition.apiextensions.k8s.io "httpapispecbindings.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "httpapispecs.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "quotaspecbindings.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "quotaspecs.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "rules.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "attributemanifests.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "bypasses.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "circonuses.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "deniers.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "fluentds.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "kubernetesenvs.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "listcheckers.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "memquotas.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "noops.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "opas.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "prometheuses.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "rbacs.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "redisquotas.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "servicecontrols.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "signalfxs.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "solarwindses.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "stackdrivers.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "statsds.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "stdios.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "apikeys.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "authorizations.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "checknothings.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "kuberneteses.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "listentries.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "logentries.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "edges.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "metrics.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "quotas.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "reportnothings.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "servicecontrolreports.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "tracespans.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "rbacconfigs.rbac.istio.io" created customresourcedefinition.apiextensions.k8s.io "serviceroles.rbac.istio.io" created customresourcedefinition.apiextensions.k8s.io "servicerolebindings.rbac.istio.io" created customresourcedefinition.apiextensions.k8s.io "adapters.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "instances.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "templates.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "handlers.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "cloudwatches.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "dogstatsds.config.istio.io" created customresourcedefinition.apiextensions.k8s.io "sidecars.networking.istio.io" created customresourcedefinition.apiextensions.k8s.io "clusterissuers.certmanager.k8s.io" created customresourcedefinition.apiextensions.k8s.io "issuers.certmanager.k8s.io" created customresourcedefinition.apiextensions.k8s.io "certificates.certmanager.k8s.io" created configmap "istio-galley-configuration" created configmap "istio-grafana-custom-resources" created configmap "istio-grafana-configuration-dashboards-galley-dashboard" created configmap "istio-grafana-configuration-dashboards-istio-mesh-dashboard" created configmap "istio-grafana-configuration-dashboards-istio-performance-dashboard" created configmap "istio-grafana-configuration-dashboards-istio-service-dashboard" created configmap "istio-grafana-configuration-dashboards-istio-workload-dashboard" created configmap "istio-grafana-configuration-dashboards-mixer-dashboard" created configmap "istio-grafana-configuration-dashboards-pilot-dashboard" created configmap "istio-grafana" created configmap "kiali" created configmap "prometheus" created configmap "istio-security-custom-resources" created configmap "istio" created configmap "istio-sidecar-injector" created serviceaccount "istio-galley-service-account" created serviceaccount "istio-egressgateway-service-account" created serviceaccount "istio-ingressgateway-service-account" created serviceaccount "istio-grafana-post-install-account" created clusterrole.rbac.authorization.k8s.io "istio-grafana-post-install-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-grafana-post-install-role-binding-istio-system" created job.batch "istio-grafana-post-install-1.1.0-snapshot.5" created serviceaccount "kiali-service-account" created serviceaccount "istio-mixer-service-account" created serviceaccount "istio-pilot-service-account" created serviceaccount "prometheus" created serviceaccount "istio-cleanup-secrets-service-account" created clusterrole.rbac.authorization.k8s.io "istio-cleanup-secrets-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-cleanup-secrets-istio-system" created job.batch "istio-cleanup-secrets-1.1.0-snapshot.5" created serviceaccount "istio-security-post-install-account" created clusterrole.rbac.authorization.k8s.io "istio-security-post-install-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-security-post-install-role-binding-istio-system" created job.batch "istio-security-post-install-1.1.0-snapshot.5" created serviceaccount "istio-citadel-service-account" created serviceaccount "istio-sidecar-injector-service-account" created clusterrole.rbac.authorization.k8s.io "istio-galley-istio-system" created clusterrole.rbac.authorization.k8s.io "istio-egressgateway-istio-system" created clusterrole.rbac.authorization.k8s.io "istio-ingressgateway-istio-system" created clusterrole.rbac.authorization.k8s.io "kiali" created clusterrole.rbac.authorization.k8s.io "istio-mixer-istio-system" created clusterrole.rbac.authorization.k8s.io "istio-pilot-istio-system" created clusterrole.rbac.authorization.k8s.io "prometheus-istio-system" created clusterrole.rbac.authorization.k8s.io "istio-citadel-istio-system" created clusterrole.rbac.authorization.k8s.io "istio-sidecar-injector-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-galley-admin-role-binding-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-egressgateway-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-ingressgateway-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-kiali-admin-role-binding-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-mixer-admin-role-binding-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-pilot-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "prometheus-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-citadel-istio-system" created clusterrolebinding.rbac.authorization.k8s.io "istio-sidecar-injector-admin-role-binding-istio-system" created role.rbac.authorization.k8s.io "istio-ingressgateway-sds" created rolebinding.rbac.authorization.k8s.io "istio-ingressgateway-sds" created service "istio-galley" created service "istio-egressgateway" created service "istio-ingressgateway" created service "grafana" created service "kiali" created service "istio-policy" created service "istio-telemetry" created service "istio-pilot" created service "prometheus" created service "istio-citadel" created service "servicegraph" created service "istio-sidecar-injector" created deployment.extensions "istio-galley" created deployment.extensions "istio-egressgateway" created deployment.extensions "istio-ingressgateway" created deployment.extensions "grafana" created deployment.extensions "kiali" created deployment.extensions "istio-policy" created deployment.extensions "istio-telemetry" created deployment.extensions "istio-pilot" created deployment.extensions "prometheus" created deployment.extensions "istio-citadel" created deployment.extensions "servicegraph" created deployment.extensions "istio-sidecar-injector" created deployment.extensions "istio-tracing" created horizontalpodautoscaler.autoscaling "istio-egressgateway" created horizontalpodautoscaler.autoscaling "istio-ingressgateway" created horizontalpodautoscaler.autoscaling "istio-policy" created horizontalpodautoscaler.autoscaling "istio-telemetry" created horizontalpodautoscaler.autoscaling "istio-pilot" created service "jaeger-query" created service "jaeger-collector" created service "jaeger-agent" created service "zipkin" created service "tracing" created mutatingwebhookconfiguration.admissionregistration.k8s.io "istio-sidecar-injector" created poddisruptionbudget.policy "istio-galley" created poddisruptionbudget.policy "istio-egressgateway" created poddisruptionbudget.policy "istio-ingressgateway" created poddisruptionbudget.policy "istio-policy" created poddisruptionbudget.policy "istio-telemetry" created poddisruptionbudget.policy "istio-pilot" created unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "attributemanifest" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "attributemanifest" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "handler" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "logentry" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "logentry" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "metric" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "handler" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "handler" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "kubernetes" in version "config.istio.io/v1alpha2" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "DestinationRule" in version "networking.istio.io/v1alpha3" unable to recognize "install/kubernetes/istio-demo.yaml": no matches for kind "DestinationRule" in version "networking.istio.io/v1alpha3"
5 運行 kubectl get pods -n istio-system -w 查看pod狀態
NAME READY STATUS RESTARTS AGE grafana-f8467cc6-lkrfq 1/1 Running 0 7m istio-citadel-676c58584b-drnnm 1/1 Running 0 7m istio-cleanup-secrets-1.1.0-snapshot.5-hhwbl 0/1 Completed 0 7m istio-egressgateway-54477c6569-gk5bj 1/1 Running 0 7m istio-galley-58b7c6b6bb-8sqc2 1/1 Running 0 7m istio-grafana-post-install-1.1.0-snapshot.5-655cz 0/1 Completed 0 7m istio-ingressgateway-f6c4b779b-g8cpd 1/1 Running 0 7m istio-pilot-595d5949f8-rlv8f 2/2 Running 0 7m istio-policy-755cf49c4f-xwm64 2/2 Running 4 7m istio-security-post-install-1.1.0-snapshot.5-x6c6z 0/1 Completed 0 7m istio-sidecar-injector-6d7586f8cd-pntbg 1/1 Running 0 7m istio-telemetry-7c7ff645cf-dhk7w 2/2 Running 3 7m istio-tracing-6849759bc8-mhjjs 1/1 Running 0 7m kiali-7766b75767-p6ws6 0/1 CreateContainerConfigError 0 7m prometheus-849b9cddff-xf4f4 1/1 Running 0 7m servicegraph-655755f6c9-s7qtr 1/1 Running 0 7m
6 部署兩個版本的服務
(服務的項目地址: https://github.com/fleeto/flaskapp)
flask.istio.yaml:
apiVersion: v1 kind: Service metadata: name: flaskapp labels: app: flaskapp spec: selector: app: flaskapp ports: - name: http port: 80 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: flaskapp-v1 spec: replicas: 1 template: metadata: labels: app: flaskapp version: v1 spec: containers: - name: flaskapp image: dustise/flaskapp imagePullPolicy: Always env: - name: version value: v1 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: flaskapp-v2 spec: replicas: 1 template: metadata: labels: app: flaskapp version: v2 spec: containers: - name: flaskapp image: dustise/flaskapp imagePullPolicy: Always env: - name: version value: v2
XXXXXXXXXXXXXX:~$ istioctl kube-inject -f flask.istio.yaml | kubectl apply -f - service "flaskapp" created deployment.extensions "flaskapp-v1" created deployment.extensions "flaskapp-v2" created
運行上面的命令,用istioctl kube-inject進行注入: 這個命令的作用是: 修改kubernetes Deployment, 在Pod中注入在前面提到的Sidecar容器,然后再用管道命令輸出給kubectl, 提交到K8s集群。
~$ kubectl get pods NAME READY STATUS RESTARTS AGE flaskapp-v1-d94f5cd8d-7lbbf 2/2 Running 0 10m flaskapp-v2-86dfb8d97f-s9hgq 2/2 Running 0 10m
查看Pod詳情:
XXXXXXXXXXXXXX:~$ kubectl describe po flaskapp-v1-d94f5cd8d-7lbbf
Name: flaskapp-v1-d94f5cd8d-7lbbf Namespace: default Node: galaxykubernetes01/9.37.138.215 Start Time: Fri, 01 Feb 2019 03:50:35 -0500 Labels: app=flaskapp pod-template-hash=850917848 version=v1 Annotations: sidecar.istio.io/status={"version":"84d7067e1bc34e8101e25667c84926d857e8d6ca3873a5dfd78345f405087030","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs... Status: Running IP: 10.244.4.174 Controlled By: ReplicaSet/flaskapp-v1-d94f5cd8d Init Containers: istio-init: Container ID: docker://cbb03a144c2a4d68b5d8a60562750073bdde9f59558b1c654d9348e8c5ab2b4d Image: docker.io/istio/proxy_init:1.1.0-snapshot.5 Image ID: docker-pullable://istio/proxy_init@sha256:817dde540690a8ead6f24acc1dfbef3b9cc18996943983d6688b510b8ccf1c77 Port: <none> Host Port: <none> Args: -p 15001 -u 1337 -m REDIRECT -i * -x -b -d 15020 State: Terminated Reason: Completed Exit Code: 0 Started: Fri, 01 Feb 2019 03:50:53 -0500 Finished: Fri, 01 Feb 2019 03:50:59 -0500 Ready: True Restart Count: 0 Limits: cpu: 10m memory: 10Mi Requests: cpu: 10m memory: 10Mi Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-qjj5t (ro) Containers: flaskapp: Container ID: docker://2e037f2213d58d2de0a4e3f7bd5e9b64fe30f8be41c1e15612d1308ee00aa50b Image: dustise/flaskapp Image ID: docker-pullable://dustise/flaskapp@sha256:fe21074376c36bb86358135f82c35ad40be99698ebd3cf277cbda1044308a255 Port: <none> Host Port: <none> State: Running Started: Fri, 01 Feb 2019 03:51:10 -0500 Ready: True Restart Count: 0 Environment: version: v1 Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-qjj5t (ro) istio-proxy: Container ID: docker://7935bf3e9599a330d19deaea242dbd58e941e72b02d9d02010cc001d1a4f3558 Image: docker.io/istio/proxyv2:1.1.0-snapshot.5 Image ID: docker-pullable://istio/proxyv2@sha256:2329bed32fde5d3ed0c4d3f7f0594e8258573226c50406e7d25d0298cd119685 Port: 15090/TCP Host Port: 0/TCP Args: proxy sidecar --domain $(POD_NAMESPACE).svc.cluster.local --configPath /etc/istio/proxy --binaryPath /usr/local/bin/envoy --serviceCluster flaskapp.default --drainDuration 45s --parentShutdownDuration 1m0s --discoveryAddress istio-pilot.istio-system:15010 --zipkinAddress zipkin.istio-system:9411 --connectTimeout 10s --proxyAdminPort 15000 --controlPlaneAuthPolicy NONE --statusPort 15020 --applicationPorts State: Running Started: Fri, 01 Feb 2019 03:51:25 -0500 Ready: True Restart Count: 0 Requests: cpu: 10m Readiness: http-get http://:15020/healthz/ready delay=1s timeout=1s period=2s #success=1 #failure=30 Environment: POD_NAME: flaskapp-v1-d94f5cd8d-7lbbf (v1:metadata.name) POD_NAMESPACE: default (v1:metadata.namespace) INSTANCE_IP: (v1:status.podIP) ISTIO_META_POD_NAME: flaskapp-v1-d94f5cd8d-7lbbf (v1:metadata.name) ISTIO_META_CONFIG_NAMESPACE: default (v1:metadata.namespace) ISTIO_META_INTERCEPTION_MODE: REDIRECT ISTIO_METAJSON_LABELS: {"app":"flaskapp","version":"v1"} Mounts: /etc/certs/ from istio-certs (ro) /etc/istio/proxy from istio-envoy (rw) /var/run/secrets/kubernetes.io/serviceaccount from default-token-qjj5t (ro) Conditions: Type Status Initialized True Ready True PodScheduled True Volumes: istio-envoy: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: Memory istio-certs: Type: Secret (a volume populated by a Secret) SecretName: istio.default Optional: true default-token-qjj5t: Type: Secret (a volume populated by a Secret) SecretName: default-token-qjj5t Optional: false QoS Class: Burstable Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 11m default-scheduler Successfully assigned flaskapp-v1-d94f5cd8d-7lbbf to galaxykubernetes01 Normal SuccessfulMountVolume 11m kubelet, galaxykubernetes01 MountVolume.SetUp succeeded for volume "istio-envoy" Normal SuccessfulMountVolume 11m kubelet, galaxykubernetes01 MountVolume.SetUp succeeded for volume "default-token-qjj5t" Normal SuccessfulMountVolume 11m kubelet, galaxykubernetes01 MountVolume.SetUp succeeded for volume "istio-certs" Normal Pulling 11m kubelet, galaxykubernetes01 pulling image "docker.io/istio/proxy_init:1.1.0-snapshot.5" Normal Pulled 11m kubelet, galaxykubernetes01 Successfully pulled image "docker.io/istio/proxy_init:1.1.0-snapshot.5" Normal Created 11m kubelet, galaxykubernetes01 Created container Normal Started 11m kubelet, galaxykubernetes01 Started container Normal Pulling 11m kubelet, galaxykubernetes01 pulling image "dustise/flaskapp" Normal Pulled 11m kubelet, galaxykubernetes01 Successfully pulled image "dustise/flaskapp" Normal Created 11m kubelet, galaxykubernetes01 Created container Normal Started 11m kubelet, galaxykubernetes01 Started container Normal Pulling 11m kubelet, galaxykubernetes01 pulling image "docker.io/istio/proxyv2:1.1.0-snapshot.5" Normal Pulled 10m kubelet, galaxykubernetes01 Successfully pulled image "docker.io/istio/proxyv2:1.1.0-snapshot.5" Normal Created 10m kubelet, galaxykubernetes01 Created container Normal Started 10m kubelet, galaxykubernetes01 Started container
從上面的詳情看出,在這個Pod中多了一個容器, 名稱是 istio-proxy, 這就是注入的結果。另外還有一個名是 istio-init的初始化容器,這個容器是用於初始化劫持的。
4.4 部署客戶端服務
(客戶端項目地址: https://github.com/fleeto/flaskapp)
apiVersion: v1 kind: Service metadata: name: sleep labels: app: sleep spec: selector: app: sleep ports: - name: ssh port: 80 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: sleep-v1 spec: replicas: 1 template: metadata: labels: app: sleep version: v1 spec: containers: - name: sleep image: dustise/sleep imagePullPolicy: Always --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: sleep-v2 spec: replicas: 1 template: metadata: labels: app: sleep version: v2 spec: containers: - name: sleep image: dustise/sleep imagePullPolicy: Always
沒有service的Deployment是無法被Istio發現並進行操作的。
同樣,對該文件進行注入,並提交到K8s上運行:
XXXXXXXXXXXXXX:~$ istioctl kube-inject -f sleep.yaml | kubectl apply -f - service "sleep" created deployment.extensions "sleep-v1" created deployment.extensions "sleep-v2" created
4.5 驗證服務
通過kubectl exec -it 命令進入客戶端Pod, 來測試flaskapp服務的具體表現。
XXXXXXXXXXXXXX:~$ kubectl get po
NAME READY STATUS RESTARTS AGE
flaskapp-v1-d94f5cd8d-7lbbf 2/2 Running 0 17h
flaskapp-v2-86dfb8d97f-s9hgq 2/2 Running 0 17h
sleep-v1-5f6946dcf8-sf94h 2/2 Running 0 1m
sleep-v2-bbb4cc688-bwm7q 2/2 Running 0 1m
kubeusr@GalaxyKubernetesMaster:~$ kubectl exec -it sleep-v1-5f6946dcf8-sf94h -c sleep bash
bash-4.4# for i in `seq 10`;do http --body http://flaskapp/env/version;done (進行10次調用)
v1
v2
v1
v1
v2
v1
v2
v1
v2
v1
從上面的結果可以看出,v2和v1兩種結果隨機出現,大約各占一半。
4.6 創建目標規則和默認路由
接下來使用Istio來管理這兩個服務的流量。
定義一個名稱為flaskapp的DestinationRule,它利用Pod標簽把flaskapp服務分成兩個subset, 分別命名為v1和v2.
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: flaskapp spec: host: flaskapp subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2
XXXXXXXXXXXXXXXXXX:~$ kubectl apply -f flaskapp-destinationrule.yaml # 部署到集群上
destinationrule.networking.istio.io "flaskapp" created
接下來,為flaskapp服務創建默認的路由規則,不論是否進行進一步的流量控制,都建議為網格中的服務創建默認的路由規則,以防止發生意料之外的路由規則。
定義一個VirtualService對象,它負責接管對 “flaskapp”這一主機名的訪問,將流量都轉發到DestinationRule定義的v2 subset上。
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: flaskapp-default-v2 spec: hosts: - flaskapp http: - route: - destination: host: flaskapp subset: v2
XXXXXXXXXXXXXXXXXXX:~$ kubectl apply -f flaskapp-default-vs-v2.yaml virtualservice.networking.istio.io "flaskapp-default-v2" created
再次進入客戶端Pod, 看看新定義的流量管理規則是否生效
XXXXXXXXXXXXXXXXX:~$ kubectl exec -it sleep-v1-5f6946dcf8-sf94h -c sleep bash bash-4.4# for i in `seq 10`;do http --body http://flaskapp/env/version;done v2 v2 v2 v2 v2 v2 v2 v2 v2 v2