K8S 生产实践-17-3-istio-BookInfo 应用实践
一、BookInfo应用介绍
BookInfo是一个用于演示多种 Istio 特性的应用,该应用由四个单独的微服务构成。 这个应用模仿在线书店的一个分类,显示一本书的信息。 页面上会显示一本书的描述,书籍的细节(ISBN、页数等),以及关于这本书的一些评论。
Bookinfo 应用分为四个单独的微服务:
- productpage. 这个微服务会调用 details 和 reviews 两个微服务,用来生成页面。
- details. 这个微服务中包含了书籍的信息。
- reviews. 这个微服务中包含了书籍相关的评论。它还会调用 ratings 微服务。
- ratings. 这个微服务中包含了由书籍评价组成的评级信息。
reviews 微服务有 3 个版本:
- v1 版本不会调用 ratings 服务。
- v2 版本会调用 ratings 服务,并使用 1 到 5 个黑色星形图标来显示评分信息。
- v3 版本会调用 ratings 服务,并使用 1 到 5 个红色星形图标来显示评分信息。
下图展示了这个应用的端到端架构。
Bookinfo 是一个异构应用,几个微服务是由不同的语言编写的。这些服务对 Istio 并无依赖,但是构成了一个有代表性的服务网格的例子:它由多个服务、多个语言构成,并且 reviews 服务具有多个版本。
二. 部署应用
要在 Istio 中运行这一应用,无需对应用自身做出任何改变。 您只要简单的在 Istio 环境中对服务进行配置和运行,具体一点说就是把 Envoy sidecar 注入到每个服务之中。 最终的部署结果将如下图所示:
所有的微服务都和 Envoy sidecar 集成在一起,被集成服务所有的出入流量都被 sidecar 所劫持,这样就为外部控制准备了所需的 Hook,然后就可以利用 Istio 控制平面为应用提供服务路由、遥测数据收集以及策略实施等功能。
接下来可以根据 Istio 的运行环境,按照下面的讲解完成应用的部署。
2.1 部署
# 进入 Istio 安装目录。
$ cd istio-1.9.5
# Istio 默认启用自动 Sidecar 注入,为 default 命名空间打上标签 istio-injection=enabled。
[root@hombd04 istio-1.9.5]# kubectl label namespace default istio-injection=enabled
namespace/default labeled
# 使用 kubectl 部署简单的服务
$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml部署文件 bookinfo.yaml :
[root@hombd04 kube]# cat bookinfo.yaml
# Copyright Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##################################################################################################
# This file defines the services, service accounts, and deployments for the Bookinfo sample.
#
# To apply all 4 Bookinfo services, their corresponding service accounts, and deployments:
#
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
#
# Alternatively, you can deploy any resource separately:
#
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l service=reviews # reviews Service
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l account=reviews # reviews ServiceAccount
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l app=reviews,version=v3 # reviews-v3 Deployment
##################################################################################################
##################################################################################################
# Details service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: details
labels:
app: details
service: details
spec:
ports:
- port: 9080
name: http
selector:
app: details
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-details
labels:
account: details
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: details-v1
labels:
app: details
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: details
version: v1
template:
metadata:
labels:
app: details
version: v1
spec:
serviceAccountName: bookinfo-details
containers:
- name: details
image: docker.io/istio/examples-bookinfo-details-v1:1.16.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
securityContext:
runAsUser: 1000
---
##################################################################################################
# Ratings service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: ratings
labels:
app: ratings
service: ratings
spec:
ports:
- port: 9080
name: http
selector:
app: ratings
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-ratings
labels:
account: ratings
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ratings-v1
labels:
app: ratings
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: ratings
version: v1
template:
metadata:
labels:
app: ratings
version: v1
spec:
serviceAccountName: bookinfo-ratings
containers:
- name: ratings
image: docker.io/istio/examples-bookinfo-ratings-v1:1.16.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
securityContext:
runAsUser: 1000
---
##################################################################################################
# Reviews service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: reviews
labels:
app: reviews
service: reviews
spec:
ports:
- port: 9080
name: http
selector:
app: reviews
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-reviews
labels:
account: reviews
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v1
labels:
app: reviews
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v1
template:
metadata:
labels:
app: reviews
version: v1
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v1:1.16.2
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
securityContext:
runAsUser: 1000
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v2
labels:
app: reviews
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v2
template:
metadata:
labels:
app: reviews
version: v2
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v2:1.16.2
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
securityContext:
runAsUser: 1000
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v3
labels:
app: reviews
version: v3
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v3
template:
metadata:
labels:
app: reviews
version: v3
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v3:1.16.2
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
securityContext:
runAsUser: 1000
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
##################################################################################################
# Productpage services
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: productpage
labels:
app: productpage
service: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-productpage
labels:
account: productpage
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: productpage-v1
labels:
app: productpage
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: productpage
version: v1
template:
metadata:
labels:
app: productpage
version: v1
spec:
serviceAccountName: bookinfo-productpage
containers:
- name: productpage
image: docker.io/istio/examples-bookinfo-productpage-v1:1.16.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
securityContext:
runAsUser: 1000
volumes:
- name: tmp
emptyDir: {}
---
[root@hombd04 kube]# 查看部署的服务的Endpoints(pod 的IP:PORT)
kubectl describe svc productpage命令查看:
[root@hombd04 istio-1.9.5]# kubectl get serviceAccount --namespace=default
NAME SECRETS AGE
bookinfo-details 1 23m
bookinfo-productpage 1 23m
bookinfo-ratings 1 23m
bookinfo-reviews 1 23m
default 1 42d
nfs-client-provisioner 1 14d
[root@hombd04 istio-1.9.5]# kubectl describe svc productpage
Name: productpage
Namespace: default
Labels: app=productpage
service=productpage
Annotations: <none>
Selector: app=productpage
Type: ClusterIP
IP Families: <none>
IP: 192.233.99.130
IPs: 192.233.99.130
Port: http 9080/TCP
TargetPort: 9080/TCP
Endpoints: <none>
Session Affinity: None
Events: <none>
[root@hombd04 istio-1.9.5]# kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 192.233.104.53 <none> 9080/TCP 29m
kubernetes ClusterIP 192.233.0.1 <none> 443/TCP 42d
nginx-ds NodePort 192.233.76.14 <none> 80:30983/TCP 42d
productpage ClusterIP 192.233.99.130 <none> 9080/TCP 29m
ratings ClusterIP 192.233.96.209 <none> 9080/TCP 29m
reviews ClusterIP 192.233.222.198 <none> 9080/TCP 29m
springboot-web-demo ClusterIP 192.233.27.38 <none> 80/TCP 16d
tomcat-demo ClusterIP 192.233.20.93 <none> 80/TCP 28d
[root@hombd04 istio-1.9.5]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-65956447bd-fvl9q 1/1 Running 4 14d
nginx 1/1 Running 1 42d
nginx-ds-87flg 1/1 Running 1 42d
nginx-ds-j7mqr 1/1 Running 1 42d镜像还没下载完,得稍微等一会。
如果拉不下来,则需要手动下载到本地:
docker pull docker.io/istio/examples-bookinfo-productpage-v1:1.16.2查看下载的镜像:
docker images
istio/examples-bookinfo-reviews-v3 1.16.2 83e6a8464b84 2 years ago 694MB
istio/examples-bookinfo-reviews-v2 1.16.2 39cff5d782e1 2 years ago 694MB
istio/examples-bookinfo-reviews-v1 1.16.2 181be23dc1af 2 years ago 694MB
istio/examples-bookinfo-ratings-v1 1.16.2 99ce598b98cf 2 years ago 161MB
istio/examples-bookinfo-details-v1 1.16.2 edf6b9bea3db 2 years ago 149MB
istio/examples-bookinfo-productpage-v1 1.16.2 7f1e097aad6d 2 years ago 207MB
hub.mooc.com:5000/k8s/nginx 1.17.9 5a8dfb2ca731 2 years ago 127MB测试,删除部署的资源:
root@hombd04 istio-1.9.5]# kubectl delete -f samples/bookinfo/platform/kube/bookinfo.yaml
service "details" deleted
serviceaccount "bookinfo-details" deleted
deployment.apps "details-v1" deleted
service "ratings" deleted
serviceaccount "bookinfo-ratings" deleted
deployment.apps "ratings-v1" deleted
service "reviews" deleted
serviceaccount "bookinfo-reviews" deleted
deployment.apps "reviews-v1" deleted
deployment.apps "reviews-v2" deleted
deployment.apps "reviews-v3" deleted
service "productpage" deleted
serviceaccount "bookinfo-productpage" deleted
deployment.apps "productpage-v1" deleted
[root@homaybd04 istio-1.9.5]# 错误处理
部署之后,pod没有拉起来,需要排查错误:
查看部署文件内容:
[root@homaybd04 istio-1.9.5]# kubectl describe deployment details-v1
Name: details-v1
Namespace: default
CreationTimestamp: Sun, 17 Jul 2022 10:30:09 +0800
Labels: app=details
version=v1
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=details,version=v1
Replicas: 1 desired | 0 updated | 0 total | 0 available | 1 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=details
version=v1
Service Account: bookinfo-details
Containers:
details:
Image: docker.io/istio/examples-bookinfo-details-v1:1.16.2
Port: 9080/TCP
Host Port: 0/TCP
Environment: <none>
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------ ------
Progressing True NewReplicaSetCreated
Available False MinimumReplicasUnavailable
ReplicaFailure True FailedCreate
OldReplicaSets: <none>
NewReplicaSet: details-v1-79f774bdb9 (0/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 2m49s deployment-controller Scaled up replica set details-v1-79f774bdb9 to 1查看部署的状态:
[root@homaybd04 istio-1.9.5]# kubectl get deployment details-v1 -o yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app":"details","version":"v1"},"name":"details-v1","namespace":"default"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"details","version":"v1"}},"template":{"metadata":{"labels":{"app":"details","version":"v1"}},"spec":{"containers":[{"image":"docker.io/istio/examples-bookinfo-details-v1:1.16.2","imagePullPolicy":"IfNotPresent","name":"details","ports":[{"containerPort":9080}],"securityContext":{"runAsUser":1000}}],"serviceAccountName":"bookinfo-details"}}}}
creationTimestamp: "2022-07-17T02:30:09Z"
generation: 1
labels:
app: details
version: v1
name: details-v1
namespace: default
resourceVersion: "6386913"
selfLink: /apis/apps/v1/namespaces/default/deployments/details-v1
uid: 87cdc37c-4645-4fc0-8c58-fa0735ec1065
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: details
version: v1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: details
version: v1
spec:
containers:
- image: docker.io/istio/examples-bookinfo-details-v1:1.16.2
imagePullPolicy: IfNotPresent
name: details
ports:
- containerPort: 9080
protocol: TCP
resources: {}
securityContext:
runAsUser: 1000
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: bookinfo-details
serviceAccountName: bookinfo-details
terminationGracePeriodSeconds: 30
status:
conditions:
- lastTransitionTime: "2022-07-17T02:30:09Z"
lastUpdateTime: "2022-07-17T02:30:09Z"
message: Deployment does not have minimum availability.
reason: MinimumReplicasUnavailable
status: "False"
type: Available
- lastTransitionTime: "2022-07-17T02:30:40Z"
lastUpdateTime: "2022-07-17T02:30:40Z"
message: 'Internal error occurred: failed calling webhook "sidecar-injector.istio.io":
Post "https://istiod.istio-system.svc:443/inject?timeout=30s": net/http: request
canceled while waiting for connection (Client.Timeout exceeded while awaiting
headers)'
reason: FailedCreate
status: "True"
type: ReplicaFailure
- lastTransitionTime: "2022-07-17T02:40:10Z"
lastUpdateTime: "2022-07-17T02:40:10Z"
message: ReplicaSet "details-v1-79f774bdb9" has timed out progressing.
reason: ProgressDeadlineExceeded
status: "False"
type: Progressing
observedGeneration: 1
unavailableReplicas: 1
[root@homaybd04 istio-1.9.5]# 从上边部署可以看到关键信息:message: Deployment does not have minimum availability., 说明docker空间已满。
[root@hombd04 istio-1.9.5]# docker system df
TYPE TOTAL ACTIVE SIZE RECLAIMABLE
Images 22 9 2.483GB 1.825GB (73%)
Containers 9 9 6.548MB 0B (0%)
Local Volumes 9 9 48B 0B (0%)
Build Cache 0 0 0B 0B错误2:
Internal error occurred: failed calling webhook "sidecar-injector.istio.io"解决方法:
message: 'Internal error occurred: failed calling webhook "sidecar-injector.istio.io":
Post "https://istiod.istio-system.svc:443/inject?timeout=30s": context deadline
exceeded'最终解决方案:
连接:https://blog.csdn.net/u014686399/article/details/106651625
我解决了:
kube-apiserver 需要修改启动参数,直接把修改后的给你吧:
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,NodeRestriction
--enable-aggregator-routing=true
编辑好之后,会自动创建新的pod,请问,为什么需要修改 api-server 的参数?
答案:istio 需要使用MutatingAdmissionWebhook,ValidatingAdmissionWebhook
修改记录:
[root@hombd04 modules]# vi /etc/systemd/system/kube-apiserver.service
[root@homaybd03 istio-1.9.5]# cat /etc/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
[Service]
ExecStart=/usr/local/bin/kube-apiserver \
--advertise-address=192.168.1.123 \
--allow-privileged=true \
--apiserver-count=2 \
--audit-log-maxage=30 \
--audit-log-maxbackup=3 \
--audit-log-maxsize=100 \
--audit-log-path=/var/log/audit.log \
--authorization-mode=Node,RBAC \
--bind-address=0.0.0.0 \
--client-ca-file=/etc/kubernetes/ssl/ca.pem \
--enable-admission-plugins=NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,MutatingAdmissionWebhook,ValidatingAdmissionWebhook \
--etcd-cafile=/etc/kubernetes/ssl/ca.pem \
--etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem \
--etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem \
--etcd-servers=https://192.168.1.123:2379,https://192.168.1.124:2379,https://192.168.1.125:2379 \
--event-ttl=1h \
--kubelet-certificate-authority=/etc/kubernetes/ssl/ca.pem \
--kubelet-client-certificate=/etc/kubernetes/ssl/kubernetes.pem \
--kubelet-client-key=/etc/kubernetes/ssl/kubernetes-key.pem \
--service-account-issuer=api \
--service-account-key-file=/etc/kubernetes/ssl/service-account.pem \
--service-account-signing-key-file=/etc/kubernetes/ssl/service-account-key.pem \
--api-audiences=api,vault,factors \
--service-cluster-ip-range=192.233.0.0/16 \
--service-node-port-range=30000-32767 \
--proxy-client-cert-file=/etc/kubernetes/ssl/proxy-client.pem \
--proxy-client-key-file=/etc/kubernetes/ssl/proxy-client-key.pem \
--runtime-config=api/all=true \
--requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem \
--requestheader-allowed-names=aggregator \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--feature-gates=RemoveSelfLink=false \
--enable-aggregator-routing=true \
--v=1
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
[root@hombd03 istio-1.9.5]# 
修改之后重启服务,在123/124节点都修改:
systemctl daemon-reload
systemctl restart kube-apiserver这个问题花了一天的时间也没有实质上解决,大概是我们用的CNI插件和istio结合的问题,最后我选择了手动注入。有解决的老铁,麻烦给留个言呀,先不要急,往后边看:
#### 把namespace 的注入标签去掉
# https://istio.io/latest/zh/docs/setup/getting-started/#%e5%8d%b8%e8%bd%bd
kubectl label ns default istio-injection-
# kubectl label namespace default istio-injection-
#### 手动注入
kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)
2.2 部署结果检查
在实际部署中,微服务版本的启动过程需要持续一段时间,并不是同时完成的。
由于自动注入有问题,所以,这里手动注入:
[root@hombd03 istio-1.9.5]# kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
[root@hombd03 istio-1.9.5]# kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-67bc58d576-rjjbr 0/2 PodInitializing 0 72s
nfs-client-provisioner-65956447bd-fvl9q 1/1 Running 4 16d
nginx 1/1 Running 1 43d
nginx-ds-87flg 1/1 Running 1 43d
nginx-ds-j7mqr 1/1 Running 1 43d
productpage-v1-7565c8c459-z26ds 0/2 PodInitializing 0 72s
ratings-v1-6485fbb4dd-wxsmv 0/2 PodInitializing 0 71s
reviews-v1-545675bc9-8d4pg 0/2 Init:0/1 0 71s
reviews-v2-759759586-7pdtq 0/2 PodInitializing 0 72s
reviews-v3-bb5f95b65-bqn7z 0/2 PodInitializing 0 72s
[root@hombd03 istio-1.9.5]# kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-67bc58d576-rjjbr 2/2 Running 0 12m
nfs-client-provisioner-65956447bd-fvl9q 1/1 Running 4 16d
nginx 1/1 Running 1 43d
nginx-ds-87flg 1/1 Running 1 43d
nginx-ds-j7mqr 1/1 Running 1 43d
productpage-v1-7565c8c459-z26ds 2/2 Running 0 12m
ratings-v1-6485fbb4dd-wxsmv 2/2 Running 0 12m
reviews-v1-545675bc9-8d4pg 0/2 Init:0/1 0 12m
reviews-v2-759759586-7pdtq 2/2 Running 0 12m
reviews-v3-bb5f95b65-bqn7z 2/2 Running 0 12m
[root@hombd03 istio-1.9.5]# kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-67bc58d576-rjjbr 2/2 Running 0 15m
nfs-client-provisioner-65956447bd-fvl9q 1/1 Running 4 16d
nginx 1/1 Running 1 43d
nginx-ds-87flg 1/1 Running 1 43d
nginx-ds-j7mqr 1/1 Running 1 43d
productpage-v1-7565c8c459-z26ds 2/2 Running 0 15m
ratings-v1-6485fbb4dd-wxsmv 2/2 Running 0 15m
reviews-v1-545675bc9-8d4pg 0/2 Init:0/1 0 15m
reviews-v2-759759586-7pdtq 2/2 Running 0 15m
reviews-v3-bb5f95b65-bqn7z 2/2 Running 0 15m
[root@hombd03 istio-1.9.5]# kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-67bc58d576-rjjbr 2/2 Running 0 26m
nfs-client-provisioner-65956447bd-fvl9q 1/1 Running 4 16d
nginx 1/1 Running 1 43d
nginx-ds-87flg 1/1 Running 1 43d
nginx-ds-j7mqr 1/1 Running 1 43d
productpage-v1-7565c8c459-z26ds 2/2 Running 0 26m
ratings-v1-6485fbb4dd-wxsmv 2/2 Running 0 26m
reviews-v1-545675bc9-8d4pg 2/2 Running 0 26m
reviews-v2-759759586-7pdtq 2/2 Running 0 26m
reviews-v3-bb5f95b65-bqn7z 2/2 Running 0 26m
[root@homaybd03 istio-1.9.5]# 确认所有的服务和 Pod 都已经正确的定义和启动
# service列表
$ kubectl get services
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details 10.0.0.31 <none> 9080/TCP 6m
kubernetes 10.0.0.1 <none> 443/TCP 7d
productpage 10.0.0.120 <none> 9080/TCP 6m
ratings 10.0.0.15 <none> 9080/TCP 6m
reviews 10.0.0.170 <none> 9080/TCP 6m
# pod列表
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-1520924117-48z17 2/2 Running 0 6m
productpage-v1-560495357-jk1lz 2/2 Running 0 6m
ratings-v1-734492171-rnr5l 2/2 Running 0 6m
reviews-v1-874083890-f0qf0 2/2 Running 0 6m
reviews-v2-1343845940-b34q5 2/2 Running 0 6m
reviews-v3-1813607990-8ch52 2/2 Running 0 6m要确认 Bookinfo 应用是否正在运行,请在某个 Pod 中用 curl 命令对应用发送请求,例如 ratings:
$ kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>2.3 部署BookInfo-Gateway
现在 Bookinfo 服务启动并运行中,您需要使应用程序可以从外部访问 Kubernetes 集群,例如使用浏览器。可以用 Istio Gateway 来实现这个目标。
bookinfo-gateway.yaml文件内容:
[root@hombd03 networking]# pwd
/opt/modules/istio-1.9.5/samples/bookinfo/networking
[root@hombd03 networking]# cat bookinfo-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
[root@homaybd03 networking]# 部署应用网关:
# 为应用程序定义入口网关
$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
# 确认网关创建完成
$ kubectl get gateway
NAME AGE
bookinfo-gateway 32s
# 确认可以从集群外部访问应用
$ curl <INGRESS-IP>:<HTTP2-NODEPORT>/productpageGateway 配置资源允许外部流量进入 Istio 服务网格,并对边界服务实施流量管理和 Istio 可用的策略特性。
事先,在服务网格中创建一个服务并向外部流量暴露该服务的 HTTP 端点。
如果出现这样的问题:
[root@hombd03 istio-1.9.5]# kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
Error from server (InternalError): error when creating "samples/bookinfo/networking/bookinfo-gateway.yaml": Internal error occurred: failed calling webhook "validation.istio.io": Post "https://istiod.istio-system.svc:443/validate?timeout=30s": dial tcp 192.200.245.180:15017: i/o timeout
Error from server (InternalError): error when creating "samples/bookinfo/networking/bookinfo-gateway.yaml": Internal error occurred: failed calling webhook "validation.istio.io": Post "https://istiod.istio-system.svc:443/validate?timeout=30s": context deadline exceeded
[root@hombd03 istio-1.9.5]# 重新创建网关:
[root@hombd03 networking]# kubectl apply -f bookinfo-gateway.yaml
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
[root@hombd03 networking]# 打印:
查看 ingress-gateway
[root@hombd03 networking]# kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default details ClusterIP 192.233.40.226 <none> 9080/TCP 7d1h
default kubernetes ClusterIP 192.233.0.1 <none> 443/TCP 51d
default nginx-ds NodePort 192.233.76.14 <none> 80:30983/TCP 51d
default productpage ClusterIP 192.233.188.196 <none> 9080/TCP 7d1h
default ratings ClusterIP 192.233.109.103 <none> 9080/TCP 7d1h
default reviews ClusterIP 192.233.198.61 <none> 9080/TCP 7d1h
default springboot-web-demo ClusterIP 192.233.27.38 <none> 80/TCP 24d
default tomcat-demo ClusterIP 192.233.20.93 <none> 80/TCP 36d
ingress-nginx ingress-nginx-controller LoadBalancer 192.233.205.222 <pending> 80:30720/TCP,443:30714/TCP 36d
ingress-nginx ingress-nginx-controller-admission ClusterIP 192.233.236.91 <none> 443/TCP 36d
istio-operator istio-operator ClusterIP 192.233.12.129 <none> 8383/TCP 9d
istio-system istio-egressgateway ClusterIP 192.233.73.178 <none> 80/TCP,443/TCP,15443/TCP 6d23h
istio-system istio-ingressgateway LoadBalancer 192.233.245.154 <pending> 15021:31431/TCP,80:30717/TCP,443:30010/TCP,31400:32629/TCP,15443:32419/TCP 6d23h
istio-system istiod ClusterIP 192.233.255.219 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 6d23h
kube-system coredns ClusterIP 192.233.0.10 <none> 53/UDP,53/TCP,9153/TCP 51d
kube-system imooc-prom-prometheus-oper-kubelet ClusterIP None <none> 10250/TCP,10255/TCP,4194/TCP 29d
kube-system tiller-deploy ClusterIP 192.233.162.81 <none> 44134/TCP 32d
[root@hombd03 networking]# 查看 istio-ingressgateway 文件内容:
[root@hombd03 networking]# kubectl get svc -n istio-system istio-ingressgateway -o yaml | less
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"istio-ingressgateway","install.operator.istio.io/owning-resource":"unknown","install.operator.istio.io/owning-resource-namespace":"istio-system","istio":"ingressgateway","istio.io/rev":"default","operator.istio.io/component":"IngressGateways","operator.istio.io/managed":"Reconcile","operator.istio.io/version":"1.9.5","release":"istio"},"name":"istio-ingressgateway","namespace":"istio-system"},"spec":{"ports":[{"name":"status-port","port":15021,"protocol":"TCP","targetPort":15021},{"name":"http2","port":80,"protocol":"TCP","targetPort":8080},{"name":"https","port":443,"protocol":"TCP","targetPort":8443},{"name":"tcp","port":31400,"protocol":"TCP","targetPort":31400},{"name":"tls","port":15443,"protocol":"TCP","targetPort":15443}],"selector":{"app":"istio-ingressgateway","istio":"ingressgateway"},"type":"LoadBalancer"}}
creationTimestamp: "2022-07-18T16:57:13Z"
labels:
app: istio-ingressgateway
install.operator.istio.io/owning-resource: unknown
install.operator.istio.io/owning-resource-namespace: istio-system
istio: ingressgateway
istio.io/rev: default
operator.istio.io/component: IngressGateways
operator.istio.io/managed: Reconcile
operator.istio.io/version: 1.9.5
release: istio
name: istio-ingressgateway
namespace: istio-system
resourceVersion: "6862186"
selfLink: /api/v1/namespaces/istio-system/services/istio-ingressgateway
uid: 4b4bdaf7-4a32-41cd-8242-82219089672f
spec:
clusterIP: 192.233.245.154
clusterIPs:
- 192.233.245.154
externalTrafficPolicy: Cluster
ports:
- name: status-port
nodePort: 31431
port: 15021
protocol: TCP
targetPort: 15021
- name: http2
nodePort: 30717
port: 80
protocol: TCP
targetPort: 8080
- name: https
nodePort: 30010
port: 443
protocol: TCP
targetPort: 8443
- name: tcp
nodePort: 32629
port: 31400
protocol: TCP
targetPort: 31400
- name: tls
nodePort: 32419
port: 15443
protocol: TCP
targetPort: 15443
selector:
app: istio-ingressgateway
istio: ingressgateway
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer: {}
确认是否可以访问:
<INGRESS-IP>:<HTTP2-NODEPORT>/productpagehttp://192.168.1.123:30717/productpage (x,这个地址访问不通,因为ingress 是在 124 服务器上部署的)
http://192.168.1.124:30717/productpage
说明服务是正常的哈 ~
2.4 部署附加组件(Kiali 仪表板、 以及 Prometheus、 Grafana、 还有 Jaeger)
# apply示例中的addons目录中所有文件
$ kubectl apply -f samples/addons如果在安装插件时出错,再运行一次命令。 有一些和时间相关的问题,再运行就能解决。
相关文章:
Kubernetes中的service account
istio试验环境准备,部分问题
istio 入门
为者常成,行者常至
自由转载-非商用-非衍生-保持署名(创意共享3.0许可证)
