istio部署与简单应用
基于k8s运行
部署
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.17.0 TARGET_ARCH=x86_64 sh -
cd istio-1.17.0
echo export PATH=$PATH:`pwd`/bin > /etc/profile.d/istio.sh
. /etc/profile.d/istio.sh
#命令补全
source <(istioctl completion bash)
istioctl completion bash > /etc/bash_completion.d/istioctl
#使用k8s的cni插件配置网络
istioctl install -s profile=demo -s components.cni.enabled=true -y
#安装插件
kubectl apply -f samples/addons/
#为命名空间开启自动注入envoy
kubectl label namespace default istio-injection=enabled
#为ingress-gw配置外部访问ip
ip link a vip0 2.2.2.16/32 type dummy
ip add a 2.2.2.16/32 dev vip0
kubectl patch svc -n istio-system istio-ingressgateway -p '{"spec":{"externalIPs":["2.2.2.16"]}}'
配置kiali和grafana
#配置kiali
cat <<eof |kubectl apply -f -
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: kiali-gw
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- kiali.hj.com
port:
name: http
number: 80
protocol: HTTP
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: kiali-vs
namespace: istio-system
spec:
gateways:
- kiali-gw
hosts:
- kiali.hj.com
http:
- match:
- uri:
prefix: /
route:
- destination:
host: kiali
port:
number: 20001
eof
#配置grafana
cat <<eof |kubectl apply -f -
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: grafana-gw
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- grafana.hj.com
port:
name: http
number: 80
protocol: HTTP
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: grafana-vs
namespace: istio-system
spec:
gateways:
- grafana-gw
hosts:
- grafana.hj.com
http:
- match:
- uri:
prefix: /
route:
- destination:
host: grafana
port:
number: 3000
eof
#加入主机名解析
echo 2.2.2.16 kiali.hj.com grafana.hj.com >> /etc/hosts
运行示例
#运行测试svc、deploy
cat <<eof |kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
labels:
app: demoapp
name: demoapp
spec:
ports:
- name: http-80-80
port: 80
protocol: TCP
targetPort: 80
selector:
app: demoapp
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demoapp
version: v1.0
name: demoapp-10
spec:
replicas: 2
selector:
matchLabels:
app: demoapp
version: v1.0
template:
metadata:
labels:
app: demoapp
version: v1.0
spec:
containers:
- image: ikubernetes/demoapp:v1.0
name: demoapp
ports:
- containerPort: 80
name: web
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demoapp
version: v1.1
name: demoapp-11
spec:
replicas: 2
selector:
matchLabels:
app: demoapp
version: v1.1
template:
metadata:
labels:
app: demoapp
version: v1.1
spec:
containers:
- image: ikubernetes/demoapp:v1.1
name: demoapp
ports:
- containerPort: 80
name: web
protocol: TCP
eof
#创建gw、vs、dr
cat <<eof |kubectl apply -f -
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: demoapp-gw
namespace: default
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- www.hj.com
port:
name: http
number: 80
protocol: HTTP
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: demoapp-vs
namespace: default
spec:
gateways:
- demoapp-gw
- mesh
hosts:
- www.hj.com
http:
- match:
- uri:
prefix: /
route:
- destination:
host: demoapp
port:
number: 80
---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: demoapp-dr
namespace: default
spec:
host: demoapp
trafficPolicy:
tls:
mode: DISABLE
eof
#分析配置是否有问题
istioctl analyze
