Istio
采用istio-1.13.3版本
$ istioctl install --set profile=demo -y
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete
$ istioctl version
client version: 1.13.3
control plane version: 1.13.3
data plane version: 1.13.3 (2 proxies)
$ kubectl get svc,pod -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/istio-egressgateway ClusterIP 10.106.10.184 <none> 80/TCP,443/TCP 102s
service/istio-ingressgateway LoadBalancer 10.105.215.67 <pending> 15021:30495/TCP,80:30238/TCP,443:31874/TCP,31400:31429/TCP,15443:30617/TCP 101s
service/istiod ClusterIP 10.108.68.242 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 2m26s
NAME READY STATUS RESTARTS AGE
pod/istio-egressgateway-79f64cf4fc-lqdfn 1/1 Running 0 102s
pod/istio-ingressgateway-5fb6c468c5-lpgbp 1/1 Running 0 102s
pod/istiod-94495c6cc-qkfdz 1/1 Running 0 2m26s
控制面包括istiod、istio-egressgateway和istio-ingressgateway三个微服务
Bookinfo
$ kubectl create ns bookinfo
namespace/bookinfo created
$ kubectl label namespace bookinfo istio-injection=enabled
namespace/bookinfo labeled
开启自动Sidecar注入
$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -n bookinfo
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
$ kubectl get svc,pod -n bookinfo
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/details ClusterIP 10.110.217.97 <none> 9080/TCP 6m25s
service/productpage ClusterIP 10.102.45.238 <none> 9080/TCP 6m24s
service/ratings ClusterIP 10.107.75.39 <none> 9080/TCP 6m24s
service/reviews ClusterIP 10.101.88.12 <none> 9080/TCP 6m24s
NAME READY STATUS RESTARTS AGE
pod/details-v1-79f774bdb9-7gx5g 2/2 Running 0 6m50s
pod/productpage-v1-6b746f74dc-t5mtj 2/2 Running 0 6m49s
pod/ratings-v1-b6994bb9-rhs4t 2/2 Running 0 6m49s
pod/reviews-v1-545db77b95-2zbmt 2/2 Running 0 6m50s
pod/reviews-v2-7bf8c9648f-9jdb9 2/2 Running 0 6m50s
pod/reviews-v3-84779c7bbc-s2pcc 2/2 Running 0 6m50s
$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml -n bookinfo
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
$ istioctl analyze -n bookinfo
✔ No validation issues found when analyzing namespace: bookinfo.
配置网关,方便外部访问
Test
由于本机环境没有LoadBalancer,通过port-forward对ingressgateway做端口转发,模拟外部访问
# kubectl port-forward --address 0.0.0.0 service/istio-ingressgateway -n istio-system 8888:80
Forwarding from 0.0.0.0:8888 -> 8080
$ curl -s http://127.0.0.1:8888/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>
Clean
$ sh samples/bookinfo/platform/kube/cleanup.sh
namespace ? [default]
using NAMESPACE=default
Application cleanup may take up to one minute
service "details" deleted
serviceaccount "bookinfo-details" deleted
deployment.apps "details-v1" deleted
service "ratings" deleted
serviceaccount "bookinfo-ratings" deleted
deployment.apps "ratings-v1" deleted
service "reviews" deleted
serviceaccount "bookinfo-reviews" deleted
deployment.apps "reviews-v1" deleted
deployment.apps "reviews-v2" deleted
deployment.apps "reviews-v3" deleted
service "productpage" deleted
serviceaccount "bookinfo-productpage" deleted
deployment.apps "productpage-v1" deleted
Application cleanup successful
Addons
$ kubectl apply -f samples/addons
serviceaccount/grafana created
configmap/grafana created
service/grafana created
deployment.apps/grafana created
configmap/istio-grafana-dashboards created
configmap/istio-services-grafana-dashboards created
deployment.apps/jaeger created
service/tracing created
service/zipkin created
service/jaeger-collector created
serviceaccount/kiali created
configmap/kiali created
clusterrole.rbac.authorization.k8s.io/kiali-viewer created
clusterrole.rbac.authorization.k8s.io/kiali created
clusterrolebinding.rbac.authorization.k8s.io/kiali created
role.rbac.authorization.k8s.io/kiali-controlplane created
rolebinding.rbac.authorization.k8s.io/kiali-controlplane created
service/kiali created
deployment.apps/kiali created
serviceaccount/prometheus created
configmap/prometheus created
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created
service/prometheus created
deployment.apps/prometheus created
$ kubectl get svc,pod -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/grafana ClusterIP 10.102.90.22 <none> 3000/TCP 3m9s
service/istio-egressgateway ClusterIP 10.99.105.97 <none> 80/TCP,443/TCP,15443/TCP 46m
service/istio-ingressgateway LoadBalancer 10.109.72.243 <pending> 15021:31308/TCP,80:30991/TCP,443:31331/TCP,31400:32737/TCP,15443:31754/TCP 46m
service/istiod ClusterIP 10.96.138.139 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 47m
service/jaeger-collector ClusterIP 10.100.74.103 <none> 14268/TCP,14250/TCP 3m9s
service/kiali ClusterIP 10.108.98.184 <none> 20001/TCP,9090/TCP 3m9s
service/prometheus ClusterIP 10.108.237.9 <none> 9090/TCP 3m8s
service/tracing ClusterIP 10.97.223.15 <none> 80/TCP 3m9s
service/zipkin ClusterIP 10.110.178.5 <none> 9411/TCP 3m9s
NAME READY STATUS RESTARTS AGE
pod/grafana-784c89f4cf-hnczd 1/1 Running 0 3m9s
pod/istio-egressgateway-8dff9c778-t5sqb 1/1 Running 0 46m
pod/istio-ingressgateway-6cfd75fc57-7hx48 1/1 Running 0 46m
pod/istiod-7f6d7c759-t2z7z 1/1 Running 0 47m
pod/jaeger-7f78b6fb65-cwwwq 1/1 Running 0 3m9s
pod/kiali-7476977cf9-m2cxz 1/1 Running 0 3m9s
pod/prometheus-7bfddb8dbf-qkrvd 2/2 Running 0 3m8s
通过port-forward对grafana、tracing、kiali做端口转发,可以从外部访问可视化服务