istio架构:
1、下载 istio 安装包
[root@master1 ~]# curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.8.2 TARGET_ARCH=x86_64 sh -2、移动 istioctl 到 /usr/bin 目录下
[root@master1 ~]# cp istio-1.8.2/bin/istioctl /usr/bin3、查看 istio 可用配置列表
[root@master1 ~]# istioctl profile list
Istio configuration profiles:
default
demo
empty
minimal
openshift
preview
remote4、指定安装的配置环境
istioctl install --set profile=demo -y
5、开启自动注入 Envoy sidecar 代理
kubectl label namespace default istio-injection=enabled6、部署 bookinfo-gateway.yaml 网关
kubectl apply -f /root/istio-1.8.2/samples/bookinfo/networking/bookinfo-gateway.yaml7、部署 bookinfo.yaml
[root@master1 kube]# kubectl apply -f bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created8、部署 dashboard 组件
kubectl apply -f /root/istio-1.8.2/samples/addons9、暴露 istio 的网关为 Nodeport 模式
kubectl patch service istio-ingressgateway -n istio-system -p '{"spec":{"type":"NodePort"}}'5、查看 istio 创建的资源
[root@master1 ~]# kubectl get all -n istio-system
NAME READY STATUS RESTARTS AGE
pod/grafana-79c4cf9d9c-sdkqv 1/1 Running 0 92m
pod/istio-egressgateway-7b698b78b9-9qd9t 1/1 Running 0 95m
pod/istio-ingressgateway-7f584d6776-w84mq 1/1 Running 0 95m
pod/istiod-5d8b576f84-79wsz 1/1 Running 0 95m
pod/jaeger-5d96f77b8c-whhkl 1/1 Running 0 92m
pod/kiali-6785897659-zdd2h 1/1 Running 0 92m
pod/prometheus-5756c695c5-kc5vg 2/2 Running 0 92m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/grafana ClusterIP 10.101.124.54 <none> 3000/TCP 92m
service/istio-egressgateway ClusterIP 10.109.127.148 <none> 80/TCP,443/TCP,15443/TCP 95m
service/istio-ingressgateway NodePort 10.103.222.103 <none> 15021:30731/TCP,80:30824/TCP,443:31765/TCP,31400:31397/TCP,15443:30544/TCP 3h1m
service/istiod ClusterIP 10.103.87.68 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 3h4m
service/jaeger-collector ClusterIP 10.102.247.21 <none> 14268/TCP,14250/TCP 92m
service/kiali NodePort 10.100.80.185 <none> 20001:31805/TCP,9090:32104/TCP 92m
service/prometheus ClusterIP 10.104.140.148 <none> 9090/TCP 92m
service/tracing ClusterIP 10.96.36.198 <none> 80/TCP 92m
service/zipkin ClusterIP 10.100.109.17 <none> 9411/TCP 92m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/grafana 1/1 1 1 92m
deployment.apps/istio-egressgateway 1/1 1 1 95m
deployment.apps/istio-ingressgateway 1/1 1 1 3h1m
deployment.apps/istiod 1/1 1 1 3h4m
deployment.apps/jaeger 1/1 1 1 92m
deployment.apps/kiali 1/1 1 1 92m
deployment.apps/prometheus 1/1 1 1 92m
NAME DESIRED CURRENT READY AGE
replicaset.apps/grafana-79c4cf9d9c 1 1 1 92m
replicaset.apps/istio-egressgateway-7b698b78b9 1 1 1 95m
replicaset.apps/istio-ingressgateway-59b6f986c 0 0 0 178m
replicaset.apps/istio-ingressgateway-7f584d6776 1 1 1 3h1m
replicaset.apps/istiod-5d8b576f84 1 1 1 3h4m
replicaset.apps/istiod-848478dd87 0 0 0 178m
replicaset.apps/jaeger-5d96f77b8c 1 1 1 92m
replicaset.apps/kiali-6785897659 1 1 1 92m
replicaset.apps/prometheus-5756c695c5 1 1 1 92m11、查看 ns
[root@master1 samples]# kubectl get ns
NAME STATUS AGE
default Active 3h57m
istio-system Active 3h35m # 这个 ns 就是
kube-node-lease Active 3h57m
kube-public Active 3h57m
kube-system Active 3h57m12、查看 istio gateway
[root@master1 samples]# kubectl get gateway
NAME AGE
bookinfo-gateway 125m13、查看 ingress-gateway 服务
[root@master1 samples]# kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway NodePort 10.103.222.103 <none> 15021:30731/TCP,80:30824/TCP,443:31765/TCP,31400:31397/TCP,15443:30544/TCP 3h35m14、查看 istio 网关暴露端口
[root@master1 networking]# kubectl describe svc -n istio-system kiali
Name: kiali
Namespace: istio-system
Labels: app=kiali
app.kubernetes.io/instance=kiali-server
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=kiali
app.kubernetes.io/version=v1.26.0
helm.sh/chart=kiali-server-1.26.0
version=v1.26.0
Annotations: kiali.io/api-spec: https://kiali.io/api
kiali.io/api-type: rest
kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"kiali.io/api-spec":"https://kiali.io/api","kiali.io/api-type":"rest"},"lab...
Selector: app.kubernetes.io/instance=kiali-server,app.kubernetes.io/name=kiali
Type: NodePort
IP: 10.100.80.185
Port: http 20001/TCP
TargetPort: 20001/TCP
NodePort: http 31805/TCP # 网关暴露端口
Endpoints: 100.66.209.209:20001
Port: http-metrics 9090/TCP
TargetPort: 9090/TCP
NodePort: http-metrics 32104/TCP # 这个不是,我多暴露了一个,只看上面那个。
Endpoints: 100.66.209.209:9090
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>15、验证是否成功
[root@master1 samples]# kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title> # 代表服务正常16、登录 dashboard
