Istio 是一个开源的服务网格(Service Mesh),用于连接、管理和保护微服务。它提供了一组功能强大的工具,包括流量管理、安全性、监控和跟踪等,以帮助在微服务架构中更好地管理服务之间的通信。
一些主要的 Istio 功能包括:
- 流量管理: Istio 可以对流量进行智能路由、负载均衡和故障转移,还支持 A/B 测试和金丝雀发布等高级部署模式。
- 策略和安全性: 它提供了细粒度的访问控制、认证和授权机制,可以在微服务之间强化安全通信。
- 监控和跟踪: Istio 集成了 Prometheus 和 Jaeger 等开源工具,用于实时监控和分析微服务的性能和行为。
- 自动化治理: 通过使用 Istio,你可以更容易地管理服务发现、负载均衡和故障恢复,而无需修改服务代码。
总的来说,Istio 提供了一种灵活且强大的方法,用于解决微服务架构中常见的网络通信、安全性和可观察性等问题。
1.环境要求
我之前的k8s版本是1.18,所以我选择安装的是1.10.4版本;
集群情况:
| 节点 | ip |
|---|---|
| k8s-master | 192.168.200.128 |
| k8s-node1 | 192.168.200.129 |
| k8s-node2 | 192.168.200.130 |
下载 Istio
用自动化工具下载并提取最新版本(Linux 或 macOS)
curl -L https://istio.io/downloadIstio | sh -
指定版本下载,用来下载指定的、不同处理器体系的版本。 例如,要为 x86_64 架构下载 Istio 1.21.0,请运行
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.21.0 TARGET_ARCH=x86_64 sh -
由于网络原因,会提示:curl: (7) Failed connect to raw.githubusercontent.com:443; 拒绝连接
所以需要我们手动下载需要的版本,使用wget 下载。
wget https://github.com/istio/istio/releases/download/1.10.4/istio-1.10.4-linux-amd64.tar.gz
解压文件
tar zxvf istio-1.10.4-linux-amd64.tar.gz -C /usr/local/
设置环境变量
echo 'export ISTIO_HOME=/usr/local/istio-1.10.4' >> /etc/profile
echo 'export PATH=$PATH:$ISTIO_HOME/bin' >> /etc/profile
加载变量
source /etc/profile
查看版本
[root@k8s-master ~]# istioctl version
client version: 1.10.4
control plane version: 1.10.4
data plane version: 1.10.4 (2 proxies)
安装Istio
在学习、实验环境我们可以选择 demo 这个 profile 进行安装,如下示例:
istioctl install --set profile=demo -y
查看istio安装结果:
[root@k8s-master ~]# kubectl get ns |grep istio
istio-system Active 36m
查看pods
[root@k8s-master ~]# kubectl get pods -n istio-system
NAME READY STATUS RESTARTS AGE
istio-egressgateway-5495ff7cd4-wl54w 1/1 Running 0 36m
istio-ingressgateway-7ff744449d-785tw 1/1 Running 0 36m
istiod-5bbb77c878-zpp85
检查 istio 的 CRD 和 API 资源:
kubectl get crd |grep istio
kubectl api-resources |grep istio
创建Kiali的CRDs
[root@k8s-master ~]# cd istio-1.10.4/samples/addons/
[root@k8s-master addons]# ls
extras grafana.yaml jaeger.yaml kiali.yaml prometheus_vm_tls.yaml prometheus_vm.yaml prometheus.yaml README.md
[root@k8s-master addons]# vi kiali-crd.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: monitoringdashboards.monitoring.kiali.io
spec:
group: monitoring.kiali.io
names:
kind: MonitoringDashboard
listKind: MonitoringDashboardList
plural: monitoringdashboards
singular: monitoringdashboard
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
执行kiali-crd.yaml
[root@k8s-master addons]# kubectl apply -f kiali-crd.yaml
customresourcedefinition.apiextensions.k8s.io/monitoringdashboards.monitoring.kiali.io created
安装 Kiali 和其他插件,命令如下:
[root@k8s-master addons]# kubectl apply -f /usr/local/istio-1.10.4/samples/addons -n istio-system
serviceaccount/grafana created
configmap/grafana created
service/grafana created
deployment.apps/grafana created
configmap/istio-grafana-dashboards created
configmap/istio-services-grafana-dashboards created
deployment.apps/jaeger created
service/tracing created
service/zipkin created
service/jaeger-collector created
customresourcedefinition.apiextensions.k8s.io/monitoringdashboards.monitoring.kiali.io configured
serviceaccount/kiali created
configmap/kiali created
clusterrole.rbac.authorization.k8s.io/kiali-viewer created
clusterrole.rbac.authorization.k8s.io/kiali created
clusterrolebinding.rbac.authorization.k8s.io/kiali created
role.rbac.authorization.k8s.io/kiali-controlplane created
rolebinding.rbac.authorization.k8s.io/kiali-controlplane created
service/kiali created
deployment.apps/kiali created
monitoringdashboard.monitoring.kiali.io/envoy created
monitoringdashboard.monitoring.kiali.io/go created
monitoringdashboard.monitoring.kiali.io/kiali created
monitoringdashboard.monitoring.kiali.io/micrometer-1.0.6-jvm-pool created
monitoringdashboard.monitoring.kiali.io/micrometer-1.0.6-jvm created
monitoringdashboard.monitoring.kiali.io/micrometer-1.1-jvm created
monitoringdashboard.monitoring.kiali.io/microprofile-1.1 created
monitoringdashboard.monitoring.kiali.io/microprofile-x.y created
monitoringdashboard.monitoring.kiali.io/nodejs created
monitoringdashboard.monitoring.kiali.io/quarkus created
monitoringdashboard.monitoring.kiali.io/springboot-jvm-pool created
monitoringdashboard.monitoring.kiali.io/springboot-jvm created
monitoringdashboard.monitoring.kiali.io/springboot-tomcat created
monitoringdashboard.monitoring.kiali.io/thorntail created
monitoringdashboard.monitoring.kiali.io/tomcat created
monitoringdashboard.monitoring.kiali.io/vertx-client created
monitoringdashboard.monitoring.kiali.io/vertx-eventbus created
monitoringdashboard.monitoring.kiali.io/vertx-jvm created
monitoringdashboard.monitoring.kiali.io/vertx-pool created
monitoringdashboard.monitoring.kiali.io/vertx-server created
serviceaccount/prometheus created
configmap/prometheus created
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created
service/prometheus created
deployment.apps/prometheus created
serviceaccount/prometheus unchanged
configmap/prometheus configured
clusterrole.rbac.authorization.k8s.io/prometheus configured
clusterrolebinding.rbac.authorization.k8s.io/prometheus unchanged
service/prometheus unchanged
deployment.apps/prometheus configured
serviceaccount/prometheus unchanged
configmap/prometheus configured
clusterrole.rbac.authorization.k8s.io/prometheus unchanged
clusterrolebinding.rbac.authorization.k8s.io/prometheus unchanged
service/prometheus unchanged
deployment.apps/prometheus configured
[root@k8s-master addons]#
将istio-ingressgateway改为NodePort方式,方便访问
kubectl patch service istio-ingressgateway -n istio-system -p '{"spec":{"type":"NodePort"}}'
到此istio按照完成!
kiali 是一款 istio 服务网格可视化工具,提供了服务拓补图、全链路跟踪、指标遥测、配置校验、健康检查等功能。
kiali使用
上面已经安装了kiali,查看pod和svc
[root@k8s-master addons]# kubectl get pods -n istio-system|grep kiali
kiali-6c77f9c466-kbz95 1/1 Running 0 9m15s
[root@k8s-master addons]# kubectl get svc -n istio-system|grep kiali
kiali ClusterIP 10.1.196.137 <none> 20001/TCP,9090/TCP 9m23s
需要将 service 的服务类型设置为 nodeport,执行命令如下:
kubectl patch svc -n istio-system kiali -p '{"spec": {"type": "NodePort"}}'
再次查看svc
[root@k8s-master addons]# kubectl get svc -n istio-system|grep kiali
kiali NodePort 10.1.196.137 <none> 20001:31188/TCP,9090:31926/TCP 10m
可以看到20001对应的端口是31188
通过浏览器访问:
http://192.168.200.128:31188/
可以看到页面:
