分离部署istio下面的示例把数据平面和控制平面分开部署。
自动生成配置文件可以istioctl profile dump empty
加上配置文档然后进行修改。
生产集群注意配置资源限制。
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
name: control-plane
spec:
profile: default
components:
ingressGateways:
- name: istio-ingressgateway
enabled: false
egressGateways:
- name: istio-egressgateway
enabled: false
hub: harbor.kailinesb.com/ops
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
name: ingress-gateway
spec:
profile: empty
components:
ingressGateways:
- name: ingressgateway
namespace: istio-system
enabled: true
label:
istio: ingressgateway
k8s:
resources:
requests:
cpu: 100m
memory: 160Mi
hub: harbor.kailinesb.com/ops
加了这两个配置
root@dev-km-01-175:~/istio# kubectl -n istio-system get cm istio -o yaml
apiVersion: v1
data:
mesh: |-
accessLogFile: /dev/stdout
defaultConfig:
discoveryAddress: istiod.istio-system.svc:15012
tracing: # <<< 这里
sampling: 40
zipkin:
address: zipkin.istio-system:9411
accessLogEncoding: "JSON" # <<< 这里
......
创建两个版本的应用。一个是正常版本,另外一个是灰度版本。
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx-home
version: nginx-home-prod
name: nginx-home
spec:
replicas: 1
selector:
matchLabels:
app: nginx-home
version: nginx-home-prod
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nginx-home
version: nginx-home-prod
spec:
containers:
- image: harbor.kailinesb.com/ops/nginx:1.22.1
name: nginx
---
# 灰度版本app
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx-home
version: nginx-home-gray
name: nginx-home-gray
spec:
replicas: 1
selector:
matchLabels:
app: nginx-home
version: nginx-home-gray
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nginx-home
version: nginx-home-gray
spec:
containers:
- image: harbor.kailinesb.com/ops/nginx:1.22.1
name: nginx
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-home
name: nginx-home
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-home
type: ClusterIP
kubectl exec -it deploy/nginx-home-gray -- \
sed -i 's#nginx#nginx-gray#g' /usr/share/nginx/html/index.html
# 把部署的app打上如下的标签。
root@dev-km-01-175:~/istio# kubectl get deploy --show-labels
root@dev-km-01-175:~/istio# kubectl -n jian-butler-gray get deploy --show-labels
NAME READY UP-TO-DATE AVAILABLE AGE LABELS
nginx-home 1/1 1 1 97s app=nginx-home,version=nginx-home-prod
nginx-home-gray 1/1 1 1 33m app=nginx-home,version=nginx-home-gray
# 现在访问svc会出现两种版本都出现的情况。
创建gw
cat 01-nginx-app-gw.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: nginx-app-gw
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "nginx-app.kailinesb.com"
创建vs
cat 02-nginx-app-vs.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx-app-vs
spec:
hosts:
- "nginx-app.kailinesb.com"
gateways:
- nginx-app-gw
http:
- route:
- destination:
host: nginx-home # nginx-home是svc
通过从ingressgateway网关访问nginx-app.kailinesb.com现在会随机返回两个版本的内容。
192.168.21.175 nginx-app.kailinesb.com
通过dr声明版本之间的关系,这样vs才能分清楚流量分发到哪个版本。
root@dev-km-01-175:~/istio# cat dr.yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: nginx-app-dr
spec:
host: nginx-home
subsets:
- name: version-prod
labels:
version: nginx-home-prod
- name: version-gray
labels:
version: nginx-home-gray
更新vs
cat 02-nginx-app-vs.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx-app-vs
spec:
hosts:
- "nginx-app.kailinesb.com"
gateways:
- nginx-app-gw
http:
- match:
- headers:
version:
exact: "gray"
route:
- destination:
host: nginx-home
subset: version-gray
- route:
- destination:
host: nginx-home
subset: version-prod
访问测试。
[ops@deploy21-146 ~]$ curl -s http://192.168.21.175 -H 'version: gray' -H 'Host: nginx-app.kailinesb.com' | grep Welco
<title>Welcome to nginx-gray!</title>
<h1>Welcome to nginx-gray!</h1>
[ops@deploy21-146 ~]$ curl -s http://192.168.21.175 -H 'Host: nginx-app.kailinesb.com' | grep Welco
<title>Welcome to nginx!</title>
<h1>Welcome to nginx!</h1>
Istio 监控部署
jaeger 流量追踪。
jaeger和zipkin会一起安装,jaeger兼容后者。
kiali 观察网格服务状态,这个调用zipkin把链路追踪的功能也集成了。
流量可观测jaeger和配置可观测kiali依赖grafana和prometheus。