1 changed files with 0 additions and 327 deletions
			
			
		| @ -1,327 +0,0 @@ | |||
| # Istio Ingress 部署  | |||
| 
 | |||
| AUTHOR: 彭玲 		TIME: 2022/6/16  | |||
| 
 | |||
| --- | |||
| 
 | |||
| [TOC] | |||
| 
 | |||
| --- | |||
| 
 | |||
| 
 | |||
| 
 | |||
| ## Istio 发行版  | |||
| 
 | |||
| Istio 发行版与 [K8s 版本支持](https://istio.io/latest/docs/releases/supported-releases/#support-status-of-istio-releases) 情况如下: | |||
| 
 | |||
| | Version         | Currently Supported  | Release Date      | End of Life              | Supported Kubernetes Versions | Tested, but not supported    | | |||
| | --------------- | -------------------- | ----------------- | ------------------------ | ----------------------------- | ---------------------------- | | |||
| | master          | No, development only |                   |                          |                               |                              | | |||
| | 1.14            | Yes                  | May 24, 2022      | ~January 2023 (Expected) | 1.21, 1.22, 1.23, 1.24        | 1.16, 1.17, 1.18, 1.19, 1.20 | | |||
| | 1.13            | Yes                  | February 11, 2022 | ~October 2022 (Expected) | 1.20, 1.21, 1.22, 1.23        | 1.16, 1.17, 1.18, 1.19       | | |||
| | 1.12            | Yes                  | November 18, 2021 | ~June 2022 (Expected)    | 1.19, 1.20, 1.21, 1.22        | 1.16, 1.17, 1.18             | | |||
| | 1.11            | Yes                  | August 12, 2021   | Mar 25, 2022             | 1.18, 1.19, 1.20, 1.21, 1.22  | 1.16, 1.17                   | | |||
| | 1.10            | No                   | May 18, 2021      | Jan 7, 2022              | 1.18, 1.19, 1.20, 1.21        | 1.16, 1.17, 1.22             | | |||
| | 1.9             | No                   | February 9, 2021  | Oct 8, 2021              | 1.17, 1.18, 1.19, 1.20        | 1.15, 1.16                   | | |||
| | 1.8             | No                   | November 10, 2020 | May 12, 2021             | 1.16, 1.17, 1.18, 1.19        | 1.15                         | | |||
| | 1.7             | No                   | August 21, 2020   | Feb 25, 2021             | 1.16, 1.17, 1.18              | 1.15                         | | |||
| | 1.6 and earlier | No                   |                   |                          |                               |                              | | |||
| 
 | |||
| 
 | |||
| 
 | |||
| ## Istio 下载  | |||
| 
 | |||
| 目前,商用环境下 K8s 版本为 1.18,为此,我们选择 Istio v1.11 下载 [istio-1.11.8-linux-amd64.tar.gz](https://github.com/istio/istio/releases/download/1.11.8/istio-1.11.8-linux-amd64.tar.gz) 并解压。 | |||
| 
 | |||
| ```shell | |||
| fastest@fastest:~/istio$ ll | |||
| total 23500 | |||
| drwxrwxr-x  3 fastest fastest     4096 Jun 13 15:36 ./ | |||
| drwxr-xr-x 57 fastest fastest     4096 Jun 15 02:45 ../ | |||
| drwxr-x---  7 fastest fastest     4096 Jun 14 10:16 istio-1.11.8/ | |||
| -rw-r--r--  1 fastest fastest 24046945 Jun 13 15:28 istio-1.11.8-linux-amd64.tar.gz  | |||
| ``` | |||
| 
 | |||
| 
 | |||
| 
 | |||
| ## Istio 安装  | |||
| 
 | |||
| 进入 Istio 安装目录,该目录下: | |||
| 
 | |||
| - `bin/`中包含 istioctl 客户端程序    | |||
| - `samples/`中包含示例应用,比如 `bookinfo/` 和 `httpbin/` 等。 | |||
| 
 | |||
| ```shell | |||
| fastest@fastest:~/istio$ cd istio-1.11.8/  | |||
| # 设置 istioctl 环境变量  | |||
| fastest@fastest:~/istio/istio-1.11.8$ export PATH=$PWD/bin:$PATH  | |||
| ``` | |||
| 
 | |||
| 使用 istioctl 安装 Istio: | |||
| 
 | |||
| ```shell | |||
| fastest@fastest:~$ istioctl install --set profile=demo -y | |||
| ✔ Istio core installed     | |||
| ✔ Istiod installed                                                               | |||
| ✔ Egress gateways installed                                                         | |||
| ✔ Ingress gateways installed                                                          | |||
| ✔ Installation complete                                                            | |||
| Thank you for installing Istio 1.11.  Please take a few minutes to tell us about your install/upgrade experience!  https://forms.gle/kWULBRjUv7hHci7T6  | |||
| ``` | |||
| 
 | |||
| 添加一个 namespace 标签,来指示 Istio 在你以后部署你的应用时自动注入 Envoy sidecar 代理: | |||
| 
 | |||
| ```shell | |||
| $ kubectl label namespace default istio-injection=enabled | |||
| namespace/default labeled  | |||
| ``` | |||
| 
 | |||
| ### Deployment 资源  | |||
| 
 | |||
| ```shell | |||
| fastest@fastest:~$ kubectl get deploy -n istio-system | |||
| NAME                   READY   UP-TO-DATE   AVAILABLE   AGE | |||
| istio-egressgateway    1/1     1            1           2d17h | |||
| istio-ingressgateway   1/1     1            1           42h | |||
| istiod                 1/1     1            1           2d17h  | |||
| ``` | |||
| 
 | |||
| `istio-ingressgateway`相关端口: | |||
| 
 | |||
| ```shell | |||
| fastest@fastest:~$ kubectl edit deploy istio-ingressgateway -n istio-system  | |||
| ... | |||
|         ports: | |||
|         - containerPort: 15021 | |||
|           hostPort: 15021 | |||
|           protocol: TCP | |||
|         - containerPort: 8080 | |||
|           hostPort: 80 | |||
|           protocol: TCP | |||
|         - containerPort: 8443 | |||
|           hostPort: 8443 | |||
|           protocol: TCP | |||
|         - containerPort: 31400 | |||
|           hostPort: 31400 | |||
|           protocol: TCP | |||
|         - containerPort: 15443 | |||
|           hostPort: 15443 | |||
|           protocol: TCP | |||
|         - containerPort: 15090 | |||
|           hostPort: 15090 | |||
|           name: http-envoy-prom | |||
|           protocol: TCP | |||
| ... | |||
|       nodeSelector: | |||
|         kubernetes.io/hostname: test-n7 # test-n7 对应 ip 为 10.8.30.109  | |||
| ... | |||
| ``` | |||
| 
 | |||
| ### Service 资源  | |||
| 
 | |||
| ```shell | |||
| fastest@fastest:~$ kubectl get svc -n istio-system | |||
| NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                      AGE | |||
| istio-egressgateway    ClusterIP   10.101.220.193   <none>        80/TCP,443/TCP                                                               2d17h | |||
| istio-ingressgateway   NodePort    10.97.62.184     <none>        15021:30390/TCP,80:32506/TCP,443:30681/TCP,31400:32027/TCP,15443:31796/TCP   23h | |||
| istiod                 ClusterIP   10.97.112.62     <none>        15010/TCP,15012/TCP,443/TCP,15014/TCP                                        2d17h  | |||
| ``` | |||
| 
 | |||
| 其中,`istio-ingressgateway`服务在 Istio 安装后默认为`LoadBalancer`类型,修改为`NodePort`类型: | |||
| 
 | |||
| ```shell | |||
| fastest@fastest:~$ kubectl edit svc istio-ingressgateway -n istio-system  | |||
| 
 | |||
| ... | |||
| spec: | |||
|   type: NodePort | |||
| ... | |||
| ``` | |||
| 
 | |||
| 
 | |||
| 
 | |||
| ## 应用示例  | |||
| 
 | |||
| ### 部署  | |||
| 
 | |||
| httpbin 应用示例: | |||
| 
 | |||
|  ```shell | |||
|  fastest@fastest:~/istio/istio-1.11.8/samples/httpbin$ vi httpbin-nodeport.yaml  | |||
|   | |||
|  # Copyright Istio Authors | |||
|  #  | |||
|  #   Licensed under the Apache License, Version 2.0 (the "License"); | |||
|  #   you may not use this file except in compliance with the License. | |||
|  #   You may obtain a copy of the License at | |||
|  # | |||
|  #       http://www.apache.org/licenses/LICENSE-2.0 | |||
|  # | |||
|  #   Unless required by applicable law or agreed to in writing, software | |||
|  #   distributed under the License is distributed on an "AS IS" BASIS, | |||
|  #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |||
|  #   See the License for the specific language governing permissions and | |||
|  #   limitations under the License. | |||
|   | |||
|  ################################################################################################## | |||
|  # httpbin service | |||
|  ################################################################################################## | |||
|  apiVersion: v1 | |||
|  kind: Service | |||
|  # Copyright Istio Authors | |||
|  # | |||
|  #   Licensed under the Apache License, Version 2.0 (the "License"); | |||
|  #   you may not use this file except in compliance with the License. | |||
|  #   You may obtain a copy of the License at | |||
|  # | |||
|  #       http://www.apache.org/licenses/LICENSE-2.0 | |||
|  # | |||
|  #   Unless required by applicable law or agreed to in writing, software | |||
|  #   distributed under the License is distributed on an "AS IS" BASIS, | |||
|  #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |||
|  #   See the License for the specific language governing permissions and | |||
|  #   limitations under the License. | |||
|   | |||
|  ################################################################################################## | |||
|  # httpbin service | |||
|  ################################################################################################## | |||
|  apiVersion: v1 | |||
|  kind: Service | |||
|  metadata: | |||
|    name: httpbin | |||
|    labels: | |||
|      app: httpbin | |||
|      service: httpbin | |||
|  spec: | |||
|    type: NodePort | |||
|    ports: | |||
|    - name: http | |||
|      port: 8000 | |||
|      targetPort: 80 | |||
|    selector: | |||
|      app: httpbin | |||
|  --- | |||
|  apiVersion: apps/v1 | |||
|  kind: Deployment | |||
|  metadata: | |||
|    name: httpbin | |||
|  spec: | |||
|    replicas: 1 | |||
|    selector: | |||
|      matchLabels: | |||
|        app: httpbin | |||
|        version: v1 | |||
|    template: | |||
|      metadata: | |||
|        labels: | |||
|          app: httpbin | |||
|          version: v1 | |||
|      spec: | |||
|        containers: | |||
|        - image: docker.io/kennethreitz/httpbin | |||
|          imagePullPolicy: IfNotPresent | |||
|          name: httpbin | |||
|          ports: | |||
|          - containerPort: 80  | |||
|  ``` | |||
| 
 | |||
| 部署 httpbin 应用示例: | |||
| 
 | |||
| ```shell | |||
| fastest@fastest:~/istio/istio-1.11.8/samples/httpbin$ kubectl apply -f httpbin-nodeport.yaml  | |||
| ``` | |||
| 
 | |||
| 查看 httpbin 服务: | |||
| 
 | |||
| ```shell | |||
| fastest@fastest:~$ kubectl get svc httpbin | |||
| NAME      TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE | |||
| httpbin   NodePort   10.104.239.58   <none>        8000:32048/TCP   2d16h  | |||
| ``` | |||
| 
 | |||
| ### 访问  | |||
| 
 | |||
| 浏览器地址输入 http://10.8.30.109:32048/ 访问 httpbin 应用示例: | |||
| 
 | |||
|  | |||
| 
 | |||
| 
 | |||
| 
 | |||
| ## 使用 Istio Gateway 配置 Ingress  | |||
| 
 | |||
| ### 1. 创建 Istio Gateway  | |||
| 
 | |||
| 在 8080 端口为 HTTP 流量配置一个 Gateway: | |||
| 
 | |||
| ```shell | |||
| fastest@fastest:~/istio/istio-1.11.8$ vi httpbin-gateway.yaml  | |||
| 
 | |||
| apiVersion: networking.istio.io/v1alpha3 | |||
| kind: Gateway | |||
| metadata: | |||
|   name: httpbin-gateway | |||
| spec: | |||
|   selector: | |||
|     istio: ingressgateway # use Istio default gateway implementation | |||
|   servers: | |||
|   - port: | |||
|       number: 8080 | |||
|       name: http | |||
|       protocol: HTTP | |||
|     hosts: | |||
|     - "httpbin.example.com"  | |||
| ``` | |||
| 
 | |||
| 创建 Istio Gateway: | |||
| 
 | |||
| ```shell | |||
| $ kubectl apply -f httpbin-gateway.yaml  | |||
| ``` | |||
| 
 | |||
| ### 2. 配置路由  | |||
| 
 | |||
| 为通过 Gateway 的入口流量配置路由: | |||
| 
 | |||
| ```shell | |||
| fastest@fastest:~/istio/istio-1.11.8$ vi httpbin-service.yaml  | |||
| 
 | |||
| apiVersion: networking.istio.io/v1alpha3 | |||
| kind: VirtualService | |||
| metadata: | |||
|   name: httpbin | |||
| spec: | |||
|   hosts: | |||
|   - "httpbin.example.com" | |||
|   gateways: | |||
|   - httpbin-gateway | |||
|   http: | |||
|   - match: | |||
|     - uri: | |||
|         prefix: / | |||
|     route: | |||
|     - destination: | |||
|         port: | |||
|           number: 8000 | |||
|         host: httpbin  | |||
| ``` | |||
| 
 | |||
| 应用: | |||
| 
 | |||
| ```shell | |||
| $ kubectl apply -f httpbin-service.yaml  | |||
| ``` | |||
| 
 | |||
| ### 访问  | |||
| 
 | |||
| 本地 hosts 配置: | |||
| 
 | |||
| ``` | |||
| 10.8.30.109  httpbin.example.com  | |||
| ``` | |||
| 
 | |||
| 浏览器地址输入 http://httpbin.example.com/ 访问 httpbin 应用示例: | |||
| 
 | |||
|  | |||
| 
 | |||
| 
 | |||
| 
 | |||
					Loading…
					
					
				
		Reference in new issue