ITO
/
ito-archived
6
3
Fork 0
Code Issues Releases 1 Wiki Activity
Browse Source

上传文件至 'devops'

master
彭玲 3 years ago
parent
38788d9a0a
commit
e714deadfa
1 changed files with 327 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 327
      devops/[20220615] Istio Ingress 部署.md

327
devops/[20220615] Istio Ingress 部署.md
View File

@ -0,0 +1,327 @@
# Istio Ingress 部署
AUTHOR: 彭玲 TIME: 2022/6/16
---
[TOC]
---
## Istio 发行版
Istio 发行版与 [K8s 版本支持](https://istio.io/latest/docs/releases/supported-releases/#support-status-of-istio-releases) 情况如下:
| Version | Currently Supported | Release Date | End of Life | Supported Kubernetes Versions | Tested, but not supported |
| --------------- | -------------------- | ----------------- | ------------------------ | ----------------------------- | ---------------------------- |
| master | No, development only | | | | |
| 1.14 | Yes | May 24, 2022 | ~January 2023 (Expected) | 1.21, 1.22, 1.23, 1.24 | 1.16, 1.17, 1.18, 1.19, 1.20 |
| 1.13 | Yes | February 11, 2022 | ~October 2022 (Expected) | 1.20, 1.21, 1.22, 1.23 | 1.16, 1.17, 1.18, 1.19 |
| 1.12 | Yes | November 18, 2021 | ~June 2022 (Expected) | 1.19, 1.20, 1.21, 1.22 | 1.16, 1.17, 1.18 |
| 1.11 | Yes | August 12, 2021 | Mar 25, 2022 | 1.18, 1.19, 1.20, 1.21, 1.22 | 1.16, 1.17 |
| 1.10 | No | May 18, 2021 | Jan 7, 2022 | 1.18, 1.19, 1.20, 1.21 | 1.16, 1.17, 1.22 |
| 1.9 | No | February 9, 2021 | Oct 8, 2021 | 1.17, 1.18, 1.19, 1.20 | 1.15, 1.16 |
| 1.8 | No | November 10, 2020 | May 12, 2021 | 1.16, 1.17, 1.18, 1.19 | 1.15 |
| 1.7 | No | August 21, 2020 | Feb 25, 2021 | 1.16, 1.17, 1.18 | 1.15 |
| 1.6 and earlier | No | | | | |
## Istio 下载
目前,商用环境下 K8s 版本为 1.18,为此,我们选择 Istio v1.11 下载 [istio-1.11.8-linux-amd64.tar.gz](https://github.com/istio/istio/releases/download/1.11.8/istio-1.11.8-linux-amd64.tar.gz) 并解压。
```shell
fastest@fastest:~/istio$ ll
total 23500
drwxrwxr-x 3 fastest fastest 4096 Jun 13 15:36 ./
drwxr-xr-x 57 fastest fastest 4096 Jun 15 02:45 ../
drwxr-x--- 7 fastest fastest 4096 Jun 14 10:16 istio-1.11.8/
-rw-r--r-- 1 fastest fastest 24046945 Jun 13 15:28 istio-1.11.8-linux-amd64.tar.gz
```
## Istio 安装
进入 Istio 安装目录,该目录下:
- `bin/`中包含 istioctl 客户端程序
- `samples/`中包含示例应用,比如 `bookinfo/``httpbin/` 等。
```shell
fastest@fastest:~/istio$ cd istio-1.11.8/
# 设置 istioctl 环境变量
fastest@fastest:~/istio/istio-1.11.8$ export PATH=$PWD/bin:$PATH
```
使用 istioctl 安装 Istio:
```shell
fastest@fastest:~$ istioctl install --set profile=demo -y
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete
Thank you for installing Istio 1.11. Please take a few minutes to tell us about your install/upgrade experience! https://forms.gle/kWULBRjUv7hHci7T6
```
添加一个 namespace 标签,来指示 Istio 在你以后部署你的应用时自动注入 Envoy sidecar 代理:
```shell
$ kubectl label namespace default istio-injection=enabled
namespace/default labeled
```
### Deployment 资源
```shell
fastest@fastest:~$ kubectl get deploy -n istio-system
NAME READY UP-TO-DATE AVAILABLE AGE
istio-egressgateway 1/1 1 1 2d17h
istio-ingressgateway 1/1 1 1 42h
istiod 1/1 1 1 2d17h
```
`istio-ingressgateway`相关端口:
```shell
fastest@fastest:~$ kubectl edit deploy istio-ingressgateway -n istio-system
...
ports:
- containerPort: 15021
hostPort: 15021
protocol: TCP
- containerPort: 8080
hostPort: 80
protocol: TCP
- containerPort: 8443
hostPort: 8443
protocol: TCP
- containerPort: 31400
hostPort: 31400
protocol: TCP
- containerPort: 15443
hostPort: 15443
protocol: TCP
- containerPort: 15090
hostPort: 15090
name: http-envoy-prom
protocol: TCP
...
nodeSelector:
kubernetes.io/hostname: test-n7 # test-n7 对应 ip 为 10.8.30.109
...
```
### Service 资源
```shell
fastest@fastest:~$ kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-egressgateway ClusterIP 10.101.220.193 <none> 80/TCP,443/TCP 2d17h
istio-ingressgateway NodePort 10.97.62.184 <none> 15021:30390/TCP,80:32506/TCP,443:30681/TCP,31400:32027/TCP,15443:31796/TCP 23h
istiod ClusterIP 10.97.112.62 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 2d17h
```
其中,`istio-ingressgateway`服务在 Istio 安装后默认为`LoadBalancer`类型,修改为`NodePort`类型:
```shell
fastest@fastest:~$ kubectl edit svc istio-ingressgateway -n istio-system
...
spec:
type: NodePort
...
```
## 应用示例
### 部署
httpbin 应用示例:
```shell
fastest@fastest:~/istio/istio-1.11.8/samples/httpbin$ vi httpbin-nodeport.yaml
# Copyright Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##################################################################################################
# httpbin service
##################################################################################################
apiVersion: v1
kind: Service
# Copyright Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##################################################################################################
# httpbin service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: httpbin
labels:
app: httpbin
service: httpbin
spec:
type: NodePort
ports:
- name: http
port: 8000
targetPort: 80
selector:
app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
version: v1
template:
metadata:
labels:
app: httpbin
version: v1
spec:
containers:
- image: docker.io/kennethreitz/httpbin
imagePullPolicy: IfNotPresent
name: httpbin
ports:
- containerPort: 80
```
部署 httpbin 应用示例:
```shell
fastest@fastest:~/istio/istio-1.11.8/samples/httpbin$ kubectl apply -f httpbin-nodeport.yaml
```
查看 httpbin 服务:
```shell
fastest@fastest:~$ kubectl get svc httpbin
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
httpbin NodePort 10.104.239.58 <none> 8000:32048/TCP 2d16h
```
### 访问
浏览器地址输入 http://10.8.30.109:32048/ 访问 httpbin 应用示例:
![](assets/httpbin-ip.jpg)
## 使用 Istio Gateway 配置 Ingress
### 1. 创建 Istio Gateway
在 8080 端口为 HTTP 流量配置一个 Gateway:
```shell
fastest@fastest:~/istio/istio-1.11.8$ vi httpbin-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: httpbin-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 8080
name: http
protocol: HTTP
hosts:
- "httpbin.example.com"
```
创建 Istio Gateway:
```shell
$ kubectl apply -f httpbin-gateway.yaml
```
### 2. 配置路由
为通过 Gateway 的入口流量配置路由:
```shell
fastest@fastest:~/istio/istio-1.11.8$ vi httpbin-service.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin
spec:
hosts:
- "httpbin.example.com"
gateways:
- httpbin-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
port:
number: 8000
host: httpbin
```
应用:
```shell
$ kubectl apply -f httpbin-service.yaml
```
### 访问
本地 hosts 配置:
```
10.8.30.109 httpbin.example.com
```
浏览器地址输入 http://httpbin.example.com/ 访问 httpbin 应用示例:
![](assets/httpbin-domain.jpg)
Write Preview
Loading…
Cancel
Save