You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 KiB
10 KiB
Istio Ingress 部署
AUTHOR: 彭玲 TIME: 2022/6/16
[TOC]
Istio 发行版
Istio 发行版与 K8s 版本支持 情况如下:
| Version | Currently Supported | Release Date | End of Life | Supported Kubernetes Versions | Tested, but not supported |
|---|---|---|---|---|---|
| master | No, development only | ||||
| 1.14 | Yes | May 24, 2022 | ~January 2023 (Expected) | 1.21, 1.22, 1.23, 1.24 | 1.16, 1.17, 1.18, 1.19, 1.20 |
| 1.13 | Yes | February 11, 2022 | ~October 2022 (Expected) | 1.20, 1.21, 1.22, 1.23 | 1.16, 1.17, 1.18, 1.19 |
| 1.12 | Yes | November 18, 2021 | ~June 2022 (Expected) | 1.19, 1.20, 1.21, 1.22 | 1.16, 1.17, 1.18 |
| 1.11 | Yes | August 12, 2021 | Mar 25, 2022 | 1.18, 1.19, 1.20, 1.21, 1.22 | 1.16, 1.17 |
| 1.10 | No | May 18, 2021 | Jan 7, 2022 | 1.18, 1.19, 1.20, 1.21 | 1.16, 1.17, 1.22 |
| 1.9 | No | February 9, 2021 | Oct 8, 2021 | 1.17, 1.18, 1.19, 1.20 | 1.15, 1.16 |
| 1.8 | No | November 10, 2020 | May 12, 2021 | 1.16, 1.17, 1.18, 1.19 | 1.15 |
| 1.7 | No | August 21, 2020 | Feb 25, 2021 | 1.16, 1.17, 1.18 | 1.15 |
| 1.6 and earlier | No |
Istio 下载
目前,商用环境下 K8s 版本为 1.18,为此,我们选择 Istio v1.11 下载 istio-1.11.8-linux-amd64.tar.gz 并解压。
fastest@fastest:~/istio$ ll
total 23500
drwxrwxr-x 3 fastest fastest 4096 Jun 13 15:36 ./
drwxr-xr-x 57 fastest fastest 4096 Jun 15 02:45 ../
drwxr-x--- 7 fastest fastest 4096 Jun 14 10:16 istio-1.11.8/
-rw-r--r-- 1 fastest fastest 24046945 Jun 13 15:28 istio-1.11.8-linux-amd64.tar.gz
Istio 安装
进入 Istio 安装目录,该目录下:
bin/中包含 istioctl 客户端程序samples/中包含示例应用,比如bookinfo/和httpbin/等。
fastest@fastest:~/istio$ cd istio-1.11.8/
# 设置 istioctl 环境变量
fastest@fastest:~/istio/istio-1.11.8$ export PATH=$PWD/bin:$PATH
使用 istioctl 安装 Istio:
fastest@fastest:~$ istioctl install --set profile=demo -y
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete
Thank you for installing Istio 1.11. Please take a few minutes to tell us about your install/upgrade experience! https://forms.gle/kWULBRjUv7hHci7T6
添加一个 namespace 标签,来指示 Istio 在你以后部署你的应用时自动注入 Envoy sidecar 代理:
$ kubectl label namespace default istio-injection=enabled
namespace/default labeled
Deployment 资源
fastest@fastest:~$ kubectl get deploy -n istio-system
NAME READY UP-TO-DATE AVAILABLE AGE
istio-egressgateway 1/1 1 1 2d17h
istio-ingressgateway 1/1 1 1 42h
istiod 1/1 1 1 2d17h
istio-ingressgateway相关端口:
fastest@fastest:~$ kubectl edit deploy istio-ingressgateway -n istio-system
...
ports:
- containerPort: 15021
hostPort: 15021
protocol: TCP
- containerPort: 8080
hostPort: 80
protocol: TCP
- containerPort: 8443
hostPort: 8443
protocol: TCP
- containerPort: 31400
hostPort: 31400
protocol: TCP
- containerPort: 15443
hostPort: 15443
protocol: TCP
- containerPort: 15090
hostPort: 15090
name: http-envoy-prom
protocol: TCP
...
nodeSelector:
kubernetes.io/hostname: test-n7 # test-n7 对应 ip 为 10.8.30.109
...
Service 资源
fastest@fastest:~$ kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-egressgateway ClusterIP 10.101.220.193 <none> 80/TCP,443/TCP 2d17h
istio-ingressgateway NodePort 10.97.62.184 <none> 15021:30390/TCP,80:32506/TCP,443:30681/TCP,31400:32027/TCP,15443:31796/TCP 23h
istiod ClusterIP 10.97.112.62 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 2d17h
其中,istio-ingressgateway服务在 Istio 安装后默认为LoadBalancer类型,修改为NodePort类型:
fastest@fastest:~$ kubectl edit svc istio-ingressgateway -n istio-system
...
spec:
type: NodePort
...
应用示例
部署
httpbin 应用示例:
fastest@fastest:~/istio/istio-1.11.8/samples/httpbin$ vi httpbin-nodeport.yaml
# Copyright Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##################################################################################################
# httpbin service
##################################################################################################
apiVersion: v1
kind: Service
# Copyright Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##################################################################################################
# httpbin service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: httpbin
labels:
app: httpbin
service: httpbin
spec:
type: NodePort
ports:
- name: http
port: 8000
targetPort: 80
selector:
app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
version: v1
template:
metadata:
labels:
app: httpbin
version: v1
spec:
containers:
- image: docker.io/kennethreitz/httpbin
imagePullPolicy: IfNotPresent
name: httpbin
ports:
- containerPort: 80
部署 httpbin 应用示例:
fastest@fastest:~/istio/istio-1.11.8/samples/httpbin$ kubectl apply -f httpbin-nodeport.yaml
查看 httpbin 服务:
fastest@fastest:~$ kubectl get svc httpbin
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
httpbin NodePort 10.104.239.58 <none> 8000:32048/TCP 2d16h
访问
浏览器地址输入 http://10.8.30.109:32048/ 访问 httpbin 应用示例:
使用 Istio Gateway 配置 Ingress
1. 创建 Istio Gateway
在 8080 端口为 HTTP 流量配置一个 Gateway:
fastest@fastest:~/istio/istio-1.11.8$ vi httpbin-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: httpbin-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 8080
name: http
protocol: HTTP
hosts:
- "httpbin.example.com"
创建 Istio Gateway:
$ kubectl apply -f httpbin-gateway.yaml
2. 配置路由
为通过 Gateway 的入口流量配置路由:
fastest@fastest:~/istio/istio-1.11.8$ vi httpbin-service.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin
spec:
hosts:
- "httpbin.example.com"
gateways:
- httpbin-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
port:
number: 8000
host: httpbin
应用:
$ kubectl apply -f httpbin-service.yaml
访问
本地 hosts 配置:
10.8.30.109 httpbin.example.com
浏览器地址输入 http://httpbin.example.com/ 访问 httpbin 应用示例:
