Istio笔记01--快速体验Istio
- 介绍
- 部署与测试
- 部署k8s
- 安装istio
- 测试istio
- 注意事项
- 说明
介绍
Istio是当前最热门的服务网格产品,已经被广泛应用于各个云厂商和IT互联网公司。企业可以基于Istio轻松构建服务网格,在接入过程中应用代码无需更改,可以体验istio的流量管理、安全、可观测性、扩展性等核心能力。
本文基于ubuntu 2204, k8s 1.30 和istio1.23搭建istio服务网格,并测试基本的bookinfo案例项目。
部署与测试
部署k8s
k8s安装方式比较多了,此处使用kubekey来安装集群。
参考 kubesphere官方文档-在 Linux 上安装 Kubernetes 和 KubeSphere
和 kubekey-readme文档 快速部署k8s集群,具体如下
安装依赖项
sudo apt install socat conntrack ebtables ipset -y设置下载区为cn
export KKZONE=cn下载kubekey
在 https://github.com/kubesphere/kubekey/releases 下载合适版本即可,此处下载 kubekey-v3.1.6-linux-amd64.tar.gz
https://github.com/kubesphere/kubekey/releases/download/v3.1.6/kubekey-v3.1.6-linux-amd64.tar.gz查看支持的k8s版本
./kk version --show-supported-k8s生成配置
./kk create config --with-kubernetes v1.30.0
输出:Generate KubeKey config file successfully
同时生成一个 config-sample.yaml 的文件更改config-sample.yaml中节点信息,部署集群
./kk create cluster -f config-sample.yaml部署完成后通过get nodes查看集群信息
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
node1 Ready control-plane,worker 3m56s v1.30.0集群测试完毕可以按需删除集群
./kk delete cluster -f config-sample.yaml
此处以单节点为例, config-sample.yaml配置文件如下,需要按需修改 spec.hosts中的内容
apiVersion: kubekey.kubesphere.io/v1alpha2
kind: Cluster
metadata:name: test-cluster01
spec:hosts:- {name: node1, address: 10.xx.xx.xx, internalAddress: 10.xx.xx.xx, user: root, password: "your-password"}roleGroups:etcd:- node1control-plane: - node1worker:- node1controlPlaneEndpoint:## Internal loadbalancer for apiservers # internalLoadbalancer: haproxydomain: lb.kubesphere.localaddress: ""port: 6443kubernetes:version: v1.30.0clusterName: cluster.localautoRenewCerts: truecontainerManager: containerdetcd:type: kubekeynetwork:plugin: calicokubePodsCIDR: 10.233.64.0/18kubeServiceCIDR: 10.233.0.0/18## multus support. https://github.com/k8snetworkplumbingwg/multus-cnimultusCNI:enabled: falseregistry:privateRegistry: ""namespaceOverride: ""registryMirrors: []insecureRegistries: []addons: []
安装成功后可以get nodes看到集群节点信息,如下图
安装istio
参考 使用 Istioctl 安装 istio,
可以从 https://istio.io/latest/docs/releases/supported-releases/ 查看istio和k8s的版本对应关系
从 https://istio.io/latest/docs/setup/additional-setup/config-profiles/ 查看各个profile包含的基础组件
具体安装步骤如下:
下载二进制文件(截止24年10月08日最新版本为1.23.2)
$ export ISTIO_VERSION=1.23.2
$ curl -sL https://istio.io/downloadIstioctl | sh -
或者直接下载 wget https://github.com/istio/istio /releases/download/1.23.2/istioctl-1.23.2-linux-amd64.tar.gz , 然后解压即可查看支持的profile
# istioctl profile list查看配置文件
# istioctl profile dump demo安装
# istioctl install --set profile=demo 或者 istioctl manifest apply --set profile=demo
This will install the Istio 1.23.2 "demo" profile (with components: Istio core, Istiod, Ingress gateways, and Egress gateways) into the cluster. Proceed? (y/N) y
✔ Istio core installed ⛵️
✔ Istiod installed 🧠
✔ Egress gateways installed 🛫
✔ Ingress gateways installed 🛬
✔ Installation complete 查看istio相关服务
# kubectl -n istio-system get po
NAME READY STATUS RESTARTS AGE
istio-egressgateway-57b6df4bcd-h62qb 1/1 Running 0 23s
istio-ingressgateway-5f9f654d46-zsk6x 1/1 Running 0 23s
istiod-7f8b586864-xhdr7 1/1 Running 0 25s卸载istio
# istioctl uninstall --purge
安装成功后如下图所示:
测试istio
- 创建gateway crd
kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || \ { kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml; } - 给default 命名空间开启istio注入
$ kubectl label namespace default istio-injection=enabled - 部署 bookinfo案例
也可以通过 curl -L https://istio.io/downloadIstio | sh - 下载最新的istio安装包,该安装包包含二进制文件和案例yaml 也可以直接下载 [istio-1.23.2-linux-amd64.tar.gz](https://github.com/istio/istio/releases/download/1.23.2/istio-1.23.2-linux-amd64.tar.gz)kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yamlservice/details created serviceaccount/bookinfo-details created deployment.apps/details-v1 created service/ratings created serviceaccount/bookinfo-ratings created deployment.apps/ratings-v1 created service/reviews created serviceaccount/bookinfo-reviews created deployment.apps/reviews-v1 created deployment.apps/reviews-v2 created deployment.apps/reviews-v3 created service/productpage created serviceaccount/bookinfo-productpage created deployment.apps/productpage-v1 created测试确认服务正常running kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>" 输出: <title>Simple Bookstore App</title> - 创建gateway和vs
# kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml # 此处使用轻微调整后的 bookinfo-gw.yaml apiVersion: networking.istio.io/v1 kind: Gateway metadata:name: bookinfo-gatewaynamespace: istio-system spec:selector:istio: ingressgatewayservers:- hosts:- 'bookinfo.xg.com'port:name: httpnumber: 80protocol: HTTP # bookinfo-vs.yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata:name: bookinfo spec:hosts:- "bookinfo.xg.com"gateways:- istio-system/default-gwhttp:- match:- uri:exact: /productpage- uri:prefix: /static- uri:exact: /login- uri:exact: /logout- uri:prefix: /api/v1/productsroute:- destination:host: productpageport:number: 9080 # kubectl apply -f bookinfo-gw.yaml # kubectl apply -f bookinfo-vs.yaml - 测试
如下图为入口gateway svc信息,80端口NodePort为30425
在本地配置 /etc/nginx/conf.d/bookinfo.conf
在/etc/hosts 配置域名解析,访问 http://bookinfo.xg.com/productpage ,可正常访问BookInfo系统server {listen 80;server_name bookinfo.xg.com; # 替换为你的域名或IP地址location / {#proxy_pass http://192.168.237.31:80; # 替换为LB IP和端口proxy_pass http://192.168.237.11:30425;proxy_http_version 1.1;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;} }
注意事项
-
如果使用虚拟机的,可以通过NodeIP:NodePort让流量进入到gateway中,如果在裸机上使用openelb或者metallb,可以直接通过LBIP:80/443让流量进入到gateway。
-
访问提示426 Upgrade Required
Istio使用Envoy作为数据面转发HTTP请求,而Envoy默认要求使用HTTP/1.1或HTTP/2, 使用nginx代理的话默认为HTTP/1.0 , 需要设置 proxy_http_version 1.1;
说明
系统软件:
ubuntu 22.04 Server,
istio 1.23.2
kubekey v3.1.6
K8s v1.30.0
参考文档:
istio中文文档
bookinfo 案例
sidecar模式-入门
kubesphere doc
istio.io/latest/docs/setup/install/
openelb.io/docs/getting-started
