reference
This article istio quick start deployment, generally used for presentation environment.
1. Preparations
- k8s cluster to support automatic injection istio need to check the startup parameters api server, ensuring that
admission control
partially enabled in orderMutatingAdmissionWebhook
toValidatingAdmissionWebhook
; - By
kube-apiserver -h | grep enable-admission-plugins
viewing enabledadmission control
- Which plugins are enabled by default
2. Download
# 下载1.1.7版本
wget https://github.com/istio/istio/releases/download/1.1.7/istio-1.1.7-linux.tar.gz
# tar -zxvf istio-1.1.7-linux.tar.gz
3. Implementation
cd istio-1.1.7
kubectl apply -f install/kubernetes/istio-demo.yaml
# "-w" 参数用于持续查询pod状态变化;
# pod状态为 "Completed" 时, 表示执行 "Job" 留下的pod, "Completed" 状态说明 "Job" 执行成功
kubectl get pod -n istio-system -w
4. Application Example
4.1 application deployment
git clone https://github.com/fleeto/flaskapp.git
cd flaskapp
cat flask.istio.yaml
apiVersion: v1
kind: Service
metadata:
name: flaskapp
labels:
app: flaskapp
spec:
# "selector" 仅使用1个标签,则 "Service" 对两个 "Deployment" 均有效
selector:
app: flaskapp
ports:
# 根据istio规范对端口进行命名
- name: http
port: 80
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: flaskapp-v1
spec:
replicas: 1
template:
metadata:
# 两个标签,其中以不同的 "version" 标签进行区分;
# istio中通常使用这两个标签作为应用与版本的标识
labels:
app: flaskapp
version: v1
spec:
containers:
- name: flaskapp
# image一致
image: dustise/flaskapp
imagePullPolicy: Always
# 注册一个名为 "version" 的环境变量,两个应用取值不同
env:
- name: version
value: v1
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: flaskapp-v2
spec:
replicas: 1
template:
metadata:
labels:
app: flaskapp
version: v2
spec:
containers:
- name: flaskapp
image: dustise/flaskapp
imagePullPolicy: Always
env:
- name: version
value: v2
# 部署应用
kubectl apply -f flask.istio.yaml
4.2 deployment istio
- Used
istioctl
for injection, modifications thereofDeployment
, the injection PodSidecar
vessel.
# 注入 "sidecar"
istioctl kube-inject -f flask.istio.yaml | kubectl apply -f -
# 查看pod
# pod中容器数量从"1"变为"2"
kubectl get pod -w
# 注入容器 "istio-proxy" ;
# 另有初始化劫持容器 "istio-init"
kubectl describe pod flaskapp-v1-66b59cdfc6-zk9sz
Deploying the Client Services 4.3
git clone https://github.com/fleeto/sleep.git
cd sleep/kubernetes/
# 虽然客户端服务不需要提供对外服务能力, 但 "sleep.yaml" 仍然需要创建 "Service" 资源对象;
# istio注入要求: 没有 "Service" 的 "Deployment" 无法被istio发现并进行操作
istioctl kube-inject -f sleep.yaml | kubectl apply -f -
# 验证
kubectl get pod -w
4.4 Authentication Service
# 重复获取 "http://flaskapp/env/version" 的内容;
# 返回结果:"v2" 与 "v1" 结果随机出现,大约各一半
kubectl exec -it sleep-5f47f5c866-9xtsf -c sleep bash
bash-4.4# for i in `seq 10` ; do http --body http://flaskapp/env/version ; done
4.5 goals rule and create a default route
4.5.1 goals rule
# 使用 Pod 标签将 "flaskapp" 服务分成两个 "subset"
cat flaskapp/flaskapp-destinationrule.yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: flaskapp
spec:
host: flaskapp
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
4.5.2 default route
Suggestions: Whether or not further flow control, suggest creating a default routing rules for the grid service, access to prevent unexpected results occur.
# "VirtualService" 资源对象,接管对 "flaskapp" 主机名的访问,将所有流量转发到 "DestinationRule" 资源对象定义的 "v2 subset"
cat flaskapp/flaskapp-default-vs-v2.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: flaskapp-default-v2
spec:
hosts:
- flaskapp
http:
- route:
- destination:
host: flaskapp
subset: v2
4.5.3 verification
# 重复获取 "http://flaskapp/env/version" 的内容;
# 返回结果:只有 "v2" 返回,默认路由已生效
kubectl exec -it sleep-5f47f5c866-9xtsf -c sleep bash
bash-4.4# for i in `seq 10` ; do http --body http://flaskapp/env/version ; done
5. Summary
Typical process: injection -> Deployment -> Create goals rule -> Create a default route.