Series:
Index List: nine analyze with you easily complete explosion istio Service Grid Tutorial Series
table of Contents
1 Traffic Management
2 to create a namespace
3 resource document preparation
3.1 create a gateway file
3.2 to create a virtual file services
3.3 Creating k8s service file
3.4 Creating k8s deployment file:
3.5 modify istio-ingressgateway deployment
4 Try gateway routing functions
4.1 determine INGRESS_HOST
4.2 browser editor where the hosts file host
4.3 Access tomcat
Section 5
1 traffic management (traffic management)
If you have any questions about the blog, please let me know.
istio four characteristics is traffic management (traffic management), safety (security), policy (policies) and telemetry (observability).
This section focuses on istio traffic management. Traffic management is the essence of network traffic routing and control. Life often have such examples, such as rain landslides, traffic police will divert new transport route, which is the route; for example, to implement odd and even number lines scenic weekend, this is the flow control.
Before the introduction of traffic management, first of all tell us about network flow, introduced a http request after the installation istio of which have been k8s in point, with this introduction, talk about traffic management will be a natural thing.
The following diagram is the network flow graph:
当用户使用浏览器发起一个请求( http://jiuxi.com/xxx )进入 k8s 中的 istio-ingressgateway,因为在 istio-ingressgateway 上设置了 istio 的 gateway,而且此 gateway 又绑定了 virtual service,在 virtual service 设置了 2 条路由规则,分别指向 tomcat 和 nginx 这 2 个 k8s service,而每个 service 又关联到各自的 pod,于是此请求最终可根据 url 触达到 pod 内的容器。
了解了请求流向的整个流程,下面介绍如何操作。前提是你已经安装好了 k8s 和 istio。关于如何安装和配置 istio,可以查看本人的系列文章第一章。
2 创建命名空间
kubectl create ns jiuxi
istio 默认安装在 jiuxi 这个命名空间下,并且设置在 jiuxi 命名空间自动注入 sidecar。相关操作请参考本人系列文章的第一章。
3 资源文件准备
从上图可知,共需要 4 个资源文件(yaml):
1 jiuxi-gateway.yaml
2 jiuxi-virtual-svc.yaml
3 jiuxi-svc.yaml( tomcat 和 nginx 的 service 写在一个文件)
4 jiuxi-deploy.yaml(tomcat 和 nginx 的 deployment 写在一个文件)
3.1 创建网关文件
网关文件 jiuxi-gateway.yaml 文件内容如下:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: jiuxi-gateway
namespace: jiuxi
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- jiuxi.com
port:
number: 80
name: http
protocol: HTTP
创建资源:
kubectl apply -f jiuxi-gateway.yaml
3.2 创建虚拟服务文件
虚拟服务文件 jiuxi-virtual-svc.yaml 文件内容如下:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: jiuxi-virtual-svc
namespace: jiuxi
spec:
gateways:
- jiuxi-gateway
hosts:
- jiuxi.com
http:
- route:
- destination:
host: tomcat-svc
port:
number: 8080
weight: 50
- destination:
host: nginx-svc
port:
number: 80
weight: 50
创建资源:
kubectl apply -f jiuxi-virtual-svc.yaml
3.3 创建 k8s service 文件
服务文件 jiuxi-svc.yaml 文件内容如下:
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
namespace: jiuxi
spec:
ports:
- name: port
port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-pod
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-svc
namespace: jiuxi
spec:
ports:
- name: port
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: tomcat-pod
创建资源:
kubectl apply -f jiuxi-svc.yaml
3.4 创建 k8s deployment 文件
jiuxi-deploy 文件内容如下:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-deploy
name: nginx-deploy
namespace: jiuxi
spec:
replicas: 1
selector:
matchLabels:
app: nginx-pod
template:
metadata:
labels:
app: nginx-pod
spec:
containers:
- image: nginx:1.14-alpine
imagePullPolicy: Always
name: nginx
ports:
- containerPort: 80
name: port
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: tomcat-deploy
name: tomcat-deploy
namespace: jiuxi
spec:
replicas: 1
selector:
matchLabels:
app: tomcat-pod
template:
metadata:
labels:
app: tomcat-pod
spec:
containers:
- image: docker.io/kubeguide/tomcat-app:v1
imagePullPolicy: Always
name: tomcat
ports:
- containerPort: 8080
name: port
protocol: TCP
创建资源:
kubectl apply -f jiuxi-deploy.yaml
3.5 修改 istio-ingressgateway deployment
This step is important, because by default istio-ingressgateway corresponding container and not exposed to outside service grid, so we need to expose it. Edit istio-system named istio-ingressgateway deployment in space:
kubectl edit deployment -n istio-system istio-ingressgateway
Content below shot:
4 Try gateway routing functions
4.1 determine INGRESS_HOST
kubectl get pod -n istio-system -o wide
Execution results are shown in FIG, it is the INGRESS_HOST 10.110.101.205.
4.2 browser editor where the hosts file host
vim /etc/hosts # linux
c:/windows/system32/drivers/etc/hosts # windows
Add DNS records:
10.110.101.205 jiuxi.com # rewritten according to the actual situation of the individual
4.3 Access tomcat
Browser input http://jiuxi.com, to help try to refresh a few times, you will see traffic routed to the tomcat service nginx and went, and the flow has basically reached the average, 50% each.
Section 5
Since we use istio the gateway and virtual service implements traffic management functions. Here we will continue to Paodingjieniu istio other powerful features.