安装
下载istio
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.20.2 TARGET_ARCH=x86_64 sh -
设置env
cd istio-1.20.2
export PATH=$PWD/bin:$PATH
预检
istioctl x precheck
安装istio
istioctl install --set profile=demo -y
实验
设置sidecar自动注入
kubectl create ns demo
kubectl label namespace demo istio-injection=enabled
部署负载
负载1
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
name: demo1
namespace: demo
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: demo1
type: ClusterIP
---
apiVersion: v1
kind: Pod
metadata:
labels:
app: demo1
name: demo1
namespace: demo
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: app
restartPolicy: Always
EOF
负载2
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
name: demo2
namespace: demo
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: demo2
type: ClusterIP
---
apiVersion: v1
kind: Pod
metadata:
labels:
app: demo2
name: demo2
namespace: demo
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: app
restartPolicy: Always
EOF
负载3
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
name: demo3
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: demo3
type: ClusterIP
---
apiVersion: v1
kind: Pod
metadata:
labels:
app: demo3
name: demo3
namespace: default
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: app
restartPolicy: Always
EOF
测试pod to pod访问
pod(with sidecar) to pod(with sidecar)
kubectl exec -it -n demo demo1 -- curl demo2
kubectl exec -it -n demo demo2 -- curl demo1
pod(without sidecar) to pod(with sidecar)
kubectl exec -it -n default demo3 -- curl demo1.demo.svc.cluster.local
pod(with sidecar) to pod(without sidecar)
kubectl exec -it -n demo demo1 -- curl demo3.default.svc.cluster.local
暴露
负载1
cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: demo1
namespace: demo
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "demo1.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: demo1
namespace: demo
spec:
hosts:
- "demo1.com"
gateways:
- demo1
http:
- match:
- uri:
prefix: /
route:
- destination:
host: demo1
port:
number: 80
EOF
负载2
cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: demo2
namespace: demo
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "demo2.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: demo2
namespace: demo
spec:
hosts:
- "demo2.com"
gateways:
- demo2
http:
- match:
- uri:
prefix: /
route:
- destination:
host: demo2
port:
number: 80
EOF
负载3
cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: demo3
namespace: default
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "demo3.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: demo3
namespace: default
spec:
hosts:
- "demo3.com"
gateways:
- demo3
http:
- match:
- uri:
prefix: /
route:
- destination:
host: demo3
port:
number: 80
EOF
测试pod暴露
获取INGRESS_HOST和INGRESS_PORT
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')
测试demo1
curl -H 'Host:demo1.com' http://$INGRESS_HOST:$INGRESS_PORT
测试demo2
curl -H 'Host:demo1.com' http://$INGRESS_HOST:$INGRESS_PORT
测试demo3
curl -H 'Host:demo3.com' http://$INGRESS_HOST:$INGRESS_PORT
使用面板
部署addon
kubectl apply -f samples/addons
kubectl rollout status deployment/kiali -n istio-system
启动kiali
istioctl dashboard kiali
发起请求
kubectl exec -it -n demo demo2 -- curl demo1
kiali左边选择Graph后namespace选择demo,得到如图
