install
Install k8s Strong Interruption Advertisement
Three-step installation, not much to say
helm installation is recommended for production environments.
<!--more-->
As I used version 2.9.1
yum install -y socat # This does not pretend to be wrong.
[root@istiohost ~]# wget https://storage.googleapis.com/kubernetes-helm/helm-v2.9.1-linux-amd64.tar.gz [root@istiohost ~]# tar zxvf helm-v2.9.1-linux-amd64.tar.gz [root@istiohost ~]# cp linux-amd64/helm /usr/bin
First create a service account to give administrator privileges to helm:
[root@istiohost ~]# cat helmserviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: tiller namespace: kube-system --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: tiller-clusterrolebinding subjects: - kind: ServiceAccount name: tiller namespace: kube-system roleRef: kind: ClusterRole name: cluster-admin apiGroup: ""
kubectl create -f helmserviceaccount.yaml
Install helm server tiller:
helm init --service-account tiller # upgrade parameter if installed helm list #No return indicates success
Install istio
curl -L https://git.io/getLatestIstio | sh - cd istio-1.0.0/ export PATH=$PWD/bin:$PATH
Before helm 2.10.0, you need to install CRD:
kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml kubectl apply -f install/kubernetes/helm/istio/charts/certmanager/templates/crds.yaml
Install istio. Since you don't have LB, replace it with NodePort:
helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set gateways.istio-ingressgateway.type=NodePort --set gateways.istio-egressgateway.type=NodePort
Successful installation:
[root@istiohost istio-1.0.0]# kubectl get pod -n istio-system NAME READY STATUS RESTARTS AGE istio-citadel-7d8f9748c5-ntqnp 1/1 Running 0 5m istio-egressgateway-676c8546c5-2w4cq 1/1 Running 0 5m istio-galley-5669f7c9b-mkxjg 1/1 Running 0 5m istio-ingressgateway-5475685bbb-96mbr 1/1 Running 0 5m istio-pilot-5795d6d695-gr4h4 2/2 Running 0 5m istio-policy-7f945bf487-gkpxr 2/2 Running 0 5m istio-sidecar-injector-d96cd9459-674pk 1/1 Running 0 5m istio-statsd-prom-bridge-549d687fd9-6cbzs 1/1 Running 0 5m istio-telemetry-6c587bdbc4-jndjn 2/2 Running 0 5m prometheus-6ffc56584f-98mr9 1/1 Running 0 5m [root@istiohost istio-1.0.0]# kubectl get svc -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-citadel ClusterIP 10.108.253.89 <none> 8060/TCP,9093/TCP 5m istio-egressgateway NodePort 10.96.151.14 <none> 80:30830/TCP,443:30038/TCP 5m istio-galley ClusterIP 10.102.83.130 <none> 443/TCP,9093/TCP 5m istio-ingressgateway NodePort 10.99.194.13 <none> 80:31380/TCP,443:31390/TCP,31400:31400/TCP,15011:31577/TCP,8060:30037/TCP,15030:31855/TCP,15031:30775/TCP 5m istio-pilot ClusterIP 10.101.4.143 <none> 15010/TCP,15011/TCP,8080/TCP,9093/TCP 5m istio-policy ClusterIP 10.106.221.68 <none> 9091/TCP,15004/TCP,9093/TCP 5m istio-sidecar-injector ClusterIP 10.100.5.170 <none> 443/TCP 5m istio-statsd-prom-bridge ClusterIP 10.107.28.242 <none> 9102/TCP,9125/UDP 5m istio-telemetry ClusterIP 10.105.66.20 <none> 9091/TCP,15004/TCP,9093/TCP,42422/TCP 5m prometheus ClusterIP 10.103.128.152 <none> 9090/TCP
Use tutorials
Bookinfo Application
- Product page calls details and reviews to render pages
- details contain book information
- Review Book Feedback, Call ratings Service
- ratings Book Rental Information
The reviews service has three versions:
- V1 does not request ratings
- V2 requests ratings and returns 1 to 5 black stars
- V3 requests ratings and returns 1 to 5 red stars
Data plane:
Installation application:
kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)
Installation completed:
[root@istiohost istio-1.0.0]# kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE details ClusterIP 10.104.66.31 <none> 9080/TCP 2m kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4h productpage ClusterIP 10.109.68.13 <none> 9080/TCP 2m ratings ClusterIP 10.99.55.110 <none> 9080/TCP 2m reviews ClusterIP 10.102.19.129 <none> 9080/TCP 2m [root@istiohost istio-1.0.0]# kubectl get pods NAME READY STATUS RESTARTS AGE details-v1-fc9649d9c-dpnlp 2/2 Running 0 2m productpage-v1-58845c779c-7g8th 2/2 Running 0 2m ratings-v1-6cc485c997-fb7nh 2/2 Running 0 2m reviews-v1-76987687b7-x5n7z 2/2 Running 0 2m reviews-v2-86749dcd5-xchzb 2/2 Running 0 2m reviews-v3-7f4746b959-nthrq 2/2 Running 0 2m
Create a gateway for accessibility outside the cluster
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
Browser access url: 47.254.28.88 is my node ip, using nodeport mode
http://47.254.28.88:31380/productpage
If you click three times in a row, you will find that there are no stars on the right - > black stars - > red stars switch, corresponding to three versions of review, the default strategy is polling.
Create destination rules, configure routing access rules, and now poll
kubectl apply -f samples/bookinfo/networking/destination-rule-all.yaml
Intelligent Routing
request routing
Version-based routing
Switch all routes to v1 version
kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml
After this, no matter how we brush the page, we can't see the stars, because the v1 version has no stars.
You can see that destination is like this:
http: - route: - destination: host: details subset: v1
Imagine how easy it would be for us to switch versions.
According to user routing
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
You'll find that you can see the black stars when you log in with a jason user, while the pages you see in other ways are starless.
Because this user has gone v2 version, can it be powerful? Of course, we can also do routing according to header, let's not say much.
http: - match: - headers: end-user: exact: jason route: - destination: host: reviews subset: v2 - route: - destination: host: reviews subset: v1
Fault injection
kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
Assuming that there is a bug in the code, user jason, reviews:v2 accesses ratings with a 10s card, we still hope that the end-to-end test will run smoothly.
kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml
Injection errors give jason users a 7s delay
hosts: - ratings http: - fault: delay: fixedDelay: 7s percent: 100 match: - headers: end-user: exact: jason route: - destination: host: ratings subset: v1 - route: - destination: host: ratings subset: v1
At this point, it's obvious that there will be an error in accessing the page, because we want to return within 7 seconds, so we find a delayed bug.
Error fetching product reviews! Sorry, product reviews are currently unavailable for this book.
So we may discover these abnormal phenomena by fault injection.
Link Switching Traffic Shifting
We first send 50% traffic to reviews:v1 50% traffic to v3, and then cut 100% traffic to v3.
Cut 100% flow to v1
kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml
At this time, no matter how many brushes, there are no stars.
v1 v3 50% flow
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml
- route: - destination: host: reviews subset: v1 weight: 50 - destination: host: reviews subset: v3 weight: 50
At this point, there will be stars and there will be no stars, but it is no longer a polling algorithm.
Total cut v3
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-v3.yaml
At this time, no matter how brush is red heart
Scanning Focus on sealyun
Exploring additive QQ groups: 98488045