【kubernetes】Minikube-Istio初探

Minikube-Istio初探

设置Minikube

删除Minikube

1
$ minikube delete

启动Minikube

1
2
3
4
5
6
7
8
9
10
11
12
# 启动 指定国内仓库,由于istio官方建议加大内存和cpu,推荐driver设置为VM
# docker驱动启动会报错https://docs.docker.com/engine/install/linux-postinstall/#your-kernel-does-not-support-cgroup-swap-limit-capabili
$ minikube start --memory=8192MB --cpus=4 --image-mirror-country='cn' --vm-driver=virtualbox

# 检查状态
$ minikube addons enable dashboard

# 访问面板
$ minikube dashboard

# 访问web前端
$ kubectl proxy

探索Istio

安装Istio

1 命令行CI安装

2 初始化demo,可选default,demo,minimal,生产系统一般用default

1
2
3
4
5
6
7
8
9
10
$ istioctl install --set profile=demo -y

✔ Istio core installed                                                                                                                                                                               
✔ Istiod installed                                                                                                                                                                                   
✔ Ingress gateways installed                                                                                                                                                                         
✔ Egress gateways installed                                                                                                                                                                          
✔ Installation complete                                                                                                                                                                              Making this installation the default for injection and validation.

Thank you for installing Istio 1.12.  Please take a few minutes to tell us about your install/upgrade experience!  https://forms.gle/FegQbc9UvePd4Z9z7

3 添加default命名空间label标识istio,为了在部署应用的时候自动注入Envoy sidecar proxies

1
2
3
$ kubectl label namespace default istio-injection=enabled

namespace/default labeled

官网 Bookinfo Demo演示

网站包括四个微服务:

productpage :本服务会调用 details 和 reviews 两个微服务,用来生成页面。
details :这个微服务包含了书籍的信息。
reviews :这个微服务包含了书籍相关的评论。它还会调用 ratings 微服务。
ratings :ratings 微服务中包含了由书籍评价组成的评级信息。

reviews 微服务有 3 个版本:

v1 版本不会调用 ratings 服务。
v2 版本会调用 ratings 服务,并使用 1 到 5 个黑色星形图标来显示评分信息。
v3 版本会调用 ratings 服务,并使用 1 到 5 个红色星形图标来显示评分信息。

1 Deploy the Bookinfo sample application:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
kubectl apply -f https://gitee.com/melodyfff/istio/raw/master/samples/bookinfo/platform/kube/bookinfo.yaml

service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created

2 The application will start. As each pod becomes ready, the Istio sidecar will be deployed along with it.

1
2
3
4
5
6
7
8
$ kubectl get svc

NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
details       ClusterIP   10.103.244.170   <none>        9080/TCP   35m
kubernetes    ClusterIP   10.96.0.1        <none>        443/TCP    93m
productpage   ClusterIP   10.100.103.177   <none>        9080/TCP   35m
ratings       ClusterIP   10.96.29.16      <none>        9080/TCP   35m
reviews       ClusterIP   10.110.16.242    <none>        9080/TCP   35m

and

1
2
3
4
5
6
7
8
9
$ kubectl get pods

NAME                              READY   STATUS    RESTARTS   AGE
details-v1-5498c86cf5-klv2f       2/2     Running   0          36m
productpage-v1-65b75f6885-mwhf2   2/2     Running   0          36m
ratings-v1-b477cf6cf-b5nbl        2/2     Running   0          36m
reviews-v1-79d546878f-pndk6       2/2     Running   0          36m
reviews-v2-548c57f459-4n6cj       2/2     Running   0          36m
reviews-v3-6dd79655b9-l2fkf       2/2     Running   0          36m

3 Verify everything is working correctly up to this point. Run this command to see if the app is running inside the cluster and serving HTML pages by checking for the page title in the response:

1
2
3
$ kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"

<title>Simple Bookstore App</title>

or
Minikube运行minikube tunnel访问http://10.100.103.177:9080

向外部流量打开应用程序

Bookinfo 应用程序已部署,但无法从外部访问。 为了使其可访问,您需要创建一个 Istio Ingress Gateway,它将路径映射到网格边缘的路由。

1 Associate this application with the Istio gateway:

1
2
3
4
$ kubectl apply -f https://gitee.com/melodyfff/istio/raw/master/samples/bookinfo/networking/bookinfo-gateway.yaml

gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created

2 Ensure that there are no issues with the configuration:

1
2
3
$ istioctl analyze

✔ No validation issues found when analyzing namespace: default.

确定入口IP和端口

通过kubectl get svc istio-ingressgateway -n istio-system查看

1
2
NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                                                                      AGE
istio-ingressgateway   LoadBalancer   10.107.90.15   10.107.90.15   15021:31768/TCP,80:31278/TCP,443:31472/TCP,31400:31545/TCP,15443:32033/TCP   96m

minikube

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# Set the ingress ports
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')

echo "$INGRESS_PORT"
echo "$SECURE_INGRESS_PORT"

# Set the ingress IP:
export INGRESS_HOST=$(minikube ip)
echo "$INGRESS_HOST"

# Run this command in a new terminal window to start a Minikube tunnel that sends traffic to your Istio Ingress Gateway:
minikube tunnel

# Set GATEWAY_URL:
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
echo "$GATEWAY_URL" # 192.168.59.101:31278

# 访问应用
curl http://192.168.59.101:31278/productpage
curl http://192.168.59.101:31278/productpage?u=normal
curl http://192.168.59.101:31278/productpage?u=test

Other platforms

https://istio.io/latest/docs/setup/getting-started/#determining-the-ingress-ip-and-ports

查看仪表板

1 Use the following instructions to deploy the Kiali dashboard, along with Prometheus, Grafana, and Jaeger.

1
2
3
4
5
6
# 部署
$ git clone https://gitee.com/melodyfff/istio.git
$ kubectl apply -f istio/samples/addons

# 查看状态
$ kubectl rollout status deployment/kiali -n istio-system

2 Access the Kiali dashboard

Visualizing Your Mesh

1
$ istioctl dashboard kiali

3 In the left navigation menu, select Graph and in the Namespace drop down, select default.

1
2
# for i in $(seq 1 100);do curl -s -o /dev/null "http://192.168.59.101:31278/productpage" ;done
$ for i in $(seq 1 100); do curl -s -o /dev/null "http://$GATEWAY_URL/productpage" ; done

4 Grafana

Visualizing Metrics with Grafana

1
$ istioctl dashboard grafana

Visit http://localhost:3000/d/G8wLrJIZk/istio-mesh-dashboard in your web browser.

visit http://localhost:3000/d/LJ_uJAvmk/istio-service-dashboard in your web browser.

visit http://localhost:3000/d/UbsSZTDik/istio-workload-dashboard in your web browser.

5 Prometheus

Querying Metrics from Prometheus

1
2
# key : istio_requests_total
$ istioctl dashboard prometheus

卸載

To delete the Bookinfo sample application and its configuration, see Bookinfo cleanup

Istio 卸载会分层删除 istio-system 命名空间下的 RBAC 权限和所有资源。 忽略不存在资源的错误是安全的,因为它们可能已被分层删除。 

1
2
3
$ kubectl delete -f samples/addons
$ istioctl manifest generate --set profile=demo | kubectl delete --ignore-not-found=true -f -
$ istioctl tag remove default

The istio-system namespace is not removed by default. If no longer needed, use the following command to remove it:

1
$ kubectl delete namespace istio-system

The label to instruct Istio to automatically inject Envoy sidecar proxies is not removed by default. If no longer needed, use the following command to remove it:

1
$  kubectl label namespace default istio-injection-

参考

Istio - Getting Started

Istio - Bookinfo Application

Minikube Document

K8S官网文档

Istio-Minikube

minikube/helm/istio初体验

Envoy sidecar proxy