kubernetes集群编排——istio

官网：https://istio.io/latest/zh/about/service-mesh/

部署

复制代码

[root@k8s2 ~]# tar zxf istio-1.19.3-linux-amd64.tar.gz

[root@k8s2 ~]# cd istio-1.19.3/

[root@k8s2 istio-1.19.3]# export PATH=$PWD/bin:$PATH

demo专为测试准备的功能集合

复制代码

[root@k8s2 istio-1.19.3]# istioctl install --set profile=demo -y

复制代码

[root@k8s2 istio-1.19.3]# kubectl get pod -A

给命名空间添加标签，指示 Istio 在部署应用的时候，自动注入 Envoy 边车代理

复制代码

[root@k8s2 istio-1.19.3]# kubectl label namespace default istio-injection=enabled

部署示例应用

复制代码

[root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml

复制代码

[root@k8s2 istio-1.19.3]# kubectl get pod

创建 Istio 入站网关

复制代码

[root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

复制代码

[root@k8s2 istio-1.19.3]# kubectl -n istio-system get svc

访问应用：http://192.168.92.102/productpage

部署遥测组件

root@k8s2 istio-1.17.1\]# kubectl apply -f samples/addons ![](https://file.jishuzhan.net/article/1725467269791748097/929796d9cec7da1e975b54c4f68d19bc.webp) 待插件部署完毕后，修改kiali服务的访问方式为Loadbalancer ![](https://file.jishuzhan.net/article/1725467269791748097/3ed4a30fa194a738d0a381df85aebb64.webp) 访问kiali：[http://192.168.56.100:20001/](http://192.168.56.100:20001/ "http://192.168.56.100:20001/") ![](https://file.jishuzhan.net/article/1725467269791748097/6435d303cd35b2a114f4ecdd8161f319.webp) ## **流量管理** 将所有流量路由到每个微服务的 v1 版本 [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/destination-rule-all.yaml [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml ![](https://file.jishuzhan.net/article/1725467269791748097/ef430794640bfb213cbe345fc2be2dce.webp) ![](https://file.jishuzhan.net/article/1725467269791748097/c2440de09e785aa3146d74767b2a8fac.webp) 来自名为 Jason 的用户的所有流量将被路由到服务 reviews:v2 [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml ![](https://file.jishuzhan.net/article/1725467269791748097/bb602d1a538969322592c92840ca1c7b.webp) 创建故障注入规则以延迟来自测试用户 jason 的流量 [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml 用户 jason 登陆到 /productpage 页面,出现了一个问题：Reviews 部分显示了错误消息 ![](https://file.jishuzhan.net/article/1725467269791748097/0c89395c9806e51771d7d97941b9cf46.webp) 设置流量转移，将所有流量转移到 reviews:v3 [root@k8s2 istio-1.19.3]# vim samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews spec: hosts: - reviews http: - match: - headers: end-user: exact: jason route: - destination: host: reviews subset: v3 - route: - destination: host: reviews subset: v1 ![](https://file.jishuzhan.net/article/1725467269791748097/33fe36deeb93860e534396872f1fc3cc.webp) [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml ![](https://file.jishuzhan.net/article/1725467269791748097/cf8af25b8379eddc34f8e6879cc6a688.webp) 修改延迟规则为任何低于 2.5 秒的数值，例如 2 秒 [root@k8s2 istio-1.19.3]# vim samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: ratings spec: hosts: - ratings http: - match: - headers: end-user: exact: jason fault: delay: percentage: value: 100.0 fixedDelay: 2s route: - destination: host: ratings subset: v1 - route: - destination: host: ratings subset: v1 ![](https://file.jishuzhan.net/article/1725467269791748097/a56b22863b460fdd4d1f7691665188d3.webp) [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml ![](https://file.jishuzhan.net/article/1725467269791748097/e17dc163f90f948fb1800b01371b7e22.webp) 把 50% 的流量从 reviews:v1 转移到 reviews:v3 [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml ![](https://file.jishuzhan.net/article/1725467269791748097/095bffa592853387ff8e9175b0c016e1.webp) ![](https://file.jishuzhan.net/article/1725467269791748097/da4dcb88b727d77f5bf06b0e1949b389.webp) 当reviews:v3 微服务已经稳定，可以通过应用 Virtual Service 规则将 100% 的流量路由 reviews:v3： [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-v3.yaml ![](https://file.jishuzhan.net/article/1725467269791748097/b2eb5adf9948b733fe521afc5d3cc34b.webp) 清理 [root@k8s2 istio-1.19.3]# samples/bookinfo/platform/kube/cleanup.sh ![](https://file.jishuzhan.net/article/1725467269791748097/89267a9e7f14e9312f40cec4421b5c6d.webp) ## **熔断** 部署 httpbin 服务 [root@k8s2 istio-1.19.3]# kubectl apply -f samples/httpbin/httpbin.yaml ![](https://file.jishuzhan.net/article/1725467269791748097/cab6f05344ebc89af828a804aba32410.webp) 配置熔断规则 [root@k8s2 istio-1.19.3]# kubectl apply -f - < apiVersion: networking.istio.io/v1alpha3 > kind: DestinationRule > metadata: > name: httpbin > spec: > host: httpbin > trafficPolicy: > connectionPool: > tcp: > maxConnections: 1 > http: > http1MaxPendingRequests: 1 > maxRequestsPerConnection: 1 > outlierDetection: > consecutive5xxErrors: 1 > interval: 1s > baseEjectionTime: 3m > maxEjectionPercent: 100 > EOF ![](https://file.jishuzhan.net/article/1725467269791748097/f9a0dcfa75095b8ee58f4e7aa4b47f84.webp) 增加一个客户端 [root@k8s2 istio-1.19.3]# kubectl apply -f samples/httpbin/sample-client/fortio-deploy.yaml ![](https://file.jishuzhan.net/article/1725467269791748097/86bff132ff7d82d1dd3383004ed2c6b5.webp) [root@k8s2 istio-1.19.3]# kubectl get pod [root@k8s2 istio-1.19.3]# kubectl get svc ![](https://file.jishuzhan.net/article/1725467269791748097/a53e9c31932c8658e1b0f532f2b32ad2.webp) 登入客户端 Pod 并使用 Fortio 工具调用 httpbin 服务 [root@k8s2 istio-1.19.3]# export FORTIO_POD=$(kubectl get pods -l app=fortio -o 'jsonpath={.items[0].metadata.name}') [root@k8s2 istio-1.19.3]# kubectl exec "$FORTIO_POD" -c fortio -- /usr/bin/fortio curl -quiet http://httpbin:8000/get ![](https://file.jishuzhan.net/article/1725467269791748097/77d03daae235b0175f8328818ef66648.webp) 触发熔断器 发送并发数为 2 的连接（-c 2），请求 20 次（-n 20） [root@k8s2 istio-1.19.3]# kubectl exec "$FORTIO_POD" -c fortio -- /usr/bin/fortio load -c 2 -qps 0 -n 20 -loglevel Warning http://httpbin:8000/get ![](https://file.jishuzhan.net/article/1725467269791748097/46b1ac3de0d4e4a25952cd368a151930.webp) istio-proxy 确实允许存在一些误差 将并发连接数提高到 3 个 [root@k8s2 istio-1.19.3]# kubectl exec "$FORTIO_POD" -c fortio -- /usr/bin/fortio load -c 3 -qps 0 -n 30 -loglevel Warning http://httpbin:8000/get ![](https://file.jishuzhan.net/article/1725467269791748097/fbd069d8c3314ca768342bed4248c96d.webp) 将并发连接数提高到 5 个 [root@k8s2 istio-1.19.3]# kubectl exec "$FORTIO_POD" -c fortio -- /usr/bin/fortio load -c 5 -qps 0 -n 30 -loglevel Warning http://httpbin:8000/get ![](https://file.jishuzhan.net/article/1725467269791748097/d36ab5fcb36e9ee1a3ee026eb84ba291.webp) 均被熔断器拦截 清理 [root@k8s2 istio-1.19.3]# kubectl delete destinationrule httpbin [root@k8s2 istio-1.19.3]# kubectl delete -f samples/httpbin/sample-client/fortio-deploy.yaml [root@k8s2 istio-1.19.3]# kubectl delete -f samples/httpbin/httpbin.yaml ![](https://file.jishuzhan.net/article/1725467269791748097/912d14faf579bc03a8ba5d690bf5cf7b.webp) 卸载istio [root@k8s2 istio-1.19.3]# istioctl uninstall -y --purge ![](https://file.jishuzhan.net/article/1725467269791748097/f4843e093a7bf11d18bbf4854ef8e902.webp) [root@k8s2 istio-1.19.3]# kubectl label namespace default istio-injection-