• kubernetes集群编排——istio


    官网:https://istio.io/latest/zh/about/service-mesh/

    部署

    [root@k8s2 ~]# tar zxf istio-1.19.3-linux-amd64.tar.gz
    1. [root@k8s2 ~]# cd istio-1.19.3/
    2. [root@k8s2 istio-1.19.3]# export PATH=$PWD/bin:$PATH

    demo专为测试准备的功能集合

    [root@k8s2 istio-1.19.3]# istioctl install --set profile=demo -y

    [root@k8s2 istio-1.19.3]# kubectl get pod -A

    给命名空间添加标签,指示 Istio 在部署应用的时候,自动注入 Envoy 边车代理

    [root@k8s2 istio-1.19.3]# kubectl label namespace default istio-injection=enabled

    部署示例应用

    [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml

    [root@k8s2 istio-1.19.3]# kubectl get pod

    创建 Istio 入站网关

    [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

    [root@k8s2 istio-1.19.3]# kubectl -n istio-system get svc

    访问应用:http://192.168.92.102/productpage

    部署遥测组件

    [root@k8s2 istio-1.17.1]# kubectl apply -f samples/addons

    待插件部署完毕后,修改kiali服务的访问方式为Loadbalancer

    访问kiali:http://192.168.56.100:20001/

    流量管理

    将所有流量路由到每个微服务的 v1 版本

    1. [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/destination-rule-all.yaml
    2. [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml

    来自名为 Jason 的用户的所有流量将被路由到服务 reviews:v2

    [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml

    创建故障注入规则以延迟来自测试用户 jason 的流量

    [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml

    用户 jason 登陆到 /productpage 页面,出现了一个问题:Reviews 部分显示了错误消息

    设置流量转移,将所有流量转移到 reviews:v3

    [root@k8s2 istio-1.19.3]# vim  samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
    1. apiVersion: networking.istio.io/v1alpha3
    2. kind: VirtualService
    3. metadata:
    4. name: reviews
    5. spec:
    6. hosts:
    7. - reviews
    8. http:
    9. - match:
    10. - headers:
    11. end-user:
    12. exact: jason
    13. route:
    14. - destination:
    15. host: reviews
    16. subset: v3
    17. - route:
    18. - destination:
    19. host: reviews
    20. subset: v1

    [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml

    修改延迟规则为任何低于 2.5 秒的数值,例如 2 秒

    [root@k8s2 istio-1.19.3]# vim  samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml
    1. apiVersion: networking.istio.io/v1alpha3
    2. kind: VirtualService
    3. metadata:
    4. name: ratings
    5. spec:
    6. hosts:
    7. - ratings
    8. http:
    9. - match:
    10. - headers:
    11. end-user:
    12. exact: jason
    13. fault:
    14. delay:
    15. percentage:
    16. value: 100.0
    17. fixedDelay: 2s
    18. route:
    19. - destination:
    20. host: ratings
    21. subset: v1
    22. - route:
    23. - destination:
    24. host: ratings
    25. subset: v1

    [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml

    把 50% 的流量从 reviews:v1 转移到 reviews:v3

    [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml

    当reviews:v3 微服务已经稳定,可以通过应用 Virtual Service 规则将 100% 的流量路由 reviews:v3:

    [root@k8s2 istio-1.19.3]# kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-v3.yaml

    清理

    [root@k8s2 istio-1.19.3]# samples/bookinfo/platform/kube/cleanup.sh

    熔断

    部署 httpbin 服务

    [root@k8s2 istio-1.19.3]# kubectl apply -f samples/httpbin/httpbin.yaml

    配置熔断规则

    1. [root@k8s2 istio-1.19.3]# kubectl apply -f - <<EOF
    2. > apiVersion: networking.istio.io/v1alpha3
    3. > kind: DestinationRule
    4. > metadata:
    5. > name: httpbin
    6. > spec:
    7. > host: httpbin
    8. > trafficPolicy:
    9. > connectionPool:
    10. > tcp:
    11. > maxConnections: 1
    12. > http:
    13. > http1MaxPendingRequests: 1
    14. > maxRequestsPerConnection: 1
    15. > outlierDetection:
    16. > consecutive5xxErrors: 1
    17. > interval: 1s
    18. > baseEjectionTime: 3m
    19. > maxEjectionPercent: 100
    20. > EOF

    增加一个客户端

    [root@k8s2 istio-1.19.3]# kubectl apply -f samples/httpbin/sample-client/fortio-deploy.yaml

    1. [root@k8s2 istio-1.19.3]# kubectl get pod
    2. [root@k8s2 istio-1.19.3]# kubectl get svc

    登入客户端 Pod 并使用 Fortio 工具调用 httpbin 服务

    1. [root@k8s2 istio-1.19.3]# export FORTIO_POD=$(kubectl get pods -l app=fortio -o 'jsonpath={.items[0].metadata.name}')
    2. [root@k8s2 istio-1.19.3]# kubectl exec "$FORTIO_POD" -c fortio -- /usr/bin/fortio curl -quiet http://httpbin:8000/get

    触发熔断器

    发送并发数为 2 的连接(-c 2),请求 20 次(-n 20)

    [root@k8s2 istio-1.19.3]# kubectl exec "$FORTIO_POD" -c fortio -- /usr/bin/fortio load -c 2 -qps 0 -n 20 -loglevel Warning http://httpbin:8000/get

    istio-proxy 确实允许存在一些误差

    将并发连接数提高到 3 个

    [root@k8s2 istio-1.19.3]# kubectl exec "$FORTIO_POD" -c fortio -- /usr/bin/fortio load -c 3 -qps 0 -n 30 -loglevel Warning http://httpbin:8000/get

    将并发连接数提高到 5 个

    [root@k8s2 istio-1.19.3]# kubectl exec "$FORTIO_POD" -c fortio -- /usr/bin/fortio load -c 5 -qps 0 -n 30 -loglevel Warning http://httpbin:8000/get

    均被熔断器拦截

    清理

    1. [root@k8s2 istio-1.19.3]# kubectl delete destinationrule httpbin
    2. [root@k8s2 istio-1.19.3]# kubectl delete -f samples/httpbin/sample-client/fortio-deploy.yaml
    3. [root@k8s2 istio-1.19.3]# kubectl delete -f samples/httpbin/httpbin.yaml

    卸载istio

    [root@k8s2 istio-1.19.3]# istioctl uninstall -y --purge

    [root@k8s2 istio-1.19.3]# kubectl label namespace default istio-injection-
  • 相关阅读:
    Android的本地广播
    整理下最近用canvas遇到的问题吧
    有刘海儿的MacBook Pro,苹果迄今最强芯片,风雨无阻的AirPods 3,这场发布会够“炸”吗?
    【Java】SpringData JPA快速上手,关联查询,JPQL语句书写
    InVEST实践与进阶及在生态系统服务供需、固碳、城市热岛、论文写作
    zookeeper ACL权限控制
    DevicData-D-XXXXXXXX勒索病毒数据怎么处理|数据解密恢复
    Hadoop 3.x(Yarn)----【Yarn 资源调度器】
    JS前端实现身份证号码合法性校验(校验码校验)
    Netty-bytebuf
  • 原文地址:https://blog.csdn.net/dgffd/article/details/134429647