本文演示环境:
demon@ubuntu2204:~$ hostnamectl Static hostname: ubuntu2204 Chassis: vm Virtualization: vmware Operating System: Ubuntu 22.04.1 LTS Kernel: Linux 5.15.0-58-generic Architecture: arm64 demon@ubuntu2204:~$
这两年服务网格(Service Mesh)架构也非常火,它是对 Kubernetes 下微服务架构的更新迭代。那迭代的是什么?网络通信。
在 Kubernetes 下,对网络流量的管理只能到 Pod 级别,更细粒度的控制,依然得靠应用代码支撑。也就是说,与业务无关的网络控制逻辑依然夹杂在程序员开发的业务代码中。
这就是耦合。比如,当远程服务出现超时,我们会考虑重试几次。如果重试多次后(超过某个阈值),依然超时,则认定对方挂了。这是一个很常见的服务治理功能:超时重试。但,对不起,Kubernetes 现有体系无法优雅地解决,还得靠程序员使用相关类库(比如 Java 生态中的 Spring Cloud Feign,Netflix Ribbon 等)进行处理。
既然网络通信的控制逻辑还没有彻底同业务逻辑分家,优秀的工程师们自然就会去研究这方面的课题,不断推进软件架构的演化。关于服务网格架构的演进过程,笔者将在后续的文章中进行梳理。
如果问服务网格的主流产品,Istio 肯定绕不过去。为此,笔者在这里对 Istio 的安装过程进行一个记录。
安装 Istio
关于 Istio,官方文档非常详细,并且有中文版,建议参阅。
root@ubuntu2204-master:/etc/istio# curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.16.2 sh -
上面的脚本会下载指定版本的 istio,并且选择合适的架构,比如 x86_64。但由于不可抗力,下载会比较慢。此时,可以考虑手动下载(本机为 Arm 架构,故选择 arm64 版本),命令如下:
wget -c https://github.com/istio/istio/releases/download/1.16.2/istio-1.16.2-linux-arm64.tar.gz
然后解压缩:
root@ubuntu2204-master:/usr/local/share/istio# ll
total 22680
drwxr-xr-x 2 root root 4096 2月 3 17:18 ./
drwxr-xr-x 9 root root 4096 2月 3 17:18 ../
-rw-r--r-- 1 demon demon 23213835 2月 3 17:17 istio-1.16.2-linux-arm64.tar.gz
root@ubuntu2204-master:/usr/local/share/istio#
root@ubuntu2204-master:/usr/local/share/istio#
root@ubuntu2204-master:/usr/local/share/istio# tar zxvf istio-1.16.2-linux-arm64.tar.gz
...
...
...
root@ubuntu2204-master:/usr/local/share/istio# ls -l
total 40
drwxr-x--- 2 root root 4096 1月 28 00:00 bin
-rw-r--r-- 1 root root 11348 1月 28 00:00 LICENSE
drwxr-xr-x 5 root root 4096 1月 28 00:00 manifests
-rw-r----- 1 root root 925 1月 28 00:00 manifest.yaml
-rw-r--r-- 1 root root 6595 1月 28 00:00 README.md
drwxr-xr-x 24 root root 4096 1月 28 00:00 samples
drwxr-xr-x 3 root root 4096 1月 28 00:00 tools
root@ubuntu2204-master:/usr/local/share/service-mesh/istio-1.16.2#
将客户端程序 istioctl
加入 path
环境变量,再查看版本:
➜ ~ ls -l /usr/local/share/service-mesh/istio-1.16.2/bin
total 85440
-rwxr-xr-x 1 root root 87490560 1月 28 00:00 istioctl
➜ ~ nvim .bashrc
# 在末尾增加
export PATH=/usr/local/share/service-mesh/istio-1.16.2/bin:$PATH
➜ ~
➜ ~ istioctl version
no running Istio pods in "istio-system"
1.16.2
➜ ~
给 bash/zsh 增加自动补全,请参考这里(笔者在 bash 下实现了自动补全,但 zsh 下一直不生效,原因暂未找到)。
istioctl 安装好之后,使用它部署 Istio:
➜ ~ istioctl manifest install --set profile=demo
This will install the Istio 1.16.2 demo profile with ["Istio core" "Istiod" "Ingress gateways" "Egress gateways"] components into the cluster. Proceed? (y/N) y
✔ Istio core installed
✔ Istiod installed
✔ Ingress gateways installed
✔ Egress gateways installed
✔ Installation complete Making this installation the default for injection and validation.
Thank you for installing Istio 1.16. Please take a few minutes to tell us about your install/upgrade experience! https://forms.gle/99uiMML96AmsXY5d6
➜ ~
这里选择的 profile=demo
,demo
这个词可能会产生一些误解,其实该配置文件是安装组件最多的。通过 istioctl profile list
可以看到目前支持的所有 profiles:
➜ ~ istioctl profile list
Istio configuration profiles:
ambient
default
demo
empty
external
minimal
openshift
preview
remote
➜ ~
它们有什么区别?适用的环境,安装的组件会有所差异,如下表所示,更多内容可以参考官方文档。
Component\Profile | default | demo | minimal | remote | empty | preview |
---|---|---|---|---|---|---|
istio-egressgateway | √ | |||||
istio-ingressgateway | √ | √ | √ | |||
istiod | √ | √ | √ | √ |
- istiod:核心组件,作为服务网格的控制平面(control plane),主要功能是:服务发现、配置及证书管理等;
- istio-ingressgateway:服务网格流量入口网关;
- istio-egressgateway:服务网格流量出口网关。
通过 istioctl 部署的另一种方式,是先获得 istio manifest,再通过 kubectl apply -f
来安装:
➜ ~ istioctl manifest generate --set profile=demo > ./istio-manifest.yml
➜ ~ kubectl apply -f ./istio-manifest.yml
用来向 Kubernetes 描述“期望最终状态”的文件(即描述如何将容器镜像部署到集群中),就叫做 Kubernetes Manifest,也可以称之为清单文件。Manifest 就好比餐厅的菜单,你只管点菜,做菜的过程我不管。
安装结束后,可以通过如下方式验证:
1)查看工作负载、服务、CRD、API 资源等:
➜ ~ kubectl get po -n istio-system
NAME READY STATUS RESTARTS AGE
istio-egressgateway-757bfb7888-xpsgb 1/1 Running 0 21h
istio-ingressgateway-7cf5c5849d-fxfm8 1/1 Running 0 21h
istiod-66c575d5c5-qcpc7 1/1 Running 1 (7m33s ago) 21h
➜ ~
➜ ~ kubectl get deploy -n istio-system
NAME READY UP-TO-DATE AVAILABLE AGE
istio-egressgateway 1/1 1 1 21h
istio-ingressgateway 1/1 1 1 21h
istiod 1/1 1 1 21h
➜ ~
➜ ~ kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-egressgateway ClusterIP 10.104.77.72 <none> 80/TCP,443/TCP 21h
istio-ingressgateway LoadBalancer 10.102.18.10 <pending> 15021:24604/TCP,80:17457/TCP,443:16961/TCP,31400:25268/TCP,15443:15011/TCP 21h
istiod ClusterIP 10.104.20.9 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 21h
➜ ~
➜ ~ kubectl get crd | grep -i istio
authorizationpolicies.security.istio.io 2023-02-03T09:54:50Z
destinationrules.networking.istio.io 2023-02-03T09:54:51Z
envoyfilters.networking.istio.io 2023-02-03T09:54:51Z
gateways.networking.istio.io 2023-02-03T09:54:51Z
istiooperators.install.istio.io 2023-02-03T09:54:51Z
peerauthentications.security.istio.io 2023-02-03T09:54:51Z
proxyconfigs.networking.istio.io 2023-02-03T09:54:51Z
requestauthentications.security.istio.io 2023-02-03T09:54:51Z
serviceentries.networking.istio.io 2023-02-03T09:54:51Z
sidecars.networking.istio.io 2023-02-03T09:54:51Z
telemetries.telemetry.istio.io 2023-02-03T09:54:51Z
virtualservices.networking.istio.io 2023-02-03T09:54:51Z
wasmplugins.extensions.istio.io 2023-02-03T09:54:51Z
workloadentries.networking.istio.io 2023-02-03T09:54:51Z
workloadgroups.networking.istio.io 2023-02-03T09:54:51Z
➜ ~
➜ ~ kubectl api-resources | grep -i istio
wasmplugins extensions.istio.io/v1alpha1 true WasmPlugin
istiooperators iop,io install.istio.io/v1alpha1 true IstioOperator
destinationrules dr networking.istio.io/v1beta1 true DestinationRule
envoyfilters networking.istio.io/v1alpha3 true EnvoyFilter
gateways gw networking.istio.io/v1beta1 true Gateway
proxyconfigs networking.istio.io/v1beta1 true ProxyConfig
serviceentries se networking.istio.io/v1beta1 true ServiceEntry
sidecars networking.istio.io/v1beta1 true Sidecar
virtualservices vs networking.istio.io/v1beta1 true VirtualService
workloadentries we networking.istio.io/v1beta1 true WorkloadEntry
workloadgroups wg networking.istio.io/v1beta1 true WorkloadGroup
authorizationpolicies security.istio.io/v1beta1 true AuthorizationPolicy
peerauthentications pa security.istio.io/v1beta1 true PeerAuthentication
requestauthentications ra security.istio.io/v1beta1 true RequestAuthentication
telemetries telemetry telemetry.istio.io/v1alpha1 true Telemetry
➜ ~
此时,重新运行 istioctl version
,可以看到控制平面和数据平面的版本:
➜ ~ istioctl version
client version: 1.16.2
control plane version: 1.16.2
data plane version: 1.16.2 (2 proxies)
➜ ~
需要注意的是,默认情况下 istio-ingressgateway 对应 Service 的类型为 LoadBalancer,这需要使用到额外的负载均衡器。为此,笔者将其改成了 NodePort,方便后续的学习,部署命令如下:
istioctl manifest install --set profile=demo --set values.gateways.istio-ingressgateway.type=NodePort
对应 Service:
➜ ~ kubectl get svc -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-egressgateway ClusterIP 10.96.195.112 <none> 80/TCP,443/TCP 45m istio-ingressgateway NodePort 10.110.181.36 <none> 15021:9451/TCP,80:31551/TCP,443:16050/TCP,31400:26443/TCP,15443:29226/TCP 45m istiod ClusterIP 10.106.6.156 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 45m kiali NodePort 10.103.103.145 <none> 20001:5001/TCP,9090:25125/TCP 47h prometheus ClusterIP 10.102.12.48 <none> 9090/TCP 4h10m ➜ ~
2)相比前面手动查看安装结果,最可靠的验证方式是通过官方提供的 istioctl verify-install
命令:
# 先通过 `istioctl manifest generate` 获得安装的清单文件:
➜ ch12 # istioctl manifest generate --set profile=demo --set values.gateways.istio-ingressgateway.type=NodePort > ./istio-manifest.yml
➜ ch12 #
# 再通过 `istioctl verify-install` 验证安装结果:
➜ ch12 # istioctl verify-install -f ./istio-manifest.yml
✔ CustomResourceDefinition: authorizationpolicies.security.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: destinationrules.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: envoyfilters.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: gateways.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: istiooperators.install.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: peerauthentications.security.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: proxyconfigs.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: requestauthentications.security.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: serviceentries.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: sidecars.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: telemetries.telemetry.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: virtualservices.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: wasmplugins.extensions.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: workloadentries.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: workloadgroups.networking.istio.io.istio-system checked successfully
✔ ServiceAccount: istio-egressgateway-service-account.istio-system checked successfully
✔ ServiceAccount: istio-ingressgateway-service-account.istio-system checked successfully
✔ ServiceAccount: istio-reader-service-account.istio-system checked successfully
✔ ServiceAccount: istiod.istio-system checked successfully
✔ ServiceAccount: istiod-service-account.istio-system checked successfully
✔ ClusterRole: istio-reader-clusterrole-istio-system.istio-system checked successfully
✔ ClusterRole: istio-reader-istio-system.istio-system checked successfully
✔ ClusterRole: istiod-clusterrole-istio-system.istio-system checked successfully
✔ ClusterRole: istiod-gateway-controller-istio-system.istio-system checked successfully
✔ ClusterRole: istiod-istio-system.istio-system checked successfully
✔ ClusterRoleBinding: istio-reader-clusterrole-istio-system.istio-system checked successfully
✔ ClusterRoleBinding: istio-reader-istio-system.istio-system checked successfully
✔ ClusterRoleBinding: istiod-clusterrole-istio-system.istio-system checked successfully
✔ ClusterRoleBinding: istiod-gateway-controller-istio-system.istio-system checked successfully
✔ ClusterRoleBinding: istiod-istio-system.istio-system checked successfully
✔ ValidatingWebhookConfiguration: istio-validator-istio-system.istio-system checked successfully
✔ EnvoyFilter: stats-filter-1.13.istio-system checked successfully
✔ EnvoyFilter: stats-filter-1.14.istio-system checked successfully
✔ EnvoyFilter: stats-filter-1.15.istio-system checked successfully
✔ EnvoyFilter: tcp-stats-filter-1.13.istio-system checked successfully
✔ EnvoyFilter: tcp-stats-filter-1.14.istio-system checked successfully
✔ EnvoyFilter: tcp-stats-filter-1.15.istio-system checked successfully
✔ ConfigMap: istio.istio-system checked successfully
✔ ConfigMap: istio-sidecar-injector.istio-system checked successfully
✔ MutatingWebhookConfiguration: istio-sidecar-injector.istio-system checked successfully
✔ Deployment: istio-egressgateway.istio-system checked successfully
✔ Deployment: istio-ingressgateway.istio-system checked successfully
✔ Deployment: istiod.istio-system checked successfully
✔ PodDisruptionBudget: istio-egressgateway.istio-system checked successfully
✔ PodDisruptionBudget: istio-ingressgateway.istio-system checked successfully
✔ PodDisruptionBudget: istiod.istio-system checked successfully
✔ Role: istio-egressgateway-sds.istio-system checked successfully
✔ Role: istio-ingressgateway-sds.istio-system checked successfully
✔ Role: istiod.istio-system checked successfully
✔ Role: istiod-istio-system.istio-system checked successfully
✔ RoleBinding: istio-egressgateway-sds.istio-system checked successfully
✔ RoleBinding: istio-ingressgateway-sds.istio-system checked successfully
✔ RoleBinding: istiod.istio-system checked successfully
✔ RoleBinding: istiod-istio-system.istio-system checked successfully
✔ Service: istio-egressgateway.istio-system checked successfully
✔ Service: istio-ingressgateway.istio-system checked successfully
✔ Service: istiod.istio-system checked successfully
Checked 15 custom resource definitions
Checked 3 Istio Deployments
✔ Istio is installed and verified successfully
➜ ch12 #
如果出现验证失败的情况,可以看看
PodDisruptionBudget
的版本是否不匹配。比如我用的 Kubernetes 版本较新(v1.25.3),PodDisruptionBudget
对应版本为policy/v1
,而 istioctl 生成的版本为policy/v1beta1
。
3)另外,官方还提供了 Dashboard UI 进行查看,运行命令: istioctl dashboard
➜ ~ istioctl dashboard
Access to Istio web UIs
Usage:
istioctl dashboard [flags]
istioctl dashboard [command]
Aliases:
dashboard, dash, d
Available Commands:
controlz Open ControlZ web UI
envoy Open Envoy admin web UI
grafana Open Grafana web UI
jaeger Open Jaeger web UI
kiali Open Kiali web UI
prometheus Open Prometheus web UI
skywalking Open SkyWalking UI
zipkin Open Zipkin web UI
...
...
这里有很多 Web UI 可供选择,但需要安装对应的插件,我们选择官方推荐的 kiali:
➜ addons# pwd
/usr/local/share/service-mesh/istio-1.16.2/samples/addons
➜ addons#
➜ addons# ll
total 288K
drwxr-xr-x 2 root root 4.0K 1月 28 00:00 extras
-rwxr-xr-x 1 root root 242K 1月 28 00:00 grafana.yaml
-rwxr-xr-x 1 root root 2.5K 1月 28 00:00 jaeger.yaml
-rwxr-xr-x 1 root root 12K 1月 28 00:00 kiali.yaml
-rwxr-xr-x 1 root root 15K 1月 28 00:00 prometheus.yaml
-rwxr-xr-x 1 root root 5.1K 1月 28 00:00 README.md
➜ addons#
➜ addons# tree
.
├── extras
│ ├── prometheus-operator.yaml
│ ├── prometheus_vm_tls.yaml
│ ├── prometheus_vm.yaml
│ ├── skywalking.yaml
│ └── zipkin.yaml
├── grafana.yaml
├── jaeger.yaml
├── kiali.yaml
├── prometheus.yaml
└── README.md
1 directory, 10 files
➜ addons#
➜ addons# kubectl apply -f kiali.yaml
serviceaccount/kiali created
configmap/kiali created
clusterrole.rbac.authorization.k8s.io/kiali-viewer created
clusterrole.rbac.authorization.k8s.io/kiali created
clusterrolebinding.rbac.authorization.k8s.io/kiali created
role.rbac.authorization.k8s.io/kiali-controlplane created
rolebinding.rbac.authorization.k8s.io/kiali-controlplane created
service/kiali created
deployment.apps/kiali created
➜ addons#
安装成功后,启动 kiali,然后在浏览器中打开对应的网址:
➜ ~ istioctl dashboard kiali
http://localhost:20001/kiali
从安装 kiali 的过程中,我们发现,跟 Istio 之前的版本不同,插件不再默认安装,需要我们手动加载。为方便后面的学习,笔者将常用的几个插件一并安装,比如 prometheus,grafana,jaeger 等:
kubectl apply -f grafana.yaml -f prometheus.yaml -f jaeger.yaml
部署应用示例
安装完核心组件后,我们参考官方文档,把一个应用示例(Bookinfo)也一并跑起来,好对 sidecar 这种边车代理模式有一个更直观的认识。
Bookinfo 应用分为四个单独的微服务:
productpage
. 这个微服务会调用details
和reviews
两个微服务,用来生成页面。details
. 这个微服务中包含了书籍的信息。reviews
. 这个微服务中包含了书籍相关的评论。它还会调用ratings
微服务。ratings
. 这个微服务中包含了由书籍评价组成的评级信息。
reviews
微服务有 3 个版本:
- v1 版本不会调用
ratings
服务。- v2 版本会调用
ratings
服务,并使用 1 到 5 个黑色星形图标来显示评分信息。- v3 版本会调用
ratings
服务,并使用 1 到 5 个红色星形图标来显示评分信息。
给某个 namespace 注入 sidecar 的命令如下:
kubectl label namespaces default istio-injection=enabled
➜ ~ kubectl label namespaces default istio-injection=enabled
namespace/default labeled
➜ ~ kubectl describe namespaces default
Name: default
Labels: istio-injection=enabled
kubernetes.io/metadata.name=default
Annotations: <none>
Status: Active
No resource quota.
No LimitRange resource.
➜ ~
通过添加 istio-injection=enabled
这个 Label,会让该 namespace 下新建的 Pod 中自动注入一个代理容器:istio-proxy。
若要取消注入,删除该 label 即可:
➜ istio-1.16.2 kubectl label namespaces default istio-injection-
namespace/default unlabeled
➜ istio-1.16.2
部署示例应用 Bookinfo:
➜ samples# pwd
/usr/local/share/service-mesh/istio-1.16.2/samples
➜ samples#
➜ samples# kubectl apply -f bookinfo/platform/kube/bookinfo.yaml
➜ samples#
为了调试方便,笔者单独创建了一个 namespace:istio-dev,后面的操作都基于该 namespace。因为更换了 namespace,对应的 manifest 文件也需要更新。该操作比较简单,这里不做赘述。
如果只是开发调试,不想修改 manifest 文件,可以使用命令:kubectl -n istio-dev apply -f xxx.yml
查看示例应用的状态:
➜ ~ kubectl get po,svc -n istio-dev
NAME READY STATUS RESTARTS AGE
pod/details-v1-5ffd6b64f7-vhrxm 2/2 Running 2 (14m ago) 5h3m
pod/productpage-v1-979d4d9fc-pkrgm 2/2 Running 2 (14m ago) 5h3m
pod/ratings-v1-5f9699cfdf-rwwph 2/2 Running 2 (14m ago) 4h53m
pod/reviews-v1-569db879f5-dkt8p 2/2 Running 2 (14m ago) 4h53m
pod/reviews-v2-65c4dc6fdc-5ftfj 2/2 Running 2 (14m ago) 5h3m
pod/reviews-v3-c9c4fb987-dfszc 2/2 Running 2 (14m ago) 5h3m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/details ClusterIP 10.100.34.200 <none> 9080/TCP 5h3m
service/productpage ClusterIP 10.104.77.216 <none> 9080/TCP 5h3m
service/ratings ClusterIP 10.106.175.19 <none> 9080/TCP 5h3m
service/reviews ClusterIP 10.99.7.180 <none> 9080/TCP 5h3m
➜ ~
通过 Kubernetes Dashboard 可以看到 details pod 中的两个容器,其中一个就是自动注入的 istio-proxy
:
为啥认定这个容器是自动注入的?因为原始 manifest 文件中,该 Deployment 只定义了一个容器:
# cat /usr/local/share/service-mesh/istio-1.16.2/samples/bookinfo/platform/kube/bookinfo.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: details-v1
namespace: istio-dev
labels:
app: details
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: details
version: v1
template:
metadata:
labels:
app: details
version: v1
spec:
serviceAccountName: bookinfo-details
containers:
- name: details
image: docker.io/istio/examples-bookinfo-details-v1:1.17.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
securityContext:
runAsUser: 1000
istio-proxy
是 Istio 对 Envoy 代理的包装容器,其中包含用 Golang 编写的pilot-agent
和用 C++ 编写的envoy
两个进程。
pilot-agent
进程负责 Envoy 的生命周期管理,比如启动、重启、优雅退出等,并维护 Envoy 所需的配置信息,比如初始化配置、随时根据控制平面的指令热更新 Envoy 的配置等。- Envoy 即为数据平面的服务代理,它根据控制平面下发的指令,在应用无感知的情况下接管其流量,完成相关服务治理功能,包括:服务路由、负载均衡、认证授权、健康检查、生成监测数据等。
接着,我们为 Bookinfo 应用部署入口网关:istio gateway
➜ networking# pwd
/usr/local/share/service-mesh/istio-1.16.2/samples/bookinfo/networking
➜ networking# cat bookinfo-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
namespace: istio-dev
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
namespace: istio-dev
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
➜ networking#
➜ networking# kubectl apply -f bookinfo-gateway.yaml
gateway.networking.istio.io/bookinfo-gateway unchanged
virtualservice.networking.istio.io/bookinfo unchanged
➜ networking#
➜ networking# kubectl -n istio-dev get virtualservices.networking.istio.io
NAME GATEWAYS HOSTS AGE
bookinfo ["bookinfo-gateway"] ["*"] 29m
➜ networking#
➜ networking# kubectl -n istio-dev get gateways.networking.istio.io
NAME AGE
bookinfo-gateway 29m
➜ networking#
根据前面 istio-ingressgateway 服务的 NodePort,再结合上面 VirtualService 配置的路由 /productpage
,便可以访问应用:http://{WorkerNodeIP}:{IngressPort}/productpage
好,到这里,Istio 安装部署基本就结束了,后续笔者将持续更新云原生、服务网格相关方面的文章,也算是对自己持续学习的一个见证。
如果想卸载 Istio,很简单,请查阅命令:istioctl uninstall --help
。
P.S. 前文如果安装了 jaeger 链路追踪组件,此时点击 kiali 中的 Graph
界面,便可以直观地看到 Bookinfo 应用中各个服务之间的拓扑关系:
题图来源: PSYENCE:MEDIA