Try   HackMD

workshop

istio workshop

安裝istio-snippets

安裝User-agent Switcher

what's my user agent

Kubernetes Ingress controllers comparison

URL

Components of URLs

Service mesh

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Envoy

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

術語 說明
Downstream 前端
Upstream 後端

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

術語 說明 ex
Listener 前端監聽的位址 www.example.com, 123.123.123.123
Router 路由規則 443 -> 80, path strip, add/remove header
Cluster 後端服務的集合 web server cluster
Endpoint 後端服務的port 80 port
Host 服務主體 web01, web02, web03

Envoy xDS API

  • CDS(Cluster Discovery Service)
  • EDS(Endpoint Discovery Service)
  • HDS(Health Discovery Service)
  • LDS(Listener Discovery Service)
  • MS(Metric Service)
  • RLS(Rate Limit Service)
  • RDS(Route Discovery Service)
  • SDS(Secret Discovery Service)
  • ADS (Aggregated Discovery Service)

Istio

  • Mixer: 負責整個服務網格中的存取控制,使用策略,數據收集
  • Pilot: 提供流量控制,路由,超時,重試,斷路器
  • Citadel: 負責服務之間認證以及憑證管理等功能

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

術語 縮寫 說明
ingress gateway gw 前端
VirtualService vs 後端
DestinationRule dr 路由規則
egress gateway x 外部資源
serviceEntry x 外部資源

Install istio

下載最新版本

curl -L https://istio.io/downloadIstio | sh -

下載指定版本

curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.6.8 TARGET_ARCH=x86_64 sh -

設定環境變數

export PATH=$HOME/istio-1.7.3/bin:$PATH

istio安裝參數






istioctl install \
    --set values.global.proxy.holdApplicationUntilProxyStarts=true \
    --set values.gateways.istio-ingressgateway.type=NodePort \
    --set meshConfig.accessLogFile=/dev/stdout \
    --set meshConfig.accessLogEncoding=JSON
參數 說明
holdApplicationUntilProxyStarts 啟動完istio元件後,再啟動app pod
istio-ingressgateway.type ingressgateway type
meshConfig.accessLogFile 啟動envoy log
meshConfig.accessLogEncoding log type

更新ingress-gateway的nodeport為30080

kubectl patch svc istio-ingressgateway --patch '{"spec":{"ports":[{"port": 80, "nodePort":30080}]}}' -n istio-system

Addon

kubectl apply -f istio-1.7.3/samples/addons

Sidecar injection










# 手動注入
istioctl kube-inject -f deployment.yaml | kubectl apply -f -

# 自動注入
kubectl label namespace default istio-injection=enabled

# spec.temeplate.metadata.annotation
sidecar.istio.io/inject: "false"

sidecar injection
Istio injector annotations don't work

結論: 啟用namespace自動注入,再用annotation控制

Ingress Gateway








cd ~/istio-1.7.3/samples/addons

kubectl apply -f prometheus.yaml
kubectl apply -f grafana.yaml
kubectl apply -f jaeger.yaml

kubectl get pod,svc -n istio-system















NAME                                        READY   STATUS    RESTARTS   AGE
pod/grafana-75b5cddb4d-r4jd6                1/1     Running   0          82s
pod/istio-ingressgateway-78b6cf98f4-5dm5j   1/1     Running   0          2m41s
pod/istiod-fb4fbff6b-v7mcv                  1/1     Running   0          2m45s
pod/jaeger-5795c4cf99-8c969                 1/1     Running   0          67s
pod/prometheus-9d5676d95-5h2gr              2/2     Running   0          75s

NAME                           TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                                                      AGE
service/grafana                ClusterIP      10.100.49.43    <none>        3000/TCP                                                     82s
service/istio-ingressgateway   LoadBalancer   10.108.59.56    localhost     15021:32386/TCP,80:30018/TCP,443:30012/TCP,15443:31938/TCP   2m41s
service/istiod                 ClusterIP      10.97.134.135   <none>        15010/TCP,15012/TCP,443/TCP,15014/TCP,853/TCP                2m45s
service/prometheus             ClusterIP      10.100.21.203   <none>        9090/TCP                                                     75s
service/tracing                ClusterIP      10.98.158.159   <none>        80/TCP                                                       66s
service/zipkin                 ClusterIP      10.110.33.86    <none>        9411/TCP                                                     66s







































































apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: addon-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - prometheus.127.0.0.1.nip.io
    - grafana.127.0.0.1.nip.io
    - jaeger.127.0.0.1.nip.io
    - whoami.127.0.0.1.nip.io
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: grafana
spec:
  hosts:
  - grafana.127.0.0.1.nip.io
  gateways:
  - addon-gateway
  http:
  - route:
    - destination:
        host: grafana.istio-system.svc.cluster.local

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: jaeger
spec:
  hosts:
  - jaeger.127.0.0.1.nip.io
  gateways:
  - addon-gateway
  http:
  - name: default
    match:
      - uri:
          prefix: /jaeger
    route:
    - destination:
        host: tracing.istio-system.svc.cluster.local

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: prometheus
spec:
  hosts:
  - prometheus.127.0.0.1.nip.io
  gateways:
  - addon-gateway
  http:
  - match:
    - headers:
        user-agent:
          exact: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0"
    route:
    - destination:
        host: prometheus.istio-system.svc.cluster.local


kubectl get gw,vs








NAME                                        AGE
gateway.networking.istio.io/addon-gateway   2s

NAME                                            GATEWAYS          HOSTS                           AGE
virtualservice.networking.istio.io/grafana      [addon-gateway]   [grafana.127.0.0.1.nip.io]      2s
virtualservice.networking.istio.io/jaeger       [addon-gateway]   [jaeger.127.0.0.1.nip.io]       2s
virtualservice.networking.istio.io/prometheus   [addon-gateway]   [prometheus.127.0.0.1.nip.io]   2s

Traffic Management

traefik/whoami github

deployment

  • template.metadata.annotations
  • labes: app, version














































apiVersion: apps/v1
kind: Deployment
metadata:
  name: whoami-v1
spec:
  selector:
    matchLabels:
      app: whoami
      version: v1
  template:
    metadata:
      annotations:
        sidecar.istio.io/inject: "true"
      labels:
        app: whoami
        version: v1
    spec:
      containers:
      - name: whoami
        image: whoami:v1
        ports:
        - containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: whoami-v2
spec:
  selector:
    matchLabels:
      app: whoami
      version: v2
  template:
    metadata:
      labels:
        app: whoami
        version: v2
      annotations:
        sidecar.istio.io/inject: "true"
    spec:
      containers:
      - name: whoami
        image: whoami:v2
        ports:
        - containerPort: 80

service












apiVersion: v1
kind: Service
metadata:
  name: whoami
spec:
  selector:
    app: whoami
  ports:
  - port: 80
    targetPort: 80

virtual service























# See more at https://istio.io/docs/reference/config/networking/virtual-service/
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: whoami
spec:
  hosts:
  - whoami.127.0.0.1.nip.io
  gateways:
  - addon-gateway
  http:
  - name: v1
    timeout: 2s
    route:
    - destination:
        host: whoami
        subset: v1
      weight: 90
    - destination:
        host: whoami
        subset: v2
      weight: 10

destination rule
















# See more at https://istio.io/docs/reference/config/networking/destination-rule/
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: whoami
spec:
  host: whoami
  subsets:
  - name: v1
    labels:
      version: v1
  - name: v2
    labels:
      version: v2

kubectl get pod,svc,vs,dr

















NAME                             READY   STATUS    RESTARTS   AGE
pod/whoami-v1-79f555c9bf-xlxcw   2/2     Running   0          62s
pod/whoami-v2-5d4956f4c7-cnb9j   2/2     Running   0          62s

NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP   6d1h
service/whoami       ClusterIP   10.109.26.84   <none>        80/TCP    62s

NAME                                            GATEWAYS          HOSTS                           AGE
virtualservice.networking.istio.io/grafana      [addon-gateway]   [grafana.127.0.0.1.nip.io]      31m
virtualservice.networking.istio.io/jaeger       [addon-gateway]   [jaeger.127.0.0.1.nip.io]       31m
virtualservice.networking.istio.io/prometheus   [addon-gateway]   [prometheus.127.0.0.1.nip.io]   31m
virtualservice.networking.istio.io/whoami       [addon-gateway]   [whoami.127.0.0.1.nip.io]       62s

NAME                                         HOST     AGE
destinationrule.networking.istio.io/whoami   whoami   62s
Last changed by 
XSGGT
0
478

Read more

GO 入門

package calculate

Nov 19, 2024
ClOUD IAM

前言

Jun 20, 2024
GCP CI/CD

image

May 21, 2024
Argo CD

[name=李俊毅][time=Wed, Sep 16, 2020 4:57 PM]

Mar 22, 2024
Read more from XSGGT
Published on HackMD