操作这个的过程会发现,概念其实蛮重要的。哈 istio-ingressgateway 和Kubernetes 平台中的 nginx-ingress组件起相同作用 这样就能大概理解到istio是干什么的 我这里不再介绍istio的安装了。官方有详细的按照步骤和文档 https://istio.io/latest/docs/setup/getting-started/ 通过kind可以了解到yaml中各项所承担的功能。和整个架构的一个访问流程大致情况 确认istio-ingressgateway是否有对外提供服务的IP地址 如果 EXTERNAL-IP 有值(IP 地址或主机名),则说明您的环境具有可用于 Ingress 网关的外部负载均衡器。如果 EXTERNAL-IP 只是 <none>(或一直是 <pending> ),则说明可能您的环境并没有为 Ingress 网关提供外部负载均衡器的功能。可以通过以下方法添加外部IP 简单查看下,这里我给标示了大致的型号,供参考 最开始,我这里仅仅有cluster-ip,可以按照自己的特殊情况来修改就行了,我这里添加一个外部IP,其实就是我的MacBook的wifi的地址。这个是变化的IP 。我现在的DHCP的地址是192.168.3.41那么我修改为如下:【其实是增加行】 编辑直接生效 再次get查看【确认istio-ingressgateway是否有对外提供服务的IP地址】 现在尝试走 istio来暴露,部署自己的yaml我这个也是多次测试才OK直接贴出来供参考: 首先参考我的版本信息:因为不同的版本大致的yaml写法不太一样 查看nginx.yaml 部署yaml kubectl apply -f nginx.yaml deployment.apps/nginx-app created service/nginx-svc created gateway.networking.istio.io/nginx-gateway created virtualservice.networking.istio.io/nginx-vs created 然后到kubernet dashboard 平台去查看下 现在看到nginx-svc出现在了services中 也能看到2个pods产生了 修改我本地的hosts文件,绑定需要访问的域名: 192.168.3.41 istio-nginx.snsyr.com 在浏览器访问 对应: root@nginx-app-7fbf4688b7-mgv29:/etc/nginx/conf.d# curl -I 10.106.78.96:8088 HTTP/1.1 200 OK server: envoy date: Wed, 23 Dec 2020 08:19:07 GMT content-type: text/html content-length: 612 last-modified: Tue, 24 Nov 2020 13:02:03 GMT etag: "5fbd044b-264" accept-ranges: bytes x-envoy-upstream-service-time: 30 通过启动kiali来大概看下 ? istio istioctl dashboard kiali http://localhost:20001/kiali 所以在理解概念的基础上去搭建这个测试平台,可能会有更好的效果。kind: Gateway
kind: VirtualService istio-nginx.snsyr.com
kind: Service 8088
kind: Deployment===Pods containerPort 80 ~ kubectl get service istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.109.204.27 localhost 15021:31393/TCP,80:32577/TCP,443:30825/TCP,31400:32049/TCP,15443:30397/TCP 6d3hkubectl edit service istio-ingressgateway -n istio-system26 uid: f91f4931-58c2-49a6-9271-1c03372a11e9
27 spec:
28 clusterIP: 10.109.204.27
29 externalTrafficPolicy: Cluster
30 ports:
31 - name: status-port
32 nodePort: 31393
33 port: 15021
34 protocol: TCP28 clusterIP: 10.109.204.27
29 externalTrafficPolicy: Cluster
30 externalIPs:
31 - 192.168.3.41
32 ports:
33 - name: status-port
34 nodePort: 31393
35 port: 15021
36 protocol: TCP
37 targetPort: 15021? ~ kubectl edit service istio-ingressgateway -n istio-system
service/istio-ingressgateway edited? ~ kubectl get service istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.109.204.27 localhost,192.168.3.41 15021:31393/TCP,80:32577/TCP,443:30825/TCP,31400:32049/TCP,15443:30397/TCP 6d3h
从这里可以看到已经绑定了一个【EXTERNAL-IP】IP地址 192.168.3.41? ~ kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:50:19Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.8", GitCommit:"9f2892aab98fe339f3bd70e3c470144299398ace", GitTreeState:"clean", BuildDate:"2020-08-13T16:04:18Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
? ~ docker version
Client: Docker Engine - Community
Cloud integration: 1.0.4
Version: 20.10.0
API version: 1.41
Go version: go1.13.15
Git commit: 7287ab3
Built: Tue Dec 8 18:55:43 2020
OS/Arch: darwin/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.0
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: eeddea2
Built: Tue Dec 8 18:58:04 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.4.3
GitCommit: 269548fa27e0089a8b8278fc4fc781d7f65a939b
runc:
Version: 1.0.0-rc92
GitCommit: ff819c7e9184c13b7c2607fe6c30ae19403a7aff
docker-init:
Version: 0.19.0
GitCommit: de40ad0# API 版本号
apiVersion: apps/v1
# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress
kind: Deployment
metadata:
# Kind 的名称
name: nginx-app
spec:
selector:
matchLabels:
# 容器标签的名字,发布 Service 时,selector 需要和这里对应
app: nginx-app
# 部署的实例数量
replicas: 2
template:
metadata:
labels:
app: nginx-app
spec:
# 配置容器,数组类型,说明可以配置多个容器
containers:
# 容器名称
- name: nginx-app
# 容器镜像
image: nginx:latest
# 只有镜像不存在时,才会进行镜像拉取
imagePullPolicy: IfNotPresent
ports:
# Pod 端口
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
labels:
svcname: nginx-svc
spec:
ports:
- port: 8088
protocol: TCP
targetPort: 80
selector:
app: nginx-app
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: nginx-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: nginx-http
protocol: HTTP
hosts:
- istio-nginx.snsyr.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx-vs
spec:
hosts:
- istio-nginx.snsyr.com
gateways:
- nginx-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
port:
number: 8088
host: nginx-svckind: Service
metadata:
name: nginx-svc replicas: 2
template:
metadata:
labels:
app: nginx? ~ curl -I http://istio-nginx.snsyr.com
HTTP/1.1 200 OK
server: istio-envoy
date: Wed, 23 Dec 2020 08:10:10 GMT
content-type: text/html
content-length: 612
last-modified: Tue, 24 Nov 2020 13:02:03 GMT
etag: "5fbd044b-264"
accept-ranges: bytes
x-envoy-upstream-service-time: 1
kubectl describe pod/nginx-app-7fbf4688b7-mgv29 -n default
IP地址是10.1.0.201
? ~ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
details-v1-558b8b4b76-4f6gg 2/2 Running 6 6d4h 10.1.0.187 docker-desktop <none> <none>
nginx-app-7fbf4688b7-mgv29 2/2 Running 0 6m14s 10.1.0.201 docker-desktop <none> <none>
nginx-app-7fbf4688b7-ps7qm 2/2 Running 0 6m14s 10.1.0.202 docker-desktop <none> <none>
productpage-v1-6987489c74-hlqnw 2/2 Running 6 6d4h 10.1.0.190 docker-desktop <none> <none>
ratings-v1-7dc98c7588-mknxb 2/2 Running 6 6d4h 10.1.0.189 docker-desktop <none> <none>
reviews-v1-7f99cc4496-jjc7x 2/2 Running 6 6d4h 10.1.0.191 docker-desktop <none> <none>
reviews-v2-7d79d5bd5d-c9h4p 2/2 Running 6 6d4h 10.1.0.188 docker-desktop <none> <none>
reviews-v3-7dbcdcbc56-2vm9t 2/2 Running 6 6d4h 10.1.0.192 docker-desktop <none> <none>
? ~ kubectl exec -it nginx-app-7fbf4688b7-mgv29 -- bash
? ~ kubectl exec -it nginx-app-7fbf4688b7-mgv29 -- bash
Defaulting container name to nginx-app.
Use 'kubectl describe pod/nginx-app-7fbf4688b7-mgv29 -n default' to see all of the containers in this pod.
root@nginx-app-7fbf4688b7-mgv29:/#
容器内,查看侦听的是80端口
root@nginx-app-7fbf4688b7-mgv29:/etc/nginx/conf.d# curl -I http://localhost
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 23 Dec 2020 08:16:34 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 24 Nov 2020 13:02:03 GMT
Connection: keep-alive
ETag: "5fbd044b-264"
Accept-Ranges: bytes
# 容器名称
- name: nginx-app
# 容器镜像
image: nginx:latest
# 只有镜像不存在时,才会进行镜像拉取
imagePullPolicy: IfNotPresent
ports:
# Pod 端口
- containerPort: 80apiVersion: v1
kind: Service
metadata:
name: nginx-svc
labels:
svcname: nginx-svc
spec:
ports:
- port: 8088
protocol: TCP
targetPort: 80
selector:
app: nginx-app