kubernetes各版本離線安裝包
安裝
安裝k8s 強勢插播廣告
三步安裝,不多說
安裝helm, 推薦生產環境用helm安裝,可以調參
<!--more-->
如我使用的2.9.1版本
yum install -y socat # 這個不裝會報錯[root@istiohost ~]# wget https://storage.googleapis.com/kubernetes-helm/helm-v2.9.1-linux-amd64.tar.gz
[root@istiohost ~]# tar zxvf helm-v2.9.1-linux-amd64.tar.gz
[root@istiohost ~]# cp linux-amd64/helm /usr/bin先創建一個service account 把管理員權限給helm:
[root@istiohost ~]# cat helmserviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: tiller-clusterrolebinding
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: ""kubectl create -f helmserviceaccount.yaml安裝helm 服務端 tiller :
helm init --service-account tiller # 如果已安裝更新加 --upgrade 參數
helm list #沒任何返回表示成功安裝istio
curl -L https://git.io/getLatestIstio | sh -
cd istio-1.0.0/
export PATH=$PWD/bin:$PATHhelm 2.10.0以前的版本需要裝一下CRD:
kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml
kubectl apply -f install/kubernetes/helm/istio/charts/certmanager/templates/crds.yaml安裝istio, 由於你沒有LB所以用NodePort代替:
helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set gateways.istio-ingressgateway.type=NodePort --set gateways.istio-egressgateway.type=NodePort安裝成功:
[root@istiohost istio-1.0.0]# kubectl get pod -n istio-system
NAME READY STATUS RESTARTS AGE
istio-citadel-7d8f9748c5-ntqnp 1/1 Running 0 5m
istio-egressgateway-676c8546c5-2w4cq 1/1 Running 0 5m
istio-galley-5669f7c9b-mkxjg 1/1 Running 0 5m
istio-ingressgateway-5475685bbb-96mbr 1/1 Running 0 5m
istio-pilot-5795d6d695-gr4h4 2/2 Running 0 5m
istio-policy-7f945bf487-gkpxr 2/2 Running 0 5m
istio-sidecar-injector-d96cd9459-674pk 1/1 Running 0 5m
istio-statsd-prom-bridge-549d687fd9-6cbzs 1/1 Running 0 5m
istio-telemetry-6c587bdbc4-jndjn 2/2 Running 0 5m
prometheus-6ffc56584f-98mr9 1/1 Running 0 5m
[root@istiohost istio-1.0.0]# kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-citadel ClusterIP 10.108.253.89 <none> 8060/TCP,9093/TCP 5m
istio-egressgateway NodePort 10.96.151.14 <none> 80:30830/TCP,443:30038/TCP 5m
istio-galley ClusterIP 10.102.83.130 <none> 443/TCP,9093/TCP 5m
istio-ingressgateway NodePort 10.99.194.13 <none> 80:31380/TCP,443:31390/TCP,31400:31400/TCP,15011:31577/TCP,8060:30037/TCP,15030:31855/TCP,15031:30775/TCP 5m
istio-pilot ClusterIP 10.101.4.143 <none> 15010/TCP,15011/TCP,8080/TCP,9093/TCP 5m
istio-policy ClusterIP 10.106.221.68 <none> 9091/TCP,15004/TCP,9093/TCP 5m
istio-sidecar-injector ClusterIP 10.100.5.170 <none> 443/TCP 5m
istio-statsd-prom-bridge ClusterIP 10.107.28.242 <none> 9102/TCP,9125/UDP 5m
istio-telemetry ClusterIP 10.105.66.20 <none> 9091/TCP,15004/TCP,9093/TCP,42422/TCP 5m
prometheus ClusterIP 10.103.128.152 <none> 9090/TCP使用教程
官網事例 Bookinfo Application
- productpage 調用details和reviews渲染頁面
- details包含書本信息
- reviews 書本反饋,調用ratings服務
- ratings 書本租借信息
reviews服務有三個版本:
- V1 不請求ratings
- V2 請求ratings,返回1到5個黑星
- V3 請求ratings,返回1到5個紅星
數據平面:
安裝應用:
kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)安裝完成:
[root@istiohost istio-1.0.0]# kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 10.104.66.31 <none> 9080/TCP 2m
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4h
productpage ClusterIP 10.109.68.13 <none> 9080/TCP 2m
ratings ClusterIP 10.99.55.110 <none> 9080/TCP 2m
reviews ClusterIP 10.102.19.129 <none> 9080/TCP 2m
[root@istiohost istio-1.0.0]# kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-fc9649d9c-dpnlp 2/2 Running 0 2m
productpage-v1-58845c779c-7g8th 2/2 Running 0 2m
ratings-v1-6cc485c997-fb7nh 2/2 Running 0 2m
reviews-v1-76987687b7-x5n7z 2/2 Running 0 2m
reviews-v2-86749dcd5-xchzb 2/2 Running 0 2m
reviews-v3-7f4746b959-nthrq 2/2 Running 0 2m創建一個gateway,這是爲了集羣外可以訪問
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml瀏覽器訪問url:
47.254.28.88是我的節點ip,使用nodeport模式
http://47.254.28.88:31380/productpage 連續點擊三次,你會發現右邊沒星星-> 黑星星-> 紅星星切換,對應三個版本的review,默認策略是輪詢
創建destination rules, 配置路由訪問規則,現在還是輪詢
kubectl apply -f samples/bookinfo/networking/destination-rule-all.yaml智能路由
請求路由 request routing
根據版本路由
把所有路由切換到v1版本
kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml這樣執行完後,不管怎麼刷頁面,我們都看不到星星,因爲v1版本沒星
可以看到destination是這樣的:
http:
- route:
- destination:
host: details
subset: v1試想如此我們做版本切換將是何等簡單
根據用戶路由
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml你會發現用jason用戶登錄就能看到黑星星,而其它方式看到的頁面都是無星星
因爲這個user走了v2版本,能不強大? 那當然還能根據header什麼的做路由了,就不多說了
http:
- match:
- headers:
end-user:
exact: jason
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v1故障注入 Fault injection
kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml假設代碼裏有個bug,用戶jason, reviews:v2 訪問ratings時會卡10s, 我們任然希望端到端的測試能正常走完
kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml注入錯誤讓jason用戶有個7s的延遲
hosts:
- ratings
http:
- fault:
delay:
fixedDelay: 7s
percent: 100
match:
- headers:
end-user:
exact: jason
route:
- destination:
host: ratings
subset: v1
- route:
- destination:
host: ratings
subset: v1這時訪問頁面顯然會出錯,因爲我們希望7s內能返回,這樣我們就發現了一個延遲的bug
Error fetching product reviews!
Sorry, product reviews are currently unavailable for this book.所以我們就可能通過故障注入去發現這些異常現象
鏈路切換 Traffic Shifting
我們先把50%流量發送給reviews:v1 50%流量發送給v3,然後再把100%的流量都切給v3
把100%流量切到v1
kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml此時不論刷幾遍,都沒有星星
v1 v3各50%流量
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml - route:
- destination:
host: reviews
subset: v1
weight: 50
- destination:
host: reviews
subset: v3
weight: 50此時一會有星,一會沒星,但是已經不是輪詢算法了
全切v3
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-v3.yaml這時不管怎麼刷都是紅心了
掃碼關注sealyun
探討可加QQ羣:98488045
