本系列文章目錄
(一)基礎k8s yaml腳本發佈
(二)helm+shell腳本優化大量冗餘配置發佈
(三)jenkins用戶審覈的流水化方式部署
(四)service mesh(istio)服務網格化發佈
(五)istio對項目進行金絲雀部署(待完成)
原本這篇記錄上週就該完成的,奈何種種原因再加上電腦配置低,環境跑着跑着就卡住了,後面把虛擬機全換到固態硬盤後環境稍微不卡,纔將spring-boot-cloud全部署到了istio中
下面爲通過istio來部署spring-boot-cloud項目的主要過程
先來個部署好了後的kiali效果圖:
istio
istio作爲一個非常熱門的ServiceMesh框架,身爲JAVA小弟的我爲了避免後面有身邊的朋友或同事聊到它時而我聽不懂這個玩意而尷尬,所以特此決定來學習一把
對於istio的介紹和學習教程,基本上通過istio官網來看就行了,地址如下:
在將spring-boot-cloud項目部署到istio之前,我也常常思考這些個問題:
- 在有了如此強大的kubernetes之後,爲什麼還有istio這個東西呢?
- istio解決了什麼問題?
- istio解決了kubernetes中哪些不能解決的問題?
一頭霧水的我在看了一些關於介紹istio的文章後感覺仍然是有些迷糊
如果你跟我一樣仍然對istio有什麼困惑的話,建議可以和我一樣先將上面這些個問題擱在一邊,先把istio官網中的BookInfo項目跑一遍再說
幾種常見的部署方式
在瞭解istio的時候,可以順帶了解下以下幾個概念
- 蠻力部署
- 金絲雀部署
- 滾動發佈
- 藍綠部署
- A/B測試
具體的可以參考這個文章:https://www.cnblogs.com/apanly/p/8784096.html
上面的那個鏈接的文章寫得很好,還有配圖也很方便理解,以下是我對上面幾種常見部署的方式的理解
- 蠻力部署(個人理解:類似於tomcat下換war包,會中斷服務)
- 金絲雀部署(個人理解:類似於在nginx下掛幾個tomcat,tomcat中有一個是新版本的war包,其他tomcat下都是老版本的war包,如果新版本的war包測試通過後,就將其餘tomcat下的war包也換成新版本的war包)
- 滾動發佈(個人理解:與金絲雀發佈類似,一個金絲雀沒有問題後繼續發下一個金絲雀)
- 藍綠部署(個人理解:準備好兩套環境,系統指向哪個環境由前面的網關來指定,網絡切換的感覺-雙服務器組)
- A/B測試(個人理解:根據客戶端或用戶的屬性分階段切換完成部署)
istio安裝
直接參考官網就行了
https://istio.io/latest/docs/setup/getting-started/
如果網絡好的話,執行執行curl命令下載就行
curl -L https://istio.io/downloadIstio | sh -
網絡不好的話,可以通過istio的github進行下載,我這裏是通過鏈接下載當前最新版本的istio的:https://github.com/istio/istio/releases/tag/1.6.3
將istio下載好後,先解壓,然後切換到istio目錄,再將環境變量臨時設置一下
[root@k8s-node1 istio-1.6.3]# pwd
/root/istio/istio-1.6.3
[root@k8s-node1 istio-1.6.3]# export PATH=$PWD/bin:$PATH
[root@k8s-node1 istio-1.6.3]#
然後根據官網的方式進行安裝
istioctl install --set profile=demo
參數後面的profile說明:https://istio.io/latest/docs/setup/additional-setup/config-profiles/
訪問kiali
通過demo的profile安裝好istio後,istio中會默認安裝kiali,但默認情況下kiali沒有暴露端口出來,想訪問kiali的話是訪問不到了
root@k8s-node1 istio-1.6.3]# kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
grafana ClusterIP 10.43.118.62 <none> 3000/TCP 10m
istio-egressgateway ClusterIP 10.43.254.39 <none> 80/TCP,443/TCP,15443/TCP 10m
istio-ingressgateway LoadBalancer 10.43.84.8 <pending> 15020:31026/TCP,80:31304/TCP,443:31640/TCP,31400:31249/TCP,15443:32596/TCP 10m
istiod ClusterIP 10.43.199.240 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP,53/UDP,853/TCP 11m
jaeger-agent ClusterIP None <none> 5775/UDP,6831/UDP,6832/UDP 10m
jaeger-collector ClusterIP 10.43.122.109 <none> 14267/TCP,14268/TCP,14250/TCP 10m
jaeger-collector-headless ClusterIP None <none> 14250/TCP 10m
jaeger-query ClusterIP 10.43.185.90 <none> 16686/TCP 10m
kiali ClusterIP 10.43.182.219 <none> 20001/TCP 10m
prometheus ClusterIP 10.43.37.102 <none> 9090/TCP 10m
tracing ClusterIP 10.43.246.95 <none> 80/TCP 10m
zipkin ClusterIP 10.43.201.182 <none> 9411/TCP 10m
在istio中想將某個服務暴露出來,我們這裏可以配一個istio的gateway
gateway的介紹地址:
https://istio.io/latest/docs/reference/config/networking/gateway/
virtualService的介紹地址:
https://istio.io/latest/docs/reference/config/networking/virtual-service/
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kiali-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: kiali
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- kiali-gateway
http:
- route:
- destination:
host: kiali
port:
number: 20001
執行kiali-gateway創建
[root@k8s-node1 istio-1.6.3]# kubectl apply -f kiali-gateway.yaml
gateway.networking.istio.io/kiali-gateway created
virtualservice.networking.istio.io/kiali created
[root@k8s-node1 istio-1.6.3]# kubectl get gateways -A
NAMESPACE NAME AGE
istio-system kiali-gateway 21s
[root@k8s-node1 istio-1.6.3]#
通過上面get svc命令可以看出istio-ingressgateway的端口爲:31304
那麼進行訪問:http://192.168.113.147:31304/
輸入默認的kiali登錄名和密碼:admin/
部署spring-boot-cloud項目
在istio裝好後,接下來就是部署spring-boot-cloud了。
開啓自動注入sidecar
開啓namespace的istio自動注入功能
kubectl label namespace default istio-injection=enabled
然後再確定下將要部署項目的namespace開啓了istio-injection沒有,
使用命令:
kubectl get namespace -L istio-injection
比如這裏的:
[root@localhost spring-boot-cloud]# kubectl get namespace -L istio-injection
NAME STATUS AGE ISTIO-INJECTION
cattle-prometheus Active 10d
cattle-system Active 72d
default Active 72d enabled
ingress-nginx Active 72d
istio-system Active 9d disabled
kube-node-lease Active 72d
kube-public Active 72d
kube-system Active 72d
kubernetes-dashboard Active 60d
my-space Active 71d
security-scan Active 72d
通過yaml部署spring-boot-cloud基礎項目
執行spring-boot-cloud的yaml前需要先將rabbitmq和skywalking安裝好.
rabbitmq:
https://raw.githubusercontent.com/puhaiyang/spring-boot-cloud/master/rabbitmq.yaml
skywalking:
https://raw.githubusercontent.com/puhaiyang/spring-boot-cloud/master/skywalking-oap-server-with-h2.yaml
然後是spring-boot-cloud的yaml部署
spring-boot-cloud.yaml:
#-------------registry-----------------
apiVersion: apps/v1
kind: Deployment
metadata:
name: registry
spec:
replicas: 1
selector:
matchLabels:
app: registry
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app: registry
spec:
initContainers:
- name: init-skywalking-agent
image: ccr.ccs.tencentyun.com/haiyang/skywalking-agent:7.0.0
command:
- 'sh'
- '-c'
- 'set -ex;mkdir -p /vmskywalking/agent;cp -r /skywalking/agent/* /vmskywalking/agent;'
volumeMounts:
- mountPath: /vmskywalking/agent
name: skywalking-agent
containers:
- image: ccr.ccs.tencentyun.com/spring-boot-cloud/registry:latest
imagePullPolicy: Always
name: registry
ports:
- containerPort: 8761
protocol: TCP
volumeMounts:
- mountPath: /opt/skywalking/agent
name: skywalking-agent
volumes:
- name: skywalking-agent
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: registry
spec:
ports:
- name: http
port: 8761
protocol: TCP
targetPort: 8761
selector:
app: registry
---
#-------------config-----------------
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: config
spec:
replicas: 1
selector:
matchLabels:
app: config
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app: config
spec:
initContainers:
- name: init-skywalking-agent
image: ccr.ccs.tencentyun.com/haiyang/skywalking-agent:7.0.0
command:
- 'sh'
- '-c'
- 'set -ex;mkdir -p /vmskywalking/agent;cp -r /skywalking/agent/* /vmskywalking/agent;'
volumeMounts:
- mountPath: /vmskywalking/agent
name: skywalking-agent
containers:
- image: ccr.ccs.tencentyun.com/spring-boot-cloud/config:latest
imagePullPolicy: Always
name: config
ports:
- containerPort: 8888
protocol: TCP
volumeMounts:
- mountPath: /opt/skywalking/agent
name: skywalking-agent
volumes:
- name: skywalking-agent
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: config
spec:
ports:
- name: http
port: 8888
protocol: TCP
targetPort: 8888
selector:
app: config
#-------------svca-service-----------------
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: svca-service
spec:
replicas: 1
selector:
matchLabels:
app: svca-service
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app: svca-service
spec:
initContainers:
- name: init-skywalking-agent
image: ccr.ccs.tencentyun.com/haiyang/skywalking-agent:7.0.0
command:
- 'sh'
- '-c'
- 'set -ex;mkdir -p /vmskywalking/agent;cp -r /skywalking/agent/* /vmskywalking/agent;'
volumeMounts:
- mountPath: /vmskywalking/agent
name: skywalking-agent
containers:
- image: ccr.ccs.tencentyun.com/spring-boot-cloud/svca-service:latest
imagePullPolicy: Always
name: svca-service
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- mountPath: /opt/skywalking/agent
name: skywalking-agent
volumes:
- name: skywalking-agent
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: svca-service
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: svca-service
#-------------svcb-service-----------------
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: svcb-service
spec:
replicas: 1
selector:
matchLabels:
app: svcb-service
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app: svcb-service
spec:
initContainers:
- name: init-skywalking-agent
image: ccr.ccs.tencentyun.com/haiyang/skywalking-agent:7.0.0
command:
- 'sh'
- '-c'
- 'set -ex;mkdir -p /vmskywalking/agent;cp -r /skywalking/agent/* /vmskywalking/agent;'
volumeMounts:
- mountPath: /vmskywalking/agent
name: skywalking-agent
containers:
- image: ccr.ccs.tencentyun.com/spring-boot-cloud/svcb-service:latest
imagePullPolicy: Always
name: svcb-service
ports:
- containerPort: 8070
protocol: TCP
volumeMounts:
- mountPath: /opt/skywalking/agent
name: skywalking-agent
volumes:
- name: skywalking-agent
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: svcb-service
spec:
ports:
- name: http
port: 8070
protocol: TCP
targetPort: 8070
selector:
app: svcb-service
#-------------auth-service-----------------
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: auth-service
spec:
replicas: 1
selector:
matchLabels:
app: auth-service
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app: auth-service
spec:
initContainers:
- name: init-skywalking-agent
image: ccr.ccs.tencentyun.com/haiyang/skywalking-agent:7.0.0
command:
- 'sh'
- '-c'
- 'set -ex;mkdir -p /vmskywalking/agent;cp -r /skywalking/agent/* /vmskywalking/agent;'
volumeMounts:
- mountPath: /vmskywalking/agent
name: skywalking-agent
containers:
- image: ccr.ccs.tencentyun.com/spring-boot-cloud/auth-service:latest
imagePullPolicy: Always
name: auth-service
ports:
- containerPort: 5000
protocol: TCP
volumeMounts:
- mountPath: /opt/skywalking/agent
name: skywalking-agent
volumes:
- name: skywalking-agent
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: auth-service
spec:
ports:
- name: http
port: 5000
protocol: TCP
targetPort: 5000
selector:
app: auth-service
#-------------gateway-----------------
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gateway
spec:
replicas: 1
selector:
matchLabels:
app: gateway
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app: gateway
spec:
initContainers:
- name: init-skywalking-agent
image: ccr.ccs.tencentyun.com/haiyang/skywalking-agent:7.0.0
command:
- 'sh'
- '-c'
- 'set -ex;mkdir -p /vmskywalking/agent;cp -r /skywalking/agent/* /vmskywalking/agent;'
volumeMounts:
- mountPath: /vmskywalking/agent
name: skywalking-agent
containers:
- image: ccr.ccs.tencentyun.com/spring-boot-cloud/gateway:latest
imagePullPolicy: Always
name: gateway
ports:
- containerPort: 8060
protocol: TCP
env:
- name: SKYWALKING_ADDR
value: skywalking-oap-server
- name: APP_ID
value: gateway
volumeMounts:
- mountPath: /opt/skywalking/agent
name: skywalking-agent
volumes:
- name: skywalking-agent
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: gateway
spec:
ports:
- name: http
port: 8060
protocol: TCP
targetPort: 8060
selector:
app: gateway
---
將上面的內容執行下即可,與第一篇文章採用rancher2+kubernetes+skywalking部署springcloud項目(一[k8s yaml版本])相比,去掉了monitor和zipkin以及ingress
創建gateway與virtualService
與之前全用k8s部署spring-boot-cloud不同的是,istio對外訪問需要使用gateway與virtualservice來對外暴露
virtual-service的參考文檔爲:
https://istio.io/latest/docs/reference/config/networking/virtual-service/
其中對於gateways有如下的說明:
The names of gateways and sidecars that should apply these routes. Gateways in other namespaces may be referred to by /; specifying a gateway with no namespace qualifier is the same as specifying the VirtualService’s namespace.
也就是說如果gateway和virtualService沒有在同一個namespace的話,那麼gateway所在的namespace必須寫出來
而此處istio中的gateway是通過demo的profile來安裝的,它默認安在了istio-system的namespace下,所以在下面的gateway中需要寫上istio-system
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: registry-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "registry.springcloud.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: registry
spec:
hosts:
- "registry.springcloud.com"
gateways:
- istio-system/registry-gateway #can omit the namespace if gateway is in same namespace as virtual service
http:
- route:
- destination:
host: registry
port:
number: 8761
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gateway-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "gateway.springcloud.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: gateway
spec:
hosts:
- "gateway.springcloud.com"
gateways:
- istio-system/gateway-gateway #can omit the namespace if gateway is in same namespace as virtual service
http:
- route:
- destination:
host: gateway
port:
number: 8060
---
以及暴露出skyalking的界面
apiVersion: apps/v1
kind: Deployment
metadata:
name: skywalking-ui
labels:
app: skywalking-ui
spec:
replicas: 1
selector:
matchLabels:
app: skywalking-ui
template:
metadata:
labels:
app: skywalking-ui
spec:
containers:
- name: skywalking-ui
image: apache/skywalking-ui:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: httpport
env:
- name: SW_OAP_ADDRESS
value: skywalking-oap-server:12800
---
#-----------------定義skywalking-ui的代理服務--------------
apiVersion: v1
kind: Service
metadata:
name: skywalking-ui
labels:
service: skywalking-ui
spec:
ports:
- port: 8080
name: httpport
targetPort: 8080
type: ClusterIP
selector:
app: skywalking-ui
---
添加對應的gateway
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: skywalking-ui-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "skywalking.springcloud.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: skywalking-ui
spec:
hosts:
- "skywalking.springcloud.com"
gateways:
- istio-system/skywalking-ui-gateway #can omit the namespace if gateway is in same namespace as virtual service
http:
- route:
- destination:
host: skywalking-ui
port:
number: 8080
---
因爲istio網絡的特殊性,對於skywalking這裏的部署方式有個問題,這裏先不進行深究。如果想在istio中用skywalking的話,直接參看skywalking官網中的adapter就可以了
查看istio中spring-boot-cloud的監控
一切ok後開打kiali的界面查看下
如果從僅從這裏看istio的特點的話,可能還是看不出它與k8s的區別,下一篇將會通過使用istio對spring-boot-cloud項目進行金絲雀發佈以加深對istio實際中的作用,從而來對serviceMesh進行進一步的瞭解