環境說明
- frontend(proxy):前端應用,會請求後端的demoapp
- service: proxy
- demoapp:後端應用
- service: demoappv10
- 通路流程
- client pod ---> (Egress Listener proxy:80) client sidecar Envoy ---> (Ingress Listener ) proxy pod ---> (egress Listener ) proxy pod---> (Ingress Listener) demoappv10:8080 ---> (egress Listener) demoappv10:8080 ---> (Ingress Listener) demoappv10 pod
開啟Istio sidecar自動注入功能
# kubectl label namespace default istio-injection=enabled
namespace/default labeled 建立demoapp應用
建立demoapp配置清單
生成depoly-demoapp-v10.yaml
# kubectl create deployment demoappv10 --image=ikubernetes/demoapp:v1.0 --replicas=3 --dry-run=client -o yaml > depoly-demoapp-v10.yaml 修改depoly-demoapp-v10.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demoapp
version: v1.0
name: demoappv10
spec:
replicas: 3
selector:
matchLabels:
app: demoappv10
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: demoapp
version: v1.0
spec:
containers:
- image: ikubernetes/demoapp:v1.0
name: demoapp
env:
- name: PORT
value: "8080"
resources: {} 建立demoapp svc配置清單
生成service-demoapp-v10.yaml
# kubectl create service clusterip demoappv10 --tcp=8080:8080 --dry-run=client -o yaml > service-demoapp-v10.yaml 修改service-demoapp-v10.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: demoapp
name: demoappv10
spec:
ports:
- name: http-8080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: demoapp
version: v1.0
type: ClusterIP 建立demoapp資源
生成demoapp pod
# kubectl apply -f .
deployment.apps/demoappv10 created
service/demoappv10 created 檢視demoapp pod
# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demoappv10-6ffb8d999c-pzrpm 2/2 Running 0 4m22s 172.20.154.214 192.168.174.106 <none> <none>
demoappv10-6ffb8d999c-smtmt 2/2 Running 0 4m22s 172.20.44.236 192.168.174.107 <none> <none>
demoappv10-6ffb8d999c-z6jmn 2/2 Running 0 4m22s 172.20.89.160 192.168.174.108 <none> <none> 生成demoapp pod變量
# DEMOAPP_POD=$(kubectl get pods -l app=demoapp -o jsonpath={.items[0].metadata.name}) 檢視demoapp 網格内狀态
檢視listeners
~# istioctl proxy-config listeners $DEMOAPP_POD --port 8080
ADDRESS PORT MATCH DESTINATION
0.0.0.0 8080 Trans: raw_buffer; App: http/1.1,h2c Route: 8080
0.0.0.0 8080 ALL PassthroughCluster 檢視routes
~# istioctl proxy-config routes $DEMOAPP_POD
NAME DOMAINS MATCH VIRTUAL SERVICE
grafana.istio-system.svc.cluster.local:3000 * /*
15010 istiod.istio-system, 10.100.149.76 /*
kube-dns.kube-system.svc.cluster.local:9153 * /*
kubernetes-dashboard.kubernetes-dashboard.svc.cluster.local:443 * /*
jaeger-collector.istio-system.svc.cluster.local:14250 * /*
9411 jaeger-collector.istio-system, 10.100.122.235 /*
9411 zipkin.istio-system, 10.100.29.132 /*
dashboard-metrics-scraper.kubernetes-dashboard.svc.cluster.local:8000 * /*
80 istio-egressgateway.istio-system, 10.100.121.95 /*
80 istio-ingressgateway.istio-system, 10.100.145.112 /*
80 tracing.istio-system, 10.100.92.199 /*
InboundPassthroughClusterIpv4 * /*
8080 demoappv10, demoappv10.default + 1 more... /*
jaeger-collector.istio-system.svc.cluster.local:14268 * /*
inbound|8080|| * /*
9090 kiali.istio-system, 10.100.48.203 /*
9090 prometheus.istio-system, 10.100.42.102 /*
inbound|8080|| * /*
istio-ingressgateway.istio-system.svc.cluster.local:15021 * /*
* /stats/prometheus*
* /healthz/ready*
InboundPassthroughClusterIpv4 * /*
15014 istiod.istio-system, 10.100.149.76 /*
16685 tracing.istio-system, 10.100.92.199 /*
20001 kiali.istio-system, 10.100.48.203 /* 檢視endpoint
~# istioctl proxy-config endpoint $DEMOAPP_POD --cluster "outbound|8080||demoappv10.default.svc.cluster.local"
ENDPOINT STATUS OUTLIER CHECK CLUSTER
172.20.154.215:8080 HEALTHY OK outbound|8080||demoappv10.default.svc.cluster.local
172.20.44.237:8080 HEALTHY OK outbound|8080||demoappv10.default.svc.cluster.local
172.20.89.161:8080 HEALTHY OK outbound|8080||demoappv10.default.svc.cluster.local 在網格内通路demoapp
建立client
~# kubectl run client --image=ikubernetes/admin-box -it --rm --restart=Never --command -- /bin/sh
If you don't see a command prompt, try pressing enter.
root@client # 檢視client 端口
root@client # netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:15006 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:15006 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:15001 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:15001 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:15021 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:15021 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:15000 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:15004 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:15090 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:15090 0.0.0.0:* LISTEN -
tcp 0 0 :::15020 :::* LISTEN - 通路demo app
root@client # curl demoappv10:8080 #不是通過demoapp svc, 通過主機名稱通路,envoy代理 listener 監聽8080端口
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-78b6586d58-h7kpb, ServerIP: 172.20.89.161! 在kiali檢視通路流程
建立proxy
depoly-proxy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: proxy
spec:
progressDeadlineSeconds: 600
replicas: 1
selector:
matchLabels:
app: proxy
template:
metadata:
labels:
app: proxy
spec:
containers:
- env:
- name: PROXYURL
value: http://demoappv10:8080
image: ikubernetes/proxy:v0.1.1
imagePullPolicy: IfNotPresent
name: proxy
ports:
- containerPort: 8080
name: web
protocol: TCP
resources:
limits:
cpu: 50m
---
apiVersion: v1
kind: Service
metadata:
name: proxy
spec:
ports:
- name: http-80 # 固定格式協定+端口号
port: 80
protocol: TCP
targetPort: 8080
selector:
app: proxy
--- 建立proxy資源
# kubectl apply -f depoly-proxy.yaml
deployment.apps/proxy created
service/proxy created 檢視 proxy pod
# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
client 2/2 Running 0 34m 172.20.89.162 192.168.174.108 <none> <none>
demoappv10-78b6586d58-bwjmh 2/2 Running 0 57m 172.20.44.237 192.168.174.107 <none> <none>
demoappv10-78b6586d58-h7kpb 2/2 Running 0 57m 172.20.89.161 192.168.174.108 <none> <none>
demoappv10-78b6586d58-z9mht 2/2 Running 0 57m 172.20.154.215 192.168.174.106 <none> <none>
proxy-7b79687bbc-bmz7x 2/2 Running 0 2m42s 172.20.154.216 192.168.174.106 <none> <none> 檢視proxy svc
# kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
demoappv10 ClusterIP 10.100.15.159 <none> 8080/TCP 57m app=demoapp,version=v1.0
kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 8d <none>
proxy ClusterIP 10.100.39.182 <none> 80/TCP 2m53s app=proxy 通路demoapp
建立client
~# kubectl run client --image=ikubernetes/admin-box -it --rm --restart=Never --command -- /bin/sh
If you don't see a command prompt, try pressing enter.
root@client # 通路demo app
root@client # curl proxy
Proxying value: iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-78b6586d58-bwjmh, ServerIP: 172.20.44.237!
- Took 318 milliseconds. 在kiali檢視通路流程
app通路流程
clinet ---> proxy 服務 ---> proxy pod ---> demoappv10 服務 ---> demoappv10 pod
service 通路流程