1、首先,请根据前面k8s的教程,搭建一套可以运行的k8s环境
搭建Kubernetes环境01
| k8s-0001 | 159.138.135.216 | 192.168.1.124 |
| k8s-0002 | 159.138.139.37 | 192.168.1.229 |
| k8s-0003 | 159.138.31.39 | 192.168.1.187 |
| k8s-0004 | 119.8.113.135 | 192.168.1.83 |
2、下载并部署istio
#下载并部署istio curl -L https://istio.io/downloadIstio | sh - cd istio-1.5.2 export PATH=$PWD/bin:$PATH istioctl manifest apply --set profile=demo Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for details. - Applying manifest for component Base... ✔ Finished applying manifest for component Base. - Applying manifest for component Pilot... ✔ Finished applying manifest for component Pilot. Waiting for resources to become ready... Waiting for resources to become ready... Waiting for resources to become ready... Waiting for resources to become ready... Waiting for resources to become ready... - Applying manifest for component EgressGateways... - Applying manifest for component IngressGateways... - Applying manifest for component AddonComponents... ✔ Finished applying manifest for component EgressGateways. ✔ Finished applying manifest for component AddonComponents. ✔ Finished applying manifest for component IngressGateways. ✔ Installation complete #告知istio,对default空间下的pod自动注入Envoy sidecar kubectl label namespace default istio-injection=enabled namespace/default labeled
3、部署demo
#部署 kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml #查看pods情况 kubectl get pods NAME READY STATUS RESTARTS AGE details-v1-6fc55d65c9-kxxpm 2/2 Running 0 106s productpage-v1-7f44c4d57c-h6h7p 2/2 Running 0 105s ratings-v1-6f855c5fff-2rjz9 2/2 Running 0 105s reviews-v1-54b8794ddf-tq5vm 2/2 Running 0 106s reviews-v2-c4d6568f9-q8mvs 2/2 Running 0 106s reviews-v3-7f66977689-ccp9c 2/2 Running 0 106s #查看services情况 kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE details ClusterIP 10.104.68.235 <none> 9080/TCP 89s kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 31m productpage ClusterIP 10.106.255.85 <none> 9080/TCP 89s ratings ClusterIP 10.103.19.155 <none> 9080/TCP 89s reviews ClusterIP 10.110.79.44 <none> 9080/TCP 89s</none></none></none></none></none> # 开启外部访问 kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml gateway.networking.istio.io/bookinfo-gateway created virtualservice.networking.istio.io/bookinfo created #查看gateway情况 kubectl get gateway NAME AGE bookinfo-gateway 7s
4、设置ingress
# 查看是否配置了外部IP
kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.105.220.60 <pending> 15020:32235/TCP,80:30266/TCP,443:30265/TCP,15029:30393/TCP,15030:30302/TCP,15031:30789/TCP,15032:31411/TCP,31400:30790/TCP,15443:31341/TCP 5m30s</pending>
#使用node的地址作为host,和LB只需要配置一种
export INGRESS_HOST=47.57.158.253
#使用LB的地址作为host,和node只需要配置一种
export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
#配置http端口
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
#配置https端口
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
#设置并查看外部访问地址
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
echo http://$GATEWAY_URL/productpage
#此时就可以通过节点的ip地址来访问部署的实例了
#浏览器打开上面输出的地址
#http://47.57.158.253:30266/productpage
5、开启管理页面
#开始kaili
istioctl dashboard kiali
#安装nginx
#并设置反向代理
vi /etc/nginx/nginx.conf
http {
upstream backend {
# 代理的本地端口
server 127.0.0.1:20001;
}
server {
# 访问的外部端口
listen 8000;
location / {
proxy_pass http://backend;
}
}
}
# 通过反向代理的8000端口就可以访问kiali的管理界面了
# #http://47.57.158.253:8000
PS:
必须开放的TCP端口有:
| 8000 | nginx代理端口 |
| 8001 | k8s默认代理端口 |
| 30266 | bookinfo demo端口,会变更 |