I
Deployment BookInfo Sample program detailed procedures and procedures (based on kubernetes cluster +istio v1.0)
Istio architecture
Deploying the BookInfo sample programThe sample application is included in the Samples directory of the downloaded Istio installation package.BookInfo ApplicationsDeploy a sample application that consists of four separate microservices to demonstrate a variety of istio features. This app mimics a category in the online bookstore, displaying information about a book. A description of the book, the details of the book (ISBN, pages, etc.) and some comments about the book are displayed on the page. The Bookinfo application is divided into four separate microservices:
The Productpage:productpage microservices Call details and reviews two microservices, which are used to generate a page.
Details: This micro-service contains information about books.
Reviews: This micro-service contains book-related reviews. It will also invoke the ratings micro-service.
The Ratings:ratings micro-service contains rating information composed of book reviews.
Istio service mesh architecture
There are 3 versions of the reviews micro-service:
The V1 version does not call the ratings service.
The V2 version invokes the ratings service and uses 1 to 5 black star icons to display rating information.
The V3 version invokes the ratings service and uses 1 to 5 red Star icons to display rating information.
Shows the end-to-end architecture of this application.
istio architecture diagram
Bookinfo is a heterogeneous application, and several microservices are written in different languages. These services are not dependent on istio, but constitute an example of a representative service grid: It consists of multiple services, multiple languages, and the reviews service has multiple versions. To run this app in Istio, you don't need to make any changes to the app itself. As long as we simply configure and run the service in the Istio environment, the point is to inject Envoy sidecar into each service. The specific commands and configuration methods required for this process are determined by the runtime environment, and the deployment results are more consistent, as shown in the following:
All microservices are integrated with Envoy sidecar, and all traffic to and from the integrated service is hijacked by Sidecar, so that the required hooks are prepared for external control, and then the Istio control plane can be used to provide service routing for the application, Functions such as telemetry data collection and policy enforcement. Next, according to the Istio environment, follow the instructions below to complete the deployment of the application. First verify that the Kubernetes cluster is enabled for automatic sidecar injection.automatic injection of SidecarWith Kubernetes's mutating Webhook admission controller, automatic injection of Sidecar is possible. This capability is only available after the Kubernetes 1.9 version. Before using this feature, first check the kube-apiserver process, whether it has the Admission-control parameter, and the value of this parameter needs to include Mutatingadmissionwebhook and Validatingadmissionwebhook two items and loads in the correct order to enable admissionregistration Api:[[email protected] ~]# Kubectl api-versions | grep admissionregistrationadmissionregistration.k8s.io/v1beta1 Ps-ef | grep apiserver
Confirm that automatic sidecar injection is enabled for the Kubernetes cluster.Deploying BookInfo Services Create book namespace (optional), or you can use the default default namespace directly. &NBSP;KUBECTL Create NS book to book namespace settings label: istio-injection=enabled:$ kubectl label namespace book istio-injection=enabled $ Kubectl get namespace-l istio-injection [[email protected] ~]# Kubectl Get Ns-l Istio-injectionname status AGE ISTIO-INJECTIONbook Active 1d enableddefault Active 27d istio-system active 8d disabledkube-public Active 27d kube-system active 27d weave Active 21d if the cluster is using automatic Sidecar injection, the deployment of the service can be accomplished with a simple kubectl. [[email protected] istio-1.0.0]# kubectl apply-n book -f samples/bookinfo/platform/kube/ Bookinfo.yamlservice "Details" createddeployment.extensions "DETAILS-V1" Createdservice "ratings" Createddeployment.extensions "Ratings-v1" createdservice "Reviews" Createddeployment.extensions "Reviews-v1" Createddeployment.extensions "Reviews-v2" createddeployment.extensions "Reviews-v3" Createdservice "Productpage" Createddeployment.extensions "Productpage-v1" created the above command will start all four services, including three versions of the reviews service (V1, V2, and V3). If there is a problem with your service deployment, you can use the following command to delete a service that has already been deployed. Kubectl delete-f samples/bookinfo/platform/kube/bookinfo.yaml-n book Verify that all services and pods are functioning correctly: [[email protected] istio-1.0.0]# kubectl get svc-n bookname TYPE CLUSTER-IP external-ip port (S) AGEdetails ClusterIP 10.103.243.183 <none> 9080/TCP 9sproductpage ClusterIP 10.111.96.136 <none> 9080/tcp 7sratings clusterip 10.111.136.187 <none> 9080/TCP 9sreviews clusterip 10.97.99.117 <none> 9080/tcp 8s [[email protected] istio-1.0.0]# kubectl get pods-n book-o widename & nbsp; ready STATUS RESTARTS AGE IP Nodedetails-v1-6865b9b99d-4rpfs 2/2 running 0 12m 10.244.2.140 centos-112productpage-v1-f8c8fb8-9zlmb 2/2 Running 0 12m 10.244.2.150 centos-112ratings-v1-77f657f55d-mvx9g 2/2 Running 0 12m 10.244.2.135 centos-112reviews-v1-6b7f6db5c5-8jfq7 2/2 running 0 12m 10.244.2.142 centos-112reviews-v2-7ff5966b99-pfhz8 2/2 Running 0 12m 10.244.2.146 centos-112reviews-v3-5df889bcff-vhk49 2/2 Running 0 12m 10.244.1.147 centos-111 Verify that the pod will automatically inject sidecarkubectl describe pod productpage-v1-f8c8fb8-8dnjm-n book The pod injected into the sidecar will have 2 containers, an extra istio-proxy container and its corresponding storage volume.
Or see if there are istio-proxy containers in the pod using the following command: [[email protected] ~]# kubectl get pod productpage-v1-f8c8fb8-8dnjm-o jsonpath= ' {. Spec.containers[*].name} '-n bookproductpage istio-proxy output shows that there are 2 containers in the pod, productpage and Istio-proxy, respectively. You can disable the automatic injection of the book namespace and then check that the new Pod does not have a Sidecar container.determine ingress IP and Ports Execute the following command to determine whether your Kubernetes cluster is running in an environment that supports external load balancers. [[email protected] ~]# kubectl Get svc istio-ingressgateway-n istio-systemname TYPE cluster-ip external-ip port (S) ageistio-ingressgateway nodeport 10.106.84.2 <none> 80:31380/tcp,443:31390/tcp,31400:31400/tcp,15011:32329/tcp,8060:32167/tcp,15030:31095/ tcp,15031:30203/tcp 8d if External-ip set this value, your environment is required to have an external load balancer available for the Ingress Gateway. If the External-ip value is <none> (or has been <pending>), it is possible that your environment does not support the ability to provide an external load balancer for the Ingress Gateway. In this case, you can access the gateway by using the node port of the Service. Use kubectl patch update istio-ingressgateway service Gateway type because in my kubernetes cluster environment, External load balancers are not supported. Therefore, access the gateway using the node port method. [[email protected] istio-1.0.0]# kubectl patch service Istio-ingressgateway-n istio-system-p ' {"spec": {" Type ': ' Nodeport '} ' service ' Istio-ingressgateway ' patched defining ingress Gateway for Bookinfo applicationsNow that the Bookinfo service is running, we need to make the app accessible to the Kubernetes cluster outside, such as through a browser. Istio Gateway can achieve this. Kubectl apply-n book-f samples/bookinfo/networking/bookinfo-gateway.yaml output result: Gateway.networking.istio.io " Bookinfo-gateway "Createdvirtualservice.networking.istio.io" BookInfo "created confirm Gateway creation: Kubectl get Gateway-n BookName Agebookinfo-gateway 15h can also verify that the gateway and Virtualservice were created successfully by ISTIOCTL command, as follows:
In the front, we expose the Istio-ingressgateway service through the Nodeport method, now get ingress ports:$ export ingress_port=$ according to the following command (Kubectl-n Istio-system Get service Istio-ingressgateway-o jsonpath= ' {. spec.ports[? ( @.name== "HTTP2")].nodeport} ') $ export secure_ingress_port=$ (kubectl-n istio-system Get Service Istio-ingressgateway- o jsonpath= ' {. spec.ports[? ( @.name== "https")].nodeport} ') Get ingress IP Address: $ export ingress_host=$ (Kubectl get po-l istio=ingressgateway-n Istio-sys Tem-o ' Jsonpath={.items[0].status.hostip} ')access to the ingress service through a browserYou can then use the $INGRESS _host in the browser's URL: $INGRESS _port (that is, 192.168.56.110:31380) to access it, enter http://192.168.56.110:31380/ After the Productpage URL, the following information is displayed:
If you refresh the pages of your app several times, you'll see the effect of different versions of the reviews service appearing randomly on the page (red, Black Star, or not). This is the case with the reviews service because we have not yet used Istio to control the version of the route. Understanding PrincipleThe Gateway configuration resource allows external traffic to enter the Istio service grid and enables Istio traffic management and policy features to be used for edge services. In the previous steps, we created a service in the Istio service grid and demonstrated how to expose the HTTP endpoint of the service to external traffic. =================================================cleaning up the Bookinfo sample appAfter you end the experience with the Bookinfo sample app, you can use the following command to complete the removal and cleanup of the app. Complete Delete 1 in the Kubernetes environment. Delete the routing rule and end the app's pod$ samples/bookinfo/platform/kube/cleanup.sh * Confirm that the app is closed-if Namespace-book was previously created, the following command also needs to add the-n book parameter. $ istioctl Get Gateway #--here should have no gateway $ istioctl Get virtualservices #--here should have no virtualservice $ kubectl get pods All pods of #--Bookinfo should have been removed.Uninstalling IstioUse Kubectl to uninstall Istiokubectl delete-f Install/kubernetes/istio-demo.yaml manually clear additional job resources Kubectl-n Istio-system Delete Job--a ll delete Crdkubectl delete-f install/kubernetes/helm/istio/templates/crds.yaml-n Istio-systemReference Links:Inject Istio sidecarhttps://preliminary.istio.io/zh/docs/setup/kubernetes/sidecar-injection/#sidecar-%e7%9a%84%e8%87 %aa%e5%8a%a8%e6%b3%a8%e5%85%a5install with helmhttps://istio.io/docs/setup/kubernetes/helm-install/# Option-2-install-with-helm-and-tiller-via-helm-install Control ingress Flow https://preliminary.istio.io/zh/docs/tasks/ Traffic-management/ingress/bookinfo Application https://preliminary.istio.io/zh/docs/examples/bookinfo/ Istio and BookInfo sample program installation trial notes https://zhaohuabing.com/2017/11/04/istio-install_and_example/
Deployment BookInfo Sample program detailed procedures and procedures (based on kubernetes cluster +istio v1.0)