Istio Service Mesh

Kubernetes | 2020. 3. 8. 18:38

https://istio.io/docs

[참고 : 조대협의 블로그]

서비스매쉬 : https://bcho.tistory.com/1293

Envoy Proxy : https://bcho.tistory.com/1295

Istio 소개 : https://bcho.tistory.com/1296

Istio 설치 : https://bcho.tistory.com/1297

https://istio.io/latest/docs/setup/install/istioctl/

다운로드 Istio

https://istio.io/latest/docs/setup/getting-started/#download
$ curl -L https://istio.io/downloadIstio | sh -

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 102 100 102 0 0 144 0 --:--:-- --:--:-- --:--:-- 144
100 4579 100 4579 0 0 3859 0 0:00:01 0:00:01 --:--:-- 16412
Istio 1.8.1 Download Complete!

Istio has been successfully downloaded into the istio-1.8.1 folder on your system.

Next Steps:
See https://istio.io/latest/docs/setup/install/ to add Istio to your Kubernetes cluster.

To configure the istioctl client tool for your workstation,
add the /root/istio-1.8.1/bin directory to your environment path variable with:
export PATH="$PATH:/root/istio-1.8.1/bin"

Begin the Istio pre-installation check by running:
istioctl x precheck

Need more information? Visit https://istio.io/latest/docs/setup/install/

$ cd istio-1.8.1

$ export PATH=$PWD/bin:$PATH

Istio 설치

https://istio.io/latest/docs/setup/getting-started/#install

$ istioctl install --set profile=demo -y

Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/v1.8/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for details.
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete

default 네임스페이스에 istio를 위한 label 설정

$ kubectl label namespace default istio-injection=enabled

Sample 어플리케이션 배포

$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml

service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created

$ kubectl get services

NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
details        ClusterIP   10.101.193.9             9080/TCP   47s
kubernetes     ClusterIP   10.96.0.1                443/TCP    7h40m
productpage    ClusterIP   10.107.25.219            9080/TCP   47s
ratings        ClusterIP   10.108.169.194           9080/TCP   47s
reviews        ClusterIP   10.109.254.129           9080/TCP   47s

$ kubectl get pods

NAME                              READY   STATUS    RESTARTS   AGE
details-v1-78d78fbddf-5gtfj       2/2     Running   0          113s
productpage-v1-85b9bf9cd7-tjc2h   2/2     Running   0          112s
ratings-v1-6c9dbf6b45-jpd2z       2/2     Running   0          112s
reviews-v1-564b97f875-hhp4q       2/2     Running   0          113s
reviews-v2-568c7c9d8f-sf6zh       2/2     Running   0          113s
reviews-v3-67b4988599-p5tk2       2/2     Running   0          113s

$ kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"

<title>Simple Bookstore App</title>

Istio Ingress Gateway 설치

$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created

$ istioctl analyze

✔ No validation issues found when analyzing namespace: default.

$ kubectl get gateway

NAME AGE
bookinfo-gateway 35s

$ kubectl get svc istio-ingressgateway -n istio-system

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.100.193.174 <pending> 15020:31501/TCP,80:31717/TCP,443:31682/TCP,15029:32270/TCP,15030:31088/TCP,15031:30360/TCP,15032:30391/TCP,31400:32025/TCP,15443:30494/TCP 29m

Set Ingress port

export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')

Set Ingress IP

export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')

Set Gateway URL

export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT

echo "$GATEWAY_URL"

echo "http://$GATEWAY_URL/productpage"

http://192.168.19.130:32042/productpage

웹브라우저에서 접속

Addon 설치

$ kubectl apply -f samples/addons
$ kubectl rollout status deployment/kiali -n istio-system

노드포트로 접근을 위해 service를 수정한다.

$ kubectl get service -n istio-system
NAME HOSTS ADDRESS PORTS AGE
kiali ClusterIP 10.102.63.44 <none> 20001/TCP,9090/TCP

$ kubectl edit service kiali -n istio-system

type: ~~ClusterIP~~ -> NodePort

$ kubectl get service kiali -n istio-system

NAME HOSTS ADDRESS PORTS AGE
kiali NodePort 10.102.63.44 <none> 20001:31660/TCP,9090:32572/TCP

웹브라우저에서 kiali 접속

http://192.168.19.130:31660/kiali

id : admin

pw: admin

Grafana dashboard

$ kubectl edit service grafana -n istio-system

type: ~~ClusterIP~~ -> NodePort

$ kubectl get service grafana -n istio-system

NAME HOSTS ADDRESS PORTS AGE
grafana NodePort 10.98.18.231 <none> 3000:32276/TCP

http://192.168.19.130:32276/

Jaeger UI Tracing

$ kubectl edit service tracing -n istio-system

type: ~~ClusterIP~~ -> NodePort

$ kubectl get service tracing -n istio-system

NAME HOSTS ADDRESS PORTS AGE
tracing NodePort 10.96.81.10 <none> 80:32236/TCP

http://192.168.19.130:32236/

Istio 삭제

$ istioctl manifest generate --set profile=demo | kubectl delete -f -

'Kubernetes' 카테고리의 다른 글

Knative Serving (0)	2020.03.09
Istio Networking (0)	2020.03.09
Create Sample Pod (0)	2020.03.07
Helm 3 (0)	2020.03.07
Kubernetes Ingress Controller (0)	2020.03.06

클라우드 아키텍처