istio实现灰度发布

作者：小丑西瓜9 | 2024-04-25 04:49:53

踩

istio实现灰度发布

环境

name	version
K8s	1.29
Istio	1.20.3
Ubuntun	22.04

安装istio

curl -L https://istio.io/downloadIstio | sh -
cd istio-1.20.3
export PATH=$PWD/bin:$PATH

istioctl install --set profile=demo -y
#设置default命名空间可以注入sidecar
kubectl label namespace default istio-injection=enabled

#修改svc类型为NodePort
kubectl edit svc -n istio-system istio-ingressgateway
1
2
3
4
5
6
7
8
9
10

应用资源文件准备

Service

---
kind: Service
apiVersion: v1
metadata:
  name: nginx
spec:
  selector:
    app: nginx
  ports:
    - name: http-port
      port: 80
      protocol: TCP
      targetPort: 80
  type: ClusterIP
1
2
3
4
5
6
7
8
9
10
11
12
13
14

第一个Deployment

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
      version: v1
  template:
    metadata:
      labels:
        app: nginx
        version: v1
    spec:
      containers:
      - name: nginx1
        image: nginx:1.24.0 
        ports:
        - containerPort: 80
        volumeMounts:
          - name: html-files
            mountPath: "/usr/share/nginx/html"
      - name: busybox
        image: registry.cn-shanghai.aliyuncs.com/acs/busybox:latest
        args:
        - /bin/sh
        - -c
        - >
           while :; do
             if [ -f /html/index.html ];then
               echo "[$(date +%F\ %T)] ${MY_POD_NAMESPACE}-${MY_POD_NAME} ${MY_POD_IP}" > /html/index.html
               sleep 1
             else
               touch /html/index.html
             fi
           done
        env:
          - name: MY_POD_NAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.name
          - name: MY_POD_NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          - name: MY_POD_IP
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: status.podIP
        volumeMounts:
          - name: html-files
            mountPath: "/html"
          - mountPath: /etc/localtime
            name: tz-config
      volumes:
        - name: html-files
          emptyDir:
            medium: Memory
            sizeLimit: 10Mi
        - name: tz-config
          hostPath:
            path: /usr/share/zoneinfo/Asia/Shanghai
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

第二个Deployment

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx2
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
      version: v2
  template:
    metadata:
      labels:
        app: nginx
        version: v2
    spec:
      containers:
      - name: nginx2
        image: nginx:1.24.0 
        ports:
        - containerPort: 80
        volumeMounts:
          - name: html-files
            mountPath: "/usr/share/nginx/html"
      - name: busybox
        image: registry.cn-shanghai.aliyuncs.com/acs/busybox:latest
        args:
        - /bin/sh
        - -c
        - >
           while :; do
             if [ -f /html/index.html ];then
               echo "[$(date +%F\ %T)] ${MY_POD_NAMESPACE}-${MY_POD_NAME} ${MY_POD_IP}" > /html/index.html
               sleep 1
             else
               touch /html/index.html
             fi
           done
        env:
          - name: MY_POD_NAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.name
          - name: MY_POD_NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          - name: MY_POD_IP
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: status.podIP
        volumeMounts:
          - name: html-files
            mountPath: "/html"
          - mountPath: /etc/localtime
            name: tz-config
      volumes:
        - name: html-files
          emptyDir:
            medium: Memory
            sizeLimit: 10Mi
        - name: tz-config
          hostPath:
            path: /usr/share/zoneinfo/Asia/Shanghai
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

istio资源文件准备

#Gateway: 定义入口网关。
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
spec:
  selector:
    istio: ingressgateway # 绑定 IngressGateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "www.fgj.com"

#VirtualService: 定义虚拟服务，根据请求路径将流量按照权重路由到不同子集。
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: my-virtual-service
spec:
  hosts:
  - "www.fgj.com"
  gateways:
  - my-gateway #指定Gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: nginx.default.svc.cluster.local #service FQDN
        subset: v1
      weight: 90 #按权重路由
    - destination:
        host: nginx.default.svc.cluster.local
        subset: v2
      weight: 10

#DestinationRule: 定义目标规则，分配不同子集。
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: my-destination-rule
spec:
  host: nginx.default.svc.cluster.local  #service FQDN
  subsets:
  - name: v1
    labels:
      version: v1   #pod标签
  - name: v2
    labels:
      version: v2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

流量走向

client-->IngressGateway-->Gateway-->VirtualService-->DestinationRule
1

测试

#找集群一个节点做本地域名解析
root@k8s-master01:~# cat /etc/hosts|grep www.fgj.com
192.168.1.12 k8s-master02 www.fgj.com

#查看istio-ingressgateway暴露端口
root@k8s-master01:~# k get svc -n istio-system istio-ingressgateway 
NAME                   TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                      AGE
istio-ingressgateway   NodePort   10.104.116.192   <none>        15021:12351/TCP,80:11820/TCP,443:62503/TCP,31400:54696/TCP,15443:37655/TCP   4d5h

root@k8s-master01:~# for ((i=1;i<=20;i++)); do curl http://www.fgj.com:11820; done
[2024-03-02 00:19:54] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:54] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:54] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:54] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:54] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:55] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:55] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:55] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:54] default-nginx2-cfd865497-sgkkq 10.244.32.177
[2024-03-02 00:19:54] default-nginx2-cfd865497-sgkkq 10.244.32.177
[2024-03-02 00:19:55] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:55] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:55] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:55] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:55] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:55] default-nginx2-cfd865497-sgkkq 10.244.32.177
[2024-03-02 00:19:55] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:55] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:55] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
[2024-03-02 00:19:55] default-nginx1-645b59b4c6-bwwm7 10.244.122.156
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/小丑西瓜9/article/detail/483350