diff --git a/SUMMARY.md b/SUMMARY.md index 123a55308..556a76e98 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -46,6 +46,9 @@ - [4.4 存储管理](practice/storage.md) - [4.4.1 使用glusterfs做持久化存储](practice/using-glusterfs-for-persistent-storage.md) - [5. 领域应用](usecases/index.md) + - [5.1 微服务架构](usecases/microservices.md) + - [5.1.1 Istio](usecases/Istio.md) + - [5.1.1.1 安装istio](usecases/istio-installation.md) - [6. 开发指南](develop/index.md) - [6.1 开发环境搭建](develop/developing-environment.md) - [6.2 单元测试和集成测试](develop/testing.md) diff --git a/images/istio-grafana.jpg b/images/istio-grafana.jpg new file mode 100644 index 000000000..e8786848d Binary files /dev/null and b/images/istio-grafana.jpg differ diff --git a/images/istio-prometheus.jpg b/images/istio-prometheus.jpg new file mode 100644 index 000000000..68296dea1 Binary files /dev/null and b/images/istio-prometheus.jpg differ diff --git a/images/istio-zipkin.jpg b/images/istio-zipkin.jpg new file mode 100644 index 000000000..f2abb1a69 Binary files /dev/null and b/images/istio-zipkin.jpg differ diff --git a/manifests/istio/bookinfo.yaml b/manifests/istio/bookinfo.yaml new file mode 100644 index 000000000..0f907e379 --- /dev/null +++ b/manifests/istio/bookinfo.yaml @@ -0,0 +1,218 @@ +# Copyright 2017 Istio Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################################################## +# Details service +################################################################################################## +apiVersion: v1 +kind: Service +metadata: + name: details + labels: + app: details +spec: + ports: + - port: 9080 + name: http + selector: + app: details +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: details-v1 +spec: + replicas: 1 + template: + metadata: + labels: + app: details + version: v1 + spec: + containers: + - name: details + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/examples-bookinfo-details-v1 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9080 +--- +################################################################################################## +# Ratings service +################################################################################################## +apiVersion: v1 +kind: Service +metadata: + name: ratings + labels: + app: ratings +spec: + ports: + - port: 9080 + name: http + selector: + app: ratings +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: ratings-v1 +spec: + replicas: 1 + template: + metadata: + labels: + app: ratings + version: v1 + spec: + containers: + - name: ratings + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/examples-bookinfo-ratings-v1 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9080 +--- +################################################################################################## +# Reviews service +################################################################################################## +apiVersion: v1 +kind: Service +metadata: + name: reviews + labels: + app: reviews +spec: + ports: + - port: 9080 + name: http + selector: + app: reviews +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: reviews-v1 +spec: + replicas: 1 + template: + metadata: + labels: + app: reviews + version: v1 + spec: + containers: + - name: reviews + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/examples-bookinfo-reviews-v1 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9080 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: reviews-v2 +spec: + replicas: 1 + template: + metadata: + labels: + app: reviews + version: v2 + spec: + containers: + - name: reviews + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/examples-bookinfo-reviews-v2 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9080 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: reviews-v3 +spec: + replicas: 1 + template: + metadata: + labels: + app: reviews + version: v3 + spec: + containers: + - name: reviews + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/examples-bookinfo-reviews-v3 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9080 +--- +################################################################################################## +# Productpage service +################################################################################################## +apiVersion: v1 +kind: Service +metadata: + name: productpage + labels: + app: productpage +spec: + ports: + - port: 9080 + name: http + selector: + app: productpage +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: productpage-v1 +spec: + replicas: 1 + template: + metadata: + labels: + app: productpage + version: v1 + spec: + containers: + - name: productpage + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/examples-bookinfo-productpage-v1 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9080 +--- +########################################################################### +# Ingress resource (gateway) +########################################################################## +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: gateway + annotations: + kubernetes.io/ingress.class: "istio" +spec: + rules: + - http: + paths: + - path: /productpage + backend: + serviceName: productpage + servicePort: 9080 + - path: /login + backend: + serviceName: productpage + servicePort: 9080 + - path: /logout + backend: + serviceName: productpage + servicePort: 9080 +--- diff --git a/manifests/istio/grafana.yaml b/manifests/istio/grafana.yaml new file mode 100644 index 000000000..5ea5b6acb --- /dev/null +++ b/manifests/istio/grafana.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: grafana +spec: + ports: + - port: 3000 + protocol: TCP + name: grafana + selector: + app: grafana +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: grafana +spec: + replicas: 1 + template: + metadata: + annotations: + alpha.istio.io/sidecar: ignore + labels: + app: grafana + spec: + containers: + - name: grafana + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/grafana:0.1.5 + imagePullPolicy: Always + ports: + - containerPort: 3000 + env: + - name: GRAFANA_PORT + value: "3000" + - name: GF_AUTH_BASIC_ENABLED + value: "false" + - name: GF_AUTH_ANONYMOUS_ENABLED + value: "true" + - name: GF_AUTH_ANONYMOUS_ORG_ROLE + value: Admin + - name: GF_PATHS_DATA + value: /data/grafana + volumeMounts: + - mountPath: /data/grafana + name: grafana-data + volumes: + - name: grafana-data + emptyDir: {} +--- diff --git a/manifests/istio/istio-rbac-beta.yaml b/manifests/istio/istio-rbac-beta.yaml new file mode 100644 index 000000000..a0ca7c959 --- /dev/null +++ b/manifests/istio/istio-rbac-beta.yaml @@ -0,0 +1,112 @@ +# Permissions and roles for istio +# To debug: start the cluster with -vmodule=rbac,3 to enable verbose logging on RBAC DENY +# Also helps to enable logging on apiserver 'wrap' to see the URLs. +# Each RBAC deny needs to be mapped into a rule for the role. +# If using minikube, start with '--extra-config=apiserver.Authorization.Mode=RBAC' +# +# NOTE: If deploying istio to a namespace other than 'default' then change the +# ClusterRoleBinding namspace target appropriately. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: istio-manager +rules: +- apiGroups: ["istio.io"] + resources: ["istioconfigs", "istioconfigs.istio.io"] + verbs: ["*"] +- apiGroups: ["extensions"] + resources: ["thirdpartyresources", "thirdpartyresources.extensions", "ingresses", "ingresses/status"] + verbs: ["*"] +- apiGroups: [""] + resources: ["configmaps", "endpoints", "pods", "services"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: istio-ca +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create", "get", "watch", "list", "update"] +- apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["watch", "list"] +--- +# Permissions for the sidecar proxy. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: istio-sidecar +rules: +- apiGroups: ["istio.io"] + resources: ["istioconfigs"] + verbs: ["get", "watch", "list"] +- apiGroups: ["extensions"] + resources: ["thirdpartyresources", "ingresses"] + verbs: ["get", "watch", "list", "update"] +- apiGroups: [""] + resources: ["configmaps", "pods", "endpoints", "services"] + verbs: ["get", "watch", "list"] +--- +# Grant permissions to the Manager/discovery. +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: istio-manager-admin-role-binding +subjects: +- kind: ServiceAccount + name: istio-manager-service-account + namespace: default +roleRef: + kind: ClusterRole + name: istio-manager + apiGroup: rbac.authorization.k8s.io +--- +# Grant permissions to the Manager/discovery. +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: istio-ca-role-binding +subjects: +- kind: ServiceAccount + name: istio-ca-service-account + namespace: default +roleRef: + kind: ClusterRole + name: istio-ca + apiGroup: rbac.authorization.k8s.io +--- +# Grant permissions to the Ingress controller. +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: istio-ingress-admin-role-binding +subjects: +- kind: ServiceAccount + name: istio-ingress-service-account + namespace: default +roleRef: + kind: ClusterRole + name: istio-manager + apiGroup: rbac.authorization.k8s.io +--- +# Grant permissions to the sidecar. +# TEMPORARY: the istioctl should generate a separate service account for the proxy, and permission +# granted only to that account ! +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: istio-sidecar-role-binding +subjects: +- kind: ServiceAccount + name: default + namespace: default +roleRef: + kind: ClusterRole + name: istio-sidecar + apiGroup: rbac.authorization.k8s.io +--- diff --git a/manifests/istio/istio.yaml b/manifests/istio/istio.yaml new file mode 100644 index 000000000..1f9016ea5 --- /dev/null +++ b/manifests/istio/istio.yaml @@ -0,0 +1,212 @@ +# GENERATED FILE. Use with Kubernetes 1.5+ +# TO UPDATE, modify files in install/kubernetes/templates and run updateVersion.sh +# Mixer +apiVersion: v1 +kind: Service +metadata: + name: istio-mixer + labels: + istio: mixer +spec: + ports: + - name: tcp + port: 9091 + - name: configapi + port: 9094 + - name: prometheus + port: 42422 + selector: + istio: mixer +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: istio-mixer +spec: + replicas: 1 + template: + metadata: + annotations: + alpha.istio.io/sidecar: ignore + labels: + istio: mixer + spec: + containers: + - name: mixer + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/mixer:0.1.5 + imagePullPolicy: Always + ports: + - containerPort: 9091 + - containerPort: 9094 + - containerPort: 42422 + args: + - --configStoreURL=fs:///etc/opt/mixer/configroot + - --logtostderr + - -v + - "3" +--- +# Manager service for discovery +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio +data: + mesh: |- + # Uncomment the following line to enable mutual TLS between proxies + # authPolicy: MUTUAL_TLS + mixerAddress: istio-mixer:9091 + discoveryAddress: istio-manager:8080 + ingressService: istio-ingress + zipkinAddress: zipkin:9411 +--- +apiVersion: v1 +kind: Service +metadata: + name: istio-manager + labels: + istio: manager +spec: + ports: + - port: 8080 + name: http-discovery + - port: 8081 + name: http-apiserver + selector: + istio: manager +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-manager-service-account +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: istio-manager +spec: + replicas: 1 + template: + metadata: + annotations: + alpha.istio.io/sidecar: ignore + labels: + istio: manager + spec: + serviceAccountName: istio-manager-service-account + containers: + - name: discovery + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/manager:0.1.5 + imagePullPolicy: Always + args: ["discovery", "-v", "2"] + ports: + - containerPort: 8080 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: apiserver + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/manager:0.1.5 + imagePullPolicy: Always + args: ["apiserver", "-v", "2"] + ports: + - containerPort: 8081 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +--- +################################ +# Istio ingress controller +################################ +apiVersion: v1 +kind: Service +metadata: + name: istio-ingress + labels: + istio: ingress +spec: + ports: + - port: 80 +# nodePort: 32000 + name: http + - port: 443 + name: https + selector: + istio: ingress +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-ingress-service-account +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: istio-ingress +spec: + replicas: 1 + template: + metadata: + annotations: + alpha.istio.io/sidecar: ignore + labels: + istio: ingress + spec: + serviceAccountName: istio-ingress-service-account + containers: + - name: istio-ingress + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/proxy_debug:0.1.5 + args: ["proxy", "ingress", "-v", "2"] + imagePullPolicy: Always + ports: + - containerPort: 80 + - containerPort: 443 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +--- + +################################ +# Istio egress envoy +################################ +apiVersion: v1 +kind: Service +metadata: + name: istio-egress +spec: + ports: + - port: 80 + selector: + istio: egress +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: istio-egress +spec: + replicas: 1 + template: + metadata: + labels: + istio: egress + spec: + containers: + - name: proxy + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/proxy_debug:0.1.5 + imagePullPolicy: Always + args: ["proxy", "egress", "-v", "2"] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +--- + diff --git a/manifests/istio/prometheus.yaml b/manifests/istio/prometheus.yaml new file mode 100644 index 000000000..4b1785ae9 --- /dev/null +++ b/manifests/istio/prometheus.yaml @@ -0,0 +1,70 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: prometheus +data: + prometheus.yml: |- + global: + scrape_interval: 15s + scrape_configs: + + - job_name: 'mixer' + # Override the global default and scrape targets from this job every 5 seconds. + scrape_interval: 5s + # metrics_path defaults to '/metrics' + # scheme defaults to 'http'. + static_configs: + - targets: ['istio-mixer:42422'] +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/scrape: 'true' + labels: + name: prometheus + name: prometheus +spec: + selector: + app: prometheus + ports: + - name: prometheus + protocol: TCP + port: 9090 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: prometheus +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus + template: + metadata: + annotations: + alpha.istio.io/sidecar: ignore + name: prometheus + labels: + app: prometheus + spec: + containers: + - name: prometheus + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/prometheus:v1.1.1 + args: + - '-storage.local.retention=6h' + - '-storage.local.memory-chunks=500000' + - '-config.file=/etc/prometheus/prometheus.yml' + ports: + - name: web + containerPort: 9090 + volumeMounts: + - name: config-volume + mountPath: /etc/prometheus + volumes: + - name: config-volume + configMap: + name: prometheus +--- diff --git a/manifests/istio/servicegraph.yaml b/manifests/istio/servicegraph.yaml new file mode 100644 index 000000000..79d012b47 --- /dev/null +++ b/manifests/istio/servicegraph.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: servicegraph +spec: + replicas: 1 + template: + metadata: + annotations: + alpha.istio.io/sidecar: ignore + labels: + app: servicegraph + spec: + containers: + - name: servicegraph + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/servicegraph:latest + ports: + - containerPort: 8088 + args: + - --prometheusAddr=http://prometheus:9090 +--- +apiVersion: v1 +kind: Service +metadata: + name: servicegraph +spec: + ports: + - name: http + port: 8088 + selector: + app: servicegraph +--- diff --git a/manifests/istio/zipkin.yaml b/manifests/istio/zipkin.yaml new file mode 100644 index 000000000..e9556cfac --- /dev/null +++ b/manifests/istio/zipkin.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: zipkin +spec: + replicas: 1 + template: + metadata: + annotations: + alpha.istio.io/sidecar: ignore + labels: + app: zipkin + spec: + containers: + - name: zipkin + image: sz-pg-oam-docker-hub-001.tendcloud.com/library/zipkin:latest + ports: + - containerPort: 9411 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +--- +apiVersion: v1 +kind: Service +metadata: + name: zipkin +spec: + #type: NodePort + ports: + - name: http + port: 9411 + #nodePort: 30411 + selector: + app: zipkin +--- diff --git a/usecases/istio-installation.md b/usecases/istio-installation.md new file mode 100644 index 000000000..388f4c6e9 --- /dev/null +++ b/usecases/istio-installation.md @@ -0,0 +1,245 @@ +# 安装istio + +本文根据官网的文档整理而成,步骤包括安装`istio 0.1.5`并创建一个bookinfo的微服务来测试istio的功能。 + +文中使用的yaml文件可以在[kubernetes-handbook](https://github.com/rootsongjc/kubernetes-handbook)的`manifests/istio`目录中找到,所有的镜像都换成了我的私有镜像仓库地址,请根据官网的镜像自行修改。 + +## 安装环境 + +CentOS 7.3.1611 + +Docker 1.12.6 + +Kubernetes 1.6.0 + +## 安装 + +**1.下载安装包** + +下载地址:https://github.com/istio/istio/releases + +下载Linux版本的当前最新版安装包 + +```Shell +wget https://github.com/istio/istio/releases/download/0.1.5/istio-0.1.5-linux.tar.gz +``` + +**2.解压** + +解压后,得到的目录结构如下: + +``` +. +├── bin +│   └── istioctl +├── install +│   └── kubernetes +│   ├── addons +│   │   ├── grafana.yaml +│   │   ├── prometheus.yaml +│   │   ├── servicegraph.yaml +│   │   └── zipkin.yaml +│   ├── istio-auth.yaml +│   ├── istio-rbac-alpha.yaml +│   ├── istio-rbac-beta.yaml +│   ├── istio.yaml +│   ├── README.md +│   └── templates +│   ├── istio-auth +│   │   ├── istio-auth-with-cluster-ca.yaml +│   │   ├── istio-cluster-ca.yaml +│   │   ├── istio-egress-auth.yaml +│   │   ├── istio-ingress-auth.yaml +│   │   └── istio-namespace-ca.yaml +│   ├── istio-egress.yaml +│   ├── istio-ingress.yaml +│   ├── istio-manager.yaml +│   └── istio-mixer.yaml +├── istio.VERSION +├── LICENSE +└── samples + ├── apps + │   ├── bookinfo + │   │   ├── bookinfo.yaml + │   │   ├── cleanup.sh + │   │   ├── destination-ratings-test-delay.yaml + │   │   ├── loadbalancing-policy-reviews.yaml + │   │   ├── mixer-rule-additional-telemetry.yaml + │   │   ├── mixer-rule-empty-rule.yaml + │   │   ├── mixer-rule-ratings-denial.yaml + │   │   ├── mixer-rule-ratings-ratelimit.yaml + │   │   ├── README.md + │   │   ├── route-rule-all-v1.yaml + │   │   ├── route-rule-delay.yaml + │   │   ├── route-rule-reviews-50-v3.yaml + │   │   ├── route-rule-reviews-test-v2.yaml + │   │   ├── route-rule-reviews-v2-v3.yaml + │   │   └── route-rule-reviews-v3.yaml + │   ├── httpbin + │   │   ├── httpbin.yaml + │   │   └── README.md + │   └── sleep + │   ├── README.md + │   └── sleep.yaml + └── README.md + +11 directories, 41 files +``` + +从文件里表中可以看到,安装包中包括了kubernetes的yaml文件,示例应用和安装模板。 + +**3.安装istioctl** + +将`./bin/istioctl`拷贝到你的`$PATH`目录下。 + +**4.检查RBAC** + +因为我们安装的kuberentes版本是1.6.0默认支持RBAC,这一步可以跳过。如果你使用的其他版本的kubernetes,请参考[官方文档](https://istio.io/docs/tasks/installing-istio.html)操作。 + +执行以下命令,正确的输出是这样的: + +```bash +$ kubectl api-versions | grep rbac +rbac.authorization.k8s.io/v1alpha1 +rbac.authorization.k8s.io/v1beta1 +``` + +**5.创建角色绑定** + +```bash +$ kubectl create -f install/kubernetes/istio-rbac-beta.yaml +clusterrole "istio-manager" created +clusterrole "istio-ca" created +clusterrole "istio-sidecar" created +clusterrolebinding "istio-manager-admin-role-binding" created +clusterrolebinding "istio-ca-role-binding" created +clusterrolebinding "istio-ingress-admin-role-binding" created +clusterrolebinding "istio-sidecar-role-binding" created +``` + +注意:官网的安装包中的该文件中存在RoleBinding错误,应该是集群级别的`clusterrolebinding`,而release里的代码只是普通的`rolebinding`,查看该Issue [Istio manager cannot list of create k8s TPR when RBAC enabled #327](https://github.com/istio/istio/issues/327)。 + +**6.安装istio核心组件** + +用到的镜像有: + +``` +docker.io/istio/mixer:0.1.5 +docker.io/istio/manager:0.1.5 +docker.io/istio/proxy_debug:0.1.5 +``` + +我们暂时不开启[Istio Auth](https://istio.io/docs/concepts/network-and-auth/auth.html)。 + +> 本文中用到的所有yaml文件中的`type: LoadBalancer`去掉,使用默认的ClusterIP,然后配置Traefik ingress,就可以在集群外部访问。请参考[安装Traefik ingress](practice/traefik-ingress-installation.md)。 + +```bash +kubectl apply -f install/kubernetes/istio.yaml +``` + +**7.安装监控插件** + +用到的镜像有: + +``` +docker.io/istio/grafana:0.1.5 +quay.io/coreos/prometheus:v1.1.1 +gcr.io/istio-testing/servicegraph:latest +docker.io/openzipkin/zipkin:latest +``` + +为了方便下载,其中两个镜像我备份到了时速云: + +``` +index.tenxcloud.com/jimmy/prometheus:v1.1.1 +index.tenxcloud.com/jimmy/servicegraph:latest +``` + +安装插件 + +```bash +kubectl apply -f install/kubernetes/addons/prometheus.yaml +kubectl apply -f install/kubernetes/addons/grafana.yaml +kubectl apply -f install/kubernetes/addons/servicegraph.yaml +kubectl apply -f install/kubernetes/addons/zipkin.yaml +``` + +在traefik ingress中增加增加以上几个服务的配置。 + +```Yaml + - host: grafana.istio.io + http: + paths: + - path: / + backend: + serviceName: grafana + servicePort: 3000 + - host: servicegraph.istio.io + http: + paths: + - path: / + backend: + serviceName: servicegraph + servicePort: 8088 + - host: prometheus.istio.io + http: + paths: + - path: / + backend: + serviceName: prometheus + servicePort: 9090 + - host: zipkin.istio.io + http: + paths: + - path: / + backend: + serviceName: zipkin + servicePort: 9411 +``` + +Grafana页面 + +![Istio Grafana界面](../images/istio-grafana.jpg) + +Prometheus页面 + +![Prometheus页面](../images/istio-prometheus.jpg) + +Zipkin页面 + +![Zipkin页面](../images/istio-zipkin.jpg) + + + +## 测试 + +我们使用Istio提供的测试应用[bookinfo](https://istio.io/docs/samples/bookinfo.html)微服务来进行测试。 + +该微服务用到的镜像有: + +``` +istio/examples-bookinfo-details-v1 +istio/examples-bookinfo-ratings-v1 +istio/examples-bookinfo-reviews-v1 +istio/examples-bookinfo-reviews-v2 +istio/examples-bookinfo-reviews-v3 +istio/examples-bookinfo-productpage-v1 +``` + +**部署应用** + +``` +kubectl create -f <(istioctl kube-inject -f samples/apps/bookinfo/bookinfo.yaml) +``` + +`Istio kube-inject`命令会在`bookinfo.yaml`文件中增加Envoy sidecar信息。参考:https://istio.io/docs/reference/commands/istioctl.html#istioctl-kube-inject + +## 问题 + +在bookinfo部署后没有在Grafana、Prometheus、ServiceGraph和Zipkin中看到结果。 + +## 参考 + +[Installing Istio](https://istio.io/docs/tasks/installing-istio.html) + +[BookInfo sample](https://istio.io/docs/samples/bookinfo.html) \ No newline at end of file diff --git a/usecases/istio.md b/usecases/istio.md new file mode 100644 index 000000000..5214cc6dc --- /dev/null +++ b/usecases/istio.md @@ -0,0 +1,11 @@ +# Istio + +## 前言 + +[Istio](https://istio.io)是由Google、IBM和Lyft开源的微服务管理、保护和监控框架。Istio为希腊语,意思是“启航”。 + +## 参考 + +[Istio开源平台发布,Google、IBM和Lyft分别承担什么角色?](http://www.leiphone.com/news/201705/RwRlyAs7Mi8pqhSb.html) + +[Istio:用于微服务的服务啮合层](http://www.infoq.com/cn/news/2017/05/istio?utm_source=news_about_opensource&utm_medium=link&utm_campaign=opensource) \ No newline at end of file diff --git a/usecases/microservices.md b/usecases/microservices.md new file mode 100644 index 000000000..6fc0f1eae --- /dev/null +++ b/usecases/microservices.md @@ -0,0 +1,4 @@ +# 微服务架构 + +- [Istio](istio.md) +