# Istio服务网格
[root@k8s-master ~]# cat > /root/istio-intro.txt << 'EOF' Istio服务网格 ============= 1. 核心功能 - 流量管理: 路由、负载均衡 - 安全: mTLS、认证授权 - 可观测性: 指标、日志、追踪 2. 组件架构 - Envoy: 数据平面代理 - istiod: 控制平面 - Gateway: 入口/出口网关 3. 资源类型 - VirtualService: 虚拟服务 - DestinationRule: 目标规则 - Gateway: 网关配置 - ServiceEntry: 服务入口 4. 应用场景 - 灰度发布 - 流量镜像 - 故障注入 - 熔断限流 EOF

# 下载Istio
[root@k8s-master ~]# curl -L https://istio.io/downloadIstio | sh –
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 102 100 102 0 0 234 0 –:–:– –:–:– –:–:– 234
100 4567 100 4567 0 0 5678 0 –:–:– –:–:– –:–:– 5678

[root@k8s-master ~]# cd istio-1.20.更多学习教程公众号风哥教程itpux_com0
[root@k8s-master istio-1.20.0]# export PATH=$PWD/bin:$PATH

# 安装Istio
[root@k8s-master istio-1.20.0]# istioctl install –set profile=demo -y
✔ Istio core installed
✔ Istiod installed
✔ Ingress gateways installed
✔ Egress gateways installed
✔ Installation complete

# 验证安装
[root@k8s-master istio-1.20.0]# kubectl get pods -n istio-system
NAME READY STATUS RESTARTS AGE
istio-egressgateway-abc12-xyz789 1/1 Running 0 2m
istio-ingressgateway-abc12-xyz789 1/1 Running 0 2m
istiod-abc12-xyz789 1/1 Running 0 3m

# 启用命名空间自动注入
[root@k8s-master istio-1.20.0]# kubectl label namespace fgedu-prod istio-injection=enabled
namespace/fgedu-prod labeled

# 验证配置
[root@k8s-master istio-1.20.0]# kubectl get namespace -L istio-injection
NAME STATUS AGE ISTIO-INJECTION
default Active 10d
fgedu-prod Active 5m enabled
istio-system Active 3m
kube-system Active 10d

# 部署示例应用
[root@k8s-master ~]# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -n fgedu-prod
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created

# 创建Gateway
[root@k8s-master ~]# cat > fgedu-gateway.yaml << 'EOF' apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: fgedu-gateway namespace: fgedu-prod spec: selector: istio: ingressgateway servers: - port: number: 80 name: http protocol: HTTP hosts: - "fgedu.net.cn" EOF [root@k8s-master ~]# kubectl apply -f fgedu-gateway.yaml gateway.networking.istio.io/fgedu-gateway created # 创建VirtualService [root@k8s-master ~]# cat > fgedu-virtualservice.yaml << 'EOF' apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: fgedu-productpage namespace: fgedu-prod spec: hosts: - "fgedu.net.cn" gateways: - fgedu-gateway http: - match: - uri: exact: /productpage - uri: prefix: /static - uri: exact: /login - uri: exact: /logout - uri: prefix: /api/v1/products route: - destination: host: productpage port: number: 9080 EOF [root@k8s-master ~]# kubectl apply -f fgedu-virtualservice.yaml virtualservice.networking.istio.io/fgedu-productpage created # 配置流量路由(金丝雀发布) [root@k8s-master ~]# cat > fgedu-reviews-routing.yaml << 'EOF' apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews namespace: fgedu-prod spec: hosts: - reviews http: - match: - headers: end-user: exact: fgedu route: - destination: host: reviews subset: v2 - route: - destination: host: reviews subset: v1 weight: 90 - destination: host: reviews subset: v2 weight: 10 --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: reviews namespace: fgedu-prod spec: host: reviews subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 - name: v3 labels: version: v3 EOF [root@k8s-master ~]# kubectl apply -f fgedu-reviews-routing.yaml virtualservice.networking.istio.io/reviews created destinationrule.networking.istio.io/reviews created

# 安装Kiali
[root@k8s-master ~]# kubectl apply -f samples/addons/kiali.yaml
customresourcedefinition.apiextensions.k8s.io/monitoringdashboards.monitoring.学习交流加群风哥微信: itpux-comkiali.io created
customresourcedefinition.apiextensions.k8s.io/monitoringdashboards.monitoring.kiali.io configured
serviceaccount/kiali-controller created
role.rbac.authorization.k8s.io/kiali-controller created
clusterrole.rbac.authorization.k8s.io/kiali-controller created
rolebindin学习交流加群风哥QQ113257174g.rbac.authorization.k8s.io/kiali-controller created
clusterrolebinding.rbac.authorization.k8s.io/kiali-controller created
configmap/kiali created
service/kiali created
deployment.apps/kiali created

# 访问Kiali
[root@k8s-master ~]# istioctl dashboard kiali
http://localhost:20001/kiali

# 安装Prometheus
[root@k8s-master ~]# kubectl apply -f samples/addons/prometheus.yaml
serviceaccount/prometheus created
configmap/prometheus created
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created
service/prometheus created
deployment.apps/prometheus created

# 安装Grafana
[root@k8s-master ~]# kubectl apply -f samples/addons/grafana.yaml
serviceaccount/grafana created
configmap/grafana created
service/grafana created
deployment.apps/grafana created

# 安装Jaeger
[root@k8s-master ~]# kubectl apply -f samples/addons/jaeger.yaml
serviceaccount/jaeger created
service/jaeger-collector created
service/jaeger-query created
deployment.apps/jaeger created

# 查看所有组件
[root@k8s-master ~]# kubectl get pods -n istio-system
NAME READY STATUS RESTARTS AGE
grafana-abc12-xyz789 1/1 Running 0 2m
istio-egressgateway-abc12-xyz789 1/1 Running 0 30m
istio-ingressgateway-abc12-xyz789 1/1 Running 0 30m
istiod-abc12-xyz789 1/1 Running 0 31m
jaeger-abc12-xyz789 1/1 Running 0 1m
kiali-abc12-xyz789 1/1 Running 0 3m
prometheus-abc12-xyz789 1/1 Running 0 2m

# 查看服务状态
[root@k8s-master ~]# kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
grafana ClusterIP 10.96.100.100 3000/TCP 2m
istio-egressgateway ClusterIP 10.96.101.100 80/TCP,443/TCP 30m
istio-ingressgateway LoadBalancer 10.96.102.100 15021:31753/TCP,80:31234/TCP,443:31789/TCP 30m
istiod ClusterIP 10.96.103.更多视频教程www.fgedu.net.cn100 15010/TCP,150from PG视频:www.itpux.com12/TCP,443/TCP,15014/TCP 31m
jaeger-collector ClusterIP 10.96.104.100 14268/TCP,14250/TCP 1m
jaeger-query ClusterIP 10.96.105.100 16686/TCP 1m
kiali ClusterIP 10.96.106.100 20001/TCP 3m
prometheus ClusterIP 10.96.107.100 9090/TCP 2m