istio框架(istio故障注入)

创建HTTPS证书的secretkubectlcreate-nistio-systemsecretgenericall-test.com-credential–from-file=key=private.key–from-file=cert=full_chain.pem创建网关kubectlapply-ftest-gateway.yamlapiVersion:networking.istio.io/v1beta1kind:Gatewaymetadata:

大家好,又见面了,我是你们的朋友全栈君。

创建Deployment,SVC

1.创建Deployment

注:它们Pod标签都有app: nginx,service服务发现根据这个标签选择,version是为后面定义版本设置的

kubectl apply -f nginx-deployment.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-v1
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
      version: v1
  template:
    metadata:
      name: nginx-v1
      labels:
        app: nginx
        version: v1
    spec:
      containers:
      - name: nginx-v1
        image: linuxwei/nginx_test:v1
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        env:
        - name: VERSION
          value: v3
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-v2
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
      version: v2
  template:
    metadata:
      name: nginx-v2
      labels:
        app: nginx
        version: v2
    spec:
      containers:
      - name: nginx-v2
        image: linuxwei/nginx_test:v1-2
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        env:
        - name: VERSION
          value: v3
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-v3
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
      version: v3
  template:
    metadata:
      name: nginx-v3
      labels:
        app: nginx
        version: v3
    spec:
      containers:
      - name: nginx-v3
        image: linuxwei/nginx_test:v3
        imagePullPolicy: IfNotPresent
        env:
        - name: VERSION
          value: v3
        ports:
        - containerPort: 80

 

2.创建svc

kubectl apply -f nginx-svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  selector:
    app: nginx
  type: ClusterIP
  ports:
    - targetPort: 80
      port: 80
      name: web

 

创建Gateway

1.创建HTTPS证书的secret

kubectl create -n istio-system secret generic all-test.com-credential --from-file=key=private.key --from-file=cert=full_chain.pem

2.创建网关

kubectl apply -f test-gateway.yaml

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: nginx-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
  - hosts:
    - '*.test.com'
    port:
      name: http
      number: 80
      protocol: HTTP
  - hosts:
    - '*.test.com'
    port:
      name: https
      number: 443
      protocol: HTTPS
    tls:
      credentialName: all-test.com-credential
      mode: SIMPLE

根据域名进行路由分发

1.根据Pod的version标签进行版本分类(v1,v2,v3)

v3访问路径project/index.html

kubectl apply -f nginx-destinationrule.yaml

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: nginx
spec:
  host: nginx
  trafficPolicy:
    loadBalancer:
      simple: RANDOM
  subsets:
  - name: v1
    labels:
      version: v1
  - name: v2
    labels:
      version: v2
  - name: v3
    labels:
      version: v3

2.创建路由分发策略

kubectl apply -f test1-virtualservice.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: nginxvs
spec:
  hosts:
  - "test1.test.com"
  gateways:
  - istio-system/nginx-gateway       #注意不在一个namespace时前面要加gateway所在的namesapce
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: nginx
        port:
          number: 80
        subset: v1

kubectl apply -f test2-virtualservice.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: nginxvs2
spec:
  hosts:
  - "test2.test.com"
  gateways:
  - nginx-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: nginx
        port:
          number: 80
        subset: v2

3.配置本地hosts解析

vim /etc/hosts

(ingressgatewayIP)        test1.test.com

(ingressgatewayIP)         test2.test.com

分别访问这两个域名流量对应转到不同版本的Pod

 

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/126779.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)


相关推荐

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号