Istio - Istio 설치 및 addon 설치

목차

공식 홈페이지

istioctl 설치

Mac 을 사용하는 경우 HomeBrew 를 이용해 istioctl 을 설치할 수 있습니다.

brew install istioctl

다른 OS 를 사용하거나 특정 버전의 Istio 를 사용하고 싶은 경우 다음과 같이 Istio 버전을 Setting 한 후 해당 버전을 내려받아 사용할 수 있습니다.

export ISTIO_VERSION=1.14.5
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=$ISTIO_VERSION TARGET_ARCH=x86_64 sh -

Istio Profile 설치

istioctl install --set profile=demo --set hub=gcr.io/istio-release

kubectl apply -f samples/addons

설치된 Istio Resource

Kiali

외부에서 접근이 가능하도록 Kiali Service 를 ClusterIP 에서 LoadBalancer 로 변경합니다

kubectl patch svc kiali -n istio-system -p '{"spec": {"type": "LoadBalancer"}}'

LoadBalancer 로 변경 되면서 EXTERNAL-IP 가 추가된 것을 확인할 수 있습니다.

Kiali Service 의 EXTERNAL-IP 확인

EXTERNAL-IP 를 이용해 접근하면 Kiali Dashboard 로 접근할 수 있습니다.

Kiali Dashboard

Jaeger

외부에서 접근이 가능하도록 Jaeger Service 를 ClusterIP 에서 LoadBalancer 로 변경합니다.

kubectl patch svc tracing -n istio-system -p '{"spec": {"type": "LoadBalancer"}}'

LoadBalancer 로 변경 되면서 EXTERNAL-IP 가 추가된 것을 확인할 수 있다.

Jaeger Service 의 EXTERNAL-IP 확인

EXTERNAL-IP 를 이용해 접근하면 Jaeger Dashboard 로 접근할 수 있습니다.

Jaeger Dashboard

Sidecar Injection 방법

  • Istioctl kube-inject Command 를 이용하는 방법
kubectl apply -f <(istioctl kube-inject -f Deployment.yml)
  • Namespace 에 istio-injection 을 enabled 로 설정하는 방법
kubectl label namespace tutorial istio-injection=enabled

Tutorial

kubectl create namespace tutorial

Deployment 를 설치 할때 istioctl kube-inject 명령어를 통해 Istio Container 가 Pod 내에 설치되도록 설정합니다.

kubectl apply -f <(istioctl kube-inject -f customer/kubernetes/Deployment.yml) -n tutorial
kubectl create -f customer/kubernetes/Service.yml -n tutorial

Pod 가 생성될때 내부에 Istio Container 가 생성된 것을 확인할 수 있습니다.

customer Pod 에 설치된 Container 목록

Istio Gateway 설치 및 Customer 서비스 라우팅(VirtualService) 설정

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: customer-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: customer-gateway
spec:
hosts:
- "*"
gateways:
- customer-gateway
http:
- match:
- uri:
prefix: /customer
rewrite:
uri: /
route:
- destination:
host: customer
port:
number: 8080
kubectl apply -f customer/kubernetes/Gateway.yml -n tutorial
kubectl apply -f <(istioctl kube-inject -f preference/kubernetes/Deployment.yml) -n tutorial
kubectl create -f preference/kubernetes/Service.yml -n tutorial
kubectl apply -f <(istioctl kube-inject -f recommendation/kubernetes/Deployment.yml) -n tutorial
kubectl create -f recommendation/kubernetes/Service.yml -n tutorial

Istio - Traffic Routing

kubectl apply -f <(istioctl kube-inject -f recommendation/kubernetes/Deployment-v2.yml) -n tutorial

kubectl scale --replicas=2 deployment/recommendation-v2 -n tutorial
kubectl get po -n tutorial

kubectl get VirtualService -n tutorial -o yaml
kubectl get DestinationRule -n tutorial -o yaml

Istio Timeout & Retry

Timeout 설정

kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: vs-order-network-rule
namespace: tutorial
spec:
hosts:
- order
http:
- route:
- destination:
host: order
timeout: 3s
EOF

Siege 생성

kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
name: siege
namespace: tutorial
spec:
containers:
- name: siege
image: apexacme/siege-nginx
EOF
kubectl exec -it siege -c siege -n tutorial -- /bin/bash
siege -c1 -t2S -v --content-type "application/json" 'http://order:8080/orders POST {"productId": "1001", "qty":5}'
siege -c30 -t20S -v --content-type "application/json" 'http://order:8080/orders POST {"productId": "1001", "qty":5}'

Order 서비스에 ‘Retry’ Rule 추가

kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: vs-order-network-rule
namespace: tutorial
spec:
hosts:
- order
http:
- route:
- destination:
host: order
timeout: 3s
retries:
attempts: 3
perTryTimeout: 2s
retryOn: 5xx,retriable-4xx,gateway-error,connect-failure,refused-stream
EOF
apiVersion: networking.k8s.io/v1
kind: "Ingress"
metadata:
name: "shopping-ingress"
namespace: "istio-system"
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
ingressclass.kubernetes.io/is-default-class: "true"
spec:
ingressClassName: nginx
rules:
- host: "kiali.service.com"
http:
paths:
-
path: /
pathType: Prefix
backend:
service:
name: kiali
port:
number: 20001

- host: "prom.service.com"
http:
paths:
-
path: /
pathType: Prefix
backend:
service:
name: prometheus
port:
number: 9090

- host: "gra.service.com"
http:
paths:
-
path: /
pathType: Prefix
backend:
service:
name: grafana
port:
number: 3000

- host: "tracing.service.com"
http:
paths:
-
path: /
pathType: Prefix
backend:
service:
name: tracing
port:
number: 80

Prometheus/Grafana기반 K8s 통합 모니터링

kubectl create ns shop
kubectl label namespace shop istio-injection=enabled
kubectl apply -f https://raw.githubusercontent.com/acmexii/demo/master/edu/order-liveness.yaml -n shop
kubectl expose deploy order --port=8080 -n shop
kubectl apply -f https://raw.githubusercontent.com/acmexii/demo/master/edu/delivery-rediness-v1.yaml -n shop
kubectl expose deploy delivery --port=8080 -n shop
# Client Pod deploy
kubectl apply -f https://raw.githubusercontent.com/acmexii/demo/master/edu/siege-pod.yaml -n shop
kubectl patch service/prometheus -n istio-system -p '{"spec": {"type": "LoadBalancer"}}'

Prometheus Dashboard

kubectl patch service/grafana -n istio-system -p '{"spec": {"type": "LoadBalancer"}}'

Grafana Dashboard

Istio 삭제 방법

cd istio-$ISTIO_VERSION
kubectl delete -f samples/addons
istioctl manifest generate --set profile=demo | kubectl delete --ignore-not-found=true -f -
kubectl delete namespace istio-system
Share