容器相关
非root用户Docker与K8S
Containerd安装
Containerd常用命令
Docker
镜像创建
国内镜像仓库
容器创建(Dockerfile)
容器系统
docker配置
docker数据管理
docker网络管理
docker容器自启动
docker镜像加速
docker问题
搭建Portainer可视化界面
Docker Swarm
Swarm搭建Docker集群
Docker Compose
Docker Compose命令
Docker Compose模板
Docker Machine
Kubernetes常用命令
k8s部署(kubeadmin)
k8s高可用部署
MiniKube
k8s1.24部署(containerd)
k8s1.24部署(docker)
部署 Dashboard
Kuboard K8S管理台
k8s权限管理
k8s网络插件
私有仓密码镜像拉取
k8s集群管理
POD--基本单位
Pod模板
Pod生命周期
Pod健康检查
初始化容器(initContainer)
Deployment--Pod的管理
Deployment模板
Deployment升级与回滚
DaemonSet控制器
StatefulSet控制器(有状态)
JOB与CRONJOB
Service--发布服务
ingress-traefix
ingress-nginx
MetalLB
存储与配置
持久存储卷
配置存储卷
资源管理
标签、选择器与注解
资源预留
调度管理
自动扩容
Proxy API与API Server
Helm--K8S的包管理器
helm常用命令
自定义Chart
私有chart仓库
helm dashboard
K8S证书过期
K8S问题解决
Harbor安装
Harbor操作
Harbor问题
Harbor升级
Docker Registry安装
Docker Registry鉴权
Registry用Nginx代理SSL及鉴权
Docker Registry问题
Istio 服务网络
常用示例
Gateway【服务网关】
kiali 可视化页面
开启HTTPS
linkerd 服务网络
本文档使用MrDoc发布
返回首页
-
+
常用示例
2024年5月7日 15:38
admin
--- #常用参数 |注解|说明 |--|-- |roxy.istio.io/config|覆盖sidecar代理配置 |idecar.istio.io/agentLogLevel|指定pilot-agent的日志级别 |idecar.istio.io/controlPlaneAuthPolicy|指定sidecar和控制面连接的认证方式,NONE表示无认证,MUTUAL_TLS表示采用双向TLS认证 |idecar.istio.io/discoveryAddress|指定sidecar xDS连接地址 |idecar.istio.io/extraStatTags|从sidecar遥测数据中额外提取的标签 |idecar.istio.io/inject|是否注入sidecar |idecar.istio.io/interceptionMode|定义sidecar拦截流量的模式,REDIRECT或者TPROXY |idecar.istio.io/logLevel|sidecar代理的日志级别 |idecar.istio.io/proxyCPU|sidecar请求的CPU |idecar.istio.io/proxyCPULimit|sidecar CPU限制 |idecar.istio.io/proxyMemory|sidecar请求的内存 |idecar.istio.io/proxyMemoryLimit|sidecar内存限制 |raffic.sidecar.istio.io/excludeInboundPorts|不拦截入流量方向的端口 |raffic.sidecar.istio.io/excludeOutboundPorts|不拦截出流量方向的端口 |raffic.sidecar.istio.io/includeOutboundIPRanges|拦截出流量方向的ip段 |raffic.sidecar.istio.io/excludeOutboundIPRanges|不拦截出流量方向的ip段 |raffic.sidecar.istio.io/includeInboundPorts|拦截入流量方向的端口 |raffic.sidecar.istio.io/includeOutboundPorts|拦截出流量方向的端口 --- #示例服务架构图  --- #Productpage 服务 ################################################################################################## # Productpage services ################################################################################################## apiVersion: v1 kind: Service metadata: name: productpage labels: app: productpage service: productpage spec: ports: - port: 9080 name: http selector: app: productpage --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-productpage labels: account: productpage --- apiVersion: apps/v1 kind: Deployment metadata: name: productpage-v1 labels: app: productpage version: v1 spec: replicas: 1 selector: matchLabels: app: productpage version: v1 template: metadata: annotations: annotations: # 自定义注解列表 # sidecar.istio.io/inject: "false" # 自定义注解名字 traffic.sidecar.istio.io/includeOutboundIPRanges: "172.16.0.0/16,10.247.0.0/16" traffic.sidecar.istio.io/excludeOutboundIPRanges: "172.16.0.0/16,10.247.0.0/16" traffic.sidecar.istio.io/excludeOutboundPorts: "80" traffic.sidecar.istio.io/excludeInboundPorts: "80" #====================================== prometheus.io/scrape: "true" prometheus.io/port: "9080" prometheus.io/path: "/metrics" labels: app: productpage version: v1 spec: serviceAccountName: bookinfo-productpage containers: - name: productpage image: docker.io/istio/examples-bookinfo-productpage-v1:1.18.0 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 volumeMounts: - name: tmp mountPath: /tmp volumes: - name: tmp emptyDir: {} --- # Details 服务 ################################################################################################## # Details service ################################################################################################## apiVersion: v1 kind: Service metadata: name: details labels: app: details service: details spec: ports: - port: 9080 name: http selector: app: details --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-details labels: account: details --- apiVersion: apps/v1 kind: Deployment metadata: name: details-v1 labels: app: details version: v1 spec: replicas: 1 selector: matchLabels: app: details version: v1 template: metadata: labels: app: details version: v1 spec: serviceAccountName: bookinfo-details containers: - name: details image: docker.io/istio/examples-bookinfo-details-v1:1.18.0 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 --- #Ratings 服务 ################################################################################################## # Ratings service ################################################################################################## apiVersion: v1 kind: Service metadata: name: ratings labels: app: ratings service: ratings spec: ports: - port: 80 name: http targetPort: 9080 selector: app: ratings --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-ratings labels: account: ratings --- apiVersion: apps/v1 kind: Deployment metadata: name: ratings-v1 labels: app: ratings version: v1 spec: replicas: 1 selector: matchLabels: app: ratings version: v1 template: metadata: labels: app: ratings version: v1 spec: serviceAccountName: bookinfo-ratings containers: - name: ratings image: docker.io/istio/examples-bookinfo-ratings-v1:1.18.0 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 --- #Reviews 服务 ################################################################################################## # Reviews service ################################################################################################## apiVersion: v1 kind: Service metadata: name: reviews labels: app: reviews service: reviews spec: ports: - port: 9080 name: http selector: app: reviews --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-reviews labels: account: reviews --- apiVersion: apps/v1 kind: Deployment metadata: name: reviews-v1 labels: app: reviews version: v1 spec: replicas: 1 selector: matchLabels: app: reviews version: v1 template: metadata: labels: app: reviews version: v1 spec: serviceAccountName: bookinfo-reviews containers: - name: reviews image: registry.cn-hangzhou.aliyuncs.com/knative-sample/examples-bookinfo-reviews-v1:v1-aliyun imagePullPolicy: IfNotPresent env: - name: LOG_DIR value: "/tmp/logs" ports: - containerPort: 9080 volumeMounts: - name: tmp mountPath: /tmp - name: wlp-output mountPath: /opt/ibm/wlp/output volumes: - name: wlp-output emptyDir: {} - name: tmp emptyDir: {} --- apiVersion: apps/v1 kind: Deployment metadata: name: reviews-v2 labels: app: reviews version: v2 spec: replicas: 1 selector: matchLabels: app: reviews version: v2 template: metadata: labels: app: reviews version: v2 spec: serviceAccountName: bookinfo-reviews containers: - name: reviews image: registry.cn-hangzhou.aliyuncs.com/knative-sample/examples-bookinfo-reviews-v2:v1-aliyun imagePullPolicy: IfNotPresent env: - name: LOG_DIR value: "/tmp/logs" ports: - containerPort: 9080 volumeMounts: - name: tmp mountPath: /tmp - name: wlp-output mountPath: /opt/ibm/wlp/output volumes: - name: wlp-output emptyDir: {} - name: tmp emptyDir: {} --- apiVersion: apps/v1 kind: Deployment metadata: name: reviews-v3 labels: app: reviews version: v3 spec: replicas: 1 selector: matchLabels: app: reviews version: v3 template: metadata: labels: app: reviews version: v3 spec: serviceAccountName: bookinfo-reviews containers: - name: reviews image: registry.cn-hangzhou.aliyuncs.com/knative-sample/examples-bookinfo-reviews-v3:v1-aliyun imagePullPolicy: IfNotPresent env: - name: LOG_DIR value: "/tmp/logs" ports: - containerPort: 9080 volumeMounts: - name: tmp mountPath: /tmp - name: wlp-output mountPath: /opt/ibm/wlp/output volumes: - name: wlp-output emptyDir: {} - name: tmp emptyDir: {} --- --- #Gateway ----------------------- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: bookinfo-gateway spec: selector: istio: ingressgateway # use istio default controller servers: - port: number: 80 name: http protocol: HTTP hosts: - "*" --- #VirtualService ----------------------- ####VirtualService【ingress】 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: bookinfo spec: hosts: - "*" gateways: - bookinfo-gateway #同命名空间 - istio-system/bookinfo-gateway #不通命名空间,需要把命名空间写上 - mesh #服务网络内外部都可访问 http: - match: - uri: exact: /productpage - uri: prefix: /static - uri: exact: /login - uri: exact: /logout - uri: prefix: /api/v1/products route: - destination: host: productpage port: number: 9080 --- ####VirtualService【productpage】 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: productpage spec: hosts: - productpage http: - route: - destination: host: productpage subset: v1 --- ####VirtualService【reviews】 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews spec: hosts: - reviews http: - route: - destination: host: reviews subset: v1 weight: 40 - destination: host: reviews subset: v2 weight: 40 - destination: host: reviews subset: v3 weight: 20 --- ####VirtualService【ratings】 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: ratings spec: hosts: - ratings http: - route: - destination: host: ratings subset: v1 --- ####VirtualService【details】 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: details spec: hosts: - details http: - route: - destination: host: details subset: v1 --- #DestinationRule ----------------------- ####DestinationRule【productpage】 apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: productpage spec: host: productpage subsets: - name: v1 labels: version: v1 --- ####DestinationRule【reviews】 apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: reviews spec: host: reviews subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 - name: v3 labels: version: v3 --- ####DestinationRule【ratings】 apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: ratings spec: host: ratings subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 - name: v2-mysql labels: version: v2-mysql - name: v2-mysql-vm labels: version: v2-mysql-vm --- ####DestinationRule【details】 apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: details spec: host: details subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2
分享到: