This series OpenShift Servic Mesh tutorial is based on Red Hat official public offering " Introducing Istio Service Mesh for Micoservices " publication, I will verify all operations carried out in OpenShift 4.2.x environment. Like to read or need to learn more English and knowledge of the relevant scene small partners can download the book by reading the above slowly.
This series of presentations based on three scenarios use the Java implementation of micro-services: Customer, Preference, Recommendation, their relationship is calling Customer ⇒ Preference ⇒ Recommendation, of which there are several versions Recommendation. This chapter is mainly deployed three micro-services and access to them from outside.
- First tutorial to download to your local. Since I modified some code, it is recommended not to use upstream projects.
$ git clone https://github.com/liuxiaoyu-git/istio-tutorial.git
$ cd istio-tutorial
- OpenShift then create a project named tutorial, and then add scc Account Service privilege for the default project.
$ oc new-project tutorial
$ oc adm policy add-scc-to-user privileged -z default -n tutorial
- Customer service to micro, for example, we can see the customer / kubernetes / Deployment.yml file. This file defines how to deploy micro Customer Service, mirroring the container in which the deployment is "quay.io/rhdevelopers/istio-tutorial-customer:v1.1"; and the "sidecar.istio.io/inject" is set to "true" in order to achieve Sidecar is automatically injected micro services.
- Execute the following command to deploy the Customer, Preference, Recommendation micro-services and create the corresponding Service.
$ oc apply -f customer/kubernetes/Deployment.yml -n tutorial
$ oc apply -f customer/kubernetes/Service.yml
$ oc apply -f preference/kubernetes/Deployment.yml -n tutorial
$ oc apply -f preference/kubernetes/Service.yml
$ oc apply -f recommendation/kubernetes/Deployment.yml -n tutorial
$ oc apply -f recommendation/kubernetes/Service.yml
- Pod Status information for micro to run the service, after the completion of the tutorial should run a three Pod. Each Pod Container run 2, wherein the micro running a service, in another operating Istio Sidecar.
$ oc get pod -n tutorial
NAME READY STATUS RESTARTS AGE
customer-77dc47d7f8-szhd5 2/2 Running 0 32h
preference-v1-55476494cf-xm4dq 2/2 Running 0 32h
recommendation-v1-67976848-4l4s7 2/2 Running 0 32h
Note : Pod to see if this time as long as a container, usually because there is no current project name "tutorial" added to the Service MesMemberRoll OpenShift Service Mesh Operator of the members.
6. Run command to view the Customer Service micro Pod operation contents included in the case, wherein the container micro running a customer service operation sidecar another container vessel istio-proxy.
$ oc get pods -o jsonpath="{.items[*].spec.containers[*].name}" -l app=customer
customer istio-proxy
$ oc describe pod customer-77dc47d7f8-hbxcn
...
Containers:
customer:
Container ID: cri-o://bb459fef3e4080f703d83c61ff88c56c2ee2c5c424bab6071e2cd0f3a149b7a6
Image: quay.io/rhdevelopers/istio-tutorial-customer:v1.1
Image ID: quay.io/rhdevelopers/istio-tutorial-customer@sha256:d1b0054dc21406b6b5fc172e8ffd35cc4f447550e26cbafdc8f6a1f7d9184661
Ports: 8080/TCP, 8778/TCP, 9779/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP
State: Running
Started: Sun, 12 Jan 2020 18:36:23 +0800
Last State: Terminated
Reason: OOMKilled
Exit Code: 137
Started: Sun, 12 Jan 2020 14:32:19 +0800
Finished: Sun, 12 Jan 2020 18:36:22 +0800
Ready: True
Restart Count: 2
Limits:
cpu: 500m
memory: 40Mi
Requests:
cpu: 200m
memory: 20Mi
Liveness: exec [curl localhost:8080/health/live] delay=5s timeout=1s period=4s #success=1 #failure=3
Readiness: exec [curl localhost:8080/health/ready] delay=6s timeout=1s period=5s #success=1 #failure=3
Environment:
JAVA_OPTIONS: -Xms15m -Xmx15m -Xmn15m
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-qt9vl (ro)
istio-proxy:
Container ID: cri-o://41803682d3d2d6828e4077a3e6e3e338d886025dfa030fc7d7f02229cca88ad6
Image: registry.redhat.io/openshift-service-mesh/proxyv2-rhel8:1.0.3
Image ID: registry.redhat.io/openshift-service-mesh/proxyv2-rhel8@sha256:7f01dec612f36a48cd548a81f8f47a54b9f1b1c76366e40aefb56abe39cf167e
Port: 15090/TCP
Host Port: 0/TCP
Args:
proxy
sidecar
--domain
$(POD_NAMESPACE).svc.cluster.local
--configPath
/etc/istio/proxy
--binaryPath
/usr/local/bin/envoy
--serviceCluster
customer.$(POD_NAMESPACE)
--drainDuration
45s
--parentShutdownDuration
1m0s
--discoveryAddress
istio-pilot.istio-system:15010
--zipkinAddress
zipkin.istio-system:9411
--connectTimeout
10s
--proxyAdminPort
15000
--concurrency
2
--controlPlaneAuthPolicy
NONE
--statusPort
15020
--applicationPorts
8080,8778,9779
State: Running
Started: Sun, 12 Jan 2020 14:25:44 +0800
Ready: True
Restart Count: 0
Limits:
cpu: 500m
memory: 128Mi
Requests:
cpu: 100m
memory: 128Mi
Readiness: http-get http://:15020/healthz/ready delay=1s timeout=1s period=2s #success=1 #failure=30
Environment:
POD_NAME: customer-77dc47d7f8-hbxcn (v1:metadata.name)
POD_NAMESPACE: tutorial (v1:metadata.namespace)
INSTANCE_IP: (v1:status.podIP)
ISTIO_META_POD_NAME: customer-77dc47d7f8-hbxcn (v1:metadata.name)
ISTIO_META_CONFIG_NAMESPACE: tutorial (v1:metadata.namespace)
ISTIO_META_INTERCEPTION_MODE: REDIRECT
ISTIO_METAJSON_ANNOTATIONS: {"openshift.io/scc":"restricted","sidecar.istio.io/inject":"true"}
ISTIO_METAJSON_LABELS: {"app":"customer","pod-template-hash":"77dc47d7f8","version":"v1"}
Mounts:
/etc/certs/ from istio-certs (ro)
/etc/istio/proxy from istio-envoy (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-qt9vl (ro)
...
- In order to access micro Customer service, but also to create Gateway and VirtualService objects. Gateway can view (GW) and VirtualService (vs) Object customer / kubernetes / Gateway.yml defined in the document, wherein the customer-gateway VirtualService called Gateway includes the called customer-gateway. The customer-gateway Gateway listens on port 80, when the customer receives VirtualService called for after "/ customer" service route request to the called customer, the service is listening port 8080.
VirtualService objects:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: customer-vs # VirtualService name
spec:
hosts:
- "*"
gateways:
- customer-gw # gateway name
http:
- match:
- uri:
exact: /customer-ms
rewrite:
uri: / # 将"/customer"改写为"/"
route:
- destination:
host: customer # service url, can long service url or short service url.
port:
number: 8080 # service port
Gateway Object:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: customer-gw
spec:
selector:
istio: ingressgateway # 通过 istio=ingressgateway 的Label定位于ServiceMeshControlPlane,然后运行在那个ServiceMeshControlPlane.
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
- Create and execute commands Gateway VirtualService object and view their status.
Note : "istio-io" on behalf of all the objects and network-related, including Gateway, VirtualService, DestinationRule and other objects.
$ oc apply -f customer/kubernetes/Gateway.yml -n tutorial
virtualservice.networking.istio.io/customer-vs created
gateway.networking.istio.io/customer-gw created
$ oc get istio-io
NAME GATEWAYS HOSTS AGE
virtualservice.networking.istio.io/customer-vs [customer-gw] [*] 82
NAME AGE
gateway.networking.istio.io/customer-gw 93m
- Called istio-ingressgateway Gateway entrance route initiated by binding to access return results showed that in turn calls the micro-service customer preference and recommendation micro services. We can see the call counter is incremented, and "67976848-4l4s7" micro services running pod of id.
$ export INGRESS_GATEWAY=$(oc get route istio-ingressgateway -n istio-system -o 'jsonpath={.spec.host}')
$ ./scripts/run.sh $INGRESS_GATEWAY/customer
customer => preference => recommendation v1 from '67976848-4l4s7': 1
customer => preference => recommendation v1 from '67976848-4l4s7': 2
customer => preference => recommendation v1 from '67976848-4l4s7': 3
So far, we have deployed OpenShift Serivice Mesh environment 4 good three micro-services, and can have access to them from the outside.