其他分享
首页 > 其他分享> > Muliti-Cluster-demo

Muliti-Cluster-demo

作者:互联网

istio-1.13.2-linux-amd64.tar.g

k8s v1.23.4

k8s v1.23.5

1,准备证书

https://istio.io/latest/docs/setup/install/multicluster/multi-primary_multi-network/

https://istio.io/latest/docs/setup/install/multicluster/before-you-begin/

https://istio.io/latest/docs/tasks/security/cert-management/

https://istio.io/latest/docs/tasks/security/cert-management/plugin-ca-cert/

/usr/local/istio/certs

[root@master certs]#make -f ../tools/certs/Makefile.selfsigned.mk root-ca

[root@master certs]# make -f ../tools/certs/Makefile.selfsigned.mk cluster1-cacerts

[root@master certs]# make -f ../tools/certs/Makefile.selfsigned.mk cluster2-cacerts

kubectl create namespace istio-system
kubectl create secret generic cacerts -n istio-system \
--from-file=cluster1/ca-cert.pem \
--from-file=cluster1/ca-key.pem \
--from-file=cluster1/root-cert.pem \
--from-file=cluster1/cert-chain.pem

[root@master certs]# kubectl get secrets -nistio-system
NAME TYPE DATA AGE
cacerts Opaque 4 33s

[root@master istio]# scp -r certs 192.168.80.161:/usr/local/istio

[root@c2master certs]

kubectl create secret generic cacerts -n istio-system \
--from-file=cluster2/ca-cert.pem \
--from-file=cluster2/ca-key.pem \
--from-file=cluster2/root-cert.pem \
--from-file=cluster2/cert-chain.pem

[root@master istio]# kubectl get secrets cacerts -oyaml -nistio-system

2,

cat <<EOF > cluster1-config/cluster1.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  values:
    global:
      meshID: mesh1
      multiCluster:
        clusterName: cluster1
      network: network1
EOF

 

cat <<EOF > cluster2-config/cluster2.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  values:
    global:
      meshID: mesh2
      multiCluster:
        clusterName: cluster2
      network: network2
EOF

export PATH=/usr/local/istio/bin/$PATH

[root@master istio]# istioctl apply -f cluster1-config/cluster1.yaml y

[root@c2master cluster2-config]# istioctl apply -f cluster2.yaml y

cd /usr/local/istio

samples/multicluster/gen-eastwest-gateway.sh \
    --mesh mesh1 --cluster cluster1 --network network1 | \
    istioctl install -y -f -
    
samples/multicluster/gen-eastwest-gateway.sh \
    --mesh mesh2 --cluster cluster2 --network network2 | \
    istioctl install -y -f -

验证

 istio-system   istio-eastwestgateway-5cf6c5fbbb-wpzhd   1/1     Running   0             12s  

istio-system   istio-eastwestgateway   LoadBalancer   192.168.245.88   <pending>     15021:30138/TCP,15443:32503/TCP,15012:32027/TCP,15017:30385/TCP   35s

kubectl edit svc istio-ingressgateway -nistio-system

externalIPs:
- 192.168.80.155 165

kubectl edit svc istio-eastwestgateway -nistio-system

externalIPs:
- 192.168.80.156 166 

[root@master istio]# kubectl label namespace istio-system topology.istio.io/network=network1
[root@master istio]# kubectl label namespace istio-system topology.istio.io/network=network2

istio-system istio-eastwestgateway LoadBalancer 192.168.245.88 192.168.80.166 15021:30138/TCP,15443:32503/TCP,15012:32027/TCP,15017:30385/TCP 17m
istio-system istio-ingressgateway LoadBalancer 192.168.215.76 192.168.80.165 15021:30072/TCP,80:32390/TCP,443:32665/TCP 24m

 

[root@master istio]# kubectl  apply -nistio-system -f samples/multicluster/expose-services.yaml

[root@c2master istio]# kubectl  apply -nistio-system -f samples/multicluster/expose-services.yaml

验证 ssh c2master 免密

[root@master istio]# ssh c2master '/usr/local/istio/bin/istioctl x create-remote-secret --name=cluster2'
# This file is autogenerated, do not edit.
apiVersion: v1
kind: Secret
metadata:
  annotations:
    networking.istio.io/cluster: cluster2

 [root@master istio]# ssh c2master '/usr/local/istio/bin/istioctl x create-remote-secret --name=cluster2' | kubectl apply -f -

[root@master istio]# kubectl get secret -nistio-system
NAME TYPE DATA AGE
istio-remote-secret-cluster2 Opaque 1 15s

[root@master istio]# ssh c2master '/usr/local/istio/bin/istioctl x create-remote-secret --name=cluster2' > a.yaml

[root@c2master cluster2-config]# ssh master '/usr/local/istio/bin/istioctl x create-remote-secret --name=cluster1' > a.yaml
[root@c2master cluster2-config]# kubectl apply -f a.yaml

[root@c2master cluster2-config]# kubectl get secret -nistio-system
NAME TYPE DATA AGE
istio-remote-secret-cluster1 Opaque 1 12s

 

kubectl label namespace default istio-injection=enabled

git clone https://github.com/iKubernetes/istio-in-practise.git

[root@c2master istio]# kubectl apply -f samples/sleep/sleep.yaml

/root/istio-in-practise/Muliti-Cluster-demo/cluster1/*

[root@c2master cluster1]# cat 01-deploy-demoapp-v10.yaml 
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: demoappv10
    version: v1.0
  name: demoappv10
spec:
  progressDeadlineSeconds: 600
  replicas: 2
  selector:
    matchLabels:
      app: demoapp
      version: v1.0
  template:
    metadata:
      labels:
        app: demoapp
        version: v1.0
    spec:
      containers:
      - image: ikubernetes/demoapp:v1.0
        imagePullPolicy: IfNotPresent
        name: demoapp
        env:
        - name: "PORT"
          value: "8080"
        ports:
        - containerPort: 8080
          name: web
          protocol: TCP
        resources:
          limits:
            cpu: 50m
---
[root@c2master cluster1]# cat 02-service-demoapp.yaml 
---
apiVersion: v1
kind: Service
metadata:
  name: demoapp
spec:
  ports:
    - name: http
      port: 8080
      protocol: TCP
      targetPort: 8080
  selector:
    app: demoapp
  type: ClusterIP
---
[root@c2master cluster1]# cat 03-destinationrule-demoapp.yaml 
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: demoapp
spec:
  host: demoapp
  subsets:
  - name: v10
    labels:
      version: v1.0
  - name: v11
    labels:
      version: v1.1
[root@c2master cluster1]# cat 04-virutalservice-demoapp.yaml 
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: demoapp
spec:
  hosts:
  - demoapp
  http:
  - name: default
    route:
    - destination:
        host: demoapp
View Code 
/ $ curl demoapp:8080
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-tqqtp, ServerIP: 10.244.1.10!
/ $ curl demoapp:8080
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-tv57k, ServerIP: 10.244.2.4!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-xj8ll, ServerIP: 172.16.1.10!
/ $ curl demoapp:8080
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-9vmwx, ServerIP: 172.16.2.8!
/ $ curl demoapp:8080  #验证
iKubernetes demoapp v1.0 !! ClientIP: 127.0.0.6, ServerName: demoappv10-b5d9576cc-xj8ll, ServerIP: 172.16.1.10!
/ $ curl demoapp:8080
iKubernetes demoapp v1.1 !! ClientIP: 127.0.0.6, ServerName: demoappv11-77755cdc65-tv57k, ServerIP: 10.244.2.4!

 

标签:demoapp,--,demo,Muliti,istio,Cluster,cluster2,cluster1,root
来源: https://www.cnblogs.com/gxc888/p/16028734.html