cloudnativebooks / cloud-native-istio Goto Github PK
View Code? Open in Web Editor NEW华为云原生丛书之《云原生服务网格Istio:原理、实践、架构与源码解析》
License: Apache License 2.0
华为云原生丛书之《云原生服务网格Istio:原理、实践、架构与源码解析》
License: Apache License 2.0
图5-1下第4行:
pilot 从Kube-apierver处获取授权配置策略这一句,应该为Kube-apiserver
这个命令取不到值
我的loadbalance里边是空的
kubectl -n istio-system get service istio-ingressgateway -o json
{
"apiVersion": "v1",
"kind": "Service",
"metadata": {
"creationTimestamp": "2019-11-29T02:39:30Z",
"labels": {
"app": "istio-ingressgateway",
"chart": "gateways",
"heritage": "Tiller",
"istio": "ingressgateway",
"release": "istio"
},
"name": "istio-ingressgateway",
"namespace": "istio-system",
"resourceVersion": "145750",
"selfLink": "/api/v1/namespaces/istio-system/services/istio-ingressgateway",
"uid": "450e4154-d2e2-441f-a8db-6f12ffd7bc41"
},
"spec": {
"clusterIP": "10.111.14.51",
"externalIPs": [
"192.168.100.6"
],
"externalTrafficPolicy": "Cluster",
"ports": [
{
"name": "http2",
"nodePort": 31380,
"port": 80,
"protocol": "TCP",
"targetPort": 80
},
{
"name": "https",
"nodePort": 31390,
"port": 443,
"protocol": "TCP",
"targetPort": 443
},
{
"name": "tcp",
"nodePort": 31400,
"port": 31400,
"protocol": "TCP",
"targetPort": 31400
},
{
"name": "https-kiali",
"nodePort": 31591,
"port": 15029,
"protocol": "TCP",
"targetPort": 15029
},
{
"name": "https-prometheus",
"nodePort": 32176,
"port": 15030,
"protocol": "TCP",
"targetPort": 15030
},
{
"name": "https-grafana",
"nodePort": 32174,
"port": 15031,
"protocol": "TCP",
"targetPort": 15031
},
{
"name": "https-tracing",
"nodePort": 32581,
"port": 15032,
"protocol": "TCP",
"targetPort": 15032
},
{
"name": "tls",
"nodePort": 30986,
"port": 15443,
"protocol": "TCP",
"targetPort": 15443
},
{
"name": "status-port",
"nodePort": 31639,
"port": 15020,
"protocol": "TCP",
"targetPort": 15020
}
],
"selector": {
"app": "istio-ingressgateway",
"istio": "ingressgateway",
"release": "istio"
},
"sessionAffinity": "None",
"type": "LoadBalancer"
},
"status": {
"loadBalancer": {}
}
}
我添加了外部地址,我想请教一下 哪位大佬可以说说我是哪里搞错了吗 @fisherxu @idouba @liuhewei
There is currently no graph available for namespace weather. This could either mean there is no service mesh available for this namespace or the service mesh has yet to see request traffic. You can enable 'Unused nodes' to display service mesh nodes that have yet to see any request traffic.
缺少namespace数据 默认是是在default下面
第一行的命令少一个空格:
# kubectl get svc -nistio-system
应为
# kubectl get svc -n istio-system
Could not fetch IstioConfig details, Error: [ gateways.networking.istio.io "weather-gateway" not found ]
P22图2-1,所有Envoy都连线到了Mixer,而没有和Pilot的连线,与后续文字描述的(3)服务发现、(4)负载均衡、(5)流量治理、(6)访问安全不对应
istio 版本 1.2.2
k8s版本15
Name: weather-gateway
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"networking.istio.io/v1alpha3","kind":"Gateway","metadata":{"annotations":{},"name":"weather-gateway","namespace":"default"}...
API Version: networking.istio.io/v1alpha3
Kind: Gateway
Metadata:
Creation Timestamp: 2019-08-01T10:23:54Z
Generation: 1
Resource Version: 377713
Self Link: /apis/networking.istio.io/v1alpha3/namespaces/default/gateways/weather-gateway
UID: 5e79d0de-58b7-4c41-84c2-f7c2bfd3f747
Spec:
Selector:
Istio: ingressgateway
Servers:
Hosts:
*
Port:
Name: http
Number: 80
Protocol: HTTP
Events: <none>
Name: weather-gateway
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"networking.istio.io/v1alpha3","kind":"Gateway","metadata":{"annotations":{},"name":"weather-gateway","namespace":"default"}...
API Version: networking.istio.io/v1alpha3
Kind: Gateway
Metadata:
Creation Timestamp: 2019-08-01T10:23:54Z
Generation: 1
Resource Version: 377713
Self Link: /apis/networking.istio.io/v1alpha3/namespaces/default/gateways/weather-gateway
UID: 5e79d0de-58b7-4c41-84c2-f7c2bfd3f747
Spec:
Selector:
Istio: ingressgateway
Servers:
Hosts:
*
Port:
Name: http
Number: 80
Protocol: HTTP
Events: <none>
[root@master install]# kubectl describe virtualservices.networking.istio.io
Name: frontend-route
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"networking.istio.io/v1alpha3","kind":"VirtualService","metadata":{"annotations":{},"name":"frontend-route","namespace":"def...
API Version: networking.istio.io/v1alpha3
Kind: VirtualService
Metadata:
Creation Timestamp: 2019-08-01T10:55:34Z
Generation: 1
Resource Version: 380674
Self Link: /apis/networking.istio.io/v1alpha3/namespaces/default/virtualservices/frontend-route
UID: ffb83d9d-ad9e-4cf1-9271-e652a29669e0
Spec:
Gateways:
weather-gateway
Hosts:
*
Http:
Match:
Port: 80
Route:
Destination:
Host: frontend
Port:
Number: 3000
Subset: v1
Events: <none>
从istio-ingress-gateway访问 503
第8章搭建环境,浏览器(chrome)打开报这个错误:
此网站无法提供安全连接
xxxx 发送的响应无效。
ERR_SSL_PROTOCOL_ERROR
curl 命令是可以正确返回html文件的。猜测是里面的js有安全问题,不允许通过http进行访问?
<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"/><meta name="theme-color" content="#000000"/><link rel="manifest" href="/manifest.json"/><title>天气预报</title><link href="/static/css/2.af985d11.chunk.css" rel="stylesheet"><link href="/static/css/main.5a80810e.chunk.css" rel="stylesheet"></head><body style="height:100%;margin:0"><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script>!function(l){function e(e){for(var r,t,n=e[0],o=e[1],u=e[2],f=0,i=[];f<n.length;f++)t=n[f],p[t]&&i.push(p[t][0]),p[t]=0;for(r in o)Object.prototype.hasOwnProperty.call(o,r)&&(l[r]=o[r]);for(s&&s(e);i.length;)i.shift()();return c.push.apply(c,u||[]),a()}function a(){for(var e,r=0;r<c.length;r++){for(var t=c[r],n=!0,o=1;o<t.length;o++){var u=t[o];0!==p[u]&&(n=!1)}n&&(c.splice(r--,1),e=f(f.s=t[0]))}return e}var t={},p={1:0},c=[];function f(e){if(t[e])return t[e].exports;var r=t[e]={i:e,l:!1,exports:{}};return l[e].call(r.exports,r,r.exports,f),r.l=!0,r.exports}f.m=l,f.c=t,f.d=function(e,r,t){f.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},f.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},f.t=function(r,e){if(1&e&&(r=f(r)),8&e)return r;if(4&e&&"object"==typeof r&&r&&r.__esModule)return r;var t=Object.create(null);if(f.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:r}),2&e&&"string"!=typeof r)for(var n in r)f.d(t,n,function(e){return r[e]}.bind(null,n));return t},f.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return f.d(r,"a",r),r},f.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},f.p="/";var r=window.webpackJsonp=window.webpackJsonp||[],n=r.push.bind(r);r.push=e,r=r.slice();for(var o=0;o<r.length;o++)e(r[o]);var s=n;a()}([])</script><script src="/static/js/2.2cc554d3.chunk.js"></script><script src="/static/js/main.3cf214ef.chunk.js"></script></body></html>%
P20,表1-2,倒数第一行,第二列,“KubernetesCRD”少一个空格
P54,图3-19,里面的“south”都拼成了“sourth”
kiali中一直报这个错
作者朋友您好,我使用cloud-native-istio/chapter-files/traffic-management/ratelimiting.yaml,配置进行访问次数限制的时候报错,如下:
Error from server: error when creating "ratelimiting.yaml": admission webhook "validation.istio.io" denied the request: unrecognized type memquota
Error from server: error when creating "ratelimiting.yaml": admission webhook "validation.istio.io" denied the request: unrecognized type quota
请帮忙回答一下这个问题是什么引起?我的kubernetes是1.15版本,istio是1.5版本。
灰度发布技术上的核心要求是要提供一种机制满足多不版本同时在线
ds:
namespaces: weather
https://istio.io/docs/reference/config/policy-and-telemetry/templates/metric/
apiVersion: "config.istio.io/v1alpha2"
kind: instance
metadata:
name: customerrequestcount
namespace: istio-system
spec:
compiledTemplate: metric
params:
value: "1"
dimensions:
method: request.method | "unknown"
path: request.path | "unknown"
useragent: request.useragent | "unknown"
destination: destination.service.name | "unknown"
code: response.code | 200
monitored_resource_type: '"UNSPECIFIED"'
---
apiVersion: "config.istio.io/v1alpha2"
kind: handler
metadata:
name: prometheus
namespace: istio-system
spec:
compiledAdapter: prometheus
params:
metrics:
- name: customer_request_count
instance_name: customerrequestcount.instance.istio-system
kind: COUNTER
label_names:
- method
- path
- useragent
- destination
- code
---
apiVersion: "config.istio.io/v1alpha2"
kind: rule
metadata:
name: customerprom
namespace: istio-system
spec:
actions:
- handler: prometheus
instances: [ customerrequestcount ]
请问weather forecast示例几个服务的源代码在哪里下载?
几个服务分别是:frontend、advertisement、forecast、recommendation
不知源代码是在哪里下载, install目录只有部署配置文件。
第144页
Instance包括如下几个重要字段
template:必要字段
正确的应该是 “非必要字段” 吧
`
http:
如果安卓header匹配到了路由 有50%访问v1 50%访问v2 。如果html访问v1 那么html配套的js就是v1版本的js xxxx.js ,那么请求这个js的时候 同样匹配到了 并路由到v2版本 那么v2版本是不存在xxxx.js的 会出现404.真实的生产环境我们也遇到这个问题 请问怎么解决呢? 前端和接口不一样 html镶嵌了很多css js ,css js也会走这种路有逻辑 ,那么就会出现404.
请教下,运行示例时候报错:
k8s version: 1.16.2
kubectl apply -f install/weather-v1.yaml -n weather
unable to recognize "install/weather-v1.yaml": no matches for kind "Deployment" in version "extensions/v1beta2"
unable to recognize "install/weather-v1.yaml": no matches for kind "Deployment" in version "extensions/v1beta2"
unable to recognize "install/weather-v1.yaml": no matches for kind "Deployment" in version "extensions/v1beta2"
访问控制12.2章节checknothing.spec 为空报错:
# kubectl apply -f blacklist.yaml
denier.config.istio.io/denycustomerhandler created
error: error validating "blacklist.yaml": error validating data: unknown object type "nil" in checknothing.spec; if you choose to ignore these errors, turn validation off with --validate=false
第258页
$ kubectl apply -f install/weather-gateway.yaml
文件weather-gateway.yaml, 缺少DestinationRule
@fisherxu
P18 1.5.2 第2节,
更避免了在Kubernetes上运行时服务发现数据不一致的问题
这里的数据不一致问题具体是指什么?能否详细解释?谢谢!
P5,14行,“以灰度发现为例”,应为“以灰度发布为例”
您好,你们的代码已经老了,新版本k8s有很多问题,这样会对新读者产生很大的困扰,为什么不能更新一下代码呢?
书中内容为:
spec:
host: advertisement.weather.svc.cluster.local
trafficPolicy:
connectionPool:
http:
maxRequestsPerConnection: 1
实际上 hosts 应该是 recommendataion.weather.svc.cluster.local 才对,因为你此时是对recommendataion服务的访问。
你好,在读到本书6.3章总结时有些疑惑,总结最后有提到,”Sidecar Injector 在注入容器时,会自动解析业务容器的容器端口,设置 Readiness Probe。同时,如果未给 Pod 实例创建相应的 Service,那么 Sidecar 健康检查会失败,即Pod永远处于NotReady状态。”
我试着在weather命名空间下新加了个Deployment,没有给它创建相应的Service,但并没有出现永远处于NotReady状态。这个Deployment内的POD也可以正常访问weather下的其他服务。
书中说到Istio治理的是服务间的访问,治理的对象不一定非要是服务提供者吧。如果有个Deployment只是服务消费者,并不是服务提供者,也就没必要给它创建Service,那就无法使用Istio治理其对其他服务的访问了吗?
[root@localhost data]# minikube start --memory=8192 --cpus=4 --kubernetes-version=v1.11.0
X Error starting cluster: cmd failed: sudo /usr/bin/kubeadm init --config /var/lib/kubeadm.yaml --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests,DirAvailable--data-minikube,FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml,FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml,FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml,FileAvailable--etc-kubernetes-manifests-etcd.yaml,Port-10250,Swap,SystemVerification
I0902 04:48:39.949361 2797 feature_gate.go:230] feature gates: &{map[]}
[init] using Kubernetes version: v1.11.0
[preflight] running pre-flight checks
[WARNING Service-Docker]: docker service is not enabled, please run 'systemctl enable docker.service'
I0902 04:48:40.387547 2797 kernel_validator.go:81] Validating kernel version
I0902 04:48:40.391461 2797 kernel_validator.go:96] Validating kernel config
[preflight] The system verification failed. Printing the output from the verification:
[WARNING SystemVerification]: unsupported docker version: 18.09.8
KERNEL_VERSION: 4.15.0
CONFIG_NAMESPACES: enabled
CONFIG_NET_NS: enabled
CONFIG_PID_NS: enabled
CONFIG_IPC_NS: enabled
CONFIG_UTS_NS: enabled
CONFIG_CGROUPS: enabled
CONFIG_CGROUP_CPUACCT: enabled
CONFIG_CGROUP_DEVICE: enabled
CONFIG_CGROUP_FREEZER: enabled
CONFIG_CGROUP_SCHED: enabled
CONFIG_CPUSETS: enabled
CONFIG_MEMCG: enabled
CONFIG_INET: enabled
CONFIG_EXT4_FS: enabled
CONFIG_PROC_FS: enabled
CONFIG_NETFILTER_XT_TARGET_REDIRECT: enabled (as module)
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled (as module)
CONFIG_OVERLAY_FS: enabled (as module)
CONFIG_AUFS_FS: not set - Required for aufs.
CONFIG_BLK_DEV_DM: enabled
DOCKER_VERSION: 18.09.8
OS: Linux
CGROUPS_CPU: enabled
CGROUPS_CPUACCT: enabled
CGROUPS_CPUSET: enabled
CGROUPS_DEVICES: enabled
CGROUPS_FREEZER: enabled
CGROUPS_MEMORY: enabled
[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight/images] Pulling images required for setting up a Kubernetes cluster
[preflight/images] This might take a minute or two, depending on the speed of your internet connection
[preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull'
[preflight] Some fatal errors occurred:
[ERROR ImagePull]: failed to pull image [k8s.gcr.io/kube-apiserver-amd64:v1.11.0]: exit status 1
[ERROR ImagePull]: failed to pull image [k8s.gcr.io/kube-controller-manager-amd64:v1.11.0]: exit status 1
[ERROR ImagePull]: failed to pull image [k8s.gcr.io/kube-scheduler-amd64:v1.11.0]: exit status 1
[ERROR ImagePull]: failed to pull image [k8s.gcr.io/kube-proxy-amd64:v1.11.0]: exit status 1
[ERROR ImagePull]: failed to pull image [k8s.gcr.io/pause-amd64:3.1]: exit status 1
[ERROR ImagePull]: failed to pull image [k8s.gcr.io/etcd-amd64:3.2.18]: exit status 1
[ERROR ImagePull]: failed to pull image [k8s.gcr.io/coredns:1.1.3]: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with --ignore-preflight-errors=...
: Process exited with status 2
*
P51,第3段,“灰度发布技术上的核心要求是要提供一种机制满足多不版本同时在线”多了一个“不”字
我的istio是1.3.0版本,部署了自带的sample:httpbin和bookinfo,共用的httpbin-gateway,ingressgateway使用nodeport开放内部服务给外不访问,目前httpbin和bookinfo两个服务通过gateway的nodeport端口访问,但是weather forecase死活不可以,不知道问什么,提示的404错误同常规的gateway会virtual service配置错误不一样,见下图,请指教。
第251页
Pilot的默认请求内存为2048MiB
kubernetes的资源限制的内存单位是Ki、Mi、Gi、Ti
没有字母B
istio 我参考官方使用helm进行安装,版本是1.2.8的。
参考第8章部署weather的时候没问题,在部署weather-gateway的时候提示错误
# kubectl apply -f install/weather-gateway.yaml
Error from server (Timeout): error when creating "install/weather-gateway.yaml": Timeout: request did not complete within requested timeout 30s
Error from server (Timeout): error when creating "install/weather-gateway.yaml": Timeout: request did not complete within requested timeout 30s
Error from server (Timeout): error when creating "install/weather-gateway.yaml": Timeout: request did not complete within requested timeout 30s
在使用istio官方的例子来部署gateway的时候也是提示这个,搞不明白这是什么问题,k8s是1.14.6的,在自己本地使用虚拟机用二进制方式来进行部署的。
这是我安装istio的时候使用的参数,
helm install install/kubernetes/helm/istio --wait \
--name istio \
--namespace istio-system \
--set global.mtls.enabled=true \
--set kiali.enabled=true \
--set tracing.enabled=true \
--set grafana.enabled=true \
--set servicegraph.enabled=true \
--set global.k8sIngress.enabled=true \
--set global.k8sIngress.gatewayName=ingressgateway \
--set kiali.createDemoSecret=true \
--set kiali.contextPath=/ \
--set "kiali.dashboard.jaegerURL=http://jaeger-query:16686" \
--set "kiali.dashboard.grafanaURL=http://grafana:3000" \
--set gateways.istio-ingressgateway.type=NodePort \
--set gateways.istio-egressgateway.type=NodePort \
--set sidecarInjectorWebhook.enabled=true
chapter 8.4.2 最后一步访问 htpp://localhost无法访问
前边几步都正常,到最后一步访问 htpp://localhost无法访问
不是应该访问 virtualbox 中的IP才行么? 是映射到本地了么?
但是我查了一下 本地 80端口没有监听
第3章97页
【http2MaxRequests:最大请求数,】
一开始的理解是http一共只能接收这么多请求,看了后面的意思好像是最大并发,这里能不能改成最大并发请求数。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.