接上文《使用 k3s 搭建 cilium + istio 实验环境》和 《istio-ingressgateway 学习》
一、暴露 hubble ui
通过 istio-ingressgateway 暴露 hubble ui 服务,执行以下步骤:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: istio-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "hubble.k3s.local"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: hubble-vs
spec:
hosts:
- "hubble.k3s.local"
gateways:
- istio-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
port:
number: 80
host: hubble-ui.kube-system.svc.cluster.local
EOF
|
hubble ui 通过sub path 子路径这种访问方式有问题,这里通过子域名的方式访问,在本机 hosts 文件 配置如下内容
1
2
|
# istio-ingressgateway
vpsIP hubble.k3s.local
|
浏览器访问http://hubble.k3s.local:31782/(31782 为 istio-ingressgateway 的nodeport)
二、实验测试
1. Star Wars demo
部署 cilium 官方示例实例: Star Wars Demo , 官方的 yaml 没有 arm 版本的镜像,这里稍作修改:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
kubectl apply -f - <<EOF
---
apiVersion: v1
kind: Service
metadata:
name: deathstar
labels:
app.kubernetes.io/name: deathstar
spec:
type: ClusterIP
ports:
- port: 80
selector:
org: empire
class: deathstar
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: deathstar
labels:
app.kubernetes.io/name: deathstar
spec:
replicas: 2
selector:
matchLabels:
org: empire
class: deathstar
template:
metadata:
labels:
org: empire
class: deathstar
app.kubernetes.io/name: deathstar
spec:
containers:
- name: deathstar
image: docker.io/yuspin/starwars
---
apiVersion: v1
kind: Pod
metadata:
name: tiefighter
labels:
org: empire
class: tiefighter
app.kubernetes.io/name: tiefighter
spec:
containers:
- name: spaceship
image: docker.io/wrype/netperf-latest
---
apiVersion: v1
kind: Pod
metadata:
name: xwing
labels:
app.kubernetes.io/name: xwing
org: alliance
class: xwing
spec:
containers:
- name: spaceship
image: docker.io/wrype/netperf-latest
EOF
|
成功部署后,从两个宇宙飞船发出请求以模拟 一些流量。
1
2
3
4
5
|
$ kubectl exec xwing -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing
Ship landed
$ kubectl exec tiefighter -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing
Ship landed
|
然后这些请求将在 hubble ui 显示为不同的 pod 间的服务调用
2. 检查各种网络流量
为了制造一些网络流量,循环运行 cilium 的连通性检测程序
1
|
while true; do cilium connectivity test; done
|
然后可以在 hubble ui,看到各种网络流量
