istio ymal笔记

唯一性判断

apiVersion + kind + name + namespace

指令:

对资源进行配置

kubectl apply -f dashboard.yaml
kubectl delete -f dashboard.yaml

YAML配置文件管理对象

对象管理：
# 创建deployment资源
kubectl create -f nginx-deployment.yaml
# 查看deployment
kubectl get deploy
# 查看ReplicaSet
kubectl get rs
# 查看pods所有标签
kubectl get pods --show-labels
# 根据标签查看pods
kubectl get pods -l app=nginx
# 滚动更新镜像
kubectl set image deployment/nginx-deployment nginx=nginx:1.11
或者
kubectl edit deployment/nginx-deployment
或者
kubectl apply -f nginx-deployment.yaml
# 实时观察发布状态：
kubectl rollout status deployment/nginx-deployment
# 查看deployment历史修订版本
kubectl rollout history deployment/nginx-deployment
kubectl rollout history deployment/nginx-deployment --revision=3
# 回滚到以前版本
kubectl rollout undo deployment/nginx-deployment
kubectl rollout undo deployment/nginx-deployment --to-revision=3
# 扩容deployment的Pod副本数量
kubectl scale deployment nginx-deployment --replicas=10
# 设置启动扩容/缩容
kubectl autoscale deployment nginx-deployment --min=10 --max=15 --cpu-percent=80

（流量管理/配置服务在网关上的路由）

apiVersion: networking.istio.io/v1beta1
kind: VirtualService     # virtualservice（流量管理/配置服务在网关上的路由）
metadata:
  name: admin-asset      # 注册的服务名称
  namespace: $NS
spec:
  hosts:
    - "*"                # kubernetes下对应的service
  gateways:
    - istio-system/api-gateway  # 选择网关
  http:
    - match:                    # 定义服务匹配模式
        - uri:                  # 以uri的方式
            prefix: "/admin/device"  # prefix代表前缀，可以匹配到二级子目录上 (exact代表绝对路径，只能匹配定义的字段)
      route:
        - destination:
            host: admin-asset
            port:
              number: 80
    - match:
        - uri:                 
            prefix: "/admin.AssetService"
        - uri:
            prefix: "/admin.DeviceService"
        - uri:
            prefix: "/admin.SpaceService"
        - uri:
            prefix: "/admin.UsageService"
        - uri:
            prefix: "/admin.AccessService"
      route:                         # 选择路由的服务
        - destination:
            host: admin-asset        # 已注册istio服务
            port:
              number: 6443
      retries:
        attempts: 3
        perTryTimeout: 60s
        retryOn: unavailable,reset
      corsPolicy:
        allowOrigin:
          - "*"
        allowMethods:
          - POST
          - GET
          - OPTIONS
          - PUT
          - DELETE
        allowHeaders:
          - grpc-timeout
          - content-type
          - keep-alive
          - user-agent
          - cache-control
          - content-type
          - content-transfer-encoding
          - custom-header-1
          - x-accept-content-transfer-encoding
          - x-accept-response-streaming
          - x-user-agent
          - x-grpc-web
          - x-auth-token
          - x-org
        maxAge: 24h
        exposeHeaders:
          - custom-header-1
          - grpc-status
          - grpc-message
          - x-request-id
          - x-err-code
        allowCredentials: true

EnvoyFilter扩展Istio

# https://www.envoyproxy.io/docs/envoy/v1.12.2/api-v2/config/filter/network/http_connection_manager/v2/http_connection_manager.proto.html
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: custom-istio-conn
  namespace: istio-system # as defined in meshConfig resource.
spec:
  configPatches:
    - applyTo: NETWORK_FILTER
      match:
        context: GATEWAY
        listener:
          filterChain:
            filter:
              name: envoy.http_connection_manager
      patch:
        operation: MERGE
        value:
          typed_config:
            "@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"
            server_name: envoy
            preserve_external_request_id: true