5、可视化监控
istio自带了三个监控平台 •监控指标(Grafana)
1、请求错误率
2、请求延时(响应时间) •网格可视化(Kiali)
3、链路调用拓扑图
4、RPS(每秒请求),也有请求错误率
5、请求/响应数据包大小
6、查看pod日志
7、istio配置资源在线编辑 •调用链跟踪(Jaeger)
8、一个服务涉及的调用情况
9、分析数据包中具体请求/响应信息
10、响应时间
[root@master01 opt]# istioctl dashboard -h Access to Istio web UIs Usage: istioctl dashboard [flags] istioctl dashboard [command] Aliases: dashboard, dash, d Available Commands: controlz Open ControlZ web UI envoy Open Envoy admin web UI grafana Open Grafana web UI jaeger Open Jaeger web UI kiali Open Kiali web UI prometheus Open Prometheus web UI zipkin Open Zipkin web UI Flags: --address string Address to listen on. Only accepts IP address or localhost as a value. When localhost is supplied, istioctl will try to bind on both 127.0.0.1 and ::1 and will fail if neither of these address are available to bind. (default "localhost") -h, --help help for dashboard -p, --port int Local port to listen to Global Flags: --context string The name of the kubeconfig context to use -i, --istioNamespace string Istio system namespace (default "istio-system") -c, --kubeconfig string Kubernetes configuration file -n, --namespace string Config namespace Use "istioctl dashboard [command] --help" for more information about a command. [root@master01 opt]# kubectl get pod -n istio-system NAME READY STATUS RESTARTS AGE grafana-75745787f9-w8md6 1/1 Running 0 25m istio-egressgateway-794db4db55-hstw6 1/1 Running 0 25m istio-ingressgateway-799b86d9-x2gkh 1/1 Running 0 25m istio-tracing-c7b59f68f-fp66x 1/1 Running 0 25m istiod-55fff4d845-zmdg8 1/1 Running 0 25m kiali-85dc7cdc48-vmh29 1/1 Running 0 25m prometheus-8685fb8c59-65qxl 2/2 Running 0 25m ##临时开启可用如下办法 [root@master01 opt]# istioctl dashboard controlz istiod-55fff4d845-zmdg8 -n istio-system --address=10.211.55.16 http://localhost:33673
为了可以通过ingressgateway的能够访问三个监控平台,因此需要编写监控monitor-gateway.yaml
[root@master01 istio-1.6.2]# kubectl get svc -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE grafana ClusterIP 10.68.185.28 <none> 3000/TCP 26h istio-egressgateway ClusterIP 10.68.80.126 <none> 80/TCP,443/TCP,15443/TCP 26h istio-ingressgateway LoadBalancer 10.68.139.54 <pending> 15021:30792/TCP,80:22516/TCP,443:34994/TCP,31400:21999/TCP,15443:22618/TCP 26h istiod ClusterIP 10.68.213.107 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP,853/TCP 26h 26h kiali NodePort 10.68.227.1 <none> 20001:24347/TCP 26h prometheus ClusterIP 10.68.241.113 <none> 9090/TCP 26h 18m tracing ClusterIP 10.68.156.89 <none> 80/TCP 26h zipkin NodePort 10.68.182.176 <none> 9411:24218/TCP 26h
[root@master01 istio-1.6.2]# cat monitor-gateway.yaml --- #网格可视化kiala apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: monitor-gateway namespace: istio-system spec: selector: istio: ingressgateway # use istio default controller servers: - port: number: 80 name: http protocol: HTTP hosts: - "*" --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: kiali namespace: istio-system spec: hosts: - "kiali.istio.double.com" gateways: - kiala-gateway http: - route: - destination: host: kiali port: number: 20001 --- #监控可视化 --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: grafana namespace: istio-system spec: hosts: - "grafana.istio.double.com" gateways: - grafana-gateway http: - route: - destination: host: grafana port: number: 3000 --- #调用链 --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: tracing namespace: istio-system spec: hosts: - "tracing.istio.double.com" gateways: - tracing-gateway http: - route: - destination: host: tracing port: number: 80 --- #链路跟踪 --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: zipkin namespace: istio-system spec: hosts: - "zipkin.istio.double.com" gateways: - monitor-gateway http: - route: - destination: host: zipkin port: number: 8441
部署监控网关入口
[root@master01 istio-1.6.2]# kubectl apply -f monitor-gateway.yaml [root@localhost istio-1.6.2]# kubectl get gateway,vs -n istio-system NAME AGE gateway.networking.istio.io/grafana-gateway 34s gateway.networking.istio.io/kiala-gateway 34s gateway.networking.istio.io/monitor-gateway 34s gateway.networking.istio.io/traing-gateway 34s NAME GATEWAYS HOSTS AGE virtualservice.networking.istio.io/grafana [grafana-gateway] [grafana.istio.double.com] 34s virtualservice.networking.istio.io/kiali [kiala-gateway] [kiali.istio.double.com] 34s virtualservice.networking.istio.io/tracing [tracing-gateway] [tracing.istio.double.com] 34s virtualservice.networking.istio.io/zipkin [monitor-gateway] [zipkin.istio.double.com] 34s
安装nginx,作为lb,负载均衡到ingressgateway的暴露的nodeport端口上,所有的外部流量通过ingressgateway进去istio进行管理
[root@mysql-cloud-kafka-zk ~]# cat /data/nginx/vhosts/istio.holder.cn.conf ....省略 include /etc/nginx/conf.d/*.conf; upstream ingressgateway { server 10.100.132.8:22516; server 10.100.132.5:22516; server 10.100.132.6:22516; } server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { proxy_pass http://ingressgateway; proxy_set_header Host $host; proxy_http_version 1.1; } }
绑定域名到本地hosts,即可访问👉
6、切换bookinfo的入口流量到ingressgateway
# 为Bookinfo部署入口网关 [root@master01 istio-1.6.2]# cat samples/bookinfo/networking/bookinfo-gateway.yaml apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: bookinfo-gateway spec: selector: istio: ingressgateway # use istio default controller servers: - port: number: 80 name: http protocol: HTTP hosts: - "*" --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: bookinfo spec: hosts: - "bookinfo.istio.double.com" gateways: - bookinfo-gateway http: - match: - uri: exact: /productpage - uri: prefix: /static - uri: exact: /login - uri: exact: /logout - uri: prefix: /api/v1/products route: - destination: host: productpage port: number: 9080 [root@master01 istio-1.6.2]# kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml gateway.networking.istio.io/bookinfo-gateway unchanged virtualservice.networking.istio.io/bookinfo changed # 获取网关地址 [root@master01 istio-1.6.2]# kubectl get gateway,vs NAME AGE gateway.networking.istio.io/bookinfo-gateway 29h NAME GATEWAYS HOSTS AGE virtualservice.networking.istio.io/bookinfo [bookinfo-gateway] [bookinfo.istio.double.com] 29h
绑定域名,然后访问bookinfo.istio.double.com既可访问,不停地刷新图书单品页,在kiali中会实时地绘制服务网格,如下:
请求响应如下:
基于权重流量的实时控制,如下:
监控指标如下:
对于服务的可观察性,kiali还提供了很多其他的功能,这也是Istio相较于其他服务网格框架的优势,这里就不展示了。
