Ssoon
[7주차] Service Mesh : Bookinfo 실습 & Istio 기능 본문
CloudNet@ 가시다님이 진행하는 쿠버네티스 네트워크 스터디 3기✅ Bookinfo
🧿 bookinfo.yaml
(⎈|default:N/A) root@k3s-s:~# echo $ISTIOV
1.23.2
(⎈|default:N/A) root@k3s-s:~# cat ~/istio-$ISTIOV/samples/bookinfo/platform/kube/bookinfo.yaml
# Copyright Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##################################################################################################
# This file defines the services, service accounts, and deployments for the Bookinfo sample.
#
# To apply all 4 Bookinfo services, their corresponding service accounts, and deployments:
#
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
#
# Alternatively, you can deploy any resource separately:
#
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l service=reviews # reviews Service
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l account=reviews # reviews ServiceAccount
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l app=reviews,version=v3 # reviews-v3 Deployment
##################################################################################################
##################################################################################################
# Details service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: details
labels:
app: details
service: details
spec:
ports:
- port: 9080
name: http
selector:
app: details
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-details
labels:
account: details
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: details-v1
labels:
app: details
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: details
version: v1
template:
metadata:
labels:
app: details
version: v1
spec:
serviceAccountName: bookinfo-details
containers:
- name: details
image: docker.io/istio/examples-bookinfo-details-v1:1.20.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
##################################################################################################
# Ratings service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: ratings
labels:
app: ratings
service: ratings
spec:
ports:
- port: 9080
name: http
selector:
app: ratings
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-ratings
labels:
account: ratings
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ratings-v1
labels:
app: ratings
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: ratings
version: v1
template:
metadata:
labels:
app: ratings
version: v1
spec:
serviceAccountName: bookinfo-ratings
containers:
- name: ratings
image: docker.io/istio/examples-bookinfo-ratings-v1:1.20.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
##################################################################################################
# Reviews service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: reviews
labels:
app: reviews
service: reviews
spec:
ports:
- port: 9080
name: http
selector:
app: reviews
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-reviews
labels:
account: reviews
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v1
labels:
app: reviews
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v1
template:
metadata:
labels:
app: reviews
version: v1
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v1:1.20.1
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v2
labels:
app: reviews
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v2
template:
metadata:
labels:
app: reviews
version: v2
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v2:1.20.1
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v3
labels:
app: reviews
version: v3
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v3
template:
metadata:
labels:
app: reviews
version: v3
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v3:1.20.1
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
##################################################################################################
# Productpage services
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: productpage
labels:
app: productpage
service: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-productpage
labels:
account: productpage
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: productpage-v1
labels:
app: productpage
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: productpage
version: v1
template:
metadata:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9080"
prometheus.io/path: "/metrics"
labels:
app: productpage
version: v1
spec:
serviceAccountName: bookinfo-productpage
containers:
- name: productpage
image: docker.io/istio/examples-bookinfo-productpage-v1:1.20.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
volumes:
- name: tmp
emptyDir: {}
---
(⎈|default:N/A) root@k3s-s:~# kubectl apply -f ~/istio-$ISTIOV/samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created🧿 kubectl get all,sa 명령어의 출력 결과는 현재 Kubernetes 클러스터에서 실행 중인 모든 리소스와 서비스 계정에 대한 정보 확인
(⎈|default:N/A) root@k3s-s:~# kubectl get all,sa
NAME READY STATUS RESTARTS AGE
pod/details-v1-65cfcf56f9-tnlcp 2/2 Running 0 12s
pod/productpage-v1-d5789fdfb-56q79 2/2 Running 0 11s
pod/ratings-v1-7c9bd4b87f-f6xf9 2/2 Running 0 12s
pod/reviews-v1-6584ddcf65-vrf9w 2/2 Running 0 12s
pod/reviews-v2-6f85cb9b7c-rsxs4 2/2 Running 0 12s
pod/reviews-v3-6f5b775685-f4wpj 2/2 Running 0 11s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/details ClusterIP 10.10.200.37 <none> 9080/TCP 12s
service/kubernetes ClusterIP 10.10.200.1 <none> 443/TCP 35s
service/productpage ClusterIP 10.10.200.84 <none> 9080/TCP 12s
service/ratings ClusterIP 10.10.200.97 <none> 9080/TCP 12s
service/reviews ClusterIP 10.10.200.104 <none> 9080/TCP 12s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/details-v1 1/1 1 1 12s
deployment.apps/productpage-v1 1/1 1 1 11s
deployment.apps/ratings-v1 1/1 1 1 12s
deployment.apps/reviews-v1 1/1 1 1 12s
deployment.apps/reviews-v2 1/1 1 1 12s
deployment.apps/reviews-v3 1/1 1 1 12s
NAME DESIRED CURRENT READY AGE
replicaset.apps/details-v1-65cfcf56f9 1 1 1 12s
replicaset.apps/productpage-v1-d5789fdfb 1 1 1 11s
replicaset.apps/ratings-v1-7c9bd4b87f 1 1 1 12s
replicaset.apps/reviews-v1-6584ddcf65 1 1 1 12s
replicaset.apps/reviews-v2-6f85cb9b7c 1 1 1 12s
replicaset.apps/reviews-v3-6f5b775685 1 1 1 12s
NAME SECRETS AGE
serviceaccount/bookinfo-details 0 17m
serviceaccount/bookinfo-productpage 0 17m
serviceaccount/bookinfo-ratings 0 17m
serviceaccount/bookinfo-reviews 0 17m
serviceaccount/default 0 156m🧿 Kubernetes 클러스터 내에서 실행되고 있는 ratings 애플리케이션의 Pod에서 productpage 서비스에 요청 을 보내고 그 응답에서 <title> 태그를 추출
(⎈|default:N/A) root@k3s-s:~# kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>✅ Istio 를 통한 인입 기본 설정
🧿 Istio Gateway와 VirtualService 리소스 정의
- Istio의 Gateway 리소스를 정의
- 이 Gateway 리소스는 bookinfo-gateway 라는 이름을 가지고 있으며, HTTP 프로토콜을 사용하는 8080 포트에서 모든 호스트로부터의 요청을 수신합니다. Istio의 기본 인그레스 게이트웨이를 사용하도록 설정되어 있어 클러스터 외부에서 들어오는 트래픽을 내부 서비스로 라우팅하는 데 필요한 기본적인 설정이 완료된 상태입니다.
- Istio의 VirtualService 리소스를 정의
- 사용자가 http://<gateway-ip>:8080/productpage에 접근하면 productpage 서비스의 포트 9080으로 요청이 전달됩니다.
- gateways
- 이 VirtualService가 사용할 Gateway를 지정합니다. 여기서는 이전에 정의한 bookinfo-gateway를 사용합니다.
- match : 라우팅 규칙을 매칭하기 위한 조건을 정의합니다. 아래는 정의된 조건입니다:
- uri.exact: 요청 URI가 정확히 일치하는 경우.
- /productpage
- /login
- /logout
- uri.prefix: 요청 URI가 주어진 접두사로 시작하는 경우.
- /static
- /api/v1/products
- uri.exact: 요청 URI가 정확히 일치하는 경우.
- route
- 매칭된 요청을 어디로 라우팅할지를 정의합니다. 여기서는 productpage 서비스로 라우팅합니다.
- destination: 요청을 보낼 대상 서비스와 포트를 지정합니다.
- host: 요청을 보낼 서비스의 이름입니다. 여기서는 productpage입니다.
- port: 서비스의 포트 번호입니다. 여기서는 9080으로 설정되어 있습니다.
(⎈|default:N/A) root@k3s-s:~# cat ~/istio-$ISTIOV/samples/bookinfo/networking/bookinfo-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
# The selector matches the ingress gateway pod labels.
# If you installed Istio using Helm following the standard documentation, this would be "istio=ingress"
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 8080
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
(⎈|default:N/A) root@k3s-s:~# kubectl apply -f ~/istio-$ISTIOV/samples/bookinfo/networking/bookinfo-gateway.yaml
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created🧿 Istio Gateway와 VirtualService 확인
- Gateway: bookinfo-gateway는 HTTP 요청을 수신하기 위한 포트를 설정하고, 요청을 해당 VirtualService로 전달합니다.
- VirtualService: bookinfo는 이 Gateway를 통해 들어오는 요청에 대한 세부 라우팅 규칙을 정의합니다.
(⎈|default:N/A) root@k3s-s:~# kubectl get gw,vs
NAME AGE
gateway.networking.istio.io/bookinfo-gateway 7s
NAME GATEWAYS HOSTS AGE
virtualservice.networking.istio.io/bookinfo ["bookinfo-gateway"] ["*"] 7s🧿 Istio 서비스 mesh 내에서 각 프록시의 상태
- 모든 프록시가 정상적으로 동기화됨:
- details, productpage, ratings, reviews, istio-ingressgateway 등 모든 서비스 프록시가 SYNCED 상태로, Istio 컨트롤 플레인과 정상적으로 통신하고 있습니다.
- Ingress Gateway 상태 확인:
- istio-ingressgateway의 CDS, LDS, EDS, RDS 모두 SYNCED로, 트래픽 수신 준비가 완료되었습니다.
(⎈|default:N/A) root@k3s-s:~# istioctl proxy-status
NAME CLUSTER CDS LDS EDS RDS ECDS ISTIOD VERSION
details-v1-65cfcf56f9-tnlcp.default Kubernetes SYNCED (2m47s) SYNCED (2m47s) SYNCED (2m39s) SYNCED (2m47s) IGNORED istiod-7f8b586864-cwgvw 1.23.2
istio-ingressgateway-5f9f654d46-tb2tl.istio-system Kubernetes SYNCED (31s) SYNCED (31s) SYNCED (2m39s) SYNCED (31s) IGNORED istiod-7f8b586864-cwgvw 1.23.2
productpage-v1-d5789fdfb-56q79.default Kubernetes SYNCED (2m39s) SYNCED (2m39s) SYNCED (2m39s) SYNCED (2m39s) IGNORED istiod-7f8b586864-cwgvw 1.23.2
ratings-v1-7c9bd4b87f-f6xf9.default Kubernetes SYNCED (2m48s) SYNCED (2m48s) SYNCED (2m39s) SYNCED (2m48s) IGNORED istiod-7f8b586864-cwgvw 1.23.2
reviews-v1-6584ddcf65-vrf9w.default Kubernetes SYNCED (2m43s) SYNCED (2m43s) SYNCED (2m39s) SYNCED (2m43s) IGNORED istiod-7f8b586864-cwgvw 1.23.2
reviews-v2-6f85cb9b7c-rsxs4.default Kubernetes SYNCED (2m46s) SYNCED (2m46s) SYNCED (2m39s) SYNCED (2m46s) IGNORED istiod-7f8b586864-cwgvw 1.23.2
reviews-v3-6f5b775685-f4wpj.default Kubernetes SYNCED (2m47s) SYNCED (2m47s) SYNCED (2m39s) SYNCED (2m47s) IGNORED istiod-7f8b586864-cwgvw 1.23.2🧿 Kubernetes에서 Istio의 Ingress Gateway 서비스의 HTTP 포트 번호를 가져와서 환경 변수에 저장한 후, 그 값을 출력
- NodePort인 30293를 사용하여 외부에서 Istio Ingress Gateway를 통해 서비스에 접근할 수 있습니다.
(⎈|default:N/A) root@k3s-s:~# export IGWHTTP=$(kubectl get service -n istio-system istio-ingressgateway -o jsonpath='{.spec.ports[1].nodePort}')
(⎈|default:N/A) root@k3s-s:~# echo $IGWHTTP
30293🧿 Istio Ingress Gateway 서비스에 대한 정보 확인
- 15021:30339/TCP: 클러스터 포트 15021이 노드 포트 30339로 매핑됩니다.
- 80:30293/TCP: 클러스터 포트 80이 노드 포트 30293로 매핑됩니다.
- 443:31536/TCP: 클러스터 포트 443이 노드 포트 31536로 매핑됩니다.
- 31400:30427/TCP: 클러스터 포트 31400이 노드 포트 30427로 매핑됩니다.
- 15443:31921/TCP: 클러스터 포트 15443이 노드 포트 31921로 매핑됩니다.
(⎈|default:N/A) root@k3s-s:~# kubectl get svc -n istio-system istio-ingressgateway
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway NodePort 10.10.200.254 <none> 15021:30339/TCP,80:30293/TCP,443:31536/TCP,31400:30427/TCP,15443:31921/TCP 93m🧿 Kubernetes 클러스터의 각 노드에서 Istio Ingress Gateway를 통해 "Simple Bookstore App" 웹 페이지에 접근
(⎈|default:N/A) root@k3s-s:~# curl -s http://localhost:$IGWHTTP/productpage | head -n 10
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Simple Bookstore App</title>
<script src="static/tailwind/tailwind.css"></script>
<script type="text/javascript">
(⎈|default:N/A) root@k3s-s:~# curl -s http://192.168.10.101:$IGWHTTP/productpage | head -n 10
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Simple Bookstore App</title>
<script src="static/tailwind/tailwind.css"></script>
<script type="text/javascript">
(⎈|default:N/A) root@k3s-s:~# curl -s http://192.168.10.102:$IGWHTTP/productpage | head -n 10
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Simple Bookstore App</title>
<script src="static/tailwind/tailwind.css"></script>
<script type="text/javascript">🧿 [ testpc ] 설정한 도메인과 포트를 통해 "Simple Bookstore App" 웹 페이지에 접근한 뒤, 페이지의 제목을 추출하여 출력
root@testpc:~# curl -s $MYDOMAIN:$IGWHTTP/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>🧿 웹페이지 접근
- 새로고침 후 확인 : 별점 변경
✅ 모니터링
🧿 Istio 추가 구성 요소를 Kubernetes 클러스터에 배포하고, Kiali 서비스의 배포 상태를 확인
(⎈|default:N/A) root@k3s-s:~# tree ~/istio-$ISTIOV/samples/addons/
/root/istio-1.23.2/samples/addons/
├── README.md
├── extras
│ ├── prometheus-operator.yaml
│ ├── skywalking.yaml
│ └── zipkin.yaml
├── grafana.yaml
├── jaeger.yaml
├── kiali.yaml
├── loki.yaml
└── prometheus.yaml
1 directory, 9 files
(⎈|default:N/A) root@k3s-s:~# kubectl apply -f ~/istio-$ISTIOV/samples/addons
serviceaccount/grafana created
configmap/grafana created
service/grafana created
deployment.apps/grafana created
configmap/istio-grafana-dashboards created
configmap/istio-services-grafana-dashboards created
deployment.apps/jaeger created
service/tracing created
service/zipkin created
service/jaeger-collector created
serviceaccount/kiali created
configmap/kiali created
clusterrole.rbac.authorization.k8s.io/kiali created
clusterrolebinding.rbac.authorization.k8s.io/kiali created
role.rbac.authorization.k8s.io/kiali-controlplane created
rolebinding.rbac.authorization.k8s.io/kiali-controlplane created
service/kiali created
deployment.apps/kiali created
serviceaccount/loki created
configmap/loki created
configmap/loki-runtime created
service/loki-memberlist created
service/loki-headless created
service/loki created
statefulset.apps/loki created
serviceaccount/prometheus created
configmap/prometheus created
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created
service/prometheus created
deployment.apps/prometheus created
(⎈|default:N/A) root@k3s-s:~# kubectl rollout status deployment/kiali -n istio-system
Waiting for deployment "kiali" rollout to finish: 0 of 1 updated replicas are available...
deployment "kiali" successfully rolled out🧿 Kubernetes 클러스터에서 Istio 시스템 네임스페이스(istio-system)에 배포된 모든 리소스(포드, 서비스, 배포, 상태풀셋, 서비스 계정 및 구성 맵)를 확인
(⎈|default:N/A) root@k3s-s:~# kubectl get all,sa,cm -n istio-system
NAME READY STATUS RESTARTS AGE
pod/grafana-7f76bc9cdb-6plwj 1/1 Running 0 92s
pod/istio-ingressgateway-5f9f654d46-tb2tl 1/1 Running 0 124m
pod/istiod-7f8b586864-cwgvw 1/1 Running 0 124m
pod/jaeger-66f9675c7b-vk2zq 1/1 Running 0 92s
pod/kiali-65c46f9d98-m8bqd 1/1 Running 0 92s
pod/loki-0 1/1 Running 0 92s
pod/prometheus-7979bfd58c-h6c2n 2/2 Running 0 91s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/grafana ClusterIP 10.10.200.46 <none> 3000/TCP 93s
service/istio-ingressgateway NodePort 10.10.200.254 <none> 15021:30339/TCP,80:30293/TCP,443:31536/TCP,31400:30427/TCP,15443:31921/TCP 124m
service/istiod ClusterIP 10.10.200.196 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 124m
service/jaeger-collector ClusterIP 10.10.200.117 <none> 14268/TCP,14250/TCP,9411/TCP,4317/TCP,4318/TCP 92s
service/kiali ClusterIP 10.10.200.23 <none> 20001/TCP,9090/TCP 92s
service/loki ClusterIP 10.10.200.150 <none> 3100/TCP,9095/TCP 92s
service/loki-headless ClusterIP None <none> 3100/TCP 92s
service/loki-memberlist ClusterIP None <none> 7946/TCP 92s
service/prometheus ClusterIP 10.10.200.107 <none> 9090/TCP 92s
service/tracing ClusterIP 10.10.200.127 <none> 80/TCP,16685/TCP 92s
service/zipkin ClusterIP 10.10.200.68 <none> 9411/TCP 92s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/grafana 1/1 1 1 93s
deployment.apps/istio-ingressgateway 1/1 1 1 124m
deployment.apps/istiod 1/1 1 1 124m
deployment.apps/jaeger 1/1 1 1 92s
deployment.apps/kiali 1/1 1 1 92s
deployment.apps/prometheus 1/1 1 1 91s
NAME DESIRED CURRENT READY AGE
replicaset.apps/grafana-7f76bc9cdb 1 1 1 93s
replicaset.apps/istio-ingressgateway-5f9f654d46 1 1 1 124m
replicaset.apps/istiod-7f8b586864 1 1 1 124m
replicaset.apps/jaeger-66f9675c7b 1 1 1 92s
replicaset.apps/kiali-65c46f9d98 1 1 1 92s
replicaset.apps/prometheus-7979bfd58c 1 1 1 91s
NAME READY AGE
statefulset.apps/loki 1/1 92s
NAME SECRETS AGE
serviceaccount/default 0 125m
serviceaccount/grafana 0 93s
serviceaccount/istio-ingressgateway-service-account 0 124m
serviceaccount/istio-reader-service-account 0 124m
serviceaccount/istiod 0 124m
serviceaccount/kiali 0 92s
serviceaccount/loki 0 92s
serviceaccount/prometheus 0 92s
NAME DATA AGE
configmap/grafana 3 93s
configmap/istio 2 124m
configmap/istio-ca-root-cert 1 124m
configmap/istio-gateway-status-leader 0 124m
configmap/istio-grafana-dashboards 3 93s
configmap/istio-leader 0 124m
configmap/istio-namespace-controller-election 0 124m
configmap/istio-services-grafana-dashboards 4 92s
configmap/istio-sidecar-injector 2 124m
configmap/kiali 1 92s
configmap/kube-root-ca.crt 1 125m
configmap/loki 1 92s
configmap/loki-runtime 1 92s
configmap/prometheus 6 92s🧿 Kubernetes 클러스터에서 Istio 시스템 네임스페이스(istio-system)의 서비스와 엔드포인트를 조회
(⎈|default:N/A) root@k3s-s:~# kubectl get svc,ep -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/grafana ClusterIP 10.10.200.46 <none> 3000/TCP 100s
service/istio-ingressgateway NodePort 10.10.200.254 <none> 15021:30339/TCP,80:30293/TCP,443:31536/TCP,31400:30427/TCP,15443:31921/TCP 124m
service/istiod ClusterIP 10.10.200.196 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 125m
service/jaeger-collector ClusterIP 10.10.200.117 <none> 14268/TCP,14250/TCP,9411/TCP,4317/TCP,4318/TCP 99s
service/kiali ClusterIP 10.10.200.23 <none> 20001/TCP,9090/TCP 99s
service/loki ClusterIP 10.10.200.150 <none> 3100/TCP,9095/TCP 99s
service/loki-headless ClusterIP None <none> 3100/TCP 99s
service/loki-memberlist ClusterIP None <none> 7946/TCP 99s
service/prometheus ClusterIP 10.10.200.107 <none> 9090/TCP 99s
service/tracing ClusterIP 10.10.200.127 <none> 80/TCP,16685/TCP 99s
service/zipkin ClusterIP 10.10.200.68 <none> 9411/TCP 99s
NAME ENDPOINTS AGE
endpoints/grafana 172.16.2.8:3000 100s
endpoints/istio-ingressgateway 172.16.0.5:15443,172.16.0.5:15021,172.16.0.5:31400 + 2 more... 124m
endpoints/istiod 172.16.0.3:15012,172.16.0.3:15010,172.16.0.3:15017 + 1 more... 125m
endpoints/jaeger-collector 172.16.0.11:9411,172.16.0.11:14250,172.16.0.11:4317 + 2 more... 99s
endpoints/kiali 172.16.1.8:9090,172.16.1.8:20001 99s
endpoints/loki 172.16.0.13:9095,172.16.0.13:3100 99s
endpoints/loki-headless 172.16.0.13:3100 99s
endpoints/loki-memberlist 172.16.0.13:7946 99s
endpoints/prometheus 172.16.1.9:9090 99s
endpoints/tracing 172.16.0.11:16685,172.16.0.11:16686 99s
endpoints/zipkin 172.16.0.11:9411 99s🧿 Kubernetes 클러스터에서 Kiali 서비스의 유형을 NodePort로 변경하고, 해당 서비스의 NodePort를 조회한 후, Kiali UI에 접근할 수 있는 URL을 생성
(⎈|default:N/A) root@k3s-s:~# kubectl patch svc -n istio-system kiali -p '{"spec":{"type":"NodePort"}}'
service/kiali patched
(⎈|default:N/A) root@k3s-s:~# KIALINodePort=$(kubectl get svc -n istio-system kiali -o jsonpath={.spec.ports[0].nodePort})
(⎈|default:N/A) root@k3s-s:~# echo -e "KIALI UI URL = http://$(curl -s ipinfo.io/ip):$KIALINodePort"
KIALI UI URL = http://3.38.214.243:32382
🧿 Grafana 서비스를 Kubernetes 클러스터에서 NodePort로 변경하고, 해당 서비스의 NodePort를 조회한 후, Grafana UI에 접근할 수 있는 URL을 생성
(⎈|default:N/A) root@k3s-s:~# kubectl patch svc -n istio-system grafana -p '{"spec":{"type":"NodePort"}}'
service/grafana patched
(⎈|default:N/A) root@k3s-s:~# GRAFANANodePort=$(kubectl get svc -n istio-system grafana -o jsonpath={.spec.ports[0].nodePort})
(⎈|default:N/A) root@k3s-s:~# echo -e "Grafana URL = http://$(curl -s ipinfo.io/ip):$GRAFANANodePort"
Grafana URL = http://3.38.214.243:31335
🧿 Prometheus 서비스를 Kubernetes 클러스터에서 NodePort로 변경하고, 해당 서비스의 NodePort를 조회한 후, Prometheus UI에 접근할 수 있는 URL을 생성
(⎈|default:N/A) root@k3s-s:~# kubectl patch svc -n istio-system prometheus -p '{"spec":{"type":"NodePort"}}'
service/prometheus patched
(⎈|default:N/A) root@k3s-s:~# PROMENodePort=$(kubectl get svc -n istio-system prometheus -o jsonpath={.spec.ports[0].nodePort})
(⎈|default:N/A) root@k3s-s:~# echo -e "Prometheus URL = http://$(curl -s ipinfo.io/ip):$PROMENodePort"
Prometheus URL = http://3.38.214.243:32490
🧿 [ testpc ] curl을 사용하여 HTTP 요청을 1,000번 보내고, 응답에서 <title> 태그를 추출
root@testpc:~# for i in {1..1000}; do curl -s $MYDOMAIN:$IGWHTTP/productpage | grep -o "<title>.*</title>" ; done
<title>Simple Bookstore App</title>Traffic Distribution 기능은 서비스 간의 트래픽 흐름을 시각적으로 나타내며, 이를 통해 각 서비스가 얼마나 많은 요청을 받고 있는지를 확인할 수 있습니다. 이 기능은 다음과 같은 정보를 제공합니다:
- 비율 표시: 특정 서비스에 대해 요청이 어떻게 분배되는지를 보여줍니다. 예를 들어, A 서비스가 B 서비스에 60%의 트래픽을 보내고, C 서비스가 40%를 보낸다고 할 때, 이 정보를 쉽게 시각적으로 확인할 수 있습니다.
- 서비스 상태: 각 서비스의 상태(예: 성공, 실패, 지연 등)를 기반으로 트래픽 분포를 시각적으로 표시합니다. 이를 통해 트래픽이 많은 서비스의 상태를 빠르게 진단할 수 있습니다.
- 시간대별 트래픽: 트래픽이 시간에 따라 어떻게 변화하는지를 확인할 수 있어, 특정 시간에 트래픽이 급증하는 원인을 분석하는 데 유용합니다.
Traffic Animation 기능은 서비스 간의 트래픽 흐름을 동적으로 시각화하여 실시간으로 트래픽의 변화를 관찰할 수 있게 해줍니다. 이 기능은 다음과 같은 장점을 제공합니다:
- 실시간 모니터링: 애니메이션으로 트래픽 흐름을 시각적으로 보여줌으로써, 서비스 간의 요청과 응답이 어떻게 이루어지고 있는지를 쉽게 확인할 수 있습니다.
- 패턴 인식: 트래픽 흐름의 패턴을 관찰하여 비정상적인 동작을 조기에 감지할 수 있습니다. 예를 들어, 갑작스러운 트래픽 증가나 감소를 쉽게 인지할 수 있습니다.
- 상호작용: 사용자가 특정 서비스나 경로를 선택하면 해당 서비스에 대한 트래픽 흐름이 강조되어 표시되어, 더 깊이 있는 분석이 가능해집니다.
'쿠버네티스 네트워크 스터디 3기' 카테고리의 다른 글
| [7주차] Service Mesh : Traffic Management : Fault Injection (0) | 2024.10.15 |
|---|---|
| [7주차] Service Mesh : Traffic Management : Request Routing (0) | 2024.10.15 |
| [7주차] Service Mesh : Istio 통한 외부 노출 (0) | 2024.10.15 |
| [7주차] Service Mesh : Istio 설치 (Sidecar mode) (0) | 2024.10.15 |
| [6주차] Gateway API (0) | 2024.10.08 |
'쿠버네티스 네트워크 스터디 3기' Related Articles
more
Comments