1、ingress-nginx网关创建各服务备用ingress入口,测试备用各服务网关的正确性。
cd /root/k8s-diiing/nginx-ingress-gateway/
2、备份正式在运行的istio服务的helm values,以便升级失败使用helm安装1.4.6版本,或者使用阿里云控制台安装istio。
cd /root/istio-system-bakcup
3、测试删除istio服务后,各服务 istio 注入插件的稳定性。(测试后,部分服务会因为istio各组件缺失导致istio-proxy无限重启,服务无法正常工作,升级前所有相关命名空间需要关闭istio-injection,并重启相应的注入插件的服务)
kubectl label namespace bike-monitor istio-injection-
kubectl label namespace changshan istio-injection-
kubectl label namespace chuzhou istio-injection-
kubectl label namespace deqing istio-injection-
kubectl label namespace diiing istio-injection-
kubectl label namespace jinjingzhen istio-injection-
kubectl label namespace linyi istio-injection-
kubectl label namespace tianjin istio-injection-
kubectl label namespace xbb istio-injection-
升级完成后开启自动注入并重启相关服务:
kubectl label namespace bike-monitor istio-injection=enabled
kubectl label namespace changshan istio-injection=enabled
kubectl label namespace chuzhou istio-injection=enabled
kubectl label namespace deqing istio-injection=enabled
kubectl label namespace diiing istio-injection=enabled
kubectl label namespace jinjingzhen istio-injection=enabled
kubectl label namespace linyi istio-injection=enabled
kubectl label namespace tianjin istio-injection=enabled
kubectl label namespace xbb istio-injection=enabled
4、根据正式运行环境准备部署文件。
cd /home/wuyutang/istio-1.7.0/bin
5、istio 公网负载均衡正式网关 80 443 7080 监听转发至ingress-nginx负载均衡的 80 443 7080 监听对应的后端节点端口。并观察服务运行状态一段时间。没问题进行下一步。有问题立马改回原后端。
6、卸载istio
helm delete istio-init
helm delete istio-ingressgateway
helm delete istio
7、安装 istio
cd /home/wuyutang/istio-1.7.0/bin
./istioctl manifest generate -f ../default.yaml –set addonComponents.grafana.enabled=true –set addonComponents.prometheus.enabled=true –set addonComponents.kiali.enabled=true –set values.kiali.createDemoSecret=true –set values.gateways.istio-egressgateway.enabled=false –set values.global.jwtPolicy=first-party-jwt –set values.gateways.istio-ingressgateway.sds.enabled=true –set meshConfig.accessLogFile=”/dev/stdout” >generated-manifest-prometheus-grafana-kiali.yaml
kubectl apply -f generated-manifest-prometheus-grafana-kiali.yaml
8、统计使用了 192.168.2.165 负载均衡网关的配置位置,istio升级后vpc网关会变更需要及时更改。
# hlwbluet /etc/nginx/nginx.conf /usr/nestfile/config/server.properties /data/gateway/webapi-gateway-0.0.1-SNAPSHOT/run.sh restart
# hlwmt06-36 /etc/hosts—/etc/nginx/nginx.conf /usr/nestfile/config/server.properties /home/webservice/bike-web-web-0.0.1-SNAPSHOT/run.sh restart
# hlwmt05-xbb-bus /etc/nginx/my-config/api-gateway.conf
# hlwmt04-调度3.0 /etc/nginx/nginx.conf /etc/nginx/conf.d/management.conf
# hlwbus /home/dd/nestfile/config/server.properties su – dd /home/dd/msc-web-0.0.1-SNAPSHOT/run.sh restart
9、相关网关与虚拟服务需要重新应用部署。
===============================================================================================================
# kubectl get gateways.networking.istio.io –all-namespaces
NAMESPACE NAME AGE
bike-monitor bike-monitor-gateway 482d
diiing diiing-gateway 521d
diiing diiing-h5-gateway 500d 弃用
istio-system diiing-cn 381d
istio-system dingdatech-com 417d
istio-system xiangbababus-com 426d
offical offical-gateway 76d
应用相关网关:
kubectl apply -f istio-ingress/diiing-cn-gateway.yaml -n istio-system
kubectl apply -f istio-ingress/xiangbababus-gateway.yaml -n istio-system
kubectl apply -f istio-ingress/dingdatech-gateway.yaml -n istio-system
kubectl apply -f bike-monitor/gateway/bike-monitor-gateway.yaml -n bike-monitor
kubectl apply -f istio-ingress/diiing-gateway.yaml -n diiing
kubectl apply -f istio-ingress/h5-gateway.yaml -n diiing
kubectl apply -f offical/gateway.yaml -n offical
===============================================================================================================
# kubectl get virtualservices.networking.istio.io –all-namespaces
NAMESPACE NAME GATEWAYS HOSTS
bike-monitor bike-monitor-gateway [bike-monitor-gateway] [bike-monitor.diiing.cn]
changshan bikecc [diiing-cn.istio-system] [changshan.diiing.cn]
chuzhou bikecc [diiing-cn.istio-system] [chuzhou.diiing.cn]
deqing bikecc [diiing-cn.istio-system] [deqing.diiing.cn]
diiing bike-ca [bike-ca]
diiing bikeswipe [bikeswipe]
diiing device [device]
diiing diiing-gateway [diiing-gateway dingdatech-com.istio-system] [*]
diiing diiing-h5-gateway [xiangbababus-com.istio-system] [wxdiiing.xiangbababus.com]
jinjingzhen bikecc [diiing-cn.istio-system] [jinjing.diiing.cn]
linyi bikecc [diiing-cn.istio-system] [linyi.diiing.cn]
luxi bikecc [diiing-cn.istio-system] [luxi.diiing.cn] 关闭
offical offical-gateway [offical-gateway] [www.jtkjbike.com www.jtkjgroup.com]
pinghu bikecc [diiing-cn.istio-system] [pinghu.diiing.cn] 关闭
tianjin bikecc [diiing-cn.istio-system] [tianjin.diiing.cn]
xbb xbb-gateway [xiangbababus-com.istio-system] [www.xiangbababus.com]
应用相关virtualservices:
kubectl apply -f bike-monitor/gateway/bike-monitor-gateway.yaml -n bike-monitor
kubectl apply -f city/virtual-service/changshan-bikecc.yaml -n changshan
kubectl apply -f city/virtual-service/chuzhou-bikecc.yaml -n chuzhou
kubectl apply -f city/virtual-service/deqing-bikecc.yaml -n deqing
kubectl apply -f bike-ca/destination-rule.yaml -n diiing
kubectl apply -f bike-ca/virtual-service.yaml -n diiing
kubectl apply -f bikeswipe/destination-rule.yaml -n diiing
kubectl apply -f bikeswipe/virtual-service.yaml -n diiing
kubectl apply -f device/destination-rule.yaml -n diiing
kubectl apply -f device/virtual-service.yaml -n diiing
kubectl apply -f istio-ingress/diiing-gateway.yaml -n diiing
kubectl apply -f istio-ingress/h5-gateway.yaml -n diiing
kubectl apply -f city/virtual-service/jinjing-bikecc.yaml -n jinjingzhen
kubectl apply -f city/virtual-service/linyi-bikecc.yaml -n linyi
kubectl apply -f offical/gateway.yaml -n offical
kubectl apply -f city/virtual-service/tianjin-bikecc.yaml -n tianjin
kubectl apply -f xbb/gateway/xbb-gateway.yaml -n xbb
===============================================================================================================
# kubectl get serviceentries.networking.istio.io –all-namespaces
NAMESPACE NAME HOSTS
diiing dingda-cdn01.oss-cn-hangzhou-internal.aliyuncs.com [dingda-cdn01.oss-cn-hangzhou-internal.aliyuncs.com]
diiing gateway.hzsggzxc.com [gateway.hzsggzxc.com]
diiing gatewaytest.sharegreen.com [gatewaytest.sharegreen.com]
offical jt-offical.oss-cn-hangzhou-internal.aliyuncs.com [jt-offical.oss-cn-hangzhou-internal.aliyuncs.com]
应用serviceentries:
kubectl apply -f istio-ingress/oss-dingda-cdn01-ServiceEntry.yaml -n diiing
kubectl apply -f istio-ingress/hzsggzxc-ServiceEntry.yaml -n diiing
kubectl apply -f istio-ingress/hz-outimpl-ServiceEntry.yaml -n diiing
kubectl apply -f istio-ingress/oss-jt-offical-ServiceEntry.yaml -n offical
===============================================================================================================
# kubectl get envoyfilters.networking.istio.io –all-namespaces
NAMESPACE NAME AGE
diiing vault-grpc-web-filter 17d
istio-system gateway-gzip 482d
应用envoyfilters:
kubectl apply -f vault/grpc-web-envoyfilter.yaml -n diiing
kubectl apply -f istio-ingress/gzip_filter.yaml -n istio-system