外包精通--手撸Istio(Istio安装部署)笔记

2023-07-31 19:31:16 浏览数 (1)

Istio

该笔记仅在测试环境测试过,并未上生产环境。

官网地址,开源软件尽量参考官方英文文档学习

个人笔记网站http://docs.27ops.com

代码语言:txt复制
https://istio.io/
https://istio.io/latest/docs/
https://istio.io/latest/docs/setup/getting-started/

下载Istio

代码语言:txt复制
curl -L https://istio.io/downloadIstio | sh -

安装Istio

代码语言:txt复制
[root@master networking]# istioctl manifest apply --set profile=demo
Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for details.
✔ Istio core installed                                                                                                                                                                       
✔ Istiod installed                                                                                                                                                                         
✔ Egress gateways installed                                                                                                                                                                  
✔ Ingress gateways installed                                                                                                                                                                 
✔ Addons installed                                                                                                                                                                           
✔ Installation complete                                                                                     
[root@master networking]#

修改SVC

如若没有loadBalancer,需要修改type: NodePort,ke svc -n istio-system istio-ingressgateway

代码语言:txt复制
[root@master01 istio-1.11.0]# kg svc -n istio-system
NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                      AGE
istio-egressgateway    ClusterIP   10.105.169.247   <none>        80/TCP,443/TCP                                                               34h
istio-ingressgateway   NodePort    10.102.14.140    <none>        15021:31314/TCP,80:31412/TCP,443:30223/TCP,31400:32207/TCP,15443:32536/TCP   34h
istiod                 ClusterIP   10.109.106.1     <none>        15010/TCP,15012/TCP,443/TCP,15014/TCP                                        34h
[root@master01 istio-1.11.0]#
代码语言:txt复制
[root@master istio-1.6.0]# kubectl get svc -n istio-system
NAME                        TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                      AGE
grafana                     ClusterIP      10.107.44.89     <none>        3000/TCP                                                                     60s
istio-egressgateway         ClusterIP      10.111.137.156   <none>        80/TCP,443/TCP,15443/TCP                                                     62s
istio-ingressgateway        LoadBalancer   10.100.30.115    <pending>     15020:31609/TCP,80:32674/TCP,443:31377/TCP,31400:31140/TCP,15443:31390/TCP   61s
istiod                      ClusterIP      10.100.128.118   <none>        15010/TCP,15012/TCP,443/TCP,15014/TCP,53/UDP,853/TCP                         66s
jaeger-agent                ClusterIP      None             <none>        5775/UDP,6831/UDP,6832/UDP                                                   60s
jaeger-collector            ClusterIP      10.99.241.112    <none>        14267/TCP,14268/TCP,14250/TCP                                                60s
jaeger-collector-headless   ClusterIP      None             <none>        14250/TCP                                                                    60s
jaeger-query                ClusterIP      10.104.200.147   <none>        16686/TCP                                                                    60s
kiali                       ClusterIP      10.96.60.232     <none>        20001/TCP                                                                    60s
prometheus                  ClusterIP      10.109.97.157    <none>        9090/TCP                                                                     60s
tracing                     ClusterIP      10.96.128.251    <none>        80/TCP                                                                       60s
zipkin                      ClusterIP      10.111.234.91    <none>        9411/TCP                                                                     60s
[root@master istio-1.6.0]#
代码语言:txt复制
[root@master istio-1.6.0]# kubectl get pods -n istio-system
NAME                                   READY   STATUS    RESTARTS   AGE
grafana-64986f9974-xcpxb               1/1     Running   0          85s
istio-egressgateway-569b95c7b5-frdzw   1/1     Running   0          86s
istio-ingressgateway-5ddd4876c-r6n4v   1/1     Running   0          86s
istio-tracing-7cf5f46848-xpxmq         1/1     Running   0          85s
istiod-7d6f99d44f-tn9xf                1/1     Running   0          91s
kiali-7fcc47db9f-jc75h                 1/1     Running   0          84s
prometheus-57b7b99577-9r4rj            2/2     Running   0          84s
[root@master istio-1.6.0]#

bookinfo

代码语言:txt复制
[root@master networking]# kubectl apply -f destination-rule-all.yaml
destinationrule.networking.istio.io/productpage created
destinationrule.networking.istio.io/reviews created
destinationrule.networking.istio.io/ratings created
destinationrule.networking.istio.io/details created
[root@master networking]#
代码语言:txt复制
[root@master networking]# kubectl apply -f bookinfo-gateway.yaml 
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
[root@master networking]#
代码语言:txt复制
[root@master istio-1.6.0]# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
[root@master istio-1.6.0]#

没有loadBalancer,执行Set the ingress ports:

代码语言:txt复制
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
代码语言:txt复制
[root@master01 istio-1.11.0]# export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
e=="https")].nodePort}')[root@master01 istio-1.11.0]# export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.sps")].nodePort}')e=="https
[root@master01 istio-1.11.0]# 
[root@master01 istio-1.11.0]# 
[root@master01 istio-1.11.0]# 
[root@master01 istio-1.11.0]# 
[root@master01 istio-1.11.0]# export INGRESS_HOST=127.0.0.1
[root@master01 istio-1.11.0]# export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')
[root@master01 istio-1.11.0]# export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
[root@master01 istio-1.11.0]# echo "$GATEWAY_URL"
10.0.8.10:31412
[root@master01 istio-1.11.0]# echo "http://$GATEWAY_URL/productpage"
http://10.0.8.10:31412/productpage
[root@master01 istio-1.11.0]#
代码语言:txt复制
[root@master01 istio-1.11.0]# curl -I -k http://10.0.8.10:31412/productpage
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 4183
server: istio-envoy
date: Tue, 17 Aug 2021 14:59:11 GMT
x-envoy-upstream-service-time: 23

[root@master01 istio-1.11.0]#

浏览器访问

View the dashboard

Install Kiali and the other addons and wait for them to be deployed.

代码语言:txt复制
kubectl apply -f samples/addons
kubectl rollout status deployment/kiali -n istio-system
代码语言:txt复制
[root@master01 istio-1.11.0]# kubectl apply -f samples/addons
serviceaccount/grafana created
configmap/grafana created
service/grafana created
deployment.apps/grafana created
configmap/istio-grafana-dashboards created
configmap/istio-services-grafana-dashboards created
deployment.apps/jaeger created
service/tracing created
service/zipkin created
service/jaeger-collector created
serviceaccount/kiali created
configmap/kiali created
clusterrole.rbac.authorization.k8s.io/kiali-viewer created
clusterrole.rbac.authorization.k8s.io/kiali created
clusterrolebinding.rbac.authorization.k8s.io/kiali created
role.rbac.authorization.k8s.io/kiali-controlplane created
rolebinding.rbac.authorization.k8s.io/kiali-controlplane created
service/kiali created
deployment.apps/kiali created
serviceaccount/prometheus created
configmap/prometheus created
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created
service/prometheus created
deployment.apps/prometheus created
[root@master01 istio-1.11.0]#

Access the Kiali dashboard.

代码语言:txt复制
istioctl dashboard kiali

官方文档默认使用:istioctl dashboard kiali,在浏览器中打不开,经过排查端口是通的,kiali打不开。需要看一下istioctl帮助

代码语言:txt复制
istioctl dashboard --address 0.0.0.0 -p 20001 kiali
kiali概览kiali概览
GraphGraph
istio-systemGraphistio-systemGraph
多Namespace绘图多Namespace绘图
ApplicationsApplications
linux kubernetes Mesh微服务平台 containers istio

0 人点赞