istio 安装遇到的问题

istio 安装遇到的问题

问题描述

使用helm安装的istio-1.4.0(beta5)，重新安装的时候使用helm install install/kubernetes/helm/istio --name istio --namespace istio-system,，会出现如下错误：

Error: release istio failed: Internal error occurred: failed calling webhook "pilot.validation.istio.io": Post https://istio-galley.istio-system.svc:443/admitpilot?timeout=30s: no endpoints available for service "istio-galley"

查看istio状态正常，启动自动注入kubectl label namespace default istio-injection=enabled，创建pod的时候发现没有生效

查找问题

首先怀疑是istio-sidecar-injector组件出了问题，查看event事件没有发现异常，查询日志

kubectl logs -f -n istio-system istio-sidecar-injector-68fbf6459f-9rpd9

2019-11-14T07:52:11.734158Z	error	Patch webhook failed: mutatingwebhookconfigurations.admissionregistration.k8s.io "istio-sidecar-injector" not found
2019-11-14T07:52:12.742080Z	error	Patch webhook failed: mutatingwebhookconfigurations.admissionregistration.k8s.io "istio-sidecar-injector" not found
2019-11-14T07:52:13.755680Z	error	Patch webhook failed: mutatingwebhookconfigurations.admissionregistration.k8s.io "istio-sidecar-injector" not found
……

然后根据提示查询kubectl get mutatingwebhookconfigurations，也没有发现什么问题

解决办法

通过查询issues17162，发现关键信息，然后执行删除ValidatingWebhookConfiguration操作

kubectl delete ValidatingWebhookConfiguration istio-galley

然后使用helm删除istio，重新安装之后打印如下信息：

==> v1beta1/PodDisruptionBudget
NAME                    MIN AVAILABLE  MAX UNAVAILABLE  ALLOWED DISRUPTIONS  AGE
istio-citadel           1              N/A              0                    11s
istio-galley            1              N/A              0                    11s
istio-ingressgateway    1              N/A              0                    11s
istio-pilot             1              N/A              0                    11s
istio-policy            1              N/A              0                    11s
istio-sidecar-injector  1              N/A              0                    11s
istio-telemetry         1              N/A              0                    11s

==> v2beta1/HorizontalPodAutoscaler
NAME                  REFERENCE                        TARGETS        MINPODS  MAXPODS  REPLICAS  AGE
istio-ingressgateway  Deployment/istio-ingressgateway  <unknown>/80%  1        5        0         10s
istio-pilot           Deployment/istio-pilot           <unknown>/80%  1        5        0         10s
istio-policy          Deployment/istio-policy          <unknown>/80%  1        5        0         10s
istio-telemetry       Deployment/istio-telemetry       <unknown>/80%  1        5        0         10s


NOTES:
Thank you for installing Istio.

Your release is named Istio.

To get started running application with Istio, execute the following steps:
1. Label namespace that application object will be deployed to by the following command (take default namespace as an example)

$ kubectl label namespace default istio-injection=enabled
$ kubectl get namespace -L istio-injection

2. Deploy your applications

$ kubectl apply -f <your-application>.yaml

For more information on running Istio, visit:
https://istio.io/

然后开启自动注入，创建pod发现创建成功，问题解决！