# 增加istio库
helm repo add istio.io https://storage.googleapis.com/istio-release/releases/1.4.2/charts/
helm repo list
# 安装istio-init
kubectl create ns istio-system
helm install istio.io/istio-init --name istio-init --namespace istio-system
# 确认istio-init安装成功,检查3个pod是否完成,检查是不是新建了23个GRD
kubectl get pods -n istio-system
kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l
# 采用default方式安装istio,并查看相关svc和pod,注意type为Nodeport
helm install istio.io/istio --name istio --namespace istio-system --set gateways.istio-ingressgateway.type=NodePort
# 查看部署情况
kubectl get svc -n istio-system
# 遇到pending 警告是:1 Insufficient cpu, 1 node(s) had taints that the pod didn’t tolerate.
# 执行下面命令,使master节点可以参与pod分配
kubectl taint nodes --all node-role.kubernetes.io/master-
# 忽略这个错误,等一会pull image,查看pod是否running
# node/k8s-server untainted
# error: taint "node-role.kubernetes.io/master" not found
# 为default命名空间开启自动注入
kubectl label namespace default istio-injection=enabled
# 通过helm upgrade修改release中的配置
helm upgrade --set gateways.istio-ingressgateway.type=LoadBalance istio istio.io/istio
# istio-citadel 的CrashLoopBackOff Failed to create a self-signed Citadel 原因是证书过期了,参考下面的网址解决
参考网址:https://istio.io/docs/ops/configuration/security/root-transition/
https://yq.aliyun.com/articles/728018?utm_content=g_1000089518
# 删除istio
helm delete --purge istio
helm delete --purge istio-init
#删除release后,并不会删除相关的crds资源,需要单独删除
tar -zxvf .helm/cache/archive/istio-init-1.2.2.tgz
kubectl delete -f istio-init/files/
#确认crds清理完成
kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l
扫一扫
1183
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
