本文档详细记录了在minikube上部署istio 1.0.4的过程,包括启动minikube、安装istio、部署示例应用、智能路由设置、故障注入和流量转移等。此外,还涵盖了遥测数据收集、日志管理和服务图生成等内容,旨在帮助读者快速理解和体验istio service mesh的功能。
截至目前istio版本已更新到1.0.4,它有非常丰富的文档和中文翻译,这里基于1.0.4的英文版搭配1.0版本的中文文档快速把istio相关部署和示例跑一遍并留下记录和说明。
在minikube上部署
启动minikube
此处已启用了apiserver.admission-control中的MutatingAdmissionWebhook,ValidatingAdmissionWebhook这两个非常重要
minikube start \
--extra-config=controller-manager.cluster-signing-cert-file="/var/lib/localkube/certs/ca.crt" \
--extra-config=controller-manager.cluster-signing-key-file="/var/lib/localkube/certs/ca.key" \
--extra-config=apiserver.admission-control="NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota" \
--kubernetes-version=v1.10.0
由于istio套件需要4G左右内存,先确保启动的虚拟机内存是超过4G的否则会在后续部署中提示资源不足。
安装
创建crd
kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml
安装istio
在新集群使用如下脚本安装istio并启用Sidecar之间的双向TLS认证
$ kubectl apply -f install/kubernetes/istio-demo-auth.yaml
在已有集群可使用如下方式安装(与其他方式互斥,本例中使用):
$ kubectl apply -f install/kubernetes/istio-demo.yaml
服务检查
确保如下service都已被创建,
必选:istio-pilot, istio-ingressgateway, istio-policy, istio-telemetry, prometheus, istio-galley
可选:istio-sidecar-injector
同时如果集群不支持外部LB,那么istio-ingress和istio-ingressgateway的EXTERNAL-IP的状态会显示"pending",随后你可以通过Nodeport的方式替代访问。
➜ istio-1.0.4 kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
grafana ClusterIP 10.110.143.147 <none> 3000/TCP 15h
istio-citadel ClusterIP 10.111.151.255 <none> 8060/TCP,9093/TCP 15h
istio-egressgateway ClusterIP 10.96.48.231 <none> 80/TCP,443/TCP 15h
istio-galley ClusterIP 10.103.89.68 <none> 443/TCP,9093/TCP 15h
istio-ingressgateway LoadBalancer 10.109.43.167 <pending> 80:31380/TCP,443:31390/TCP,31400:31400/TCP,15011:30101/TCP,8060:30265/TCP,853:30858/TCP,15030:30789/TCP,15031:31420/TCP 15h
istio-pilot ClusterIP 10.106.104.93 <none> 15010/TCP,15011/TCP,8080/TCP,9093/TCP 15h
istio-policy ClusterIP 10.96.98.170 <none> 9091/TCP,15004/TCP,9093/TCP 15h
istio-sidecar-injector ClusterIP 10.98.91.84 <none> 443/TCP 15h
istio-telemetry ClusterIP 10.99.100.31 <none> 9091/TCP,15004/TCP,9093/TCP,42422/TCP 15h
jaeger-agent ClusterIP None <none> 5775/UDP,6831/UDP,6832/UDP 15h
jaeger-collector ClusterIP 10.109.10.64 <none> 14267/TCP,14268/TCP 15h
jaeger-query ClusterIP 10.106.59.243 <none> 16686/TCP 15h
prometheus ClusterIP 10.103.242.95 <none> 9090/TCP 15h
servicegraph ClusterIP 10.105.99.201 <none> 8088/TCP 15h
tracing ClusterIP 10.101.82.172 <none> 80/TCP 15h
zipkin ClusterIP 10.108.39.236 <none> 9411/TCP
pod检查
确保如下pod状态都是running:
必选:istio-pilot-, istio-ingressgateway-, istio-egressgateway-, istio-policy-, istio-telemetry-, istio-citadel-, prometheus-, istio-galley-
可选: istio-sidecar-injector-*.
➜ istio-1.0.4 kubectl get pod -n istio-system
NAME READY STATUS RESTARTS AGE
grafana-9cfc9d4c9-sv6dc 1/1 Running 1 15h
istio-citadel-74df865579-5sfwb 1/1 Running 1 15h
istio-egressgateway-58df7c4d8-bgmxj 1/1 Running 1 15h
istio-galley-8487989b9b-vl8tf 1/1 Running 1 15h
istio-ingressgateway-6fc88db97f-fctf9 1/1 Running 1 15h
istio-pilot-74bb7dcdd-dj79t 2/2 Running 0 14h
istio-policy-58878f57fb-gxstx 2/2 Running 2 15h
istio-sidecar-injector-5cfcf6dd86-x5kmn 1/1 Running 1 15h
istio-telemetry-bf5558589-m5k9z 2/2 Running 3 15h
istio-tracing-ff94688bb-zsd9p 1/1 Running 2 15h
prometheus-f556886b8-wh5hd 1/1 Running 1 15h
servicegraph-55d57f69f5-lmnfw 1/1 Running 3 15h
部署demo应用
检查istio-injection状态
➜ istio-1.0.4 kubectl get ns -L istio-injection
NAME STATUS AGE ISTIO-INJECTION
default Active 38d
demo-webshell Active 37d
istio-system Active 15h disabled
kong Active 37d
kube-public Active 38d
kube-system Active 38d
上述说明所有ns都尚未启用,要么启用要么用istioctl进行设置
启用istio-injection
➜ istio-1.0.4 kub
最低0.47元/天 解锁文章
扫一扫
620
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
