istio部署
【摘要】 中文官网 https://istio.io/latest/zh/docs/setup/getting-started/准备文件,具体可以到docker hub上下载,部署过程见下,大同小异[root@k8s-master ~]# lsistio-1.13.2-linux-amd64.tar.gz istio_1_13_2.tar[root@k8s-ndoe1 ~]# lsbookinfo....
中文官网 https://istio.io/latest/zh/docs/setup/getting-started/
准备文件,具体可以到docker hub上下载,部署过程见下,大同小异
[root@k8s-master ~]# ls
istio-1.13.2-linux-amd64.tar.gz istio_1_13_2.tar
[root@k8s-ndoe1 ~]# ls
bookinfo.tar
[root@k8s-ndoe2 ~]# ls
bookinfo.tar
升级内核
以匹配kubernetes的ipvs模块
略
安装istio -master
1.推送istio所需镜像到harbor仓库
docker load -i istio_1_13_2.tar
docker images
docker login 192.168.200.80 -uadmin -pHarbor12345
docker tag istio/proxyv2:1.13.2 192.168.200.80/library/istio/proxyv2:1.13.2
docker push 192.168.200.80/library/istio/proxyv2:1.13.2
docker tag istio/pilot:1.13.2 192.168.200.80/library/istio/pilot:1.13.2
docker push 192.168.200.80/library/istio/pilot:1.13.2
# node1节点 解压金丝雀的那个
tar -xf Canary_v1.0.tar.gz
docker load -i images/canary.tar
# node2
[root@k8s-master ~]# kubectl taint node k8s-ndoe2 node-role.kubernetes.io/master:NoSchedule
node/k8s-ndoe2 tainted
2.解压使用istio
tar -xf istio-1.13.2-linux-amd64.tar.gz
cp -rvf /root/istio-1.13.2/bin/istioctl /usr/local/bin/
# 验证
[root@k8s-master istio-1.13.2]# istioctl version
no running Istio pods in "istio-system"
1.13.2
3.安装istio
# 检测是否符合安装条件
[root@k8s-master ~]# istioctl x precheck
✔ No issues found when checking the cluster. Istio is safe to install or upgrade!
To get started, check out https://istio.io/latest/docs/setup/getting-started/
# 指定安装方式和安装仓库
[root@k8s-master ~]# istioctl install -y --set profile=demo --set hub=192.168.200.80/library/istio
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete Making this installation the default for injection and validation.
Thank you for installing Istio 1.13. Please take a few minutes to tell us about your install/upgrade experience! https://forms.gle/pzWZpAvMVBecaQ9h9
# 查看资源
[root@k8s-master ~]# kubectl -n istio-system get pods
NAME READY STATUS RESTARTS AGE
istio-egressgateway-7855c5cfd7-9rfxm 1/1 Running 0 59s
istio-ingressgateway-d7bddd57c-4dn7p 1/1 Running 0 59s
istiod-79589cf4d5-n7zhg 1/1 Running 0 65s
# 给命名空间添加标签,指示 Istio 在部署应用的时候,自动注入 Envoy 边车代理
[root@k8s-master ~]# kubectl label namespace default istio-injection=enabled
namespace/default labeled
# 查看
[root@k8s-master ~]# kubectl get ns --show-labels=true
NAME STATUS AGE LABELS
default Active 29h istio-injection=enabled,kubernetes.io/metadata.name=default
istio-system Active 4m55s kubernetes.io/metadata.name=istio-system
kube-node-lease Active 29h kubernetes.io/metadata.name=kube-node-lease
kube-public Active 29h kubernetes.io/metadata.name=kube-public
kube-system Active 29h kubernetes.io/metadata.name=kube-system
kubernetes-dashboard Active 28h kubernetes.io/metadata.name=kubernetes-dashboard
部署bookinfo
1.node节点有bookinfo镜像(此时master节点有污点)
# node1节点
解压金丝雀的那个
# node2
[root@k8s-master ~]# kubectl taint node k8s-ndoe2 node-role.kubernetes.io/master:NoSchedule
node/k8s-ndoe2 tainted
2.部署bookinfo
# master 部署bookinfo
kubectl apply -f <(istioctl kube-inject -f /root/istio-1.13.2/samples/bookinfo/platform/kube/bookinfo.yaml)
# 验证
[root@k8s-master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
details-v1-5c5bbbdd6f-4hrxr 2/2 Running 0 4m49s 10.244.1.7 k8s-ndoe1 <none> <none>
productpage-v1-9f6c895c4-dvwnw 2/2 Running 0 4m49s 10.244.1.10 k8s-ndoe1 <none> <none>
ratings-v1-57f4696485-t9945 2/2 Running 0 4m49s 10.244.1.9 k8s-ndoe1 <none> <none>
reviews-v1-7dcf9c5d74-kkhv4 2/2 Running 0 4m49s 10.244.2.6 k8s-ndoe2 <none> <none>
reviews-v2-6457c574b5-9mr7s 2/2 Running 0 4m49s 10.244.1.8 k8s-ndoe1 <none> <none>
reviews-v3-6958dcfc44-lgr92 2/2 Running 0 4m49s 10.244.2.7 k8s-ndoe2 <none> <none>
[root@k8s-master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 10.96.13.213 <none> 9080/TCP 4m55s
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29h
productpage ClusterIP 10.96.252.144 <none> 9080/TCP 4m55s
ratings ClusterIP 10.96.11.248 <none> 9080/TCP 4m55s
reviews ClusterIP 10.96.223.224 <none> 9080/TCP 4m55s
[root@k8s-master ~]# curl $(kubectl get svc | grep productpage | awk '{print $3}'):9080/productpage| grep -o "<title>.*</title>"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5179 100 5179 0 0 7826 0 --:--:-- --:--:-- --:--:-- 7823
<title>Simple Bookstore App</title>
3.把应用关联到 Istio 网关:
[root@k8s-master ~]# kubectl apply -f /root/istio-1.13.2/samples/bookinfo/networking/bookinfo-gateway.yaml
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
## 确保配置文件没有问题:
[root@k8s-master ~]# istioctl analyze
✔ No validation issues found when analyzing namespace: default.
[root@k8s-master ~]# kubectl get svc -n istio-system | grep pending
istio-ingressgateway LoadBalancer 10.96.197.109 <pending> 15021:30253/TCP,80:30940/TCP,443:30466/TCP,31400:31719/TCP,15443:32176/TCP 14m
### bookinfo-gateway.yaml
[root@k8s-master bookinfo]# cat bookinfo-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- "*"
port:
name: http
number: 80
protocol: HTTP
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- "*"
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
浏览器访问(上面80映射的端口)
192.168.200.80:30940/productpage
部署istio仪表板
[root@k8s-master ~]# cd istio-1.13.2/
[root@k8s-master istio-1.13.2]# kubectl apply -f samples/addons
[root@k8s-master istio-1.13.2]# kubectl rollout status deployment/kiali -n istio-system
Waiting for deployment "kiali" rollout to finish: 0 of 1 updated replicas are available...
deployment "kiali" successfully rolled out
# 访问仪表盘
istioctl dashboard kiali
# 正确转发开启:
kubectl edit svc kiali -n istio-system
spec:
#......
externalIPs:
- 192.168.200.80
#......
type: LoadBalancer
### 临时转发,要保持会话窗口不变,少用
[root@k8s-master ~]# kubectl get pods -n istio-system | grep kiali-
kiali-699f98c497-nx4ql 1/1 Running 0 2m51s
[root@k8s-master istio-1.13.2]# kubectl port-forward --address=0.0.0.0 kiali-699f98c497-nx4ql 20001 -n istio-system
Forwarding from 0.0.0.0:20001 -> 20001
Handling connection for 20001
Handling connection for 20001
。。。。。。
# 测试流量镜像
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml
[root@k8s-master ~]# cat istio-1.13.2/samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
weight: 50
- destination:
host: reviews
subset: v3
weight: 50
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)