搭建Istio基础环境
程序员文章站
2022-07-02 15:29:20
需求 搭建istio基础环境(基于1.5.1版本) 安装步骤 在安装 Istio 之前,需要一个运行着 Kubernetes 的环境,安装步骤可以参考前面的文章 下载istio,然后解压,然后将 增加到 path 环境变量中 新建 配置文件、按照官方文档操作安装会出现错误,导致不能正常进行sidec ......
需求
搭建istio基础环境(基于1.5.1版本)
安装步骤
在安装 istio 之前,需要一个运行着 kubernetes 的环境,安装步骤可以参考前面的文章
下载istio,然后解压,然后将 istioctl
增加到 path 环境变量中
curl -l https://istio.io/downloadistio | sh - cd istio-1.5.1 export path=$pwd/bin:$path
新建istio-1.5.1.yaml
配置文件、按照官方文档操作安装会出现错误,导致不能正常进行sidecar 自动注入
vim istio-1.5.1.yaml
apiversion: install.istio.io/v1alpha1 kind: istiooperator spec: components: egressgateways: - name: istio-egressgateway enabled: true k8s: resources: requests: cpu: 10m memory: 40mi ingressgateways: - name: istio-ingressgateway enabled: true k8s: resources: requests: cpu: 10m memory: 40mi service: ports: ## you can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. # note that aws elb will by default perform health checks on the first port # on this list. setting this to the health check port will ensure that health # checks always work. https://github.com/istio/istio/issues/12503 - port: 15020 targetport: 15020 name: status-port - port: 80 targetport: 8080 name: http2 - port: 443 targetport: 8443 name: https - port: 31400 targetport: 31400 name: tcp # this is the port where sni routing happens - port: 15443 targetport: 15443 name: tls policy: enabled: false k8s: resources: requests: cpu: 10m memory: 100mi telemetry: k8s: resources: requests: cpu: 50m memory: 100mi pilot: k8s: env: - name: pod_name valuefrom: fieldref: apiversion: v1 fieldpath: metadata.name - name: pod_namespace valuefrom: fieldref: apiversion: v1 fieldpath: metadata.namespace - name: godebug value: gctrace=1 - name: pilot_trace_sampling value: "100" - name: config_namespace value: istio-config resources: requests: cpu: 10m memory: 100mi addoncomponents: kiali: enabled: true grafana: enabled: true tracing: enabled: true prometheus: enabled: true values: global: disablepolicychecks: false proxy: accesslogfile: /dev/stdout includeipranges: 192.168.16.0/20,192.168.32.0/20 autoinject: enabled #配置自动注入 resources: requests: cpu: 10m memory: 40mi sidecarinjectorwebhook: enablenamespacesbydefault: true pilot: autoscaleenabled: false mixer: adapters: useadaptercrds: false kubernetesenv: enabled: true prometheus: enabled: true metricsexpiryduration: 10m stackdriver: enabled: false stdio: enabled: true outputasjson: false policy: autoscaleenabled: false telemetry: autoscaleenabled: false gateways: istio-egressgateway: autoscaleenabled: true istio-ingressgateway: autoscaleenabled: true kiali: createdemosecret: true
安装对应配置
istioctl manifest apply -f istio-1.5.1.yaml
验证是否安装成功
kubectl get svc -n istio-system name type cluster-ip external-ip port(s) age grafana clusterip 10.106.222.1 <none> 3000/tcp 72m istio-egressgateway clusterip 10.105.147.175 <none> 80/tcp,443/tcp,15443/tcp 72m istio-ingressgateway loadbalancer 10.101.90.130 <pending> 15020:31121/tcp,80:31729/tcp,443:31903/tcp,31400:32746/tcp,15443:31084/tcp 72m istio-pilot clusterip 10.101.28.124 <none> 15010/tcp,15011/tcp,15012/tcp,8080/tcp,15014/tcp,443/tcp 80m istiod clusterip 10.99.35.177 <none> 15012/tcp,443/tcp 80m jaeger-agent clusterip none <none> 5775/udp,6831/udp,6832/udp 72m jaeger-collector clusterip 10.109.237.212 <none> 14267/tcp,14268/tcp,14250/tcp 72m jaeger-collector-headless clusterip none <none> 14250/tcp 72m jaeger-query clusterip 10.103.4.63 <none> 16686/tcp 72m kiali clusterip 10.100.49.221 <none> 20001/tcp 72m prometheus clusterip 10.110.124.176 <none> 9090/tcp 72m tracing clusterip 10.106.75.109 <none> 80/tcp 72m zipkin clusterip 10.103.9.94 <none> 9411/tcp
确保关联的 kubernetes pod 已经部署,并且 status
为 running
kubectl get pods -n istio-system name ready status restarts age grafana-5f6f8cbf75-trjl6 1/1 running 0 73m istio-egressgateway-74896c8487-9qnwg 1/1 running 0 73m istio-ingressgateway-56f7dd5d6b-9c22z 1/1 running 0 73m istio-tracing-9dd6c4f7c-qr7vl 1/1 running 0 73m istiod-756bd84654-fqp7b 1/1 running 0 73m istiod-756bd84654-hxpqt 1/1 running 0 73m kiali-869c6894c5-p4h7r 1/1 running 0 73m prometheus-c89875c74-lvq52 2/2 running 0 73m
卸载istio
istioctl manifest generate --set profile=demo | kubectl delete -f -
部署bookinfo
istio 默认自动注入 sidecar. 请为 default
命名空间打上标签 istio-injection=enabled
:
kubectl label namespace default istio-injection=enabled
使用 kubectl
部署应用:
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
在实际部署中,微服务版本的启动过程需要持续一段时间,并不是同时完成的。
确认所有的服务和 pod 都已经正确的定义和启动:
kubectl get services name cluster-ip external-ip port(s) age details 10.0.0.31 <none> 9080/tcp 6m kubernetes 10.0.0.1 <none> 443/tcp 7d productpage 10.0.0.120 <none> 9080/tcp 6m ratings 10.0.0.15 <none> 9080/tcp 6m reviews 10.0.0.170 <none> 9080/tcp 6m
kubectl get pods name ready status restarts age details-v1-1520924117-48z17 2/2 running 0 6m productpage-v1-560495357-jk1lz 2/2 running 0 6m ratings-v1-734492171-rnr5l 2/2 running 0 6m reviews-v1-874083890-f0qf0 2/2 running 0 6m reviews-v2-1343845940-b34q5 2/2 running 0 6m reviews-v3-1813607990-8ch52 2/2 running 0 6m
确认 bookinfo 应用是否正在运行,请在某个 pod 中用 curl
命令对应用发送请求,例如 ratings
:
kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>" <title>simple bookstore app</title>
使用浏览器访问bookinfo放在后面来讲解,因为是使用云环境而非本地,使用gateway/ingress开放外网端口还需要调整一些配置,跟官方文档在本地安装还有些差异。