欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

搭建Istio基础环境

程序员文章站 2022-07-02 15:29:20
需求 搭建istio基础环境(基于1.5.1版本) 安装步骤 在安装 Istio 之前,需要一个运行着 Kubernetes 的环境,安装步骤可以参考前面的文章 下载istio,然后解压,然后将 增加到 path 环境变量中 新建 配置文件、按照官方文档操作安装会出现错误,导致不能正常进行sidec ......

需求

搭建istio基础环境(基于1.5.1版本)

安装步骤

在安装 istio 之前,需要一个运行着 kubernetes 的环境,安装步骤可以参考前面的文章

下载istio,然后解压,然后将 istioctl 增加到 path 环境变量中

curl -l https://istio.io/downloadistio | sh -
cd istio-1.5.1
export path=$pwd/bin:$path

新建istio-1.5.1.yaml 配置文件、按照官方文档操作安装会出现错误,导致不能正常进行sidecar 自动注入

vim istio-1.5.1.yaml
apiversion: install.istio.io/v1alpha1
kind: istiooperator
spec:
  components:
    egressgateways:
    - name: istio-egressgateway
      enabled: true
      k8s:
        resources:
          requests:
            cpu: 10m
            memory: 40mi

    ingressgateways:
    - name: istio-ingressgateway
      enabled: true
      k8s:
        resources:
          requests:
            cpu: 10m
            memory: 40mi
        service:
          ports:
            ## you can add custom gateway ports in user values overrides, but it must include those ports since helm replaces.
            # note that aws elb will by default perform health checks on the first port
            # on this list. setting this to the health check port will ensure that health
            # checks always work. https://github.com/istio/istio/issues/12503
            - port: 15020
              targetport: 15020
              name: status-port
            - port: 80
              targetport: 8080
              name: http2
            - port: 443
              targetport: 8443
              name: https
            - port: 31400
              targetport: 31400
              name: tcp
              # this is the port where sni routing happens
            - port: 15443
              targetport: 15443
              name: tls

    policy:
      enabled: false
      k8s:
        resources:
          requests:
            cpu: 10m
            memory: 100mi

    telemetry:
      k8s:
        resources:
          requests:
            cpu: 50m
            memory: 100mi

    pilot:
      k8s:
        env:
          - name: pod_name
            valuefrom:
              fieldref:
                apiversion: v1
                fieldpath: metadata.name
          - name: pod_namespace
            valuefrom:
              fieldref:
                apiversion: v1
                fieldpath: metadata.namespace
          - name: godebug
            value: gctrace=1
          - name: pilot_trace_sampling
            value: "100"
          - name: config_namespace
            value: istio-config
        resources:
          requests:
            cpu: 10m
            memory: 100mi

  addoncomponents:
    kiali:
      enabled: true
    grafana:
      enabled: true
    tracing:
      enabled: true
    prometheus:
      enabled: true

  values:
    global:
      disablepolicychecks: false
      proxy:
        accesslogfile: /dev/stdout
        includeipranges: 192.168.16.0/20,192.168.32.0/20
        autoinject: enabled  #配置自动注入
        resources:
          requests:
            cpu: 10m
            memory: 40mi
    sidecarinjectorwebhook:
      enablenamespacesbydefault: true

    pilot:
      autoscaleenabled: false

    mixer:
      adapters:
        useadaptercrds: false
        kubernetesenv:
          enabled: true
        prometheus:
          enabled: true
          metricsexpiryduration: 10m
        stackdriver:
          enabled: false
        stdio:
          enabled: true
          outputasjson: false
      policy:
        autoscaleenabled: false
      telemetry:
        autoscaleenabled: false

    gateways:
      istio-egressgateway:
        autoscaleenabled: true
      istio-ingressgateway:
        autoscaleenabled: true
    kiali:
      createdemosecret: true

安装对应配置

istioctl manifest apply -f istio-1.5.1.yaml

验证是否安装成功

kubectl get svc -n istio-system

name                        type           cluster-ip       external-ip   port(s)                                                                      age
grafana                     clusterip      10.106.222.1     <none>        3000/tcp                                                                     72m
istio-egressgateway         clusterip      10.105.147.175   <none>        80/tcp,443/tcp,15443/tcp                                                     72m
istio-ingressgateway        loadbalancer   10.101.90.130    <pending>     15020:31121/tcp,80:31729/tcp,443:31903/tcp,31400:32746/tcp,15443:31084/tcp   72m
istio-pilot                 clusterip      10.101.28.124    <none>        15010/tcp,15011/tcp,15012/tcp,8080/tcp,15014/tcp,443/tcp                     80m
istiod                      clusterip      10.99.35.177     <none>        15012/tcp,443/tcp                                                            80m
jaeger-agent                clusterip      none             <none>        5775/udp,6831/udp,6832/udp                                                   72m
jaeger-collector            clusterip      10.109.237.212   <none>        14267/tcp,14268/tcp,14250/tcp                                                72m
jaeger-collector-headless   clusterip      none             <none>        14250/tcp                                                                    72m
jaeger-query                clusterip      10.103.4.63      <none>        16686/tcp                                                                    72m
kiali                       clusterip      10.100.49.221    <none>        20001/tcp                                                                    72m
prometheus                  clusterip      10.110.124.176   <none>        9090/tcp                                                                     72m
tracing                     clusterip      10.106.75.109    <none>        80/tcp                                                                       72m
zipkin                      clusterip      10.103.9.94      <none>        9411/tcp 

确保关联的 kubernetes pod 已经部署,并且 statusrunning

kubectl get pods -n istio-system

name                                    ready   status    restarts   age
grafana-5f6f8cbf75-trjl6                1/1     running   0          73m
istio-egressgateway-74896c8487-9qnwg    1/1     running   0          73m
istio-ingressgateway-56f7dd5d6b-9c22z   1/1     running   0          73m
istio-tracing-9dd6c4f7c-qr7vl           1/1     running   0          73m
istiod-756bd84654-fqp7b                 1/1     running   0          73m
istiod-756bd84654-hxpqt                 1/1     running   0          73m
kiali-869c6894c5-p4h7r                  1/1     running   0          73m
prometheus-c89875c74-lvq52              2/2     running   0          73m

卸载istio

istioctl manifest generate --set profile=demo | kubectl delete -f -

部署bookinfo

istio 默认自动注入 sidecar. 请为 default 命名空间打上标签 istio-injection=enabled

kubectl label namespace default istio-injection=enabled

使用 kubectl 部署应用:

kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml

在实际部署中,微服务版本的启动过程需要持续一段时间,并不是同时完成的。

确认所有的服务和 pod 都已经正确的定义和启动:

kubectl get services
name                       cluster-ip   external-ip   port(s)              age
details                    10.0.0.31    <none>        9080/tcp             6m
kubernetes                 10.0.0.1     <none>        443/tcp              7d
productpage                10.0.0.120   <none>        9080/tcp             6m
ratings                    10.0.0.15    <none>        9080/tcp             6m
reviews                    10.0.0.170   <none>        9080/tcp             6m
kubectl get pods
name                                        ready     status    restarts   age
details-v1-1520924117-48z17                 2/2       running   0          6m
productpage-v1-560495357-jk1lz              2/2       running   0          6m
ratings-v1-734492171-rnr5l                  2/2       running   0          6m
reviews-v1-874083890-f0qf0                  2/2       running   0          6m
reviews-v2-1343845940-b34q5                 2/2       running   0          6m
reviews-v3-1813607990-8ch52                 2/2       running   0          6m

确认 bookinfo 应用是否正在运行,请在某个 pod 中用 curl 命令对应用发送请求,例如 ratings

kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
<title>simple bookstore app</title>

使用浏览器访问bookinfo放在后面来讲解,因为是使用云环境而非本地,使用gateway/ingress开放外网端口还需要调整一些配置,跟官方文档在本地安装还有些差异。

参考文献