版权声明:本文为博主原创文章,未经博主允许不得转载。博客地址:http://blog.csdn.net/huqigang,内容如有错误,欢迎留言指出,谢谢! https://cloud.tencent.com/developer/article/1436579
测试环境安装Istio进行学习,参考文档连接https://istio.io/zh/docs/setup/kubernetes/
测试环境:Openshift3.11+Centos7.5+Istio1.0.5
Istio 会被安装到自己的 istio-system 命名空间,并且能够对所有其他命名空间的服务进行管理。
# curl -L https://git.io/getLatestIstio | sh -
[root@master istio-1.0.5]# pwd
/root/istio/istio-1.0.5
[root@master istio-1.0.5]# ls
bin install istio.VERSION LICENSE README.md samples tools
安装目录中包含:
在/etc/profile最后追加:
export PATH=/root/istio/istio-1.0.5/bin:$PATH
[root@master istio-1.0.5]# . /etc/profile
[root@master istio-1.0.5]# istioctl version
Version: 1.0.5
GitRevision: c1707e45e71c75d74bf3a5dec8c7086f32f32fad
User: root@6f6ea1061f2b
Hub: docker.io/istio
GolangVersion: go1.10.4
BuildStatus: Clean
最低版本:3.9.0
oc 配置为可以访问集群
用户已登录到集群
用户在 OpenShift 上具有 cluster-admin 角色
$ oc adm policy add-scc-to-user anyuid -z istio-ingress-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid -z default -n istio-system
$ oc adm policy add-scc-to-user anyuid -z prometheus -n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-egressgateway-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-citadel-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-ingressgateway-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-cleanup-old-ca-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-mixer-post-install-account -n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-mixer-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-pilot-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-sidecar-injector-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-galley-service-account -n istio-system
此 playbook 将在您的机器上下载并本地安装 Istio。
自定义安装可参考 https://istio.io/zh/docs/setup/kubernetes/ansible-install/
目前公开的选项有:
在 OpenShift 上部署默认配置的 Istio:
# ansible-playbook main.yml
确保所有相应的pod都已被部署且所有的容器都已启动并正在运行: