外包精通--手撸Istio(Istio安装部署)笔记
原创
Istio
该笔记仅在测试环境测试过,并未上生产环境。
官网地址,开源软件尽量参考官方英文文档学习
个人笔记网站http://docs.27ops.com
https://istio.io/
https://istio.io/latest/docs/
https://istio.io/latest/docs/setup/getting-started/下载Istio
curl -L https://istio.io/downloadIstio | sh -安装Istio
[root@master networking]# istioctl manifest apply --set profile=demo
Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for details.
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Addons installed
✔ Installation complete
[root@master networking]# 修改SVC
如若没有loadBalancer,需要修改type: NodePort,ke svc -n istio-system istio-ingressgateway
[root@master01 istio-1.11.0]# kg svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-egressgateway ClusterIP 10.105.169.247 <none> 80/TCP,443/TCP 34h
istio-ingressgateway NodePort 10.102.14.140 <none> 15021:31314/TCP,80:31412/TCP,443:30223/TCP,31400:32207/TCP,15443:32536/TCP 34h
istiod ClusterIP 10.109.106.1 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 34h
[root@master01 istio-1.11.0]# [root@master istio-1.6.0]# kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
grafana ClusterIP 10.107.44.89 <none> 3000/TCP 60s
istio-egressgateway ClusterIP 10.111.137.156 <none> 80/TCP,443/TCP,15443/TCP 62s
istio-ingressgateway LoadBalancer 10.100.30.115 <pending> 15020:31609/TCP,80:32674/TCP,443:31377/TCP,31400:31140/TCP,15443:31390/TCP 61s
istiod ClusterIP 10.100.128.118 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP,53/UDP,853/TCP 66s
jaeger-agent ClusterIP None <none> 5775/UDP,6831/UDP,6832/UDP 60s
jaeger-collector ClusterIP 10.99.241.112 <none> 14267/TCP,14268/TCP,14250/TCP 60s
jaeger-collector-headless ClusterIP None <none> 14250/TCP 60s
jaeger-query ClusterIP 10.104.200.147 <none> 16686/TCP 60s
kiali ClusterIP 10.96.60.232 <none> 20001/TCP 60s
prometheus ClusterIP 10.109.97.157 <none> 9090/TCP 60s
tracing ClusterIP 10.96.128.251 <none> 80/TCP 60s
zipkin ClusterIP 10.111.234.91 <none> 9411/TCP 60s
[root@master istio-1.6.0]#[root@master istio-1.6.0]# kubectl get pods -n istio-system
NAME READY STATUS RESTARTS AGE
grafana-64986f9974-xcpxb 1/1 Running 0 85s
istio-egressgateway-569b95c7b5-frdzw 1/1 Running 0 86s
istio-ingressgateway-5ddd4876c-r6n4v 1/1 Running 0 86s
istio-tracing-7cf5f46848-xpxmq 1/1 Running 0 85s
istiod-7d6f99d44f-tn9xf 1/1 Running 0 91s
kiali-7fcc47db9f-jc75h 1/1 Running 0 84s
prometheus-57b7b99577-9r4rj 2/2 Running 0 84s
[root@master istio-1.6.0]#bookinfo
[root@master networking]# kubectl apply -f destination-rule-all.yaml
destinationrule.networking.istio.io/productpage created
destinationrule.networking.istio.io/reviews created
destinationrule.networking.istio.io/ratings created
destinationrule.networking.istio.io/details created
[root@master networking]# [root@master networking]# kubectl apply -f bookinfo-gateway.yaml
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
[root@master networking]# [root@master istio-1.6.0]# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
[root@master istio-1.6.0]#没有loadBalancer,执行Set the ingress ports:
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')[root@master01 istio-1.11.0]# export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
e=="https")].nodePort}')[root@master01 istio-1.11.0]# export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.sps")].nodePort}')e=="https
[root@master01 istio-1.11.0]#
[root@master01 istio-1.11.0]#
[root@master01 istio-1.11.0]#
[root@master01 istio-1.11.0]#
[root@master01 istio-1.11.0]# export INGRESS_HOST=127.0.0.1
[root@master01 istio-1.11.0]# export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')
[root@master01 istio-1.11.0]# export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
[root@master01 istio-1.11.0]# echo "$GATEWAY_URL"
10.0.8.10:31412
[root@master01 istio-1.11.0]# echo "http://$GATEWAY_URL/productpage"
http://10.0.8.10:31412/productpage
[root@master01 istio-1.11.0]# [root@master01 istio-1.11.0]# curl -I -k http://10.0.8.10:31412/productpage
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 4183
server: istio-envoy
date: Tue, 17 Aug 2021 14:59:11 GMT
x-envoy-upstream-service-time: 23
[root@master01 istio-1.11.0]# 浏览器访问
View the dashboard
Install Kiali and the other addons and wait for them to be deployed.
kubectl apply -f samples/addons
kubectl rollout status deployment/kiali -n istio-system[root@master01 istio-1.11.0]# kubectl apply -f samples/addons
serviceaccount/grafana created
configmap/grafana created
service/grafana created
deployment.apps/grafana created
configmap/istio-grafana-dashboards created
configmap/istio-services-grafana-dashboards created
deployment.apps/jaeger created
service/tracing created
service/zipkin created
service/jaeger-collector created
serviceaccount/kiali created
configmap/kiali created
clusterrole.rbac.authorization.k8s.io/kiali-viewer created
clusterrole.rbac.authorization.k8s.io/kiali created
clusterrolebinding.rbac.authorization.k8s.io/kiali created
role.rbac.authorization.k8s.io/kiali-controlplane created
rolebinding.rbac.authorization.k8s.io/kiali-controlplane created
service/kiali created
deployment.apps/kiali created
serviceaccount/prometheus created
configmap/prometheus created
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created
service/prometheus created
deployment.apps/prometheus created
[root@master01 istio-1.11.0]# Access the Kiali dashboard.
istioctl dashboard kiali官方文档默认使用:istioctl dashboard kiali,在浏览器中打不开,经过排查端口是通的,kiali打不开。需要看一下istioctl帮助
istioctl dashboard --address 0.0.0.0 -p 20001 kiali
kiali概览
Graph
istio-systemGraph
多Namespace绘图
Applications
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读
腾讯云开发者
