引言
Istio作为service mesh控制面的实施标准,先部署起来。然而会有一个坑要注意,否则无法访问到页面。这个坑是个示例的bug,已被人提了issue,我也被坑了一把。
一、准备工作
1.安装Docker
通过命令行或者直接下载,由于网络原因我直接下载安装 ,下载地址:
- https://hub.docker.com/editions/community/docker-ce-desktop-mac
2.驱动安装
- curl -LO https://storage.googleapis.com/minikube/releases/latest/docker-machine-driver-hyperkit
- chmod +x docker-machine-driver-hyperkit
- sudo mv docker-machine-driver-hyperkit /usr/local/bin/
- sudo chown root:wheel /usr/local/bin/docker-machine-driver-hyperkit
- sudo chmod u+s /usr/local/bin/docker-machine-driver-hyperkit
3.安装minikube
- curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/
验证版本
- $ minikube version
- minikube version: v1.22.0
4.启动minikube
- $ minikube start Darwin 10.15.7 上的 minikube v1.22.0 根据现有的配置文件使用 docker 驱动程序 Starting control plane node minikube in cluster minikube Pulling base image ... Updating the running docker "minikube" container ... This container is having trouble accessing https://k8s.gcr.io To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/ 正在 Docker 20.10.7 中准备 Kubernetes v1.21.2… Verifying Kubernetes components... Using image gcr.io/k8s-minikube/storage-provisioner:v5 Enabled addons: storage-provisioner, default-storageclass Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
二、安装与部署
1.下载istio
还是直接下载安装包,当前最新版本为1.11.0
- https://github.com/istio/istio/releases/tag/1.11.0
2.设置环境变量
- vim ~/.bash_profileexport PATH=$PATH:/Users/yongliang/istio/istio-1.11.0/binsource ~/.bash_profile
3.安装istio
- $ istioctl install --set profile=demo -y Istio core installed Istiod installed Egress gateways installed Ingress gateways installed Installation complete
4.创建istio命名空间
- kubectl create namespace istio-system
5.设置自动注入envoy
- $ kubectl label namespace default istio-injection=enablednamespace/default labeled
6.验证istio版本
- $ istioctl versionclient version: 1.11.0control plane version: 1.11.0data plane version: 1.11.0 (8 proxies)
小结:输出可以看出安装的istio客户端版本、控制面板版本和数据面版本。
三、部署示例程序
1.部署示例
示例在安装目录sample目录下
- -rw-r--r--@ 1 yongliang staff 11348 8 13 00:17 LICENSE-rw-r--r--@ 1 yongliang staff 5866 8 13 00:17 README.mddrwxr-x---@ 3 yongliang staff 96 8 13 00:17 bin-rw-r-----@ 1 yongliang staff 854 8 13 00:17 manifest.yamldrwxr-xr-x@ 5 yongliang staff 160 8 13 00:17 manifestsdrwxr-xr-x@ 21 yongliang staff 672 8 13 00:17 samplesdrwxr-xr-x@ 5 yongliang staff 160 8 13 00:17 tools
- $ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yamlservice/details createdserviceaccount/bookinfo-details createddeployment.apps/details-v1 createdservice/ratings createdserviceaccount/bookinfo-ratings createddeployment.apps/ratings-v1 createdservice/reviews createdserviceaccount/bookinfo-reviews createddeployment.apps/reviews-v1 createddeployment.apps/reviews-v2 createddeployment.apps/reviews-v3 createdservice/productpage createdserviceaccount/bookinfo-productpage createddeployment.apps/productpage-v1 created
2.服务启动情况
- $ kubectl get servicesNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdetails ClusterIP 10.100.65.41 <none> 9080/TCP 4d2hkubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4d4hproductpage ClusterIP 10.107.21.144 <none> 9080/TCP 4d2hratings ClusterIP 10.110.139.187 <none> 9080/TCP 4d2hreviews ClusterIP 10.106.238.130 <none> 9080/TCP 4d2h
pods为Running状态
- $ kubectl get podsNAME READY STATUS RESTARTS AGEdetails-v1-79f774bdb9-bkrbp 2/2 Running 4 4d2hproductpage-v1-6b746f74dc-2c55l 2/2 Running 4 4d2hratings-v1-b6994bb9-7nvs2 2/2 Running 4 4d2hreviews-v1-545db77b95-mffvg 2/2 Running 4 4d2hreviews-v2-7bf8c9648f-pmqw8 2/2 Running 4 4d2hreviews-v3-84779c7bbc-sztp8 2/2 Running 4 4d2h
3.把应用关联到istio网关
- $ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yamlgateway.networking.istio.io/bookinfo-gateway createdvirtualservice.networking.istio.io/bookinfo created
4.分析istio配置信息
- $ istioctl analyze? No validation issues found when analyzing namespace: default.
5.设置入站IP和端口
端口设置
- $ export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')$ export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
打印出来看看
- $ echo "$INGRESS_PORT"31688$ echo "$SECURE_INGRESS_PORT"31908
设置入站IP
在官方提供的命令中是下面一段:
- $ export INGRESS_HOST=$(minikube ip)
- $ minikube ip192.168.49.2
注意:照着执行后发现最后无法访问,下面有修正。
启动minikube隧道
- $ minikube tunnel The service istio-ingressgateway requires privileged ports to be exposed: [80 443] sudo permission will be asked for it. Starting tunnel for service istio-ingressgateway.
修正网关地址
官方为命令:
- $ export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
需要修正为:
- $ export GATEWAY_URL=127.0.0.1
- $ echo "$GATEWAY_URL"127.0.0.1
备注:修正原因参见issue地址 https://github.com/istio/istio.io/issues/9340
6.浏览器访问页面
7.安装Kiali仪表盘
- $ kubectl apply -f samples/addons$ kubectl rollout status deployment/kiali -n istio-systemdeployment "kiali" successfully rolled out
启动仪表盘
- $ istioctl dashboard kialihttp://localhost:20001/kiali
备注:当访问http://127.0.0.1/productpage时可以在仪表盘中观察到流量的流向和服务之间的关系。
【编辑推荐】https://mp.weixin.qq.com/s/rOWx_W2fzCvIDvN1u_7jLA