轉(zhuǎn)載請注明出處即可
所使用的環(huán)境為macos
零、安裝前準備
一兄猩、下載istio
https://github.com/istio/istio/releases
istio下載
下載解壓后, 設(shè)置path,以下path需要換為istio的解壓后的路徑
ISTIO_PATH=/istio/istio-1.5.2
export PATH=$ISTIO_PATH/bin:$PATH
建議設(shè)置別名
alias ic=istioctl
二、開始部署isito
查看profiles list
$ ic profile list
Istio configuration profiles:
empty
minimal
remote
separate
default
demo
在 cd ${ISTIO_PATH}/install/kubernetes/operator/profiles 目錄下可以看到profiles的具體配置, 打開demo.yaml
demo.yaml
因為是demo部署码泛,所以將大部分組件全部部署了,并增加了cpu和memory的限制
在這里跑個題, 在生產(chǎn)環(huán)境部署幾乎不會完全使用官方的配置澄耍,雖然default是官方推薦的生產(chǎn)環(huán)境的基本配置弟晚。以下是使用自己的配置文件進行部署,不用profile
ic manifest apply -f default.yaml --set values.global.jwtPolicy=first-party-jwt
使用profile=demo進行部署
ic manifest apply --set profile=demo
等待部署結(jié)束即可, 會下載相關(guān)的docker image
部署istio
部署完成
部署完成
如果要刪除istio的部署
istioctl manifest generate --set profile=demo | kubectl delete -f -
查看k8s的namespace, 發(fā)現(xiàn)新增一個istio-system
$ k get namespaces
NAME STATUS AGE
default Active 6h2m
docker Active 6h1m
istio-system Active 3m27s
kube-node-lease Active 6h2m
kube-public Active 6h2m
kube-system Active 6h2m
查看pods, 可以發(fā)現(xiàn)主要的pod已經(jīng)運行成功逾苫,其他的pod等待一會下載完docker image即可卿城。
$ k -n istio-system get po
NAME READY STATUS RESTARTS AGE
grafana-5cc7f86765-d655t 0/1 ContainerCreating 0 2m2s
istio-egressgateway-598d7ffc49-w585j 1/1 Running 0 2m4s
istio-ingressgateway-7bd5586b79-qlptv 1/1 Running 0 2m4s
istio-tracing-8584b4d7f9-226v8 0/1 Running 0 2m2s
istiod-646b6fcc6-rkdkf 1/1 Running 0 4m
kiali-696bb665-tsfsv 0/1 ContainerCreating 0 2m2s
prometheus-6c88c4cb8-kjx2j 0/2 ContainerCreating 0 2m2s
如果出現(xiàn)了status為ImagePullBackOff,這個沒有關(guān)系铅搓,k8s還會再次去pull image瑟押。
當然也可以手動pull image。比如以下pod部署失敗
kiali-696bb665-tsfsv 0/1 ImagePullBackOff 0 10m
查看pod的詳情
k -n istio-system describe po kiali-696bb665-tsfsv
pod詳情
找到下面圖中的image手動pull星掰,或者找到國內(nèi)的mirror pull多望,在tag成quay.io的。
在等待過程中氢烘,我們可以檢查下istio的部署情況
$ ic analyze
Warn [IST0102] (Namespace default) The namespace is not enabled for Istio injection. Run 'kubectl label namespace default istio-injection=enabled' to enable it, or 'kubectl label namespace default istio-injection=disabled' to explicitly mark it as not needing injection
Error: Analyzers found issues when analyzing namespace: default.
See https://istio.io/docs/reference/config/analysis for more information about causes and resolutions.
可以看到如果要在某個k8s的namespace中默認在部署pod時怀偷,部署istio的數(shù)據(jù)平面,需要給對應的namespace增加istio-injection=enabled的label播玖。
創(chuàng)建一個新的namespace
k create namespace ic-test
并增加istio注入的label
kubectl label namespace ic-test istio-injection=enabled
三椎工、部署3個demo服務
部署的是https://github.com/cloudnativebooks/cloud-native-istio
下在weather-v1.yaml,但版本有些老了蜀踏,api不太一樣维蒙。
將以下內(nèi)容保存在demo.yaml中
apiVersion: v1
kind: Service
metadata:
name: frontend
labels:
app: frontend
service: frontend
spec:
ports:
- port: 3000
name: http
selector:
app: frontend
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend-v1
labels:
app: frontend
version: v1
spec:
selector:
matchLabels:
app: frontend
version: v1
replicas: 1
template:
metadata:
labels:
app: frontend
version: v1
spec:
containers:
- name: frontend
image: istioweather/frontend:v1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
---
apiVersion: v1
kind: Service
metadata:
name: advertisement
labels:
app: advertisement
service: advertisement
spec:
ports:
- port: 3003
name: http
selector:
app: advertisement
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: advertisement-v1
labels:
app: advertisement
version: v1
spec:
selector:
matchLabels:
app: advertisement
version: v1
replicas: 1
template:
metadata:
labels:
app: advertisement
version: v1
spec:
containers:
- name: advertisement
image: istioweather/advertisement:v1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3003
---
apiVersion: v1
kind: Service
metadata:
name: forecast
labels:
app: forecast
service: forecast
spec:
ports:
- port: 3002
name: http
selector:
app: forecast
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: forecast-v1
labels:
app: forecast
version: v1
spec:
selector:
matchLabels:
app: forecast
version: v1
replicas: 1
template:
metadata:
labels:
app: forecast
version: v1
spec:
containers:
- name: forecast
image: istioweather/forecast:v1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3002
---
開始部署
$ k -n ic-test apply -f demo.yaml
service/frontend created
deployment.apps/frontend-v1 created
service/advertisement created
deployment.apps/advertisement-v1 created
service/forecast created
deployment.apps/forecast-v1 created
查看pods,如果部署成功的化果覆,會有以下三個pods颅痊,在Running狀態(tài)
$ k -n ic-test get po
NAME READY STATUS RESTARTS AGE
advertisement-v1-68d74cc5bd-9wsdl 2/2 Running 0 2m22s
forecast-v1-77dcd878bc-ckwr5 2/2 Running 0 2m22s
frontend-v1-75d4648dc6-hplwf 2/2 Running 0 2m22s
部署gateway,將以下內(nèi)容保存到gateway.yaml中
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: weather-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: frontend-dr
namespace: ic-test
spec:
host: frontend
subsets:
- name: v1
labels:
version: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: frontend-route
namespace: ic-test
spec:
hosts:
- "*"
gateways:
- istio-system/weather-gateway
http:
- match:
- port: 80
route:
- destination:
host: frontend
port:
number: 3000
subset: v1
部署gateway, 部署前先檢查80端口是否被占用
$ k apply -f weather-gateway.yaml
gateway.networking.istio.io/weather-gateway created
destinationrule.networking.istio.io/frontend-dr created
virtualservice.networking.istio.io/frontend-route created
瀏覽器中打開 http://localhost/dashboard
部署的服務
四局待、使用kiali等組件
創(chuàng)建kiali-secret.yaml, 添加如下內(nèi)容
apiVersion: v1
kind: Secret
metadata:
name: kiali
namespace: istio-system
labels:
app: kiali
type: Opaque
data:
username: YWRtaW4=
passphrase: YWRtaW4=
創(chuàng)建Secret
k apply -f kiali-secret.yaml
設(shè)置組件的訪問方式, 保存為access.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grafana-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 15031
name: http-grafana
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana-vs
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- grafana-gateway
http:
- match:
- port: 15031
route:
- destination:
host: grafana
port:
number: 3000
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: grafana
namespace: istio-system
spec:
host: grafana
trafficPolicy:
tls:
mode: DISABLE
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kiali-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 15029
name: http-kiali
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: kiali-vs
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- kiali-gateway
http:
- match:
- port: 15029
route:
- destination:
host: kiali
port:
number: 20001
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: kiali
namespace: istio-system
spec:
host: kiali
trafficPolicy:
tls:
mode: DISABLE
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: prometheus-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 15030
name: http-prom
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: prometheus-vs
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- prometheus-gateway
http:
- match:
- port: 15030
route:
- destination:
host: prometheus
port:
number: 9090
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: prometheus
namespace: istio-system
spec:
host: prometheus
trafficPolicy:
tls:
mode: DISABLE
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: tracing-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 15032
name: http-tracing
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tracing-vs
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- tracing-gateway
http:
- match:
- port: 15032
route:
- destination:
host: tracing
port:
number: 80
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: tracing
namespace: istio-system
spec:
host: tracing
trafficPolicy:
tls:
mode: DISABLE
添加Gateway規(guī)則
$ k apply -f access.yaml
gateway.networking.istio.io/grafana-gateway created
virtualservice.networking.istio.io/grafana-vs created
destinationrule.networking.istio.io/grafana created
gateway.networking.istio.io/kiali-gateway created
virtualservice.networking.istio.io/kiali-vs created
destinationrule.networking.istio.io/kiali created
gateway.networking.istio.io/prometheus-gateway created
virtualservice.networking.istio.io/prometheus-vs created
destinationrule.networking.istio.io/prometheus created
gateway.networking.istio.io/tracing-gateway created
virtualservice.networking.istio.io/tracing-vs created
destinationrule.networking.istio.io/tracing created
訪問kiali
http://localhost:15029/kiali/
前面設(shè)置的secret斑响,用戶名和密碼都是admin
kiali
在Graph中的namespace選擇ic-test,可以看到當前的調(diào)用鏈路
kiali
訪問jaeger ui
http://localhost:15032/jaeger
點擊Find Traces可以看到右側(cè)的調(diào)用鏈路
jaeger ui
訪問Grafana
http://localhost:15031/?orgId=1
Grafana
Grafana istio
istio pilot的監(jiān)控信息
導入1471的dashboard
import
選擇prometheus
查看監(jiān)控
