Istio 部署 【三】
版本说明: https://istio.io/latest/docs/releases/supported-releases/#support-status-of-istio-releases
本实验为 K8S:1.26 | Istio:1.17.1
其他实验为 K8S:1.20 | Istio:1.13.0
下载地址:https://github.com/istio/istio/releases?page=7
https://github.com/istio/istio/releases/download/1.13.0/istio-1.13.0-linux-amd64.tar.gz[root@xksmaster1 local]# vim /etc/resolv.conf
#如果报错 解析不了访问地址查询 IP 配置在/etc/hosts中
#https://www.ipaddress.com/site/raw.githubusercontent.com
[root@xksmaster1 local]# curl -L https://istio.io/downloadIstio | sh -
或者
[root@xksmaster1 local]# curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.17.1 TARGET_ARCH=x86_64 sh -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 102 100 102 0 0 15 0 0:00:06 0:00:06 --:--:-- 24
100 4856 100 4856 0 0 385 0 0:00:12 0:00:12 --:--:-- 1431
Downloading istio-1.17.1 from https://github.com/istio/istio/releases/download/1.17.1/istio-1.17.1-linux-amd64.tar.gz ...
Istio 1.17.1 Download Complete!
Istio has been successfully downloaded into the istio-1.17.1 folder on your system.
Next Steps:
See https://istio.io/latest/docs/setup/install/ to add Istio to your Kubernetes cluster.
To configure the istioctl client tool for your workstation,
add the /usr/local/istio-1.17.1/bin directory to your environment path variable with:
export PATH="$PATH:/usr/local/istio-1.17.1/bin"
Begin the Istio pre-installation check by running:
istioctl x precheck
Need more information? Visit https://istio.io/latest/docs/setup/install/
You have new mail in /var/spool/mail/root[root@xksmaster1 local]# ln -sv istio-1.17.1 istio
‘istio’ -> ‘istio-1.17.1’
[root@xksmaster1 local]# ll
total 0
drwxr-xr-x. 2 root root 72 Mar 7 14:34 bin
drwxr-xr-x. 2 root root 6 Apr 11 2018 etc
drwxr-xr-x. 2 root root 6 Apr 11 2018 games
drwxr-xr-x. 2 root root 6 Apr 11 2018 include
lrwxrwxrwx 1 root root 12 Mar 21 10:06 istio -> istio-1.17.1
drwxr-x--- 6 root root 115 Feb 22 17:57 istio-1.17.1
drwxr-xr-x. 2 root root 6 Apr 11 2018 lib
drwxr-xr-x. 2 root root 6 Apr 11 2018 lib64
drwxr-xr-x. 2 root root 6 Apr 11 2018 libexec
drwxr-xr-x. 2 root root 6 Apr 11 2018 sbin
drwxr-xr-x. 5 root root 49 Feb 28 12:40 share
drwxr-xr-x. 2 root root 6 Apr 11 2018 src
[root@xksmaster1 local]# ln -sv /usr/local/istio/bin/istioctl /usr/local/bin/
‘/usr/local/bin/istioctl’ -> ‘/usr/local/istio/bin/istioctl’
You have new mail in /var/spool/mail/root
[root@xksmaster1 local]# istioctl version
no running Istio pods in "istio-system"
1.17.1
[root@xksmaster1 local]# istioctl profile list
Istio configuration profiles:
ambient
default
demo
empty
external
minimal
openshift
preview
remote
#提前pull 镜像否则下载不下来 docker.io/istio/proxyv2:1.17.1 docker.io/istio/pilot:1.17.1
[root@xksnode1 basic]# docker pull docker.io/istio/pilot:1.17.1 或者 ctr images pull docker.io/istio/pilot:1.17.1
docker pull docker.io/istio/pilot:1.17.11.17.1: Pulling from istio/pilot
cd2dd85d9fe3: Pull complete
f5cc8452ea58: Pull complete
ce135d1b1aa5: Pull complete
ea38cc39ffb7: Pull complete
753cd998611f: Pull complete
69b62d9454ad: Pull complete
Digest: sha256:ce9d876067018d5217836ffd28e5767e64937c573f5ac7d421be860857d0b266
Status: Downloaded newer image for istio/pilot:1.17.1
docker.io/istio/pilot:1.17.1
[root@xksnode1 ~]# docker pull docker.io/istio/proxyv2:1.17.1 或者 ctr images pull docker.io/istio/proxyv2:1.17.1
1.17.1: Pulling from istio/proxyv2
cd2dd85d9fe3: Already exists
f5cc8452ea58: Already exists
ce135d1b1aa5: Already exists
753cd998611f: Pull complete
d4b0e8dc1d9e: Pull complete
7c183aa3002b: Pull complete
72b269275514: Pull complete
5d6c730612ba: Pull complete
b60b05313c93: Pull complete
cb463abc1957: Pull complete
c288da3872f4: Pull complete
Digest: sha256:2152aea5fbe2de20f08f3e0412ad7a4cd54a492240ff40974261ee4bdb43871d
Status: Downloaded newer image for istio/proxyv2:1.17.1
docker.io/istio/proxyv2:1.17.1
[root@xksnode2 basic]# docker pull docker.io/istio/pilot:1.17.1 或者 ctr images pull docker.io/istio/pilot:1.17.1
1.17.1: Pulling from istio/pilot
cd2dd85d9fe3: Pull complete
f5cc8452ea58: Pull complete
ce135d1b1aa5: Pull complete
ea38cc39ffb7: Pull complete
753cd998611f: Pull complete
69b62d9454ad: Pull complete
Digest: sha256:ce9d876067018d5217836ffd28e5767e64937c573f5ac7d421be860857d0b266
Status: Downloaded newer image for istio/pilot:1.17.1
docker.io/istio/pilot:1.17.1
[root@xksnode2 ~]# docker pull docker.io/istio/proxyv2:1.17.1 或者 ctr images pull docker.io/istio/proxyv2:1.17.1
1.17.1: Pulling from istio/proxyv2
cd2dd85d9fe3: Already exists
f5cc8452ea58: Already exists
ce135d1b1aa5: Already exists
753cd998611f: Pull complete
d4b0e8dc1d9e: Pull complete
7c183aa3002b: Pull complete
72b269275514: Pull complete
5d6c730612ba: Pull complete
b60b05313c93: Pull complete
cb463abc1957: Pull complete
c288da3872f4: Pull complete
Digest: sha256:2152aea5fbe2de20f08f3e0412ad7a4cd54a492240ff40974261ee4bdb43871d
Status: Downloaded newer image for istio/proxyv2:1.17.1
docker.io/istio/proxyv2:1.17.1
#打标签 说明default空间的所有pod 启动多加一个istiopod注入
[root@xksmaster1 local]# kubectl label namespace default istio-injection=enabled
[root@xksmaster1 local]# kubectl get ns --show-labels
NAME STATUS AGE LABELS
default Active 19d istio-injection=enabled,kubernetes.io/metadata.name=default
istio-system Active 27m kubernetes.io/metadata.name=istio-system
kube-node-lease Active 19d kubernetes.io/metadata.name=kube-node-lease
kube-public Active 19d kubernetes.io/metadata.name=kube-public
kube-system Active 19d kubernetes.io/metadata.name=kube-system
kubernetes-dashboard Active 17d kubernetes.io/metadata.name=kubernetes-dashboard
kuboard Active 14d kubernetes.io/metadata.name=kuboard
#$ istioctl uninstall --purge 如果一次安装失败 需要重新卸载 镜像下载好再次安装
[root@xksmaster1 local]# istioctl install --set profile=demo -y
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete Making this installation the default for injection and validation.
Thank you for installing Istio 1.17. Please take a few minutes to tell us about your install/upgrade experience! https://forms.gle/hMHGiwZHPU7UQRWe9
#日志显示
kubectl logs -f istio-ingressgateway-69499dc-vcz7d -n istio-system
2023-03-22T07:20:35.418167Z info ads ADS: new connection for node:istio-ingressgateway-69499dc-vcz7d.istio-system-2
2023-03-22T07:20:35.418234Z info cache returned workload certificate from cache ttl=23h59m52.581769184s
2023-03-22T07:20:35.418373Z info ads SDS: PUSH request for node:istio-ingressgateway-69499dc-vcz7d.istio-system resources:1 size:4.0kB resource:default
2023-03-22T07:20:35.418384Z info ads SDS: PUSH request for node:istio-ingressgateway-69499dc-vcz7d.istio-system resources:1 size:1.1kB resource:ROOTCA
2023-03-22T07:20:35.843107Z info Readiness succeeded in 9.013409214s
2023-03-22T07:20:35.843376Z info Envoy proxy is ready
[root@xksmaster1 local]# istioctl version
client version: 1.17.1
control plane version: 1.17.1
data plane version: 1.17.1 (2 proxies)
[root@xksmaster1 ~]# kubectl get pods -n istio-system
NAME READY STATUS RESTARTS AGE
istio-egressgateway-774d6846df-wgkb9 1/1 Running 0 19m
istio-ingressgateway-69499dc-vcz7d 1/1 Running 0 19m
istiod-65dcb8497-v4g8j 1/1 Running 0 34m
#查看svc ingressgateway是pengding状态 需要进行编辑 另一张网卡 IP
[root@xksmaster1 ~]# kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-egressgateway ClusterIP 10.106.118.36 <none> 80/TCP,443/TCP 24m
istio-ingressgateway LoadBalancer 10.108.113.206 <pending> 15021:31695/TCP,80:31246/TCP,443:30196/TCP,31400:30817/TCP,15443:31775/TCP 24m
istiod ClusterIP 10.110.214.145 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 38m
#虚拟机添加一张网卡 获取到ip 192.168.19.130
#配置
[root@xksmaster1 ~]#kubectl edit svc istio-ingressgateway -n istio-system
externalIPs:
- 192.168.19.130
[root@xksmaster1 network-scripts]# kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-egressgateway ClusterIP 10.106.118.36 <none> 80/TCP,443/TCP 33m
istio-ingressgateway LoadBalancer 10.108.113.206 192.168.19.130 15021:31695/TCP,80:31246/TCP,443:30196/TCP,31400:30817/TCP,15443:31775/TCP 33m
istiod ClusterIP 10.110.214.145 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 47m
#!!!或者 如果事先安装过了 MetalLB的话 自动会从IP池钟分配了地址
[root@k8s-master01 kiali]# kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-egressgateway ClusterIP 10.104.202.63 <none> 80/TCP,443/TCP 2m17s
istio-ingressgateway LoadBalancer 10.106.83.247 192.168.40.54 15021:31375/TCP,80:32288/TCP,443:31157/TCP,31400:30842/TCP,15443:31112/TCP 2m17s
istiod ClusterIP 10.110.33.165 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 2m21s
# 安装kiali
[root@xksmaster1 addons]# pwd
/usr/local/istio/samples/addons
[root@xksmaster1 addons]# ls
extras grafana.yaml jaeger.yaml kiali.yaml prometheus.yaml README.md
kubectl apply -f /usr/local/istio/samples/addons/
#如果镜像下载不行 提前下载
【kiali】 docker pull quay.io/kiali/kiali:v1.63
【prometheus】 docker pull jimmidyson/configmap-reload:v0.5.0
docker pull prom/prometheus:v2.34.0
【jaeger】 docker pull docker.io/jaegertracing/all-in-one:1.35
【grafana】 docker pull grafana/grafana:9.0.1
kubectl get pods -n istio-system
##【k8s:1.28.2 Istio:1.20.2】
grafana.yaml: image: "docker.io/grafana/grafana:9.5.5"
jaeger.yaml: image: "docker.io/jaegertracing/all-in-one:1.46"
kiali.yaml: - image: "quay.io/kiali/kiali:v1.76"
loki.yaml: image: docker.io/grafana/loki:2.7.3
prometheus.yaml: image: "jimmidyson/configmap-reload:v0.8.0"
prometheus.yaml: image: "prom/prometheus:v2.41.0"
ctr image pull docker.io/grafana/grafana:9.5.5
ctr image pull docker.io/jaegertracing/all-in-one:1.46
ctr image pull quay.io/kiali/kiali:v1.76
ctr image pull docker.io/grafana/loki:2.7.3
ctr image pull jimmidyson/configmap-reload:v0.8.0
ctr image pull prom/prometheus:v2.41.0
# 查看接口
# DestinationRule、Gateway、VirtualService 配置通过istiod 接受到转换为 Envoy conf 下发给 以Sidercar形势部署的pods
kubectl get crds
[root@xksmaster1 addons]# kubectl api-resources --api-group=networking.istio.io
NAME SHORTNAMES APIVERSION NAMESPACED KIND
destinationrules dr networking.istio.io/v1beta1 true DestinationRule
envoyfilters networking.istio.io/v1alpha3 true EnvoyFilter
gateways gw networking.istio.io/v1beta1 true Gateway
proxyconfigs networking.istio.io/v1beta1 true ProxyConfig
serviceentries se networking.istio.io/v1beta1 true ServiceEntry
sidecars networking.istio.io/v1beta1 true Sidecar
virtualservices vs networking.istio.io/v1beta1 true VirtualService
workloadentries we networking.istio.io/v1beta1 true WorkloadEntry
workloadgroups wg networking.istio.io/v1beta1 true WorkloadGroup
# 查看当前支持envoy sidecar代理的应用有哪些 下发是否成功。
istioctl proxy-status
istioctl ps
#下载解压 文件 istio-in-practise-main.zip (unzip istio-in-practise-main.zip -d /root/istio-in-practise)
#配置kiali通过isito暴露入口
[root@xksmaster1 kiali-port-80]# pwd
/root/istio-in-practise/istio-in-practise-main/Traffic-Management-Basics/kiali-port-80
[root@xksmaster1 kiali-port-80]# ll
total 12
-rw-r--r-- 1 root root 182 Aug 20 2022 kiali-destinationrule.yaml
-rw-r--r-- 1 root root 282 Aug 20 2022 kiali-gateway.yaml
-rw-r--r-- 1 root root 334 Aug 20 2022 kiali-virtualservice.yaml
\\\
下发只到V1中
kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml
基于用户身份的路由
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
浙公网安备 33010602011771号