istio安装及使用示例

 

前言

本文介绍istio的安装及使用

dashboard,grafana,prometheus,kiali,jaeger的配置示例.演示通过istio的ingressgateway统一访问入口

Istio简介

下载istio

https://github.com/istio/istio/releases
wget https://github.com/istio/istio/releases/download/1.2.2/istio-1.2.2-linux.tar.gz
tar xf  istio-1.2.2-linux.tar.gz
cd /root/istio-1.2.2
cp bin/istioctl /usr/local/bin/

  

Chart Details

This chart can install multiple Istio components as subcharts:

ingressgateway
egressgateway
sidecarInjectorWebhook
galley
mixer
pilot
security(citadel)
grafana
prometheus
tracing(jaeger)
kiali
To enable or disable each component, change the corresponding enabled flag.

  

 

Istio安装

使用helm部署istio服务

安装包内的 Helm 目录中包含了 Istio 的 Chart,官方提供了两种方法:

  • 用 Helm 生成 istio.yaml,然后自行安装。
  • 用 Tiller 直接安装

这里采用第一种方法,通过helm template生成模板文件安装

注意:最新版本有2部分配置分开的,和之前版本有区别,所有要分别生成配置文件
生成Istio的CRDs
helm template --name istio-init --namespace istio-system ./install/kubernetes/istio-init > istio-init-1.2.2.yaml
生成istio配置文件
helm template --name istio --namespace istio-system ./install/kubernetes/helm/istio > istio-1.2.2.yaml

以上使用默认配置,有些组件默认是不开启的

vim install/kubernetes/helm/istio/values.yaml

可以手动修改配置文件 修改helm chart默认参数,在生成模板

也可以在命令行添加 --set key=value 覆盖默认值

查看默认参数配置:https://istio.io/docs/reference/config/installation-options/#kiali-options

如下:在命令行直接覆盖默认值: 

helm template install/kubernetes/helm/istio --name istio --namespace istio-system --set sidecarInjectorWebhook.enabled=true --set ingress.service.type=NodePort --set gateways.istio-ingressgateway.type=NodePort --set gateways.istio-egressgateway.type=NodePort --set tracing.enabled=true --set servicegraph.enabled=true --set prometheus.enabled=true --set tracing.jaeger.enabled=true --set grafana.enabled=true > istio.yaml

 

[root@k8s-master istio-1.2.2]# kubectl apply -f istio-init-1.2.2.yaml 
configmap/istio-crd-10 created
configmap/istio-crd-11 created
configmap/istio-crd-12 created
serviceaccount/istio-init-service-account created
clusterrole.rbac.authorization.k8s.io/istio-init-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istio-init-admin-role-binding-istio-system unchanged
job.batch/istio-init-crd-10 created
job.batch/istio-init-crd-11 created
job.batch/istio-init-crd-12 created
[root@k8s-master istio-1.2.2]# kubectl apply -f istio-1.2.2.yaml

###
[root@k8s-master istio-1.2.2]# kubectl get pods -n istio-system
NAME                                      READY   STATUS      RESTARTS   AGE
grafana-6575997f54-2lppn                  1/1     Running     0          55m
istio-citadel-894d98c85-644wd             1/1     Running     0          55m
istio-cleanup-secrets-1.2.2-g8568         0/1     Completed   0          55m
istio-galley-5b984f89b-l5prq              1/1     Running     2          55m
istio-grafana-post-install-1.2.2-xcgtb    0/1     Completed   0          55m
istio-ingressgateway-6599d6749-5v9xx      0/1     Running     0          55m
istio-init-crd-10-dfjr2                   0/1     Completed   0          59m
istio-init-crd-11-z28bv                   0/1     Completed   0          59m
istio-init-crd-12-b9hmw                   0/1     Completed   0          59m
istio-pilot-7ccff5dbdc-lhvhm              0/2     Pending     0          55m
istio-policy-77bbfdbd6-rfgsz              2/2     Running     8          55m
istio-security-post-install-1.2.2-tlv6m   0/1     Completed   0          55m
istio-sidecar-injector-7b98dd6bcc-kn7z9   1/1     Running     0          55m
istio-telemetry-7f8d5c5b74-glft4          2/2     Running     8          55m
istio-tracing-555cf644d-g7hsn             1/1     Running     0          55m
kiali-6cd6f9dfb5-trzqx                    1/1     Running     0          55m
prometheus-7d7b9f7844-m7ffd               1/1     Running     0          55m
[root@k8s-master istio-1.2.2]# 
#使用下面命令验证是否有23个istio crds
[root@k8s-master istio-1.2.2]# kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l
23
[root@k8s-master istio-1.2.2]#

  

 

Istio使用

gateway和virtualserive配置

[root@k8s-master ~]# cat gateway-istio.yaml 
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gateway-istio
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http-istio
      protocol: HTTP
    hosts:
    - "prometheus.test.com"
    - "kiali.test.com"
    - "jaeger.test.com"
    - "dashboard.test.com"
    - "grafana.test.com"

---

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: jaeger
  namespace: istio-system
spec:
  hosts:
  - "jaeger.test.com"
  gateways:
  - gateway-istio
  http:
  - retries:
      attempts: 3
      perTryTimeout: 2s
    route:
    - destination:
        host: tracing
        port:
          number: 80

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: prometheus
  namespace: istio-system
spec:
  hosts:
  - "prometheus.test.com"
  gateways:
  - gateway-istio
  http:
  - retries:
      attempts: 3
      perTryTimeout: 2s
    route:
    - destination:
        host: prometheus
        port:
          number: 9090

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: grafana
  namespace: istio-system
spec:
  hosts:
  - "grafana.test.com"
  gateways:
  - gateway-istio
  http:
  - retries:
      attempts: 3
      perTryTimeout: 2s
    route:
    - destination:
        host: grafana
        port:
          number: 3000

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: kiali
  namespace: istio-system
spec:
  hosts:
  - "kiali.test.com"
  gateways:
  - gateway-istio
  http:
  - retries:
      attempts: 3
      perTryTimeout: 2s
    route:
    - destination:
        host: kiali
        port:
          number: 20001

[root@k8s-master ~]# 

 

使用haproxy代理本机80,443端口到k8s集群istio ingressgateway的31380(http)和31390(https)

haproxy配置请看:https://www.cnblogs.com/xuliang666/p/11136829.html

配置域名如下

(base) xuliang@xuliang-PC:~$ cat /etc/hosts
127.0.0.1	localhost
127.0.1.1   xuliang-PC

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.0.2.51 red.aijiatui.com

192.168.100.29 myapp.test.com
192.168.100.29 prometheus.test.com
192.168.100.29 grafana.test.com
192.168.100.29 kiali.test.com
192.168.100.29 jaeger.test.com
(base) xuliang@xuliang-PC:~$ 

 

dashboard配置

查看dashboard svc

[root@k8s-master ~]# kubectl get svc -n kube-system|grep dashboard
kubernetes-dashboard   ClusterIP   10.106.65.78           9090/TCP                 27d
[root@k8s-master ~]# 

  

 创建gateway和virtualservice

#gateway网关配置:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gateway-dashboard
  namespace: kube-system
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http-dashboard
      protocol: HTTP
    hosts:
    - "dashboard.test.com"


---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: dashboard
  namespace: kube-system
spec:
  hosts:
  - "dashboard.test.com"
  gateways:
  - gateway-dashboard
  http:
  - retries:
      attempts: 3
      perTryTimeout: 2s
    route:
    - destination:
        host: kubernetes-dashboard
        port:
          number: 9090

  

在浏览器中输入dashboard.test.com即可访问

istio安装及使用示例_第1张图片

 

jaeger介绍

官网地址:https://www.jaegertracing.io/

 Jaeger受Dapper和OpenZipkin的启发,是Uber Technologies公开发布的分布式跟踪系统。它用于监视和排除基于微服务的分布式系统,包括:

  • 分布式上下文传播
  • 分布式事务监控
  • 根本原因分析
  • 服务依赖性分析
  • 性能/延迟优化

访问地址如下:

istio安装及使用示例_第2张图片

 

kiali介绍

服务网格可观察性和配置

官网地址:https://www.kiali.io/

通过helm模板安装完,是没有账户密码的

helm template \
--set kiali.enabled=true \
--set "kiali.dashboard.jaegerURL=http://$(kubectl get svc tracing --namespace istio-system -o jsonpath='{.spec.clusterIP}'):80" \
--set "kiali.dashboard.grafanaURL=http://$(kubectl get svc grafana --namespace istio-system -o jsonpath='{.spec.clusterIP}'):3000" \
install/kubernetes/helm/istio \
--name istio --namespace istio-system > istio.yaml

 

[root@k8s-master ~]# echo -n 'admin' | base64
YWRtaW4=
[root@k8s-master ~]# echo -n 'admin' | base64
YWRtaW4=
[root@k8s-master ~]#


[root@k8s-master ~]# cat kiali.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: kiali
  namespace: istio-system
  labels:
    app: kiali
type: Opaque
data:
  username: YWRtaW4K=
  passphrase: YWRtaW4K
[root@k8s-master ~]# 

 或者

USERNAME=$(echo -n 'admin' | base64)
PASSPHRASE=$(echo -n 'admin' | base64)
cat <
apiVersion: v1
kind: Secret
metadata:
  name: kiali
  namespace: $NAMESPACE
  labels:
    app: kiali
type: Opaque
data:
  username: $USERNAME
  passphrase: $PASSPHRASE
EOF

 

 查看或修改kiali的配置文件

[root@k8s-master istio-1.2.2]# kubectl get configmap kiali -n istio-system -o yaml
apiVersion: v1
data:
  config.yaml: |
    istio_namespace: istio-system
    auth:
      strategy: "login"
    server:
      port: 20001
      web_root: /kiali
    external_services:
      tracing:
        url: http://jaeger.test.com/jaeger
      grafana:
        url: http://10.100.148.230:3000
      prometheus:
        url: http://10.109.28.54:9090
kind: ConfigMap
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","data":{"config.yaml":"istio_namespace: istio-system\nauth:\n  strategy: \"login\"\nserver:\n  port: 20001\n  web_root: /kiali\nexternal_services:\n  tracing:\n    url: http://10.100.190.53\n  grafana:\n    url: http://10.100.148.230:3000\n  prometheus:\n    url: http://10.109.28.54:9090\n"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app":"kiali","chart":"kiali","heritage":"Tiller","release":"istio"},"name":"kiali","namespace":"istio-system"}}
  creationTimestamp: "2019-07-12T06:40:16Z"
  labels:
    app: kiali
    chart: kiali
    heritage: Tiller
    release: istio
  name: kiali
  namespace: istio-system
  resourceVersion: "1386411"
  selfLink: /api/v1/namespaces/istio-system/configmaps/kiali
  uid: f2100d5c-05b4-48ca-92c7-73ebea15401e
[root@k8s-master istio-1.2.2]# 

注意:

 external_services:
      tracing:
        url: http://10.100.190.53:80
      grafana:
        url: http://10.100.148.230:3000
      prometheus:
        url: http://10.109.28.54:9090

 这里的三个地址可以写svc ip也可以写成域名

 

账户:admin  密码:admin

istio安装及使用示例_第3张图片

 

istio安装及使用示例_第4张图片

 

istio安装及使用示例_第5张图片

 

 

grafana

 istio安装及使用示例_第6张图片

 

prometheus

istio安装及使用示例_第7张图片

 

转载于:https://www.cnblogs.com/xuliang666/p/11175127.html

你可能感兴趣的:(istio安装及使用示例)