准备工作:
1、开始搭建istio之前,保证已经部署好了kubernetes集群环境
2、尽量保证镜像拉取到docker.io下镜像,
3、部署搭建前先大致去了解一下istio,有个初步认知
istio的GitHub项目地址:https://github.com/istio/istio
istio的官方网站地址:https://istio.io/
实践环节应用介绍地址:https://istio.io/docs/examples/bookinfo/
开始搭建istio:
# 下载安装包
[root@master ~]# curl -L https://git.io/getLatestIstio | ISTIO_VERSION=1.3.3 sh -
[root@master ~]#
# 查看是否下载下来
[root@master ~]# ll |grep istio
drwxr-xr-x 6 root root 4096 Nov 5 11:51 istio-1.3.3
[root@master ~]#
# 进入目录浏览一下目录
[root@master ~]# cd istio-1.3.3/
[root@master istio-1.3.3]# ll
total 40
drwxr-xr-x 2 root root 4096 Nov 5 11:51 bin
drwxr-xr-x 6 root root 4096 Nov 5 11:51 install
-rw-r--r-- 1 root root 602 Nov 5 11:51 istio.VERSION
-rw-r--r-- 1 root root 11348 Nov 5 11:51 LICENSE
-rw-r--r-- 1 root root 6115 Nov 5 11:51 README.md
drwxr-xr-x 17 root root 4096 Nov 5 11:51 samples
drwxr-xr-x 10 root root 4096 Nov 5 11:51 tools
[root@master istio-1.3.3]#
[root@master istio-1.3.3]#
下载安装包大致浏览一下目录结构,
bin--------------------目录下为可执行文件
install----------------目录下为部署文件
istio.VERSION-----版本相关信息
samples--------------目录下为运行实例,官方提供的项目实践用于熟悉istio
# 执行文件复制到/usr/local/bin/目录下
[root@master istio-1.3.3]# cp bin/istioctl /usr/local/bin/
[root@master istio-1.3.3]#
[root@master istio-1.3.3]# ll /usr/local/bin/istioctl
-rwxr-xr-x 1 root root 95601713 Nov 5 11:51 /usr/local/bin/istioctl
检查环境
# 检查环境,是否可以部署,看到Install Pre-Check passed!提示即可
[root@master istio-1.3.3]# istioctl verify-install
Checking the cluster to make sure it is ready for Istio installation...
#1. Kubernetes-api
-----------------------
Can initialize the Kubernetes client.
Can query the Kubernetes API Server.
#2. Kubernetes-version
-----------------------
Istio is compatible with Kubernetes: v1.16.2.
#3. Istio-existence
-----------------------
Istio will be installed in the istio-system namespace.
#4. Kubernetes-setup
-----------------------
Can create necessary Kubernetes configurations: Namespace,ClusterRole,ClusterRoleBinding,CustomResourceDefinition,Role,ServiceAccount,Service,Deployments,ConfigMap.
#5. Sidecar-Injector
-----------------------
This Kubernetes cluster supports automatic sidecar injection. To enable automatic sidecar injection see https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#deploying-an-app
-----------------------
Install Pre-Check passed! The cluster is ready for Istio installation.
[root@master ~]#
安装部署Istio CRD
[root@master ~]# ll install/kubernetes/helm/istio-init/
total 20
-rw-r--r-- 1 root root 278 Nov 5 11:51 Chart.yaml
drwxr-xr-x 2 root root 4096 Nov 5 11:51 files
-rw-r--r-- 1 root root 3284 Nov 5 11:51 README.md
drwxr-xr-x 2 root root 4096 Nov 5 11:51 templates
-rw-r--r-- 1 root root 491 Nov 5 11:51 values.yaml
[root@master istio-init]#
# 安装所有Istio CRD
[root@master istio-1.3.3]# helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system
NAME: istio-init
LAST DEPLOYED: Tue Nov 5 12:55:23 2019
NAMESPACE: istio-system
STATUS: DEPLOYED
RESOURCES:
==> v1/ClusterRole
NAME AGE
istio-init-istio-system 1s
==> v1/ClusterRoleBinding
NAME AGE
istio-init-admin-role-binding-istio-system 1s
==> v1/ConfigMap
NAME DATA AGE
istio-crd-10 1 1s
istio-crd-11 1 1s
istio-crd-12 1 1s
==> v1/Job
NAME COMPLETIONS DURATION AGE
istio-init-crd-10-1.3.3 0/1 0s 1s
istio-init-crd-11-1.3.3 0/1 0s 1s
istio-init-crd-12-1.3.3 0/1 0s 1s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
istio-init-crd-10-1.3.3-xt7cx 0/1 ContainerCreating 0 0s
istio-init-crd-11-1.3.3-bwsj5 0/1 ContainerCreating 0 0s
istio-init-crd-12-1.3.3-rzxcg 0/1 ContainerCreating 0 0s
==> v1/ServiceAccount
NAME SECRETS AGE
istio-init-service-account 1 1s
[root@master istio-1.3.3]#
[root@master istio-1.3.3]#
[root@master istio-1.3.3]#
# 查看pod是否直接运行完毕
[root@master istio-1.3.3]# kubectl get pods -n istio-system
NAME READY STATUS RESTARTS AGE
istio-init-crd-10-1.3.3-xt7cx 0/1 Completed 0 85s
istio-init-crd-11-1.3.3-bwsj5 0/1 Completed 0 85s
istio-init-crd-12-1.3.3-rzxcg 0/1 Completed 0 85s
[root@master istio-1.3.3]#
[root@master istio-1.3.3]#
# 查看统计一下创建的crds有没有缺少,正常部署应该是23个
[root@master istio-1.3.3]# kubectl get crds |grep istio
adapters.config.istio.io 2019-11-05T04:56:07Z
attributemanifests.config.istio.io 2019-11-05T04:56:07Z
authorizationpolicies.rbac.istio.io 2019-11-05T04:55:55Z
clusterrbacconfigs.rbac.istio.io 2019-11-05T04:56:07Z
destinationrules.networking.istio.io 2019-11-05T04:56:07Z
envoyfilters.networking.istio.io 2019-11-05T04:56:07Z
gateways.networking.istio.io 2019-11-05T04:56:07Z
handlers.config.istio.io 2019-11-05T04:56:07Z
httpapispecbindings.config.istio.io 2019-11-05T04:56:07Z
httpapispecs.config.istio.io 2019-11-05T04:56:07Z
instances.config.istio.io 2019-11-05T04:56:07Z
meshpolicies.authentication.istio.io 2019-11-05T04:56:07Z
policies.authentication.istio.io 2019-11-05T04:56:07Z
quotaspecbindings.config.istio.io 2019-11-05T04:56:07Z
quotaspecs.config.istio.io 2019-11-05T04:56:07Z
rbacconfigs.rbac.istio.io 2019-11-05T04:56:07Z
rules.config.istio.io 2019-11-05T04:56:07Z
serviceentries.networking.istio.io 2019-11-05T04:56:07Z
servicerolebindings.rbac.istio.io 2019-11-05T04:56:07Z
serviceroles.rbac.istio.io 2019-11-05T04:56:07Z
sidecars.networking.istio.io 2019-11-05T04:56:22Z
templates.config.istio.io 2019-11-05T04:56:07Z
virtualservices.networking.istio.io 2019-11-05T04:56:07Z
[root@master istio-1.3.3]# kubectl get crds |grep istio|wc -l
23
[root@master istio-1.3.3]#
部署核心组件
# 用helm部署istio核心组件,注意前面一次是istio-init部署crds,这次是istio核心组件
[root@master istio-1.3.3]# helm install install/kubernetes/helm/istio --name istio --namespace istio-system
...
...
NOTES:
Thank you for installing Istio.
Your release is named Istio.
To get started running application with Istio, execute the following steps:
1. Label namespace that application object will be deployed to by the following command (take default namespace as an example)
$ kubectl label namespace default istio-injection=enabled
$ kubectl get namespace -L istio-injection
2. Deploy your applications
$ kubectl apply -f .yaml
For more information on running Istio, visit:
https://istio.io/
[root@master istio-1.3.3]#
[root@master istio-1.3.3]#
[root@master istio-1.3.3]#
# 查看一下istio-system命名空间下pod是否都跑起来了
[root@master istio-1.3.3]# kubectl get pods -n istio-system
NAME READY STATUS RESTARTS AGE
istio-citadel-67f6594c46-p8n2z 1/1 Running 0 12m
istio-galley-6c7fcf86d4-4bqzb 1/1 Running 0 12m
istio-ingressgateway-6d68548679-647r5 1/1 Running 0 12m
istio-init-crd-10-1.3.3-xt7cx 0/1 Completed 0 17m
istio-init-crd-11-1.3.3-bwsj5 0/1 Completed 0 17m
istio-init-crd-12-1.3.3-rzxcg 0/1 Completed 0 17m
istio-pilot-789d4748b-bw7h2 2/2 Running 0 12m
istio-policy-59d8f8c9f8-dtmww 2/2 Running 2 12m
istio-sidecar-injector-6d967869b5-bnwnt 1/1 Running 0 12m
istio-telemetry-646f74c6bf-jc6hx 2/2 Running 4 12m
prometheus-6f74d6f76d-cvwtn 1/1 Running 0 12m
[root@master istio-1.3.3]#
[root@master istio-1.3.3]#
[root@master istio-1.3.3]# helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
istio 1 Tue Nov 5 13:00:19 2019 DEPLOYED istio-1.3.3 1.3.3 istio-system
istio-init 1 Tue Nov 5 12:55:23 2019 DEPLOYED istio-init-1.3.3 1.3.3 istio-system
[root@master istio-1.3.3]#
[root@master istio-1.3.3]#
截止到这istio算是部署完毕了;
istio简单的使用介绍:
官网- 通过Bookinfo应用实践一步步介绍,这是一个实践项目
地址: https://istio.io/docs/examples/bookinfo/
# 给default命名空间打一个label
[root@master istio-1.3.3]# kubectl label namespace default istio-injection=enabled
namespace/default labeled
[root@master istio-1.3.3]# kubectl get ns --show-labels
NAME STATUS AGE LABELS
default Active 8d istio-injection=enabled
efk Active 4d21h
istio-system Active 32m name=istio-system
kube-node-lease Active 8d
kube-public Active 8d
kube-system Active 8d
kubernetes-dashboard Active 7d20h
wangting Active 7d2h
[root@master istio-1.3.3]#
[root@master istio-1.3.3]# ll samples/bookinfo/platform/kube/
total 72
-rw-r--r-- 1 root root 914 Nov 5 11:51 bookinfo-certificate.yaml
-rw-r--r-- 1 root root 1227 Nov 5 11:51 bookinfo-db.yaml
-rw-r--r-- 1 root root 1363 Nov 5 11:51 bookinfo-details-v2.yaml
-rw-r--r-- 1 root root 1452 Nov 5 11:51 bookinfo-details.yaml
-rw-r--r-- 1 root root 1368 Nov 5 11:51 bookinfo-ingress.yaml
-rw-r--r-- 1 root root 1841 Nov 5 11:51 bookinfo-mysql.yaml
-rw-r--r-- 1 root root 972 Nov 5 11:51 bookinfo-ratings-discovery.yaml
-rw-r--r-- 1 root root 1550 Nov 5 11:51 bookinfo-ratings-v2-mysql-vm.yaml
-rw-r--r-- 1 root root 1779 Nov 5 11:51 bookinfo-ratings-v2-mysql.yaml
-rw-r--r-- 1 root root 1881 Nov 5 11:51 bookinfo-ratings-v2.yaml
-rw-r--r-- 1 root root 1452 Nov 5 11:51 bookinfo-ratings.yaml
-rw-r--r-- 1 root root 1295 Nov 5 11:51 bookinfo-reviews-v2.yaml
-rw-r--r-- 1 root root 5675 Nov 5 11:51 bookinfo.yaml
-rwxr-xr-x 1 root root 1569 Nov 5 11:51 cleanup.sh
-rw-r--r-- 1 root root 1031 Nov 5 11:51 productpage-nodeport.yaml
drwxr-xr-x 2 root root 4096 Nov 5 11:51 rbac
-rw-r--r-- 1 root root 137 Nov 5 11:51 README.md
[root@master istio-1.3.3]#
[root@master istio-1.3.3]# cd samples/bookinfo/platform/kube/
# 查看yaml中的镜像能否正常的拉取到,一般docker.io的镜像都没问题
[root@master kube]# cat bookinfo.yaml |grep image
image: docker.io/istio/examples-bookinfo-details-v1:1.15.0
imagePullPolicy: IfNotPresent
image: docker.io/istio/examples-bookinfo-ratings-v1:1.15.0
imagePullPolicy: IfNotPresent
image: docker.io/istio/examples-bookinfo-reviews-v1:1.15.0
imagePullPolicy: IfNotPresent
image: docker.io/istio/examples-bookinfo-reviews-v2:1.15.0
imagePullPolicy: IfNotPresent
image: docker.io/istio/examples-bookinfo-reviews-v3:1.15.0
imagePullPolicy: IfNotPresent
image: docker.io/istio/examples-bookinfo-productpage-v1:1.15.0
imagePullPolicy: IfNotPresent
[root@master kube]# docker pull docker.io/istio/examples-bookinfo-details-v1:1.15.0
1.15.0: Pulling from istio/examples-bookinfo-details-v1
fc7181108d40: Pull complete
fb832b8d529e: Pull complete
...
# 能拉到镜像,那就可以愉快的直接apply目录下的yaml文件了
[root@master kube]#
[root@master kube]# kubectl apply -f bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
[root@master kube]#
[root@master kube]#
[root@master kube]# kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 10.100.45.255 9080/TCP 3s
kubernetes ClusterIP 10.96.0.1 443/TCP 8d
productpage ClusterIP 10.108.111.177 9080/TCP 2s
ratings ClusterIP 10.103.231.43 9080/TCP 3s
reviews ClusterIP 10.97.199.83 9080/TCP 2s
[root@master kube]#
[root@master kube]#
# 耐心等待下载镜像一个个pod跑起来,因为拉取的镜像比较多,这一步相对较慢,等几分钟
[root@master kube]# kubectl get pods -w
NAME READY STATUS RESTARTS AGE
details-v1-78d78fbddf-85rpz 0/2 PodInitializing 0 78s
productpage-v1-596598f447-q7ml4 0/2 PodInitializing 0 77s
ratings-v1-6c9dbf6b45-h8zng 0/2 PodInitializing 0 77s
reviews-v1-7bb8ffd9b6-ns4r6 0/2 PodInitializing 0 76s
reviews-v2-d7d75fff8-8gnwk 2/2 Running 0 77s
reviews-v3-68964bc4c8-kv8zt 0/2 PodInitializing 0 77s
reviews-v1-7bb8ffd9b6-ns4r6 1/2 Running 0 76s
reviews-v1-7bb8ffd9b6-ns4r6 2/2 Running 0 78s
[root@master kube]#
# pod已经都跑起来了
[root@master kube]# kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-78d78fbddf-85rpz 2/2 Running 0 2m24s
productpage-v1-596598f447-q7ml4 2/2 Running 0 2m23s
ratings-v1-6c9dbf6b45-h8zng 2/2 Running 0 2m23s
reviews-v1-7bb8ffd9b6-ns4r6 2/2 Running 0 2m22s
reviews-v2-d7d75fff8-8gnwk 2/2 Running 0 2m23s
reviews-v3-68964bc4c8-kv8zt 2/2 Running 0 2m23s
[root@master kube]#
验证一下,是否能打出标题Simple Bookstore App
[root@master kube]# kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o ".* "
Simple Bookstore App
[root@master kube]#
[root@master kube]#
# 部署gateway
[root@master istio-1.3.3]# cd ~/istio-1.3.3/
[root@master istio-1.3.3]# ll samples/bookinfo/networking/bookinfo-gateway.yaml
-rw-r--r-- 1 root root 708 Nov 5 11:51 samples/bookinfo/networking/bookinfo-gateway.yaml
[root@master istio-1.3.3]#
[root@master istio-1.3.3]# kubectl get gateway
NAME AGE
bookinfo-gateway 12s
[root@master istio-1.3.3]#
# nodeport访问需要export下面2个命令
[root@master istio-1.3.3]# export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
[root@master istio-1.3.3]#
[root@master istio-1.3.3]#
[root@master istio-1.3.3]# export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
[root@master istio-1.3.3]#
查看一下端口,看一下nodeport访问的端口
[root@master istio-1.3.3]# env |grep INGRESS
INGRESS_PORT=31380
SECURE_INGRESS_PORT=31390
[root@master istio-1.3.3]#
看一下gateway部署yaml中有哪些访问路径
[root@master istio-1.3.3]#
[root@master istio-1.3.3]# tail -15 samples/bookinfo/networking/bookinfo-gateway.yaml
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
尝试用nodeIP+INGRESS_PORT+/productpage 访问试验一下(绿色部份换成自己的地址及端口即可)
http://47.103.XXX.XX:31380/productpage
反复刷新地址 An extremely entertaining play by Shakespeare. The slapstick humour is refreshing! 位置的状态是和官方说的一样,有v1,v2,v3 三种状态;分享完毕
更多的使用方法和进一步熟悉了解,可以去网上查阅资料及官方文档。