kubernetes平台搭建Istio以及使用介绍

准备工作:

1、开始搭建istio之前,保证已经部署好了kubernetes集群环境

2、尽量保证镜像拉取到docker.io下镜像,

3、部署搭建前先大致去了解一下istio,有个初步认知

istio的GitHub项目地址:https://github.com/istio/istio

istio的官方网站地址:https://istio.io/

实践环节应用介绍地址:https://istio.io/docs/examples/bookinfo/

开始搭建istio:

# 下载安装包
[root@master ~]# curl -L https://git.io/getLatestIstio | ISTIO_VERSION=1.3.3 sh -			
[root@master ~]# 

# 查看是否下载下来
[root@master ~]# ll |grep istio
drwxr-xr-x 6 root root 4096 Nov  5 11:51 istio-1.3.3
[root@master ~]# 

# 进入目录浏览一下目录
[root@master ~]# cd istio-1.3.3/
[root@master istio-1.3.3]# ll
total 40
drwxr-xr-x  2 root root  4096 Nov  5 11:51 bin
drwxr-xr-x  6 root root  4096 Nov  5 11:51 install
-rw-r--r--  1 root root   602 Nov  5 11:51 istio.VERSION
-rw-r--r--  1 root root 11348 Nov  5 11:51 LICENSE
-rw-r--r--  1 root root  6115 Nov  5 11:51 README.md
drwxr-xr-x 17 root root  4096 Nov  5 11:51 samples
drwxr-xr-x 10 root root  4096 Nov  5 11:51 tools
[root@master istio-1.3.3]#
[root@master istio-1.3.3]#

下载安装包大致浏览一下目录结构,

bin--------------------目录下为可执行文件

install----------------目录下为部署文件

istio.VERSION-----版本相关信息

samples--------------目录下为运行实例,官方提供的项目实践用于熟悉istio

# 执行文件复制到/usr/local/bin/目录下
[root@master istio-1.3.3]# cp bin/istioctl /usr/local/bin/
[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# ll /usr/local/bin/istioctl 
-rwxr-xr-x 1 root root 95601713 Nov  5 11:51 /usr/local/bin/istioctl

检查环境

# 检查环境,是否可以部署,看到Install Pre-Check passed!提示即可
[root@master istio-1.3.3]# istioctl verify-install

Checking the cluster to make sure it is ready for Istio installation...

#1. Kubernetes-api
-----------------------
Can initialize the Kubernetes client.
Can query the Kubernetes API Server.

#2. Kubernetes-version
-----------------------
Istio is compatible with Kubernetes: v1.16.2.

#3. Istio-existence
-----------------------
Istio will be installed in the istio-system namespace.

#4. Kubernetes-setup
-----------------------
Can create necessary Kubernetes configurations: Namespace,ClusterRole,ClusterRoleBinding,CustomResourceDefinition,Role,ServiceAccount,Service,Deployments,ConfigMap. 

#5. Sidecar-Injector
-----------------------
This Kubernetes cluster supports automatic sidecar injection. To enable automatic sidecar injection see https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#deploying-an-app

-----------------------
Install Pre-Check passed! The cluster is ready for Istio installation.

[root@master ~]# 

安装部署Istio CRD

[root@master ~]# ll install/kubernetes/helm/istio-init/
total 20
-rw-r--r-- 1 root root  278 Nov  5 11:51 Chart.yaml
drwxr-xr-x 2 root root 4096 Nov  5 11:51 files
-rw-r--r-- 1 root root 3284 Nov  5 11:51 README.md
drwxr-xr-x 2 root root 4096 Nov  5 11:51 templates
-rw-r--r-- 1 root root  491 Nov  5 11:51 values.yaml
[root@master istio-init]# 
# 安装所有Istio CRD
[root@master istio-1.3.3]# helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system
NAME:   istio-init
LAST DEPLOYED: Tue Nov  5 12:55:23 2019
NAMESPACE: istio-system
STATUS: DEPLOYED

RESOURCES:
==> v1/ClusterRole
NAME                     AGE
istio-init-istio-system  1s

==> v1/ClusterRoleBinding
NAME                                        AGE
istio-init-admin-role-binding-istio-system  1s

==> v1/ConfigMap
NAME          DATA  AGE
istio-crd-10  1     1s
istio-crd-11  1     1s
istio-crd-12  1     1s

==> v1/Job
NAME                     COMPLETIONS  DURATION  AGE
istio-init-crd-10-1.3.3  0/1          0s        1s
istio-init-crd-11-1.3.3  0/1          0s        1s
istio-init-crd-12-1.3.3  0/1          0s        1s

==> v1/Pod(related)
NAME                           READY  STATUS             RESTARTS  AGE
istio-init-crd-10-1.3.3-xt7cx  0/1    ContainerCreating  0         0s
istio-init-crd-11-1.3.3-bwsj5  0/1    ContainerCreating  0         0s
istio-init-crd-12-1.3.3-rzxcg  0/1    ContainerCreating  0         0s

==> v1/ServiceAccount
NAME                        SECRETS  AGE
istio-init-service-account  1        1s


[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# 
# 查看pod是否直接运行完毕
[root@master istio-1.3.3]# kubectl get pods -n istio-system 
NAME                            READY   STATUS      RESTARTS   AGE
istio-init-crd-10-1.3.3-xt7cx   0/1     Completed   0          85s
istio-init-crd-11-1.3.3-bwsj5   0/1     Completed   0          85s
istio-init-crd-12-1.3.3-rzxcg   0/1     Completed   0          85s
[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# 
# 查看统计一下创建的crds有没有缺少,正常部署应该是23个
[root@master istio-1.3.3]# kubectl get crds |grep istio
adapters.config.istio.io               2019-11-05T04:56:07Z
attributemanifests.config.istio.io     2019-11-05T04:56:07Z
authorizationpolicies.rbac.istio.io    2019-11-05T04:55:55Z
clusterrbacconfigs.rbac.istio.io       2019-11-05T04:56:07Z
destinationrules.networking.istio.io   2019-11-05T04:56:07Z
envoyfilters.networking.istio.io       2019-11-05T04:56:07Z
gateways.networking.istio.io           2019-11-05T04:56:07Z
handlers.config.istio.io               2019-11-05T04:56:07Z
httpapispecbindings.config.istio.io    2019-11-05T04:56:07Z
httpapispecs.config.istio.io           2019-11-05T04:56:07Z
instances.config.istio.io              2019-11-05T04:56:07Z
meshpolicies.authentication.istio.io   2019-11-05T04:56:07Z
policies.authentication.istio.io       2019-11-05T04:56:07Z
quotaspecbindings.config.istio.io      2019-11-05T04:56:07Z
quotaspecs.config.istio.io             2019-11-05T04:56:07Z
rbacconfigs.rbac.istio.io              2019-11-05T04:56:07Z
rules.config.istio.io                  2019-11-05T04:56:07Z
serviceentries.networking.istio.io     2019-11-05T04:56:07Z
servicerolebindings.rbac.istio.io      2019-11-05T04:56:07Z
serviceroles.rbac.istio.io             2019-11-05T04:56:07Z
sidecars.networking.istio.io           2019-11-05T04:56:22Z
templates.config.istio.io              2019-11-05T04:56:07Z
virtualservices.networking.istio.io    2019-11-05T04:56:07Z
[root@master istio-1.3.3]# kubectl get crds |grep istio|wc -l
23
[root@master istio-1.3.3]# 

部署核心组件

# 用helm部署istio核心组件,注意前面一次是istio-init部署crds,这次是istio核心组件
[root@master istio-1.3.3]# helm  install install/kubernetes/helm/istio --name istio --namespace istio-system
...
...
NOTES:
Thank you for installing Istio.

Your release is named Istio.

To get started running application with Istio, execute the following steps:
1. Label namespace that application object will be deployed to by the following command (take default namespace as an example)

$ kubectl label namespace default istio-injection=enabled
$ kubectl get namespace -L istio-injection

2. Deploy your applications

$ kubectl apply -f .yaml

For more information on running Istio, visit:
https://istio.io/
[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# 
# 查看一下istio-system命名空间下pod是否都跑起来了
[root@master istio-1.3.3]# kubectl get pods -n istio-system 
NAME                                      READY   STATUS      RESTARTS   AGE
istio-citadel-67f6594c46-p8n2z            1/1     Running     0          12m
istio-galley-6c7fcf86d4-4bqzb             1/1     Running     0          12m
istio-ingressgateway-6d68548679-647r5     1/1     Running     0          12m
istio-init-crd-10-1.3.3-xt7cx             0/1     Completed   0          17m
istio-init-crd-11-1.3.3-bwsj5             0/1     Completed   0          17m
istio-init-crd-12-1.3.3-rzxcg             0/1     Completed   0          17m
istio-pilot-789d4748b-bw7h2               2/2     Running     0          12m
istio-policy-59d8f8c9f8-dtmww             2/2     Running     2          12m
istio-sidecar-injector-6d967869b5-bnwnt   1/1     Running     0          12m
istio-telemetry-646f74c6bf-jc6hx          2/2     Running     4          12m
prometheus-6f74d6f76d-cvwtn               1/1     Running     0          12m
[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# helm list
NAME      	REVISION	UPDATED                 	STATUS  	CHART           	APP VERSION	NAMESPACE   
istio     	1       	Tue Nov  5 13:00:19 2019	DEPLOYED	istio-1.3.3     	1.3.3      	istio-system
istio-init	1       	Tue Nov  5 12:55:23 2019	DEPLOYED	istio-init-1.3.3	1.3.3      	istio-system
[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# 

截止到这istio算是部署完毕了;

istio简单的使用介绍:

官网- 通过Bookinfo应用实践一步步介绍,这是一个实践项目
地址: https://istio.io/docs/examples/bookinfo/

# 给default命名空间打一个label
[root@master istio-1.3.3]# kubectl label namespace default istio-injection=enabled
namespace/default labeled
[root@master istio-1.3.3]# kubectl get ns --show-labels
NAME                   STATUS   AGE     LABELS
default                Active   8d      istio-injection=enabled
efk                    Active   4d21h   
istio-system           Active   32m     name=istio-system
kube-node-lease        Active   8d      
kube-public            Active   8d      
kube-system            Active   8d      
kubernetes-dashboard   Active   7d20h   
wangting               Active   7d2h    
[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# ll samples/bookinfo/platform/kube/
total 72
-rw-r--r-- 1 root root  914 Nov  5 11:51 bookinfo-certificate.yaml
-rw-r--r-- 1 root root 1227 Nov  5 11:51 bookinfo-db.yaml
-rw-r--r-- 1 root root 1363 Nov  5 11:51 bookinfo-details-v2.yaml
-rw-r--r-- 1 root root 1452 Nov  5 11:51 bookinfo-details.yaml
-rw-r--r-- 1 root root 1368 Nov  5 11:51 bookinfo-ingress.yaml
-rw-r--r-- 1 root root 1841 Nov  5 11:51 bookinfo-mysql.yaml
-rw-r--r-- 1 root root  972 Nov  5 11:51 bookinfo-ratings-discovery.yaml
-rw-r--r-- 1 root root 1550 Nov  5 11:51 bookinfo-ratings-v2-mysql-vm.yaml
-rw-r--r-- 1 root root 1779 Nov  5 11:51 bookinfo-ratings-v2-mysql.yaml
-rw-r--r-- 1 root root 1881 Nov  5 11:51 bookinfo-ratings-v2.yaml
-rw-r--r-- 1 root root 1452 Nov  5 11:51 bookinfo-ratings.yaml
-rw-r--r-- 1 root root 1295 Nov  5 11:51 bookinfo-reviews-v2.yaml
-rw-r--r-- 1 root root 5675 Nov  5 11:51 bookinfo.yaml
-rwxr-xr-x 1 root root 1569 Nov  5 11:51 cleanup.sh
-rw-r--r-- 1 root root 1031 Nov  5 11:51 productpage-nodeport.yaml
drwxr-xr-x 2 root root 4096 Nov  5 11:51 rbac
-rw-r--r-- 1 root root  137 Nov  5 11:51 README.md
[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# cd samples/bookinfo/platform/kube/
# 查看yaml中的镜像能否正常的拉取到,一般docker.io的镜像都没问题
[root@master kube]# cat bookinfo.yaml |grep image
        image: docker.io/istio/examples-bookinfo-details-v1:1.15.0
        imagePullPolicy: IfNotPresent
        image: docker.io/istio/examples-bookinfo-ratings-v1:1.15.0
        imagePullPolicy: IfNotPresent
        image: docker.io/istio/examples-bookinfo-reviews-v1:1.15.0
        imagePullPolicy: IfNotPresent
        image: docker.io/istio/examples-bookinfo-reviews-v2:1.15.0
        imagePullPolicy: IfNotPresent
        image: docker.io/istio/examples-bookinfo-reviews-v3:1.15.0
        imagePullPolicy: IfNotPresent
        image: docker.io/istio/examples-bookinfo-productpage-v1:1.15.0
        imagePullPolicy: IfNotPresent
[root@master kube]# docker pull docker.io/istio/examples-bookinfo-details-v1:1.15.0
1.15.0: Pulling from istio/examples-bookinfo-details-v1
fc7181108d40: Pull complete 
fb832b8d529e: Pull complete 
...
# 能拉到镜像,那就可以愉快的直接apply目录下的yaml文件了
[root@master kube]# 
[root@master kube]# kubectl apply -f bookinfo.yaml 
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
[root@master kube]# 
[root@master kube]# 
[root@master kube]# kubectl get services
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
details       ClusterIP   10.100.45.255            9080/TCP   3s
kubernetes    ClusterIP   10.96.0.1                443/TCP    8d
productpage   ClusterIP   10.108.111.177           9080/TCP   2s
ratings       ClusterIP   10.103.231.43            9080/TCP   3s
reviews       ClusterIP   10.97.199.83             9080/TCP   2s
[root@master kube]# 
[root@master kube]# 
# 耐心等待下载镜像一个个pod跑起来,因为拉取的镜像比较多,这一步相对较慢,等几分钟
[root@master kube]# kubectl get pods -w
NAME                              READY   STATUS            RESTARTS   AGE
details-v1-78d78fbddf-85rpz       0/2     PodInitializing   0          78s
productpage-v1-596598f447-q7ml4   0/2     PodInitializing   0          77s
ratings-v1-6c9dbf6b45-h8zng       0/2     PodInitializing   0          77s
reviews-v1-7bb8ffd9b6-ns4r6       0/2     PodInitializing   0          76s
reviews-v2-d7d75fff8-8gnwk        2/2     Running           0          77s
reviews-v3-68964bc4c8-kv8zt       0/2     PodInitializing   0          77s
reviews-v1-7bb8ffd9b6-ns4r6       1/2     Running           0          76s
reviews-v1-7bb8ffd9b6-ns4r6       2/2     Running           0          78s
[root@master kube]# 
# pod已经都跑起来了
[root@master kube]# kubectl get pods
NAME                              READY   STATUS    RESTARTS   AGE
details-v1-78d78fbddf-85rpz       2/2     Running   0          2m24s
productpage-v1-596598f447-q7ml4   2/2     Running   0          2m23s
ratings-v1-6c9dbf6b45-h8zng       2/2     Running   0          2m23s
reviews-v1-7bb8ffd9b6-ns4r6       2/2     Running   0          2m22s
reviews-v2-d7d75fff8-8gnwk        2/2     Running   0          2m23s
reviews-v3-68964bc4c8-kv8zt       2/2     Running   0          2m23s
[root@master kube]# 
验证一下,是否能打出标题Simple Bookstore App
[root@master kube]# kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o ".*"
Simple Bookstore App
[root@master kube]# 
[root@master kube]# 
# 部署gateway
[root@master istio-1.3.3]# cd ~/istio-1.3.3/
[root@master istio-1.3.3]# ll samples/bookinfo/networking/bookinfo-gateway.yaml
-rw-r--r-- 1 root root 708 Nov  5 11:51 samples/bookinfo/networking/bookinfo-gateway.yaml
[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# kubectl get gateway
NAME               AGE
bookinfo-gateway   12s
[root@master istio-1.3.3]# 
# nodeport访问需要export下面2个命令
[root@master istio-1.3.3]# export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
[root@master istio-1.3.3]# 

查看一下端口,看一下nodeport访问的端口

[root@master istio-1.3.3]# env |grep INGRESS
INGRESS_PORT=31380
SECURE_INGRESS_PORT=31390
[root@master istio-1.3.3]# 

看一下gateway部署yaml中有哪些访问路径

[root@master istio-1.3.3]# 
[root@master istio-1.3.3]# tail -15  samples/bookinfo/networking/bookinfo-gateway.yaml
    - uri:
        exact: /productpage
    - uri:
        prefix: /static
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage
        port:
          number: 9080

尝试用nodeIP+INGRESS_PORT+/productpage  访问试验一下(绿色部份换成自己的地址及端口即可)

http://47.103.XXX.XX:31380/productpage

kubernetes平台搭建Istio以及使用介绍_第1张图片

 

反复刷新地址 An extremely entertaining play by Shakespeare. The slapstick humour is refreshing! 位置的状态是和官方说的一样,有v1,v2,v3 三种状态;分享完毕

kubernetes平台搭建Istio以及使用介绍_第2张图片

更多的使用方法和进一步熟悉了解,可以去网上查阅资料及官方文档。

你可能感兴趣的:(kubernetes)