详细安装步骤及解释参考
https://docs.openshift.com/container-platform/3.11/servicemesh-install/servicemesh-install.html#servicemesh-installation-overview
1.设置virtualbox能够上网
添加网络地址转换NAT网卡,并且编辑network-script
[root@node1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp0s8 TYPE="Ethernet" #PROXY_METHOD="none" BOOTPROTO="dhcp" #IPADDR=192.168.56.103 #NETMASK=255.255.255.0 #GATEWAY=192.168.64.254 DNS1=202.106.0.20 DNS2=114.114.114.114 NAME="enp0s8" DEVICE="enp0s8" ONBOOT="yes" DEFROUTE=yes
删除enp0s3的GATEWAY选项,验证是否能上网。
如果离线安装需要下载的镜像包括
openshift-istio-tech-preview/istio-operator:0.5.0 openshift-istio-tech-preview/openshift-ansible:0.5.0 openshift-istio-tech-preview/citadel:0.5.0 openshift-istio-tech-preview/proxyv2:0.5.0 openshift-istio-tech-preview/pilot:0.5.0 openshift-istio-tech-preview/mixer:0.5.0 docker.io/prom/prometheus:v2.3.1 openshift-istio-tech-preview/galley:0.5.0 openshift-istio-tech-preview/sidecar-injector:0.5.0 distributed-tracing-tech-preview/jaeger-elasticsearch:5.6.10 grafana/grafana:5.2.3 distributed-tracing-tech-preview/jaeger-agent:1.8.1 distributed-tracing-tech-preview/jaeger-collector:1.8.1 distributed-tracing-tech-preview/jaeger-query:1.8.1 kiali/kiali:v0.10.1
但最后还需要建立一个github,把代码clone过去
https://github.com/fabric8-launcher/launcher-booster-catalog.git
所以最后还是选择联互联网。
2. 准备工作
每台机器新建立一个/etc/sysctl.d/99-elasticsearch.conf文件,添加
vm.max_map_count = 262144
#sysctl vm.max_map_count=262144
在master机器上建立/etc/origin/master/master-config.patch文件
admissionConfig: pluginConfig: MutatingAdmissionWebhook: configuration: apiVersion: apiserver.config.k8s.io/v1alpha1 kubeConfigFile: /dev/null kind: WebhookAdmission ValidatingAdmissionWebhook: configuration: apiVersion: apiserver.config.k8s.io/v1alpha1 kubeConfigFile: /dev/null kind: WebhookAdmission
然后
$ cp -p master-config.yaml master-config.yaml.prepatch $ oc ex config patch master-config.yaml.prepatch -p "$(cat master-config.patch)" > master-config.yaml $ /usr/local/bin/master-restart api && /usr/local/bin/master-restart controllers
3.安装
istio_product_operator_template.yaml
apiVersion: v1 kind: Template metadata: name: istio-operator-job parameters: - displayName: Master Public URL description: The public URL for master name: OPENSHIFT_ISTIO_MASTER_PUBLIC_URL value: https://127.0.0.1:8443 - displayName: OpenShift Release description: The version of the OpenShift release. name: OPENSHIFT_RELEASE value: v3.11.0 required: true - displayName: Istio Operator Namespace description: The namespace for the Istio operator name: OPENSHIFT_ISTIO_OPERATOR_NAMESPACE value: istio-operator required: true - displayName: Default Prefix description: The default image prefix for istio deployments name: OPENSHIFT_ISTIO_PREFIX value: openshift-istio-tech-preview/ - displayName: Default Version description: The default image version for istio deployments name: OPENSHIFT_ISTIO_VERSION value: 0.5.0 - displayName: Default Deployment Type description: The default deployment type for istio deployments name: OPENSHIFT_DEPLOYMENT_TYPE value: openshift objects: - kind: CustomResourceDefinition apiVersion: apiextensions.k8s.io/v1beta1 metadata: name: installations.istio.openshift.com spec: group: istio.openshift.com names: kind: Installation plural: installations singular: installation scope: Namespaced version: v1alpha1 - kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: istio-operator rules: - apiGroups: - istio.openshift.com resources: - "*" verbs: - "*" - apiGroups: - "" resources: - pods - services - endpoints - persistentvolumeclaims - events - configmaps - secrets - securitycontextconstraints verbs: - "*" - apiGroups: - apps resources: - deployments - daemonsets - replicasets - statefulsets verbs: - "*" - kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: default-account-istio-operator subjects: - kind: ServiceAccount namespace: ${OPENSHIFT_ISTIO_OPERATOR_NAMESPACE} name: default roleRef: kind: Role name: istio-operator apiGroup: rbac.authorization.k8s.io - kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: default-account-istio-operator-cluster-role-binding subjects: - kind: ServiceAccount namespace: ${OPENSHIFT_ISTIO_OPERATOR_NAMESPACE} name: default roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io - kind: Deployment apiVersion: apps/v1 metadata: name: istio-operator namespace: ${OPENSHIFT_ISTIO_OPERATOR_NAMESPACE} spec: replicas: 1 selector: matchLabels: name: istio-operator template: metadata: labels: name: istio-operator spec: containers: - name: istio-operator image: ${OPENSHIFT_ISTIO_PREFIX}istio-operator:${OPENSHIFT_ISTIO_VERSION} ports: - containerPort: 60000 name: metrics command: - istio-operator args: - "--release=${OPENSHIFT_RELEASE}" - "--masterPublicURL=${OPENSHIFT_ISTIO_MASTER_PUBLIC_URL}" - "--istioPrefix=${OPENSHIFT_ISTIO_PREFIX}" - "--istioVersion=${OPENSHIFT_ISTIO_VERSION}" - "--deploymentType=${OPENSHIFT_DEPLOYMENT_TYPE}" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: OPERATOR_NAME value: "istio-operator"
cr.yaml
特别注意需要把模板中的username,password,token换成自己的啊!
[root@master istio]# cat cr.yaml apiVersion: "istio.openshift.com/v1alpha1" kind: "Installation" metadata: name: "istio-installation" namespace: istio-operator spec: deployment_type: openshift istio: authentication: true community: false prefix: openshift-istio-tech-preview/ version: 0.5.0 jaeger: prefix: distributed-tracing-tech-preview/ version: 1.8.1 elasticsearch_memory: 1Gi kiali: username: username password: password prefix: kiali/ version: v0.10.1 launcher: openshift: user: admin password: welcome1 github: username: ericnie2015 token: 19ba02ae0c370d8bb2bcf24ec5dd77ca6cb0b472 catalog: filter: booster.mission.metadata.istio branch: v71 repo: https://github.com/fabric8-launcher/launcher-booster-catalog.git
- Operator安装验证
#oc new-project istio-operator #oc new-app -f istio_product_operator_template.yaml --param=OPENSHIFT_ISTIO_MASTER_PUBLIC_URL=https://master.example.com:8443
# oc logs -n istio-operator $(oc -n istio-operator get pods -l name=istio-operator --output=jsonpath={.items..metadata.name})
- 控制面板的部署
#oc create -f cr.yaml -n istio-operator
[root@master istio]# oc get pods -n devex NAME READY STATUS RESTARTS AGE configmapcontroller-1-kszwr 1/1 Running 0 26m launcher-backend-3-8tkg8 1/1 Running 0 5m launcher-frontend-3-lfr9z 1/1 Running 0 2m