istio 安裝遇到的問題

istio 安裝遇到的問題

問題描述

使用helm安裝的istio-1.4.0(beta5)，重新安裝的時候使用helm install install/kubernetes/helm/istio --name istio --namespace istio-system,，會出現如下錯誤：

Error: release istio failed: Internal error occurred: failed calling webhook "pilot.validation.istio.io": Post https://istio-galley.istio-system.svc:443/admitpilot?timeout=30s: no endpoints available for service "istio-galley"

查看istio狀態正常，啓動自動注入kubectl label namespace default istio-injection=enabled，創建pod的時候發現沒有生效

查找問題

首先懷疑是istio-sidecar-injector組件出了問題，查看event事件沒有發現異常，查詢日誌

kubectl logs -f -n istio-system istio-sidecar-injector-68fbf6459f-9rpd9

2019-11-14T07:52:11.734158Z	error	Patch webhook failed: mutatingwebhookconfigurations.admissionregistration.k8s.io "istio-sidecar-injector" not found
2019-11-14T07:52:12.742080Z	error	Patch webhook failed: mutatingwebhookconfigurations.admissionregistration.k8s.io "istio-sidecar-injector" not found
2019-11-14T07:52:13.755680Z	error	Patch webhook failed: mutatingwebhookconfigurations.admissionregistration.k8s.io "istio-sidecar-injector" not found
……

然後根據提示查詢kubectl get mutatingwebhookconfigurations，也沒有發現什麼問題

解決辦法

通過查詢issues17162，發現關鍵信息，然後執行刪除ValidatingWebhookConfiguration操作

kubectl delete ValidatingWebhookConfiguration istio-galley

然後使用helm刪除istio，重新安裝之後打印如下信息：

==> v1beta1/PodDisruptionBudget
NAME                    MIN AVAILABLE  MAX UNAVAILABLE  ALLOWED DISRUPTIONS  AGE
istio-citadel           1              N/A              0                    11s
istio-galley            1              N/A              0                    11s
istio-ingressgateway    1              N/A              0                    11s
istio-pilot             1              N/A              0                    11s
istio-policy            1              N/A              0                    11s
istio-sidecar-injector  1              N/A              0                    11s
istio-telemetry         1              N/A              0                    11s

==> v2beta1/HorizontalPodAutoscaler
NAME                  REFERENCE                        TARGETS        MINPODS  MAXPODS  REPLICAS  AGE
istio-ingressgateway  Deployment/istio-ingressgateway  <unknown>/80%  1        5        0         10s
istio-pilot           Deployment/istio-pilot           <unknown>/80%  1        5        0         10s
istio-policy          Deployment/istio-policy          <unknown>/80%  1        5        0         10s
istio-telemetry       Deployment/istio-telemetry       <unknown>/80%  1        5        0         10s


NOTES:
Thank you for installing Istio.

Your release is named Istio.

To get started running application with Istio, execute the following steps:
1. Label namespace that application object will be deployed to by the following command (take default namespace as an example)

$ kubectl label namespace default istio-injection=enabled
$ kubectl get namespace -L istio-injection

2. Deploy your applications

$ kubectl apply -f <your-application>.yaml

For more information on running Istio, visit:
https://istio.io/

然後開啓自動注入，創建pod發現創建成功，問題解決！