[root@istio ~]# swapoff -a
[root@istio ~]# vi /etc/fstab
[root@istio ~]# cat /etc/fstab
#/dev/mapper/centos-swap swap swap defaults 0 0
[root@istio ~]#
[root@istio ~]# cat /etc/selinux/config
SELINUX=disabled
固定IP地址
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="aee16665-852b-49ab-9dc1-2a1d8fc5d14a"
DEVICE="ens33"
ONBOOT="yes"
IPADDR="192.168.229.229"
NETMASK="255.255.255.0"
GATEWAY="192.168.229.2"
DNS1="192.168.229.2"
[root@istio ~]#
vi /etc/rc.d/rc.local
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
chmod +x /etc/rc.d/rc.local
關閉防火牆
systemctl status firewalld
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
firewall-cmd --state
[root@istio ~]# cat /etc/hosts
192.168.229.228 istio
[root@istio ~]# yum install epel-release -y
卸載docker
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@istio ~]# yum list docker-ce --showduplicates
[root@istio ~]# sudo yum install docker-ce -y
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://hny2a055.mirror.aliyuncs.com"]
} EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
systemctl enable docker
systemctl enable kubelet
配置kubelet源
vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
enabled=1
[root@istio ~]# yum install kubelet kubeadm kubectl -y
[root@istio ~]# mkdir -p /usr/local/kubernetes/cluster
[root@istio ~]# echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
[root@istio cluster]# kubeadm config print init-defaults --kubeconfig ClusterConfiguration > kubeadm.yml
[root@istio cluster]# vi kubeadm.yml
[root@istio cluster]#
12 advertiseAddress: 192.168.229.228
32 imageRepository: registry.aliyuncs.com/google_containers
37 podSubnet: "10.244.0.0/16"
拉取所需鏡像
kubeadm config images pull --config kubeadm.yml
[root@istio cluster]# pwd
/usr/local/kubernetes/cluster
[root@istio cluster]# kubeadm init --config=kubeadm.yml --upload-certs | tee kubeadm-init.log
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
配置網絡
root@kubernetes-master:~# wget https://docs.projectcalico.org/v3.8/manifests/calico.yaml
624 - name: CALICO_IPV4POOL_CIDR
625 value: "10.244.0.0/16"
626 # Disable file logging
[root@istio cluster]# kubectl apply -f calico.yaml
[root@istio cluster]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-77c5fc8d7f-qcr2d 1/1 Running 0 89s
kube-system calico-node-5r74g 1/1 Running 0 89s
kube-system coredns-7ff77c879f-5vdmv 1/1 Running 0 5m5s
kube-system coredns-7ff77c879f-8trjj 1/1 Running 0 5m5s
kube-system etcd-istio 1/1 Running 0 5m21s
kube-system kube-apiserver-istio 1/1 Running 0 5m21s
kube-system kube-controller-manager-istio 1/1 Running 0 5m21s
kube-system kube-proxy-f2x7s 1/1 Running 0 5m4s
kube-system kube-scheduler-istio 1/1 Running 0 5m21s
[root@istio cluster]#
[root@master ~]# istioctl manifest apply --set profile=demo
Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-accnt-tokens for details.
- Applying manifest for component Base...
✔ Finished applying manifest for component Base.
- Applying manifest for component Pilot...
✔ Finished applying manifest for component Pilot.
Waiting for resources to become ready...
Waiting for resources to become ready...
Waiting for resources to become ready...
Waiting for resources to become ready...
- Applying manifest for component EgressGateways...
- Applying manifest for component IngressGateways...
- Applying manifest for component AddonComponents...
✔ Finished applying manifest for component IngressGateways.
✔ Finished applying manifest for component EgressGateways.
✔ Finished applying manifest for component AddonComponents.
✔ Installation complete
[root@master ~]#
[root@master ~]# kubectl label namespace default istio-injection=enabled
[root@master istio-1.5.1]# pwd
/usr/local/kubernetes/istio-1.5.1
[root@master istio-1.5.1]# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
[root@master istio-1.5.1]# kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>
[root@master istio-1.5.1]#
Open the application to outside traffic
[root@master istio-1.5.1]# kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
[root@master istio-1.5.1]# kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.101.247.75 <pending> 15020:30143/TCP,80:30257/TCP,443:32510/TCP,15029:30670/TCP,15030:32468/TCP,15031:31742/TCP,15032:30679/TCP,31400:31512/TCP,15443:31075/TCP 51m
[root@master istio-1.5.1]#
View the dashboard
root@master istio-1.5.1]# istioctl dashboard kiali
http://localhost:20001/kiali
Failed to open browser; open http://localhost:20001/kiali in your browser.