引言
Istio作爲service mesh控制面的實施標準,先部署起來。然而會有一個坑要注意,否則無法訪問到頁面。這個坑是個示例的bug,已被人提了issue,我也被坑了一把。
1.安裝Docker
通過命令行或者直接下載,由於網絡原因我直接下載安裝 ,下載地址:
https://hub.docker.com/editions/community/docker-ce-desktop-mac
2.驅動安裝
curl -LO https://storage.googleapis.com/minikube/releases/latest/docker-machine-driver-hyperkit
chmod +x docker-machine-driver-hyperkit
sudo mv docker-machine-driver-hyperkit /usr/local/bin/
sudo chown root:wheel /usr/local/bin/docker-machine-driver-hyperkit
sudo chmod u+s /usr/local/bin/docker-machine-driver-hyperkit
3.安裝minikube
curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/
驗證版本
$ minikube version
minikube version: v1.22.0
4.啓動minikube
$ minikube start😄 Darwin 10.15.7 上的 minikube v1.22.0✨ 根據現有的配置文件使用 docker 驅動程序👍 Starting control plane node minikube in cluster minikube🚜 Pulling base image ...🏃 Updating the running docker "minikube" container ...❗ This container is having trouble accessing https://k8s.gcr.io💡 To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/🐳 正在 Docker 20.10.7 中準備 Kubernetes v1.21.2…🔎 Verifying Kubernetes components... ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5🌟 Enabled addons: storage-provisioner, default-storageclass🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
1.下載istio
還是直接下載安裝包,當前最新版本爲1.11.0
https://github.com/istio/istio/releases/tag/1.11.0
2.設置環境變量
vim ~/.bash_profileexport PATH=$PATH:/Users/yongliang/istio/istio-1.11.0/binsource ~/.bash_profile
3.安裝istio
$ istioctl install --set profile=demo -y✔ Istio core installed✔ Istiod installed✔ Egress gateways installed✔ Ingress gateways installed✔ Installation complete
4.創建istio命名空間
kubectl create namespace istio-system
5.設置自動注入envoy
$ kubectl label namespace default istio-injection=enablednamespace/default labeled
6.驗證istio版本
$ istioctl versionclient version: 1.11.0control plane version: 1.11.0data plane version: 1.11.0 (8 proxies)
小結:輸出可以看出安裝的istio客戶端版本、控制面板版本和數據面版本。
1.部署示例
示例在安裝目錄sample目錄下
-rw-r--r--@ 1 yongliang staff 11348 8 13 00:17 LICENSE-rw-r--r--@ 1 yongliang staff 5866 8 13 00:17 README.mddrwxr-x---@ 3 yongliang staff 96 8 13 00:17 bin-rw-r-----@ 1 yongliang staff 854 8 13 00:17 manifest.yamldrwxr-xr-x@ 5 yongliang staff 160 8 13 00:17 manifestsdrwxr-xr-x@ 21 yongliang staff 672 8 13 00:17 samplesdrwxr-xr-x@ 5 yongliang staff 160 8 13 00:17 tools
$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yamlservice/details createdserviceaccount/bookinfo-details createddeployment.apps/details-v1 createdservice/ratings createdserviceaccount/bookinfo-ratings createddeployment.apps/ratings-v1 createdservice/reviews createdserviceaccount/bookinfo-reviews createddeployment.apps/reviews-v1 createddeployment.apps/reviews-v2 createddeployment.apps/reviews-v3 createdservice/productpage createdserviceaccount/bookinfo-productpage createddeployment.apps/productpage-v1 created
2.服務啓動情況
$ kubectl get servicesNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdetails ClusterIP 10.100.65.41 <none> 9080/TCP 4d2hkubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4d4hproductpage ClusterIP 10.107.21.144 <none> 9080/TCP 4d2hratings ClusterIP 10.110.139.187 <none> 9080/TCP 4d2hreviews ClusterIP 10.106.238.130 <none> 9080/TCP 4d2h
pods爲Running狀態
$ kubectl get podsNAME READY STATUS RESTARTS AGEdetails-v1-79f774bdb9-bkrbp 2/2 Running 4 4d2hproductpage-v1-6b746f74dc-2c55l 2/2 Running 4 4d2hratings-v1-b6994bb9-7nvs2 2/2 Running 4 4d2hreviews-v1-545db77b95-mffvg 2/2 Running 4 4d2hreviews-v2-7bf8c9648f-pmqw8 2/2 Running 4 4d2hreviews-v3-84779c7bbc-sztp8 2/2 Running 4 4d2h
3.把應用關聯到istio網關
$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yamlgateway.networking.istio.io/bookinfo-gateway createdvirtualservice.networking.istio.io/bookinfo created
4.分析istio配置信息
$ istioctl analyze✔ No validation issues found when analyzing namespace: default.
5.設置入站IP和端口
端口設置
$ export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')$ export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
打印出來看看
$ echo "$INGRESS_PORT"31688$ echo "$SECURE_INGRESS_PORT"31908
設置入站IP
在官方提供的命令中是下面一段:
$ export INGRESS_HOST=$(minikube ip)
$ minikube ip192.168.49.2
注意:照着執行後發現最後無法訪問,下面有修正。
啓動minikube隧道
$ minikube tunnel❗ The service istio-ingressgateway requires privileged ports to be exposed: [80 443]🔑 sudo permission will be asked for it.🏃 Starting tunnel for service istio-ingressgateway.
修正網關地址
官方爲命令:
$ export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
需要修正爲:
$ export GATEWAY_URL=127.0.0.1
$ echo "$GATEWAY_URL"127.0.0.1
備註:修正原因參見issue地址 https://github.com/istio/istio.io/issues/9340
6.瀏覽器訪問頁面
7.安裝Kiali儀表盤
$ kubectl apply -f samples/addons$ kubectl rollout status deployment/kiali -n istio-systemdeployment "kiali" successfully rolled out
啓動儀表盤
$ istioctl dashboard kialihttp://localhost:20001/kiali
備註:當訪問http://127.0.0.1/productpage時可以在儀表盤中觀察到流量的流向和服務之間的關係。
本文分享自微信公衆號 - 瓜農老梁(gh_01130ae30a83)。
如有侵權,請聯繫 [email protected] 刪除。
本文參與“OSC源創計劃”,歡迎正在閱讀的你也加入,一起分享。