在docker desktop的k8s中部署Istio-demo
2020-04-26 本文已影响0人
VincentWang9
转载请注明出处即可
所使用的环境为macos
零、安装前准备
一、下载istio
https://github.com/istio/istio/releases
istio下载
下载解压后, 设置path,以下path需要换为istio的解压后的路径
ISTIO_PATH=/istio/istio-1.5.2
export PATH=$ISTIO_PATH/bin:$PATH
建议设置别名
alias ic=istioctl
二、开始部署isito
查看profiles list
$ ic profile list
Istio configuration profiles:
empty
minimal
remote
separate
default
demo
在 cd ${ISTIO_PATH}/install/kubernetes/operator/profiles 目录下可以看到profiles的具体配置, 打开demo.yaml
demo.yaml
因为是demo部署,所以将大部分组件全部部署了,并增加了cpu和memory的限制
在这里跑个题, 在生产环境部署几乎不会完全使用官方的配置,虽然default是官方推荐的生产环境的基本配置。以下是使用自己的配置文件进行部署,不用profile
ic manifest apply -f default.yaml --set values.global.jwtPolicy=first-party-jwt
使用profile=demo进行部署
ic manifest apply --set profile=demo
等待部署结束即可, 会下载相关的docker image
部署istio
部署完成
部署完成
如果要删除istio的部署
istioctl manifest generate --set profile=demo | kubectl delete -f -
查看k8s的namespace, 发现新增一个istio-system
$ k get namespaces
NAME STATUS AGE
default Active 6h2m
docker Active 6h1m
istio-system Active 3m27s
kube-node-lease Active 6h2m
kube-public Active 6h2m
kube-system Active 6h2m
查看pods, 可以发现主要的pod已经运行成功,其他的pod等待一会下载完docker image即可。
$ k -n istio-system get po
NAME READY STATUS RESTARTS AGE
grafana-5cc7f86765-d655t 0/1 ContainerCreating 0 2m2s
istio-egressgateway-598d7ffc49-w585j 1/1 Running 0 2m4s
istio-ingressgateway-7bd5586b79-qlptv 1/1 Running 0 2m4s
istio-tracing-8584b4d7f9-226v8 0/1 Running 0 2m2s
istiod-646b6fcc6-rkdkf 1/1 Running 0 4m
kiali-696bb665-tsfsv 0/1 ContainerCreating 0 2m2s
prometheus-6c88c4cb8-kjx2j 0/2 ContainerCreating 0 2m2s
如果出现了status为ImagePullBackOff,这个没有关系,k8s还会再次去pull image。
当然也可以手动pull image。比如以下pod部署失败
kiali-696bb665-tsfsv 0/1 ImagePullBackOff 0 10m
查看pod的详情
k -n istio-system describe po kiali-696bb665-tsfsv
pod详情
找到下面图中的image手动pull,或者找到国内的mirror pull,在tag成quay.io的。
在等待过程中,我们可以检查下istio的部署情况
$ ic analyze
Warn [IST0102] (Namespace default) The namespace is not enabled for Istio injection. Run 'kubectl label namespace default istio-injection=enabled' to enable it, or 'kubectl label namespace default istio-injection=disabled' to explicitly mark it as not needing injection
Error: Analyzers found issues when analyzing namespace: default.
See https://istio.io/docs/reference/config/analysis for more information about causes and resolutions.
可以看到如果要在某个k8s的namespace中默认在部署pod时,部署istio的数据平面,需要给对应的namespace增加istio-injection=enabled的label。
创建一个新的namespace
k create namespace ic-test
并增加istio注入的label
kubectl label namespace ic-test istio-injection=enabled
三、部署3个demo服务
部署的是https://github.com/cloudnativebooks/cloud-native-istio
下在weather-v1.yaml,但版本有些老了,api不太一样。
将以下内容保存在demo.yaml中
apiVersion: v1
kind: Service
metadata:
name: frontend
labels:
app: frontend
service: frontend
spec:
ports:
- port: 3000
name: http
selector:
app: frontend
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend-v1
labels:
app: frontend
version: v1
spec:
selector:
matchLabels:
app: frontend
version: v1
replicas: 1
template:
metadata:
labels:
app: frontend
version: v1
spec:
containers:
- name: frontend
image: istioweather/frontend:v1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
---
apiVersion: v1
kind: Service
metadata:
name: advertisement
labels:
app: advertisement
service: advertisement
spec:
ports:
- port: 3003
name: http
selector:
app: advertisement
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: advertisement-v1
labels:
app: advertisement
version: v1
spec:
selector:
matchLabels:
app: advertisement
version: v1
replicas: 1
template:
metadata:
labels:
app: advertisement
version: v1
spec:
containers:
- name: advertisement
image: istioweather/advertisement:v1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3003
---
apiVersion: v1
kind: Service
metadata:
name: forecast
labels:
app: forecast
service: forecast
spec:
ports:
- port: 3002
name: http
selector:
app: forecast
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: forecast-v1
labels:
app: forecast
version: v1
spec:
selector:
matchLabels:
app: forecast
version: v1
replicas: 1
template:
metadata:
labels:
app: forecast
version: v1
spec:
containers:
- name: forecast
image: istioweather/forecast:v1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3002
---
开始部署
$ k -n ic-test apply -f demo.yaml
service/frontend created
deployment.apps/frontend-v1 created
service/advertisement created
deployment.apps/advertisement-v1 created
service/forecast created
deployment.apps/forecast-v1 created
查看pods,如果部署成功的化,会有以下三个pods,在Running状态
$ k -n ic-test get po
NAME READY STATUS RESTARTS AGE
advertisement-v1-68d74cc5bd-9wsdl 2/2 Running 0 2m22s
forecast-v1-77dcd878bc-ckwr5 2/2 Running 0 2m22s
frontend-v1-75d4648dc6-hplwf 2/2 Running 0 2m22s
部署gateway,将以下内容保存到gateway.yaml中
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: weather-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: frontend-dr
namespace: ic-test
spec:
host: frontend
subsets:
- name: v1
labels:
version: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: frontend-route
namespace: ic-test
spec:
hosts:
- "*"
gateways:
- istio-system/weather-gateway
http:
- match:
- port: 80
route:
- destination:
host: frontend
port:
number: 3000
subset: v1
部署gateway, 部署前先检查80端口是否被占用
$ k apply -f weather-gateway.yaml
gateway.networking.istio.io/weather-gateway created
destinationrule.networking.istio.io/frontend-dr created
virtualservice.networking.istio.io/frontend-route created
浏览器中打开 http://localhost/dashboard
部署的服务
四、使用kiali等组件
创建kiali-secret.yaml, 添加如下内容
apiVersion: v1
kind: Secret
metadata:
name: kiali
namespace: istio-system
labels:
app: kiali
type: Opaque
data:
username: YWRtaW4=
passphrase: YWRtaW4=
创建Secret
k apply -f kiali-secret.yaml
设置组件的访问方式, 保存为access.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grafana-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 15031
name: http-grafana
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana-vs
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- grafana-gateway
http:
- match:
- port: 15031
route:
- destination:
host: grafana
port:
number: 3000
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: grafana
namespace: istio-system
spec:
host: grafana
trafficPolicy:
tls:
mode: DISABLE
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kiali-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 15029
name: http-kiali
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: kiali-vs
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- kiali-gateway
http:
- match:
- port: 15029
route:
- destination:
host: kiali
port:
number: 20001
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: kiali
namespace: istio-system
spec:
host: kiali
trafficPolicy:
tls:
mode: DISABLE
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: prometheus-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 15030
name: http-prom
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: prometheus-vs
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- prometheus-gateway
http:
- match:
- port: 15030
route:
- destination:
host: prometheus
port:
number: 9090
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: prometheus
namespace: istio-system
spec:
host: prometheus
trafficPolicy:
tls:
mode: DISABLE
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: tracing-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 15032
name: http-tracing
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tracing-vs
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- tracing-gateway
http:
- match:
- port: 15032
route:
- destination:
host: tracing
port:
number: 80
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: tracing
namespace: istio-system
spec:
host: tracing
trafficPolicy:
tls:
mode: DISABLE
添加Gateway规则
$ k apply -f access.yaml
gateway.networking.istio.io/grafana-gateway created
virtualservice.networking.istio.io/grafana-vs created
destinationrule.networking.istio.io/grafana created
gateway.networking.istio.io/kiali-gateway created
virtualservice.networking.istio.io/kiali-vs created
destinationrule.networking.istio.io/kiali created
gateway.networking.istio.io/prometheus-gateway created
virtualservice.networking.istio.io/prometheus-vs created
destinationrule.networking.istio.io/prometheus created
gateway.networking.istio.io/tracing-gateway created
virtualservice.networking.istio.io/tracing-vs created
destinationrule.networking.istio.io/tracing created
访问kiali
http://localhost:15029/kiali/
前面设置的secret,用户名和密码都是admin
kiali
在Graph中的namespace选择ic-test,可以看到当前的调用链路
kiali
访问jaeger ui
http://localhost:15032/jaeger
点击Find Traces可以看到右侧的调用链路
jaeger ui
访问Grafana
http://localhost:15031/?orgId=1
Grafana
Grafana istio
istio pilot的监控信息
导入1471的dashboard
import
选择prometheus
查看监控
