istio部署
- 前期准备
istio与k8s对应版本支持 (opens new window)
github下载1.22.0 (opens new window)
# 创建istio-1.22.0
- 下载解压,配置istioctl命令
#解压
cd /opt
wget -c https://github.com/istio/istio/releases/download/1.22.0/istio-1.22.0-linux-amd64.tar.gz
tar xf istio-1.22.0-linux-amd64.tar.gz -C /opt
cd /opt/istio-1.22.0
cp -a /opt/istio-1.22.0/bin/istioctl /usr/local/bin/
#解压,替换镜像源
grep -rl 'hub: docker.io/istio' ./* |xargs sed -i 's#hub: docker.io/istio#hub: docker.1ms.run/istio#g'
grep -rl 'image: docker.io' ./* |xargs sed -i 's#image: docker.io#image: docker.1ms.run#g'
2
3
4
5
6
7
8
9
10
11
12
- 使用 default 配置文件安装 Istio
指定镜像仓库:docker.1ms.run
istioctl install --set profile=default --set values.global.hub=docker.1ms.run/istio
演示配置使用demo:istioctl install -f samples/bookinfo/demo-profile-no-gateways.yaml -y
- 边车模式的pod
default命名空间配置边车模式
kubectl label namespace default istio-injection=enabled
# 安装Kubernetes Gateway API CRDs
- Install the Kubernetes Gateway API CRDs,版本release-1.2
git clone -b release-1.2 https://github.com/kubernetes-sigs/gateway-api.git
cd gateway-api/config/crd/
test -d standard && kubectl kustomize | kubectl apply -f -
# kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.2.0" | kubectl apply -f -; }
2
3
4
5
# 创建一个 Bookinfo
# 创建bookinfo
docker pull docker.1ms.run/istio/proxyv2:1.22.0
docker tag docker.1ms.run/istio/proxyv2:1.22.0 docker.io/istio/proxyv2:1.22.0
docker save docker.io/istio/proxyv2:1.22.0 > istio-proxyv2-1.22.0.tar
ctr -n=k8s.io i import --all-platforms istio-proxyv2-1.22.0.tar
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml`
2
3
4
5
6
7
8
# 为bookinfo创建gateway
kubectl apply -f samples/bookinfo/gateway-api/bookinfo-gateway.yaml
- 修改bookinfo svc 为ClusterIP,默认loadbalancer
kubectl annotate gateway bookinfo-gateway networking.istio.io/service-type=ClusterIP --namespace=default
kubectl get gateway
2
- 提供svc映射端口到外部访问
kubectl port-forward svc/bookinfo-gateway-istio --address 0.0.0.0 38081:80
- 浏览器访问bookinfo
http://XXXXXXXX:38081/productpage
# 安装kiali
#拉取镜像
docker pull docker.io/jaegertracing/all-in-one:1.56
docker pull docker.io/grafana/grafana:10.4.0
docker pull ghcr.io/prometheus-operator/prometheus-config-reloader:v0.72.0
docker pull prom/prometheus:v2.51.1
docker pull docker.1ms.run/grafana/loki:3.0.0
#导出镜像
docker save grafana/grafana:10.4.0 > image-grafana_10.4.0.tar
docker save docker.io/jaegertracing/all-in-one:1.56 > image-jaegertracing-all-in-one_1.56.tar
docker save ghcr.io/prometheus-operator/prometheus-config-reloader:v0.72.0 > image-ghcr.io_prometheus-operator_prometheus-config-reloader_v0.72.0.tar
docker save prom/prometheus:v2.51.1 > image-prom_prometheus_v2.51.1.tar
#导入镜像
for i in `ls ./*.tar;do ctr -n=k8s.io i import --all-platforms $i;done
2
3
4
5
6
7
8
9
10
11
12
13
14
15
- 创建pv
cat >>loki-pvc.yaml<<'EOF'
apiVersion: v1
kind: PersistentVolume
metadata:
name: loki-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/data/nfs_share/k8s/loki/pv1"
EOF
mkdir -p /data/nfs_share/k8s/loki
chown -R 10001:10001 /data/nfs_share/k8s/loki
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
- 创建kiali和其他组件
kubectl apply -f samples/addons
- 暴露kiali的svc 端口32001
kubectl patch svc kiali -n istio-system -p '{"spec":{"type":"NodePort","ports":[{"name":"kiali","nodePort":32001,"port":20001},{"name":"kiali-metrics","nodePort":0,"port":9090}]}}' --type='merge'
- 还原svc
kubectl patch svc kiali -n istio-system -p '{"spec":{"type":"ClusterIP","ports":[{"name":"kiali","nodePort":32001,"port":20001},{"name":"kiali-metrics","nodePort":0,"port":9090}]}}' --type='merge'
- 暴露grafana 端口32301
kubectl patch svc grafana -n istio-system -p '{"spec":{"type":"NodePort","ports":[{"name":"http","nodePort":32301,"port":3000}]}}' --type='merge'