kubernetes實踐之六十九：istio-1.0.0部署和試用

一：簡介

本文介紹如何在kubernetes1.10.4叢集中部署istio-1.0.0 並試用istio自帶的bookinfo例項應用。

二：安裝

1.獲取安裝包

wget

tar -zxvf istio-1.0.0-linux.tar.gz

2.安裝istioctl

如果手動注入sidecar的話需要使用這個命令:

cp istio- 1.0 . /bin/istioctl /usr/local/bin/

設定環境變數：

ISTIO_HOME=/root/istio-1.0

PATH=$ISTIO_HOME/bin:$PATH

export  ISTIO_HOME  PATH 

3.安裝istio核心元件

kubectl apply -f istio-1.0.0/install/kubernetes/istio-demo.yaml

gcr.io和quay.io相關的映象下載不了的話可以替換為自己的映象：

daocloud.io/liukuan73/proxy_init:1.0.0

daocloud.io/liukuan73/galley:1.0.0

daocloud.io/liukuan73/mixer:1.0.0

daocloud.io/liukuan73/proxyv2:1.0.0

daocloud.io/liukuan73/pilot:1.0.0

daocloud.io/liukuan73/citadel:1.0.0

daocloud.io/liukuan73/servicegraph:1.0.0

daocloud.io/liukuan73/sidecar_injector:1.0.0

daocloud.io/liukuan73/istio-grafana:1.0.0

4.安裝結果驗證

三：試用

1.sidecar自動注入配置

 Istio裝好後，如果想sidecar在應用啟動時自動注入到pod中，還需要配置如下4步：

a.安裝istio-sidecar-injector

 安裝了istio-sidecar-injector後，kubectl create起應用的時候sidecar容器會直接自動注入到pod中，而不用手動注入。

b.啟用mutating webhook admission controller

在kube-apiserver的啟動引數的admission controller中按正確順序加入如下兩個controller:MutatingAdmissionWebhook,ValidatingAdmissionWebhook

--admission-control=ServiceAccount,Initializers,NamespaceLifecycle,NamespaceExists,LimitRanger,DefaultStorageClass,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota

c.啟用admissionregistration api

kubectl api-versions | grep admissionregistration

admissionregistration.k8s.io/v1beta1 

d.為需要自動注入sidecar的namespace打label

kubectl label namespace istio-test istio-injection=enabled

kubectl get namespace -L istio-injection

2.啟動示例應用

a.示例結構

b.安裝示例

kubectl apply -n istio-test -f istio-1.0.0/samples/bookinfo/platform/kube/bookinfo.yaml

c. 配置traefik Ingress

為了便於叢集外訪問驗證，配置Ingress代理

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-ingress
  namespace: kube-system
spec:
  rules:
  - host: elasticsearch.donkey
    http:
      paths:
      - path: /
        backend:
          serviceName: elasticsearch-logging
          servicePort: 9200
  - host: kibana.donkey
    http:
      paths:
      - path: /
        backend:
          serviceName: kibana-logging
          servicePort: 5601
  - host: locust.donkey
    http:
      paths:
      - path: /
        backend:
          serviceName: locust-master
          servicePort: 8089
  - host: dashboard.donkey
    http:
      paths:
      - path: /
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 32666
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: istio-ingress
  namespace: istio-system
spec:
  rules:
  - host: grafana.istio.donkey
    http:
      paths:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-ingress
  namespace: kube-system
spec:
  rules:
  - host: elasticsearch.donkey
    http:
      paths:
      - path: /
        backend:
          serviceName: elasticsearch-logging
          servicePort: 9200
  - host: kibana.donkey
    http:
      paths:
      - path: /
        backend:
          serviceName: kibana-logging
          servicePort: 5601
  - host: locust.donkey
    http:
      paths:
      - path: /
        backend:
          serviceName: locust-master
          servicePort: 8089
  - host: dashboard.donkey
    http:
      paths:
      - path: /
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 32666
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: istio-ingress
  namespace: istio-system
spec:
  rules:
  - host: grafana.istio.donkey
    http:
      paths:
      - path: /
        backend:
          serviceName: grafana
          servicePort: 3000
  - host: zipkin.istio.donkey
    http:

3.示例驗證

a.bookinfo 示例 

b.監控 

c. Prometheus頁面 

d. ServiceGraph頁面