K8S微服务治理

3 min read

准备

docker pull istio/proxyv2:1.0.6
docker tag istio/proxyv2:1.0.6 gcr.io/istio-release/proxyv2:release-1.0-latest-daily
docker push  registry.cn-beijing.aliyuncs.com/co1/istio_proxyv2:1.0.6
docker pull istio/pilot:1.0.6
docker tag istio/pilot:1.0.6 gcr.io/istio-release/pilot:release-1.0-latest-daily
docker pull istio/mixer:1.0.6
docker tag istio/mixer:1.0.6 gcr.io/istio-release/mixer:release-1.0-latest-daily
docker pull istio/galley:1.0.6
docker tag istio/galley:1.0.6 gcr.io/istio-release/galley:release-1.0-latest-daily
docker pull istio/citadel:1.0.6
docker tag istio/citadel:1.0.6 gcr.io/istio-release/citadel:release-1.0-latest-daily
docker pull istio/sidecar_injector:1.0.6
docker tag istio/sidecar_injector:1.0.6 gcr.io/istio-release/sidecar_injector:release-1.0-latest-daily


git clone https://github.com/istio/istio.git
cd istio
git checkout 1.0.6 -b 1.0.6

安装

Istio by default uses LoadBalancer service object types. Some platforms do not support LoadBalancer service objects. For platforms lacking LoadBalancer support, install Istio with NodePort support instead with the flags –set gateways.istio-ingressgateway.type=NodePort –set gateways.istio-egressgateway.type=NodePort appended to the end of the Helm operation.

helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set gateways.istio-ingressgateway.type=NodePort --set gateways.istio-egressgateway.type=NodePort

精简安装

helm install --debug install/kubernetes/helm/istio --name istio --namespace istio-system --set security.enabled=false --set ingress.enabled=false --set gateways.istio-ingressgateway.enabled=false --set gateways.istio-egressgateway.enabled=false --set galley.enabled=false --set mixer.enabled=false --set prometheus.enabled=false --set global.proxy.envoyStatsd.enabled=false --set pilot.sidecar=true --set sidecarInjectorWebhook.enabled=false

kubectl label namespace default istio-injection=enabled
kubectl describe ns default -n istio-system

RESOURCES:
==> v1beta1/ClusterRoleBinding
NAME                      AGE
istio-pilot-istio-system  4s

==> v1beta1/Deployment
NAME         DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
istio-pilot  1        1        1           0          3s

==> v1alpha3/Gateway
NAME                             AGE
istio-autogenerated-k8s-ingress  3s

==> v1/Pod(related)
NAME                          READY  STATUS   RESTARTS  AGE
istio-pilot-754ccc994f-zzkj9  0/1    Pending  0         2s

==> v1/ConfigMap
NAME                    DATA  AGE
istio                   1     5s
istio-sidecar-injector  1     4s

==> v1/ServiceAccount
NAME                         SECRETS  AGE
istio-pilot-service-account  1        4s

==> v1beta1/ClusterRole
NAME                      AGE
istio-pilot-istio-system  4s

==> v1/Service
NAME         TYPE       CLUSTER-IP     EXTERNAL-IP  PORT(S)                                AGE
istio-pilot  ClusterIP  10.96.216.216  <none>       15010/TCP,15011/TCP,8080/TCP,9093/TCP  4s

==> v2beta1/HorizontalPodAutoscaler
NAME         REFERENCE               TARGETS        MINPODS  MAXPODS  REPLICAS  AGE
istio-pilot  Deployment/istio-pilot  <unknown>/80%  1        5        0         2s

Ensure the istio-pilot-* Kubernetes pod is deployed and its container is up and running:

kubectl get pods -n istio-system

MountVolume.SetUp failed for volume "certs" : secret "istio.istio-sidecar-injector-service-account" not found

the missing secret is created by the citadel pod which isn’t running due to the the –set security.enabled=false flag, setting that to true starts citadel and the secret is created and then pilot will start.

删除

helm del --purge istio
kubectl -n istio-system delete job --all
kubectl delete -f install/kubernetes/helm/istio/templates/crds.yaml -n istio-system
kubectl get customresourcedefinitions.apiextensions.k8s.io |grep istio | xargs kubectl delete customresourcedefinitions.apiextensions.k8s.io

运行配置

kubectl get cm -n istio-system istio -o yaml  > istio.config

awk '{gsub(/\\n/,"\n")}1'  istio.config

or

kubectl exec -it istio-pilot -c discovery -n istio-system -- bash
#cat /etc/istio/config/mesh  | grep discoveryAddress


kubectl get svc/istio-pilot -n istio-system -o yaml
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2018-03-29T11:04:04Z"
  labels:
    app: istio-pilot
    chart: pilot-1.0.6
    heritage: Tiller
    release: istio
  name: istio-pilot
  namespace: istio-system
  resourceVersion: "467151"
  selfLink: /api/v1/namespaces/istio-system/services/istio-pilot
  uid: 5de2a2d8-5212-11e9-b518-08002775f493
spec:
  clusterIP: 10.108.66.176
  ports:
  - name: grpc-xds
    port: 15010
    protocol: TCP
    targetPort: 15010
  - name: https-xds
    port: 15011
    protocol: TCP
    targetPort: 15011
  - name: http-legacy-discovery
    port: 8080
    protocol: TCP
    targetPort: 8080
  - name: http-monitoring
    port: 9093
    protocol: TCP
    targetPort: 9093
  selector:
    istio: pilot
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

kubectl port-forward svc/istio-pilot -n istio-system  15010:15010
K8S

Related