Introduction to the
Istio is an open source implementation of Service Mesh developed by Google/IBM/Lyft. The architecture diagram is as follows:
The installation
Install the K8S cluster
Refer to the article
The installationistioctl
# Go to the address below to download the zip package
# https://github.com/istio/istio/releasesWget https://github.com/istio/istio/releases/download/1.0.0/istio-1.0.0-linux.tar.gz tar xf istio - 1.0.0 - Linux. Tar. GzInstall and configure environment variablesThe mv istio - 1.0.0 / usr /local/
ln -sv /usr/local/ istio - 1.0.0 / usr /local/istio
echo 'export PATH=/usr/local/istio/bin:$PATH' > /etc/profile.d/istio.sh
source /etc/profile.d/istio.sh
istioctl version
Copy the codeInstall IStio in the K8S cluster
LoadBalancer is not supported if the environment is not a cloud environment
Ingressgateway listens on ports 80 and 443
Change the use of host port mapping
With this modified version, only one instance can be run per machine
# around line 3027
cd /usr/local/istio
sudo cp install/kubernetes/istio-demo.yaml install/kubernetes/istio-demo.yaml.ori
sudo vim install/kubernetes/istio-demo.yaml
...
apiVersion: extensions/v1beta1
# kind: Deployment
# Use DaemonSet deploymentkind: DaemonSet metadata: name: istio-ingressgateway namespace: istio-system labels: app: ingressgateway chart: Gateways -1.0.0 release: release-name Heritage: Tiller app: istio-ingressgateway IsTIO: ingressgateway spec:# DaemonSet does not support Replicas
# replicas: 1
template:
metadata:
labels:
app: istio-ingressgateway
istio: ingressgateway
annotations:
sidecar.istio.io/inject: "false"
scheduler.alpha.kubernetes.io/critical-pod: ""
spec:
serviceAccountName: istio-ingressgateway-service-account
containers:
- name: ingressgateway
image: "GCR. IO/istio - release/proxyv2:1.0.0"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
# Host 80 port mapping
hostPort: 80
- containerPort: 443
# host port 443 mapping
hostPort: 443
...
# Replace the mirror address
sudo sed -i '[email protected]/[email protected]/istio@g' install/kubernetes/istio-demo.yaml
sudo sed -i '[email protected]/coreos/hyperkube:[email protected]/gcr-k8s/hyperkube:v1.7.6_coreos.0@g' install/kubernetes/istio-demo.yaml
# Check the mirror address
grep 'image:' install/kubernetes/istio-demo.yaml
# installation CRDs
# Wait a few seconds
kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml -n istio-system
kubectl get crd
# Install without authentication (without TLS)
If the machine has too little memory, it will fail to start successfully
The experiment used 3 virtual machines each with 3G memory
kubectl apply -f install/kubernetes/istio-demo.yaml
# check status
kubectl get svc -n istio-system
kubectl get pods -n istio-system
Copy the codePay attention to
Istio-1.0.0 already has automatic injection enabled by default and other log monitoring and tracking related components such as
- istio-tracing
- istio-telemetry
- grafana
- prometheus
- servicegraph
Enable automatic Sidecar injection
-
Opens the automatic injection application deployment way need to use the following command kubectl apply -f < (istioctl kube inject – f samples/bookinfo/kube/bookinfo yaml)
-
Open automatically after injection, the use of normal command can deploy application kubectl apply -f samples/bookinfo/kube/bookinfo yaml
# istio-1.0.0 auto injection is enabled by default
# K8S 1.9 and later use auto injection
Check whether it is supported
kubectl api-versions | grep admissionregistration
Check kube-Apiserver startup parameters
# k8s version 1.9 make sure -- admission - control MutatingAdmissionWebhook, ValidatingAdmissionWebhook
# k8s version 1.9 after make sure - enable - admission - there are MutatingAdmissionWebhook plugins, ValidatingAdmissionWebhook
# Test automatic injection
# to create
kubectl apply -f samples/sleep/sleep.yaml
kubectl get deployment -o wide
kubectl get pod
Enable automatic namespace injection
kubectl label namespace default istio-injection=enabled
kubectl get namespace -L istio-injection
Delete the pod and wait to rebuild
kubectl delete pod $(kubectl get pod | grep sleep | cut -d ' ' -f 1)
# View the reconstructed POD
# check whether the istio-proxy container exists
kubectl get pod
kubectl describe pod $(kubectl get pod | grep sleep | cut -d ' ' -f 1)
# to clean up
kubectl delete -f samples/sleep/sleep.yaml
Turn off auto injection
kubectl label namespace default istio-injection-
Disable auto-injection for some PODS. template: metadata: annotations: sidecar.istio.io/inject:"false".Copy the codeDeploy the official test case
# default Enable automatic injection
kubectl label namespace default istio-injection=enabled
# deployment bookinfo
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
# to create a gateway
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
# check status
kubectl get services
kubectl get pods
istioctl get gateway
Copy the codeAccess to the test
Command line access test
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
NODE_NAME=$(kubectl get no | grep '<none>' | head -1 | awk '{print $1}')
NODE_IP=$(ping -c 1 $NODE_NAME | grep PING | awk '{print $3}' | tr -d '()')
export GATEWAY_URL=$NODE_IP:$INGRESS_PORT
echo $GATEWAY_URL
curl -o /dev/null -s -w "%{http_code}\n" http://${GATEWAY_URL}/productpage
# Browser access test
echo "http://${GATEWAY_URL}/productpage"
It can be accessed using daemonset
# 11.11.11.112 is the IP address of one of the nodesThe curl http://11.11.11.112/productpage# to clean up
samples/bookinfo/platform/kube/cleanup.sh
Copy the codeClean up the
Clear # istio
kubectl delete -f install/kubernetes/helm/istio/templates/crds.yaml -n istio-system
kubectl delete -f install/kubernetes/istio-demo.yaml
# kubectl delete -f install/kubernetes/istio-demo-auth.yaml
Copy the codeInstall ISTIO using the helm
Install the helm
Refer to the article
Install istio
# check configuration
cd /usr/local/istio
egrep -v "^ $| #" install/kubernetes/helm/istio/values.yaml
# installation CRDs
kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml
kubectl get crd
Configure parameters based on the configuration and requirements viewed above
# deployment
helm install install/kubernetes/helm/istio --name istio --namespace istio-system \
--set ingress.enabled=false \
--set global.hub="docker.io/istio" \
--set global.hyperkube.hub="registry.cn-shanghai.aliyuncs.com/gcr-k8s" \
--set gateways.istio-ingressgateway.type=NodePort \
--set gateways.istio-egressgateway.type=NodePort
# check
helm ls
kubectl get pods -n istio-system
kubectl get svc -n istio-system
Run the previous tests
# to clean up
helm delete --purge istio
kubectl delete -f install/kubernetes/helm/istio/templates/crds.yaml -n istio-system
Copy the codeReference documentation
- https://istio.io/docs/setup/kubernetes/quick-start.html
- https://istio.io/docs/guides/bookinfo.html
- https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection