Service Mesh ISTIO-1.0 Quick installation experience

Introduction to the

Istio is an open source implementation of Service Mesh developed by Google/IBM/Lyft. The architecture diagram is as follows:

The installation

Install the K8S cluster

Refer to the article

The installation`istioctl`

# Go to the address below to download the zip package
# https://github.com/istio/istio/releasesWget https://github.com/istio/istio/releases/download/1.0.0/istio-1.0.0-linux.tar.gz tar xf istio - 1.0.0 - Linux. Tar. GzInstall and configure environment variablesThe mv istio - 1.0.0 / usr /local/
ln -sv /usr/local/ istio - 1.0.0 / usr /local/istio
echo 'export PATH=/usr/local/istio/bin:$PATH' > /etc/profile.d/istio.sh
source /etc/profile.d/istio.sh
istioctl version
Copy the code

Install IStio in the K8S cluster

LoadBalancer is not supported if the environment is not a cloud environment
Ingressgateway listens on ports 80 and 443
Change the use of host port mapping
With this modified version, only one instance can be run per machine
# around line 3027
cd /usr/local/istio
sudo cp install/kubernetes/istio-demo.yaml install/kubernetes/istio-demo.yaml.ori
sudo vim install/kubernetes/istio-demo.yaml
...
apiVersion: extensions/v1beta1
# kind: Deployment
# Use DaemonSet deploymentkind: DaemonSet metadata: name: istio-ingressgateway namespace: istio-system labels: app: ingressgateway chart: Gateways -1.0.0 release: release-name Heritage: Tiller app: istio-ingressgateway IsTIO: ingressgateway spec:# DaemonSet does not support Replicas
  # replicas: 1
  template:
    metadata:
      labels:
        app: istio-ingressgateway
        istio: ingressgateway
      annotations:
        sidecar.istio.io/inject: "false"
        scheduler.alpha.kubernetes.io/critical-pod: ""
    spec:
      serviceAccountName: istio-ingressgateway-service-account
      containers:
        - name: ingressgateway
          image: "GCR. IO/istio - release/proxyv2:1.0.0"
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
              # Host 80 port mapping
              hostPort: 80
            - containerPort: 443
              # host port 443 mapping
              hostPort: 443
...

# Replace the mirror address
sudo sed -i '[email protected]/[email protected]/istio@g' install/kubernetes/istio-demo.yaml
sudo sed -i '[email protected]/coreos/hyperkube:[email protected]/gcr-k8s/hyperkube:v1.7.6_coreos.0@g' install/kubernetes/istio-demo.yaml

# Check the mirror address
grep 'image:' install/kubernetes/istio-demo.yaml

# installation CRDs
# Wait a few seconds
kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml -n istio-system
kubectl get crd

# Install without authentication (without TLS)
If the machine has too little memory, it will fail to start successfully
The experiment used 3 virtual machines each with 3G memory
kubectl apply -f install/kubernetes/istio-demo.yaml

# check status
kubectl get svc -n istio-system
kubectl get pods -n istio-system
Copy the code

Pay attention to

Istio-1.0.0 already has automatic injection enabled by default and other log monitoring and tracking related components such as

istio-tracing

istio-telemetry

grafana

prometheus

servicegraph

Enable automatic Sidecar injection

Opens the automatic injection application deployment way need to use the following command kubectl apply -f < (istioctl kube inject – f samples/bookinfo/kube/bookinfo yaml)
Open automatically after injection, the use of normal command can deploy application kubectl apply -f samples/bookinfo/kube/bookinfo yaml

# istio-1.0.0 auto injection is enabled by default

# K8S 1.9 and later use auto injection
Check whether it is supported
kubectl api-versions | grep admissionregistration

Check kube-Apiserver startup parameters
# k8s version 1.9 make sure -- admission - control MutatingAdmissionWebhook, ValidatingAdmissionWebhook
# k8s version 1.9 after make sure - enable - admission - there are MutatingAdmissionWebhook plugins, ValidatingAdmissionWebhook

# Test automatic injection
# to create
kubectl apply -f samples/sleep/sleep.yaml 
kubectl get deployment -o wide
kubectl get pod

Enable automatic namespace injection
kubectl label namespace default istio-injection=enabled
kubectl get namespace -L istio-injection

Delete the pod and wait to rebuild
kubectl delete pod $(kubectl get pod | grep sleep | cut -d ' ' -f 1)

# View the reconstructed POD
# check whether the istio-proxy container exists
kubectl get pod
kubectl describe pod $(kubectl get pod | grep sleep | cut -d ' ' -f 1)

# to clean up
kubectl delete -f samples/sleep/sleep.yaml 

Turn off auto injection
kubectl label namespace default istio-injection-

Disable auto-injection for some PODS. template: metadata: annotations: sidecar.istio.io/inject:"false".Copy the code

Deploy the official test case

# default Enable automatic injection
kubectl label namespace default istio-injection=enabled

# deployment bookinfo
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml

# to create a gateway
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

# check status
kubectl get services
kubectl get pods
istioctl get gateway
Copy the code

Access to the test

Command line access test
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
NODE_NAME=$(kubectl get no | grep '<none>' | head -1 | awk '{print $1}')
NODE_IP=$(ping -c 1 $NODE_NAME | grep PING | awk '{print $3}' | tr -d '()')
export GATEWAY_URL=$NODE_IP:$INGRESS_PORT
echo $GATEWAY_URL

curl -o /dev/null -s -w "%{http_code}\n" http://${GATEWAY_URL}/productpage

# Browser access test
echo "http://${GATEWAY_URL}/productpage"

It can be accessed using daemonset
# 11.11.11.112 is the IP address of one of the nodesThe curl http://11.11.11.112/productpage# to clean up
samples/bookinfo/platform/kube/cleanup.sh
Copy the code

Clean up the

Clear # istio
kubectl delete -f install/kubernetes/helm/istio/templates/crds.yaml -n istio-system
kubectl delete -f install/kubernetes/istio-demo.yaml

# kubectl delete -f install/kubernetes/istio-demo-auth.yaml
Copy the code

Install ISTIO using the helm

Install the helm

Refer to the article

Install istio

# check configuration
cd /usr/local/istio
egrep -v "^ $| #" install/kubernetes/helm/istio/values.yaml

# installation CRDs
kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml
kubectl get crd

Configure parameters based on the configuration and requirements viewed above
# deployment
helm install install/kubernetes/helm/istio --name istio --namespace istio-system \
--set ingress.enabled=false \
--set global.hub="docker.io/istio" \
--set global.hyperkube.hub="registry.cn-shanghai.aliyuncs.com/gcr-k8s" \
--set gateways.istio-ingressgateway.type=NodePort \
--set gateways.istio-egressgateway.type=NodePort

# check
helm ls
kubectl get pods -n istio-system
kubectl get svc -n istio-system

Run the previous tests

# to clean up
helm delete --purge istio
kubectl delete -f install/kubernetes/helm/istio/templates/crds.yaml -n istio-system
Copy the code

Reference documentation

https://istio.io/docs/setup/kubernetes/quick-start.html
https://istio.io/docs/guides/bookinfo.html
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection

Service Mesh ISTIO-1.0 Quick installation experience

Introduction to the

The installation

Install the K8S cluster

The installationistioctl

Install IStio in the K8S cluster

Enable automatic Sidecar injection

Deploy the official test case

Access to the test

Clean up the

Install ISTIO using the helm

Install the helm

Install istio

Reference documentation

Related Posts

2018 Data Analyst growth Guide

Intelligent greenhouse engineering construction design scheme

Programmer’s pain and joy: The mistakes programmers can make in the beginning are all too real!

The installation`istioctl`