1、重装命令
istioctl manifest generate --set profile=demo | kubectl delete --ignore-not-found=true -f -
2、下载
参考:02、istio部署到k8s中 - 简书 (jianshu.com)
参考 Istio / 入门
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.20.0 TARGET_ARCH=x86_64 sh -
tar -zxvf istio-1.20.0-linux-amd64.tar.gz
vim /etc/profile
export ISTIO_HOME=/opt/istio-1.20.0
source /etc/profile
echo $ISTIO_HOME
/opt/istio-1.20.0
export PATH=PWD/bin:PATH
which istioctl
root@bigData07 istio-1.20.0# istioctl install --set profile=demo -y
报异常:
Error: failed to install manifests: errors occurred during operation: creating default tag would conflict:
Error IST0139 (MutatingWebhookConfiguration istio-sidecar-injector ) Webhook overlaps with others: istio-revision-tag-default/namespace.sidecar-injector.istio.io. This may cause injection to occur twice.
Error IST0139 (MutatingWebhookConfiguration istio-sidecar-injector ) Webhook overlaps with others: istio-revision-tag-default/object.sidecar-injector.istio.io. This may cause injection to occur twice.
Error IST0139 (MutatingWebhookConfiguration istio-sidecar-injector ) Webhook overlaps with others: istio-revision-tag-default/rev.namespace.sidecar-injector.istio.io. This may cause injection to occur twice.
Error IST0139 (MutatingWebhookConfiguration istio-sidecar-injector ) Webhook overlaps with others: istio-revision-tag-default/rev.object.sidecar-injector.istio.io. This may cause injection to occur twice.
kubectl get MutatingWebhookConfiguration
kubectl delete MutatingWebhookConfiguration istio-revision-tag-default
istioctl install --set profile=demo -y
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items0.metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"
对外开放应用程序
此时,BookInfo 应用已经部署,但还不能被外界访问。 要开放访问,您需要创建 Istio 入站网关(Ingress Gateway), 它会在网格边缘把一个路径映射到路由。
kubectl apply -f
samples/bookinfo/networking/bookinfo-gateway.yaml
kubectl describe ns default
五、确定入站 IP 和端口
kubectl get svc istio-ingressgateway -n istio-system
kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports?(@.name=="http2").nodePort}'
kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports?(@.name=="https").nodePort}'
kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items0.status.hostIP}'
http://192.168.1.245:32258/productpage
查看仪表盘
安装 Kiali 和其他插件,等待部署完成。
kubectl rollout status deployment/kiali -n istio-system
istioctl dashboard kiali
kubectl get svc -n istio-system -owide
kubectl get all -n istio-system
kubectl patch svc -n istio-system kiali -p '{"spec": {"type": "NodePort"}}'
http://192.168.1.245:31582/kiali
istiod
istiod中的'd' 代表 daemon
istio ingress gateway
istio ingress gateway是进入集群的大门,外部要访问网格内部需要从这个ingress gateway进入
istio egress gateway
istio egress gateway是出去集群的大门。流量出去的时候走这
卸载istio
istioctl x uninstall --purge
其他组件
参考:【精选】Istio的监控组件Prometheus_istiod sidecar 流量监控 promethue-CSDN博客
istioctl dashboard prometheus
kubectl get svc -n istio-system -owide
kubectl patch svc -n istio-system prometheus -p '{"spec": {"type": "NodePort"}}'
istioctl dashboard grafana
kubectl patch svc -n istio-system grafana -p '{"spec": {"type": "NodePort"}}'
kubectl patch svc -n istio-system tracing -p '{"spec":{"type": "NodePort"}}'
kubectl get svc -n istio-system
http://192.168.1.245:32295/jaeger/search
参考:Online Boutique在k8s中部署,启用istio,配置Kiali、Jaeger、Prometheus、Grafana_kiali部署_谁老是和我重名啊的博客-CSDN博客