istio 安裝試用

1. 命令行工具

   
   
   
   

    
    
    
    

   
   
   
   
curl -L https://git.io/getIstio | sh -

2. 環境變量配置

   
   
   
   

    
    
    
    

   
   
   
   
export PATH=$PWD/bin:$PATH

3. RBAC 檢驗

   
   
   
   

    
    
    
    

   
   
   
   
kubectl api-versions | grep rbac

如下爲官方介紹：

   
   
   
   

    
    
    
    

    
    
    
    

    
    
    
    

    
    
    
    

    
    
    
    

    
    
    
    

    
    
    
    

    
    
    
    

    
    
    
    

    
    
    
    

    
    
    
    

    
    
    
    

   
   
   
   
If the command displays an error, or does not display anything, it means the cluster does not support RBAC, and you can proceed to step 5 below.If the command displays ‘beta’ version, or both ‘alpha’ and ‘beta’, please apply istio-rbac-beta.yaml configuration:kubectl apply -f install/kubernetes/istio-rbac-beta.yamlCopyIf you get an errorError from server (Forbidden): error when creating "install/kubernetes/istio-rbac-beta.yaml": clusterroles.rbac.authorization.k8s.io "istio-manager" is forbidden: attempt to grant extra privileges: [{[*] [istio.io] [istioconfigs] [] []} {[*] [istio.io] [istioconfigs.istio.io] [] []} {[*] [extensions] [thirdpartyresources] [] []} {[*] [extensions] [thirdpartyresources.extensions] [] []} {[*] [extensions] [ingresses] [] []} {[*] [] [configmaps] [] []} {[*] [] [endpoints] [] []} {[*] [] [pods] [] []} {[*] [] [services] [] []}] user=&{user@example.org [...]CopyYou need to add the following: (replace the name with your own)kubectl create clusterrolebinding myname-cluster-admin-binding --clusterrole=cluster-admin --user=myname@example.orgCopyIf the command displays only ‘alpha’ version, please apply istio-rbac-alpha.yaml configuration:kubectl apply -f install/kubernetes/istio-rbac-alpha.yaml

4. 安裝核心組件（注意service type 的定義）

   
   
   
   

    
    
    
    

   
   
   
   
kubectl apply -f install/kubernetes/istio.yaml

    
    
    
    

     
     
     
     

    
    
    
    
kubectl apply -f install/kubernetes/istio-auth.yaml

5. 監控組件安裝

   
   
   
   

    
    
    
    

    
    
    
    

    
    
    
    

   
   
   
   
kubectl apply -f install/kubernetes/addons/prometheus.yamlkubectl apply -f install/kubernetes/addons/grafana.yamlkubectl apply -f install/kubernetes/addons/servicegraph.yaml

6. bookinfo 例子安裝

   
   
   
   

    
    
    
    

   
   
   
   
kubectl apply -f <(istioctl kube-inject -f samples/apps/bookinfo/bookinfo.yaml)

7. 幾個問題

安裝須要使用serviceaccount 注意配置，istioctl 須要使用kubectl config 注意配置

主要是 kubectl config set-cluster kubectl config set-context  kubectl use-context 命令

由於部分容器須要按照特權模式運行，須要配置apiserver controller-manager   --allow-privileged=true

同時服務默認部分使用的是雲平臺的loadblance 測試環境可能沒有，因此須要改成NodePort

8. 總結

          總之安裝仍是比較簡單的，可是還須要深刻研究，每一個組件的設計，以及功能。

9. 參考文檔

        bookino : https://istio.io/docs/samples/bookinfo.html

        install:  https://istio.io/docs/tasks/installing-istio.html

        ppt 介紹：  https://istio.io/talks/istio_talk_gluecon_2017.pdf