搭建Istio基礎環境

需求

搭建istio基礎環境（基於1.5.1版本）

安裝步驟

在安裝 Istio 以前，須要一個運行着 Kubernetes 的環境，安裝步驟能夠參考前面的文章

下載istio，而後解壓，而後將 istioctl 增長到 path 環境變量中

curl -L https://istio.io/downloadIstio | sh -
cd istio-1.5.1
export PATH=$PWD/bin:$PATH

新建istio-1.5.1.yaml 配置文件、按照官方文檔操做安裝會出現錯誤，致使不能正常進行sidecar 自動注入

vim istio-1.5.1.yaml

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  components:
    egressGateways:
    - name: istio-egressgateway
      enabled: true
      k8s:
        resources:
          requests:
            cpu: 10m
            memory: 40Mi

    ingressGateways:
    - name: istio-ingressgateway
      enabled: true
      k8s:
        resources:
          requests:
            cpu: 10m
            memory: 40Mi
        service:
          ports:
            ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces.
            # Note that AWS ELB will by default perform health checks on the first port
            # on this list. Setting this to the health check port will ensure that health
            # checks always work. https://github.com/istio/istio/issues/12503
            - port: 15020
              targetPort: 15020
              name: status-port
            - port: 80
              targetPort: 8080
              name: http2
            - port: 443
              targetPort: 8443
              name: https
            - port: 31400
              targetPort: 31400
              name: tcp
              # This is the port where sni routing happens
            - port: 15443
              targetPort: 15443
              name: tls

    policy:
      enabled: false
      k8s:
        resources:
          requests:
            cpu: 10m
            memory: 100Mi

    telemetry:
      k8s:
        resources:
          requests:
            cpu: 50m
            memory: 100Mi

    pilot:
      k8s:
        env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          - name: GODEBUG
            value: gctrace=1
          - name: PILOT_TRACE_SAMPLING
            value: "100"
          - name: CONFIG_NAMESPACE
            value: istio-config
        resources:
          requests:
            cpu: 10m
            memory: 100Mi

  addonComponents:
    kiali:
      enabled: true
    grafana:
      enabled: true
    tracing:
      enabled: true
    prometheus:
      enabled: true

  values:
    global:
      disablePolicyChecks: false
      proxy:
        accessLogFile: /dev/stdout
        includeIPRanges: 192.168.16.0/20,192.168.32.0/20
        autoInject: enabled  #配置自動注入
        resources:
          requests:
            cpu: 10m
            memory: 40Mi
    sidecarInjectorWebhook:
      enableNamespacesByDefault: true

    pilot:
      autoscaleEnabled: false

    mixer:
      adapters:
        useAdapterCRDs: false
        kubernetesenv:
          enabled: true
        prometheus:
          enabled: true
          metricsExpiryDuration: 10m
        stackdriver:
          enabled: false
        stdio:
          enabled: true
          outputAsJson: false
      policy:
        autoscaleEnabled: false
      telemetry:
        autoscaleEnabled: false

    gateways:
      istio-egressgateway:
        autoscaleEnabled: true
      istio-ingressgateway:
        autoscaleEnabled: true
    kiali:
      createDemoSecret: true

安裝對應配置

istioctl manifest apply -f istio-1.5.1.yaml

驗證是否安裝成功

kubectl get svc -n istio-system

NAME                        TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                      AGE
grafana                     ClusterIP      10.106.222.1     <none>        3000/TCP                                                                     72m
istio-egressgateway         ClusterIP      10.105.147.175   <none>        80/TCP,443/TCP,15443/TCP                                                     72m
istio-ingressgateway        LoadBalancer   10.101.90.130    <pending>     15020:31121/TCP,80:31729/TCP,443:31903/TCP,31400:32746/TCP,15443:31084/TCP   72m
istio-pilot                 ClusterIP      10.101.28.124    <none>        15010/TCP,15011/TCP,15012/TCP,8080/TCP,15014/TCP,443/TCP                     80m
istiod                      ClusterIP      10.99.35.177     <none>        15012/TCP,443/TCP                                                            80m
jaeger-agent                ClusterIP      None             <none>        5775/UDP,6831/UDP,6832/UDP                                                   72m
jaeger-collector            ClusterIP      10.109.237.212   <none>        14267/TCP,14268/TCP,14250/TCP                                                72m
jaeger-collector-headless   ClusterIP      None             <none>        14250/TCP                                                                    72m
jaeger-query                ClusterIP      10.103.4.63      <none>        16686/TCP                                                                    72m
kiali                       ClusterIP      10.100.49.221    <none>        20001/TCP                                                                    72m
prometheus                  ClusterIP      10.110.124.176   <none>        9090/TCP                                                                     72m
tracing                     ClusterIP      10.106.75.109    <none>        80/TCP                                                                       72m
zipkin                      ClusterIP      10.103.9.94      <none>        9411/TCP

確保關聯的 Kubernetes pod 已經部署，而且 STATUS 爲 Running

kubectl get pods -n istio-system

NAME                                    READY   STATUS    RESTARTS   AGE
grafana-5f6f8cbf75-trjl6                1/1     Running   0          73m
istio-egressgateway-74896c8487-9qnwg    1/1     Running   0          73m
istio-ingressgateway-56f7dd5d6b-9c22z   1/1     Running   0          73m
istio-tracing-9dd6c4f7c-qr7vl           1/1     Running   0          73m
istiod-756bd84654-fqp7b                 1/1     Running   0          73m
istiod-756bd84654-hxpqt                 1/1     Running   0          73m
kiali-869c6894c5-p4h7r                  1/1     Running   0          73m
prometheus-c89875c74-lvq52              2/2     Running   0          73m

卸載istio

istioctl manifest generate --set profile=demo | kubectl delete -f -

部署Bookinfo

Istio 默認自動注入 Sidecar. 請爲 default 命名空間打上標籤 istio-injection=enabled：

kubectl label namespace default istio-injection=enabled

使用 kubectl 部署應用：

kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml

在實際部署中，微服務版本的啓動過程須要持續一段時間，並非同時完成的。

確認全部的服務和 Pod 都已經正確的定義和啓動：

kubectl get services
NAME                       CLUSTER-IP   EXTERNAL-IP   PORT(S)              AGE
details                    10.0.0.31    <none>        9080/TCP             6m
kubernetes                 10.0.0.1     <none>        443/TCP              7d
productpage                10.0.0.120   <none>        9080/TCP             6m
ratings                    10.0.0.15    <none>        9080/TCP             6m
reviews                    10.0.0.170   <none>        9080/TCP             6m

kubectl get pods
NAME                                        READY     STATUS    RESTARTS   AGE
details-v1-1520924117-48z17                 2/2       Running   0          6m
productpage-v1-560495357-jk1lz              2/2       Running   0          6m
ratings-v1-734492171-rnr5l                  2/2       Running   0          6m
reviews-v1-874083890-f0qf0                  2/2       Running   0          6m
reviews-v2-1343845940-b34q5                 2/2       Running   0          6m
reviews-v3-1813607990-8ch52                 2/2       Running   0          6m

確認 Bookinfo 應用是否正在運行，請在某個 Pod 中用 curl 命令對應用發送請求，例如 ratings：

kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>

使用瀏覽器訪問Bookinfo放在後面來說解，由於是使用雲環境而非本地，使用gateway/ingress開放外網端口還須要調整一些配置，跟官方文檔在本地安裝還有些差別。

參考文獻

https://preliminary.istio.io/zh/docs/setup/getting-started/