一、istio:环境搭建

发表于 | 分类于

1.1、kubernetes 安装

安装kubernetes的方法有很多,这里推荐使用minikube,是一个可以在本地快速构建kubernetes集群的命令行工具。

tips:计算机必须在 BIOS 中启用 VT-x 或 AMD-v 虚拟化。

检查方法:

  • Mac:如果输出中包含VMX
1
sysctl -a | grep -E --color 'machdep.cpu.features|VMX'
  • linux:输出非空
1
grep -E --color 'vmx|svm' /proc/cpuinfo
  • windows:提示比较详细,这里就不贴出来了。
1
systeminfo

1.1.1、安装 kubectl

下载kubectl

1
curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl"

授权

1
chmod +x kubectl

移到PATH

1
sudo mv ./kubectl /usr/local/bin/kubectl

测试 kubectl

1
kubectl version --client

1.1.2、安装 Hypervisor

如果未安装hypervisor,以下两种选择一个,如果都没有安装在启动minikube可能会提示:

1
无法启动虚拟机。可能的话请检查后执行 'minikube delete': create: creating: exit status 255

1.1.3、install minikube

下载地址:v1.7.2

下载后,进入minikube所在目录,执行一下命令

1
2
chmod +x minikube  
mv minikube /usr/local/bin

执行minikube可以看到以下提示

1
2
3
4
5
6
7
8
9
10
11
12
13
14
Minikube is a CLI tool that provisions and manages single-node Kubernetes clusters optimized for development workflows.

基本命令:
  start          启动本地 kubernetes 集群
  status         获取本地 kubernetes 集群状态
  stop           Stops a running local kubernetes cluster
  delete         删除本地的 kubernetes 集群
  dashboard      访问在 minikube 集群中运行的 kubernetes dashboard
  pause          pause containers
  unpause        unpause Kubernetes

Images Commands:
  docker-env     Sets up docker env variables; similar to '$(docker-machine env)'
  cache          在本地缓存中添加或删除 image。

1.1.4、启动kubernetes集群

启动一个内存大小2g,cup数量为3的kubernetes单点集群:

1
minikube start --memory=2048 --cpus=3

会看到minikube在VirtualBox运行如下:

命令启动后,可能会遇到如下问题:

1
2
3
4
正在创建 virtualbox 虚拟机(CPUs=4,Memory=2048MB, Disk=20000MB)...
E0219 23:01:00.307198   14995 cache.go:62] save image to file "k8s.gcr.io/coredns:1.6.5" -> "/Users/lastdays/.minikube/cache/images/k8s.gcr.io/coredns_1.6.5" failed: nil image for k8s.gcr.io/coredns:1.6.5: Get https://k8s.gcr.io/v2/: dial tcp 108.177.97.82:443: i/o timeout
E0219 23:01:00.308288   14995 cache.go:62] save image to file "k8s.gcr.io/etcd:3.4.3-0" -> "/Users/lastdays/.minikube/cache/images/k8s.gcr.io/etcd_3.4.3-0" failed: nil image for k8s.gcr.io/etcd:3.4.3-0: Get https://k8s.gcr.io/v2/: dial tcp 108.177.97.82:443: i/o timeout
E0219 23:01:00.308321   14995 cache.go:62] save image to file "k8s.gcr.io/pause:3.1" -> "/Users/lastdays/.minikube/cache/images/k8s.gcr.io/pause_3.1" failed: nil image for k8s.gcr.io/pause:3.1: Get https://k8s.gcr.io/v2/: dial tcp 108.177.97.82:443: i/o timeout

这是因为无法访问外网导致,所以需要设置代理,如下:(我使用ShadowsocksX-NG搭了一个梯子)。

1
minikube start --docker-env http_proxy=<my proxy> --docker-env https_proxy=<my proxy> --docker-env no_proxy=192.168.99.0/24 --cpus 4 --memory 2048

成功安装后执行效果如下:

1
2
3
4
5
6
7
8
🐳  正在 Docker 19.03.5 中准备 Kubernetes v1.17.2…
    ▪ env http_proxy=<my proxy>
    ▪ env https_proxy=<my proxy>
    ▪ env no_proxy=192.168.99.0/24
🚀  正在启动 Kubernetes ...
🌟  Enabling addons: default-storageclass, storage-provisioner
⌛  等待集群上线...
🏄  完成!kubectl 已经配置至 "minikube"

连接

1
2
3
4
5
6
7
8
9
10
11
12
13
minikube ssh 
dorker images

k8s.gcr.io/kube-proxy                     v1.17.2             cba2a99699bd        4 weeks ago         116MB
k8s.gcr.io/kube-controller-manager        v1.17.2             da5fd66c4068        4 weeks ago         161MB
k8s.gcr.io/kube-apiserver                 v1.17.2             41ef50a5f06a        4 weeks ago         171MB
k8s.gcr.io/kube-scheduler                 v1.17.2             f52d4c527ef2        4 weeks ago         94.4MB
kubernetesui/dashboard                    v2.0.0-beta8        eb51a3597525        2 months ago        90.8MB
k8s.gcr.io/coredns                        1.6.5               70f311871ae1        3 months ago        41.6MB
k8s.gcr.io/etcd                           3.4.3-0             303ce5db0e90        3 months ago        288MB
kubernetesui/metrics-scraper              v1.0.2              3b08661dc379        3 months ago        40.1MB
k8s.gcr.io/pause                          3.1                 da86e6ba6ca1        2 years ago         742kB
gcr.io/k8s-minikube/storage-provisioner   v1.8.1              4689081edb10        2 years ago         80.8MB

kubectl默认配置路径:~/.kube/config,执行 kubectl cluster-info查看集群信息如果出现如下信息:

1
2
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
Unable to connect to the server: net/http: TLS handshake timeout

则查看集群ip,然后将查询结果设置 

1
2
3
minikube ip

export no_proxy={ip}

就可以看到集群的信息了

1
2
3
$ kubectl cluster-info
Kubernetes master is running at https://192.168.99.113:8443
KubeDNS is running at https://192.168.99.113:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

1.1.5、安装 Helm

Helm是kubernetes的包管理工具。

下载地址:Helm

1
2
3
chmod +x helm
mv helm /usr/local/bin
helm version

1.2、istio 安装

1.2.1、下载 release

1
2
3
4
curl -L https://istio.io/downloadIstio | sh -
cd istio-1.4.5
cd bin
mv istioctl /usr/local/bin

1.2.2、安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
istioctl manifest apply --set profile=demo

Applying manifest for component Base...
✔ Finished applying manifest for component Base.
- Applying manifest for component Tracing...
- Applying manifest for component Citadel...
- Applying manifest for component EgressGateway...
- Applying manifest for component IngressGateway...
- Applying manifest for component Pilot...
- Applying manifest for component Policy...
- Applying manifest for component Galley...
- Applying manifest for component Prometheus...
- Applying manifest for component Kiali...
- Applying manifest for component Telemetry...
- Applying manifest for component Injector...
- Applying manifest for component Grafana...
✔ Finished applying manifest for component Prometheus.
✔ Finished applying manifest for component Citadel.
✔ Finished applying manifest for component Kiali.
✔ Finished applying manifest for component Galley.
✔ Finished applying manifest for component Injector.
✔ Finished applying manifest for component Tracing.
✔ Finished applying manifest for component Policy.
✔ Finished applying manifest for component EgressGateway.
✔ Finished applying manifest for component IngressGateway.
✔ Finished applying manifest for component Pilot.
✔ Finished applying manifest for component Grafana.
✔ Finished applying manifest for component Telemetry.

执行kubectl get pods -n istio-system,等待所有STATUS都都变为running或者completed。代表istio安装成功

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$ kubectl get pods -n istio-system

NAME                                      READY   STATUS              RESTARTS   AGE
grafana-6b65874977-smgss                  0/1     ContainerCreating   0          2m27s
istio-citadel-7d4689c4cf-xdd5l            0/1     ContainerCreating   0          2m29s
istio-egressgateway-679b746848-g7d7r      0/1     Running             0          2m29s
istio-galley-6b8dfcc549-hd8h8             0/1     ContainerCreating   0          2m29s
istio-ingressgateway-db547d98-k8wpq       0/1     Running             0          2m29s
istio-pilot-85d8f75c4-gnjw2               0/1     ContainerCreating   0          2m28s
istio-policy-6845468548-j58fx             0/1     ContainerCreating   0          2m29s
istio-sidecar-injector-6fdc95467f-lpkvz   0/1     ContainerCreating   0          2m28s
istio-telemetry-5b994fddc6-tn8hq          0/1     ContainerCreating   0          2m29s
istio-tracing-c66d67cd9-hg9gg             1/1     Running             0          2m29s
kiali-8559969566-tr99h                    0/1     ContainerCreating   0          2m28s
prometheus-66c5887c86-clsmx               0/1     ContainerCreating   0          2m29s

成功状态:

1
2
3
4
5
6
7
8
9
10
11
12
13
NAME                                      READY   STATUS    RESTARTS   AGE
grafana-6b65874977-smgss                  1/1     Running   0          14m
istio-citadel-7d4689c4cf-xdd5l            1/1     Running   0          14m
istio-egressgateway-679b746848-g7d7r      1/1     Running   0          14m
istio-galley-6b8dfcc549-hd8h8             1/1     Running   0          14m
istio-ingressgateway-db547d98-k8wpq       1/1     Running   0          14m
istio-pilot-85d8f75c4-gnjw2               1/1     Running   0          14m
istio-policy-6845468548-j58fx             1/1     Running   7          14m
istio-sidecar-injector-6fdc95467f-lpkvz   1/1     Running   0          14m
istio-telemetry-5b994fddc6-tn8hq          1/1     Running   7          14m
istio-tracing-c66d67cd9-hg9gg             1/1     Running   0          14m
kiali-8559969566-tr99h                    1/1     Running   0          14m
prometheus-66c5887c86-clsmx               1/1     Running   0

1.3、istio命令

查看版本

1
2
3
4
5
istioctl version

client version: 1.4.5
control plane version: 1.4.5
data plane version: 1.4.5 (2 proxies