istio k8s版本支持列表
Istioctl ./istio-1.19.1/manifests/profiles/default.yaml
profile=demo配置组合
1 istioctl install --manifests=manifests/
如果使用 istioctl 1.19.1 版本的二进制文件,此命令将得到和独立运行 istioctl install 相同的结果
1 2 3 4 ❯ ./bin/istioctl install --set hub=k8s.org/istio This will install the Istio 1.19.1 "default" profile (with components: Istio core, Istiod, and Ingress gateways) into the cluster. Proceed? (y/N) y ✔ Istio core installed - Processing resources for Istiod. Waiting for Deployment/istio-system/istiod
0/6 nodes are available: 3 Insufficient memory, 3 node(s) had untolerated taint {node-role.kubernetes.io/control-plane: }. preemption: 0/6 nodes are available: 3 No preemption victims found for incoming pod, 3 Preemption is not helpful for scheduling..
默认 istiod-xxx-xx request 内存2G
定制安装配置
1 istioctl install -f samples/operator/pilot-k8s.yaml
apiVersion: install.istio.io/v1alpha1
使用配置 1 ❯ ./bin/istioctl install --set hub=k8s.org/istio -f ./pilot-k8s-size.yaml
samples/bookinfo/platform/kube/bookinfo.yaml
1 2 3 4 5 zgrep "docker.io/istio" /samples/bookinfo/platform/kube/* | awk '{print $3}' | sort -u | uniq | sed 's/docker.io/k8s.org/' #替换 sed -i 's/docker.io/k8s.org/' `zgrep "docker.io/istio" * | awk -F ":" '{print $1}' | sort -u | uniq` #检查 zgrep "k8s.org/istio" * | awk '{print $3}' | sort -u | uniq
卸载 1 2 3 ❯ ./istioctl uninstall --purge All Istio resources will be pruned from the cluster Proceed? (y/N) y
1
注入 Sidecar 自动注入-打标签 1 2 3 4 5 6 7 8 9 10 11 #Istio 默认自动注入 Sidecar. 请为 default 命名空间打上标签 istio-injection=enabled: ❯ kubectl label namespace default istio-injection=enabled namespace/default labeled #查看 ❯ kubectl get ns -L istio-injection #修改 ❯ kubectl label namespace default istio-injection=disabled --overwrite=true namespace/default labeled #删除 标签后加上一个-号,如:istio-injection- ❯ kubectl label namespace default istio-injection- namespace/default unlabeled
1 2 3 $ istioctl kube-inject -f samples/sleep/sleep.yaml | kubectl apply -f - $ kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)
使用 Ingress Gateway 服务的 Node Port验证
1 2 3 4 5 6 7 8 9 10 11 export INGRESS_NAME=istio-ingressgateway export INGRESS_NS=istio-system ❯ export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n "${INGRESS_NS}" -o jsonpath='{.items[0].status.hostIP}') ❯ export INGRESS_PORT=$(kubectl -n "${INGRESS_NS}" get service "${INGRESS_NAME}" -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}') ❯ echo "INGRESS_HOST=$INGRESS_HOST, INGRESS_PORT=$INGRESS_PORT" INGRESS_HOST=192.168.122.14, INGRESS_PORT=31634
1 curl -s -I -HHost:httpbin.example.com "http://$INGRESS_HOST:$INGRESS_PORT/status/200"
HTTP/1.1 503 Service Unavailable
#https://istio.io/latest/zh/docs/ops/common-problems/network-issues/#route-rules-have-no-effect-on-ingress-gateway-requests
1 curl -s -I -HHost:httpbin.example.com "http://$INGRESS_HOST:$INGRESS_PORT/headers"
HTTP/1.1 404 Not Found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ❯ helm repo add istio https://istio-release.storage.googleapis.com/charts ❯ helm search repo istio | grep istio/ istio/istiod 1.19.1 1.19.1 Helm chart for istio control plane istio/base 1.19.1 1.19.1 Helm chart for deploying Istio cluster resource... istio/cni 1.19.1 1.19.1 Helm chart for istio-cni components istio/gateway 1.19.1 1.19.1 Helm chart for deploying Istio gateways istio/ztunnel 1.19.1 1.19.1 Helm chart for istio ztunnel components ❯ helm pull istio/base --untar ❯ helm pull istio/gateway --untar ❯ helm pull istio/istiod --untar ❯ helm pull istio/ztunnel --untar ❯ helm pull istio/cni --untar
1 2 3 4 5 helm install istio-base istio/base -n istio-system --set defaultRevision=default helm install istiod istio/istiod -n istio-system --wait #(可选)安装 Istio 的入站网关: $ kubectl create namespace istio-ingress $ helm install istio-ingress istio/gateway -n istio-ingress --wait
点击打赏
会心一笑
<
monitor
磁盘 fdisk
>
