k8s 安装 istio 的坑
本文针对于二进制部署的k8s安装istio1.67版本
istio1.8.0
官网:https://istio.io/latest/docs/setup/getting-started/
没有设置admin.conf的小伙伴请参考
https://www.cnblogs.com/Tempted/p/13469772.html
1、检查k8s dns svc 启动是否正常
istio pod 访问不到svc错误,请检查K8S 上dns服务是否正常
error citadelclient Failed to create certificate: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.254.0.2:53: read udp 172.30.1.57:52724->10.254.0.2:53: i/o timeout"
2、master 上需要部署一个node节点,并设置为不可调度
1,不可调度 kubectl cordon master kubectl uncordon master #取消 2,驱逐已经运行的业务容器 kubectl drain --ignore-daemonsets --delete-local-data master 3,如果想删除node 节点,则进行这个步骤 kubectl delete node master
istio自动注入错误
Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
此错误是因为master节点访问不了集群内部的Service(istio-sidecar-injector),导致自动注入失败。
安装istio
一、下载
官方地址:
https://preliminary.istio.io/latest/zh/docs/setup/getting-started/
github 下载地址
https://github.com/istio/istio/releases/
二、配置
[root@master ~]# tar -zxf istio-1.8.0-linux-amd64.tar.gz [root@master ~]# cd istio-1.8.0 添加istioctl 环境变量 [root@master ~]# vi ~/.bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/bin PATH=$PATH:/root/istio-1.6.7/bin export PATH [root@master ~]# source ~/.bash_profile 添加istio自动补全工具 [root@master ~]# cp tools/istioctl.bash ~/.istioctl.bash [root@master ~]# source ~/.istioctl.bash
c-bash: _get_comp_words_by_ref: command not found 碰到这样的错误解决方法:
yum install bash-completion -y source /usr/share/bash-completion/bash_completion source ~/.istioctl.bash
k8s 自动补全
source <(kubectl completion bash) echo "source <(kubectl completion bash)" >> ~/.bashrc #添加kubectl的k别名 vim ~/.bashrc alias k='kubectl' #tab命令只在使用完整的kubectl 命令起作用,使用别名k 时不起作用,修补: source <( kubectl completion bash | sed 's/kubectl/k/g' ) #写入 .bashrc
三、安装
以官方为主:https://preliminary.istio.io/latest/zh/docs/setup/getting-started/
1、安装demo配置
istioctl install --set profile=demo 新
[root@master istio-1.8.0]# istioctl version client version: 1.8.0 control plane version: 1.8.0 data plane version: 1.8.0 (2 proxies)
[root@master istio-1.8.0]# kubectl get pods -n istio-system NAME READY STATUS RESTARTS AGE istio-egressgateway-75dbd877cb-fmk48 1/1 Running 0 10m istio-ingressgateway-756879c745-m5jzs 1/1 Running 0 5m4s istiod-6bf46fc8cc-shlcm 1/1 Running 0 5m10s
2、添加自动注入
kubectl create ns name
kubectl label namespace <namespace> istio-injection=enabled
kubectl apply -n <namespace> -f <your-app-spec>.yaml
一个自动注入yaml demo
apiVersion: apps/v1 kind: Deployment metadata: name: demo labels: app: demo spec: replicas: 1 selector: matchLabels: app: demo template: metadata: labels: app: demo spec: containers: - name: nginx image: nginx:1.14-alpine imagePullPolicy: IfNotPresent ports: - containerPort: 80
修改 istio ingress 为nodeport模式
kubectl patch service istio-ingressgateway -n istio-system -p '{"spec":{"type":"NodePort"}}'
3、插件安装
istio 1.7版本后的插件都在 samples/addons/目录下
安装需要 kubectl apply -f samples/addons/
4、卸载
istioctl manifest generate --set profile=demo | kubectl delete --ignore-not-found=true -f -
