istio 安装试用

1. 命令行工具
  1. curl -L https://git.io/getIstio | sh -
2. 环境变量配置
  1. export PATH=$PWD/bin:$PATH
3. RBAC 检验
  1. kubectl api-versions | grep rbac
以下为官方介绍:
  1. If the command displays an error, or does not display anything, it means the cluster does not support RBAC, and you can proceed to step 5 below.
  2. If the command displays ‘beta’ version, or both ‘alpha’ and ‘beta’, please apply istio-rbac-beta.yaml configuration:
  3. kubectl apply -f install/kubernetes/istio-rbac-beta.yaml
  4. Copy
  5. If you get an error
  6. Error from server (Forbidden): error when creating "install/kubernetes/istio-rbac-beta.yaml": clusterroles.rbac.authorization.k8s.io "istio-manager" is forbidden: attempt to grant extra privileges: [{[*] [istio.io] [istioconfigs] [] []} {[*] [istio.io] [istioconfigs.istio.io] [] []} {[*] [extensions] [thirdpartyresources] [] []} {[*] [extensions] [thirdpartyresources.extensions] [] []} {[*] [extensions] [ingresses] [] []} {[*] [] [configmaps] [] []} {[*] [] [endpoints] [] []} {[*] [] [pods] [] []} {[*] [] [services] [] []}] user=&{user@example.org [...]
  7. Copy
  8. You need to add the following: (replace the name with your own)
  9. kubectl create clusterrolebinding myname-cluster-admin-binding --clusterrole=cluster-admin --user=myname@example.org
  10. Copy
  11. If the command displays only ‘alpha’ version, please apply istio-rbac-alpha.yaml configuration:
  12. kubectl apply -f install/kubernetes/istio-rbac-alpha.yaml
4. 安装核心组件(注意service type 的定义)
  1. kubectl apply -f install/kubernetes/istio.yaml
  1. kubectl apply -f install/kubernetes/istio-auth.yaml
5. 监控组件安装
  1. kubectl apply -f install/kubernetes/addons/prometheus.yaml
  2. kubectl apply -f install/kubernetes/addons/grafana.yaml
  3. kubectl apply -f install/kubernetes/addons/servicegraph.yaml
6. bookinfo 例子安装
  1. kubectl apply -f <(istioctl kube-inject -f samples/apps/bookinfo/bookinfo.yaml)
7. 几个问题

安装需要使用serviceaccount 注意配置,istioctl 需要使用kubectl config 注意配置
主要是 kubectl config set-cluster kubectl config set-context  kubectl use-context 命令
因为部分容器需要按照特权模式运行,需要配置apiserver controller-manager  --allow-privileged=true
同时服务默认部分使用的是云平台的loadblance 测试环境可能没有,所以需要改为NodePort

8. 总结

        总之安装还是比较简单的,但是还需要深入研究,每个组件的设计,以及功能。
9. 参考文档



posted on 2017-05-30 16:02  荣锋亮  阅读(1149)  评论(0编辑  收藏  举报

导航