12.4 使用Helm定制部署Istio
Helm是Kubernetes的包管理工具,我们之前安装Istio时使用的istio-demo.yaml文件实际上就是根据Istio的Helm包生成的部署文件。
(1)安装Helm
下载Helm安装包。到Helm的发布页面https://github.com/helm/helm/releases 查找当前可用的版本的包地址,由于这个压缩包在国外服务器上,可能由于网络问题不能顺利下载,可以自己先在网络正常的机器上下载完成后,再上传到实验环境的虚拟机。使用如下命令下载安装包:
$ wget https://storage.googleapis.com/kubernetes-helm/helm-v2.12.2-linux-amd64.tar.gz
安装Helm:
$ tar xf helm-v2.12.2-linux-amd64.tar.gz
$ sudo mv linux-amd64/ /usr/local/helm-2.12.2
$ sudo ln -sv /usr/local/helm-2.12.2 /usr/local/helm
$ echo 'export PATH=/usr/local/helm:$PATH' | sudo tee /etc/profile.d/helm.sh
$ source /etc/profile.d/helm.sh
$ helm version
Client: &version.Version{SemVer:"v2.12.2", GitCommit:"7d2b0c73d734f6586ed222a567c5d103fed435be", GitTreeState:"clean"}
Error: could not find tiller
(2)生成Istio部署文件
根据配置生成Istio的部署文件,使用如下命令生成定制的部署文件 [1] :
$ helm template /usr/local/istio/install/kubernetes/helm/istio \ --name istio --namespace istio-system \ --set global.hyperkube.hub=registry.cn-shanghai.aliyuncs.com/gcr-k8s \ --set pilot.resources.requests.memory=300Mi \ --set gateways.istio-ingressgateway.enabled=true \ --set gateways.istio-egressgateway.enabled=true \ --set galley.enabled=true \ --set sidecarInjectorWebhook.enabled=true \ --set global.mtls.enabled=false \ --set prometheus.enabled=true \ --set grafana.enabled=true \ --set tracing.enabled=true \ --set pilot.traceSampling=100 \ --set servicegraph.enabled=true > istio.yaml
(3)部署Istio
创建istio-system命名空间:
$ kubectl create ns istio-system
创建Istio CRD:
$ kubectl apply -f /usr/local/istio/install/kubernetes/helm/istio/templates/crds.yaml
查看Istio CRD:
$ kubectl get crd NAME CREATED AT adapters.config.istio.io 2018-11-28T06:44:40Z ... rules.config.istio.io 2018-11-28T06:44:39Z servicecontrolreports.config.istio.io 2018-11-28T06:44:40Z servicecontrols.config.istio.io 2018-11-28T06:44:39Z serviceentries.networking.istio.io 2018-11-28T06:44:39Z servicerolebindings.rbac.istio.io 2018-11-28T06:44:40Z serviceroles.rbac.istio.io 2018-11-28T06:44:40Z signalfxs.config.istio.io 2018-11-28T06:44:39Z solarwindses.config.istio.io 2018-11-28T06:44:39Z stackdrivers.config.istio.io 2018-11-28T06:44:39Z statsds.config.istio.io 2018-11-28T06:44:39Z stdios.config.istio.io 2018-11-28T06:44:39Z templates.config.istio.io 2018-11-28T06:44:40Z tracespans.config.istio.io 2018-11-28T06:44:40Z virtualservices.networking.istio.io 2018-11-28T06:44:39Z
部署Istio相关组件:
$ kubectl apply -f istio.yaml
查看Istio组件状态:
$ kubectl get deploy -n istio-system NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE grafana 1 1 1 1 61s istio-citadel 1 1 1 1 60s istio-egressgateway 1 1 1 1 62s istio-galley 1 1 1 1 62s istio-ingressgateway 1 1 1 1 61s istio-pilot 1 1 1 1 61s istio-policy 1 1 1 1 61s istio-sidecar-injector 1 1 1 1 60s istio-telemetry 1 1 1 1 61s istio-tracing 1 1 1 1 60s prometheus 1 1 1 1 60s servicegraph 1 1 1 1 60s $ kubectl get job -n istio-system NAME COMPLETIONS DURATION AGE istio-cleanup-secrets 1/1 41s 78s istio-grafana-post-install 1/1 17s 78s istio-security-post-install 1/1 16s 78s $ kubectl get pod -n istio-system NAME READY STATUS RESTARTS AGE grafana-546d9997bb-f2scr 1/1 Running 0 92s istio-citadel-6955bc9cb7-47cnf 1/1 Running 0 91s istio-cleanup-secrets-l4shp 0/1 Completed 0 95s istio-egressgateway-7dc5cbbc56-5gcz4 1/1 Running 0 92s istio-galley-545b6b8f5b-gbvtx 1/1 Running 0 92s istio-grafana-post-install-v5j5b 0/1 Completed 0 95s istio-ingressgateway-7958d776b5-9rgbx 1/1 Running 0 92s istio-pilot-64958c46fc-9vmlq 2/2 Running 0 92s istio-policy-5c689f446f-wltfj 2/2 Running 0 92s istio-security-post-install-xwph2 0/1 Completed 0 95s istio-sidecar-injector-99b476b7b-lxqcb 1/1 Running 0 91s istio-telemetry-55d68b5dfb-qjvbm 2/2 Running 0 92s istio-tracing-6445d6dbbf-7qdqk 1/1 Running 0 91s prometheus-65d6f6b6c-rsrdr 1/1 Running 0 91s servicegraph-57c8cbc56f-fqftt 1/1 Running 0 91s $ kubectl get svc -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ... istio-ingressgateway LoadBalancer 10.100.103.226 <pending> 80:31380/TCP,443:31390/TCP,31400:31400/TCP,15011:30675/TCP,8060:30928/TCP,853:31502/TCP,15030:31492/TCP,15031:30442/TCP 110s istio-pilot ClusterIP 10.110.236.54 <none> 15010/TCP,15011/TCP,8080/TCP,9093/TCP 110s... zipkin ClusterIP 10.101.209.252 <none> 9411/TCP 107s
当组件全部处于Running或者Completed时再进行实验,由于需要拉取较多镜像,如果网速较慢,可能需要等待很长一段时间。如果没有跟着之前的步骤配置镜像拉取加速,会更加缓慢,强烈建议配置镜像加速。
(4)服务部署测试
部署httpbin服务:
$ kubectl apply -f kubernetes/httpbin.yaml $ kubectl get pod NAME READY STATUS RESTARTS AGE httpbin-b67975b8f-wjzsg 2/2 Running 0 57s
创建gateway暴露服务:
$ kubectl apply -f istio/route/gateway-httpbin-http.yaml
使用curl访问:
$ curl http://11.11.11.111:31380/get
{
"args": {},
"headers": {
"Accept": "*/*",
"Content-Length": "0",
"Host": "11.11.11.111:31380",
"User-Agent": "curl/7.29.0",
"X-B3-Sampled": "1",
"X-B3-Spanid": "c21ad57ad952c5ae",
"X-B3-Traceid": "c21ad57ad952c5ae",
"X-Envoy-Internal": "true",
"X-Request-Id": "399cd990-172e-966f-8f1f-ef4a4b150dce"
},
"origin": "10.244.0.0",
"url": "http://11.11.11.111:31380/get"
}
浏览器访问。访问地址http://11.11.11.111:31380/get ,结果如图12-5所示。
图12-5 浏览器访问
[1] 可选配置选项参考官方文档:https://istio.io/docs/reference/config/installation-options/。