首页 > 其他分享 >istioctl 部署 istio

istioctl 部署 istio

时间:2023-12-18 10:05:50浏览次数:35  
标签:92m service 部署 istioctl apps istio TCP kiali

istio架构:

istioctl 部署 istio_TCP

1、下载 istio 安装包

[root@master1 ~]# curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.8.2 TARGET_ARCH=x86_64 sh -

2、移动 istioctl 到 /usr/bin 目录下

[root@master1 ~]# cp istio-1.8.2/bin/istioctl /usr/bin

3、查看 istio 可用配置列表

[root@master1 ~]# istioctl profile list
Istio configuration profiles:
    default              
    demo
    empty
    minimal
    openshift
    preview
    remote

4、指定安装的配置环境

istioctl install --set profile=demo -y

istioctl 部署 istio_h5_02

5、开启自动注入 Envoy sidecar 代理

kubectl label namespace default istio-injection=enabled

6、部署 bookinfo-gateway.yaml 网关

kubectl apply -f /root/istio-1.8.2/samples/bookinfo/networking/bookinfo-gateway.yaml

7、部署 bookinfo.yaml

[root@master1 kube]# kubectl apply -f bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created

8、部署 dashboard 组件

kubectl apply -f /root/istio-1.8.2/samples/addons

9、暴露 istio 的网关为 Nodeport 模式

kubectl patch service istio-ingressgateway -n istio-system -p '{"spec":{"type":"NodePort"}}'

5、查看 istio 创建的资源

[root@master1 ~]# kubectl get all -n istio-system
NAME                                        READY   STATUS    RESTARTS   AGE
pod/grafana-79c4cf9d9c-sdkqv                1/1     Running   0          92m
pod/istio-egressgateway-7b698b78b9-9qd9t    1/1     Running   0          95m
pod/istio-ingressgateway-7f584d6776-w84mq   1/1     Running   0          95m
pod/istiod-5d8b576f84-79wsz                 1/1     Running   0          95m
pod/jaeger-5d96f77b8c-whhkl                 1/1     Running   0          92m
pod/kiali-6785897659-zdd2h                  1/1     Running   0          92m
pod/prometheus-5756c695c5-kc5vg             2/2     Running   0          92m

NAME                           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                      AGE
service/grafana                ClusterIP   10.101.124.54    <none>        3000/TCP                                                                     92m
service/istio-egressgateway    ClusterIP   10.109.127.148   <none>        80/TCP,443/TCP,15443/TCP                                                     95m
service/istio-ingressgateway   NodePort    10.103.222.103   <none>        15021:30731/TCP,80:30824/TCP,443:31765/TCP,31400:31397/TCP,15443:30544/TCP   3h1m
service/istiod                 ClusterIP   10.103.87.68     <none>        15010/TCP,15012/TCP,443/TCP,15014/TCP                                        3h4m
service/jaeger-collector       ClusterIP   10.102.247.21    <none>        14268/TCP,14250/TCP                                                          92m
service/kiali                  NodePort    10.100.80.185    <none>        20001:31805/TCP,9090:32104/TCP                                               92m
service/prometheus             ClusterIP   10.104.140.148   <none>        9090/TCP                                                                     92m
service/tracing                ClusterIP   10.96.36.198     <none>        80/TCP                                                                       92m
service/zipkin                 ClusterIP   10.100.109.17    <none>        9411/TCP                                                                     92m

NAME                                   READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/grafana                1/1     1            1           92m
deployment.apps/istio-egressgateway    1/1     1            1           95m
deployment.apps/istio-ingressgateway   1/1     1            1           3h1m
deployment.apps/istiod                 1/1     1            1           3h4m
deployment.apps/jaeger                 1/1     1            1           92m
deployment.apps/kiali                  1/1     1            1           92m
deployment.apps/prometheus             1/1     1            1           92m

NAME                                              DESIRED   CURRENT   READY   AGE
replicaset.apps/grafana-79c4cf9d9c                1         1         1       92m
replicaset.apps/istio-egressgateway-7b698b78b9    1         1         1       95m
replicaset.apps/istio-ingressgateway-59b6f986c    0         0         0       178m
replicaset.apps/istio-ingressgateway-7f584d6776   1         1         1       3h1m
replicaset.apps/istiod-5d8b576f84                 1         1         1       3h4m
replicaset.apps/istiod-848478dd87                 0         0         0       178m
replicaset.apps/jaeger-5d96f77b8c                 1         1         1       92m
replicaset.apps/kiali-6785897659                  1         1         1       92m
replicaset.apps/prometheus-5756c695c5             1         1         1       92m

11、查看 ns

[root@master1 samples]# kubectl get ns
NAME              STATUS   AGE
default           Active   3h57m
istio-system      Active   3h35m          # 这个 ns 就是
kube-node-lease   Active   3h57m
kube-public       Active   3h57m
kube-system       Active   3h57m

12、查看 istio gateway

[root@master1 samples]# kubectl get gateway
NAME               AGE
bookinfo-gateway   125m

13、查看 ingress-gateway 服务

[root@master1 samples]# kubectl get svc istio-ingressgateway -n istio-system
NAME                   TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                      AGE
istio-ingressgateway   NodePort   10.103.222.103   <none>        15021:30731/TCP,80:30824/TCP,443:31765/TCP,31400:31397/TCP,15443:30544/TCP   3h35m

14、查看 istio 网关暴露端口

[root@master1 networking]# kubectl describe svc -n istio-system kiali
Name:                     kiali
Namespace:                istio-system
Labels:                   app=kiali
                          app.kubernetes.io/instance=kiali-server
                          app.kubernetes.io/managed-by=Helm
                          app.kubernetes.io/name=kiali
                          app.kubernetes.io/version=v1.26.0
                          helm.sh/chart=kiali-server-1.26.0
                          version=v1.26.0
Annotations:              kiali.io/api-spec: https://kiali.io/api
                          kiali.io/api-type: rest
                          kubectl.kubernetes.io/last-applied-configuration:
                            {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"kiali.io/api-spec":"https://kiali.io/api","kiali.io/api-type":"rest"},"lab...
Selector:                 app.kubernetes.io/instance=kiali-server,app.kubernetes.io/name=kiali
Type:                     NodePort
IP:                       10.100.80.185
Port:                     http  20001/TCP
TargetPort:               20001/TCP
NodePort:                 http  31805/TCP        # 网关暴露端口
Endpoints:                100.66.209.209:20001
Port:                     http-metrics  9090/TCP
TargetPort:               9090/TCP
NodePort:                 http-metrics  32104/TCP     #  这个不是,我多暴露了一个,只看上面那个。   
Endpoints:                100.66.209.209:9090
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

15、验证是否成功

[root@master1 samples]# kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>   #  代表服务正常

16、登录 dashboard

istioctl 部署 istio_IP_03

标签:92m,service,部署,istioctl,apps,istio,TCP,kiali
From: https://blog.51cto.com/u_14620403/8868190

相关文章

  • kubekey 部署内置 haproxy k8s 高可用集群
    内置haproxy高可用架构:1、下载脚本[root@master1~]#curl-sfLhttps://get-kk.kubesphere.io|VERSION=v2.0.0sh-如果访问Github和Googleapis受限先执行以下命令再执行上面的命令exportKKZONE=cn2、给脚本赋予执行权限[root@master1~]#chmod+xkk3、创建包含默认配......
  • sealos 离线部署 k8s 高可用集群
    sealos简介sealos特性与优势:通过内核ipvs对apiserver进行负载均衡,并且带apiserver健康检测,并不依赖haproxy和keepalived。支持离线安装,工具与资源包(二进制程序配置文件镜像yaml文件等)分离,这样不同版本替换不同离线包即可证书延期使用简单支持自定义配置内核负......
  • docker-compose 部署 harbor 镜像仓库
    1、安装docker(这个就不写了,可以看)略......2、安装docker-compose[root@master2~]#curl-L"https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname-s)-$(uname-m)"-o/usr/local/bin/docker-compose[root@master2~]#chmod+x/usr/loc......
  • 部署 helm3 包管理器
    1、下载helm3的安装包wgethttps://get.helm.sh/helm-v3.0.0-linux-amd64.tar.gz2、解压并赋予权限[root@node2~]#tar-zxfhelm-v3.7.1-linux-amd64.tar.gz[root@node2~]#chmod+xlinux-amd64/helm3、复制linux-amd64文件夹下的helm脚本到/usr/bin/路径下[root@node......
  • 部署 helm2 包管理器
    介绍Helm是一个kubernetes应用的包管理工具,用来管理预先配置好的安装包资源。Helmchart是用来封装kubernetes原生应用程序的yaml文件,可以在你部署应用的时候自定义应用程序的一些metadata,便与应用程序的分发。架构解释Helm:是一个命令行下的客户端工具。主要用于Kubernetes应......
  • k8s基于NFS部署storageclass实现pv并标记为一个默认的StorageClass
    架构:一.搭建storageclass1、master和node节点安装nfs服务yum-yinstallnfs-utilsrpcbind2、启动nfs并设为开机自启:systemctlstartnfs&&systemctlenablenfssystemctlstartrpcbind&&systemctlenablerpcbind3、master节点创建共享挂载目录(客户端不需要创建共享目录......
  • Argo Rollouts TrafficRouting结合Istio进行Canary流量管理基础
    ArgoRolloutsTrafficRouting概述流量治理技术实现如下:1.按百分比进行流量管理(即5%的流量应流向新版本,其余流量流向稳定版本)2.基于标头的路由(即将带有特定标头的请求发送到新版本)3.镜像流量,其中所有流量都被复制并并行发送到新版本(但响应被忽略)TrafficRouting配置api......
  • 【靶场部署】业务安全测试-大米CMS-V5.4电子商城
    1业务数据安全概述:商品数量篡改测试是通过在业务流程中抓包修改订购商品数量等字段,以判断服务器是否存在商品订购数量篡改漏洞。手段:将请求中的商品数量修改成任意非预期数额、负数等进行提交,查看业务系统能否以修改后的数量完成业务流程。目的:该项测试主要针对商品订购的过程中......
  • WorkPlus即时通讯app-私有化部署的最佳解决方案
    随着数字化时代的到来,企业在业务发展和沟通协作方面面临着前所未有的挑战。传统的通讯工具无法满足安全、高效、全面掌控业务和生态的需求。而在这个背景下,WorkPlus作为安全专属的移动数字化平台崭露头角,成为企业实现全面业务掌控的最佳选择。WorkPlus不仅仅是一款移动应用,它更像一......
  • Argo Rollouts Canary结合Istio进行流量迁移实例
    环境说明用argorollouts金丝雀发布策略更新nginx服务。发布过程结合Isito和analysis。创建nsargo-demo#kubectlcreatensargo-demonamespace/argo-democreated启用Istio自动注入功能#kubectllabelnamespaceargo-demoistio-injection=enablednamespace/argo-d......