Shulou(Shulou.com)06/02 Report--

Istio 1.1 was officially released on March 20, and we have given you a brief introduction in the article "Comprehensive interpretation | Istio v1.1 official release". This article will give you a detailed explanation of the deployment process. It should be noted that for single-cluster installation and deployment, multi-cluster installation and deployment will be described in detail in subsequent articles.

Prerequisites correct installation and configuration Kubernetes cluster CentOS Linux release 7.5.1804 installation

Download istio version 1.1

[root@vm157] # wget https://github.com/istio/istio/releases/download/1.1.1/istio-1.1.1-linux.tar.gz. 2019-03-26 09:39:06-'istio-1.1.1-linux.tar.gz' saved [15736205 Universe 15736205]

There are many ways to install Istio. This document generates configuration files for istio deployment based on helm template. For other deployment methods, please refer to the official documentation.

[root@vm157 ~] # cd istio-1.1.1/ [root@ruffy istio-1.1.1] # helm template.. / install/kubernetes/helm/istio-init-- name istio-init-- namespace istio-system > istio-init.yaml [root@ruffy istio-1.1.1] # kubectl get crds | grep 'istio.io\ | certmanager.k8s.io' | wc-l [root@ruffy istio-1.1.1] # InternalIp=10.20.1.175 [root@ruffy istio- 1.1.1] # helm template install/kubernetes/helm/istio-- namespace istio-system\ >-- set global.mtls.enabled=true\ >-- set global.controlPlaneSecurityEnabled=true\ >-- set gateways.istio-ingressgateway.type=NodePort\ >-- set grafana.enabled=true\ >-- set servicegraph.enabled=true\ >-- set servicegraph.ingress.enabled=true\ >-- set servicegraph.ingress.hosts= {servicegraph-istio-system.$ {InternalIp} .nip.io}\ >-- set tracing. Enabled=true\ >-- set tracing.jaeger.ingress.enabled=true\ >-- set tracing.jaeger.ingress.hosts= {jaeger-query-istio-system.$ {InternalIp} .nip.io}\ >-- set tracing.ingress.enabled=true\ >-- set tracing.ingress.hosts= {tracing-istio-system.$ {InternalIp} .nip.io}\ >-- set kiali.enabled=true\ >-- set kiali.ingress.enabled=true\ >-- set kiali.ingress.hosts= {kiali-istio -system.$ {InternalIp} .nip.io}\ >-- set kiali.dashboard.grafanaURL= http://grafana-istio-system.${InternalIp}.nip.io\ >-- set kiali.dashboard.jaegerURL= http://jaeger-query-istio-system.${InternalIp}.nip.io\ >-- name istio > ruffy/istio-$ {InternalIp} .yaml [root@vm175 istio-1.1.1] # cd ruffy [root@vm175 ruffy] # lsistio-10.20.1.175 .yaml istio-init.yaml namespace.yaml

Deploy Isito components according to the configuration template

[root@vm175 istio-1.1.1] # kubectl apply-f ruffy/namespace.yamlnamespace/istio-system created [root@vm175 istio-1.1.1] # kubectl apply-f ruffy/istio-init.yamlconfigmap/istio-crd-10 createdconfigmap/istio-crd-11 createdserviceaccount/istio-init-service-account createdclusterrole.rbac.authorization.k8s.io/istio-init-istio-system configuredclusterrolebinding.rbac.authorization.k8s.io/istio-init-admin-role-binding-istio-system configuredjob.batch / istio-init-crd-10 createdjob.batch/istio-init-crd-11 created [root@vm175 istio-1.1.1] # kubectl apply-f ruffy/istio-10.20.1.175.yamlpoddisruptionbudget.policy/istio-galley createdpoddisruptionbudget.policy/istio-ingressgateway createdpoddisruptionbudget.policy/istio-policy createdpoddisruptionbudget.policy/istio-telemetry createdpoddisruptionbudget.policy/istio-pilot created. Rule.config.istio.io/promhttp createdrule.config.istio.io/promtcp createdrule.config.istio.io/promtcpconnectionopen createdrule.config.istio.io/promtcpconnectionclosed createdhandler.config.istio.io/kubernetesenv createdrule.config.istio.io/kubeattrgenrulerule createdrule.config.istio.io/tcpkubeattrgenrulerule createdkubernetes.config.istio.io/attributes createddestinationrule.networking.istio.io/istio-policy createddestinationrule.networking.istio.io/istio-telemetry created

View Isito deployment status

[root@vm175 istio-1.1.1] # kubectl-n istio-system get allNAME READY STATUS RESTARTS AGEpod/grafana-7b46bf6b7c-xr2lw 1 + 1 Running 0 2mpod/istio-citadel-5878d994cc-kfm7p 1 + + 1 Running 0 2mpod/ Istio-cleanup-secrets-1.1.1-wlk7p 0 Completed 1 Completed 0 2mpod/istio-galley-6db4964df6-9lpsl 1 Running 0 2mpod/istio-grafana-post-install-1.1.1-44lv7 0 Completed 0 2mpod/istio-ingressgateway-cd5df7bc6-sgh6m 0 Running 0 2mpod/istio-init-crd-10-q5kvp 0/1 Completed 0 3mpod/istio-init-crd-11-kdd25 0/1 Completed 0 3mpod/istio-pilot-597dd58685-hsp72 1/2 Running 0 2mpod/ Istio-policy-67f66c8b5c-8kqwm 2/2 Running 5 2mpod/istio-security-post-install-1.1.1-gcjrm 0/1 Completed 0 2mpod/istio-sidecar-injector-59fc9d6f7d-j9prx 0/1 ContainerCreating 0 2mpod/istio-telemetry-c5bfc457f-qqzb5 2/2 Running 4 2mpod/istio-tracing-75dd89b8b4-2t2hl 0 2mpod/kiali-5d68f4c676-bdltq 1 ContainerCreating 0 2mpod/kiali-5d68f4c676-bdltq 1 + 1 Running 0 2mpod/prometheus-89bc5668c-7kp8b 0 + 1 Init:Error 1 2mpod/servicegraph-57bfbbd697-6tldj 0 + + 1 Running 0 2m … NAME DESIRED SUCCESSFUL AGEjob.batch/istio-cleanup-secrets-1.1.1 1 1 2mjob.batch/istio-grafana-post-install-1.1.1 1 1 2mjob.batch/istio-init-crd-10 1 1 3mjob.batch/istio -init-crd-11 11 3mjob.batch/istio-security-post-install-1.1.1 11 2m

Add ingress files for grafana and prometheus

Istio-grafana.yaml

[root@vm175 ruffy] # cat istio-grafana-ingress.yamlapiVersion: extensions/v1beta1kind: Ingressmetadata: name: grafana namespace: istio-system labels: app: grafana annotations:spec: rules:-host: granafa-istio.10.20.1.175.xip.io http: paths:-path: / backend: serviceName: grafana servicePort: 3000Isito-prometheus-ingress.yaml [root@vm175 ruffy] # cat istio-prometheus-ingress .yamlapiVersion: extensions/v1beta1kind: Ingressmetadata: name: istio-prometheus namespace: rules:-host: prometheus-istio.10.20.1.175.xip.io http: paths:-path: / prometheus backend: serviceName: prometheus servicePort: 9090

View the deployed component access path

[root@vm175 ruffy] # kubectl-n istio-system get ingNAME HOSTS ADDRESS PORTS AGEgrafana granafa-istio.10.20.1.175.xip.io 80 5mistio-prometheus prometheus-istio.10.20.1.175.xip.io 80 5mistio-servicegraph servicegraph-istio-system.10.20.1.175.nip.io 80 56mistio-tracing tracing-istio-system.10.20.1.175.nip.io 80 56mkiali kiali-istio-system.10.20.1.175.nip.io 80 56m

When accessing kiali, the secret does not exist. You need to create the secret through the kiali-secret.yaml file and restart the kiali service.

Kiali-secret.yaml file

[root@vm175 ruffy] # cat kiali-secret.yamlapiVersion: v1kind: Secretmetadata: name: kiali namespace: istio-system labels: app: kialitype: Opaquedata: username: "YWRtaW4=" passphrase: "YWRtaW4="

Visit Kiali

Browser input address: http://kiali-istio-system.10.20.1.175.nip.io/kiali/

Username / password: admin/admin

Visit servicegraph

Browser input address: http://servicegraph-istio-system.10.20.1.175.nip.io/force/forcegraph.html

Visit tracing

Browser input address: http://servicegraph-istio-system.10.20.1.175.nip.io/force/forcegraph.html

Visit granafa

Browser input address: http://granafa-istio.10.20.1.175.xip.io/d/TSEY6jLmk/istio-galley-dashboard?refresh=5s&orgId=1

At this point, the Istio1.1 and its dependent components are built.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.