版本
1.4版本对应k8s 1.15 helm 2.14.3
k8s与istion版本关系见https://istio.io/latest/docs/releases/supported-releases/#support-status-of-istio-releases
下载
https://github.com/istio/istio/releases
[1.4版本](wget https://github.com/istio/istio/releases/download/1.4.0/istio-1.4.0-linux.tar.gz)
cp istioctl
cp istioctl /usr/bin/
安装helm
下载地址
https://github.com/helm/helm/releases?expanded=true&page=2&q=2.14.3
创建权限
//创建授权用户,编写yaml文件
[root@docker-k8s01 ~]# cat tiller-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
[root@docker-k8s01 ~]# kubectl apply -f tiller-rbac.yaml
安装
$ helm init --upgrade --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.14.3 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts --service-account=tiller
node 安装socat
yum install socat
验证
[root@k8s-master ~]# helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.9.1", GitCommit:"20adb27c7c5868466912eebdf6664e7390ebe710", GitTreeState:"clean"}
[root@k8s-master ~]#
部署
列出istio配置文件
istioctl profile list
default:生产可用
demo:测试环境
部署前检查
- 1.5及以前
istioctl verify-install - 1.6及以后
istioctl experimental precheck
创建namespace
[root@k8s-master istio-1.4.0]# kubectl create namespace istio-system
namespace/istio-system created
安装 CRDs (Custom Resource Definitions)
在istio-1.4.0目录下执行以下命令
helm template install/kubernetes/helm/istio-init --name istio-init --namespace istio-system | kubectl apply -f -
等待 CRDs 创建完成
kubectl -n istio-system wait --for=condition=complete job --all
# 输出如下
job.batch/istio-init-crd-10-1.4.0 condition met
job.batch/istio-init-crd-11-1.4.0 condition met
job.batch/istio-init-crd-14-1.4.0 condition met
部署 Istio 到集群
helm template install/kubernetes/helm/istio --name istio --namespace istio-system | kubectl apply -f -
验证部署是否成功
kubectl get svc -n istio-system
部署 Istio 控制面板Naftis(可选)
下载Naftis最新 Release 文件和部署清单
wget -O - https://raw.githubusercontent.com/XiaoMi/naftis/master/tool/getlatest.sh | bash
创建 Naftis 命名空间
kubectl create namespace naftis
# 输出如下
namespace/naftis created
部署 Naftis MySQL 服务
kubectl apply -n naftis -f mysql.yaml
# 输出如下
persistentvolume/naftis-pv created
secret/naftis-mysql created
configmap/naftis-mysql-initialization created
configmap/naftis-mysql-test created
persistentvolumeclaim/naftis-mysql created
service/naftis-mysql created
pod/naftis-mysql-test created
deployment.extensions/naftis-mysql created
确认 MySQL 已部署
kubectl get pods -n naftis
# 输出如下
NAME READY STATUS RESTARTS AGE
naftis-mysql-5f95ffbdbc-85ggw 1/1 Running 0 92s
naftis-mysql-test 1/1 Running 0 92s
- 部署失败,查看log
chown: cannot read directory '/var/lib/mysql/': Permission denied- api server 加上 --allow-privileged=true
- 重启服务api server
- naftis-mysql deploy 添加privileged
image: mysql:5.7.14 securityContext: privileged: true - naftis-mysql-test失败,查看日志
# ERROR 2005 (HY000): Unknown MySQL server host 'naftis-mysql' (0)- dns问题,解决dns&service访问问题
部署 Naftis API 和 UI 服务
kubectl apply -n naftis -f naftis.yaml
确认 Naftis 所有的服务已经正确定义并正常运行中
$kubectl get svc -n naftis
# 输出如下
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
naftis-api ClusterIP 10.96.58.36 <none> 50000/TCP 45s
naftis-mysql ClusterIP 10.99.66.184 <none> 3306/TCP 3m
naftis-ui LoadBalancer 10.110.105.103 <pending> 80:30772/TCP 44s
$kubectl get pod -n naftis
# 输出如下
NAME READY STATUS RESTARTS AGE
naftis-api-7d6f47fbcc-qsfpg 1/1 Running 0 22m
naftis-mysql-5f95ffbdbc-85ggw 1/1 Running 0 24m
naftis-mysql-test 1/1 Running 0 22m
naftis-ui-9d66dbc74-l8lsx 1/1 Running 0 22m
访问 Naftis
使用端口转发的方式暴露端口
kubectl -n naftis port-forward $(kubectl -n naftis get pod -l app=naftis-ui -o jsonpath='{.items[0].metadata.name}') 32569:80 --address 0.0.0.0 &
在任意 K8S 节点上访问 32569 端口
账号:admin 密码:admin
