增加安装istio的文章
parent
a28c4fed92
commit
427d71b779
|
@ -46,6 +46,9 @@
|
|||
- [4.4 存储管理](practice/storage.md)
|
||||
- [4.4.1 使用glusterfs做持久化存储](practice/using-glusterfs-for-persistent-storage.md)
|
||||
- [5. 领域应用](usecases/index.md)
|
||||
- [5.1 微服务架构](usecases/microservices.md)
|
||||
- [5.1.1 Istio](usecases/Istio.md)
|
||||
- [5.1.1.1 安装istio](usecases/istio-installation.md)
|
||||
- [6. 开发指南](develop/index.md)
|
||||
- [6.1 开发环境搭建](develop/developing-environment.md)
|
||||
- [6.2 单元测试和集成测试](develop/testing.md)
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 489 KiB |
Binary file not shown.
After Width: | Height: | Size: 446 KiB |
Binary file not shown.
After Width: | Height: | Size: 196 KiB |
|
@ -0,0 +1,218 @@
|
|||
# Copyright 2017 Istio Authors
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
##################################################################################################
|
||||
# Details service
|
||||
##################################################################################################
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: details
|
||||
labels:
|
||||
app: details
|
||||
spec:
|
||||
ports:
|
||||
- port: 9080
|
||||
name: http
|
||||
selector:
|
||||
app: details
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: details-v1
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: details
|
||||
version: v1
|
||||
spec:
|
||||
containers:
|
||||
- name: details
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/examples-bookinfo-details-v1
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 9080
|
||||
---
|
||||
##################################################################################################
|
||||
# Ratings service
|
||||
##################################################################################################
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ratings
|
||||
labels:
|
||||
app: ratings
|
||||
spec:
|
||||
ports:
|
||||
- port: 9080
|
||||
name: http
|
||||
selector:
|
||||
app: ratings
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ratings-v1
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: ratings
|
||||
version: v1
|
||||
spec:
|
||||
containers:
|
||||
- name: ratings
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/examples-bookinfo-ratings-v1
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 9080
|
||||
---
|
||||
##################################################################################################
|
||||
# Reviews service
|
||||
##################################################################################################
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: reviews
|
||||
labels:
|
||||
app: reviews
|
||||
spec:
|
||||
ports:
|
||||
- port: 9080
|
||||
name: http
|
||||
selector:
|
||||
app: reviews
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: reviews-v1
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: reviews
|
||||
version: v1
|
||||
spec:
|
||||
containers:
|
||||
- name: reviews
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/examples-bookinfo-reviews-v1
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 9080
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: reviews-v2
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: reviews
|
||||
version: v2
|
||||
spec:
|
||||
containers:
|
||||
- name: reviews
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/examples-bookinfo-reviews-v2
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 9080
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: reviews-v3
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: reviews
|
||||
version: v3
|
||||
spec:
|
||||
containers:
|
||||
- name: reviews
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/examples-bookinfo-reviews-v3
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 9080
|
||||
---
|
||||
##################################################################################################
|
||||
# Productpage service
|
||||
##################################################################################################
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: productpage
|
||||
labels:
|
||||
app: productpage
|
||||
spec:
|
||||
ports:
|
||||
- port: 9080
|
||||
name: http
|
||||
selector:
|
||||
app: productpage
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: productpage-v1
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: productpage
|
||||
version: v1
|
||||
spec:
|
||||
containers:
|
||||
- name: productpage
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/examples-bookinfo-productpage-v1
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 9080
|
||||
---
|
||||
###########################################################################
|
||||
# Ingress resource (gateway)
|
||||
##########################################################################
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: gateway
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: "istio"
|
||||
spec:
|
||||
rules:
|
||||
- http:
|
||||
paths:
|
||||
- path: /productpage
|
||||
backend:
|
||||
serviceName: productpage
|
||||
servicePort: 9080
|
||||
- path: /login
|
||||
backend:
|
||||
serviceName: productpage
|
||||
servicePort: 9080
|
||||
- path: /logout
|
||||
backend:
|
||||
serviceName: productpage
|
||||
servicePort: 9080
|
||||
---
|
|
@ -0,0 +1,50 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: grafana
|
||||
spec:
|
||||
ports:
|
||||
- port: 3000
|
||||
protocol: TCP
|
||||
name: grafana
|
||||
selector:
|
||||
app: grafana
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: grafana
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
alpha.istio.io/sidecar: ignore
|
||||
labels:
|
||||
app: grafana
|
||||
spec:
|
||||
containers:
|
||||
- name: grafana
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/grafana:0.1.5
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
env:
|
||||
- name: GRAFANA_PORT
|
||||
value: "3000"
|
||||
- name: GF_AUTH_BASIC_ENABLED
|
||||
value: "false"
|
||||
- name: GF_AUTH_ANONYMOUS_ENABLED
|
||||
value: "true"
|
||||
- name: GF_AUTH_ANONYMOUS_ORG_ROLE
|
||||
value: Admin
|
||||
- name: GF_PATHS_DATA
|
||||
value: /data/grafana
|
||||
volumeMounts:
|
||||
- mountPath: /data/grafana
|
||||
name: grafana-data
|
||||
volumes:
|
||||
- name: grafana-data
|
||||
emptyDir: {}
|
||||
---
|
|
@ -0,0 +1,112 @@
|
|||
# Permissions and roles for istio
|
||||
# To debug: start the cluster with -vmodule=rbac,3 to enable verbose logging on RBAC DENY
|
||||
# Also helps to enable logging on apiserver 'wrap' to see the URLs.
|
||||
# Each RBAC deny needs to be mapped into a rule for the role.
|
||||
# If using minikube, start with '--extra-config=apiserver.Authorization.Mode=RBAC'
|
||||
#
|
||||
# NOTE: If deploying istio to a namespace other than 'default' then change the
|
||||
# ClusterRoleBinding namspace target appropriately.
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: istio-manager
|
||||
rules:
|
||||
- apiGroups: ["istio.io"]
|
||||
resources: ["istioconfigs", "istioconfigs.istio.io"]
|
||||
verbs: ["*"]
|
||||
- apiGroups: ["extensions"]
|
||||
resources: ["thirdpartyresources", "thirdpartyresources.extensions", "ingresses", "ingresses/status"]
|
||||
verbs: ["*"]
|
||||
- apiGroups: [""]
|
||||
resources: ["configmaps", "endpoints", "pods", "services"]
|
||||
verbs: ["*"]
|
||||
- apiGroups: [""]
|
||||
resources: ["namespaces"]
|
||||
verbs: ["get", "list"]
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: istio-ca
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["create", "get", "watch", "list", "update"]
|
||||
- apiGroups: [""]
|
||||
resources: ["serviceaccounts"]
|
||||
verbs: ["watch", "list"]
|
||||
---
|
||||
# Permissions for the sidecar proxy.
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: istio-sidecar
|
||||
rules:
|
||||
- apiGroups: ["istio.io"]
|
||||
resources: ["istioconfigs"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["extensions"]
|
||||
resources: ["thirdpartyresources", "ingresses"]
|
||||
verbs: ["get", "watch", "list", "update"]
|
||||
- apiGroups: [""]
|
||||
resources: ["configmaps", "pods", "endpoints", "services"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
---
|
||||
# Grant permissions to the Manager/discovery.
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: istio-manager-admin-role-binding
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: istio-manager-service-account
|
||||
namespace: default
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: istio-manager
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
# Grant permissions to the Manager/discovery.
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: istio-ca-role-binding
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: istio-ca-service-account
|
||||
namespace: default
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: istio-ca
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
# Grant permissions to the Ingress controller.
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: istio-ingress-admin-role-binding
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: istio-ingress-service-account
|
||||
namespace: default
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: istio-manager
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
# Grant permissions to the sidecar.
|
||||
# TEMPORARY: the istioctl should generate a separate service account for the proxy, and permission
|
||||
# granted only to that account !
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: istio-sidecar-role-binding
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: default
|
||||
namespace: default
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: istio-sidecar
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
|
@ -0,0 +1,212 @@
|
|||
# GENERATED FILE. Use with Kubernetes 1.5+
|
||||
# TO UPDATE, modify files in install/kubernetes/templates and run updateVersion.sh
|
||||
# Mixer
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: istio-mixer
|
||||
labels:
|
||||
istio: mixer
|
||||
spec:
|
||||
ports:
|
||||
- name: tcp
|
||||
port: 9091
|
||||
- name: configapi
|
||||
port: 9094
|
||||
- name: prometheus
|
||||
port: 42422
|
||||
selector:
|
||||
istio: mixer
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: istio-mixer
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
alpha.istio.io/sidecar: ignore
|
||||
labels:
|
||||
istio: mixer
|
||||
spec:
|
||||
containers:
|
||||
- name: mixer
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/mixer:0.1.5
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 9091
|
||||
- containerPort: 9094
|
||||
- containerPort: 42422
|
||||
args:
|
||||
- --configStoreURL=fs:///etc/opt/mixer/configroot
|
||||
- --logtostderr
|
||||
- -v
|
||||
- "3"
|
||||
---
|
||||
# Manager service for discovery
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: istio
|
||||
data:
|
||||
mesh: |-
|
||||
# Uncomment the following line to enable mutual TLS between proxies
|
||||
# authPolicy: MUTUAL_TLS
|
||||
mixerAddress: istio-mixer:9091
|
||||
discoveryAddress: istio-manager:8080
|
||||
ingressService: istio-ingress
|
||||
zipkinAddress: zipkin:9411
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: istio-manager
|
||||
labels:
|
||||
istio: manager
|
||||
spec:
|
||||
ports:
|
||||
- port: 8080
|
||||
name: http-discovery
|
||||
- port: 8081
|
||||
name: http-apiserver
|
||||
selector:
|
||||
istio: manager
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: istio-manager-service-account
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: istio-manager
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
alpha.istio.io/sidecar: ignore
|
||||
labels:
|
||||
istio: manager
|
||||
spec:
|
||||
serviceAccountName: istio-manager-service-account
|
||||
containers:
|
||||
- name: discovery
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/manager:0.1.5
|
||||
imagePullPolicy: Always
|
||||
args: ["discovery", "-v", "2"]
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
- name: apiserver
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/manager:0.1.5
|
||||
imagePullPolicy: Always
|
||||
args: ["apiserver", "-v", "2"]
|
||||
ports:
|
||||
- containerPort: 8081
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
---
|
||||
################################
|
||||
# Istio ingress controller
|
||||
################################
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: istio-ingress
|
||||
labels:
|
||||
istio: ingress
|
||||
spec:
|
||||
ports:
|
||||
- port: 80
|
||||
# nodePort: 32000
|
||||
name: http
|
||||
- port: 443
|
||||
name: https
|
||||
selector:
|
||||
istio: ingress
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: istio-ingress-service-account
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: istio-ingress
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
alpha.istio.io/sidecar: ignore
|
||||
labels:
|
||||
istio: ingress
|
||||
spec:
|
||||
serviceAccountName: istio-ingress-service-account
|
||||
containers:
|
||||
- name: istio-ingress
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/proxy_debug:0.1.5
|
||||
args: ["proxy", "ingress", "-v", "2"]
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 80
|
||||
- containerPort: 443
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
---
|
||||
|
||||
################################
|
||||
# Istio egress envoy
|
||||
################################
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: istio-egress
|
||||
spec:
|
||||
ports:
|
||||
- port: 80
|
||||
selector:
|
||||
istio: egress
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: istio-egress
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
istio: egress
|
||||
spec:
|
||||
containers:
|
||||
- name: proxy
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/proxy_debug:0.1.5
|
||||
imagePullPolicy: Always
|
||||
args: ["proxy", "egress", "-v", "2"]
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
---
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: prometheus
|
||||
data:
|
||||
prometheus.yml: |-
|
||||
global:
|
||||
scrape_interval: 15s
|
||||
scrape_configs:
|
||||
|
||||
- job_name: 'mixer'
|
||||
# Override the global default and scrape targets from this job every 5 seconds.
|
||||
scrape_interval: 5s
|
||||
# metrics_path defaults to '/metrics'
|
||||
# scheme defaults to 'http'.
|
||||
static_configs:
|
||||
- targets: ['istio-mixer:42422']
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
prometheus.io/scrape: 'true'
|
||||
labels:
|
||||
name: prometheus
|
||||
name: prometheus
|
||||
spec:
|
||||
selector:
|
||||
app: prometheus
|
||||
ports:
|
||||
- name: prometheus
|
||||
protocol: TCP
|
||||
port: 9090
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: prometheus
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: prometheus
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
alpha.istio.io/sidecar: ignore
|
||||
name: prometheus
|
||||
labels:
|
||||
app: prometheus
|
||||
spec:
|
||||
containers:
|
||||
- name: prometheus
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/prometheus:v1.1.1
|
||||
args:
|
||||
- '-storage.local.retention=6h'
|
||||
- '-storage.local.memory-chunks=500000'
|
||||
- '-config.file=/etc/prometheus/prometheus.yml'
|
||||
ports:
|
||||
- name: web
|
||||
containerPort: 9090
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/prometheus
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
name: prometheus
|
||||
---
|
|
@ -0,0 +1,33 @@
|
|||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: servicegraph
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
alpha.istio.io/sidecar: ignore
|
||||
labels:
|
||||
app: servicegraph
|
||||
spec:
|
||||
containers:
|
||||
- name: servicegraph
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/servicegraph:latest
|
||||
ports:
|
||||
- containerPort: 8088
|
||||
args:
|
||||
- --prometheusAddr=http://prometheus:9090
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: servicegraph
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 8088
|
||||
selector:
|
||||
app: servicegraph
|
||||
---
|
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: zipkin
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
alpha.istio.io/sidecar: ignore
|
||||
labels:
|
||||
app: zipkin
|
||||
spec:
|
||||
containers:
|
||||
- name: zipkin
|
||||
image: sz-pg-oam-docker-hub-001.tendcloud.com/library/zipkin:latest
|
||||
ports:
|
||||
- containerPort: 9411
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: zipkin
|
||||
spec:
|
||||
#type: NodePort
|
||||
ports:
|
||||
- name: http
|
||||
port: 9411
|
||||
#nodePort: 30411
|
||||
selector:
|
||||
app: zipkin
|
||||
---
|
|
@ -0,0 +1,245 @@
|
|||
# 安装istio
|
||||
|
||||
本文根据官网的文档整理而成,步骤包括安装`istio 0.1.5`并创建一个bookinfo的微服务来测试istio的功能。
|
||||
|
||||
文中使用的yaml文件可以在[kubernetes-handbook](https://github.com/rootsongjc/kubernetes-handbook)的`manifests/istio`目录中找到,所有的镜像都换成了我的私有镜像仓库地址,请根据官网的镜像自行修改。
|
||||
|
||||
## 安装环境
|
||||
|
||||
CentOS 7.3.1611
|
||||
|
||||
Docker 1.12.6
|
||||
|
||||
Kubernetes 1.6.0
|
||||
|
||||
## 安装
|
||||
|
||||
**1.下载安装包**
|
||||
|
||||
下载地址:https://github.com/istio/istio/releases
|
||||
|
||||
下载Linux版本的当前最新版安装包
|
||||
|
||||
```Shell
|
||||
wget https://github.com/istio/istio/releases/download/0.1.5/istio-0.1.5-linux.tar.gz
|
||||
```
|
||||
|
||||
**2.解压**
|
||||
|
||||
解压后,得到的目录结构如下:
|
||||
|
||||
```
|
||||
.
|
||||
├── bin
|
||||
│ └── istioctl
|
||||
├── install
|
||||
│ └── kubernetes
|
||||
│ ├── addons
|
||||
│ │ ├── grafana.yaml
|
||||
│ │ ├── prometheus.yaml
|
||||
│ │ ├── servicegraph.yaml
|
||||
│ │ └── zipkin.yaml
|
||||
│ ├── istio-auth.yaml
|
||||
│ ├── istio-rbac-alpha.yaml
|
||||
│ ├── istio-rbac-beta.yaml
|
||||
│ ├── istio.yaml
|
||||
│ ├── README.md
|
||||
│ └── templates
|
||||
│ ├── istio-auth
|
||||
│ │ ├── istio-auth-with-cluster-ca.yaml
|
||||
│ │ ├── istio-cluster-ca.yaml
|
||||
│ │ ├── istio-egress-auth.yaml
|
||||
│ │ ├── istio-ingress-auth.yaml
|
||||
│ │ └── istio-namespace-ca.yaml
|
||||
│ ├── istio-egress.yaml
|
||||
│ ├── istio-ingress.yaml
|
||||
│ ├── istio-manager.yaml
|
||||
│ └── istio-mixer.yaml
|
||||
├── istio.VERSION
|
||||
├── LICENSE
|
||||
└── samples
|
||||
├── apps
|
||||
│ ├── bookinfo
|
||||
│ │ ├── bookinfo.yaml
|
||||
│ │ ├── cleanup.sh
|
||||
│ │ ├── destination-ratings-test-delay.yaml
|
||||
│ │ ├── loadbalancing-policy-reviews.yaml
|
||||
│ │ ├── mixer-rule-additional-telemetry.yaml
|
||||
│ │ ├── mixer-rule-empty-rule.yaml
|
||||
│ │ ├── mixer-rule-ratings-denial.yaml
|
||||
│ │ ├── mixer-rule-ratings-ratelimit.yaml
|
||||
│ │ ├── README.md
|
||||
│ │ ├── route-rule-all-v1.yaml
|
||||
│ │ ├── route-rule-delay.yaml
|
||||
│ │ ├── route-rule-reviews-50-v3.yaml
|
||||
│ │ ├── route-rule-reviews-test-v2.yaml
|
||||
│ │ ├── route-rule-reviews-v2-v3.yaml
|
||||
│ │ └── route-rule-reviews-v3.yaml
|
||||
│ ├── httpbin
|
||||
│ │ ├── httpbin.yaml
|
||||
│ │ └── README.md
|
||||
│ └── sleep
|
||||
│ ├── README.md
|
||||
│ └── sleep.yaml
|
||||
└── README.md
|
||||
|
||||
11 directories, 41 files
|
||||
```
|
||||
|
||||
从文件里表中可以看到,安装包中包括了kubernetes的yaml文件,示例应用和安装模板。
|
||||
|
||||
**3.安装istioctl**
|
||||
|
||||
将`./bin/istioctl`拷贝到你的`$PATH`目录下。
|
||||
|
||||
**4.检查RBAC**
|
||||
|
||||
因为我们安装的kuberentes版本是1.6.0默认支持RBAC,这一步可以跳过。如果你使用的其他版本的kubernetes,请参考[官方文档](https://istio.io/docs/tasks/installing-istio.html)操作。
|
||||
|
||||
执行以下命令,正确的输出是这样的:
|
||||
|
||||
```bash
|
||||
$ kubectl api-versions | grep rbac
|
||||
rbac.authorization.k8s.io/v1alpha1
|
||||
rbac.authorization.k8s.io/v1beta1
|
||||
```
|
||||
|
||||
**5.创建角色绑定**
|
||||
|
||||
```bash
|
||||
$ kubectl create -f install/kubernetes/istio-rbac-beta.yaml
|
||||
clusterrole "istio-manager" created
|
||||
clusterrole "istio-ca" created
|
||||
clusterrole "istio-sidecar" created
|
||||
clusterrolebinding "istio-manager-admin-role-binding" created
|
||||
clusterrolebinding "istio-ca-role-binding" created
|
||||
clusterrolebinding "istio-ingress-admin-role-binding" created
|
||||
clusterrolebinding "istio-sidecar-role-binding" created
|
||||
```
|
||||
|
||||
注意:官网的安装包中的该文件中存在RoleBinding错误,应该是集群级别的`clusterrolebinding`,而release里的代码只是普通的`rolebinding`,查看该Issue [Istio manager cannot list of create k8s TPR when RBAC enabled #327](https://github.com/istio/istio/issues/327)。
|
||||
|
||||
**6.安装istio核心组件**
|
||||
|
||||
用到的镜像有:
|
||||
|
||||
```
|
||||
docker.io/istio/mixer:0.1.5
|
||||
docker.io/istio/manager:0.1.5
|
||||
docker.io/istio/proxy_debug:0.1.5
|
||||
```
|
||||
|
||||
我们暂时不开启[Istio Auth](https://istio.io/docs/concepts/network-and-auth/auth.html)。
|
||||
|
||||
> 本文中用到的所有yaml文件中的`type: LoadBalancer`去掉,使用默认的ClusterIP,然后配置Traefik ingress,就可以在集群外部访问。请参考[安装Traefik ingress](practice/traefik-ingress-installation.md)。
|
||||
|
||||
```bash
|
||||
kubectl apply -f install/kubernetes/istio.yaml
|
||||
```
|
||||
|
||||
**7.安装监控插件**
|
||||
|
||||
用到的镜像有:
|
||||
|
||||
```
|
||||
docker.io/istio/grafana:0.1.5
|
||||
quay.io/coreos/prometheus:v1.1.1
|
||||
gcr.io/istio-testing/servicegraph:latest
|
||||
docker.io/openzipkin/zipkin:latest
|
||||
```
|
||||
|
||||
为了方便下载,其中两个镜像我备份到了时速云:
|
||||
|
||||
```
|
||||
index.tenxcloud.com/jimmy/prometheus:v1.1.1
|
||||
index.tenxcloud.com/jimmy/servicegraph:latest
|
||||
```
|
||||
|
||||
安装插件
|
||||
|
||||
```bash
|
||||
kubectl apply -f install/kubernetes/addons/prometheus.yaml
|
||||
kubectl apply -f install/kubernetes/addons/grafana.yaml
|
||||
kubectl apply -f install/kubernetes/addons/servicegraph.yaml
|
||||
kubectl apply -f install/kubernetes/addons/zipkin.yaml
|
||||
```
|
||||
|
||||
在traefik ingress中增加增加以上几个服务的配置。
|
||||
|
||||
```Yaml
|
||||
- host: grafana.istio.io
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: grafana
|
||||
servicePort: 3000
|
||||
- host: servicegraph.istio.io
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: servicegraph
|
||||
servicePort: 8088
|
||||
- host: prometheus.istio.io
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: prometheus
|
||||
servicePort: 9090
|
||||
- host: zipkin.istio.io
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: zipkin
|
||||
servicePort: 9411
|
||||
```
|
||||
|
||||
Grafana页面
|
||||
|
||||
![Istio Grafana界面](../images/istio-grafana.jpg)
|
||||
|
||||
Prometheus页面
|
||||
|
||||
![Prometheus页面](../images/istio-prometheus.jpg)
|
||||
|
||||
Zipkin页面
|
||||
|
||||
![Zipkin页面](../images/istio-zipkin.jpg)
|
||||
|
||||
|
||||
|
||||
## 测试
|
||||
|
||||
我们使用Istio提供的测试应用[bookinfo](https://istio.io/docs/samples/bookinfo.html)微服务来进行测试。
|
||||
|
||||
该微服务用到的镜像有:
|
||||
|
||||
```
|
||||
istio/examples-bookinfo-details-v1
|
||||
istio/examples-bookinfo-ratings-v1
|
||||
istio/examples-bookinfo-reviews-v1
|
||||
istio/examples-bookinfo-reviews-v2
|
||||
istio/examples-bookinfo-reviews-v3
|
||||
istio/examples-bookinfo-productpage-v1
|
||||
```
|
||||
|
||||
**部署应用**
|
||||
|
||||
```
|
||||
kubectl create -f <(istioctl kube-inject -f samples/apps/bookinfo/bookinfo.yaml)
|
||||
```
|
||||
|
||||
`Istio kube-inject`命令会在`bookinfo.yaml`文件中增加Envoy sidecar信息。参考:https://istio.io/docs/reference/commands/istioctl.html#istioctl-kube-inject
|
||||
|
||||
## 问题
|
||||
|
||||
在bookinfo部署后没有在Grafana、Prometheus、ServiceGraph和Zipkin中看到结果。
|
||||
|
||||
## 参考
|
||||
|
||||
[Installing Istio](https://istio.io/docs/tasks/installing-istio.html)
|
||||
|
||||
[BookInfo sample](https://istio.io/docs/samples/bookinfo.html)
|
|
@ -0,0 +1,11 @@
|
|||
# Istio
|
||||
|
||||
## 前言
|
||||
|
||||
[Istio](https://istio.io)是由Google、IBM和Lyft开源的微服务管理、保护和监控框架。Istio为希腊语,意思是“启航”。
|
||||
|
||||
## 参考
|
||||
|
||||
[Istio开源平台发布,Google、IBM和Lyft分别承担什么角色?](http://www.leiphone.com/news/201705/RwRlyAs7Mi8pqhSb.html)
|
||||
|
||||
[Istio:用于微服务的服务啮合层](http://www.infoq.com/cn/news/2017/05/istio?utm_source=news_about_opensource&utm_medium=link&utm_campaign=opensource)
|
|
@ -0,0 +1,4 @@
|
|||
# 微服务架构
|
||||
|
||||
- [Istio](istio.md)
|
||||
|
Loading…
Reference in New Issue