2810 lines
169 KiB
HTML
2810 lines
169 KiB
HTML
|
||
<!DOCTYPE HTML>
|
||
<html lang="zh-hans" >
|
||
<head>
|
||
<meta charset="UTF-8">
|
||
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
|
||
<title>5.1.1.3 安装和拓展Istio service mesh · Kubernetes Handbook</title>
|
||
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
|
||
<meta name="description" content="">
|
||
<meta name="generator" content="GitBook 3.2.2">
|
||
<meta name="author" content="Jimmy Song">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/style.css">
|
||
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-splitter/splitter.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-page-toc-button/plugin.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-image-captions/image-captions.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-back-to-top-button/plugin.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-search-plus/search.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-tbfed-pagefooter/footer.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-highlight/website.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-fontsettings/website.css">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<meta name="HandheldFriendly" content="true"/>
|
||
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
|
||
<meta name="apple-mobile-web-app-capable" content="yes">
|
||
<meta name="apple-mobile-web-app-status-bar-style" content="black">
|
||
<link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
|
||
<link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
|
||
|
||
|
||
<link rel="next" href="integrating-vms.html" />
|
||
|
||
|
||
<link rel="prev" href="configuring-request-routing.html" />
|
||
|
||
|
||
|
||
<link rel="shortcut icon" href='../favicon.ico' type="image/x-icon">
|
||
|
||
|
||
<link rel="bookmark" href='../favicon.ico' type="image/x-icon">
|
||
|
||
|
||
|
||
|
||
<style>
|
||
@media only screen and (max-width: 640px) {
|
||
.book-header .hidden-mobile {
|
||
display: none;
|
||
}
|
||
}
|
||
</style>
|
||
<script>
|
||
window["gitbook-plugin-github-buttons"] = {"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"};
|
||
</script>
|
||
|
||
</head>
|
||
<body>
|
||
|
||
<div class="book">
|
||
<div class="book-summary">
|
||
|
||
|
||
<div id="book-search-input" role="search">
|
||
<input type="text" placeholder="输入并搜索" />
|
||
</div>
|
||
|
||
|
||
<nav role="navigation">
|
||
|
||
|
||
|
||
<ul class="summary">
|
||
|
||
|
||
|
||
|
||
<li>
|
||
<a href="https://jimmysong.io" target="_blank" class="custom-link">Home</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="divider"></li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="chapter " data-level="1.1" data-path="../">
|
||
|
||
<a href="../">
|
||
|
||
|
||
序言
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.2" data-path="../cloud-native/kubernetes-and-cloud-native-app-overview.html">
|
||
|
||
<a href="../cloud-native/kubernetes-and-cloud-native-app-overview.html">
|
||
|
||
|
||
1. Kubernetes与云原生应用概览
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3" data-path="../concepts/">
|
||
|
||
<a href="../concepts/">
|
||
|
||
|
||
2. 概念原理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.3.1" data-path="../concepts/concepts.html">
|
||
|
||
<a href="../concepts/concepts.html">
|
||
|
||
|
||
2.1 设计理念
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2" data-path="../concepts/objects.html">
|
||
|
||
<a href="../concepts/objects.html">
|
||
|
||
|
||
2.2 Objects
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.3.2.1" data-path="../concepts/pod-overview.html">
|
||
|
||
<a href="../concepts/pod-overview.html">
|
||
|
||
|
||
2.2.1 Pod
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.3.2.1.1" data-path="../concepts/pod.html">
|
||
|
||
<a href="../concepts/pod.html">
|
||
|
||
|
||
2.2.1.1 Pod解析
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.1.2" data-path="../concepts/init-containers.html">
|
||
|
||
<a href="../concepts/init-containers.html">
|
||
|
||
|
||
2.2.1.2 Init容器
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.1.3" data-path="../concepts/pod-security-policy.html">
|
||
|
||
<a href="../concepts/pod-security-policy.html">
|
||
|
||
|
||
2.2.1.3 Pod安全策略
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.1.4" data-path="../concepts/pod-lifecycle.html">
|
||
|
||
<a href="../concepts/pod-lifecycle.html">
|
||
|
||
|
||
2.2.1.4 Pod的生命周期
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.2" data-path="../concepts/node.html">
|
||
|
||
<a href="../concepts/node.html">
|
||
|
||
|
||
2.2.2 Node
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.3" data-path="../concepts/namespace.html">
|
||
|
||
<a href="../concepts/namespace.html">
|
||
|
||
|
||
2.2.3 Namespace
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.4" data-path="../concepts/service.html">
|
||
|
||
<a href="../concepts/service.html">
|
||
|
||
|
||
2.2.4 Service
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.5" data-path="../concepts/volume.html">
|
||
|
||
<a href="../concepts/volume.html">
|
||
|
||
|
||
2.2.5 Volume和Persistent Volume
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.6" data-path="../concepts/deployment.html">
|
||
|
||
<a href="../concepts/deployment.html">
|
||
|
||
|
||
2.2.6 Deployment
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.7" data-path="../concepts/secret.html">
|
||
|
||
<a href="../concepts/secret.html">
|
||
|
||
|
||
2.2.7 Secret
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.8" data-path="../concepts/statefulset.html">
|
||
|
||
<a href="../concepts/statefulset.html">
|
||
|
||
|
||
2.2.8 StatefulSet
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.9" data-path="../concepts/daemonset.html">
|
||
|
||
<a href="../concepts/daemonset.html">
|
||
|
||
|
||
2.2.9 DaemonSet
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.10" data-path="../concepts/serviceaccount.html">
|
||
|
||
<a href="../concepts/serviceaccount.html">
|
||
|
||
|
||
2.2.10 ServiceAccount
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.11" data-path="../concepts/replicaset.html">
|
||
|
||
<a href="../concepts/replicaset.html">
|
||
|
||
|
||
2.2.11 ReplicationController和ReplicaSet
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.12" data-path="../concepts/job.html">
|
||
|
||
<a href="../concepts/job.html">
|
||
|
||
|
||
2.2.12 Job
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.13" data-path="../concepts/cronjob.html">
|
||
|
||
<a href="../concepts/cronjob.html">
|
||
|
||
|
||
2.2.13 CronJob
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.14" data-path="../concepts/ingress.html">
|
||
|
||
<a href="../concepts/ingress.html">
|
||
|
||
|
||
2.2.14 Ingress
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.15" data-path="../concepts/configmap.html">
|
||
|
||
<a href="../concepts/configmap.html">
|
||
|
||
|
||
2.2.15 ConfigMap
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.16" data-path="../concepts/horizontal-pod-autoscaling.html">
|
||
|
||
<a href="../concepts/horizontal-pod-autoscaling.html">
|
||
|
||
|
||
2.2.16 Horizontal Pod Autoscaling
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.17" data-path="../concepts/label.html">
|
||
|
||
<a href="../concepts/label.html">
|
||
|
||
|
||
2.2.17 Label
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.18" data-path="../concepts/garbage-collection.html">
|
||
|
||
<a href="../concepts/garbage-collection.html">
|
||
|
||
|
||
2.2.18 垃圾收集
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.3.2.19" data-path="../concepts/network-policy.html">
|
||
|
||
<a href="../concepts/network-policy.html">
|
||
|
||
|
||
2.2.19 NetworkPolicy
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4" data-path="../guide/">
|
||
|
||
<a href="../guide/">
|
||
|
||
|
||
3. 用户指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.4.1" data-path="../guide/resource-configuration.html">
|
||
|
||
<a href="../guide/resource-configuration.html">
|
||
|
||
|
||
3.1 资源对象配置
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.4.1.1" data-path="../guide/configure-liveness-readiness-probes.html">
|
||
|
||
<a href="../guide/configure-liveness-readiness-probes.html">
|
||
|
||
|
||
3.1.1 配置Pod的liveness和readiness探针
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.1.2" data-path="../guide/configure-pod-service-account.html">
|
||
|
||
<a href="../guide/configure-pod-service-account.html">
|
||
|
||
|
||
3.1.2 配置Pod的Service Account
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.1.3" data-path="../guide/secret-configuration.html">
|
||
|
||
<a href="../guide/secret-configuration.html">
|
||
|
||
|
||
3.1.3 Secret配置
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.1.4" data-path="../guide/resource-quota-management.html">
|
||
|
||
<a href="../guide/resource-quota-management.html">
|
||
|
||
|
||
3.2.3 管理namespace中的资源配额
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.2" data-path="../guide/command-usage.html">
|
||
|
||
<a href="../guide/command-usage.html">
|
||
|
||
|
||
3.2 命令使用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.4.2.1" data-path="../guide/docker-cli-to-kubectl.html">
|
||
|
||
<a href="../guide/docker-cli-to-kubectl.html">
|
||
|
||
|
||
3.2.1 docker用户过度到kubectl命令行指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.2.2" data-path="../guide/using-kubectl.html">
|
||
|
||
<a href="../guide/using-kubectl.html">
|
||
|
||
|
||
3.2.2 kubectl命令概览
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.2.3" data-path="../guide/kubectl-cheatsheet.html">
|
||
|
||
<a href="../guide/kubectl-cheatsheet.html">
|
||
|
||
|
||
3.2.3 kubectl命令技巧大全
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.3" data-path="../guide/cluster-security-management.html">
|
||
|
||
<a href="../guide/cluster-security-management.html">
|
||
|
||
|
||
3.3 集群安全性管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.4.3.1" data-path="../guide/managing-tls-in-a-cluster.html">
|
||
|
||
<a href="../guide/managing-tls-in-a-cluster.html">
|
||
|
||
|
||
3.3.1 管理集群中的TLS
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.3.2" data-path="../guide/kubelet-authentication-authorization.html">
|
||
|
||
<a href="../guide/kubelet-authentication-authorization.html">
|
||
|
||
|
||
3.3.2 kubelet的认证授权
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.3.3" data-path="../guide/tls-bootstrapping.html">
|
||
|
||
<a href="../guide/tls-bootstrapping.html">
|
||
|
||
|
||
3.3.3 TLS bootstrap
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.3.4" data-path="../guide/kubectl-user-authentication-authorization.html">
|
||
|
||
<a href="../guide/kubectl-user-authentication-authorization.html">
|
||
|
||
|
||
3.3.4 创建用户认证授权的kubeconfig文件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.3.5" data-path="../guide/rbac.html">
|
||
|
||
<a href="../guide/rbac.html">
|
||
|
||
|
||
3.3.5 RBAC——基于角色的访问控制
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.3.6" data-path="../guide/ip-masq-agent.html">
|
||
|
||
<a href="../guide/ip-masq-agent.html">
|
||
|
||
|
||
3.3.6 IP伪装代理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.4" data-path="../guide/access-kubernetes-cluster.html">
|
||
|
||
<a href="../guide/access-kubernetes-cluster.html">
|
||
|
||
|
||
3.4 访问 Kubernetes 集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.4.4.1" data-path="../guide/access-cluster.html">
|
||
|
||
<a href="../guide/access-cluster.html">
|
||
|
||
|
||
3.4.1 访问集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.4.2" data-path="../guide/authenticate-across-clusters-kubeconfig.html">
|
||
|
||
<a href="../guide/authenticate-across-clusters-kubeconfig.html">
|
||
|
||
|
||
3.4.2 使用 kubeconfig 文件配置跨集群认证
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.4.3" data-path="../guide/connecting-to-applications-port-forward.html">
|
||
|
||
<a href="../guide/connecting-to-applications-port-forward.html">
|
||
|
||
|
||
3.4.3 通过端口转发访问集群中的应用程序
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.4.4" data-path="../guide/service-access-application-cluster.html">
|
||
|
||
<a href="../guide/service-access-application-cluster.html">
|
||
|
||
|
||
3.4.4 使用 service 访问群集中的应用程序
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.5" data-path="../guide/application-development-deployment-flow.html">
|
||
|
||
<a href="../guide/application-development-deployment-flow.html">
|
||
|
||
|
||
3.5 在kubernetes中开发部署应用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.4.5.1" data-path="../guide/deploy-applications-in-kubernetes.html">
|
||
|
||
<a href="../guide/deploy-applications-in-kubernetes.html">
|
||
|
||
|
||
3.5.1 适用于kubernetes的应用开发部署流程
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.5.2" data-path="../guide/migrating-hadoop-yarn-to-kubernetes.html">
|
||
|
||
<a href="../guide/migrating-hadoop-yarn-to-kubernetes.html">
|
||
|
||
|
||
3.5.2 迁移传统应用到kubernetes中——以Hadoop YARN为例
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.4.5.3" data-path="../guide/using-statefulset.html">
|
||
|
||
<a href="../guide/using-statefulset.html">
|
||
|
||
|
||
3.5.3 使用StatefulSet部署用状态应用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5" data-path="../practice/">
|
||
|
||
<a href="../practice/">
|
||
|
||
|
||
4. 最佳实践
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.1" data-path="../practice/install-kbernetes1.6-on-centos.html">
|
||
|
||
<a href="../practice/install-kbernetes1.6-on-centos.html">
|
||
|
||
|
||
4.1 在CentOS上部署kubernetes1.6集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.1.1" data-path="../practice/create-tls-and-secret-key.html">
|
||
|
||
<a href="../practice/create-tls-and-secret-key.html">
|
||
|
||
|
||
4.1.1 创建TLS证书和秘钥
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.2" data-path="../practice/create-kubeconfig.html">
|
||
|
||
<a href="../practice/create-kubeconfig.html">
|
||
|
||
|
||
4.1.2 创建kubeconfig文件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.3" data-path="../practice/etcd-cluster-installation.html">
|
||
|
||
<a href="../practice/etcd-cluster-installation.html">
|
||
|
||
|
||
4.1.3 创建高可用etcd集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.4" data-path="../practice/kubectl-installation.html">
|
||
|
||
<a href="../practice/kubectl-installation.html">
|
||
|
||
|
||
4.1.4 安装kubectl命令行工具
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.5" data-path="../practice/master-installation.html">
|
||
|
||
<a href="../practice/master-installation.html">
|
||
|
||
|
||
4.1.5 部署master节点
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.6" data-path="../practice/node-installation.html">
|
||
|
||
<a href="../practice/node-installation.html">
|
||
|
||
|
||
4.1.6 部署node节点
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.7" data-path="../practice/kubedns-addon-installation.html">
|
||
|
||
<a href="../practice/kubedns-addon-installation.html">
|
||
|
||
|
||
4.1.7 安装kubedns插件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.8" data-path="../practice/dashboard-addon-installation.html">
|
||
|
||
<a href="../practice/dashboard-addon-installation.html">
|
||
|
||
|
||
4.1.8 安装dashboard插件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.9" data-path="../practice/heapster-addon-installation.html">
|
||
|
||
<a href="../practice/heapster-addon-installation.html">
|
||
|
||
|
||
4.1.9 安装heapster插件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.1.10" data-path="../practice/efk-addon-installation.html">
|
||
|
||
<a href="../practice/efk-addon-installation.html">
|
||
|
||
|
||
4.1.10 安装EFK插件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.2" data-path="../practice/service-discovery-and-loadbalancing.html">
|
||
|
||
<a href="../practice/service-discovery-and-loadbalancing.html">
|
||
|
||
|
||
4.2 服务发现与负载均衡
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.2.1" data-path="../practice/traefik-ingress-installation.html">
|
||
|
||
<a href="../practice/traefik-ingress-installation.html">
|
||
|
||
|
||
4.2.1 安装Traefik ingress
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.2.2" data-path="../practice/distributed-load-test.html">
|
||
|
||
<a href="../practice/distributed-load-test.html">
|
||
|
||
|
||
4.2.2 分布式负载测试
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.2.3" data-path="../practice/network-and-cluster-perfermance-test.html">
|
||
|
||
<a href="../practice/network-and-cluster-perfermance-test.html">
|
||
|
||
|
||
4.2.3 网络和集群性能测试
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.2.4" data-path="../practice/edge-node-configuration.html">
|
||
|
||
<a href="../practice/edge-node-configuration.html">
|
||
|
||
|
||
4.2.4 边缘节点配置
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.2.5" data-path="../practice/nginx-ingress-installation.html">
|
||
|
||
<a href="../practice/nginx-ingress-installation.html">
|
||
|
||
|
||
4.2.5 安装Nginx ingress
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3" data-path="../practice/operation.html">
|
||
|
||
<a href="../practice/operation.html">
|
||
|
||
|
||
4.3 运维管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.3.1" data-path="../practice/service-rolling-update.html">
|
||
|
||
<a href="../practice/service-rolling-update.html">
|
||
|
||
|
||
4.3.1 服务滚动升级
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.2" data-path="../practice/app-log-collection.html">
|
||
|
||
<a href="../practice/app-log-collection.html">
|
||
|
||
|
||
4.3.2 应用日志收集
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.3" data-path="../practice/configuration-best-practice.html">
|
||
|
||
<a href="../practice/configuration-best-practice.html">
|
||
|
||
|
||
4.3.3 配置最佳实践
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.4" data-path="../practice/monitor.html">
|
||
|
||
<a href="../practice/monitor.html">
|
||
|
||
|
||
4.3.4 集群及应用监控
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.5" data-path="../practice/data-persistence-problem.html">
|
||
|
||
<a href="../practice/data-persistence-problem.html">
|
||
|
||
|
||
4.3.6 数据持久化问题
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.6" data-path="../practice/manage-compute-resources-container.html">
|
||
|
||
<a href="../practice/manage-compute-resources-container.html">
|
||
|
||
|
||
4.3.7 管理容器的计算资源
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.7" data-path="../practice/using-prometheus-to-monitor-kuberentes-cluster.html">
|
||
|
||
<a href="../practice/using-prometheus-to-monitor-kuberentes-cluster.html">
|
||
|
||
|
||
4.3.8 使用Prometheus监控kubernetes集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.3.8" data-path="../practice/using-heapster-to-get-object-metrics.html">
|
||
|
||
<a href="../practice/using-heapster-to-get-object-metrics.html">
|
||
|
||
|
||
4.3.9 使用Heapster获取集群和对象的metric数据
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.4" data-path="../practice/storage.html">
|
||
|
||
<a href="../practice/storage.html">
|
||
|
||
|
||
4.4 存储管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.4.1" data-path="../practice/glusterfs.html">
|
||
|
||
<a href="../practice/glusterfs.html">
|
||
|
||
|
||
4.4.1 GlusterFS
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.4.1.1" data-path="../practice/using-glusterfs-for-persistent-storage.html">
|
||
|
||
<a href="../practice/using-glusterfs-for-persistent-storage.html">
|
||
|
||
|
||
4.4.1.1 使用GlusterFS做持久化存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.4.1.2" data-path="../practice/storage-for-containers-using-glusterfs-with-openshift.html">
|
||
|
||
<a href="../practice/storage-for-containers-using-glusterfs-with-openshift.html">
|
||
|
||
|
||
4.4.1.2 在OpenShift中使用GlusterFS做持久化存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.4.2" data-path="../practice/cephfs.html">
|
||
|
||
<a href="../practice/cephfs.html">
|
||
|
||
|
||
4.4.2 CephFS
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.4.2.1" data-path="../practice/using-ceph-for-persistent-storage.html">
|
||
|
||
<a href="../practice/using-ceph-for-persistent-storage.html">
|
||
|
||
|
||
4.4.2.1 使用Ceph做持久化存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.5" data-path="../practice/services-management-tool.html">
|
||
|
||
<a href="../practice/services-management-tool.html">
|
||
|
||
|
||
4.5 服务编排管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.5.1" data-path="../practice/helm.html">
|
||
|
||
<a href="../practice/helm.html">
|
||
|
||
|
||
4.5.1 使用Helm管理kubernetes应用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.5.2" data-path="../practice/create-private-charts-repo.html">
|
||
|
||
<a href="../practice/create-private-charts-repo.html">
|
||
|
||
|
||
4.5.2 构建私有Chart仓库
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.6" data-path="../practice/ci-cd.html">
|
||
|
||
<a href="../practice/ci-cd.html">
|
||
|
||
|
||
4.6 持续集成与发布
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.6.1" data-path="../practice/jenkins-ci-cd.html">
|
||
|
||
<a href="../practice/jenkins-ci-cd.html">
|
||
|
||
|
||
4.6.1 使用Jenkins进行持续集成与发布
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.6.2" data-path="../practice/drone-ci-cd.html">
|
||
|
||
<a href="../practice/drone-ci-cd.html">
|
||
|
||
|
||
4.6.2 使用Drone进行持续集成与发布
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.7" data-path="../practice/update-and-upgrade.html">
|
||
|
||
<a href="../practice/update-and-upgrade.html">
|
||
|
||
|
||
4.7 更新与升级
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.5.7.1" data-path="../practice/manually-upgrade.html">
|
||
|
||
<a href="../practice/manually-upgrade.html">
|
||
|
||
|
||
4.7.1 手动升级kubernetes集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.5.7.2" data-path="../practice/dashboard-upgrade.html">
|
||
|
||
<a href="../practice/dashboard-upgrade.html">
|
||
|
||
|
||
4.7.2 升级dashboard
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6" data-path="./">
|
||
|
||
<a href="./">
|
||
|
||
|
||
5. 领域应用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.6.1" data-path="microservices.html">
|
||
|
||
<a href="microservices.html">
|
||
|
||
|
||
5.1 微服务架构
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.6.1.1" data-path="service-discovery-in-microservices.html">
|
||
|
||
<a href="service-discovery-in-microservices.html">
|
||
|
||
|
||
5.1.1 微服务中的服务发现
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.2" data-path="service-mesh.html">
|
||
|
||
<a href="service-mesh.html">
|
||
|
||
|
||
5.2 Service Mesh 服务网格
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.6.2.1" data-path="istio.html">
|
||
|
||
<a href="istio.html">
|
||
|
||
|
||
5.1.1 Istio
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.6.2.1.1" data-path="istio-installation.html">
|
||
|
||
<a href="istio-installation.html">
|
||
|
||
|
||
5.1.1.1 安装并试用Istio service mesh
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.2.1.2" data-path="configuring-request-routing.html">
|
||
|
||
<a href="configuring-request-routing.html">
|
||
|
||
|
||
5.1.1.2 配置请求的路由规则
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter active" data-level="1.6.2.1.3" data-path="install-and-expand-istio-mesh.html">
|
||
|
||
<a href="install-and-expand-istio-mesh.html">
|
||
|
||
|
||
5.1.1.3 安装和拓展Istio service mesh
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.2.1.4" data-path="integrating-vms.html">
|
||
|
||
<a href="integrating-vms.html">
|
||
|
||
|
||
5.1.1.4 集成虚拟机
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.2.2" data-path="linkerd.html">
|
||
|
||
<a href="linkerd.html">
|
||
|
||
|
||
5.1.2 Linkerd
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.6.2.2.1" data-path="linkerd-user-guide.html">
|
||
|
||
<a href="linkerd-user-guide.html">
|
||
|
||
|
||
5.1.2.1 Linkerd 使用指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.3" data-path="big-data.html">
|
||
|
||
<a href="big-data.html">
|
||
|
||
|
||
5.2 大数据
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.6.3.1" data-path="spark-standalone-on-kubernetes.html">
|
||
|
||
<a href="spark-standalone-on-kubernetes.html">
|
||
|
||
|
||
5.2.1 Spark standalone on Kubernetes
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.3.2" data-path="running-spark-with-kubernetes-native-scheduler.html">
|
||
|
||
<a href="running-spark-with-kubernetes-native-scheduler.html">
|
||
|
||
|
||
5.2.2 运行支持kubernetes原生调度的Spark程序
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.4" data-path="serverless.html">
|
||
|
||
<a href="serverless.html">
|
||
|
||
|
||
5.3 Serverless架构
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.6.5" data-path="edge-computing.html">
|
||
|
||
<a href="edge-computing.html">
|
||
|
||
|
||
5.4 边缘计算
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.7" data-path="../develop/">
|
||
|
||
<a href="../develop/">
|
||
|
||
|
||
6. 开发指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.7.1" data-path="../develop/developing-environment.html">
|
||
|
||
<a href="../develop/developing-environment.html">
|
||
|
||
|
||
6.1 开发环境搭建
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.7.2" data-path="../develop/testing.html">
|
||
|
||
<a href="../develop/testing.html">
|
||
|
||
|
||
6.2 单元测试和集成测试
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.7.3" data-path="../develop/client-go-sample.html">
|
||
|
||
<a href="../develop/client-go-sample.html">
|
||
|
||
|
||
6.3 client-go示例
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.7.4" data-path="../develop/contribute.html">
|
||
|
||
<a href="../develop/contribute.html">
|
||
|
||
|
||
6.4 社区贡献
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.7.5" data-path="../develop/minikube.html">
|
||
|
||
<a href="../develop/minikube.html">
|
||
|
||
|
||
6.5 Minikube
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.8" data-path="../appendix/">
|
||
|
||
<a href="../appendix/">
|
||
|
||
|
||
7. 附录
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="1.8.1" data-path="../appendix/docker-best-practice.html">
|
||
|
||
<a href="../appendix/docker-best-practice.html">
|
||
|
||
|
||
7.1 Docker最佳实践
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.8.2" data-path="../appendix/issues.html">
|
||
|
||
<a href="../appendix/issues.html">
|
||
|
||
|
||
7.2 问题记录
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.8.3" data-path="../appendix/tricks.html">
|
||
|
||
<a href="../appendix/tricks.html">
|
||
|
||
|
||
7.3 使用技巧
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.8.4" data-path="../appendix/debug-kubernetes-services.html">
|
||
|
||
<a href="../appendix/debug-kubernetes-services.html">
|
||
|
||
|
||
7.4 kubernetes中的应用故障排查
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="1.8.5" data-path="../appendix/material-share.html">
|
||
|
||
<a href="../appendix/material-share.html">
|
||
|
||
|
||
7.5 Kubernetes相关资讯和情报链接
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="divider"></li>
|
||
|
||
<li>
|
||
<a href="https://www.gitbook.com" target="blank" class="gitbook-link">
|
||
本书使用 GitBook 发布
|
||
</a>
|
||
</li>
|
||
</ul>
|
||
|
||
|
||
</nav>
|
||
|
||
|
||
</div>
|
||
|
||
<div class="book-body">
|
||
|
||
<div class="body-inner">
|
||
|
||
|
||
|
||
<div class="book-header" role="navigation">
|
||
|
||
|
||
<!-- Title -->
|
||
<h1>
|
||
<i class="fa fa-circle-o-notch fa-spin"></i>
|
||
<a href=".." >5.1.1.3 安装和拓展Istio service mesh</a>
|
||
</h1>
|
||
</div>
|
||
|
||
|
||
|
||
|
||
<div class="page-wrapper" tabindex="-1" role="main">
|
||
<div class="page-inner">
|
||
|
||
<div class="search-plus" id="book-search-results">
|
||
<div class="search-noresults">
|
||
|
||
<section class="normal markdown-section">
|
||
|
||
<h1 id="安装和拓展-istio-mesh">安装和拓展 Istio mesh</h1>
|
||
<h2 id="前置条件">前置条件</h2>
|
||
<p>下面的操作说明需要您可以访问 kubernetes <strong>1.7.3 后更高版本</strong> 的集群,并且启用了 <a href="https://kubernetes.io/docs/admin/authorization/rbac/" target="_blank">RBAC (基于角色的访问控制)</a>。您需要安装了 <strong>1.7.3 或更高版本</strong> 的 <code>kubectl</code> 命令。如果您希望启用 <a href="http://istio.doczh.cn/docs/setup/kubernetes/sidecar-injection.html#自动注入-sidecar" target="_blank">自动注入 sidecar</a>,您需要启用 kubernetes 集群的 alpha 功能。</p>
|
||
<blockquote>
|
||
<p>注意:如果您安装了 Istio 0.1.x,在安装新版本前请先 <a href="http://istio.doczh.cn/docs/setup/kubernetes/quick-start.html#卸载" target="_blank">卸载</a> 它们(包括已启用 Istio 应用程序 Pod 中的 sidecar)。</p>
|
||
</blockquote>
|
||
<ul>
|
||
<li><p>取决于您的 kubernetes 提供商:</p>
|
||
<ul>
|
||
<li><p>本地安装 Istio,安装最新版本的 <a href="https://kubernetes.io/docs/getting-started-guides/minikube/" target="_blank">Minikube</a> (version 0.22.1 或者更高)。</p>
|
||
</li>
|
||
<li><p><a href="https://cloud.google.com/container-engine" target="_blank">Google Container Engine</a></p>
|
||
<ul>
|
||
<li><p>使用 kubectl 获取证书 (使用您自己的集群的名字替换 <code><cluster-name></code> ,使用集群实际所在的位置替换 <code><zone></code> ):</p>
|
||
<pre><code class="lang-bash">gcloud container clusters get-credentials <cluster-name> --zone <zone> --project <project-name>
|
||
</code></pre>
|
||
</li>
|
||
<li><p>将集群管理员权限授予当前用户(需要管理员权限才能为Istio创建必要的RBAC规则):</p>
|
||
<pre><code class="lang-bash">kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)
|
||
</code></pre>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li><p><a href="https://www.ibm.com/cloud-computing/bluemix/containers" target="_blank">IBM Bluemix Container Service</a></p>
|
||
<ul>
|
||
<li><p>使用 kubectl 获取证书 (使用您自己的集群的名字替换): </p>
|
||
<pre><code class="lang-bash"><cluster-name>
|
||
</code></pre>
|
||
<pre><code class="lang-bash">$(bx cs cluster-config <cluster-name>|grep <span class="hljs-string">"export KUBECONFIG"</span>)
|
||
</code></pre>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li><p><a href="https://www.openshift.org/" target="_blank">Openshift Origin</a> 3.7 或者以上版本:</p>
|
||
<ul>
|
||
<li><p>默认情况下,Openshift 不允许以 UID 0运行容器。为 Istio 的入口(ingress)和出口(egress)service account 启用使用UID 0运行的容器:</p>
|
||
<pre><code class="lang-bash">oc adm policy add-scc-to-user anyuid -z istio-ingress-service-account -n istio-system
|
||
oc adm policy add-scc-to-user anyuid -z istio-egress-service-account -n istio-system
|
||
oc adm policy add-sc-to-user anyuid -z default -n istio-system
|
||
</code></pre>
|
||
</li>
|
||
<li><p>运行应用程序 Pod 的 service account 需要特权安全性上下文限制,以此作为 sidecar 注入的一部分:</p>
|
||
<pre><code class="lang-bash">oc adm policy add-scc-to-user privileged -z default -n <target-namespace>
|
||
</code></pre>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li><p>安装或升级 Kubernetes 命令行工具 <a href="https://kubernetes.io/docs/tasks/tools/install-kubectl/" target="_blank">kubectl</a> 以匹配您的集群版本(1.7或以上版本)。</p>
|
||
</li>
|
||
</ul>
|
||
<h2 id="安装步骤">安装步骤</h2>
|
||
<p>不论对于哪个 Istio 发行版,都安装到 <code>istio-system</code> namespace 下,即可以管理所有其它 namespace 下的微服务。</p>
|
||
<ol>
|
||
<li><p>到 <a href="https://github.com/istio/istio/releases" target="_blank">Istio release</a> 页面上,根据您的操作系统下载对应的发行版。如果您使用的是 MacOS 或者 Linux 系统,可以使用下面的额命令自动下载和解压最新的发行版:</p>
|
||
<pre><code class="lang-bash">curl -L https://git.io/getLatestIstio | sh -
|
||
</code></pre>
|
||
</li>
|
||
<li><p>解压安装文件,切换到文件所在目录。安装文件目录下包含:</p>
|
||
<ul>
|
||
<li><code>install/</code> 目录下是 kubernetes 使用的 <code>.yaml</code> 安装文件</li>
|
||
<li><code>samples/</code> 目录下是示例程序</li>
|
||
<li><code>istioctl</code> 客户端二进制文件在 <code>bin</code> 目录下。<code>istioctl</code> 文件用户手动注入 Envoy sidecar 代理、创建路由和策略等。</li>
|
||
<li><code>istio.VERSION</code> 配置文件</li>
|
||
</ul>
|
||
</li>
|
||
<li><p>切换到 istio 包的解压目录。例如 istio-0.2.7:</p>
|
||
<pre><code class="lang-bash"><span class="hljs-built_in">cd</span> istio-0.2.7
|
||
</code></pre>
|
||
</li>
|
||
<li><p>将 <code>istioctl</code> 客户端二进制文件加到 PATH 中。</p>
|
||
<p>例如,在 MacOS 或 Linux 系统上执行下面的命令:</p>
|
||
<pre><code class="lang-bash"><span class="hljs-built_in">export</span> PATH=<span class="hljs-variable">$PWD</span>/bin:<span class="hljs-variable">$PATH</span>
|
||
</code></pre>
|
||
</li>
|
||
<li><p>安装 Istio 的核心部分。选择面两个 <strong>互斥</strong> 选项中的之一:</p>
|
||
<p>a) 安装 Istio 的时候不启用 sidecar 之间的 <a href="http://istio.doczh.cn/docs/concepts/security/mutual-tls.html" target="_blank">TLS 双向认证</a>:</p>
|
||
<p>为具有现在应用程序的集群选择该选项,使用 Istio sidecar 的服务需要能够与非 Istio Kubernetes 服务以及使用 <a href="https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/" target="_blank">liveliness 和 readiness 探针</a>、headless service 和 StatefulSet 的应用程序通信。</p>
|
||
<pre><code class="lang-bash">kubectl apply <span class="hljs-_">-f</span> install/kubernetes/istio.yaml
|
||
</code></pre>
|
||
<p><strong>或者</strong></p>
|
||
<p>b) 安装 Istio 的时候启用 sidecar 之间的 <a href="http://istio.doczh.cn/docs/concepts/security/mutual-tls.html" target="_blank">TLS 双向认证</a>:</p>
|
||
<pre><code class="lang-bash">kubectl apply <span class="hljs-_">-f</span> install/kubernetes/istio-auth.yaml
|
||
</code></pre>
|
||
<p>这两个选项都会创建 <code>istio-system</code> 命名空间以及所需的 RBAC 权限,并部署 Istio-Pilot、Istio-Mixer、Istio-Ingress、Istio-Egress 和 Istio-CA(证书颁发机构)。</p>
|
||
</li>
|
||
<li><p><em>可选的</em>:如果您的 kubernetes 集群开启了 alpha 功能,并想要启用 <a href="http://istio.doczh.cn/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection" target="_blank">自动注入 sidecar</a>,需要安装 Istio-Initializer:</p>
|
||
<pre><code class="lang-bash">kubectl apply <span class="hljs-_">-f</span> install/kubernetes/istio-initializer.yaml
|
||
</code></pre>
|
||
</li>
|
||
</ol>
|
||
<h2 id="验证安装">验证安装</h2>
|
||
<ol>
|
||
<li><p>确认系列 kubernetes 服务已经部署了: <code>istio-pilot</code>、 <code>istio-mixer</code>、<code>istio-ingress</code>、 <code>istio-egress</code>:</p>
|
||
<pre><code class="lang-bash">kubectl get svc -n istio-system
|
||
</code></pre>
|
||
<pre><code class="lang-bash">NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||
istio-egress 10.83.247.89 <none> 80/TCP 5h
|
||
istio-ingress 10.83.245.171 35.184.245.62 80:32730/TCP,443:30574/TCP 5h
|
||
istio-pilot 10.83.251.173 <none> 8080/TCP,8081/TCP 5h
|
||
istio-mixer 10.83.244.253 <none> 9091/TCP,9094/TCP,42422/TCP 5h
|
||
</code></pre>
|
||
<p>注意:如果您运行的集群不支持外部负载均衡器(如 minikube), <code>istio-ingress</code> 服务的 <code>EXTERNAL-IP</code> 显示<code><pending></code>。你必须改为使用 NodePort service 或者 端口转发方式来访问应用程序。</p>
|
||
</li>
|
||
<li><p>确人对应的 Kubernetes pod 已部署并且所有的容器都启动并运行: <code>istio-pilot-*</code>、 <code>istio-mixer-*</code>、 <code>istio-ingress-*</code>、 <code>istio-egress-*</code>、<code>istio-ca-*</code>, <code>istio-initializer-*</code> 是可以选的。</p>
|
||
<pre><code class="lang-bash">kubectl get pods -n istio-system
|
||
</code></pre>
|
||
<pre><code class="lang-bash">istio-ca-3657790228-j21b9 1/1 Running 0 5h
|
||
istio-egress-1684034556-fhw89 1/1 Running 0 5h
|
||
istio-ingress-1842462111-j3vcs 1/1 Running 0 5h
|
||
istio-initializer-184129454-zdgf5 1/1 Running 0 5h
|
||
istio-pilot-2275554717-93c43 1/1 Running 0 5h
|
||
istio-mixer-2104784889-20rm8 2/2 Running 0 5h
|
||
</code></pre>
|
||
</li>
|
||
</ol>
|
||
<h2 id="部署应用">部署应用</h2>
|
||
<p>您可以部署自己的应用或者示例应用程序如 <a href="http://istio.doczh.cn/docs/guides/bookinfo.html" target="_blank">BookInfo</a>。 注意:应用程序必须使用 HTTP/1.1 或 HTTP/2.0 协议来传递 HTTP 流量,因为 HTTP/1.0 已经不再支持。</p>
|
||
<p>如果您启动了 <a href="http://istio.doczh.cn/docs/setup/kubernetes/sidecar-injection.html" target="_blank">Istio-Initializer</a>,如上所示,您可以使用 <code>kubectl create</code> 直接部署应用。Istio-Initializer 会向应用程序的 pod 中自动注入 Envoy 容器:</p>
|
||
<pre><code class="lang-bash">kubectl create <span class="hljs-_">-f</span> <your-app-spec>.yaml
|
||
</code></pre>
|
||
<p>如果您没有安装 Istio-initializer 的话,您必须使用 <a href="http://istio.doczh.cn/docs/reference/commands/istioctl.html#istioctl-kube-inject" target="_blank">istioctl kube-inject</a> 命令在部署应用之前向应用程序的 pod 中手动注入 Envoy 容器:</p>
|
||
<pre><code class="lang-bash">kubectl create <span class="hljs-_">-f</span> <(istioctl kube-inject <span class="hljs-_">-f</span> <your-app-spec>.yaml)
|
||
</code></pre>
|
||
<h2 id="卸载">卸载</h2>
|
||
<ul>
|
||
<li><p>卸载 Istio initializer:</p>
|
||
<p>如果您安装 Isto 的时候启用了 initializer,请卸载它:</p>
|
||
<pre><code class="lang-bash">kubectl delete <span class="hljs-_">-f</span> install/kubernetes/istio-initializer.yaml
|
||
</code></pre>
|
||
</li>
|
||
<li><p>卸载 Istio 核心组件。对于某一 Istio 版本,删除 RBAC 权限,<code>istio-system</code> namespace,和该命名空间的下的各层级资源。</p>
|
||
<p>不必理会在层级删除过程中的各种报错,因为这些资源可能已经被删除的。</p>
|
||
<p>a) 如果您在安装 Istio 的时候关闭了 TLS 双向认证:</p>
|
||
<pre><code class="lang-bash"> kubectl delete <span class="hljs-_">-f</span> install/kubernetes/istio.yaml
|
||
</code></pre>
|
||
<p><strong>或者</strong></p>
|
||
<p>b) 如果您在安装 Istio 的时候启用到了 TLS 双向认证:</p>
|
||
<pre><code class="lang-bash"> kubectl delete <span class="hljs-_">-f</span> install/kubernetes/istio-auth.yaml
|
||
</code></pre>
|
||
</li>
|
||
</ul>
|
||
<h1 id="安装-istio-sidecar">安装 Istio Sidecar</h1>
|
||
<h2 id="pod-spec-需满足的条件">Pod Spec 需满足的条件</h2>
|
||
<p>为了成为 Service Mesh 中的一部分,kubernetes 集群中的每个 Pod 都必须满足如下条件:</p>
|
||
<ol>
|
||
<li><strong>Service 注解</strong>:每个 pod 都必须只属于某<strong>一个</strong> <a href="https://kubernetes.io/docs/concepts/services-networking/service/" target="_blank">Kubernetes Service</a> (当前不支持一个 pod 同时属于多个 service)。</li>
|
||
<li><strong>命名的端口</strong>:Service 的端口必须命名。端口的名字必须遵循如下格式 <code><protocol>[-<suffix>]</code>,可以是http、http2、 grpc、 mongo、 或者 redis 作为 <code><protocol></code> ,这样才能使用 Istio 的路由功能。例如<code>name: http2-foo</code> 和 <code>name: http</code> 都是有效的端口名称,而 <code>name: http2foo</code> 不是。如果端口的名称是不可识别的前缀或者未命名,那么该端口上的流量就会作为普通的 TCP 流量(除非使用 <code>Protocol: UDP</code> 明确声明使用 UDP 端口)。</li>
|
||
<li><strong>带有 app label 的 Deployment</strong>:我们建议 kubernetes 的<code>Deploymenet</code> 资源的配置文件中为 Pod 明确指定 <code>app</code> label。每个Deployment 的配置中都需要有个不同的有意义的 <code>app</code> 标签。<code>app</code> label 用于在分布式坠重中添加上下文信息。</li>
|
||
<li><strong>Mesh 中的每个 pod 里都有一个 Sidecar</strong>: 最后,Mesh 中的每个 pod 都必须运行与 Istio 兼容的sidecar。遗爱部分介绍了将 sidecar 注入到 pod 中的两种方法:使用<code>istioctl</code> 命令行工具手动注入,或者使用 istio initializer 自动注入。注意 sidecar 不涉及到容器间的流量,因为他们都在同一个 pod 中。</li>
|
||
</ol>
|
||
<h2 id="手动注入-sidecar">手动注入 sidecar</h2>
|
||
<p><code>istioctl</code> 命令行中有一个称为 <a href="http://istio.doczh.cn/docs/reference/commands/istioctl.html#istioctl-kube-inject" target="_blank">kube-inject</a> 的便利工具,使用它可以将 Istio 的 sidecar 规范添加到 kubernetes 工作负载的规范配置中。与 Initializer 程序不同,<code>kube-inject</code> 只是将 YAML 规范转换成包含 Istio sidecar 的规范。您需要使用标准的工具如 <code>kubectl</code> 来部署修改后的 YAML。例如,以下命令将 sidecar 添加到 sleep.yaml 文件中指定的 pod 中,并将修改后的规范提交给 kubernetes:</p>
|
||
<pre><code class="lang-bash">kubectl apply <span class="hljs-_">-f</span> <(istioctl kube-inject <span class="hljs-_">-f</span> samples/sleep/sleep.yaml)
|
||
</code></pre>
|
||
<h3 id="示例">示例</h3>
|
||
<p>我们来试一试将 Istio sidecar 注入到 sleep 服务中去。</p>
|
||
<pre><code class="lang-bash">kubectl apply <span class="hljs-_">-f</span> <(istioctl kube-inject <span class="hljs-_">-f</span> samples/sleep/sleep.yaml)
|
||
</code></pre>
|
||
<p>Kube-inject 子命令将 Istio sidecar 和 init 容器注入到 deployment 配置中,转换后的输出如下所示:</p>
|
||
<pre><code class="lang-yaml">... 略过 ...
|
||
<span class="hljs-meta">---</span>
|
||
<span class="hljs-attr">apiVersion:</span> extensions/v1beta1
|
||
<span class="hljs-attr">kind:</span> Deployment
|
||
<span class="hljs-attr">metadata:</span>
|
||
<span class="hljs-attr"> annotations:</span>
|
||
sidecar.istio.io/status: injected-version-root@<span class="hljs-number">69916</span>ebba0fc<span class="hljs-bullet">-0.2</span><span class="hljs-number">.6</span><span class="hljs-bullet">-081</span>ffece00c82cb9de33cd5617682999aee5298d
|
||
<span class="hljs-attr"> name:</span> sleep
|
||
<span class="hljs-attr">spec:</span>
|
||
<span class="hljs-attr"> replicas:</span> <span class="hljs-number">1</span>
|
||
<span class="hljs-attr"> template:</span>
|
||
<span class="hljs-attr"> metadata:</span>
|
||
<span class="hljs-attr"> annotations:</span>
|
||
sidecar.istio.io/status: injected-version-root@<span class="hljs-number">69916</span>ebba0fc<span class="hljs-bullet">-0.2</span><span class="hljs-number">.6</span><span class="hljs-bullet">-081</span>ffece00c82cb9de33cd5617682999aee5298d
|
||
<span class="hljs-attr"> labels:</span>
|
||
<span class="hljs-attr"> app:</span> sleep
|
||
<span class="hljs-attr"> spec:</span>
|
||
<span class="hljs-attr"> containers:</span>
|
||
<span class="hljs-attr"> - name:</span> sleep
|
||
<span class="hljs-attr"> image:</span> tutum/curl
|
||
<span class="hljs-attr"> command:</span> [<span class="hljs-string">"/bin/sleep"</span>,<span class="hljs-string">"infinity"</span>]
|
||
<span class="hljs-attr"> imagePullPolicy:</span> IfNotPresent
|
||
<span class="hljs-attr"> - name:</span> istio-proxy
|
||
<span class="hljs-attr"> image:</span> docker.io/istio/proxy_debug:<span class="hljs-number">0.2</span><span class="hljs-number">.6</span>
|
||
<span class="hljs-attr"> args:</span>
|
||
... 略过 ...
|
||
<span class="hljs-attr"> initContainers:</span>
|
||
<span class="hljs-attr"> - name:</span> istio-init
|
||
<span class="hljs-attr"> image:</span> docker.io/istio/proxy_init:<span class="hljs-number">0.2</span><span class="hljs-number">.6</span>
|
||
<span class="hljs-attr"> imagePullPolicy:</span> IfNotPresent
|
||
<span class="hljs-attr"> args:</span>
|
||
... 略过 ...
|
||
<span class="hljs-meta">---</span>
|
||
</code></pre>
|
||
<p>注入 sidecar 的关键在于 <code>initContainers</code> 和 istio-proxy 容器。为了简洁起见,上述输出有所省略。</p>
|
||
<p>验证 sleep deployment 中包含 sidecar。injected-version 对应于注入的 sidecar 镜像的版本和镜像的 TAG。在您的设置的可能会有所不同。</p>
|
||
<pre><code class="lang-bash"><span class="hljs-built_in">echo</span> $(kubectl get deployment sleep -o jsonpath=<span class="hljs-string">'{.metadata.annotations.sidecar\.istio\.io\/status}'</span>)
|
||
</code></pre>
|
||
<pre><code class="lang-bash">injected-version-9c7c291eab0a522f8033decd0f5b031f5ed0e126
|
||
</code></pre>
|
||
<p>你可以查看包含注入的容器和挂载的 volume 的完整 deployment 信息。</p>
|
||
<pre><code class="lang-bash">kubectl get deployment sleep -o yaml
|
||
</code></pre>
|
||
<h2 id="自动注入-sidecar">自动注入 sidecar</h2>
|
||
<p>Istio sidecar 可以在部署之前使用 Kubernetes 中一个名为 <a href="https://kubernetes.io/docs/admin/extensible-admission-controllers/#what-are-initializers" target="_blank">Initializer</a> 的 Alpha 功能自动注入到 Pod 中。</p>
|
||
<blockquote>
|
||
<p>注意:Kubernetes InitializerConfiguration没有命名空间,适用于整个集群的工作负载。不要在共享测试环境中启用此功能。</p>
|
||
</blockquote>
|
||
<h3 id="前置条件">前置条件</h3>
|
||
<p>Initializer 需要在集群设置期间显示启用,如 <a href="https://kubernetes.io/docs/admin/extensible-admission-controllers/#enable-initializers-alpha-feature" target="_blank">此处</a> 所述。
|
||
假设集群中已启用RBAC,则可以在不同环境中启用初始化程序,如下所示:</p>
|
||
<ul>
|
||
<li><p><em>GKE</em></p>
|
||
<pre><code class="lang-bash">gcloud container clusters create NAME \
|
||
--enable-kubernetes-alpha \
|
||
--machine-type=n1-standard-2 \
|
||
--num-nodes=4 \
|
||
--no-enable-legacy-authorization \
|
||
--zone=ZONE
|
||
</code></pre>
|
||
</li>
|
||
<li><p><em>IBM Bluemix</em> kubernetes v1.7.4 或更高版本的集群已默认启用 initializer。</p>
|
||
</li>
|
||
<li><p><em>Minikube</em></p>
|
||
<p>Minikube v0.22.1 或更高版本需要为 GenericAdmissionWebhook 功能配置适当的证书。获取最新版本: <a href="https://github.com/kubernetes/minikube/releases" target="_blank">https://github.com/kubernetes/minikube/releases</a>.</p>
|
||
<pre><code class="lang-bash">minikube start \
|
||
--extra-config=apiserver.Admission.PluginNames=<span class="hljs-string">"Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,GenericAdmissionWebhook,ResourceQuota"</span> \
|
||
--kubernetes-version=v1.7.5
|
||
</code></pre>
|
||
</li>
|
||
</ul>
|
||
<h3 id="安装">安装</h3>
|
||
<p>您现在可以从 Istio 安装根目录设置 Istio Initializer。</p>
|
||
<pre><code class="lang-bash">kubectl apply <span class="hljs-_">-f</span> install/kubernetes/istio-initializer.yaml
|
||
</code></pre>
|
||
<p>将会创建下列资源:</p>
|
||
<ol>
|
||
<li><code>istio-sidecar</code> InitializerConfiguration 资源,指定 Istio sidecar 注入的资源。默认情况下 Istio sidecar 将被注入到 <code>deployment</code>、 <code>statefulset</code>、 <code>job</code> 和 <code>daemonset</code>中。</li>
|
||
<li><code>istio-inject</code> ConfigMap,initializer 的默认注入策略,一组初始化 namespace,以及注入时使用的模版参数。这些配置的详细说明请参考 <a href="#configuration-options">配置选项</a>。</li>
|
||
<li><code>istio-initializer</code> Deployment,运行 initializer 控制器。</li>
|
||
<li><code>istio-initializer-service-account</code> ServiceAccount,用于 <code>istio-initializer</code> deployment。<code>ClusterRole</code> 和 <code>ClusterRoleBinding</code> 在 <code>install/kubernetes/istio.yaml</code> 中定义。注意所有的资源类型都需要有 <code>initialize</code> 和 <code>patch</code> 。正式处于这个原因,initializer 要作为 deployment 的一部分来运行而不是嵌入到其它控制器中,例如 istio-pilot。</li>
|
||
</ol>
|
||
<h3 id="验证">验证</h3>
|
||
<p>为了验证 sidecar 是否成功注入,为上面的 sleep 服务创建 deployment 和 service。</p>
|
||
<pre><code class="lang-bash">kubectl apply <span class="hljs-_">-f</span> samples/sleep/sleep.yaml
|
||
</code></pre>
|
||
<p>验证 sleep deployment 中包含 sidecar。injected-version 对应于注入的 sidecar 镜像的版本和镜像的 TAG。在您的设置的可能会有所不同。</p>
|
||
<pre><code class="lang-bash">$ <span class="hljs-built_in">echo</span> $(kubectl get deployment sleep -o jsonpath=<span class="hljs-string">'{.metadata.annotations.sidecar\.istio\.io\/status}'</span>)
|
||
</code></pre>
|
||
<pre><code class="lang-bash">injected-version-9c7c291eab0a522f8033decd0f5b031f5ed0e126
|
||
</code></pre>
|
||
<p>你可以查看包含注入的容器和挂载的 volume 的完整 deployment 信息。</p>
|
||
<pre><code class="lang-bash">kubectl get deployment sleep -o yaml
|
||
</code></pre>
|
||
<h3 id="了解发生了什么">了解发生了什么</h3>
|
||
<p>以下是将工作负载提交给 Kubernetes 后发生的情况:</p>
|
||
<p>1) kubernetes 将 <code>sidecar.initializer.istio.io</code> 添加到工作负载的 pending initializer 列表中。</p>
|
||
<p>2) istio-initializer 控制器观察到有一个新的未初始化的工作负载被创建了。pending initializer 列表中的第一个个将作为 <code>sidecar.initializer.istio.io</code> 的名称。</p>
|
||
<p>3) istio-initializer 检查它是否负责初始化 namespace 中的工作负载。如果没有为该 namespace 配置 initializer,则不需要做进一步的工作,而且 initializer 会忽略工作负载。默认情况下,initializer 负责所有的 namespace(参考 <a href="#配置选项">配置选项</a>)。</p>
|
||
<p>4) istio-initializer 将自己从 pending initializer 中移除。如果 pending initializer 列表非空,则 Kubernetes 不回结束工作负载的创建。错误配置的 initializer 意味着破损的集群。</p>
|
||
<p>5) istio-initializer 检查 mesh 的默认注入策略,并检查所有单个工作负载的策略负载值,以确定是否需要注入 sidecar。</p>
|
||
<p>6) istio-initializer 向工作负载中注入 sidecar 模板,然后通过 PATCH 向 kubernetes 提交。</p>
|
||
<p>7) kubernetes 正常的完成了工作负载的创建,并且工作负载中已经包含了注入的 sidecar。</p>
|
||
<h3 id="配置选项">配置选项</h3>
|
||
<p>istio-initializer 具有用于注入的全局默认策略以及每个工作负载覆盖配置。全局策略由 <code>istio-inject</code> ConfigMap 配置(请参见下面的示例)。Initializer pod 必须重新启动以采用新的配置更改。</p>
|
||
<pre><code class="lang-yaml"><span class="hljs-attr">apiVersion:</span> v1
|
||
<span class="hljs-attr">kind:</span> ConfigMap
|
||
<span class="hljs-attr">metadata:</span>
|
||
<span class="hljs-attr"> name:</span> istio-inject
|
||
<span class="hljs-attr"> namespace:</span> istio-system
|
||
<span class="hljs-attr">data:</span>
|
||
<span class="hljs-attr"> config:</span> |-
|
||
<span class="hljs-attr"> policy:</span> <span class="hljs-string">"enabled"</span>
|
||
<span class="hljs-attr"> namespaces:</span> [<span class="hljs-string">""</span>] <span class="hljs-comment"># everything, aka v1.NamepsaceAll, aka cluster-wide</span>
|
||
<span class="hljs-comment"># excludeNamespaces: ["ns1", "ns2"]</span>
|
||
<span class="hljs-attr"> initializerName:</span> <span class="hljs-string">"sidecar.initializer.istio.io"</span>
|
||
<span class="hljs-attr"> params:</span>
|
||
<span class="hljs-attr"> initImage:</span> docker.io/istio/proxy_init:<span class="hljs-number">0.2</span><span class="hljs-number">.6</span>
|
||
<span class="hljs-attr"> proxyImage:</span> docker.io/istio/proxy:<span class="hljs-number">0.2</span><span class="hljs-number">.6</span>
|
||
<span class="hljs-attr"> verbosity:</span> <span class="hljs-number">2</span>
|
||
<span class="hljs-attr"> version:</span> <span class="hljs-number">0.2</span><span class="hljs-number">.6</span>
|
||
<span class="hljs-attr"> meshConfigMapName:</span> istio
|
||
<span class="hljs-attr"> imagePullPolicy:</span> IfNotPresent
|
||
</code></pre>
|
||
<p>下面是配置中的关键参数:</p>
|
||
<ol>
|
||
<li><p><strong>policy</strong></p>
|
||
<p><code>off</code> - 禁用 initializer 修改资源。pending 的 <code>sidecar.initializer.istio.io</code> initializer 将被删除以避免创建阻塞资源。</p>
|
||
<p><code>disable</code> - initializer 不会注入 sidecar 到 watch 的所有 namespace 的资源中。启用 sidecar 注入请将 <code>sidecar.istio.io/inject</code> 注解的值设置为 <code>true</code>。</p>
|
||
<p><code>enable</code> - initializer 将会注入 sidecar 到 watch 的所有 namespace 的资源中。禁用 sidecar 注入请将 <code>sidecar.istio.io/inject</code> 注解的值设置为 <code>false</code>。</p>
|
||
</li>
|
||
<li><p><strong>namespaces</strong></p>
|
||
<p>要 watch 和初始化的 namespace 列表。特殊的 <code>""</code> namespace 对应于 <code>v1.NamespaceAll</code> 并配置初始化程序以初始化所有 namespace。<code>kube-system</code>、<code>kube-publice</code> 和 <code>istio-system</code> 被免除初始化。</p>
|
||
</li>
|
||
</ol>
|
||
<ol>
|
||
<li><p><strong>excludeNamespaces</strong></p>
|
||
<p>从 Istio initializer 中排除的 namespace 列表。不可以定义为 <code>v1.NamespaceAll</code> 或者与 <code>namespaces</code> 一起定义。</p>
|
||
</li>
|
||
</ol>
|
||
<ol>
|
||
<li><p><strong>initializerName</strong></p>
|
||
<p>这必须与 InitializerConfiguration 中 initializer 设定项的名称相匹配。Initializer 只处理匹配其配置名称的工作负载。</p>
|
||
</li>
|
||
</ol>
|
||
<ol>
|
||
<li><p><strong>params</strong></p>
|
||
<p>这些参数允许您对注入的 sidecar 进行有限的更改。更改这些值不会影响已部署的工作负载。</p>
|
||
</li>
|
||
</ol>
|
||
<h3 id="重写自动注入">重写自动注入</h3>
|
||
<p>单个工作负载可以通过使用 <code>sidecar.istio.io/inject</code> 注解重写全局策略。如果注解被省略,则使用全局策略。</p>
|
||
<p>如果注解的值是 <code>true</code>,则不管全局策略如何,sidecar 都将被注入。</p>
|
||
<p>如果注解的值是 <code>false</code>,则不管全局策略如何,sidecar 都不会被注入。</p>
|
||
<p>下表显示全局策略和每个工作负载覆盖的组合。</p>
|
||
<table>
|
||
<thead>
|
||
<tr>
|
||
<th>policy</th>
|
||
<th>workload annotation</th>
|
||
<th>injected</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td>off</td>
|
||
<td>N/A</td>
|
||
<td>no</td>
|
||
</tr>
|
||
<tr>
|
||
<td>disabled</td>
|
||
<td>omitted</td>
|
||
<td>no</td>
|
||
</tr>
|
||
<tr>
|
||
<td>disabled</td>
|
||
<td>false</td>
|
||
<td>no</td>
|
||
</tr>
|
||
<tr>
|
||
<td>disabled</td>
|
||
<td>true</td>
|
||
<td>yes</td>
|
||
</tr>
|
||
<tr>
|
||
<td>enabled</td>
|
||
<td>omitted</td>
|
||
<td>yes</td>
|
||
</tr>
|
||
<tr>
|
||
<td>enabled</td>
|
||
<td>false</td>
|
||
<td>no</td>
|
||
</tr>
|
||
<tr>
|
||
<td>enabled</td>
|
||
<td>true</td>
|
||
<td>yes</td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<p>例如,即使全局策略是 <code>disable</code>,下面的 deployment 也会被注入sidecar。</p>
|
||
<pre><code class="lang-yaml"><span class="hljs-attr">apiVersion:</span> extensions/v1beta1
|
||
<span class="hljs-attr">kind:</span> Deployment
|
||
<span class="hljs-attr">metadata:</span>
|
||
<span class="hljs-attr"> name:</span> myapp
|
||
<span class="hljs-attr"> annotations:</span>
|
||
sidecar.istio.io/inject: <span class="hljs-string">"true"</span>
|
||
<span class="hljs-attr">spec:</span>
|
||
<span class="hljs-attr"> replicas:</span> <span class="hljs-number">1</span>
|
||
<span class="hljs-attr"> template:</span>
|
||
...
|
||
</code></pre>
|
||
<p>这是在包含 Istio 和非 Istio 服务的混合群集中使用自动注入的好方法。</p>
|
||
<h3 id="卸载-initializer">卸载 Initializer</h3>
|
||
<p>运行下面的命令,删除 Istio initializer:</p>
|
||
<pre><code class="lang-bash">kubectl delete <span class="hljs-_">-f</span> install/kubernetes/istio-initializer.yaml
|
||
</code></pre>
|
||
<p>注意上述命令并不会删除已注入到 Pod 中的 sidecar。要想删除这些 sidecar,需要在不使用 initializer 的情况下重新部署这些 pod。</p>
|
||
<h1 id="拓展-istio-mesh">拓展 Istio Mesh</h1>
|
||
<p>将虚拟机或裸机集成到部署在 kubernetes 集群上的 Istio mesh 中的说明。</p>
|
||
<h2 id="前置条件">前置条件</h2>
|
||
<ul>
|
||
<li><p>按照 <a href="http://istio.doczh.cn/docs/setup/kubernetes/quick-start.html" target="_blank">安装指南</a> 在 kubernetes 集群上安装 Istio service mesh。</p>
|
||
</li>
|
||
<li><p>机器必须具有到 mesh 端点的 IP 地址连接。这通常需要一个 VPC 或者 VPN,以及一个向端点提供直接路由(没有 NAT 或者防火墙拒绝)的容器网络。及其不需要访问有 Kubernetes 分配的 cluster IP。</p>
|
||
</li>
|
||
<li><p>虚拟机必须可以访问到 Istio 控制平面服务(如Pilot、Mixer、CA)和 Kubernetes DNS 服务器。通常使用 <a href="https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer" target="_blank">内部负载均衡器</a> 来实现。</p>
|
||
<p>您也可以使用 NodePort,在虚拟机上运行 Istio 的组件,或者使用自定义网络配置,有几个单独的文档会涵盖这些高级配置。</p>
|
||
</li>
|
||
</ul>
|
||
<h2 id="安装步骤">安装步骤</h2>
|
||
<p>安装过程包括准备用于拓展的 mesh 和安装和配置虚拟机。</p>
|
||
<p><a href="https://raw.githubusercontent.com/istio/istio/master/install/tools/setupMeshEx.sh" target="_blank">install/tools/setupMeshEx.sh</a> :这是一个帮助大家设置 kubernetes 环境的示例脚本。检查脚本内容和支持的环境变量(如 GCP_OPTS)。</p>
|
||
<p><a href="https://raw.githubusercontent.com/istio/istio/master/install/tools/setupIstioVM.sh" target="_blank">install/tools/setupIstioVM.sh</a>:这是一个用于配置主机环境的示例脚本。
|
||
您应该根据您的配置工具和DNS要求对其进行自定义。</p>
|
||
<p>准备要拓展的 Kubernetes 集群:</p>
|
||
<ul>
|
||
<li>为 Kube DNS、Pilot、Mixer 和 CA 安装内部负载均衡器(ILB)。每个云供应商的配置都有所不同,根据具体情况修改注解。</li>
|
||
</ul>
|
||
<blockquote>
|
||
<p>0.2.7 版本的 YAML 文件的 DNS ILB 的 namespace 配置不正确。
|
||
使用 <a href="https://raw.githubusercontent.com/istio/istio/master/install/kubernetes/mesh-expansion.yaml" target="_blank">这一个</a> 替代。
|
||
<code>setupMeshEx.sh</code> 中也有错误。使用上面链接中的最新文件或者从 <a href="https://github.com/istio/istio/" target="_blank">GitHub.com/istio/istio</a> 克隆。</p>
|
||
</blockquote>
|
||
<pre><code class="lang-bash">kubectl apply <span class="hljs-_">-f</span> install/kubernetes/mesh-expansion.yaml
|
||
</code></pre>
|
||
<ul>
|
||
<li>生成要部署到虚拟机上的 Istio <code>cluster.env</code> 配置。该文件中包含要拦截的 cluster IP 地址范围。</li>
|
||
</ul>
|
||
<pre><code class="lang-bash"><span class="hljs-built_in">export</span> GCP_OPTS=<span class="hljs-string">"--zone MY_ZONE --project MY_PROJECT"</span>
|
||
</code></pre>
|
||
<pre><code class="lang-bash">install/tools/setupMeshEx.sh generateClusterEnv MY_CLUSTER_NAME
|
||
</code></pre>
|
||
<p>该示例生成的文件:</p>
|
||
<pre><code class="lang-bash">cat cluster.env
|
||
</code></pre>
|
||
<pre><code class="lang-bash">ISTIO_SERVICE_CIDR=10.63.240.0/20
|
||
</code></pre>
|
||
<ul>
|
||
<li>产生虚拟机使用的 DNS 配置文件。这样可以让虚拟机上的应用程序解析到集群中的服务名称,这些名称将被 sidecar 拦截和转发。</li>
|
||
</ul>
|
||
<pre><code class="lang-bash"><span class="hljs-comment"># Make sure your kubectl context is set to your cluster</span>
|
||
install/tools/setupMeshEx.sh generateDnsmasq
|
||
</code></pre>
|
||
<p>该示例生成的文件:</p>
|
||
<pre><code class="lang-bash">cat kubedns
|
||
</code></pre>
|
||
<pre><code class="lang-bash">server=/svc.cluster.local/10.150.0.7
|
||
address=/istio-mixer/10.150.0.8
|
||
address=/istio-pilot/10.150.0.6
|
||
address=/istio-ca/10.150.0.9
|
||
address=/istio-mixer.istio-system/10.150.0.8
|
||
address=/istio-pilot.istio-system/10.150.0.6
|
||
address=/istio-ca.istio-system/10.150.0.9
|
||
</code></pre>
|
||
<h3 id="设置机器">设置机器</h3>
|
||
<p>例如,您可以使用下面的“一条龙”脚本复制和安装配置:</p>
|
||
<pre><code class="lang-bash"><span class="hljs-comment"># 检查该脚本看看它是否满足您的需求</span>
|
||
<span class="hljs-comment"># 在 Mac 上,使用 brew install base64 或者 set BASE64_DECODE="/usr/bin/base64 -D"</span>
|
||
<span class="hljs-built_in">export</span> GCP_OPTS=<span class="hljs-string">"--zone MY_ZONE --project MY_PROJECT"</span>
|
||
</code></pre>
|
||
<pre><code class="lang-bash">install/tools/setupMeshEx.sh machineSetup VM_NAME
|
||
</code></pre>
|
||
<p>或者等效得手动安装步骤如下:</p>
|
||
<p>------ 手动安装步骤开始 ------</p>
|
||
<ul>
|
||
<li>将配置文件和 Istio 的 Debian 文件复制到要加入到集群的每台机器上。重命名为 <code>/etc/dnsmasq.d/kubedns</code> 和<code>/var/lib/istio/envoy/cluster.env</code>。</li>
|
||
<li>配置和验证 DNS 配置。需要安装 <code>dnsmasq</code> 或者直接将其添加到 <code>/etc/resolv.conf</code> 中,或者通过 DHCP 脚本。验证配置是否有效,检查虚拟机是否可以解析和连接到 pilot,例如:</li>
|
||
</ul>
|
||
<p>在虚拟机或外部主机上:</p>
|
||
<pre><code class="lang-bash">host istio-pilot.istio-system
|
||
</code></pre>
|
||
<p>产生的消息示例:</p>
|
||
<pre><code class="lang-bash"><span class="hljs-comment"># Verify you get the same address as shown as "EXTERNAL-IP" in 'kubectl get svc -n istio-system istio-pilot-ilb'</span>
|
||
istio-pilot.istio-system has address 10.150.0.6
|
||
</code></pre>
|
||
<p>检查是否可以解析 cluster IP。实际地址取决您的 deployment:</p>
|
||
<pre><code class="lang-bash">host istio-pilot.istio-system.svc.cluster.local.
|
||
</code></pre>
|
||
<p>该示例产生的消息:</p>
|
||
<pre><code class="lang-bash">istio-pilot.istio-system.svc.cluster.local has address 10.63.247.248
|
||
</code></pre>
|
||
<p>同样检查 istio-ingress:</p>
|
||
<pre><code class="lang-bash">host istio-ingress.istio-system.svc.cluster.local.
|
||
</code></pre>
|
||
<p>该示例产生的消息:</p>
|
||
<pre><code>istio-ingress.istio-system.svc.cluster.local has address 10.63.243.30
|
||
</code></pre><ul>
|
||
<li>验证连接性,检查迅即是否可以连接到 Pilot 的端点:</li>
|
||
</ul>
|
||
<pre><code class="lang-bash">curl <span class="hljs-string">'http://istio-pilot.istio-system:8080/v1/registration/istio-pilot.istio-system.svc.cluster.local|http-discovery'</span>
|
||
</code></pre>
|
||
<pre><code class="lang-json">{
|
||
<span class="hljs-string">"hosts"</span>: [
|
||
{
|
||
<span class="hljs-string">"ip_address"</span>: <span class="hljs-string">"10.60.1.4"</span>,
|
||
<span class="hljs-string">"port"</span>: <span class="hljs-number">8080</span>
|
||
}
|
||
]
|
||
}
|
||
</code></pre>
|
||
<pre><code class="lang-bash"><span class="hljs-comment"># 在虚拟机上使用上面的地址。将直接连接到运行 istio-pilot 的 pod。</span>
|
||
curl <span class="hljs-string">'http://10.60.1.4:8080/v1/registration/istio-pilot.istio-system.svc.cluster.local|http-discovery'</span>
|
||
</code></pre>
|
||
<ul>
|
||
<li>提取出实话 Istio 认证的 secret 并将它复制到机器上。Istio 的默认安装中包括 CA,即使是禁用了自动 <code>mTLS</code> 设置(她为每个 service account 创建 secret,secret 命名为 <code>istio.<serviceaccount></code>)也会生成 Istio secret。建议您执行此步骤,以便日后启用 mTLS,并升级到默认启用 mTLS 的未来版本。</li>
|
||
</ul>
|
||
<pre><code class="lang-bash"><span class="hljs-comment"># ACCOUNT 默认是 'default',SERVICE_ACCOUNT 是环境变量</span>
|
||
<span class="hljs-comment"># NAMESPACE 默认为当前 namespace,SERVICE_NAMESPACE 是环境变量</span>
|
||
<span class="hljs-comment"># (这一步由 machineSetup 完成)</span>
|
||
<span class="hljs-comment"># 在 Mac 上执行 brew install base64 或者 set BASE64_DECODE="/usr/bin/base64 -D"</span>
|
||
install/tools/setupMeshEx.sh machineCerts ACCOUNT NAMESPACE
|
||
</code></pre>
|
||
<p>生成的文件(<code>key.pem</code>, <code>root-cert.pem</code>, <code>cert-chain.pem</code>)必须拷贝到每台主机的 /etc/certs 目录,并且让 istio-proxy 可读。 </p>
|
||
<ul>
|
||
<li><p>安装 Istio Debian 文件,启动 <code>istio</code> 和 <code>istio-auth-node-agent</code> 服务。
|
||
从 <a href="https://github.com/istio/istio/releases" target="_blank">github releases</a> 获取 Debian 安装包:</p>
|
||
<pre><code class="lang-bash"><span class="hljs-comment"># 注意:在软件源配置好后,下面的额命令可以使用 'apt-get' 命令替代。</span>
|
||
|
||
<span class="hljs-built_in">source</span> istio.VERSION <span class="hljs-comment"># defines version and URLs env var</span>
|
||
curl -L <span class="hljs-variable">${PILOT_DEBIAN_URL}</span>/istio-agent.deb > <span class="hljs-variable">${ISTIO_STAGING}</span>/istio-agent.deb
|
||
curl -L <span class="hljs-variable">${AUTH_DEBIAN_URL}</span>/istio-auth-node-agent.deb > <span class="hljs-variable">${ISTIO_STAGING}</span>/istio-auth-node-agent.deb
|
||
curl -L <span class="hljs-variable">${PROXY_DEBIAN_URL}</span>/istio-proxy.deb > <span class="hljs-variable">${ISTIO_STAGING}</span>/istio-proxy.deb
|
||
|
||
dpkg -i istio-proxy-envoy.deb
|
||
dpkg -i istio-agent.deb
|
||
dpkg -i istio-auth-node-agent.deb
|
||
|
||
systemctl start istio
|
||
systemctl start istio-auth-node-agent
|
||
</code></pre>
|
||
</li>
|
||
</ul>
|
||
<p>------ 手动安装步骤结束 ------</p>
|
||
<p>安装完成后,机器就能访问运行在 Kubernetes 集群上的服务或者其他的 mesh 拓展的机器。</p>
|
||
<pre><code class="lang-bash"><span class="hljs-comment"># 假设您在 'bookinfo' namespace 下安装的 bookinfo</span>
|
||
curl productpage.bookinfo.svc.cluster.local:9080
|
||
</code></pre>
|
||
<pre><code class="lang-bash"> ... html content ...
|
||
</code></pre>
|
||
<p>检查进程是否正在运行:</p>
|
||
<pre><code class="lang-bash">ps aux |grep istio
|
||
</code></pre>
|
||
<pre><code class="lang-bash">root 6941 0.0 0.2 75392 16820 ? Ssl 21:32 0:00 /usr/<span class="hljs-built_in">local</span>/istio/bin/node_agent --logtostderr
|
||
root 6955 0.0 0.0 49344 3048 ? Ss 21:32 0:00 su <span class="hljs-_">-s</span> /bin/bash -c INSTANCE_IP=10.150.0.5 POD_NAME=demo-vm-1 POD_NAMESPACE=default <span class="hljs-built_in">exec</span> /usr/<span class="hljs-built_in">local</span>/bin/pilot-agent proxy > /var/<span class="hljs-built_in">log</span>/istio/istio.log istio-proxy
|
||
istio-p+ 7016 0.0 0.1 215172 12096 ? Ssl 21:32 0:00 /usr/<span class="hljs-built_in">local</span>/bin/pilot-agent proxy
|
||
istio-p+ 7094 4.0 0.3 69540 24800 ? Sl 21:32 0:37 /usr/<span class="hljs-built_in">local</span>/bin/envoy -c /etc/istio/proxy/envoy-rev1.json --restart-epoch 1 --drain-time<span class="hljs-_">-s</span> 2 --parent-shutdown-time<span class="hljs-_">-s</span> 3 --service-cluster istio-proxy --service-node sidecar~10.150.0.5~demo-vm-1.default~default.svc.cluster.local
|
||
</code></pre>
|
||
<p>检查 Istio auth-node-agent 是否健康:</p>
|
||
<pre><code class="lang-bash">sudo systemctl status istio-auth-node-agent
|
||
</code></pre>
|
||
<pre><code class="lang-bash">● istio-auth-node-agent.service - istio-auth-node-agent: The Istio auth node agent
|
||
Loaded: loaded (/lib/systemd/system/istio-auth-node-agent.service; disabled; vendor preset: enabled)
|
||
Active: active (running) since Fri 2017-10-13 21:32:29 UTC; 9s ago
|
||
Docs: http://istio.io/
|
||
Main PID: 6941 (node_agent)
|
||
Tasks: 5
|
||
Memory: 5.9M
|
||
CPU: 92ms
|
||
CGroup: /system.slice/istio-auth-node-agent.service
|
||
└─6941 /usr/<span class="hljs-built_in">local</span>/istio/bin/node_agent --logtostderr
|
||
|
||
Oct 13 21:32:29 demo-vm-1 systemd[1]: Started istio-auth-node-agent: The Istio auth node agent.
|
||
Oct 13 21:32:29 demo-vm-1 node_agent[6941]: I1013 21:32:29.469314 6941 main.go:66] Starting Node Agent
|
||
Oct 13 21:32:29 demo-vm-1 node_agent[6941]: I1013 21:32:29.469365 6941 nodeagent.go:96] Node Agent starts successfully.
|
||
Oct 13 21:32:29 demo-vm-1 node_agent[6941]: I1013 21:32:29.483324 6941 nodeagent.go:112] Sending CSR (retrial <span class="hljs-comment">#0) ...</span>
|
||
Oct 13 21:32:29 demo-vm-1 node_agent[6941]: I1013 21:32:29.862575 6941 nodeagent.go:128] CSR is approved successfully. Will renew cert <span class="hljs-keyword">in</span> 29m59.137732603s
|
||
</code></pre>
|
||
<h2 id="在拓展的-mesh-中的机器上运行服务">在拓展的 mesh 中的机器上运行服务</h2>
|
||
<ul>
|
||
<li><p>配置 sidecar 拦截端口。在 <code>/var/lib/istio/envoy/sidecar.env</code> 中通过 <code>ISTIO_INBOUND_PORTS</code> 环境变量配置。</p>
|
||
<p>例如(运行服务的虚拟机):</p>
|
||
<pre><code class="lang-bash"> <span class="hljs-built_in">echo</span> <span class="hljs-string">"ISTIO_INBOUND_PORTS=27017,3306,8080"</span> > /var/lib/istio/envoy/sidecar.env
|
||
systemctl restart istio
|
||
</code></pre>
|
||
</li>
|
||
<li><p>手动配置 selector-less 的 service 和 endpoint。“selector-less” service 用于那些不依托 Kubernetes pod 的 service。</p>
|
||
<p>例如,在有权限的机器上修改 Kubernetes 中的 service:</p>
|
||
<pre><code class="lang-bash"> <span class="hljs-comment"># istioctl register servicename machine-ip portname:port</span>
|
||
istioctl -n onprem register mysql 1.2.3.4 3306
|
||
istioctl -n onprem register svc1 1.2.3.4 http:7000
|
||
</code></pre>
|
||
</li>
|
||
</ul>
|
||
<p>安装完成后,Kubernetes pod 和其它 mesh 扩展将能够访问集群上运行的服务。</p>
|
||
<h2 id="整合到一起">整合到一起</h2>
|
||
<p>请参阅 <a href="http://istio.doczh.cn/docs/guides/integrating-vms.html" target="_blank">拓展 BookInfo Mesh</a> 指南。</p>
|
||
<hr>
|
||
<h2 id="部署-bookinfo-示例应用">部署 bookinfo 示例应用</h2>
|
||
<p>该示例部署由四个单独的微服务组成的简单应用程序,用于演示Istio服务网格的各种功能。</p>
|
||
<h2 id="概况">概况</h2>
|
||
<p>在本示例中,我们将部署一个简单的应用程序,显示书籍的信息,类似于网上书店的书籍条目。在页面上有书籍的描述、详细信息(ISBN、页数等)和书评。</p>
|
||
<p>BookInfo 应用程序包括四个独立的微服务:</p>
|
||
<ul>
|
||
<li>productpage:productpage(产品页面)微服务,调用 <em>details</em> 和 <em>reviews</em> 微服务来填充页面。</li>
|
||
<li>details:details 微服务包含书籍的详细信息。</li>
|
||
<li>reviews:reviews 微服务包含书籍的点评。它也调用 <em>ratings</em> 微服务。</li>
|
||
<li>ratings:ratings 微服务包含随书评一起出现的评分信息。</li>
|
||
</ul>
|
||
<p>有3个版本的 reviews 微服务:</p>
|
||
<ul>
|
||
<li>版本v1不调用 ratings 服务。</li>
|
||
<li>版本v2调用 ratings ,并将每个评级显示为1到5个黑色星。</li>
|
||
<li>版本v3调用 ratings ,并将每个评级显示为1到5个红色星。</li>
|
||
</ul>
|
||
<p>应用程序的端到端架构如下所示。</p>
|
||
<figure id="fig1.6.2.1.3.1"><img src="../images/noistio.png" alt="BookInfo"><figcaption>图片 - BookInfo</figcaption></figure>
|
||
<p>该应用程序是多语言构建的,即这些微服务是用不同的语言编写的。值得注意的是,这些服务与 Istio 没有任何依赖关系,单这是个有趣的 Service Mesh 示例,特别是因为评论服务和众多的语言和版本。</p>
|
||
<h2 id="开始之前">开始之前</h2>
|
||
<p>如果您还没有这样做,请按照与您的平台 <a href="http://istio.doczh.cn/docs/setup/index.html" target="_blank">安装指南</a> 对应的说明安装Istio。</p>
|
||
<h2 id="部署应用程序">部署应用程序</h2>
|
||
<p>使用 Istio 运行应用程序示例不需要修改应用程序本身。相反,我们只需要在支持 Istio 的环境中配置和运行服务, Envoy sidecar 将会注入到每个服务中。所需的命令和配置根据运行时环境的不同而有所不同,但在所有情况下,生成的部署将如下所示:</p>
|
||
<figure id="fig1.6.2.1.3.2"><img src="../images/noistio.png" alt="BookInfo"><figcaption>图片 - BookInfo</figcaption></figure>
|
||
<p>所有的微服务都将与一个 Envoy sidecar 一起打包,拦截这些服务的入站和出站的调用请求,提供通过 Istio 控制平面从外部控制整个应用的路由,遥测收集和策略执行所需的 hook。</p>
|
||
<p>要启动该应用程序,请按照以下对应于您的 Istio 运行时环境的说明进行操作。</p>
|
||
<h3 id="在-kubernetes-中运行">在 Kubernetes 中运行</h3>
|
||
<blockquote>
|
||
<p>注意:如果您使用 GKE,清确保您的集群至少有 4 个标准的 GKE 节点。如果您使用 Minikube,请确保您至少有 4GB 内存。</p>
|
||
</blockquote>
|
||
<ol>
|
||
<li><p>将目录更改为 Istio 安装目录的根目录。</p>
|
||
</li>
|
||
<li><p>构建应用程序容器:</p>
|
||
<p>如果您使用 <strong>自动注入 sidecar</strong> 的方式部署的集群,那么只需要使用 <code>kubectl</code> 命令部署服务:</p>
|
||
<pre><code class="lang-bash">kubectl apply <span class="hljs-_">-f</span> samples/bookinfo/kube/bookinfo.yaml
|
||
</code></pre>
|
||
<p>如果您使用 <strong>手动注入 sidecar</strong> 的方式部署的集群,清使用下面的命令:</p>
|
||
<pre><code class="lang-bash">kubectl apply <span class="hljs-_">-f</span> <(istioctl kube-inject <span class="hljs-_">-f</span> samples/apps/bookinfo/bookinfo.yaml)
|
||
</code></pre>
|
||
<p>请注意,该 <code>istioctl kube-inject</code> 命令用于在创建部署之前修改 <code>bookinfo.yaml</code> 文件。这将把 Envoy 注入到 Kubernetes 资源。</p>
|
||
<p>上述命令启动四个微服务并创建网关入口资源,如下图所示。3 个版本的评论的服务 v1、v2、v3 都已启动。</p>
|
||
<blockquote>
|
||
<p>请注意在实际部署中,随着时间的推移部署新版本的微服务,而不是同时部署所有版本。</p>
|
||
</blockquote>
|
||
</li>
|
||
<li><p>确认所有服务和 pod 已正确定义并运行:</p>
|
||
<pre><code class="lang-bash">kubectl get services
|
||
</code></pre>
|
||
<p>这将产生以下输出:</p>
|
||
<pre><code class="lang-bash">NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||
details 10.0.0.31 <none> 9080/TCP 6m
|
||
istio-ingress 10.0.0.122 <pending> 80:31565/TCP 8m
|
||
istio-pilot 10.0.0.189 <none> 8080/TCP 8m
|
||
istio-mixer 10.0.0.132 <none> 9091/TCP,42422/TCP 8m
|
||
kubernetes 10.0.0.1 <none> 443/TCP 14d
|
||
productpage 10.0.0.120 <none> 9080/TCP 6m
|
||
ratings 10.0.0.15 <none> 9080/TCP 6m
|
||
reviews 10.0.0.170 <none> 9080/TCP 6m
|
||
</code></pre>
|
||
<p>而且</p>
|
||
<pre><code class="lang-bash">kubectl get pods
|
||
</code></pre>
|
||
<p>将产生:</p>
|
||
<pre><code class="lang-bash">NAME READY STATUS RESTARTS AGE
|
||
details-v1-1520924117-48z17 2/2 Running 0 6m
|
||
istio-ingress-3181829929-xrrk5 1/1 Running 0 8m
|
||
istio-pilot-175173354<span class="hljs-_">-d</span>6jm7 2/2 Running 0 8m
|
||
istio-mixer-3883863574-jt09j 2/2 Running 0 8m
|
||
productpage-v1-560495357-jk1lz 2/2 Running 0 6m
|
||
ratings-v1-734492171-rnr5l 2/2 Running 0 6m
|
||
reviews-v1-874083890<span class="hljs-_">-f</span>0qf0 2/2 Running 0 6m
|
||
reviews-v2-1343845940-b34q5 2/2 Running 0 6m
|
||
reviews-v3-1813607990-8ch52 2/2 Running 0 6m
|
||
</code></pre>
|
||
</li>
|
||
</ol>
|
||
<h1 id="确定-ingress-ip-和端口">确定 ingress IP 和端口</h1>
|
||
<ol>
|
||
<li><p>如果您的 kubernetes 集群环境支持外部负载均衡器的话,可以使用下面的命令获取 ingress 的IP地址:</p>
|
||
<pre><code class="lang-bash">kubectl get ingress -o wide
|
||
</code></pre>
|
||
<p>输出如下所示:</p>
|
||
<pre><code class="lang-bash">NAME HOSTS ADDRESS PORTS AGE
|
||
gateway * 130.211.10.121 80 1d
|
||
</code></pre>
|
||
<p>Ingress 服务的地址是:</p>
|
||
<pre><code class="lang-bash"><span class="hljs-built_in">export</span> GATEWAY_URL=130.211.10.121:80
|
||
</code></pre>
|
||
</li>
|
||
<li><p>GKE:如果服务无法获取外部 IP,<code>kubectl get ingress -o wide</code> 会显示工作节点的列表。在这种情况下,您可以使用任何地址以及 NodePort 访问入口。但是,如果集群具有防火墙,则还需要创建防火墙规则以允许TCP流量到NodePort,您可以使用以下命令创建防火墙规则:</p>
|
||
<pre><code class="lang-bash"><span class="hljs-built_in">export</span> GATEWAY_URL=<workerNodeAddress>:$(kubectl get svc istio-ingress -n istio-system -o jsonpath=<span class="hljs-string">'{.spec.ports[0].nodePort}'</span>)
|
||
gcloud compute firewall-rules create allow-book --allow tcp:$(kubectl get svc istio-ingress -n istio-system -o jsonpath=<span class="hljs-string">'{.spec.ports[0].nodePort}'</span>)
|
||
</code></pre>
|
||
</li>
|
||
<li><p>IBM Bluemix Free Tier:在免费版的 Bluemix 的 kubernetes 集群中不支持外部负载均衡器。您可以使用工作节点的公共 IP,并通过 NodePort 来访问 ingress。工作节点的公共 IP可以通过如下命令获取:</p>
|
||
<pre><code class="lang-bash">bx cs workers <cluster-name or id>
|
||
<span class="hljs-built_in">export</span> GATEWAY_URL=<public IP of the worker node>:$(kubectl get svc istio-ingress -n istio-system -o jsonpath=<span class="hljs-string">'{.spec.ports[0].nodePort}'</span>)
|
||
</code></pre>
|
||
</li>
|
||
<li><p>Minikube:Minikube 不支持外部负载均衡器。您可以使用 ingress 服务的主机 IP 和 NodePort 来访问 ingress:</p>
|
||
<pre><code class="lang-bash"><span class="hljs-built_in">export</span> GATEWAY_URL=$(kubectl get po <span class="hljs-_">-l</span> istio=ingress -o <span class="hljs-string">'jsonpath={.items[0].status.hostIP}'</span>):$(kubectl get svc istio-ingress -o <span class="hljs-string">'jsonpath={.spec.ports[0].nodePort}'</span>)
|
||
</code></pre>
|
||
</li>
|
||
</ol>
|
||
<h3 id="在-consul-或-eureka-环境下使用-docker-运行">在 Consul 或 Eureka 环境下使用 Docker 运行</h3>
|
||
<ol>
|
||
<li><p>切换到 Istio 的安装根目录下。</p>
|
||
</li>
|
||
<li><p>启动应用程序容器。</p>
|
||
<ol>
|
||
<li><p>执行下面的命令测试 Consul:</p>
|
||
<pre><code class="lang-bash"> docker-compose <span class="hljs-_">-f</span> samples/bookinfo/consul/bookinfo.yaml up <span class="hljs-_">-d</span>
|
||
</code></pre>
|
||
</li>
|
||
<li><p>执行下面的命令测试 Eureka:</p>
|
||
<pre><code class="lang-bash"> docker-compose <span class="hljs-_">-f</span> samples/bookinfo/eureka/bookinfo.yaml up <span class="hljs-_">-d</span>
|
||
</code></pre>
|
||
</li>
|
||
</ol>
|
||
</li>
|
||
<li><p>确认所有容器都在运行:</p>
|
||
<pre><code class="lang-bash">docker ps <span class="hljs-_">-a</span>
|
||
</code></pre>
|
||
<blockquote>
|
||
<p>如果 Istio Pilot 容器终止了,重新执行上面的命令重新运行。</p>
|
||
</blockquote>
|
||
</li>
|
||
<li><p>设置 <code>GATEWAY_URL</code>:</p>
|
||
<pre><code class="lang-bash"><span class="hljs-built_in">export</span> GATEWAY_URL=localhost:9081
|
||
</code></pre>
|
||
</li>
|
||
</ol>
|
||
<h2 id="下一步">下一步</h2>
|
||
<p>使用以下 <code>curl</code> 命令确认 BookInfo 应用程序正在运行:</p>
|
||
<pre><code class="lang-bash">curl -o /dev/null <span class="hljs-_">-s</span> -w <span class="hljs-string">"%{http_code}\n"</span> http://<span class="hljs-variable">${GATEWAY_URL}</span>/productpage
|
||
</code></pre>
|
||
<pre><code class="lang-bash">200
|
||
</code></pre>
|
||
<p>你也可以通过在浏览器中打开 <code>http://$GATEWAY_URL/productpage</code> 页面访问 Bookinfo 网页。如果您多次刷新浏览器将在 productpage 中看到评论的不同的版本,它们会按照 round robin(红星、黑星、没有星星)的方式展现,因为我们还没有使用 Istio 来控制版本的路由。</p>
|
||
<p>现在,您可以使用此示例来尝试 Istio 的流量路由、故障注入、速率限制等功能。要继续的话,请参阅 <a href="http://istio.doczh.cn/docs/guides/index.html" target="_blank">Istio 指南</a>,具体取决于您的兴趣。<a href="http://istio.doczh.cn/docs/guides/intelligent-routing.html" target="_blank">智能路由</a> 是初学者入门的好方式。</p>
|
||
<h2 id="清理">清理</h2>
|
||
<p>在完成 BookInfo 示例后,您可以卸载它,如下所示:</p>
|
||
<h3 id="卸载-kubernetes-环境">卸载 Kubernetes 环境</h3>
|
||
<ol>
|
||
<li><p>删除路由规则,终止应用程序 pod</p>
|
||
<pre><code class="lang-bash">samples/bookinfo/kube/cleanup.sh
|
||
</code></pre>
|
||
</li>
|
||
<li><p>确认关闭</p>
|
||
<pre><code class="lang-bash">istioctl get routerules <span class="hljs-comment">#-- there should be no more routing rules</span>
|
||
kubectl get pods <span class="hljs-comment">#-- the BookInfo pods should be deleted</span>
|
||
</code></pre>
|
||
</li>
|
||
</ol>
|
||
<h3 id="卸载-docker-环境">卸载 docker 环境</h3>
|
||
<ol>
|
||
<li><p>删除路由规则和应用程序容器</p>
|
||
<ol>
|
||
<li><p>若使用 Consul 环境安装,执行下面的命令:</p>
|
||
<pre><code class="lang-bash">samples/bookinfo/consul/cleanup.sh
|
||
</code></pre>
|
||
</li>
|
||
<li><p>若使用 Eureka 环境安装,执行下面的命令:</p>
|
||
<pre><code class="lang-bash">samples/bookinfo/eureka/cleanup.sh
|
||
</code></pre>
|
||
</li>
|
||
</ol>
|
||
</li>
|
||
<li><p>确认清理完成:</p>
|
||
<pre><code class="lang-bash">istioctl get routerules <span class="hljs-comment">#-- there should be no more routing rules</span>
|
||
docker ps <span class="hljs-_">-a</span> <span class="hljs-comment">#-- the BookInfo containers should be delete</span>
|
||
</code></pre>
|
||
</li>
|
||
</ol>
|
||
<footer class="page-footer"><span class="copyright">Copyright © jimmysong.io 2017 all right reserved,powered by Gitbook</span><span class="footer-modification">Updated:
|
||
2017-11-07 23:50:53
|
||
</span></footer>
|
||
|
||
</section>
|
||
|
||
</div>
|
||
<div class="search-results">
|
||
<div class="has-results">
|
||
|
||
<h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
|
||
<ul class="search-results-list"></ul>
|
||
|
||
</div>
|
||
<div class="no-results">
|
||
|
||
<h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
|
||
|
||
</div>
|
||
</div>
|
||
</div>
|
||
|
||
</div>
|
||
</div>
|
||
|
||
</div>
|
||
|
||
|
||
|
||
<a href="configuring-request-routing.html" class="navigation navigation-prev " aria-label="Previous page: 5.1.1.2 配置请求的路由规则">
|
||
<i class="fa fa-angle-left"></i>
|
||
</a>
|
||
|
||
|
||
<a href="integrating-vms.html" class="navigation navigation-next " aria-label="Next page: 5.1.1.4 集成虚拟机">
|
||
<i class="fa fa-angle-right"></i>
|
||
</a>
|
||
|
||
|
||
|
||
</div>
|
||
|
||
<script>
|
||
var gitbook = gitbook || [];
|
||
gitbook.push(function() {
|
||
gitbook.page.hasChanged({"page":{"title":"5.1.1.3 安装和拓展Istio service mesh","level":"1.6.2.1.3","depth":4,"next":{"title":"5.1.1.4 集成虚拟机","level":"1.6.2.1.4","depth":4,"path":"usecases/integrating-vms.md","ref":"usecases/integrating-vms.md","articles":[]},"previous":{"title":"5.1.1.2 配置请求的路由规则","level":"1.6.2.1.2","depth":4,"path":"usecases/configuring-request-routing.md","ref":"usecases/configuring-request-routing.md","articles":[]},"dir":"ltr"},"config":{"plugins":["github","codesnippet","splitter","page-toc-button","image-captions","editlink","back-to-top-button","-lunr","-search","search-plus","github-buttons@2.1.0","favicon@^0.0.2","tbfed-pagefooter@^0.0.1","3-ba"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"tbfed-pagefooter":{"copyright":"Copyright © jimmysong.io 2017","modify_label":"Updated:","modify_format":"YYYY-MM-DD HH:mm:ss"},"github":{"url":"https://github.com/rootsongjc/kubernetes-handbook"},"editlink":{"label":"编辑本页","multilingual":false,"base":"https://github.com/rootsongjc/kubernetes-handbook/blob/master/"},"splitter":{},"codesnippet":{},"fontsettings":{"theme":"white","family":"sans","size":2},"highlight":{},"favicon":{"shortcut":"favicon.ico","bookmark":"favicon.ico"},"page-toc-button":{},"back-to-top-button":{},"github-buttons":{"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"},"3-ba":{"configuration":"auto","token":"11f7d254cfa4e0ca44b175c66d379ecc"},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false},"search-plus":{},"image-captions":{"caption":"图片 - _CAPTION_","variable_name":"_pictures"}},"theme":"default","author":"Jimmy Song","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{"_pictures":[{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.1","level":"1.2","list_caption":"Figure: 云计算演进历程","alt":"云计算演进历程","nro":1,"url":"../images/cloud-computing-evolution-road.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"云计算演进历程","attributes":{},"skip":false,"key":"1.2.1"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.2","level":"1.2","list_caption":"Figure: Cloud native思维导图","alt":"Cloud native思维导图","nro":2,"url":"../images/cloud-native-architecutre-mindnode.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Cloud native思维导图","attributes":{},"skip":false,"key":"1.2.2"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.3","level":"1.2","list_caption":"Figure: 十二因素应用","alt":"十二因素应用","nro":3,"url":"../images/12-factor-app.png","index":3,"caption_template":"图片 - _CAPTION_","label":"十二因素应用","attributes":{},"skip":false,"key":"1.2.3"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.4","level":"1.2","list_caption":"Figure: 使用Jenkins进行持续集成与发布流程图","alt":"使用Jenkins进行持续集成与发布流程图","nro":4,"url":"../images/kubernetes-jenkins-ci-cd.png","index":4,"caption_template":"图片 - _CAPTION_","label":"使用Jenkins进行持续集成与发布流程图","attributes":{},"skip":false,"key":"1.2.4"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.5","level":"1.2","list_caption":"Figure: filebeat日志收集架构图","alt":"filebeat日志收集架构图","nro":5,"url":"../images/filebeat-log-collector-arch.png","index":5,"caption_template":"图片 - _CAPTION_","label":"filebeat日志收集架构图","attributes":{},"skip":false,"key":"1.2.5"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.6","level":"1.2","list_caption":"Figure: API文档","alt":"API文档","nro":6,"url":"../images/k8s-app-monitor-test-api-doc.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"API文档","attributes":{},"skip":false,"key":"1.2.6"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.7","level":"1.2","list_caption":"Figure: 迁移步骤示意图","alt":"迁移步骤示意图","nro":7,"url":"../images/migrating-hadoop-yarn-to-kubernetes.png","index":7,"caption_template":"图片 - _CAPTION_","label":"迁移步骤示意图","attributes":{},"skip":false,"key":"1.2.7"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.8","level":"1.2","list_caption":"Figure: service mesh架构图","alt":"service mesh架构图","nro":8,"url":"../images/serivce-mesh-control-plane.png","index":8,"caption_template":"图片 - _CAPTION_","label":"service mesh架构图","attributes":{},"skip":false,"key":"1.2.8"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.9","level":"1.2","list_caption":"Figure: kibana界面","alt":"kibana界面","nro":9,"url":"../images/filebeat-docker-test.jpg","index":9,"caption_template":"图片 - _CAPTION_","label":"kibana界面","attributes":{},"skip":false,"key":"1.2.9"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.10","level":"1.2","list_caption":"Figure: Grafana界面示意图1","alt":"Grafana界面示意图1","nro":10,"url":"../images/kubernetes-devops-example-grafana-1.png","index":10,"caption_template":"图片 - _CAPTION_","label":"Grafana界面示意图1","attributes":{},"skip":false,"key":"1.2.10"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.11","level":"1.2","list_caption":"Figure: Grafana界面示意图2","alt":"Grafana界面示意图2","nro":11,"url":"../images/kubernetes-devops-example-grafana-2.png","index":11,"caption_template":"图片 - _CAPTION_","label":"Grafana界面示意图2","attributes":{},"skip":false,"key":"1.2.11"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.12","level":"1.2","list_caption":"Figure: Grafana界面示意图3","alt":"Grafana界面示意图3","nro":12,"url":"../images/kubernetes-devops-example-grafana-3.png","index":12,"caption_template":"图片 - _CAPTION_","label":"Grafana界面示意图3","attributes":{},"skip":false,"key":"1.2.12"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.13","level":"1.2","list_caption":"Figure: dashboard","alt":"dashboard","nro":13,"url":"../images/spark-job-on-kubernetes-example-1.jpg","index":13,"caption_template":"图片 - _CAPTION_","label":"dashboard","attributes":{},"skip":false,"key":"1.2.13"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.14","level":"1.2","list_caption":"Figure: Grafana","alt":"Grafana","nro":14,"url":"../images/spark-job-on-kubernetes-example-2.jpg","index":14,"caption_template":"图片 - _CAPTION_","label":"Grafana","attributes":{},"skip":false,"key":"1.2.14"},{"backlink":"concepts/index.html#fig1.3.1","level":"1.3","list_caption":"Figure: Borg架构","alt":"Borg架构","nro":15,"url":"../images/borg.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Borg架构","attributes":{},"skip":false,"key":"1.3.1"},{"backlink":"concepts/index.html#fig1.3.2","level":"1.3","list_caption":"Figure: Kubernetes架构","alt":"Kubernetes架构","nro":16,"url":"../images/architecture.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Kubernetes架构","attributes":{},"skip":false,"key":"1.3.2"},{"backlink":"concepts/index.html#fig1.3.3","level":"1.3","list_caption":"Figure: kubernetes整体架构示意图","alt":"kubernetes整体架构示意图","nro":17,"url":"../images/kubernetes-whole-arch.png","index":3,"caption_template":"图片 - _CAPTION_","label":"kubernetes整体架构示意图","attributes":{},"skip":false,"key":"1.3.3"},{"backlink":"concepts/index.html#fig1.3.4","level":"1.3","list_caption":"Figure: Kubernetes master架构示意图","alt":"Kubernetes master架构示意图","nro":18,"url":"../images/kubernetes-master-arch.png","index":4,"caption_template":"图片 - _CAPTION_","label":"Kubernetes master架构示意图","attributes":{},"skip":false,"key":"1.3.4"},{"backlink":"concepts/index.html#fig1.3.5","level":"1.3","list_caption":"Figure: kubernetes node架构示意图","alt":"kubernetes node架构示意图","nro":19,"url":"../images/kubernetes-node-arch.png","index":5,"caption_template":"图片 - _CAPTION_","label":"kubernetes node架构示意图","attributes":{},"skip":false,"key":"1.3.5"},{"backlink":"concepts/index.html#fig1.3.6","level":"1.3","list_caption":"Figure: Kubernetes分层架构示意图","alt":"Kubernetes分层架构示意图","nro":20,"url":"../images/kubernetes-layers-arch.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"Kubernetes分层架构示意图","attributes":{},"skip":false,"key":"1.3.6"},{"backlink":"concepts/concepts.html#fig1.3.1.1","level":"1.3.1","list_caption":"Figure: 分层架构示意图","alt":"分层架构示意图","nro":21,"url":"../images/kubernetes-layers-arch.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"分层架构示意图","attributes":{},"skip":false,"key":"1.3.1.1"},{"backlink":"concepts/pod-overview.html#fig1.3.2.1.1","level":"1.3.2.1","list_caption":"Figure: pod diagram","alt":"pod diagram","nro":22,"url":"../images/pod-overview.png","index":1,"caption_template":"图片 - _CAPTION_","label":"pod diagram","attributes":{},"skip":false,"key":"1.3.2.1.1"},{"backlink":"concepts/pod.html#fig1.3.2.1.1.1","level":"1.3.2.1.1","list_caption":"Figure: Pod示意图","alt":"Pod示意图","nro":23,"url":"../images/pod-overview.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Pod示意图","attributes":{},"skip":false,"key":"1.3.2.1.1.1"},{"backlink":"concepts/pod.html#fig1.3.2.1.1.2","level":"1.3.2.1.1","list_caption":"Figure: Pod Cheatsheet","alt":"Pod Cheatsheet","nro":24,"url":"../images/kubernetes-pod-cheatsheet.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Pod Cheatsheet","attributes":{},"skip":false,"key":"1.3.2.1.1.2"},{"backlink":"concepts/service.html#fig1.3.2.4.1","level":"1.3.2.4","list_caption":"Figure: userspace代理模式下Service概览图","alt":"userspace代理模式下Service概览图","nro":25,"url":"../images/services-userspace-overview.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"userspace代理模式下Service概览图","attributes":{},"skip":false,"key":"1.3.2.4.1"},{"backlink":"concepts/service.html#fig1.3.2.4.2","level":"1.3.2.4","list_caption":"Figure: iptables代理模式下Service概览图","alt":"iptables代理模式下Service概览图","nro":26,"url":"../images/services-iptables-overview.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"iptables代理模式下Service概览图","attributes":{},"skip":false,"key":"1.3.2.4.2"},{"backlink":"concepts/deployment.html#fig1.3.2.6.1","level":"1.3.2.6","list_caption":"Figure: kubernetes deployment cheatsheet","alt":"kubernetes deployment cheatsheet","nro":27,"url":"../images/deployment-cheatsheet.png","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes deployment cheatsheet","attributes":{},"skip":false,"key":"1.3.2.6.1"},{"backlink":"concepts/horizontal-pod-autoscaling.html#fig1.3.2.16.1","level":"1.3.2.16","list_caption":"Figure: horizontal-pod-autoscaler","alt":"horizontal-pod-autoscaler","nro":28,"url":"../images/horizontal-pod-autoscaler.png","index":1,"caption_template":"图片 - _CAPTION_","label":"horizontal-pod-autoscaler","attributes":{},"skip":false,"key":"1.3.2.16.1"},{"backlink":"concepts/label.html#fig1.3.2.17.1","level":"1.3.2.17","list_caption":"Figure: label示意图","alt":"label示意图","nro":29,"url":"../images/labels.png","index":1,"caption_template":"图片 - _CAPTION_","label":"label示意图","attributes":{},"skip":false,"key":"1.3.2.17.1"},{"backlink":"guide/using-kubectl.html#fig1.4.2.2.1","level":"1.4.2.2","list_caption":"Figure: kubectl cheatsheet","alt":"kubectl cheatsheet","nro":30,"url":"../images/kubernetes-kubectl-cheatsheet.png","index":1,"caption_template":"图片 - _CAPTION_","label":"kubectl cheatsheet","attributes":{},"skip":false,"key":"1.4.2.2.1"},{"backlink":"guide/using-kubectl.html#fig1.4.2.2.2","level":"1.4.2.2","list_caption":"Figure: kube-shell页面","alt":"kube-shell页面","nro":31,"url":"../images/kube-shell.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"kube-shell页面","attributes":{},"skip":false,"key":"1.4.2.2.2"},{"backlink":"guide/ip-masq-agent.html#fig1.4.3.6.1","level":"1.4.3.6","list_caption":"Figure: IP伪装代理示意图","alt":"IP伪装代理示意图","nro":32,"url":"../images/ip-masq.png","index":1,"caption_template":"图片 - _CAPTION_","label":"IP伪装代理示意图","attributes":{},"skip":false,"key":"1.4.3.6.1"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig1.4.5.1.1","level":"1.4.5.1","list_caption":"Figure: API","alt":"API","nro":33,"url":"../images/k8s-app-monitor-test-api-doc.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"API","attributes":{},"skip":false,"key":"1.4.5.1.1"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig1.4.5.1.2","level":"1.4.5.1","list_caption":"Figure: wercker","alt":"wercker","nro":34,"url":"../images/k8s-app-monitor-agent-wercker.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"wercker","attributes":{},"skip":false,"key":"1.4.5.1.2"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig1.4.5.1.3","level":"1.4.5.1","list_caption":"Figure: 图表","alt":"图表","nro":35,"url":"../images/k8s-app-monitor-agent.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"图表","attributes":{},"skip":false,"key":"1.4.5.1.3"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig1.4.5.2.1","level":"1.4.5.2","list_caption":"Figure: spark on yarn with kubernetes","alt":"spark on yarn with kubernetes","nro":36,"url":"../images/spark-on-yarn-with-kubernetes.png","index":1,"caption_template":"图片 - _CAPTION_","label":"spark on yarn with kubernetes","attributes":{},"skip":false,"key":"1.4.5.2.1"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig1.4.5.2.2","level":"1.4.5.2","list_caption":"Figure: Terms","alt":"Terms","nro":37,"url":"../images/terms-in-kubernetes-app-deployment.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Terms","attributes":{},"skip":false,"key":"1.4.5.2.2"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig1.4.5.2.3","level":"1.4.5.2","list_caption":"Figure: 分解步骤解析","alt":"分解步骤解析","nro":38,"url":"../images/migrating-hadoop-yarn-to-kubernetes.png","index":3,"caption_template":"图片 - _CAPTION_","label":"分解步骤解析","attributes":{},"skip":false,"key":"1.4.5.2.3"},{"backlink":"practice/node-installation.html#fig1.5.1.6.1","level":"1.5.1.6","list_caption":"Figure: welcome-nginx","alt":"welcome-nginx","nro":39,"url":"http://olz1di9xf.bkt.clouddn.com/kubernetes-installation-test-nginx.png","index":1,"caption_template":"图片 - _CAPTION_","label":"welcome-nginx","attributes":{},"skip":false,"key":"1.5.1.6.1"},{"backlink":"practice/dashboard-addon-installation.html#fig1.5.1.8.1","level":"1.5.1.8","list_caption":"Figure: kubernetes-dashboard","alt":"kubernetes-dashboard","nro":40,"url":"http://olz1di9xf.bkt.clouddn.com/kubernetes-dashboard-raw.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes-dashboard","attributes":{},"skip":false,"key":"1.5.1.8.1"},{"backlink":"practice/dashboard-addon-installation.html#fig1.5.1.8.2","level":"1.5.1.8","list_caption":"Figure: V1.6.3版本的dashboard界面","alt":"V1.6.3版本的dashboard界面","nro":41,"url":"../images/dashboard-v163.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"V1.6.3版本的dashboard界面","attributes":{},"skip":false,"key":"1.5.1.8.2"},{"backlink":"practice/heapster-addon-installation.html#fig1.5.1.9.1","level":"1.5.1.9","list_caption":"Figure: dashboard-heapster","alt":"dashboard-heapster","nro":42,"url":"../images/kubernetes-dashboard-with-heapster.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"dashboard-heapster","attributes":{},"skip":false,"key":"1.5.1.9.1"},{"backlink":"practice/heapster-addon-installation.html#fig1.5.1.9.2","level":"1.5.1.9","list_caption":"Figure: grafana","alt":"grafana","nro":43,"url":"../images/kubernetes-heapster-grafana.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"grafana","attributes":{},"skip":false,"key":"1.5.1.9.2"},{"backlink":"practice/heapster-addon-installation.html#fig1.5.1.9.3","level":"1.5.1.9","list_caption":"Figure: kubernetes-influxdb-heapster","alt":"kubernetes-influxdb-heapster","nro":44,"url":"../images/kubernetes-influxdb-heapster.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"kubernetes-influxdb-heapster","attributes":{},"skip":false,"key":"1.5.1.9.3"},{"backlink":"practice/heapster-addon-installation.html#fig1.5.1.9.4","level":"1.5.1.9","list_caption":"Figure: 修改grafana模板","alt":"修改grafana模板","nro":45,"url":"../images/grafana-dashboard-setting.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"修改grafana模板","attributes":{},"skip":false,"key":"1.5.1.9.4"},{"backlink":"practice/efk-addon-installation.html#fig1.5.1.10.1","level":"1.5.1.10","list_caption":"Figure: es-setting","alt":"es-setting","nro":46,"url":"../images/es-setting.png","index":1,"caption_template":"图片 - _CAPTION_","label":"es-setting","attributes":{},"skip":false,"key":"1.5.1.10.1"},{"backlink":"practice/efk-addon-installation.html#fig1.5.1.10.2","level":"1.5.1.10","list_caption":"Figure: es-home","alt":"es-home","nro":47,"url":"../images/kubernetes-efk-kibana.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"es-home","attributes":{},"skip":false,"key":"1.5.1.10.2"},{"backlink":"practice/traefik-ingress-installation.html#fig1.5.2.1.1","level":"1.5.2.1","list_caption":"Figure: kubernetes-dashboard","alt":"kubernetes-dashboard","nro":48,"url":"../images/traefik-dashboard.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes-dashboard","attributes":{},"skip":false,"key":"1.5.2.1.1"},{"backlink":"practice/traefik-ingress-installation.html#fig1.5.2.1.2","level":"1.5.2.1","list_caption":"Figure: traefik-nginx","alt":"traefik-nginx","nro":49,"url":"../images/traefik-nginx.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"traefik-nginx","attributes":{},"skip":false,"key":"1.5.2.1.2"},{"backlink":"practice/traefik-ingress-installation.html#fig1.5.2.1.3","level":"1.5.2.1","list_caption":"Figure: traefik-guestbook","alt":"traefik-guestbook","nro":50,"url":"../images/traefik-guestbook.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"traefik-guestbook","attributes":{},"skip":false,"key":"1.5.2.1.3"},{"backlink":"practice/distributed-load-test.html#fig1.5.2.2.1","level":"1.5.2.2","list_caption":"Figure: 使用dashboard来扩容","alt":"使用dashboard来扩容","nro":51,"url":"../images/dashbaord-scale.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"使用dashboard来扩容","attributes":{},"skip":false,"key":"1.5.2.2.1"},{"backlink":"practice/distributed-load-test.html#fig1.5.2.2.2","level":"1.5.2.2","list_caption":"Figure: Traefik的UI","alt":"Traefik的UI","nro":52,"url":"../images/traefik-dashboard-locust.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Traefik的UI","attributes":{},"skip":false,"key":"1.5.2.2.2"},{"backlink":"practice/distributed-load-test.html#fig1.5.2.2.3","level":"1.5.2.2","list_caption":"Figure: Locust启动界面","alt":"Locust启动界面","nro":53,"url":"../images/locust-start-swarming.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Locust启动界面","attributes":{},"skip":false,"key":"1.5.2.2.3"},{"backlink":"practice/distributed-load-test.html#fig1.5.2.2.4","level":"1.5.2.2","list_caption":"Figure: Dashboard查看页面","alt":"Dashboard查看页面","nro":54,"url":"../images/sample-webapp-rc.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Dashboard查看页面","attributes":{},"skip":false,"key":"1.5.2.2.4"},{"backlink":"practice/distributed-load-test.html#fig1.5.2.2.5","level":"1.5.2.2","list_caption":"Figure: Locust测试结果页面","alt":"Locust测试结果页面","nro":55,"url":"../images/locust-dashboard.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Locust测试结果页面","attributes":{},"skip":false,"key":"1.5.2.2.5"},{"backlink":"practice/network-and-cluster-perfermance-test.html#fig1.5.2.3.1","level":"1.5.2.3","list_caption":"Figure: kubernetes-dashboard","alt":"kubernetes-dashboard","nro":56,"url":"http://olz1di9xf.bkt.clouddn.com/kubenetes-e2e-test.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes-dashboard","attributes":{},"skip":false,"key":"1.5.2.3.1"},{"backlink":"practice/network-and-cluster-perfermance-test.html#fig1.5.2.3.2","level":"1.5.2.3","list_caption":"Figure: locust-test","alt":"locust-test","nro":57,"url":"http://olz1di9xf.bkt.clouddn.com/kubernetes-locust-test.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"locust-test","attributes":{},"skip":false,"key":"1.5.2.3.2"},{"backlink":"practice/edge-node-configuration.html#fig1.5.2.4.1","level":"1.5.2.4","list_caption":"Figure: 边缘节点架构","alt":"边缘节点架构","nro":58,"url":"../images/kubernetes-edge-node-architecture.png","index":1,"caption_template":"图片 - _CAPTION_","label":"边缘节点架构","attributes":{},"skip":false,"key":"1.5.2.4.1"},{"backlink":"practice/app-log-collection.html#fig1.5.3.2.1","level":"1.5.3.2","list_caption":"Figure: filebeat日志收集架构图","alt":"filebeat日志收集架构图","nro":59,"url":"../images/filebeat-log-collector.png","index":1,"caption_template":"图片 - _CAPTION_","label":"filebeat日志收集架构图","attributes":{},"skip":false,"key":"1.5.3.2.1"},{"backlink":"practice/app-log-collection.html#fig1.5.3.2.2","level":"1.5.3.2","list_caption":"Figure: Kibana页面","alt":"Kibana页面","nro":60,"url":"../images/filebeat-docker-test.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Kibana页面","attributes":{},"skip":false,"key":"1.5.3.2.2"},{"backlink":"practice/app-log-collection.html#fig1.5.3.2.3","level":"1.5.3.2","list_caption":"Figure: filebeat收集的日志详细信息","alt":"filebeat收集的日志详细信息","nro":61,"url":"../images/kubernetes-filebeat-detail.png","index":3,"caption_template":"图片 - _CAPTION_","label":"filebeat收集的日志详细信息","attributes":{},"skip":false,"key":"1.5.3.2.3"},{"backlink":"practice/monitor.html#fig1.5.3.4.1","level":"1.5.3.4","list_caption":"Figure: Kubernetes集群中的监控","alt":"Kubernetes集群中的监控","nro":62,"url":"../images/monitoring-in-kubernetes.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes集群中的监控","attributes":{},"skip":false,"key":"1.5.3.4.1"},{"backlink":"practice/monitor.html#fig1.5.3.4.2","level":"1.5.3.4","list_caption":"Figure: kubernetes的容器命名规则示意图","alt":"kubernetes的容器命名规则示意图","nro":63,"url":"../images/kubernetes-container-naming-rule.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"kubernetes的容器命名规则示意图","attributes":{},"skip":false,"key":"1.5.3.4.2"},{"backlink":"practice/monitor.html#fig1.5.3.4.3","level":"1.5.3.4","list_caption":"Figure: Heapster架构图(改进版)","alt":"Heapster架构图(改进版)","nro":64,"url":"../images/kubernetes-heapster-monitoring.png","index":3,"caption_template":"图片 - _CAPTION_","label":"Heapster架构图(改进版)","attributes":{},"skip":false,"key":"1.5.3.4.3"},{"backlink":"practice/monitor.html#fig1.5.3.4.4","level":"1.5.3.4","list_caption":"Figure: 应用监控架构图","alt":"应用监控架构图","nro":65,"url":"../images/kubernetes-app-monitoring.png","index":4,"caption_template":"图片 - _CAPTION_","label":"应用监控架构图","attributes":{},"skip":false,"key":"1.5.3.4.4"},{"backlink":"practice/monitor.html#fig1.5.3.4.5","level":"1.5.3.4","list_caption":"Figure: 应用拓扑图","alt":"应用拓扑图","nro":66,"url":"../images/weave-scope-service-topology.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"应用拓扑图","attributes":{},"skip":false,"key":"1.5.3.4.5"},{"backlink":"practice/data-persistence-problem.html#fig1.5.3.5.1","level":"1.5.3.5","list_caption":"Figure: 日志持久化收集解决方案示意图","alt":"日志持久化收集解决方案示意图","nro":67,"url":"../images/log-persistence-logstash.png","index":1,"caption_template":"图片 - _CAPTION_","label":"日志持久化收集解决方案示意图","attributes":{},"skip":false,"key":"1.5.3.5.1"},{"backlink":"practice/using-prometheus-to-monitor-kuberentes-cluster.html#fig1.5.3.7.1","level":"1.5.3.7","list_caption":"Figure: Grafana页面","alt":"Grafana页面","nro":68,"url":"../images/kubernetes-prometheus-monitoring.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Grafana页面","attributes":{},"skip":false,"key":"1.5.3.7.1"},{"backlink":"practice/using-heapster-to-get-object-metrics.html#fig1.5.3.8.1","level":"1.5.3.8","list_caption":"Figure: Heapster架构图","alt":"Heapster架构图","nro":69,"url":"../images/heapster-architecture.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Heapster架构图","attributes":{},"skip":false,"key":"1.5.3.8.1"},{"backlink":"practice/storage-for-containers-using-glusterfs-with-openshift.html#fig1.5.4.1.2.1","level":"1.5.4.1.2","list_caption":"Figure: Screen Shot 2017-03-23 at 21.50.34","alt":"Screen Shot 2017-03-23 at 21.50.34","nro":70,"url":"https://keithtenzer.files.wordpress.com/2017/03/screen-shot-2017-03-23-at-21-50-34.png?w=440","index":1,"caption_template":"图片 - _CAPTION_","label":"Screen Shot 2017-03-23 at 21.50.34","attributes":{},"skip":false,"key":"1.5.4.1.2.1"},{"backlink":"practice/storage-for-containers-using-glusterfs-with-openshift.html#fig1.5.4.1.2.2","level":"1.5.4.1.2","list_caption":"Figure: Screen Shot 2017-03-24 at 11.09.34.png","alt":"Screen Shot 2017-03-24 at 11.09.34.png","nro":71,"url":"https://keithtenzer.files.wordpress.com/2017/03/screen-shot-2017-03-24-at-11-09-341.png?w=440","index":2,"caption_template":"图片 - _CAPTION_","label":"Screen Shot 2017-03-24 at 11.09.34.png","attributes":{},"skip":false,"key":"1.5.4.1.2.2"},{"backlink":"practice/helm.html#fig1.5.5.1.1","level":"1.5.5.1","list_caption":"Figure: Helm chart源","alt":"Helm chart源","nro":72,"url":"../images/helm-charts-repository.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Helm chart源","attributes":{},"skip":false,"key":"1.5.5.1.1"},{"backlink":"practice/helm.html#fig1.5.5.1.2","level":"1.5.5.1","list_caption":"Figure: TODO应用的Web页面","alt":"TODO应用的Web页面","nro":73,"url":"../images/helm-mean-todo-aholic.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"TODO应用的Web页面","attributes":{},"skip":false,"key":"1.5.5.1.2"},{"backlink":"practice/create-private-charts-repo.html#fig1.5.5.2.1","level":"1.5.5.2","list_caption":"Figure: Helm monocular界面","alt":"Helm monocular界面","nro":74,"url":"../images/helm-monocular-jimmysong.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Helm monocular界面","attributes":{},"skip":false,"key":"1.5.5.2.1"},{"backlink":"practice/jenkins-ci-cd.html#fig1.5.6.1.1","level":"1.5.6.1","list_caption":"Figure: 基于Jenkins的持续集成与发布","alt":"基于Jenkins的持续集成与发布","nro":75,"url":"../images/kubernetes-jenkins-ci-cd.png","index":1,"caption_template":"图片 - _CAPTION_","label":"基于Jenkins的持续集成与发布","attributes":{},"skip":false,"key":"1.5.6.1.1"},{"backlink":"practice/drone-ci-cd.html#fig1.5.6.2.1","level":"1.5.6.2","list_caption":"Figure: OAuth注册","alt":"OAuth注册","nro":76,"url":"../images/github-oauth-register.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"OAuth注册","attributes":{},"skip":false,"key":"1.5.6.2.1"},{"backlink":"practice/drone-ci-cd.html#fig1.5.6.2.2","level":"1.5.6.2","list_caption":"Figure: OAuth key","alt":"OAuth key","nro":77,"url":"../images/github-oauth-drone-key.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"OAuth key","attributes":{},"skip":false,"key":"1.5.6.2.2"},{"backlink":"practice/drone-ci-cd.html#fig1.5.6.2.3","level":"1.5.6.2","list_caption":"Figure: Drone登陆界面","alt":"Drone登陆界面","nro":78,"url":"../images/drone-login-github.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Drone登陆界面","attributes":{},"skip":false,"key":"1.5.6.2.3"},{"backlink":"practice/drone-ci-cd.html#fig1.5.6.2.4","level":"1.5.6.2","list_caption":"Figure: Github启用repo设置","alt":"Github启用repo设置","nro":79,"url":"../images/drone-github-active.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Github启用repo设置","attributes":{},"skip":false,"key":"1.5.6.2.4"},{"backlink":"practice/drone-ci-cd.html#fig1.5.6.2.5","level":"1.5.6.2","list_caption":"Figure: Github单个repo设置","alt":"Github单个repo设置","nro":80,"url":"../images/drone-github-repo-setting.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Github单个repo设置","attributes":{},"skip":false,"key":"1.5.6.2.5"},{"backlink":"practice/dashboard-upgrade.html#fig1.5.7.2.1","level":"1.5.7.2","list_caption":"Figure: 登陆界面","alt":"登陆界面","nro":81,"url":"../images/kubernetes-dashboard-1.7.1-login.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"登陆界面","attributes":{},"skip":false,"key":"1.5.7.2.1"},{"backlink":"practice/dashboard-upgrade.html#fig1.5.7.2.2","level":"1.5.7.2","list_caption":"Figure: 首页","alt":"首页","nro":82,"url":"../images/kubernetes-dashboard-1.7.1-default-page.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"首页","attributes":{},"skip":false,"key":"1.5.7.2.2"},{"backlink":"practice/dashboard-upgrade.html#fig1.5.7.2.3","level":"1.5.7.2","list_caption":"Figure: 用户空间","alt":"用户空间","nro":83,"url":"../images/kubernetes-dashboard-1.7.1-brand.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"用户空间","attributes":{},"skip":false,"key":"1.5.7.2.3"},{"backlink":"practice/dashboard-upgrade.html#fig1.5.7.2.4","level":"1.5.7.2","list_caption":"Figure: kubeconfig文件","alt":"kubeconfig文件","nro":84,"url":"../images/brand-kubeconfig-yaml.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"kubeconfig文件","attributes":{},"skip":false,"key":"1.5.7.2.4"},{"backlink":"usecases/service-discovery-in-microservices.html#fig1.6.1.1.1","level":"1.6.1.1","list_caption":"Figure: 微服务中的服务发现","alt":"微服务中的服务发现","nro":85,"url":"../images/service-discovery-in-microservices.png","index":1,"caption_template":"图片 - _CAPTION_","label":"微服务中的服务发现","attributes":{},"skip":false,"key":"1.6.1.1.1"},{"backlink":"usecases/service-mesh.html#fig1.6.2.1","level":"1.6.2","list_caption":"Figure: 下一代异构微服务架构","alt":"下一代异构微服务架构","nro":86,"url":"../images/polyglot-microservices-serivce-mesh.png","index":1,"caption_template":"图片 - _CAPTION_","label":"下一代异构微服务架构","attributes":{},"skip":false,"key":"1.6.2.1"},{"backlink":"usecases/service-mesh.html#fig1.6.2.2","level":"1.6.2","list_caption":"Figure: Service Mesh 架构图","alt":"Service Mesh 架构图","nro":87,"url":"../images/serivce-mesh-control-plane.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Service Mesh 架构图","attributes":{},"skip":false,"key":"1.6.2.2"},{"backlink":"usecases/istio.html#fig1.6.2.1.1","level":"1.6.2.1","list_caption":"Figure: Istio架构图","alt":"Istio架构图","nro":88,"url":"../images/istio-arch.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Istio架构图","attributes":{},"skip":false,"key":"1.6.2.1.1"},{"backlink":"usecases/istio-installation.html#fig1.6.2.1.1.1","level":"1.6.2.1.1","list_caption":"Figure: BookInfo Sample应用架构图","alt":"BookInfo Sample应用架构图","nro":89,"url":"../images/bookinfo-sample-arch.png","index":1,"caption_template":"图片 - _CAPTION_","label":"BookInfo Sample应用架构图","attributes":{},"skip":false,"key":"1.6.2.1.1.1"},{"backlink":"usecases/istio-installation.html#fig1.6.2.1.1.2","level":"1.6.2.1.1","list_caption":"Figure: BookInfo Sample页面","alt":"BookInfo Sample页面","nro":90,"url":"../images/bookinfo-sample.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"BookInfo Sample页面","attributes":{},"skip":false,"key":"1.6.2.1.1.2"},{"backlink":"usecases/istio-installation.html#fig1.6.2.1.1.3","level":"1.6.2.1.1","list_caption":"Figure: Istio Grafana界面","alt":"Istio Grafana界面","nro":91,"url":"../images/istio-grafana.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Istio Grafana界面","attributes":{},"skip":false,"key":"1.6.2.1.1.3"},{"backlink":"usecases/istio-installation.html#fig1.6.2.1.1.4","level":"1.6.2.1.1","list_caption":"Figure: Prometheus页面","alt":"Prometheus页面","nro":92,"url":"../images/istio-prometheus.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Prometheus页面","attributes":{},"skip":false,"key":"1.6.2.1.1.4"},{"backlink":"usecases/istio-installation.html#fig1.6.2.1.1.5","level":"1.6.2.1.1","list_caption":"Figure: Zipkin页面","alt":"Zipkin页面","nro":93,"url":"../images/istio-zipkin.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Zipkin页面","attributes":{},"skip":false,"key":"1.6.2.1.1.5"},{"backlink":"usecases/istio-installation.html#fig1.6.2.1.1.6","level":"1.6.2.1.1","list_caption":"Figure: ServiceGraph页面","alt":"ServiceGraph页面","nro":94,"url":"../images/istio-servicegraph.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"ServiceGraph页面","attributes":{},"skip":false,"key":"1.6.2.1.1.6"},{"backlink":"usecases/install-and-expand-istio-mesh.html#fig1.6.2.1.3.1","level":"1.6.2.1.3","list_caption":"Figure: BookInfo","alt":"BookInfo","nro":95,"url":"../images/noistio.png","index":1,"caption_template":"图片 - _CAPTION_","label":"BookInfo","attributes":{},"skip":false,"key":"1.6.2.1.3.1"},{"backlink":"usecases/install-and-expand-istio-mesh.html#fig1.6.2.1.3.2","level":"1.6.2.1.3","list_caption":"Figure: BookInfo","alt":"BookInfo","nro":96,"url":"../images/noistio.png","index":2,"caption_template":"图片 - _CAPTION_","label":"BookInfo","attributes":{},"skip":false,"key":"1.6.2.1.3.2"},{"backlink":"usecases/integrating-vms.html#fig1.6.2.1.4.1","level":"1.6.2.1.4","list_caption":"Figure: Bookinfo应用的拓展Mesh","alt":"Bookinfo应用的拓展Mesh","nro":97,"url":"../images/istio-mesh-expansion.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Bookinfo应用的拓展Mesh","attributes":{},"skip":false,"key":"1.6.2.1.4.1"},{"backlink":"usecases/linkerd.html#fig1.6.2.2.1","level":"1.6.2.2","list_caption":"Figure: source https://linkerd.io","alt":"source https://linkerd.io","nro":98,"url":"../images/diagram-individual-instance.png","index":1,"caption_template":"图片 - _CAPTION_","label":"source https://linkerd.io","attributes":{},"skip":false,"key":"1.6.2.2.1"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.1","level":"1.6.2.2.1","list_caption":"Figure: Jenkins pipeline","alt":"Jenkins pipeline","nro":99,"url":"../images/linkerd-jenkins-pipeline.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Jenkins pipeline","attributes":{},"skip":false,"key":"1.6.2.2.1.1"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.2","level":"1.6.2.2.1","list_caption":"Figure: Jenkins config","alt":"Jenkins config","nro":100,"url":"../images/linkerd-jenkins.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Jenkins config","attributes":{},"skip":false,"key":"1.6.2.2.1.2"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.3","level":"1.6.2.2.1","list_caption":"Figure: namerd","alt":"namerd","nro":101,"url":"../images/namerd-internal.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"namerd","attributes":{},"skip":false,"key":"1.6.2.2.1.3"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.4","level":"1.6.2.2.1","list_caption":"Figure: linkerd监控","alt":"linkerd监控","nro":102,"url":"../images/linkerd-helloworld-outgoing.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"linkerd监控","attributes":{},"skip":false,"key":"1.6.2.2.1.4"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.5","level":"1.6.2.2.1","list_caption":"Figure: linkerd监控","alt":"linkerd监控","nro":103,"url":"../images/linkerd-helloworld-incoming.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"linkerd监控","attributes":{},"skip":false,"key":"1.6.2.2.1.5"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.6","level":"1.6.2.2.1","list_caption":"Figure: linkerd性能监控","alt":"linkerd性能监控","nro":104,"url":"../images/linkerd-grafana.png","index":6,"caption_template":"图片 - _CAPTION_","label":"linkerd性能监控","attributes":{},"skip":false,"key":"1.6.2.2.1.6"},{"backlink":"usecases/linkerd-user-guide.html#fig1.6.2.2.1.7","level":"1.6.2.2.1","list_caption":"Figure: Linkerd ingress controller","alt":"Linkerd ingress controller","nro":105,"url":"../images/linkerd-ingress-controller.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"Linkerd ingress controller","attributes":{},"skip":false,"key":"1.6.2.2.1.7"},{"backlink":"usecases/spark-standalone-on-kubernetes.html#fig1.6.3.1.1","level":"1.6.3.1","list_caption":"Figure: spark master ui","alt":"spark master ui","nro":106,"url":"../images/spark-ui.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"spark master ui","attributes":{},"skip":false,"key":"1.6.3.1.1"},{"backlink":"usecases/spark-standalone-on-kubernetes.html#fig1.6.3.1.2","level":"1.6.3.1","list_caption":"Figure: zeppelin ui","alt":"zeppelin ui","nro":107,"url":"../images/zeppelin-ui.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"zeppelin ui","attributes":{},"skip":false,"key":"1.6.3.1.2"},{"backlink":"develop/client-go-sample.html#fig1.7.3.1","level":"1.7.3","list_caption":"Figure: 使用kubernetes dashboard进行故障排查","alt":"使用kubernetes dashboard进行故障排查","nro":108,"url":"../images/kubernetes-client-go-sample-update.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"使用kubernetes dashboard进行故障排查","attributes":{},"skip":false,"key":"1.7.3.1"},{"backlink":"appendix/issues.html#fig1.8.2.1","level":"1.8.2","list_caption":"Figure: pvc-storage-limit","alt":"pvc-storage-limit","nro":109,"url":"../images/pvc-storage-limit.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"pvc-storage-limit","attributes":{},"skip":false,"key":"1.8.2.1"}]},"title":"Kubernetes Handbook","language":"zh-hans","links":{"sidebar":{"Home":"https://jimmysong.io"}},"gitbook":"*","description":"Kubernetes中文指南/实践手册|kubernetes handbook|jimmysong.io|宋净超"},"file":{"path":"usecases/install-and-expand-istio-mesh.md","mtime":"2017-11-07T15:50:53.316Z","type":"markdown"},"gitbook":{"version":"3.2.2","time":"2017-11-08T08:22:10.027Z"},"basePath":"..","book":{"language":""}});
|
||
});
|
||
</script>
|
||
</div>
|
||
|
||
|
||
<script src="../gitbook/gitbook.js"></script>
|
||
<script src="../gitbook/theme.js"></script>
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-github/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-splitter/splitter.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-page-toc-button/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-editlink/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-back-to-top-button/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-search-plus/jquery.mark.min.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-search-plus/search.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-github-buttons/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-3-ba/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-sharing/buttons.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
|
||
|
||
|
||
|
||
</body>
|
||
</html>
|
||
|