Kubernetes指南
Linux性能优化实战eBPF 核心技术与实战SDN指南个人博客
EN
EN
  • Overview
  • Introduction
    • Kubernetes Introduction
    • Kubernetes Concepts
    • Kubernetes 101
    • Kubernetes 201
    • Kubernetes Cluster
  • Concepts
    • Concepts
    • Architecture
    • Design Principles
    • Components
      • etcd
      • kube-apiserver
      • kube-scheduler
      • kube-controller-manager
      • kubelet
      • kube-proxy
      • kube-dns
      • Federation
      • kubeadm
      • hyperkube
      • kubectl
    • Objects
      • Autoscaling
      • ConfigMap
      • CronJob
      • CustomResourceDefinition
      • DaemonSet
      • Deployment
      • Ingress
      • Job
      • LocalVolume
      • Namespace
      • NetworkPolicy
      • Node
      • PersistentVolume
      • Pod
      • PodPreset
      • ReplicaSet
      • Resource Quota
      • Secret
      • SecurityContext
      • Service
      • ServiceAccount
      • StatefulSet
      • Volume
  • Setup
    • Setup Guidance
    • kubectl Install
    • Single Machine
    • Feature Gates
    • Best Practice
    • Version Support
    • Setup Cluster
      • kubeadm
      • kops
      • Kubespray
      • Azure
      • Windows
      • LinuxKit
      • kubeasz
    • Setup Addons
      • Addon-manager
      • DNS
      • Dashboard
      • Monitoring
      • Logging
      • Metrics
      • GPU
      • Cluster Autoscaler
      • ip-masq-agent
  • Extension
    • API Extension
      • Aggregation
      • CustomResourceDefinition
    • Access Control
      • Authentication
      • RBAC Authz
      • Admission
    • Scheduler Extension
    • Network Plugin
      • CNI
      • Flannel
      • Calico
      • Weave
      • Cilium
      • OVN
      • Contiv
      • SR-IOV
      • Romana
      • OpenContrail
      • Kuryr
    • Container Runtime
      • CRI-tools
      • Frakti
    • Storage Driver
      • CSI
      • FlexVolume
      • glusterfs
    • Network Policy
    • Ingress Controller
      • Ingress + Letsencrypt
      • minikube Ingress
      • Traefik Ingress
      • Keepalived-VIP
    • Cloud Provider
    • Device Plugin
  • Cloud Native Apps
    • Apps Management
      • Patterns
      • Rolling Update
      • Helm
      • Operator
      • Service Mesh
      • Linkerd
      • Linkerd2
    • Istio
      • Deploy
      • Traffic Management
      • Security
      • Policy
      • Metrics
      • Troubleshooting
      • Community
    • Devops
      • Draft
      • Jenkins X
      • Spinnaker
      • Kompose
      • Skaffold
      • Argo
      • Flux GitOps
  • Practices
    • Overview
    • Resource Management
    • Cluster HA
    • Workload HA
    • Debugging
    • Portmap
    • Portforward
    • User Management
    • GPU
    • HugePage
    • Security
    • Audit
    • Backup
    • Cert Rotation
    • Large Cluster
    • Big Data
      • Spark
      • Tensorflow
    • Serverless
  • Troubleshooting
    • Overview
    • Cluster Troubleshooting
    • Pod Troubleshooting
    • Network Troubleshooting
    • PV Troubleshooting
      • AzureDisk
      • AzureFile
    • Windows Troubleshooting
    • Cloud Platform Troubleshooting
      • Azure
    • Troubleshooting Tools
  • Community
    • Development Guide
    • Unit Test and Integration Test
    • Community Contribution
  • Appendix
    • Ecosystem
    • Learning Resources
    • Domestic Mirrors
    • How to Contribute
    • Reference Documents
由 GitBook 提供支持
在本页
  • Downloading Istio
  • Deploying Istio Service
  • Mesh Extension
  • Prometheus, Grafana, and Zipkin
  1. Cloud Native Apps
  2. Istio

Deploy

Before dabbling into the installation of Istio, it is necessary to ensure that your Kubernetes cluster (only versions v1.9.0 and later are supported) is already deployed and that you have set up your local kubectl client appropriately. For instance, using minikube, you would need:

minikube start --memory=4096 --kubernetes-version=v1.11.1 --vm-driver=hyperkit

Downloading Istio

curl -L https://git.io/getLatestIstio | sh -
sudo apt-get install -y jq
ISTIO_VERSION=$(curl -L -s https://api.github.com/repos/istio/istio/releases/latest | jq -r .tag_name)
cd istio-${ISTIO_VERSION}
cp bin/istioctl /usr/local/bin

Deploying Istio Service

Initiating the Helm Tiller:

kubectl create -f install/kubernetes/helm/helm-service-account.yaml
helm init --service-account tiller

Then, deploy through Helm:

kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml
helm install install/kubernetes/helm/istio --name istio --namespace istio-system \
  --set ingress.enabled=true \
  --set gateways.enabled=true \
  --set galley.enabled=true \
  --set sidecarInjectorWebhook.enabled=true \
  --set mixer.enabled=true \
  --set prometheus.enabled=true \
  --set grafana.enabled=true \
  --set servicegraph.enabled=true \
  --set tracing.enabled=true \
  --set kiali.enabled=false

Upon completion, you can validate whether services within the isotio-system namespace are running properly:

$ kubectl -n istio-system get pod
$ kubectl -n istio-system get service

Mesh Extension

  • The server to be connected must be accessible via IP to service endpoints within the mesh, which often requires support from VPN or VPC, or non-NAT and non-firewall blocked direct routes provided by container networks. There's no need for the server to access cluster IP addresses assigned by Kubernetes.

After deployment, applications can be registered with Istio, like so:

# istioctl register servicename machine-ip portname:port
$ istioctl -n onprem register mysql 1.2.3.4 3306
$ istioctl -n onprem register svc1 1.2.3.4 http:7000

Prometheus, Grafana, and Zipkin

Once all pods are up and running, these services can be accessed through NodePort, the external IP of the load balancing service, or kubectl proxy. For instance, to access through kubectl proxy, launch it first:

$ kubectl proxy

Then access Grafana at http://localhost:8001/api/v1/namespaces/istio-system/services/grafana:3000/proxy/, and ServiceGraph at http://localhost:8001/api/v1/namespaces/istio-system/services/servicegraph:8088/proxy/, which displays a diagram of the connections between services.

  • /d3graph Provides a JSON serialization for D3 visualization.

  • /graph Provides a generic JSON serialization.

You can access the Zipkin trace page at http://localhost:8001/api/v1/namespaces/istio-system/services/zipkin:9411/proxy/, and the Prometheus page at http://localhost:8001/api/v1/namespaces/istio-system/services/prometheus:9090/proxy/.

上一页Istio下一页Traffic Management

最后更新于1年前

Istio also supports the management of non-Kubernetes applications. At this point, it's required to deploy Istio on VMs or physical servers where the applications are staged, with detailed steps available at . Note that certain prerequisites need to be fulfilled before deployment

The Istio control plane services (Pilot, Mixer, Citadel) and Kubernetes’ DNS server must be accessible from the virtual machine, often fulfilled using an , running Istio components on the virtual machine, or custom network configurations.

/force/forcegraph.html An interactive visualization.

/dotviz A static visualization.

/dotgraph Provides a serialization.

https://istio.io/docs/setup/kubernetes/additional-setup/mesh-expansion/
internal load balancer
D3.js
Graphviz
DOT