在本地k8s集群环境下部署istio测试环境

没有本地搭建k8s集群的可以看我的另一篇脚本快速部署k8s集群环境的文章
集群架构

角色	ip
k8s-master	192.168.200.50
k8s-node1	192.168.200.51

部署istio

1. 下载istio官方的部署包网址：https://github.com/istio/istio/releases/tag/1.6.7
   

wget https://github.com/istio/istio/releases/download/1.6.7/istio-1.6.7-linux-amd64.tar.gz

或者使用官方脚本进行下载

curl -L https://istio.io/downloadIstio | sh -

2. 解压安装包并加入环境变量中

mkdir /apps/
tar xvf istio-1.6.7-linux-amd64.tar.gz -C /app/
export PATH=$PATH：/app/istio-1.6.7/bin

3. 安装istio（ps：一定要保证k8s集群正常运行）

kubectl get nodes
NAME         STATUS   ROLES    AGE     VERSION
k8s-master   Ready    master   4d13h   v1.18.0
k8s-node1    Ready    <none>   4d13h   v1.18.0
istioctl manifest apply --set profile=demo

查询部署完成情况

[root@k8s-master istio-1.6.7]# kubectl get svc -n istio-system
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                      AGE
grafana                     ClusterIP   10.105.100.150   <none>        3000/TCP                                                                     3d4h
istio-egressgateway         ClusterIP   10.106.99.217    <none>        80/TCP,443/TCP,15443/TCP                                                     3d4h
istio-ingressgateway        NodePort    10.100.149.212   <none>        15021:31367/TCP,80:30637/TCP,443:31967/TCP,31400:32306/TCP,15443:32188/TCP   3d4h
istiod                      ClusterIP   10.110.46.142    <none>        15010/TCP,15012/TCP,443/TCP,15014/TCP,853/TCP                                3d4h
jaeger-agent                ClusterIP   None             <none>        5775/UDP,6831/UDP,6832/UDP                                                   3d4h
jaeger-collector            ClusterIP   10.104.21.74     <none>        14267/TCP,14268/TCP,14250/TCP                                                3d4h
jaeger-collector-headless   ClusterIP   None             <none>        14250/TCP                                                                    3d4h
jaeger-query                ClusterIP   10.108.104.134   <none>        16686/TCP                                                                    3d4h
kiali                       NodePort    10.98.211.200    <none>        20001:31822/TCP                                                              3d4h
prometheus                  ClusterIP   10.108.10.150    <none>        9090/TCP                                                                     3d4h
tracing                     ClusterIP   10.97.33.219     <none>        80/TCP                                                                       3d4h
zipkin                      ClusterIP   10.98.238.91     <none>        9411/TCP                                                                     3d4h
[root@k8s-master istio-1.6.7]# kubectl get pods -n istio-system
NAME                                    READY   STATUS    RESTARTS   AGE
grafana-b54bb57b9-m8cxw                 1/1     Running   4          3d4h
istio-egressgateway-64bc874f5c-dmxjh    1/1     Running   4          3d4h
istio-ingressgateway-6b947b8c5d-wsbmm   1/1     Running   4          3d4h
istio-tracing-9dd6c4f7c-7t7qb           1/1     Running   4          3d4h
istiod-654b4b468b-f2lbw                 1/1     Running   4          3d4h
kiali-d45468dc4-qmzmw                   1/1     Running   4          3d4h
prometheus-77566c9987-dnl48             2/2     Running   8          3d4h

设置可视化界面kiali为外部访问模式并查询nodeport号

kubectl patch svc -n istio-system kiali -p '{"spec": {"type": "NodePort"}}'
kubectl describe svc -n istio-system kiali 
Name:                     kiali
Namespace:                istio-system
Labels:                   app=kiali
                          install.operator.istio.io/owning-resource=installed-state
                          install.operator.istio.io/owning-resource-namespace=istio-system
                          operator.istio.io/component=AddonComponents
                          operator.istio.io/managed=Reconcile
                          operator.istio.io/version=1.6.7
                          release=istio
Annotations:              Selector:  app=kiali
Type:                     NodePort
IP:                       10.98.211.200
Port:                     http-kiali  20001/TCP
TargetPort:               20001/TCP
NodePort:                 http-kiali  31822/TCP  #这里就是nodeport
Endpoints:                10.244.1.78:20001
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

访问node节点加上端口 192.168.200.51:31822
默认登陆账户和密码为admin/admin

在istio上部署测试应用bookinfo

1. 开启sidecar自动注入

kubectl label namespace default istio-injection=enabled

2. 使用kubectl部署bookinfo并创建网关

kubectl apply -f /app/istio-1.6.7/samples/bookinfo/platform/kube/bookinfo.yaml
kubectl apply -f /app/istio-1.6.7/samples/bookinfo/networking/bookinfo-gateway.yaml 

3. 设置访问网关的 INGRESS_HOST 和 INGRESS_PORT 变量
   查询是否有外部负载均衡器

kubectl get svc istio-ingressgateway -n istio-system
NAME                   TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                      AGE
istio-ingressgateway   NodePort   10.100.149.212   <none>        15021:31367/TCP,80:30637/TCP,443:31967/TCP,31400:32306/TCP,15443:32188/TCP   3d5h

EXTERNAL-IP是none或是pending说明没有
由于我们是本地虚拟机部署k8s外部没有外部负载均衡器我们使用nodeport方式
修改istio的网关为nodeport模式

kubectl patch service istio-ingressgateway -n istio-system -p '{"spec":{"type":"NodePort"}}'

采用nodeport方式暴露istio-ingressgateway

export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
#获取 ingress IP 地址：
export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o 'jsonpath={.items[0].status.hostIP}')

查询URL

echo $INGRESS_HOST:$INGRESS_PORT
192.168.200.51:30637

使用浏览器访问bookinfo

http://192.168.200.51:30637/productpage

重复刷新可以发现星星发生变化说明部署成功