概要
- k8sテスト環境構築
Istio Operator インストール
構築目次
環境
- Rancher: v2.5.3
- kubernetes(Client): v1.19.4
- kubernetes(Server): v1.19.4
- Istio: v1.8.1
インストール
1. Istioctl(コマンドラインツール)をダウンロード
- 作業場所: ClientPC
- Istio Release Page
https://github.com/istio/istio/releases - ファイル説明
istioctl-x.x.x-linux-amd64.tar.gz: istioctlコマンド + istioサンプル
istio-x.x.x-linux-amd64.tar.gz: istioctlコマンドのみ
$ wget https://github.com/istio/istio/releases/download/1.8.1/istio-1.8.1-linux-amd64.tar.gz
$ tar xvf istio-1.8.1-linux-amd64.tar.gz
$ sudo mv istio-1.8.1/bin/istioctl /usr/local/bin/
## version 確認 ##
$ istioctl version
no running Istio pods in "istio-system"
1.8.1
2. Istio Operator インストール
- Istio Operator Install Page
https://istio.io/latest/docs/setup/install/operator/
## Operator インストール ##
## operatorのnamespaceは「istio-operator」、control planeのnamespaceは「istio-system」 ##
$ istioctl operator init --istioNamespace istio-system --operatorNamespace istio-operator
## pod 確認 ##
$ kubectl get pod -n istio-operator
NAME READY STATUS RESTARTS AGE
istio-operator-6699fc4879-54622 1/1 Running 0 2m57s
3. Istio control pane インストール
- Istioのビルトインprofileを指定してインストール
※各profile 詳細説明
https://istio.io/docs/setup/additional-setup/config-profiles/
| default | demo | minimal | remote | |
|---|---|---|---|---|
| istio-egressgateway | X | |||
| istio-ingressgateway | X | X | ||
| istiod | X | X | X |
- controlplane用manifest作成
- Profileは「demo」
- 各componentのreplica数を「2」に設定
istio-controlplane.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: istio-controlplane
spec:
profile: demo
components:
pilot:
k8s:
replicaCount: 2
ingressGateways:
- name: istio-ingressgateway
k8s:
replicaCount: 2
egressGateways:
- name: istio-egressgateway
k8s:
replicaCount: 2
- control plane インストール
## namespace作成 ##
$ kubectl create ns istio-system
## controlplane インストール ##
$ kubectl apply -f istio-controlplane.yaml
## pod 確認 ##
$ kubectl get pod -n istio-system
NAME READY STATUS RESTARTS AGE
istio-egressgateway-6bf7955495-bbcd9 1/1 Running 0 2m14s
istio-egressgateway-6bf7955495-g2gxh 1/1 Running 0 2m14s
istio-ingressgateway-76bb454c86-pp2cr 1/1 Running 0 2m14s
istio-ingressgateway-76bb454c86-qn5r7 1/1 Running 0 2m14s
istiod-69985c656c-2k4fp 1/1 Running 0 2m18s
istiod-69985c656c-wzqmt 1/1 Running 0 2m18s
4. Istio用prometheus, grafana, kiali インストール
- Integration Configuration Page
https://istio.io/latest/docs/ops/integrations/
## prometheus インストール ##
$ kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.8/samples/addons/prometheus.yaml
## grafana インストール ##
$ kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.8/samples/addons/grafana.yaml
## kiali インストール ##
$ kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.8/samples/addons/kiali.yaml
## pod 確認 ##
$ kubectl get pod -n istio-system
NAME READY STATUS RESTARTS AGE
grafana-75b5cddb4d-p6449 1/1 Running 0 8h
istio-egressgateway-6bf7955495-bbcd9 1/1 Running 0 2m14s
istio-egressgateway-6bf7955495-g2gxh 1/1 Running 0 2m14s
istio-ingressgateway-76bb454c86-pp2cr 1/1 Running 0 2m14s
istio-ingressgateway-76bb454c86-qn5r7 1/1 Running 0 2m14s
istiod-69985c656c-2k4fp 1/1 Running 0 2m18s
istiod-69985c656c-wzqmt 1/1 Running 0 2m18s
kiali-6c49c7d566-gmxwj 1/1 Running 0 3h59m
prometheus-9d5676d95-vf4w4 2/2 Running 0 4h14m
- prometheus 実行確認
$ istioctl dashboard prometheus
- grafana 実行確認
$ istioctl dashboard grafana
- kiali 実行確認
$ istioctl dashboard kiali
動作確認
- Istio-Injection設定
サンプルPodを作成するnamespaceにIstio-Injection設定を追加
## 「istio-test」namespaceに「istio-injection=enabled」ラベルを追加 ##
$ kubectl label namespace istio-test istio-injection=enabled
namespace/default labeled
## 確認 ##
$ kubectl get ns --show-labels
NAME STATUS AGE LABELS
..........
istio-test Active 21d istio-injection=enabled
..........
- サンプルPod作成
nginx-istio-test.yaml
apiVersion: v1
kind: Service
metadata:
namespace: istio-test
name: nginx-svc
spec:
selector:
app: nginx
ports:
- name: port
port: 8080
targetPort: 80
---
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
namespace: istio-test
spec:
containers:
- name: nginx
image: nginx:1.19.2
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
$ kubectl apply -f nginx-istio-test.yaml
## 確認 ##
$ kubectl get pod -n istio-test
NAME READY STATUS RESTARTS AGE
nginx 2/2 Running 0 20s
- GatewayとVirtualService 作成
istio-network.yaml
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: nginx-gateway
namespace: istio-test
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "istio-nginx.test.local"
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: nginx-virtualservice
namespace: istio-test
spec:
hosts:
- "istio-nginx.test.local"
gateways:
- nginx-gateway
http:
- route:
- destination:
port:
number: 8080
host: nginx-svc
$ kubectl apply -f istio-network.yaml
- ingressgatewayの
EXTERNAL-IPを確認
※MetalLBによりIPの自動割振済み
$ kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
..........
istio-ingressgateway LoadBalancer 10.43.59.71 192.168.245.112 15021:31299/TCP,80:30670/TCP,443:30344/TCP,31400:31251/TCP,15443:31010/TCP 9m11s
..........
- hosts 設定追加
ingressgatewayのEXTERNAL-IPとVirtualServiceで設定したhostを追加
$ cat /etc/hosts
........
192.168.245.112 istio-nginx.test.local
........
- 接続確認
$ curl -I http://istio-nginx.test.local
HTTP/1.1 200 OK
.........
.........
