1.安装istio
要使用Helm自定义Istio安装,请使用--set <key>=<value>Helm命令中的选项覆盖一个或多个值
怎么使用选项配置请查看官网https://istio.io/docs/reference/config/installation-options/#servicegraph-options
模块说明
https://istio.io/docs/concepts/traffic-management/
https://blog.fleeto.us/post/istio-0.8.0-helm/
certmanagergalleygatewaysglobalgrafanaistio_cniistiocorednskialimixernodeagentpilotprometheussecurityservicegraphsidecarInjectorWebhooktracing
[root@master istio-1.1.5]# helm template install/kubernetes/helm/istio --name istio --namespace istio-system --set sidecarInjectorWebhook.enabled=true --set ingress.service.type=NodePort --set gateways.istio-ingressgateway.type=NodePort --set gateways.istio-egressgateway.type=NodePort --set tracing.enabled=true --set servicegraph.enabled=true --set prometheus.enabled=true --set tracing.jaeger.enabled=true --set grafana.enabled=true > istio.yaml
[root@master istio-1.1.5]# kubectl create namespace istio-system
[root@master istio-1.1.5]# kubectl apply -f istio.yaml poddisruptionbudget.policy/istio-galley unchanged poddisruptionbudget.policy/istio-ingressgateway unchanged poddisruptionbudget.policy/istio-policy unchanged poddisruptionbudget.policy/istio-telemetry unchanged poddisruptionbudget.policy/istio-pilot unchanged configmap/istio-galley-configuration unchanged configmap/istio-grafana-custom-resources unchanged configmap/istio-grafana-configuration-dashboards-galley-dashboard unchanged configmap/istio-grafana-configuration-dashboards-istio-mesh-dashboard unchanged configmap/istio-grafana-configuration-dashboards-istio-performance-dashboard unchanged configmap/istio-grafana-configuration-dashboards-istio-service-dashboard unchanged configmap/istio-grafana-configuration-dashboards-istio-workload-dashboard unchanged configmap/istio-grafana-configuration-dashboards-mixer-dashboard unchanged configmap/istio-grafana-configuration-dashboards-pilot-dashboard unchanged configmap/istio-grafana unchanged configmap/prometheus unchanged configmap/istio-security-custom-resources unchanged configmap/istio configured configmap/istio-sidecar-injector configured serviceaccount/istio-galley-service-account unchanged serviceaccount/istio-ingressgateway-service-account unchanged serviceaccount/istio-grafana-post-install-account unchanged clusterrole.rbac.authorization.k8s.io/istio-grafana-post-install-istio-system unchanged clusterrolebinding.rbac.authorization.k8s.io/istio-grafana-post-install-role-binding-istio-system unchanged job.batch/istio-grafana-post-install-1.1.5 unchanged serviceaccount/istio-mixer-service-account unchanged serviceaccount/istio-pilot-service-account unchanged serviceaccount/prometheus unchanged serviceaccount/istio-cleanup-secrets-service-account unchanged clusterrole.rbac.authorization.k8s.io/istio-cleanup-secrets-istio-system unchanged clusterrolebinding.rbac.authorization.k8s.io/istio-cleanup-secrets-istio-system unchanged job.batch/istio-cleanup-secrets-1.1.5 unchanged serviceaccount/istio-security-post-install-account unchanged clusterrole.rbac.authorization.k8s.io/istio-security-post-install-istio-system unchanged clusterrolebinding.rbac.authorization.k8s.io/istio-security-post-install-role-binding-istio-system unchanged job.batch/istio-security-post-install-1.1.5 unchanged serviceaccount/istio-citadel-service-account unchanged serviceaccount/istio-sidecar-injector-service-account unchanged serviceaccount/istio-multi unchanged clusterrole.rbac.authorization.k8s.io/istio-galley-istio-system unchanged clusterrole.rbac.authorization.k8s.io/istio-ingressgateway-istio-system unchanged clusterrole.rbac.authorization.k8s.io/istio-mixer-istio-system unchanged clusterrole.rbac.authorization.k8s.io/istio-pilot-istio-system unchanged clusterrole.rbac.authorization.k8s.io/prometheus-istio-system unchanged clusterrole.rbac.authorization.k8s.io/istio-citadel-istio-system unchanged clusterrole.rbac.authorization.k8s.io/istio-sidecar-injector-istio-system unchanged clusterrole.rbac.authorization.k8s.io/istio-reader unchanged clusterrolebinding.rbac.authorization.k8s.io/istio-galley-admin-role-binding-istio-system unchanged clusterrolebinding.rbac.authorization.k8s.io/istio-ingressgateway-istio-system unchanged clusterrolebinding.rbac.authorization.k8s.io/istio-mixer-admin-role-binding-istio-system unchanged clusterrolebinding.rbac.authorization.k8s.io/istio-pilot-istio-system unchanged clusterrolebinding.rbac.authorization.k8s.io/prometheus-istio-system unchanged clusterrolebinding.rbac.authorization.k8s.io/istio-citadel-istio-system unchanged clusterrolebinding.rbac.authorization.k8s.io/istio-sidecar-injector-admin-role-binding-istio-system unchanged clusterrolebinding.rbac.authorization.k8s.io/istio-multi unchanged role.rbac.authorization.k8s.io/istio-ingressgateway-sds unchanged rolebinding.rbac.authorization.k8s.io/istio-ingressgateway-sds unchanged service/istio-galley unchanged service/istio-ingressgateway configured service/grafana unchanged service/istio-policy unchanged service/istio-telemetry unchanged service/istio-pilot unchanged service/prometheus unchanged service/istio-citadel unchanged service/servicegraph created service/istio-sidecar-injector unchanged deployment.extensions/istio-galley configured deployment.extensions/istio-ingressgateway configured deployment.extensions/grafana unchanged deployment.extensions/istio-policy configured deployment.extensions/istio-telemetry configured deployment.extensions/istio-pilot configured deployment.extensions/prometheus unchanged deployment.extensions/istio-citadel configured deployment.extensions/servicegraph created deployment.extensions/istio-sidecar-injector configured deployment.extensions/istio-tracing unchanged horizontalpodautoscaler.autoscaling/istio-ingressgateway unchanged horizontalpodautoscaler.autoscaling/istio-policy unchanged horizontalpodautoscaler.autoscaling/istio-telemetry unchanged horizontalpodautoscaler.autoscaling/istio-pilot unchanged service/jaeger-query unchanged service/jaeger-collector unchanged service/jaeger-agent unchanged service/zipkin unchanged service/tracing unchanged mutatingwebhookconfiguration.admissionregistration.k8s.io/istio-sidecar-injector configured attributemanifest.config.istio.io/istioproxy unchanged attributemanifest.config.istio.io/kubernetes unchanged metric.config.istio.io/requestcount unchanged metric.config.istio.io/requestduration unchanged metric.config.istio.io/requestsize unchanged metric.config.istio.io/responsesize unchanged metric.config.istio.io/tcpbytesent unchanged metric.config.istio.io/tcpbytereceived unchanged metric.config.istio.io/tcpconnectionsopened unchanged metric.config.istio.io/tcpconnectionsclosed unchanged handler.config.istio.io/prometheus unchanged rule.config.istio.io/promhttp unchanged rule.config.istio.io/promtcp unchanged rule.config.istio.io/promtcpconnectionopen unchanged rule.config.istio.io/promtcpconnectionclosed unchanged handler.config.istio.io/kubernetesenv unchanged rule.config.istio.io/kubeattrgenrulerule unchanged rule.config.istio.io/tcpkubeattrgenrulerule unchanged kubernetes.config.istio.io/attributes unchanged destinationrule.networking.istio.io/istio-policy unchanged destinationrule.networking.istio.io/istio-telemetry unchanged
如上,使用helm时报这个错误 Helm: Error: no available release name found
Error: release sitewhere failed: namespaces "default" is forbidden: User "system:serviceaccount:kube-system:default" cannot get resource "namespaces" in API group "" in the namespace "default"
错误的原因大概是因为 tiller没有正确的角色权限。
执行以下命令可解决这个问题。
[root@master servicegraph]# kubectl create serviceaccount --namespace kube-system tiller serviceaccount/tiller created [root@master servicegraph]# kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller clusterrolebinding.rbac.authorization.k8s.io/tiller-cluster-rule created [root@master servicegraph]# kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' deployment.extensions/tiller-deploy patched
2.Prometheus、Grafana、Servicegraph和Jaeger服务创建 Ingress
[root@master istio-1.1.5]# vim ingress-istio.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: prometheus namespace: istio-system spec: rules: - host: prometheus.istio.io http: paths: - path: / backend: serviceName: prometheus servicePort: 9090 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: grafana namespace: istio-system spec: rules: - host: grafana.istio.io http: paths: - path: / backend: serviceName: grafana servicePort: 3000 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: servicegraph namespace: istio-system spec: rules: - host: servicegraph.istio.io http: paths: - path: / backend: serviceName: servicegraph servicePort: 8088 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: tracing namespace: istio-system spec: rules: - host: tracing.istio.io http: paths: - path: / backend: serviceName: tracing servicePort: 80
[root@master istio-1.1.5]# kubectl apply -f ingress-istio.yaml
通过 http://grafana.istio.io访问 Grafana 服务
通过http://servicegraph.istio.io访问 ServiceGraph 服务
http://servicegraph.istio.io/force/forcegraph.html: 这是一个交互式的d3.js可视化
http://servicegraph.istio.io/dotviz: 静态graphviz可视化.
http://servicegraph.istio.io/dotgraph: 提供点序列化.
http://servicegraph.istio.io/d3graph: 为D3可视化提供JSON序列化
http://servicegraph.istio.io/graph: 提供通用JSON序列化.
通过 http://tracing.istio.io/访问 Jaeger 跟踪页面:
通过 http://prometheus.istio.io/访问 Prometheus 页面: