Skip to content
Fork from istio install operator
Smarty Shell
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
charts
deploy
examples
profiles
.gitignore
LICENSE
README.md
profile.yaml
versions.yaml

README.md

istio-operator

在官方release版本基础上自定义charts,以及自己部署的examples示例

  • charts
    • ingress
      • istio ingress
        • 使用ingressgateway不依赖ingress,虽然values配置中telemetry_addon_gatewaystls,但在addongateway.yaml模板中并没有支持,这里做了支持
        • 官方在operator中已经将原本在helm中的几个ingress去掉(只有prometheus的保留),同时helm也已经弃用,所以建议使用ingressgateway
      • kubernetes ingress
        • grafana
        • kiali
        • tracing
    • contextPath
      • prometheusgrafanadeployment未支持路由的子路径,PR istio#21383
        • 或者通过ingressrewriteVirtualService也支持rewrite
      • kiali依赖的prometheus增加prometheus.contextPath支持,PR istio#21668
  • profile.yaml
    • 启动 Prometheus、Grafana、Kiali 和 Tracing 的网关
    • KialicreateDemoSecret=true使用默认用户名(admin)和密码(admin)创建密钥
    • 国内镜像源
      • Istio release版本镜像在docker.io/istio,而dev版本镜像在gcr.io/istio-testing,注意根据自己的需求选择
      • mirror.azure.cn
        • gcr.azk8s.cn
        • dockerhub.azk8s.cn
        • quay.azk8s.cn
      • mirrors.ustc.edu.cn

istioctl部署

manifest apply直接部署

# -f 自定义配置
# --set install_package_path 自定义charts
istioctl manifest apply \
-f profile.yaml \
--set profile=$PWD/profiles/default.yaml \
--set install_package_path=$PWD/charts

manifest generatekubectl apply部署

测试部署容易出问题,还是推荐manifest apply

istioctl manifest generate \
-f profile.yaml \
--set profile=$PWD/profiles/default.yaml \
--set install_package_path=$PWD/charts \
> generate-default.yaml

升级

# 环境检查
istioctl manifest versions
kubectl config view

# 不支持--set,所以install_package_path要在config file中指定
istioctl upgrade -f `<your-custom-configuration-file>`

升级Sidecar

Upgrade submitted. Please use `istioctl version` to check the current versions.
To upgrade the Istio data plane, you will need to re-inject it.
If you’re using automatic sidecar injection, you can upgrade the sidecar by doing a rolling update for all the pods:
    kubectl rollout restart deployment --namespace <namespace with auto injection>
If you’re using manual injection, you can upgrade the sidecar by executing:
    kubectl apply -f < (istioctl kube-inject -f <original application deployment yaml>)

卸载

istioctl manifest generate \
-f examples/default.yaml \
--set installPackagePath=$PWD/charts | kubectl delete -f -

Envoy日志

istio 数据面调试指南 Envoy RESPONSE_FLAGS说明

kubectl -n istio-system edit cm istio
......
# Set accessLogFile to empty string to disable access log.
accessLogFile: "/dev/stdout" # 开启日志

accessLogEncoding: 'JSON' # 默认日志是单行格式, 可选设置为 JSON
......

--set指定配置

istioctl manifest generate \
--set profile=default \
--set installPackagePath=$PWD/charts \
--set values.global.hub=dockerhub.azk8s.cn/istio \
--set values.prometheus.hub=dockerhub.azk8s.cn/prom \
--set values.prometheus.ingress.enabled=true \
--set values.grafana.enabled=true \
--set values.grafana.ingress.enabled=true \
--set values.tracing.enabled=true \
--set values.tracing.ingress.enabled=true \
--set values.tracing.ingress.hosts[0]=tracing.local \
--set values.kiali.enabled=true \
--set values.kiali.ingress.enabled=true \
--set values.kiali.hub=quay.azk8s.cn/kiali \
--set values.kiali.createDemoSecret=true \
> generate-default.yaml
You can’t perform that action at this time.