1. 개요
2. 설치 환경 확인
$ minikube status host: Running kubelet: Running apiserver: Running kubeconfig: Configured
$ kubectl version Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.6", GitCommit:"96fac5cd13a5dc064f7d9f4f23030a6aeface6cc", GitTreeState:"clean", BuildDate:"2019-08-19T11:13:49Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"darwin/amd64"} Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:09:08Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"linux/amd64"}
$ kubectl cluster-info Kubernetes master is running at https://192.168.99.100:8443 KubeDNS is running at https://192.168.99.100:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
3. Helm 설치
4. Istio 다운로드
4.1. 다운로드 및 파일 압축 해제
페이지 : https://github.com/istio/istio/releases
다운로드 받은 파일은 istio-1.4.2-osx.tar.gz 이다.
$ cd istio-1.4.2 $ ls -l total 48 -rw-r--r-- 1 jins staff 11348 12 7 05:54 LICENSE -rw-r--r-- 1 jins staff 6080 12 7 05:54 README.md drwxr-x--- 3 jins staff 96 12 7 05:54 bin drwxr-xr-x 7 jins staff 224 12 7 05:54 install -rw-r----- 1 jins staff 729 12 7 05:54 manifest.yaml drwxr-xr-x 20 jins staff 640 12 7 05:54 samples drwxr-x--- 7 jins staff 224 12 7 05:54 tools
4.2. istioctl 복사
$ cd bin $ ls -l total 168632 -rwxr-xr-x 1 jins staff 86337216 12 7 05:54 istioctl $ cp istioctl /usr/local/bin
4.3. Namespace 생성
$ kubectl create namespace istio-system namespace/istio-system created
4.4. Helm install
커맨드를 날릴 디렉토리는 istio-1.4.2 이다.
$ helm template install/kubernetes/helm/istio-init --name istio-init --namespace istio-system | kubectl apply -f - configmap/istio-crd-10 created configmap/istio-crd-11 created configmap/istio-crd-14 created serviceaccount/istio-init-service-account created clusterrole.rbac.authorization.k8s.io/istio-init-istio-system created clusterrolebinding.rbac.authorization.k8s.io/istio-init-admin-role-binding-istio-system created job.batch/istio-init-crd-10-1.4.2 created job.batch/istio-init-crd-11-1.4.2 created job.batch/istio-init-crd-14-1.4.2 created
참고로 원래 ingressgateway는 LoadBalancer 타입인데 Minikube는 LoadBalancer를 생성할 수 없기 때문에 NodePort로 한 것이다.
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system \ --set gateways.istio-ingressgateway.type=NodePort \ | kubectl apply -f - poddisruptionbudget.policy/istio-galley created poddisruptionbudget.policy/istio-ingressgateway created poddisruptionbudget.policy/istio-policy created poddisruptionbudget.policy/istio-telemetry created poddisruptionbudget.policy/istio-pilot created poddisruptionbudget.policy/istio-citadel created poddisruptionbudget.policy/istio-sidecar-injector created configmap/istio-galley-configuration created configmap/prometheus created configmap/istio-security-custom-resources created configmap/istio created configmap/istio-sidecar-injector created serviceaccount/istio-galley-service-account created serviceaccount/istio-ingressgateway-service-account created serviceaccount/istio-mixer-service-account created serviceaccount/istio-pilot-service-account created serviceaccount/prometheus created serviceaccount/istio-security-post-install-account created clusterrole.rbac.authorization.k8s.io/istio-security-post-install-istio-system created clusterrolebinding.rbac.authorization.k8s.io/istio-security-post-install-role-binding-istio-system created job.batch/istio-security-post-install-1.4.2 created serviceaccount/istio-citadel-service-account created serviceaccount/istio-sidecar-injector-service-account created serviceaccount/istio-multi created clusterrole.rbac.authorization.k8s.io/istio-galley-istio-system created clusterrole.rbac.authorization.k8s.io/istio-mixer-istio-system created clusterrole.rbac.authorization.k8s.io/istio-pilot-istio-system created clusterrole.rbac.authorization.k8s.io/prometheus-istio-system created clusterrole.rbac.authorization.k8s.io/istio-citadel-istio-system created clusterrole.rbac.authorization.k8s.io/istio-sidecar-injector-istio-system created clusterrole.rbac.authorization.k8s.io/istio-reader unchanged clusterrolebinding.rbac.authorization.k8s.io/istio-galley-admin-role-binding-istio-system created clusterrolebinding.rbac.authorization.k8s.io/istio-mixer-admin-role-binding-istio-system created clusterrolebinding.rbac.authorization.k8s.io/istio-pilot-istio-system created clusterrolebinding.rbac.authorization.k8s.io/prometheus-istio-system created clusterrolebinding.rbac.authorization.k8s.io/istio-citadel-istio-system created clusterrolebinding.rbac.authorization.k8s.io/istio-sidecar-injector-admin-role-binding-istio-system created clusterrolebinding.rbac.authorization.k8s.io/istio-multi configured role.rbac.authorization.k8s.io/istio-ingressgateway-sds created rolebinding.rbac.authorization.k8s.io/istio-ingressgateway-sds created service/istio-galley created service/istio-policy created service/istio-telemetry created service/istio-pilot created service/prometheus created service/istio-citadel created service/istio-sidecar-injector created deployment.apps/istio-galley created deployment.apps/istio-ingressgateway created deployment.apps/istio-policy created deployment.apps/istio-telemetry created deployment.apps/istio-pilot created deployment.apps/prometheus created deployment.apps/istio-citadel created deployment.apps/istio-sidecar-injector created horizontalpodautoscaler.autoscaling/istio-ingressgateway created horizontalpodautoscaler.autoscaling/istio-policy created horizontalpodautoscaler.autoscaling/istio-telemetry created horizontalpodautoscaler.autoscaling/istio-pilot created mutatingwebhookconfiguration.admissionregistration.k8s.io/istio-sidecar-injector configured attributemanifest.config.istio.io/istioproxy created attributemanifest.config.istio.io/kubernetes created instance.config.istio.io/requestcount created instance.config.istio.io/requestduration created instance.config.istio.io/requestsize created instance.config.istio.io/responsesize created instance.config.istio.io/tcpbytesent created instance.config.istio.io/tcpbytereceived created instance.config.istio.io/tcpconnectionsopened created instance.config.istio.io/tcpconnectionsclosed created handler.config.istio.io/prometheus created rule.config.istio.io/promhttp created rule.config.istio.io/promtcp created rule.config.istio.io/promtcpconnectionopen created rule.config.istio.io/promtcpconnectionclosed created handler.config.istio.io/kubernetesenv created rule.config.istio.io/kubeattrgenrulerule created rule.config.istio.io/tcpkubeattrgenrulerule created instance.config.istio.io/attributes created destinationrule.networking.istio.io/istio-policy created destinationrule.networking.istio.io/istio-telemetry created
4.5. Istio Pod 확인
$ kubectl get pods -n istio-system NAME READY STATUS RESTARTS AGE istio-citadel-65c9f49c76-4fnn5 1/1 Running 0 2m52s istio-galley-c5cb9c77d-r5qhv 1/1 Running 0 2m52s istio-ingressgateway-656846d489-l49dk 0/1 Running 0 2m51s istio-init-crd-10-1.4.2-pl2w8 0/1 Completed 0 2m53s istio-init-crd-11-1.4.2-h487d 0/1 Completed 0 2m53s istio-init-crd-14-1.4.2-22882 0/1 Completed 0 2m53s istio-pilot-568fd746c8-tsllx 0/2 Pending 0 2m51s istio-policy-79f475c566-bvtq4 2/2 Running 5 2m52s istio-security-post-install-1.4.2-pbjwl 1/1 Running 0 2m53s istio-sidecar-injector-59ccc94d59-xzzx7 1/1 Running 0 2m51s istio-telemetry-6f699b8967-t4jkz 0/2 Pending 0 2m51s prometheus-c8fdbd64f-w5kgj 1/1 Running 0 2m51s
4.6. Istio Service 확인
$ kubectl get svc -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-citadel ClusterIP 10.96.190.08060/TCP,15014/TCP 7m36s istio-galley ClusterIP 10.106.255.64 443/TCP,15014/TCP,9901/TCP 7m50s istio-ingressgateway NodePort 10.98.6.4 15020:31520/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:31658/TCP,15030:32270/TCP,15031:31465/TCP,15032:31697/TCP,15443:31263/TCP 86s istio-pilot ClusterIP 10.111.203.126 15010/TCP,15011/TCP,8080/TCP,15014/TCP 7m49s istio-policy ClusterIP 10.108.10.249 9091/TCP,15004/TCP,15014/TCP 7m49s istio-sidecar-injector ClusterIP 10.97.215.182 443/TCP,15014/TCP 7m32s istio-telemetry ClusterIP 10.97.68.213 9091/TCP,15004/TCP,15014/TCP,42422/TCP 7m49s prometheus ClusterIP 10.110.94.22 9090/TCP 7m42s
5. Bookinfo 예제
https://istio.io/docs/examples/bookinfo/
Bookinfo는 samples에 기본 포함되어 있다.
5.1. Sidecar Injection 활성화
$ kubectl label namespace default istio-injection=enabled namespace/default labeled $ kubectl get namespace -L istio-injection NAME STATUS AGE ISTIO-INJECTION default Active 54m enabled istio-system Active 41m kube-node-lease Active 54m kube-public Active 54m kube-system Active 54m kubernetes-dashboard Active 54m
5.2. Bookinfo 배포
$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml service/details created serviceaccount/bookinfo-details created deployment.apps/details-v1 created service/ratings created serviceaccount/bookinfo-ratings created deployment.apps/ratings-v1 created service/reviews created serviceaccount/bookinfo-reviews created deployment.apps/reviews-v1 created deployment.apps/reviews-v2 created deployment.apps/reviews-v3 created service/productpage created serviceaccount/bookinfo-productpage created deployment.apps/productpage-v1 created
5.3. Gateway 배포
$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml gateway.networking.istio.io/bookinfo-gateway created virtualservice.networking.istio.io/bookinfo created
$ kubectl get gateway NAME AGE bookinfo-gateway 38s