Download istio version 1.17
아래에서 kubernetes 와 호환 버전 확인하고 설치를 진행한다
https://istio.io/latest/docs/releases/supported-releases/#support-status-of-istio-releases
💡Environment
Client Version: v1.24.0
Kustomize Version: v4.5.4
Server Version: v1.24.12-eks-ec5523e
# download
curl -L https://istio.io/downloadIstio |
> ISTIO_VERSION=1.17 sh -
# symbolic link
cd istio-1.17.2
ln -s istio-1.17.2 istio
# path, ~/.zshrc
export PATH=$PWD/bin:$PATH
e.g. export PATH=/Users/dewble/Workspace/istio/istio-1.17.2/bin/:$PATH
# completion for bash, ~/.zshrc
source ~/istio/tools/istioctl.bash
e.g. source /Users/dewble/Workspace/istio/istio-1.17.2/tools/istioctl.bashistioctl profile 사용법과 사용 가능한 profile 조회
istioctl profile --help
The profile command lists, dumps or diffs Istio configuration profiles.
Usage:
istioctl profile [command]
Examples:
istioctl profile list
istioctl install --set profile=demo # Use a profile from the list
Available Commands:
diff Diffs two Istio configuration profiles
dump Dumps an Istio configuration profile
list Lists available Istio configuration profiles
Flags:
--dry-run Console/log output only, make no changes.
-h, --help help for profile
Global Flags:
--context string The name of the kubeconfig context to use
-c, --kubeconfig string Kubernetes configuration file
--vklog Level number for the log level verbosity. Like -v flag. ex: --vklog=9
Use "istioctl profile [command] --help" for more information about a command.istioctl profile list
Istio configuration profiles:
ambient
default
demo
empty
external
minimal
openshift
preview
remotedefault: enables components according to the default settings of the [IstioOperator API](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/). This profile is recommended for production deployments and for primary clusters in a multicluster mesh. You can display the default settings by running the istioctl profile dump command.
profile diff - 각 profile의 option 비교
istioctl profile diff default demoinstall istio and inject Envoy sidecar proxies
# install istio with default profile
istioctl install --set profile=default -y
# inject envoy sidecar
kubectl label namespace bookinfo istio-injection=enabledGenerate a manifest before installation
https://istio.io/latest/docs/setup/install/istioctl/#generate-a-manifest-before-installation
verify install
➜ k get crd
➜ k get all
NAME READY STATUS RESTARTS AGE
pod/istio-ingressgateway-5555ccdc98-wpph6 1/1 Running 0 91s
pod/istiod-7fd9d6dd48-5lgzd 1/1 Running 0 96s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/istio-ingressgateway LoadBalancer 172.20.199.65 af78873b5044d49c7af9087bafb85262-1574793183.ap-northeast-2.elb.amazonaws.com 15021:30871/TCP,80:30569/TCP,443:32132/TCP 91s
service/istiod ClusterIP 172.20.191.162 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 96s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/istio-ingressgateway 1/1 1 1 92s
deployment.apps/istiod 1/1 1 1 96s
NAME DESIRED CURRENT READY AGE
replicaset.apps/istio-ingressgateway-5555ccdc98 1 1 1 92s
replicaset.apps/istiod-7fd9d6dd48 1 1 1 96s
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/istio-ingressgateway Deployment/istio-ingressgateway <unknown>/80% 1 5 1 91s
horizontalpodautoscaler.autoscaling/istiod Deployment/istiod <unknown>/80% 1 5 1 96s
➜ k get ns --show-labels
NAME STATUS AGE LABELS
bookinfo Active 7s istio-injection=enabled,kubernetes.io/metadata.name=bookinfo- pod/istio-ingressgateway-5555ccdc98-wpph6: EnvoyProxy
모니터링 addons 배포
# addon list
➜ ls samples/addons
README.md extras grafana.yaml jaeger.yaml kiali.yaml prometheus.yaml
# install addon, 에러 발생시 다시 명령어 입력, crd 생성 중
➜ k apply -f samples/addons
serviceaccount/grafana created
configmap/grafana created
service/grafana created
deployment.apps/grafana created
configmap/istio-grafana-dashboards created
configmap/istio-services-grafana-dashboards created
deployment.apps/jaeger created
service/tracing created
service/zipkin created
service/jaeger-collector created
serviceaccount/kiali created
configmap/kiali created
clusterrole.rbac.authorization.k8s.io/kiali-viewer created
clusterrole.rbac.authorization.k8s.io/kiali created
clusterrolebinding.rbac.authorization.k8s.io/kiali created
role.rbac.authorization.k8s.io/kiali-controlplane created
rolebinding.rbac.authorization.k8s.io/kiali-controlplane created
service/kiali created
deployment.apps/kiali created
serviceaccount/prometheus created
configmap/prometheus created
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created
service/prometheus created
deployment.apps/prometheus created대시보드 확인용 Nodeport Service 생성
istioctl dashboard [dashboard name] 명령어로도 확인 가능
e.g. istioctl dashboard kiali
apiVersion: v1
kind: Service
metadata:
name: kiali
namespace: istio-system
spec:
type: NodePort
ports:
- port: 20001
targetPort: 20001
nodePort: 30001
selector:
app: kiali
---
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: istio-system
spec:
type: NodePort
ports:
- port: 3000
targetPort: 3000
nodePort: 30002
selector:
app: grafana
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-collector
namespace: istio-system
spec:
type: NodePort
ports:
- port: 16686
targetPort: 16686
nodePort: 30003
selector:
app: jaeger
---
apiVersion: v1
kind: Service
metadata:
name: prometheus
namespace: istio-system
spec:
type: NodePort
ports:
- port: 9090
targetPort: 9090
nodePort: 30004
selector:
app: prometheus설치 확인
➜ k get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
grafana NodePort 172.20.139.38 <none> 3000:30002/TCP 3h58m
istio-ingressgateway LoadBalancer 172.20.199.65 af78873b5044d49c7af9087bafb85262-1574793183.ap-northeast-2.elb.amazonaws.com 15021:30871/TCP,80:30569/TCP,443:32132/TCP 4h11m
istiod ClusterIP 172.20.191.162 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 4h11m
jaeger-collector NodePort 172.20.247.27 <none> 16686:30003/TCP 3h58m
kiali NodePort 172.20.169.153 <none> 20001:30001/TCP 3h58m
prometheus NodePort 172.20.69.37 <none> 9090:30004/TCP 3h58m
tracing ClusterIP 172.20.250.72 <none> 80/TCP,16685/TCP 3h58m
zipkin ClusterIP 172.20.220.250 <none> 9411/TCP 3h58m➜ istioctl ps
NAME CLUSTER CDS LDS EDS RDS ECDS ISTIOD VERSION
httpbin-847f64cc8d-m8qrt.httpbin Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-7fd9d6dd48-5lgzd 1.17.2
istio-ingressgateway-6d8c85fd46-6gjjn.istio-system Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-7fd9d6dd48-5lgzd 1.17.2- EDS: Endpoint Discovery Service
- CDS: Cluster
- RDS: Route
- LDS: Listener
좀 더 자세한 내용은 아래 글 참고
[Istio]Traffic Management - 무슨 일이 발생하는 건가? envoy xDS Sync 이해하기
istioctl proxy-status로 상태 확인하기
# istioctl 명령어 확인
istioctl --help
istioctl proxy-status --help
➜ it proxy-status
NAME CLUSTER CDS LDS EDS RDS ECDS ISTIOD VERSION
istio-ingressgateway-5555ccdc98-wpph6.istio-system Kubernetes SYNCED SYNCED SYNCED NOT SENT NOT SENT istiod-7fd9d6dd48-5lgzd
➜ it proxy-status istio-ingressgateway-5555ccdc98-wpph6.istio-system
Clusters Match
Listeners Match
Routes Matchhttps://istio.io/latest/docs/setup/install/istioctl/
'Cloud-native > Istio' 카테고리의 다른 글
| [Istio]Traffic Management - 무슨 일이 발생하는 건가?(envoy xDS Sync 이해하기) (0) | 2023.05.06 |
|---|---|
| [Istio]Traffic Management - Request Routing(동적 요청 라우팅 구성하기) (0) | 2023.05.06 |
| [Istio]Traffic Management - Overview (0) | 2023.05.06 |
| [Istio]Deploy bookinfo sample application to demonstrate various Istio features (0) | 2023.04.23 |
| [Istio]What is Istio? (0) | 2023.04.23 |
