istio部署-istio dashboard

reference

• fleeto/sleep
• fleeto / flaskapp

1. istio exemplary configuration changes

Helm's --setparameters can change the default configuration, such as:

cd istio-1.1.7
helm template install/kubernetes/helm/istio \
--name istio --namespace istio-system \
--set sidecarInjectorWebhook.enabled=false

• The automatic injector istio Sidecar function is accomplished by mutating Kubernetes of a controller;
• If you install manifest istio take effect automatically enabled, it will generate a named istio-sidecar-injectorof mutatingwebhookconfigurationan object, which is automatically injected saved configuration;
• According to the principle of Helm and Kubernetes, repeat the kubectl applycommand does not perform the removal, thus generating operation by the above list, if submitted, the result is mutating continue using istio-sidecar-injectorthe configuration work;
• So this way only for add or modify operations to take effect for the delete operation is invalid .

2. Use istio dashboard

2.1 Enabling Grafana

# istion 默认没有启用 grafana
helm template install/kubernetes/helm/istio \
--name istio \
--namespace istio-system \
--set grafana.enabled=true > default-grafana.yaml

# 应用
kubectl apply -f default-grafana.yaml

2.2 Access Grafana

2.2.1 Access Grafana

# option1：本地 localhost 端口转发
kubectl -n istio-system port-forward \
$(kubectl -n istio-system get pod -l app=grafana -o jsonpath='{.items[0].metadata.name}') \
3000:3000 &

# option2：kube-proxy 端口转发
kubectl proxy --address='10.64.198.131' --port=3000 --accept-hosts='^*$'
URL：http://10.64.198.131:3000/api/v1/namespaces/istio-system/services/http:grafana:3000/proxy
子URL(样例)：http://10.64.198.131:3000/api/v1/namespaces/istio-system/services/http:grafana:3000/proxy/d/yuRIKZnWk/istio-mesh-dashboard

2.2.2 build traffic

# 创建工作负载
kubectl label namespaces default istio-injection=enabled
kubectl apply -f sleep.istio.yaml
kubectl apply -f flask.istio.yaml

# 构建流量
kubectl exec -it -c sleep $(kubectl get pod -l app=sleep,version=v1 -o jsonpath={.items[0].metadata.name}) /bin/bash
bash-4.4# for i in `seq 100` ; do http --body http://flaskapp/fetch?url=http://flaskapp/env/version >> /dev/null ; done

# 查看 Istio Mesh Dashboard
URL：http://10.64.198.131:3000/api/v1/namespaces/istio-system/services/http:grafana:3000/proxy/d/yuRIKZnWk/istio-mesh-dashboard

2.3 Grafana Ingress

Edit Grafana of values.yamlfiles can be modified to the type of service LoadBalanceor create Ingressobjects, the latter as an example:

# 针对 "ingress" 字段修改；
# 另如果需要通过账号访问，可设置 "security.enabled: true"，并设置用户名与密码
vim install/kubernetes/helm/istio/charts/grafana/values.yaml
ingress:
  # 启用 "ingress"
  enabled: true
  ## Used to create an Ingress record.
  hosts:
    # 修改 "domain"
    - grafana.istio
  annotations:
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  # 
  tls:
    # Secrets must be manually created in the namespace.
    # - secretName: grafana-tls
    #   hosts:
    #     - grafana.local

# "ingress" 资源的 "spec.rules.host.http.paths.path" 字段，即 "subpath"
contextPath: /

Note :

• Customize values.yamlthe file, you need to use helm templateto re-generate the deployment manifest, as described in 2.1;
• Rebuild the default deployment manifest contains Ingressresources only need to prepare in advance Ingress Controller, or Traefik, and similar resources can be.