Arm64框架的kubernetes安装Istio环境--仅用于学习
ServiceMesh、istio
环境
Kubernetes、arm64、linux
安装前准备
参照istio官方文档 ,istio中文官方文档
下载 Istio
1.转到 Istio 发布 页面,下载针对你操作系统的安装文件, 或用自动化工具下载并提取最新版本(Linux 或 macOS):
注:当前环境是获取最新版本,使用时需注意与k8s版本是否兼容
$ curl -L https://istio.io/downloadIstio | sh -
上面的命令下载最新版本(用数值表示)的 Istio。 你可以给命令行传递变量,用来下载指定的、不同处理器体系的版本。 例如,下载 arm64 架构的、1.6.8 版本的 Istio ,运行:
$ curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.6.8 TARGET_ARCH=arm64 sh -
操作过程中可能出现访问地址超时问题
,是因为https://istio.io/downloadIstio地址会被重定向到https://raw.githubusercontent.com/istio/istio/master/release/downloadIstioCandidate.sh得到这个可以执行文件去自动完成下载,遗憾的是这个地址被国内和谐了.
这个时候不要慌,可执行文件downloadIstioCandidate.sh的脚本内容是可以得到的(小鸡不散尿–各有各的道,使用FQ软件也可以直接使用以上命令或自己通过其他方式获得可执行脚本),脚本如下
#!/bin/sh
# Copyright Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file will be fetched as: curl -L https://git.io/getLatestIstio | sh -
# so it should be pure bourne shell, not bash (and not reference other scripts)
#
# The script fetches the latest Istio release candidate and untars it.
# You can pass variables on the command line to download a specific version
# or to override the processor architecture. For example, to download
# Istio 1.6.8 for the x86_64 architecture,
# run curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.6.8 TARGET_ARCH=x86_64 sh -.
set -e
# Determines the operating system.
OS="$(uname)"
if [ "${OS}" = "Darwin" ] ; then
OSEXT="osx"
else
OSEXT="linux"
fi
# Determine the latest Istio version by version number ignoring alpha, beta, and rc versions.
if [ "${ISTIO_VERSION}" = "" ] ; then
ISTIO_VERSION="$(curl -sL https://github.com/istio/istio/releases | \
grep -o 'releases/[0-9]*.[0-9]*.[0-9]*/' | sort -V | \
tail -1 | awk -F'/' '{ print $2}')"
ISTIO_VERSION="${ISTIO_VERSION##*/}"
fi
LOCAL_ARCH=$(uname -m)
if [ "${TARGET_ARCH}" ]; then
LOCAL_ARCH=${TARGET_ARCH}
fi
case "${LOCAL_ARCH}" in
x86_64)
ISTIO_ARCH=amd64
;;
armv8*)
ISTIO_ARCH=arm64
;;
aarch64*)
ISTIO_ARCH=arm64
;;
armv*)
ISTIO_ARCH=armv7
;;
amd64|arm64)
ISTIO_ARCH=${LOCAL_ARCH}
;;
*)
echo "This system's architecture, ${LOCAL_ARCH}, isn't supported"
exit 1
;;
esac
if [ "${ISTIO_VERSION}" = "" ] ; then
printf "Unable to get latest Istio version. Set ISTIO_VERSION env var and re-run. For example: export ISTIO_VERSION=1.0.4"
exit 1;
fi
NAME="istio-$ISTIO_VERSION"
URL="https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-${OSEXT}.tar.gz"
ARCH_URL="https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-${OSEXT}-${ISTIO_ARCH}.tar.gz"
with_arch() {
printf "\nDownloading %s from %s ...\n" "$NAME" "$ARCH_URL"
if ! curl -o /dev/null -sIf "$ARCH_URL"; then
printf "\n%s is not found, please specify a valid ISTIO_VERSION and TARGET_ARCH\n" "$ARCH_URL"
exit 1
fi
curl -fsLO "$ARCH_URL"
filename="istio-${ISTIO_VERSION}-${OSEXT}-${ISTIO_ARCH}.tar.gz"
tar -xzf "${filename}"
rm "${filename}"
}
without_arch() {
printf "\nDownloading %s from %s ..." "$NAME" "$URL"
if ! curl -o /dev/null -sIf "$URL"; then
printf "\n%s is not found, please specify a valid ISTIO_VERSION\n" "$URL"
exit 1
fi
curl -fsLO "$URL"
filename="istio-${ISTIO_VERSION}-${OSEXT}.tar.gz"
tar -xzf "${filename}"
rm "${filename}"
}
# Istio 1.6 and above support arch
# Istio 1.5 and below do not have arch support
ARCH_SUPPORTED="1.6"
# Istio 1.10 and above support arch for osx arm64
ARCH_SUPPORTED_OSX="1.10"
if [ "${OS}" = "Linux" ] ; then
# This checks if ISTIO_VERSION is less than ARCH_SUPPORTED (version-sort's before it)
if [ "$(printf '%s\n%s' "${ARCH_SUPPORTED}" "${ISTIO_VERSION}" | sort -V | head -n 1)" = "${ISTIO_VERSION}" ]; then
without_arch
else
with_arch
fi
elif [ "${OS}" = "Darwin" ] ; then
# This checks if ISTIO_VERSION is less than ARCH_SUPPORTED_OSX (version-sort's before it) or ISTIO_ARCH not equal to arm64
if [ "$(printf '%s\n%s' "${ARCH_SUPPORTED_OSX}" "${ISTIO_VERSION}" | sort -V | head -n 1)" = "${ISTIO_VERSION}" ] || [ "${ISTIO_ARCH}" != "arm64" ]; then
without_arch
else
with_arch
fi
else
printf "\n\n"
printf "Unable to download Istio %s at this moment!\n" "$ISTIO_VERSION"
printf "Please verify the version you are trying to download.\n\n"
exit 1
fi
printf ""
printf "\nIstio %s Download Complete!\n" "$ISTIO_VERSION"
printf "\n"
printf "Istio has been successfully downloaded into the %s folder on your system.\n" "$NAME"
printf "\n"
BINDIR="$(cd "$NAME/bin" && pwd)"
printf "Next Steps:\n"
printf "See https://istio.io/latest/docs/setup/install/ to add Istio to your Kubernetes cluster.\n"
printf "\n"
printf "To configure the istioctl client tool for your workstation,\n"
printf "add the %s directory to your environment path variable with:\n" "$BINDIR"
printf "\t export PATH=\"\$PATH:%s\"\n" "$BINDIR"
printf "\n"
printf "Begin the Istio pre-installation check by running:\n"
printf "\t istioctl x precheck \n"
printf "\n"
printf "Need more information? Visit https://istio.io/latest/docs/setup/install/ \n"
创建文件,将以上脚本粘贴到downloadIstioCandidate.sh文件中
vim downloadIstioCandidate.sh
chmod 577 downloadIstioCandidate.sh
sh downloadIstioCandidate.sh # 此时会输出你要下载的istio的版本
# 本次的版本是
wget https://github.com/istio/istio/releases/download/1.13.3/istio-1.13.3-linux-arm64.tar.gz
# 解压文件
tar -zxvf istio-1.13.3-linux-arm64.tar.gz -C /usr/local/
2.转到 Istio 包目录。例如,如果包是 istio-1.13.3:
$ cd /usr/local/istio-1.13.3
安装目录包含:
samples/ 目录下的示例应用程序
bin/ 目录下的 istioctl 客户端二进制文件 .
3.将 istioctl 客户端加入搜索路径(Linux or macOS):
$ export PATH=$PWD/bin:$PATH ## 重启后失效
或
sudo vi //etc/profile
export PATH=/usr/local/istio-1.13.3/bin:$PATH
source /etc/profile
开启自动补全
cp /usr/local/istio-1.13.3/tools/istioctl.bash $HOME/
source ~/istioctl.bash
安装 Istio
1.对于本次安装,我们采用 demo 配置组合。 选择它是因为它包含了一组专为测试准备的功能集合,另外还有用于生产或性能测试的配置组合。
如果你的平台有供应商提供的配置组合,比如:Openshift,则在下面命令中替换掉 demo 配置项。更多细节请参阅你的 平台说明
$ istioctl install --set profile=demo --set --set hub=docker.io/querycapistio -y
✔ Istio core installed
✔ Istiod installed
✔ Ingress gateways installed
✔ Egress gateways installed
✔ Installation complete Making this installation the default for injection and validation.
Thank you for installing Istio 1.13. Please take a few minutes to tell us about your install/upgrade experience! https://forms.gle/pzWZpAvMVBecaQ9h9
注意:
如果用官网介绍的命令istioctl install --set profile=demo --set -y 会出现exec user process caused: exec format error错误,pod会一直重启,主要原因为件架构不兼容,在 amd 和 arm 架构下构建的镜像可能不能互通,也就是amd架构下编译的镜像在arm中不能运行,istio默认使用docker.io/istio 的hub库,只有amd下编译的镜像。
方法总比困难多,咱们可以指定hub库或自己用arm重新编译,比如使用其它编译好的库:
Istio 允许您指定一个自定义 docker 镜像仓库,可用于从的私有仓库中获取容器镜像。
在安装时通过 --set hub= 来配置。这适用于 Istio 1.5 及以上版本
2.给命名空间添加标签,指示 Istio 在部署应用的时候,自动注入 Envoy 边车代理:
$ kubectl label namespace default istio-injection=enabled
namespace/default labeled
参考文件:
istio中文官方文档
https://github.com/querycap/istio
处理 Docker Hub 速率限制
参考信息-可忽略:
docker.io/querycapistio
Istio OCI Images (linux/arm64, linux/amd64)
This repo is for building oci images for istio stacks (until official supports).
How to use?
using images under docker.io/querycapistio
Environment Requirements
make sure aarch64 (32bit is not supported. because of the envoy, with needs google wee8)
Install Istio Operator
Same as https://istio.io/latest/docs/setup/install/operator, but with --hub
$ istioctl operator init --hub=docker.io/querycapistio --tag=1.13.0
Install Istio
Same as https://istio.io/latest/docs/setup/install
$ kubectl create ns istio-system
$ kubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: example-istiocontrolplane
spec:
hub: docker.io/querycapistio
profile: demo
EOF
notice the , if deploy failed on arm64 hosts. should set , likespec.hubspec.components.*.k8s.affinity
since 1.10.x, deprecated , we may not need this any more.values.global.arch
spec:
components:
pilot:
k8s: # each components have to set this
affinity: &affinity
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
egressGateways:
- name: "istio-egressgateway"
k8s:
affinity: *affinity
ingressGateways:
- name: "istio-ingressgateway"
k8s:
affinity: *affinity
Istio Components
querycapistio/proxyv2:{VERSION}[-distroless]
Docker Version Docker Image Size Docker Pulls
querycapistio/pilot:{VERSION}[-distroless]
Docker Version Docker Image Size Docker Pulls
querycapistio/operator:{VERSION}[-distroless]
Docker Version Docker Image Size Docker Pulls
querycapistio/install-cni:{VERSION}[-distroless]
Docker Version Docker Image Size Docker Pulls
处理 Docker Hub 速率限制
如何确保您的集群不受 Docker Hub 速率限制的影响。
从 2020 年 11 月 20 日开始,Docker Hub 在镜像拉取中引入了速率限制。
因为 Istio 使用 Docker Hub 作为默认镜像仓库,所以在大型集群上使用可能会由于超出速率限制导致 Pod 无法启动。这对 Istio 来说有很大问题,因为通常 Istio 的 sidecar 镜像与集群中的大多数 Pod 是一起启动的。
防范
Istio 允许您指定一个自定义 docker 镜像仓库,可用于从您的私有仓库中获取容器镜像。在安装时通过 --set hub= 来配置。
Istio 在 Google 容器仓库 提供了官方镜像。可以通过 --set hub=gcr.io/istio-release 来配置。这适用于 Istio 1.5 及以上版本。
或者,您可以将 Istio 官方镜像拷贝到您自己的镜像仓库中。根据您的使用场景,如果您的集群运行在特定镜像仓库的环境中(例如,在 AWS 上,您可能希望将镜像映射到 Amazon ECR),或者您对安全性有严格的要求(对公共仓库的访问受限制),则此操作特别有用。您可以使用以下脚本完成此操作:
$ SOURCE_HUB=istio
$ DEST_HUB=my-registry # Replace this with the destination hub
$ IMAGES=( install-cni operator pilot proxyv2 ) # Images to mirror.
$ VERSIONS=( 1.7.5 1.8.0 ) # Versions to copy
$ VARIANTS=( "" "-distroless" ) # Variants to copy
$ for image in $IMAGES; do
$ for version in $VERSIONS; do
$ for variant in $VARIANTS; do
$ name=$image:$version$variant
$ docker pull $SOURCE_HUB/$name
$ docker tag $SOURCE_HUB/$name $DEST_HUB/$name
$ docker push $DEST_HUB/$name
$ docker rmi $SOURCE_HUB/$name
$ docker rmi $DEST_HUB/$name
$ done
$ done
$ done
更多推荐
所有评论(0)