Istio在Openshift 3.11的安装

详细安装步骤及解释参考

https://docs.openshift.com/container-platform/3.11/servicemesh-install/servicemesh-install.html#servicemesh-installation-overview

1.设置virtualbox能够上网

添加网络地址转换NAT网卡，并且编辑network-script

[root@node1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp0s8
TYPE="Ethernet"
#PROXY_METHOD="none"
BOOTPROTO="dhcp"
#IPADDR=192.168.56.103
#NETMASK=255.255.255.0
#GATEWAY=192.168.64.254
DNS1=202.106.0.20
DNS2=114.114.114.114
NAME="enp0s8"
DEVICE="enp0s8"
ONBOOT="yes"
DEFROUTE=yes

删除enp0s3的GATEWAY选项，验证是否能上网。

如果离线安装需要下载的镜像包括

openshift-istio-tech-preview/istio-operator:0.5.0
openshift-istio-tech-preview/openshift-ansible：0.5.0
openshift-istio-tech-preview/citadel:0.5.0
openshift-istio-tech-preview/proxyv2:0.5.0
openshift-istio-tech-preview/pilot:0.5.0
openshift-istio-tech-preview/mixer:0.5.0
docker.io/prom/prometheus:v2.3.1

openshift-istio-tech-preview/galley:0.5.0
openshift-istio-tech-preview/sidecar-injector:0.5.0

distributed-tracing-tech-preview/jaeger-elasticsearch:5.6.10
grafana/grafana:5.2.3
distributed-tracing-tech-preview/jaeger-agent:1.8.1
distributed-tracing-tech-preview/jaeger-collector:1.8.1
distributed-tracing-tech-preview/jaeger-query:1.8.1
kiali/kiali:v0.10.1

但最后还需要建立一个github,把代码clone过去

https://github.com/fabric8-launcher/launcher-booster-catalog.git

所以最后还是选择联互联网。

2. 准备工作

每台机器新建立一个/etc/sysctl.d/99-elasticsearch.conf文件，添加

vm.max_map_count = 262144

#sysctl vm.max_map_count=262144

在master机器上建立/etc/origin/master/master-config.patch文件

admissionConfig:
  pluginConfig:
    MutatingAdmissionWebhook:
      configuration:
        apiVersion: apiserver.config.k8s.io/v1alpha1
        kubeConfigFile: /dev/null
        kind: WebhookAdmission
    ValidatingAdmissionWebhook:
      configuration:
        apiVersion: apiserver.config.k8s.io/v1alpha1
        kubeConfigFile: /dev/null
        kind: WebhookAdmission

然后

$ cp -p master-config.yaml master-config.yaml.prepatch
$ oc ex config patch master-config.yaml.prepatch -p "$(cat master-config.patch)" > master-config.yaml
$ /usr/local/bin/master-restart api && /usr/local/bin/master-restart controllers

3.安装

istio_product_operator_template.yaml

apiVersion: v1
kind: Template
metadata:
  name: istio-operator-job
parameters:
- displayName: Master Public URL
  description: The public URL for master
  name: OPENSHIFT_ISTIO_MASTER_PUBLIC_URL
  value: https://127.0.0.1:8443
- displayName: OpenShift Release
  description: The version of the OpenShift release.
  name: OPENSHIFT_RELEASE
  value: v3.11.0
  required: true
- displayName: Istio Operator Namespace
  description: The namespace for the Istio operator
  name: OPENSHIFT_ISTIO_OPERATOR_NAMESPACE
  value: istio-operator
  required: true
- displayName: Default Prefix
  description: The default image prefix for istio deployments
  name: OPENSHIFT_ISTIO_PREFIX
  value: openshift-istio-tech-preview/
- displayName: Default Version
  description: The default image version for istio deployments
  name: OPENSHIFT_ISTIO_VERSION
  value: 0.5.0
- displayName: Default Deployment Type
  description: The default deployment type for istio deployments
  name: OPENSHIFT_DEPLOYMENT_TYPE
  value: openshift
objects:
- kind: CustomResourceDefinition
  apiVersion: apiextensions.k8s.io/v1beta1
  metadata:
    name: installations.istio.openshift.com
  spec:
    group: istio.openshift.com
    names:
      kind: Installation
      plural: installations
      singular: installation
    scope: Namespaced
    version: v1alpha1
- kind: Role
  apiVersion: rbac.authorization.k8s.io/v1
  metadata:
    name: istio-operator
  rules:
  - apiGroups:
    - istio.openshift.com
    resources:
    - "*"
    verbs:
    - "*"
  - apiGroups:
    - ""
    resources:
    - pods
    - services
    - endpoints
    - persistentvolumeclaims
    - events
    - configmaps
    - secrets
    - securitycontextconstraints
    verbs:
    - "*"
  - apiGroups:
    - apps
    resources:
    - deployments
    - daemonsets
    - replicasets
    - statefulsets
    verbs:
    - "*"
- kind: RoleBinding
  apiVersion: rbac.authorization.k8s.io/v1
  metadata:
    name: default-account-istio-operator
  subjects:
  - kind: ServiceAccount
    namespace: ${OPENSHIFT_ISTIO_OPERATOR_NAMESPACE}
    name: default
  roleRef:
    kind: Role
    name: istio-operator
    apiGroup: rbac.authorization.k8s.io
- kind: ClusterRoleBinding
  apiVersion: rbac.authorization.k8s.io/v1
  metadata:
    name: default-account-istio-operator-cluster-role-binding
  subjects:
  - kind: ServiceAccount
    namespace: ${OPENSHIFT_ISTIO_OPERATOR_NAMESPACE}
    name: default
  roleRef:
    kind: ClusterRole
    name: cluster-admin
    apiGroup: rbac.authorization.k8s.io
- kind: Deployment
  apiVersion: apps/v1
  metadata:
    name: istio-operator
    namespace: ${OPENSHIFT_ISTIO_OPERATOR_NAMESPACE}
  spec:
    replicas: 1
    selector:
      matchLabels:
        name: istio-operator
    template:
      metadata:
        labels:
          name: istio-operator
      spec:
        containers:
          - name: istio-operator
            image: ${OPENSHIFT_ISTIO_PREFIX}istio-operator:${OPENSHIFT_ISTIO_VERSION}
            ports:
            - containerPort: 60000
              name: metrics
            command:
            - istio-operator
            args:
            - "--release=${OPENSHIFT_RELEASE}"
            - "--masterPublicURL=${OPENSHIFT_ISTIO_MASTER_PUBLIC_URL}"
            - "--istioPrefix=${OPENSHIFT_ISTIO_PREFIX}"
            - "--istioVersion=${OPENSHIFT_ISTIO_VERSION}"
            - "--deploymentType=${OPENSHIFT_DEPLOYMENT_TYPE}"
            imagePullPolicy: IfNotPresent
            env:
              - name: WATCH_NAMESPACE
                valueFrom:
                  fieldRef:
                    fieldPath: metadata.namespace
              - name: OPERATOR_NAME
                value: "istio-operator"

cr.yaml

特别注意需要把模板中的username,password,token换成自己的啊！

[root@master istio]# cat cr.yaml
apiVersion: "istio.openshift.com/v1alpha1"
kind: "Installation"
metadata:
  name: "istio-installation"
  namespace: istio-operator
spec:
  deployment_type: openshift
  istio:
    authentication: true
    community: false
    prefix: openshift-istio-tech-preview/
    version: 0.5.0
  jaeger:
    prefix: distributed-tracing-tech-preview/
    version: 1.8.1
    elasticsearch_memory: 1Gi
  kiali:
    username: username
    password: password
    prefix: kiali/
    version: v0.10.1
  launcher:
    openshift:
      user: admin
      password: welcome1
    github:
      username: ericnie2015
      token: 19ba02ae0c370d8bb2bcf24ec5dd77ca6cb0b472
    catalog:
      filter: booster.mission.metadata.istio
      branch: v71
      repo: https://github.com/fabric8-launcher/launcher-booster-catalog.git

• Operator安装验证

#oc new-project istio-operator
#oc new-app -f istio_product_operator_template.yaml --param=OPENSHIFT_ISTIO_MASTER_PUBLIC_URL=https://master.example.com:8443

# oc logs -n istio-operator $(oc -n istio-operator get pods -l name=istio-operator --output=jsonpath={.items..metadata.name})

• 控制面板的部署

#oc create -f cr.yaml -n istio-operator

[root@master istio]# oc get pods -n devex 
NAME                          READY     STATUS    RESTARTS   AGE
configmapcontroller-1-kszwr   1/1       Running   0          26m
launcher-backend-3-8tkg8      1/1       Running   0          5m
launcher-frontend-3-lfr9z     1/1       Running   0          2m