Istio의 경우도 Prometheus와 Grafana와 마찬가지로 구축해 보거나 사용한 경험이 없다.
앞으로 진행할 프로젝트들은 지금까지 겪어보지 못한 문제들을 마주하게 될테니, 진행하면서 정리를 잘 해야 할 것 같다.
참고 레퍼런스
https://itgix.com/blog/installing-istio-on-amazon-eks-managed-kubernetes-service/
https://musclebear.tistory.com/157
0. kubectl 설치 (링크)
1. Helm 설치 (링크)
2. EKS 클러스터 생성
3. istioctl 설치
root@istiohost:~# curl -sL https://istio.io/downloadIstioctl | sh -
Downloading istioctl-1.16.1 from https://github.com/istio/istio/releases/download/1.16.1/istioctl-1.16.1-linux-amd64.tar.gz ...
istioctl-1.16.1-linux-amd64.tar.gz download complete!
Add the istioctl to your path with:
export PATH=$HOME/.istioctl/bin:$PATH
Begin the Istio pre-installation check by running:
istioctl x precheck
Need more information? Visit https://istio.io/docs/reference/commands/istioctl/
root@istiohost:~# cp ~/.istioctl/bin/istioctl ~/bin4. istio 설치
root@istiohost:~# istioctl install
This will install the Istio 1.16.1 default profile with ["Istio core" "Istiod" "Ingress gateways"] components into the cluster. Proceed? (y/N) y
✔ Istio core installed
✔ Istiod installed
✔ Ingress gateways installed
✔ Installation complete
Making this installation the default for injection and validation.
Thank you for installing Istio 1.16. Please take a few minutes to tell us about your install/upgrade experience! https://forms.gle/99uiMML96AmsXY5d6
root@istiohost:~#
root@istiohost:~# kubectl label namespace default istio-injection=enabled
namespace/default labeled
root@istiohost#
root@istiohost# kubectl get ns --show-labels
NAME STATUS AGE LABELS
default Active 75m istio-injection=enabled,kubernetes.io/metadata.name=default
istio-system Active 5m21s kubernetes.io/metadata.name=istio-system
kube-node-lease Active 75m kubernetes.io/metadata.name=kube-node-lease
kube-public Active 75m kubernetes.io/metadata.name=kube-public
kube-system Active 75m kubernetes.io/metadata.name=kube-system5. Istio 샘플 애플리케이션 배포
root@istiohost:~/samples/bookinfo/platform/kube# kubectl apply -f bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
root@istiohost:~#
root@istiohost:~# kubectl get po
NAME READY STATUS RESTARTS AGE
details-v1-698b5d8c98-d25rh 2/2 Running 0 21s
productpage-v1-bf4b489d8-7nfqt 0/2 PodInitializing 0 17s
ratings-v1-5967f59c58-cbswp 0/2 PodInitializing 0 20s
reviews-v1-9c6bb6658-pwmqg 0/2 PodInitializing 0 19s
reviews-v2-8454bb78d8-r6vht 0/2 PodInitializing 0 19s
reviews-v3-6dc9897554-nt2p8 0/2 PodInitializing 0 18s
root@istiohost:~#
root@istiohost:~# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 10.100.87.116 <none> 9080/TCP 66s
kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 83m
productpage ClusterIP 10.100.63.52 <none> 9080/TCP 62s
ratings ClusterIP 10.100.253.249 <none> 9080/TCP 65s
reviews ClusterIP 10.100.141.134 <none> 9080/TCP 64s
root@istiohost:~#
root@istiohost:~# kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>6. Istio gateway 설정
root@istiohost:~/samples/bookinfo/networking# cat booking-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
root@istiohost:~/samples/bookinfo/networking# kubectl apply -f bookinfo-gateway.yaml
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
root@istiohost:~/samples/bookinfo/networking#
root@istiohost:~/samples/bookinfo/networking# istioctl analyze
✔ No validation issues found when analyzing namespace: default.
root@istiohost:~/samples/bookinfo/networking#
root@istiohost:~/samples/bookinfo/networking# kubectl get gateway
NAME AGE
bookinfo-gateway 97s
root@istiohost:~/samples/bookinfo/networking#
root@istiohost:~/samples/bookinfo/networking# kubectl get pod -n istio-system -l istio=ingressgateway
NAME READY STATUS RESTARTS AGE
istio-ingressgateway-b75c8fb5c-7xttl 1/1 Running 0 22m
root@istiohost:~/samples/bookinfo/networking#
root@istiohost:~/samples/bookinfo/networking# kubectl get svc istio-ingressgateway -n istio-system --show-labels
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
istio-ingressgateway LoadBalancer 10.100.249.134 ab9b23a433b754d9ab633f9946d96833-1162497800.ap-southeast-1.elb.amazonaws.com 15021:30635/TCP,80:31256/TCP,443:31509/TCP 22m app=istio-ingressgateway,install.operator.istio.io/owning-resource-namespace=istio-system,install.operator.istio.io/owning-resource=unknown,istio.io/rev=default,istio=ingressgateway,operator.istio.io/component=IngressGateways,operator.istio.io/managed=Reconcile,operator.istio.io/version=1.16.1,release=istio
root@istiohost:~/samples/bookinfo/networking#7. 접속 테스트
추후 CI/CD 플랫폼과 모니터링 도구들 모두 연결해서 구축해봐야겠다.
DevOps 엔지니어 / 열심히 해서 잘하자