Docker Desktop 4.16.1 搭建 Kubernetes + Istio 开发环境

作者： Ju4t

Docker Desktop(4.16.1) 启用 kubernetes 版本为1.25.4，原作者尚未适配，故分享

由于Kubernetes大量的容器镜像在 gcr.io，无法在国内保证稳定的访问。

我们提供了一些工具脚本，帮助从阿里云镜像服务下载所需镜像。

启用 Kubernetes

images.properties

registry.k8s.io/pause:3.8=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.8
registry.k8s.io/kube-controller-manager:v1.25.4=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.25.4
registry.k8s.io/kube-scheduler:v1.25.4=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.25.4
registry.k8s.io/kube-proxy:v1.25.4=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.25.4
registry.k8s.io/kube-apiserver:v1.25.4=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.25.4
registry.k8s.io/etcd:3.5.4-0=registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.4-0
registry.k8s.io/coredns/coredns:v1.9.3=registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:v1.9.3
registry.k8s.io/ingress-nginx/controller:v1.2.1=registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.2.1
registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.2.2=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.2.2

mac 拉取镜像脚本

load_images.sh

#!/bin/bash

file="images.properties"

if [ -f "$file" ]
then
  echo "$file found."

  while IFS='=' read -r key value
  do
    #echo "${key}=${value}"
    docker pull ${value}
    docker tag ${value} ${key}
    docker rmi ${value}
  done < "$file"

else
  echo "$file not found."
fi

windows 拉取镜像脚本

load_images.ps1

foreach($line in Get-Content .\images.properties) {
    $data = $line.Split('=')
    $key = $data[0];
    $value = $data[1];
    Write-Output "$key=$value"
    docker pull ${value}
    docker tag ${value} ${key}
    docker rmi ${value}
}

配置加速

地址建议换成自己的，在阿里云里申请

{
  ...
  "registry-mirrors": [
    "https://5g2xk4rj.mirror.aliyuncs.com"
  ]
}

启用 Istio

下载 Istio

# 下载安装脚本
curl -L https://istio.io/downloadIstio | sh -

cd istio-1.16.1

# 将istioctl客户端添加到您的路径
export PATH=$PWD/bin:$PATH

安装 Istio

# 添加命名空间标签以指示 Istio 在您稍后部署应用程序时自动注入 Envoy sidecar 代理
istioctl install --set profile=demo -y

kubectl label namespace default istio-injection=enabled

部署应用

应用架构图

kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.16/samples/bookinfo/platform/kube/bookinfo.yaml

kubectl get services

kubectl get pod

# 验证
kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>

向外部流量开放应用程序

创建一个 Istio Ingress Gateway，它将路径映射到网格边缘的路由
将此应用程序与 Istio 网关相关联

kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.16/samples/bookinfo/networking/bookinfo-gateway.yaml

确保配置没问题

istioctl analyze

安装Kiali 和其他插件

1. clone https://github.com/istio/istio/

kubectl apply -f samples/addons
kubectl rollout status deployment/kiali -n istio-system

2. 访问仪表盘

istioctl dashboard kiali

3. 模拟访问

for i in $(seq 1 100); do curl -s -o /dev/null "http://$GATEWAY_URL/productpage"; done

• ←上一篇
• 下一篇→