Istio.io is an open platform that provides a uniform way to connect, manage, and secure microservices. This article describes installing and running on OpenShift (>=1.5 as of now) only. If you would like to know more theory I encourage you to read this post by @christianposta
Note that some of the permissions mentioned in this article may be more than what is needed. I plan to do further research and publish another article or comments on this post with accurate permissions in the future. For updates follow me on twitter @debianmaster
Run as Cluster Administrator on Master
oc login -u system:admin
Istio installation requires that you are the cluster-admin; you can use any cluster admin user for this purpose.
Choose a Namespace and Provide Permissions
oc project default
oc adm policy add-scc-to-user anyuid -z default
oc adm policy add-scc-to-user privileged -z default
oc patch scc/privileged --patch {\"allowedCapabilities\":[\"NET_ADMIN\"]}
NET_ADMIN privilege is needed for iptable NAT redirect chains updated by Istio.
Install Istio Service Mesh
git clone https://github.com/istio/istio
git checkout 0.1.5
Apply Necessary Permissions
oc adm policy add-cluster-role-to-user cluster-admin -z istio-manager-service-account
oc adm policy add-cluster-role-to-user cluster-admin -z istio-ingress-service-account
oc adm policy add-cluster-role-to-user cluster-admin -z default
oc adm policy add-scc-to-user anyuid -z istio-ingress-service-account
oc adm policy add-scc-to-user privileged -z istio-ingress-service-account
oc adm policy add-scc-to-user anyuid -z istio-manager-service-account oc adm policy add-scc-to-user privileged -z istio-manager-service-account
Many permissions are needed currently, but this may change. Istio installation creates custom service accounts and they need privileges to be able to create ThirdPartyResources.
Deploying Istio
oc apply -f istio/install/kubernetes/istio.yaml
Install Addons
oc apply -f istio/install/kubernetes/addons/prometheus.yaml
oc apply -f istio/install/kubernetes/addons/grafana.yaml
oc apply -f istio/install/kubernetes/addons/servicegraph.yaml
Deploy Sample App
Install istioctl first
curl -L https://git.io/getIstio | sh -
export PATH="$PATH:/Users/YOUR_USERNAME/istio/istio-0.1.5/bin"
Note: Don't forget to replace with the appropriate value.
Deploy bookInfo App
oc apply -f <(istioctl kube-inject -f istio/samples/apps/bookinfo/bookinfo.yaml)
oc expose svc servicegrap
Test Service Mesh / Using Grafana Pod (or Another Pod)
$ export GRAFANA=$(oc get pods -l app=grafana -o jsonpath={.items[0].metadata.name})
$ oc exec $GRAFANA -- curl -o /dev/null -s -w "%{http_code}\n" http://istio-ingress/productpage
$ open http://$(oc get routes servicegraph -o jsonpath={.spec.host})/dotviz
Conclusion
You should see something like this at the end showing the service graph.
See it in action
À propos de l'auteur
Plus de résultats similaires
Simplify Linux management across your systems’ lifecycles with Red Hat Insights
Red Hat Enterprise Linux for Google Cloud
SREs on a plane | Technically Speaking
Parcourir par canal
Automatisation
Les dernières nouveautés en matière d'automatisation informatique pour les technologies, les équipes et les environnements
Intelligence artificielle
Actualité sur les plateformes qui permettent aux clients d'exécuter des charges de travail d'IA sur tout type d'environnement
Cloud hybride ouvert
Découvrez comment créer un avenir flexible grâce au cloud hybride
Sécurité
Les dernières actualités sur la façon dont nous réduisons les risques dans tous les environnements et technologies
Edge computing
Actualité sur les plateformes qui simplifient les opérations en périphérie
Infrastructure
Les dernières nouveautés sur la plateforme Linux d'entreprise leader au monde
Applications
À l’intérieur de nos solutions aux défis d’application les plus difficiles
Virtualisation
L'avenir de la virtualisation d'entreprise pour vos charges de travail sur site ou sur le cloud
