下载掌阅APP,畅读海量书库
立即打开
5.5 注意事项与技巧 |
|
1.清理部署
清理bookinfo:
$ kubectl delete -f /usr/local/istio/samples/bookinfo/platform/kube/bookinfo.yaml $ kubectl delete -f /usr/local/istio/samples/bookinfo/networking/bookinfo-gateway.yaml
清理Istio。如果需要继续后续实验,此步骤可以跳过。
使用如下命令清理Istio部署:
$ kubectl delete -f /usr/local/istio/install/kubernetes/istio-demo.yaml $ kubectl delete -f /usr/local/istio/install/kubernetes/helm/istio/templates/crds.yaml
2.使用Vagrant保存实验环境
在部署完成Istio后,如果直接保存快照,之后使用时再直接恢复快照,这可能会造成Istio部署完成的环境无法成功启动。由于快照恢复时从第一台机器lab1开始,然后再恢复lab2、lab3,当lab1、lab2恢复完成后,由于lab3处于关机状态,Kubernetes检测到lab3已经下线,可能会把之前分配到lab3节点上的Pod再重新分配到lab1、lab2上,这可能会导致lab1、lab2上的CPU内存不够,进而导致lab1、lab2节点上的负载过高,导致节点上的其他组件运行出现问题,从而影响整个Kubernetes集群的稳定性,即使等到lab3恢复完成后,重新加入集群,已经重新分配给lab1、lab2节点上的Pod也不会自动地再重新迁移到lab3节点上,这是由Kubernetes的调度特性决定的。所以要参考下面的步骤进行实验环境保存。
(1)暂停虚拟机
虚拟机集群部署完成Istio之后,暂停虚拟机(此步骤也可以省略),使用如下命令暂停虚拟机:
$ vagrant suspend ==> lab1: Saving VM state and suspending execution... ==> lab2: Saving VM state and suspending execution... ==> lab3: Saving VM state and suspending execution...
(2)保存集群快照
虚拟机暂停后,保存集群快照:
$ vagrant snapshot save istio-1.0.3 ==> lab1: Snapshotting the machine as 'istio-1.0.3'... ==> lab1: Snapshot saved! You can restore the snapshot at any time by ==> lab1: using 'vagrant snapshot restore'. You can delete it using ==> lab1: 'vagrant snapshot delete'. ==> lab2: Snapshotting the machine as 'istio-1.0.3'... ==> lab2: Snapshot saved! You can restore the snapshot at any time by ==> lab2: using 'vagrant snapshot restore'. You can delete it using ==> lab2: 'vagrant snapshot delete'. ==> lab3: Snapshotting the machine as 'istio-1.0.3'... ==> lab3: Snapshot saved! You can restore the snapshot at any time by ==> lab3: using 'vagrant snapshot restore'. You can delete it using ==> lab3: 'vagrant snapshot delete'.
(3)暂停当前要恢复的虚拟机集群
暂停当前要恢复的虚拟机集群,防止干扰集群环境的恢复:
$ vagrant suspend ==> lab1: Saving VM state and suspending execution... ==> lab2: Saving VM state and suspending execution... ==> lab3: Saving VM state and suspending execution...
(4)恢复集群快照
使用如下命令恢复虚拟机集群实验环境:
$ vagrant snapshot restore lab2 istio-1.0.3
==> lab2: Discarding saved state of VM...
==> lab2: Restoring the snapshot 'istio-1.0.3'...
==> lab2: Resuming suspended VM...
==> lab2: Booting VM...
==> lab2: Waiting for machine to boot. This may take a few minutes...
lab2: SSH address: 127.0.0.1:2200
lab2: SSH username: vagrant
lab2: SSH auth method: private key
==> lab2: Machine booted and ready!
==> lab2: Running provisioner: shell...
...
$ vagrant snapshot restore lab3 istio-1.0.3
==> lab3: Discarding saved state of VM...
==> lab3: Restoring the snapshot 'istio-1.0.3'...
==> lab3: Resuming suspended VM...
==> lab3: Booting VM...
==> lab3: Waiting for machine to boot. This may take a few minutes...
lab3: SSH address: 127.0.0.1:2201
lab3: SSH username: vagrant
lab3: SSH auth method: private key
==> lab3: Machine booted and ready!
==> lab3: Running provisioner: shell...
...
$ vagrant snapshot restore lab1 istio-1.0.3
==> lab1: Discarding saved state of VM...
==> lab1: Restoring the snapshot 'istio-1.0.3'...
==> lab1: Resuming suspended VM...
==> lab1: Booting VM...
==> lab1: Waiting for machine to boot. This may take a few minutes...
lab1: SSH address: 127.0.0.1:2222
lab1: SSH username: vagrant
lab1: SSH auth method: private key
==> lab1: Machine booted and ready!
==> lab1: Running provisioner: shell...
...
代码中把lab1的恢复放在最后,是为了最后恢复启动master节点,因为此时lab2、lab3已经恢复启动完成,Pod也都启动完成,此时lab1恢复启动并不会造成Pod重新分配,所以集群恢复后仍然能正常运行。
(5)暂停后启动集群
当暂停虚拟机集群后,如果要重新启动虚拟机集群时,注意要让lab1机器最后启动,防止发生Pod重新分配,导致集群不能稳定的情况。使用如下命令启动虚拟机集群实验环境:
$ vagrant up lab2 lab3 lab1
3.Istio注入
(1)开启自动注入的情况下如何实现部分Pod不注入
在指定namespace开启自动注入后,所有部署在该命名空间的Pod默认情况下都会被自动注入Envoy代理。可以通过在Pod的metadata部分添加如下的配置关闭该pod的自动注入功能:
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
(2)开启和关闭自动注入功能
Istio的自动注入功能是namespace级别的,当需要在指定namespace开启自动注入功能时,只需要给该namespace打上标签名:istio-injection=enabled即可。当删除该标签时,自动注入功能就会自动关闭,但是对于已经被注入的Pod是不会自动取消注入的,这只对新部署的Pod有效。
开启default命名空间的自动注入功能:
$ kubectl label namespace default istio-injection=enabled
关闭default命名空间的自动注入功能:
$ kubectl label namespace default istio-injection-
(3)查看开启自动注入功能的namespace
命令如下:
$ kubectl get namespace -L istio-injection
(4)如何实现手动注入
当namespace没有开自动注入功能时,可以通过istioctl提供的子命令实现手动注入。使用方式如下:
$ kubectl apply -f <(istioctl kube-inject -f mydeployment.yaml)