menu

Installing the Istio on GKE Add-On with Kubernetes Engine

转至实验

1945 评价

Entendi muy bien la funcionalidad y objetivo de Istio

Alejandro S. · 已于 2 天前审核

student_03_15292dd5bc66@cloudshell:~/bookinfo-lab/istio-1.1.11 (qwiklabs-gcp-03-372fc89ecf64)$ istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml # Copyright 2017 Istio Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ################################################################################################## # Details service ################################################################################################## apiVersion: v1 kind: Service metadata: name: details labels: app: details service: details spec: ports: - port: 9080 name: http selector: app: details --- 2020-02-27T05:28:58.463440Z warn Failed to unmarshall template error converting YAML to JSON: yaml: line 3: could not find expected ':' rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} {{- if or (not .Values.istio_cni.enabled) .Values.global.proxy.enableCoreDump }} initContainers: {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} {{- if not .Values.istio_cni.enabled }} - name: istio-init {{- if contains "/" .Values.global.proxy_init.image }} image: "{{ .Values.global.proxy_init.image }}" {{- else }} image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" {{- end }} args: - "-p" - "15001" - "-u" - 1337 - "-m" - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - "-i" - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - "-x" - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - "-b" - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" - "-d" - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") -}} - "-o" - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" {{ end -}} {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - "-k" - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" {{ end -}} imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" resources: requests: cpu: 10m memory: 10Mi limits: cpu: 100m memory: 50Mi securityContext: runAsUser: 0 runAsNonRoot: false capabilities: add: - NET_ADMIN {{- if .Values.global.proxy.privileged }} privileged: true {{- end }} restartPolicy: Always env: {{- if contains "*" (annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` "") }} - name: INBOUND_CAPTURE_PORT value: 15006 {{- end }} {{- end }} {{ end -}} {{- if eq .Values.global.proxy.enableCoreDump true }} - name: enable-core-dump args: - -c - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited command: - /bin/sh {{- if contains "/" .Values.global.proxy_init.image }} image: "{{ .Values.global.proxy_init.image }}" {{- else }} image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" {{- end }} imagePullPolicy: IfNotPresent resources: {} securityContext: runAsUser: 0 runAsNonRoot: false privileged: true {{ end }} {{- end }} containers: - name: istio-proxy # PATCH #2: Graceful shutdown of the istio-proxy. See https://github.com/istio/istio/issues/7136. lifecycle: preStop: exec: command: ["sh", "-c", 'sleep 20; while [ $(netstat -plunt | grep tcp | grep -v envoy | wc -l | xargs) -ne 0 ]; do sleep 1; done'] # PATCH #2 ends. {{- if contains "/" .Values.global.proxy.image }} image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" {{- else }} image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" {{- end }} ports: - containerPort: 15090 protocol: TCP name: http-envoy-prom args: - proxy - sidecar - --domain - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - --configPath - "{{ .ProxyConfig.ConfigPath }}" - --binaryPath - "{{ .ProxyConfig.BinaryPath }}" - --serviceCluster {{ if ne "" (index .ObjectMeta.Labels "app") -}} - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" {{ else -}} - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" {{ end -}} - --drainDuration - "{{ formatDuration .ProxyConfig.DrainDuration }}" - --parentShutdownDuration - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - --discoveryAddress - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" {{- if eq .Values.global.proxy.tracer "lightstep" }} - --lightstepAddress - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - --lightstepAccessToken - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - --lightstepCacertPath - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" {{- else if eq .Values.global.proxy.tracer "zipkin" }} - --zipkinAddress - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" {{- else if eq .Values.global.proxy.tracer "datadog" }} - --datadogAgentAddress - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" {{- end }} {{- if .Values.global.proxy.logLevel }} - --proxyLogLevel={{ .Values.global.proxy.logLevel }} {{- end}} {{- if .Values.global.proxy.componentLogLevel }} - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} {{- end}} - --dnsRefreshRate - {{ .Values.global.proxy.dnsRefreshRate }} - --connectTimeout - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" {{- if .Values.global.proxy.envoyStatsd.enabled }} - --statsdUdpAddress - "{{ .ProxyConfig.StatsdUdpAddress }}" {{- end }} {{- if .Values.global.proxy.envoyMetricsService.enabled }} - --envoyMetricsServiceAddress - "{{ .ProxyConfig.EnvoyMetricsServiceAddress }}" {{- end }} - --proxyAdminPort - "{{ .ProxyConfig.ProxyAdminPort }}" {{ if gt .ProxyConfig.Concurrency 0 -}} - --concurrency - "{{ .ProxyConfig.Concurrency }}" {{ end -}} - --controlPlaneAuthPolicy - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" {{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" .Values.global.proxy.statusPort) "0") }} - --statusPort - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" - --applicationPorts - "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" {{- end }} {{- if .Values.global.trustDomain }} - --trust-domain={{ .Values.global.trustDomain }} {{- end }} env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: INSTANCE_IP valueFrom: fieldRef: fieldPath: status.podIP {{ if eq .Values.global.proxy.tracer "datadog" }} - name: HOST_IP valueFrom: fieldRef: fieldPath: status.hostIP {{ end }} - name: ISTIO_META_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: ISTIO_META_CONFIG_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: ISTIO_META_INTERCEPTION_MODE value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - name: ISTIO_META_INCLUDE_INBOUND_PORTS value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" {{- if .Values.global.network }} - name: ISTIO_META_NETWORK value: "{{ .Values.global.network }}" {{- end }} {{ if .ObjectMeta.Annotations }} - name: ISTIO_METAJSON_ANNOTATIONS value: | {{ toJSON .ObjectMeta.Annotations }} {{ end }} {{ if .ObjectMeta.Labels }} - name: ISTIO_METAJSON_LABELS value: | {{ toJSON .ObjectMeta.Labels }} {{ end }} {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - name: ISTIO_BOOTSTRAP_OVERRIDE value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" {{- end }} {{- if .Values.global.sds.customTokenDirectory }} - name: ISTIO_META_SDS_TOKEN_PATH value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy }} {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} readinessProbe: httpGet: path: /healthz/ready port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} {{ end -}} securityContext: {{- if .Values.global.proxy.privileged }} privileged: true {{- end }} {{- if ne .Values.global.proxy.enableCoreDump true }} readOnlyRootFilesystem: true {{- end }} {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} capabilities: add: - NET_ADMIN runAsGroup: 1337 {{ else -}} {{ if and .Values.global.sds.enabled .Values.global.sds.useTrustworthyJwt }} runAsGroup: 1337 {{- end }} runAsUser: 1337 {{- end }} resources: {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} requests: {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" {{ end}} {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" {{ end }} {{ else -}} {{- if .Values.global.proxy.resources }} {{ toYaml .Values.global.proxy.resources | indent 4 }} {{- end }} {{ end -}} volumeMounts: {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - mountPath: /etc/istio/custom-bootstrap name: custom-bootstrap-volume {{- end }} - mountPath: /etc/istio/proxy name: istio-envoy {{- if .Values.global.sds.enabled }} - mountPath: /var/run/sds name: sds-uds-path readOnly: true {{- if .Values.global.sds.useTrustworthyJwt }} - mountPath: /var/run/secrets/tokens name: istio-token {{- end }} {{- if .Values.global.sds.customTokenDirectory }} - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" name: custom-sds-token readOnly: true {{- end }} {{- else }} - mountPath: /etc/certs/ name: istio-certs readOnly: true {{- end }} {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} name: lightstep-certs readOnly: true {{- end }} {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - name: "{{ $index }}" {{ toYaml $value | indent 4 }} {{ end }} {{- end }} volumes: {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - name: custom-bootstrap-volume configMap: name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} {{- end }} - emptyDir: medium: Memory name: istio-envoy {{- if .Values.global.sds.enabled }} - name: sds-uds-path hostPath: path: /var/run/sds {{- if .Values.global.sds.customTokenDirectory }} - name: custom-sds-token secret: secretName: sdstokensecret {{- end }} {{- if .Values.global.sds.useTrustworthyJwt }} - name: istio-token projected: sources: - serviceAccountToken: path: istio-token expirationSeconds: 43200 audience: {{ .Values.global.trustDomain }} {{- end }} {{- else }} - name: istio-certs secret: optional: true {{ if eq .Spec.ServiceAccountName "" }} secretName: istio.default {{ else -}} secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} {{ end -}} {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - name: "{{ $index }}" {{ toYaml $value | indent 2 }} {{ end }} {{ end }} {{- end }} {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - name: lightstep-certs secret: optional: true secretName: lightstep.cacert {{- end }} {{- if .Values.global.podDNSSearchNamespaces }} dnsConfig: searches: {{- range .Values.global.podDNSSearchNamespaces }} - {{ render . }} {{- end }} {{- end }} Error: error converting YAML to JSON: yaml: line 3: could not find expected ':'

Achmad L. · 已于 2 天前审核

Lab error - kubectl inject.

Mark M. · 已于 3 天前审核

Emil E. · 已于 3 天前审核

There is an error in the code in Deploy Bookinfo section

Janice S. · 已于 3 天前审核

Kudumula Guru Madhu Sudhana R. · 已于 3 天前审核

minho k. · 已于 3 天前审核

vince c. · 已于 4 天前审核

Deploy Bookinfo failed: $ istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml ... Error: error converting YAML to JSON: yaml: line 3: could not find expected ':'

Ian M. · 已于 4 天前审核

Djamaile R. · 已于 4 天前审核

Error in yaml to json. Lab broken.

Emil B. · 已于 5 天前审核

Unable to deploy bookinfo application. Error message is - Error: error converting YAML to JSON: yaml: line 3: could not find expected

Prasanna V. · 已于 6 天前审核

santhosh reddy b. · 已于 7 天前审核

Something wrong in deploying Bookinfo. Hopes the Qwiklabs team will fix it soon.

Chris F. · 已于 7 天前审核

Bob Z. · 已于 8 天前审核

Absolutely useful

Antonio D. E. · 已于 8 天前审核

Luis R. · 已于 9 天前审核

Arnau M. · 已于 9 天前审核

Kenna O. · 已于 9 天前审核

Glen M. · 已于 9 天前审核

chang c. · 已于 10 天前审核

I love to explore more of it

Jayasri S. · 已于 10 天前审核

Bruno B. · 已于 10 天前审核

Nevena Z. · 已于 10 天前审核

Reshma K. · 已于 10 天前审核