One Success: Build K8S Cluster and ISTIO Environment

1. Overview

This paper describes how to quickly set up a k8s cluster using the kubeadm tool in centos7 environment. It also describes how to install Istio

k8s version: 1.20.6

istio version: 1.5.1

2. Preparations

2.1 Machine Environment

  • Operating system: centos7 64 bit

  • Hardware Configuration: 2g RAM 2 cpu hard drives 40g

host nameroleIP

Execute on each machine separately

# Close Firewall
systemctl stop firewalld
systemctl disable firewalld

# Close selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config  # permanent
setenforce 0  # temporary

# Close swap
swapoff -a  # temporary
sed -ri 's/.*swap.*/#&/' /etc/fstab    # permanent

# Set host name according to plan
hostnamectl set-hostname <hostname>

# Add hosts to master
cat >> /etc/hosts << EOF k8smaster k8snode1 k8snode2

# Chain that delivers bridged IPv4 traffic to iptables
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
sysctl --system  # Take effect

# time synchronization
yum install ntpdate -y

2.2 Software Environment

Install docker

The default CRI (container runtime) for Kubernetes is Docker, so install Docker first.

$ wget -O /etc/yum.repos.d/docker-ce.repo
$ yum -y install docker-ce-18.06.1.ce-3.el7
$ systemctl enable docker && systemctl start docker
$ docker --version
Docker version 18.06.1-ce, build e68fc7a
$ cat > /etc/docker/daemon.json << EOF
  "registry-mirrors": [""]

Add Aliyun YUM Software Source

$ cat > /etc/yum.repos.d/kubernetes.repo << EOF

Install kubeadm, kubelet, and kubectl

$ yum install -y kubelet-1.20.6 kubeadm-1.20.6 kubectl-1.20.6
$ systemctl enable kubelet

3. Installation

3.1 Deploy k8s Master

Executed in (Master).

$ kubeadm init \
  --apiserver-advertise-address= \
  --image-repository \
  --kubernetes-version v1.20.6 \
  --service-cidr= \


  • apiserver-advertise-address needs to be modified to its ip address
  • kubernetes-version Here the version number should match the version number installed above
  • image-repository Manually configure Ali cloud mirror address, domestic network environment, you know

When the installation is complete, you will be prompted with the word successful, and you will be prompted to execute the following commands as prompted

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
$ kubectl get nodes

You also need the last output of kuadm join under copy, as follows

$ kubeadm join --token esce21.q6hetwm8si29qxwn \
    --discovery-token-ca-cert-hash sha256:00603a05805807501d7181c3d60b478788408cfe6cedefedb1f97569708be9c5

3.2 Deploy node

Paste the text of the kuadm join just copied into the node to execute

The default token expires for 24 hours, after which it becomes unavailable. You will need to recreate the token as follows:

kubeadm token create --print-join-command

3.3 Deploy CNI network plug-ins

If not installed, the network between clusters will not work

kubectl apply -f

Check to see if installation is complete

kubectl get pods -n kube-system

A red box in the diagram (three because I have three machines) with the status Running indicates that the installation was successful

Use get node to view node information

kubectl get nodes

If the status is Ready, the K8S cluster is successfully installed

4. Install istio

Download the installation package first, because we are installing version 1.5.1, we need to specify a version

curl -L | ISTIO_VERSION=1.5.1 TARGET_ARCH=x86_64 sh -

After that, there will be an additional istio-1.5.1 directory.

Configure istio-1.5.1/bin into path

vim /etc/profile
### Add the following to the end of the file
export PATH=$PATH:/root/istio-1.5.1/bin

You can then use the istioctl command line tool, which has user input validation to prevent incorrect installation and custom options.

We use demo configuration for installation

istioctl manifest apply --set profile=demo

After the installation command runs successfully, check that the Kubernetes service is deployed properly and that all services except the jaeger-agent service have the correct CLUSTER-IP:

$ kubectl get svc -n istio-system
NAME                        TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                             AGE
grafana                     ClusterIP    <none>        3000/TCP                                                                             24s
istio-egressgateway         ClusterIP     <none>        80/TCP,443/TCP,15443/TCP                                                                             26s
istio-ingressgateway        LoadBalancer     <pending>     15020:31817/TCP,80:30733/TCP,443:31910/TCP,15029:32168/TCP,15030:31733/TCP,15031:31981/TCP,15032:30531/TCP,31400:31169/TCP,15443:31131/TCP   26s
istio-pilot                 ClusterIP   <none>        15010/TCP,15011/TCP,15012/TCP,8080/TCP,15014/TCP,443/TCP                                                                             46s
istiod                      ClusterIP    <none>        15012/TCP,443/TCP                                                                             46s
jaeger-agent                ClusterIP      None             <none>        5775/UDP,6831/UDP,6832/UDP                                                                             24s
jaeger-collector            ClusterIP   <none>        14267/TCP,14268/TCP,14250/TCP                                                                             24s
jaeger-collector-headless   ClusterIP      None             <none>        14250/TCP                                                                             24s
jaeger-query                ClusterIP   <none>        16686/TCP                                                                             24s
kiali                       ClusterIP    <none>        20001/TCP                                                                             24s
prometheus                  ClusterIP    <none>        9090/TCP                                                                             24s
tracing                     ClusterIP   <none>        80/TCP                                                                             24s
zipkin                      ClusterIP     <none>        9411/TCP                                                                             24s

Check correlation pod Deployment success:

$ kubectl get pods -n istio-system
NAME                                    READY   STATUS    RESTARTS   AGE
grafana-5cc7f86765-jxdcn                1/1     Running   0          4m24s
istio-egressgateway-598d7ffc49-bdmzw    1/1     Running   0          4m24s
istio-ingressgateway-7bd5586b79-gnzqv   1/1     Running   0          4m25s
istio-tracing-8584b4d7f9-tq6nq          1/1     Running   0          4m24s
istiod-646b6fcc6-c27c7                  1/1     Running   0          4m45s
kiali-696bb665-jmts2                    1/1     Running   0          4m24s
prometheus-6c88c4cb8-xchzd              2/2     Running   0          4m24s

If all components correspond to Pod STATUS becomes Running, then Istio Installation is complete.

Tags: Back-end Distribution architecture Cloud Native

Posted on Wed, 03 Nov 2021 13:05:57 -0400 by habbardone