我正在尝试评估istio并尝试部署随istio安装提供的bookinfo示例应用程序。在这样做时,我面临以下问题。
Environment: Non production
1. Server Node - red hat enterprise linux 7 64 bit VM [3.10.0-693.11.6.el7.x86_64]
Server in customer secure vpn with no access to enterprise/public DNS.
2. docker client and server: 1.12.6
3. kubernetes client - 1.9.1, server - 1.8.4
4. kubernetes install method: kubeadm.
5. kubernetes deployment mode: single node with master and slave.
6. Istio install method:
- istio version: 0.5.0
- no SSL, no automatic side car injection, no Helm.
- Instructions followed: https://istio.io/docs/setup/kubernetes/quick-start.html
- Cloned the istio github project - https://github.com/istio/istio.
- Used the istio.yaml and bookinfo.yaml files for the installation and example implementation.
问题:
istio客户端和控制平面组件的安装工作正常。
控制平面也可以正常启动。
然而,当我启动bookinfo应用程序时,应用程序的代理初始化容器崩溃了一个神秘的" iptables:链已经存在"记录消息。
ISTIO CONTROL PLANE
--------------------
$ kubectl get deployments,pods,svc,ep -n istio-system
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deploy/istio-ca 1 1 1 1 2d
deploy/istio-ingress 1 1 1 1 2d
deploy/istio-mixer 1 1 1 1 2d
deploy/istio-pilot 1 1 1 1 2d
NAME READY STATUS RESTARTS AGE
po/istio-ca-5796758d78-md7fl 1/1 Running 0 2d
po/istio-ingress-f7ff9dcfd-fl85s 1/1 Running 0 2d
po/istio-mixer-69f48ddb6c-d4ww2 3/3 Running 0 2d
po/istio-pilot-69cc4dd5cb-fglsg 2/2 Running 0 2d
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/istio-ingress LoadBalancer 10.103.67.68 <pending> 80:31445/TCP,443:30412/TCP 2d
svc/istio-mixer ClusterIP 10.101.47.150 <none> 9091/TCP,15004/TCP,9093/TCP,9094/TCP,9102/TCP,9125/UDP,42422/TCP 2d
svc/istio-pilot ClusterIP 10.110.58.219 <none> 15003/TCP,8080/TCP,9093/TCP,443/TCP 2d
NAME ENDPOINTS AGE
ep/istio-ingress 10.244.0.22:443,10.244.0.22:80 2d
ep/istio-mixer 10.244.0.20:9125,10.244.0.20:9094,10.244.0.20:15004 + 4 more... 2d
ep/istio-pilot 10.244.0.21:443,10.244.0.21:15003,10.244.0.21:8080 + 1 more... 2d
BOOKINFO APP
-------------
$ kubectl get deployments,pods,svc,ep
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deploy/details-v1 1 1 1 1 2d
deploy/productpage-v1 1 1 1 1 2d
deploy/ratings-v1 1 1 1 1 2d
deploy/reviews-v1 1 1 1 1 2d
deploy/reviews-v2 1 1 1 1 2d
deploy/reviews-v3 1 1 1 1 2d
NAME READY STATUS RESTARTS AGE
po/details-v1-df5d6ff55-92jrx 0/2 Init:CrashLoopBackOff 738 2d
po/productpage-v1-85f65888f5-xdkt6 0/2 Init:CrashLoopBackOff 738 2d
po/ratings-v1-668b7f9ddc-9nhcw 0/2 Init:CrashLoopBackOff 738 2d
po/reviews-v1-5845b57d57-2cjvn 0/2 Init:CrashLoopBackOff 738 2d
po/reviews-v2-678b446795-hkkvv 0/2 Init:CrashLoopBackOff 738 2d
po/reviews-v3-8b796f-64lm8 0/2 Init:CrashLoopBackOff 738 2d
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/details ClusterIP 10.104.237.100 <none> 9080/TCP 2d
svc/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 70d
svc/productpage ClusterIP 10.100.136.14 <none> 9080/TCP 2d
svc/ratings ClusterIP 10.105.166.190 <none> 9080/TCP 2d
svc/reviews ClusterIP 10.110.221.19 <none> 9080/TCP 2d
NAME ENDPOINTS AGE
ep/details 10.244.0.24:9080 2d
ep/kubernetes NNN.NN.NN.NNN:6443 70d
ep/productpage 10.244.0.45:9080 2d
ep/ratings 10.244.0.25:9080 2d
ep/reviews 10.244.0.26:9080,10.244.0.28:9080,10.244.0.29:9080 2d
PROXY INIT CRASHED CONTAINERS
------------------------------
$ docker ps -a | grep -i istio | grep -i exit
9109bafcf9e7 docker.io/istio/proxy_init@sha256:0962ff2159796a66b9d243cac82cfccb6730cd5149c91a0f64baa08f065b22f8 "/usr/local
/bin/prepa" 11 seconds ago Exited (1) 10 seconds ago k8s_istio-init_details-v1-df5d6ff55-92jrx_default_b54d921c-0dcd-11e8-8de9-0050568
e45b4_740
0ed3b188d7ba docker.io/istio/proxy_init@sha256:0962ff2159796a66b9d243cac82cfccb6730cd5149c91a0f64baa08f065b22f8 "/usr/local
/bin/prepa" 27 seconds ago Exited (1) 26 seconds ago k8s_istio-init_reviews-v2-678b446795-hkkvv_default_b557b5a5-0dcd-11e8-8de9-005056
8e45b4_740
893fcec0b01e docker.io/istio/proxy_init@sha256:0962ff2159796a66b9d243cac82cfccb6730cd5149c91a0f64baa08f065b22f8 "/usr/local
/bin/prepa" About a minute ago Exited (1) About a minute ago k8s_istio-init_reviews-v1-5845b57d57-2cjvn_default_b555bb75-0dcd-11e8-8de9-005056
8e45b4_740
a2a036273402 docker.io/istio/proxy_init@sha256:0962ff2159796a66b9d243cac82cfccb6730cd5149c91a0f64baa08f065b22f8 "/usr/local
/bin/prepa" About a minute ago Exited (1) About a minute ago k8s_istio-init_productpage-v1-85f65888f5-xdkt6_default_b579277b-0dcd-11e8-8de9-00
50568e45b4_740
520beb6779e0 docker.io/istio/proxy_init@sha256:0962ff2159796a66b9d243cac82cfccb6730cd5149c91a0f64baa08f065b22f8 "/usr/local
/bin/prepa" About a minute ago Exited (1) About a minute ago k8s_istio-init_reviews-v3-8b796f-64lm8_default_b559d9ef-0dcd-11e8-8de9-0050568e45
b4_740
91a0f41f5fde docker.io/istio/proxy_init@sha256:0962ff2159796a66b9d243cac82cfccb6730cd5149c91a0f64baa08f065b22f8 "/usr/local
/bin/prepa" 3 minutes ago Exited (1) 3 minutes ago k8s_istio-init_ratings-v1-668b7f9ddc-9nhcw_default_b55128a5-0dcd-11e8-8de9-005056
8e45b4_740
PROXY PROCESSES FOR EACH ISTIO COMPONENT
-----------------------------------------
$ docker ps | grep -vi exit | grep proxy
4d9b37839e44 docker.io/istio/proxy@sha256:3a9fc8a72faec478a7eca222bbb2ceec688514c95cf06ac12ab6235958c6883c "/usr/local/bin/pilot" 2 days ago Up 2 days k8s_istio-proxy_reviews-v2-678b446795-hkkvv_default_b557b5a5-0dcd-11e8-8de9-0050568e45b4_0
1c72e3a990cb docker.io/istio/proxy@sha256:3a9fc8a72faec478a7eca222bbb2ceec688514c95cf06ac12ab6235958c6883c "/usr/local/bin/pilot" 2 days ago Up 2 days k8s_istio-proxy_productpage-v1-85f65888f5-xdkt6_default_b579277b-0dcd-11e8-8de9-0050568e45b4_0
f6ffcaf4b24b docker.io/istio/proxy@sha256:3a9fc8a72faec478a7eca222bbb2ceec688514c95cf06ac12ab6235958c6883c "/usr/local/bin/pilot" 2 days ago Up 2 days k8s_istio-proxy_reviews-v1-5845b57d57-2cjvn_default_b555bb75-0dcd-11e8-8de9-0050568e45b4_0
b66b7ab90a2d docker.io/istio/proxy@sha256:3a9fc8a72faec478a7eca222bbb2ceec688514c95cf06ac12ab6235958c6883c "/usr/local/bin/pilot" 2 days ago Up 2 days k8s_istio-proxy_ratings-v1-668b7f9ddc-9nhcw_default_b55128a5-0dcd-11e8-8de9-0050568e45b4_0
08bf2370b5be docker.io/istio/proxy@sha256:3a9fc8a72faec478a7eca222bbb2ceec688514c95cf06ac12ab6235958c6883c "/usr/local/bin/pilot" 2 days ago Up 2 days k8s_istio-proxy_reviews-v3-8b796f-64lm8_default_b559d9ef-0dcd-11e8-8de9-0050568e45b4_0
0c10d8d594bc docker.io/istio/proxy@sha256:3a9fc8a72faec478a7eca222bbb2ceec688514c95cf06ac12ab6235958c6883c "/usr/local/bin/pilot" 2 days ago Up 2 days k8s_istio-proxy_details-v1-df5d6ff55-92jrx_default_b54d921c-0dcd-11e8-8de9-0050568e45b4_0
6134fa756f35 docker.io/istio/proxy@sha256:3a9fc8a72faec478a7eca222bbb2ceec688514c95cf06ac12ab6235958c6883c "/usr/local/bin/pilot" 2 days ago Up 2 days k8s_istio-proxy_istio-pilot-69cc4dd5cb-fglsg_istio-system_5ecf54b6-0dcd-11e8-8de9-0050568e45b4_0
9a18ea74b6bf docker.io/istio/proxy@sha256:3a9fc8a72faec478a7eca222bbb2ceec688514c95cf06ac12ab6235958c6883c "/usr/local/bin/pilot" 2 days ago Up 2 days k8s_istio-proxy_istio-mixer-69f48ddb6c-d4ww2_istio-system_5e8801ab-0dcd-11e8-8de9-0050568e45b4_0
5db18d722bb1 docker.io/istio/proxy@sha256:3a9fc8a72faec478a7eca222bbb2ceec688514c95cf06ac12ab6235958c6883c "/usr/local/bin/pilot" 2 days ago Up 2 days k8s_istio-ingress_istio-ingress-f7ff9dcfd-fl85s_istio-system_5ed6333d-0dcd-11e8-8de9-0050568e45b4_0
$ docker ps | egrep -iv "proxy|pause|kube-|etcd|defaultbackend|ingress"
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Docker Containers for the apps (These seem to have started up without issues)
------------------------------
61951f88b83c docker.io/istio/examples-bookinfo-reviews-v2@sha256:e390023aa6180827373293747f1bff8846ffdf19fdcd46ad91549d3277dfd4ea "/bin/sh -c '/opt/ibm" 2 days ago Up 2 days k8s_reviews_reviews-v2-678b446795-hkkvv_default_b557b5a5-0dcd-11e8-8de9-0050568e45b4_0
18d2137257c0 docker.io/istio/examples-bookinfo-productpage-v1@sha256:ce983ff8f7563e582a8ff1adaf4c08c66a44db331208e4cfe264ae9ada0c5a48 "/bin/sh -c 'python p" 2 days ago Up 2 days k8s_productpage_productpage-v1-85f65888f5-xdkt6_default_b579277b-0dcd-11e8-8de9-0050568e45b4_0
5ba97591e5c7 docker.io/istio/examples-bookinfo-reviews-v1@sha256:aac2cfc27fad662f7a4473ea549d8980eb00cd72e590749fe4186caf5abc6706 "/bin/sh -c '/opt/ibm" 2 days ago Up 2 days k8s_reviews_reviews-v1-5845b57d57-2cjvn_default_b555bb75-0dcd-11e8-8de9-0050568e45b4_0
ed11b00eff22 docker.io/istio/examples-bookinfo-reviews-v3@sha256:6829a5dfa14d10fa359708cf6c11ec9022a3d047a089e73dea3f3bfa41f7ed66 "/bin/sh -c '/opt/ibm" 2 days ago Up 2 days k8s_reviews_reviews-v3-8b796f-64lm8_default_b559d9ef-0dcd-11e8-8de9-0050568e45b4_0
be88278186c2 docker.io/istio/examples-bookinfo-ratings-v1@sha256:b14905701620fc7217c12330771cd426677bc5314661acd1b2c2aeedc5378206 "/bin/sh -c 'node rat" 2 days ago Up 2 days k8s_ratings_ratings-v1-668b7f9ddc-9nhcw_default_b55128a5-0dcd-11e8-8de9-0050568e45b4_0
e1c749eedf3c docker.io/istio/examples-bookinfo-details-v1@sha256:02c863b54d676489c7e006948e254439c63f299290d664e5c0eaf2209ee7865e "/bin/sh -c 'ruby det" 2 days ago Up 2 days k8s_details_details-v1-df5d6ff55-92jrx_default_b54d921c-0dcd-11e8-8de9-0050568e45b4_0
Docker Containers for Control Plane components
-----------------------------------------------
(CA: no ssl setup done)
5847934ca3c6 docker.io/istio/istio-ca@sha256:b3aaa5e5df2c16b13ea641d9f6b21f1fa3fb01b2f36a6df5928f17815aa63307 "/usr/local/bin/istio" 2 days ago Up 2 days k8s_istio-ca_istio-ca-5796758d78-md7fl_istio-system_5ed9a9e4-0dcd-11e8-8de9-0050568e45b4_0
(PILOT:
[1] W0209 19:13:58.364556 1 client_config.go:529] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.)
[2] warn AvailabilityZone couldn't find the given cluster node
[3] warn AvailabilityZone unexpected service-node: invalid node type (valid types: ingress, sidecar, router in the service node "mixer~~.~.svc.cluster.local"
[4] warn AvailabilityZone couldn't find the given cluster node
pattern 2, 3, 4 repeats)
f7a7816bd147 docker.io/istio/pilot@sha256:96c2174f30d084e0ed950ea4b9332853f6cd0ace904e731e7086822af726fa2b "/usr/local/bin/pilot" 2 days ago Up 2 days k8s_discovery_istio-pilot-69cc4dd5cb-fglsg_istio-system_5ecf54b6-0dcd-11e8-8de9-0050568e45b4_0
(MIXER: W0209 19:13:57.948480 1 client_config.go:529] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.)
f4c85eb7f652 docker.io/istio/mixer@sha256:a2d5f14fd55198239817b6c1dac85651ac3e124c241feab795d72d2ffa004bda "/usr/local/bin/mixs " 2 days ago Up 2 days k8s_mixer_istio-mixer-69f48ddb6c-d4ww2_istio-system_5e8801ab-0dcd-11e8-8de9-0050568e45b4_0
(STATD EXPORTER: No issues/errors)
9fa2865b7e9b docker.io/prom/statsd-exporter@sha256:d08dd0db8eaaf716089d6914ed0236a794d140f4a0fe1fd165cda3e673d1ed4c "/bin/statsd_exporter" 2 days ago Up 2 days k8s_statsd-to-prometheus_istio-mixer-69f48ddb6c-d4ww2_istio-system_5e8801ab-0dcd-11e8-8de9-0050568e45b4_0
答案 0 :(得分:0)
这个问题会很棒 https://github.com/istio/issues/issues/new 报告 - 感谢所有细节
你能尝试添加吗?
privileged: true
到崩溃的容器?
答案 1 :(得分:0)
@ laurent-demailly,感谢您对特权国旗的建议。
我前天在github上发布了这个查询,并在昨天得到了一些回复,并提出了一些建议,我尝试了它并且有效! : - )
现在没有任何容器崩溃,我可以通过入口网关访问bookinfo应用程序。
这是github帖子的网址:
github.com/istio/issues/issues/197