无法使用Minikube设置Istio

时间:2018-11-02 17:08:24

标签: kubernetes containers minikube kubernetes-helm istio

我遵循Istio的官方文档,使用minikube为示例bookinfo应用程序设置了Istio。但我收到无法连接到服务器:net / http:TLS握手超时错误。这些是我遵循的步骤(我安装了kubectl和minikube)。

Promise.reject

这是我得到的终端输出

minikube start
curl -L https://git.io/getLatestIstio | sh -
cd istio-1.0.3
export PATH=$PWD/bin:$PATH
kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml
kubectl apply -f install/kubernetes/istio-demo-auth.yaml
kubectl get pods -n istio-system

pod描述输出

$ kubectl get pods -n istio-system
NAME                                      READY     STATUS              RESTARTS   AGE
grafana-9cfc9d4c9-xg7bh                   1/1       Running             0          4m
istio-citadel-6d7f9c545b-lwq8s            1/1       Running             0          3m
istio-cleanup-secrets-69hdj               0/1       Completed           0          4m
istio-egressgateway-75dbb8f95d-k6xj2      1/1       Running             0          4m
istio-galley-6d74549bb9-mdc97             0/1       ContainerCreating   0          4m
istio-grafana-post-install-xz9rk          0/1       Completed           0          4m
istio-ingressgateway-6bd4957bc-vhbct      1/1       Running             0          4m
istio-pilot-7f8c49bbd8-x6bmm              0/2       Pending             0          4m
istio-policy-6c65d8cff4-hx2c7             2/2       Running             0          4m
istio-security-post-install-gjfj2         0/1       Completed           0          4m
istio-sidecar-injector-74855c54b9-nnqgx   0/1       ContainerCreating   0          3m
istio-telemetry-65cdd46d6c-rqzfw          2/2       Running             0          4m
istio-tracing-ff94688bb-hgz4h             1/1       Running             0          3m
prometheus-f556886b8-chdxw                1/1       Running             0          4m
servicegraph-778f94d6f8-9xgw5             1/1       Running             0          3m

$kubectl describe pod istio-galley-6d74549bb9-mdc97
Error from server (NotFound): pods "istio-galley-5bf4d6b8f7-8s2z9" not found

一段时间后:-

 $ kubectl -n istio-system describe pod  istio-galley-6d74549bb9-mdc97
Name:           istio-galley-6d74549bb9-mdc97
Namespace:      istio-system
Node:           minikube/172.17.0.4
Start Time:     Sat, 03 Nov 2018 04:29:57 +0000
Labels:         istio=galley
                pod-template-hash=1690826493
Annotations:    scheduler.alpha.kubernetes.io/critical-pod=
                sidecar.istio.io/inject=false
Status:         Pending
IP:
Controlled By:  ReplicaSet/istio-galley-5bf4d6b8f7
Containers:
  validator:
    Container ID:
    Image:         gcr.io/istio-release/galley:1.0.0    Image ID:
    Ports:         443/TCP, 9093/TCP    Host Ports:    0/TCP, 0/TCP
    Command:      /usr/local/bin/galley
      validator      --deployment-namespace=istio-system
      --caCertFile=/etc/istio/certs/root-cert.pem
      --tlsCertFile=/etc/istio/certs/cert-chain.pem
      --tlsKeyFile=/etc/istio/certs/key.pem
      --healthCheckInterval=2s
      --healthCheckFile=/health
      --webhook-config-file
      /etc/istio/config/validatingwebhookconfiguration.yaml
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Requests:
      cpu:        10m
    Liveness:     exec [/usr/local/bin/galley probe --probe-path=/health --interval=4s] delay=4s timeout=1s period=4s #success=1 #failure=3
    Readiness:    exec [/usr/local/bin/galley probe --probe-path=/health --interval=4s] delay=4s timeout=1s period=4s #success=1 #failure=3
    Environment:  <none>
    Mounts:
      /etc/istio/certs from certs (ro)
      /etc/istio/config from config (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from istio-galley-service-account-token-9pcmv(ro)
Conditions:
  Type           Status
  Initialized    True
  Ready          False
  PodScheduled   True
Volumes:
  certs:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  istio.istio-galley-service-account
    Optional:    false
  config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      istio-galley-configuration
    Optional:  false
  istio-galley-service-account-token-9pcmv:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  istio-galley-service-account-token-9pcmv
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason                 Age               From               Message
  ----     ------                 ----              ----               -------
  Normal   Scheduled              1m                default-scheduler  Successfully assigned istio-galley-5bf4d6b8f7-8t8qz to minikube
  Normal   SuccessfulMountVolume  1m                kubelet, minikube  MountVolume.SetUp succeeded for volume "config"
  Normal   SuccessfulMountVolume  1m                kubelet, minikube  MountVolume.SetUp succeeded for volume "istio-galley-service-account-token-9pcmv"
  Warning  FailedMount            27s (x7 over 1m)  kubelet, minikube  MountVolume.SetUp failed for volume "certs" : secrets "istio.istio-galley-service-account" not found

所以我等待istio-sidecar-injector和istio-galley容器被创建。如果再次运行 kubectl get pods -n istio-system 或任何其他 kubectl 命令,则会给出无法连接到服务器:net / http:TLS握手超时< / strong>错误。

请帮助我解决此问题。 ps:我正在Ubuntu 16.04上运行minikube

谢谢。

3 个答案:

答案 0 :(得分:1)

好像您遇到了thisthis一样,istio.istio-galley-service-account命名空间中缺少了秘密istio-system。您可以尝试使用described的变通办法:

  

按照文档中的概述进行安装:https://istio.io/docs/setup/kubernetes/minimal-install/丢失的秘密是由于--set security.enabled = false标志而未运行的城堡吊舱创建的,将其设置为true将启动城堡,并且机密已创建。

答案 1 :(得分:1)

问题已解决。当我运行minikube start --memory=4048时。也许是内存问题。

答案 2 :(得分:0)

使用istio-demo.yamlistio-demo-auth.yaml时,您会发现运行Istio至少需要4GB RAM(尤其是在部署其示例应用程序BookInfo时)。无论您运行的是MiniKube还是Docker Desktop,都是如此,Meshery可以识别并试图帮助那些部署Istio或其他服务网格的人避免这种陷阱。

相关问题
最新问题