Created
June 21, 2017 11:48
-
-
Save kevinearls/4a7685757d1325e4694bf62f1ea604f5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Here are the steps I took to install Istio on Openshift. I started with the steps in this article https://blog.openshift.com/running-istio-service-mesh-openshift/ and then corrected a couple of errors. | |
There are optional stops for deploying Jaeger instead of Zipkin, but as of this writing I have not been able to figure out how to tell Istio to change the zipkin collector URL to use the jaeger collector URL instead. (NOTE: It should be possible to do this directly in Enovy by setting "collector_endpoint", but I haven't been able to determine if there is someway to get the istio tools to configure this. See https://github.com/lyft/envoy/blob/998b8119ed57269e77d0a03b1b92e7a98c5d30d1/source/common/tracing/zipkin/zipkin_tracer_impl.cc#L51-L52) | |
### Setup | |
### Checkout istio sources | |
git clone https://github.com/istio/istio | |
cd istio | |
git checkout 0.1.6 # NOT 0.1.5 like he says in the blog | |
cd .. | |
# Install istioctl tool -- NOTE this will install released version | |
curl -L https://git.io/getIstio | sh - | |
export PATH="$PATH:~/istio/istio-0.1.6/bin" | |
### | |
### Login as admin and set privileges. According to the blog post, it's possible not all of these are needed. | |
### | |
oc login -u system:admin' | |
oc project default | |
oc adm policy add-scc-to-user anyuid -z default | |
oc adm policy add-scc-to-user privileged -z default | |
oc patch scc/privileged --patch {\"allowedCapabilities\":[\"NET_ADMIN\"]} | |
oc adm policy add-cluster-role-to-user cluster-admin -z istio-manager-service-account | |
oc adm policy add-cluster-role-to-user cluster-admin -z istio-ingress-service-account | |
oc adm policy add-cluster-role-to-user cluster-admin -z istio-pilot-service-account | |
oc adm policy add-cluster-role-to-user cluster-admin -z default | |
oc adm policy add-scc-to-user anyuid -z istio-ingress-service-account | |
oc adm policy add-scc-to-user privileged -z istio-ingress-service-account | |
oc adm policy add-scc-to-user anyuid -z istio-manager-service-account | |
oc adm policy add-scc-to-user privileged -z istio-manager-service-account | |
oc adm policy add-scc-to-user anyuid -z istio-pilot-service-account | |
oc adm policy add-scc-to-user privileged -z istio-pilot-service-account | |
oadm policy add-role-to-user cluster-admin developer | |
# Install istio | |
oc apply -f istio/install/kubernetes/istio.yaml | |
#Install addons -- NOTE these are from the blog post, I'm not sure we really need them. | |
oc apply -f istio/install/kubernetes/addons/prometheus.yaml | |
oc apply -f istio/install/kubernetes/addons/grafana.yaml | |
oc apply -f istio/install/kubernetes/addons/servicegraph.yaml | |
## Now install either ZIPKIN or JAEGER | |
oc apply -f istio/install/kubernetes/addons/zipkin.yaml | |
OR | |
oc process -f ~/sources/jaegertracing/jaeger-openshift/production/jaeger-production-template.yml | oc create -f - | |
#Deploy bookInfo app | |
# TODO figure out how to change the Zipkin "collector_endpoint" to the Jaeger one | |
oc apply -f <(istioctl kube-inject -f istio/samples/apps/bookinfo/bookinfo.yaml) | |
oc expose service productpage | |
oc expose service servicegraph | |
oc expose service zipkin # if installed | |
oc get routes ### to get urls | |
Hit the productpage a couple of times either in a browser or via $productpageurl/productpage?u=test or u=normal to | |
create some spans. | |
Then open the Zipkin UI in a browser. Pay attention to the time stamps in the search, zipkin defaults to one hour | |
before it was first opened |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment