在 SUSE® Rancher Prime: RKE2 和 SUSE® Rancher Prime: K3s 集群上安装 Istio 的其他步骤
|
Rancher-Istio will be deprecated in Rancher v2.12.0; turn to the SUSE Application Collection build of Istio for enhanced security (included in SUSE Rancher Prime subscriptions). Detailed information can be found in this announcement |
通过 Apps 页面安装或升级 Istio Helm Chart 时:
-
如果要安装 Chart,请单击在安装前自定义 Helm 选项,然后单击下一步。
-
你将看到配置 Istio Helm Chart 的选项。在组件选项卡上,选中启用 CNI 旁边的框。
-
添加一个自定义覆盖文件,该文件指定
cniBinDir和cniConfDir。有关这些选项的更多信息,请参阅 Istio 文档。下方是一个示例:
-
RKE2
-
K3s
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
components:
cni:
enabled: true
k8s:
overlays:
- apiVersion: "apps/v1"
kind: "DaemonSet"
name: "istio-cni-node"
patches:
- path: spec.template.spec.containers.[name:install-cni].securityContext.privileged
value: true
values:
cni:
cniBinDir: /opt/cni/bin
cniConfDir: /etc/cni/net.dapiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
components:
cni:
enabled: true
k8s:
overlays:
- apiVersion: "apps/v1"
kind: "DaemonSet"
name: "istio-cni-node"
patches:
- path: spec.template.spec.containers.[name:install-cni].securityContext.privileged
value: true
values:
cni:
cniBinDir: /var/lib/rancher/k3s/data/current/bin
cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d结果:现在你应该可以根据需要使用 Istio,包括 Sidecar 注入和通过 Kiali 进行监控。