$ ~ minikube start -n 3
$ ~ minikube addons enable ingress
$ ~ curl -L https://git.io/getLatestIstio | sh -
$ ~ cd istio-1.12.2
$ ~ export PATH=$PWD/bin:$PATH
$ ~ istioctl x precheck
✔ No issues found when checking the cluster. Istio is safe to install or upgrade!
To get started, check out https://istio.io/latest/docs/setup/getting-started/
$ k config current-context
minikube
$ # istioctl install --set profile=demo --set components.cni.enabled=true -y
$ istioctl install --set profile=demo -y
✔ Istio core installed
✔ Istiod installed
Processing resources for Egress gateways, Ingress gateways. Waiting for Deployment/istio-system/istio-egressgateway, Deployment/istio-system/istio-ingressgateway
podがPendingになっている
$ k get pod -A |grep istio
istio-system istio-egressgateway-c9cbbd99f-jhgqm 0/1 Pending 0 4m9s
istio-system istio-ingressgateway-7c8bc47b49-vm9vx 0/1 Pending 0 4m9s
istio-system istiod-765596f7ff-ntbpt 1/1 Running 0 4m25s
node(s) didn't match Pod's node affinity/selector.
$ k -n istio-system describe pod istio-egressgateway-c9cbbd99f-jhgqm
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 71s default-scheduler 0/1 nodes are available: 1 node(s) didn't match Pod's node affinity/selector.
nodeAffinityにarchの条件が入っている!!
$ k -n istio-system get pod istio-egressgateway-c9cbbd99f-jhgqm -o yaml| grep -i -A 31 affinity
...
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
$ k label namespace default istio-injection=enabled
namespace/default labeled
$ k apply -f samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
Init:CrashLoopBackOff
$ k get pod
NAME READY STATUS RESTARTS AGE
details-v1-79f774bdb9-hvzbc 0/2 Init:CrashLoopBackOff 5 (49s ago) 3m45s
productpage-v1-6b746f74dc-pnhl4 0/2 Init:CrashLoopBackOff 3 (37s ago) 102s
ratings-v1-b6994bb9-skrc6 0/2 Init:CrashLoopBackOff 5 (38s ago) 3m45s
reviews-v1-545db77b95-vdpvr 0/2 Init:CrashLoopBackOff 4 (84s ago) 3m14s
reviews-v2-7bf8c9648f-tp76h 0/2 Init:CrashLoopBackOff 5 (22s ago) 3m18s
reviews-v3-84779c7bbc-nr846 0/2 Init:CrashLoopBackOff 3 (33s ago) 102s
エラー確認
$ k logs -f details-v1-79f774bdb9-hvzbc -c istio-init
2022-01-29T11:49:57.962991Z info Running command: iptables-restore --noflush /tmp/iptables-rules-1643456997960521722.txt1590784857
2022-01-29T11:49:57.997267Z error Command error output: xtables parameter problem: iptables-restore: unable to initialize table 'nat'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
2022-01-29T11:49:57.997779Z error Failed to execute: iptables-restore --noflush /tmp/iptables-rules-1643456997960521722.txt1590784857, exit status 2
参考
https://istio.io/latest/docs/setup/getting-started/ https://istio.io/latest/blog/2021/proxyless-grpc/
作業ログ
初期設定
podがPendingになっている
node(s) didn't match Pod's node affinity/selector.
nodeAffinityにarchの条件が入っている!!
arm64でも強制に動かせてみる
runningになった
errorログも出てない、続行
Init:CrashLoopBackOff
エラー確認
issueを見つけた