Docker Desktop for Istio

环境

Windows 10

设置vmcompute：

1. Windows安全中心
2. 应用和浏览器控制
3. Exploit Protection 设置
4. 程序设置
5. vmcompute.exe 编辑
6. 控制流保护(CFG)
7. 替代系统设置，取消勾选
8. net start vmcompute

Docker Desktop community 2.2.0.4

设置Resources

1. ADVANCED：4U8G
2. PROXIES：HTTP和HTTPS，http://docker.for.win.localhost:3128替代http://127.0.0.1:3128
3. NETWORK：DNS，8.8.8.8
4. 登录Docker Hub
5. 切换Kubernetes至docker-desktop

部署Istio

istio-1.5.1-win.zip

cd istio-1.5.1

复制bin\istioctl.exe至C:\Program Files\Docker\Docker\resources\bin

$ istioctl manifest apply --set profile=demo
Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for details.
- Applying manifest for component Base...
✔ Finished applying manifest for component Base.
- Applying manifest for component Pilot...
✔ Finished applying manifest for component Pilot.
  Waiting for resources to become ready...
  Waiting for resources to become ready...
  Waiting for resources to become ready...
- Applying manifest for component EgressGateways...
- Applying manifest for component IngressGateways...
- Applying manifest for component AddonComponents...
✔ Finished applying manifest for component EgressGateways.
✔ Finished applying manifest for component IngressGateways.
✔ Finished applying manifest for component AddonComponents.


✔ Installation complete

$ kubectl get pods,svc -n istio-system
NAME                                        READY   STATUS    RESTARTS   AGE
pod/grafana-78bc994d79-475p5                1/1     Running   0          3h47m
pod/istio-egressgateway-5b5d88f7ff-bqpwc    1/1     Running   0          3h47m
pod/istio-ingressgateway-75877dc5bf-zfqlw   1/1     Running   0          3h47m
pod/istio-tracing-c7b59f68f-sbpcj           1/1     Running   0          3h47m
pod/istiod-6b69865db8-94fjg                 1/1     Running   0          3h47m
pod/kiali-7ff568c949-qkwzs                  1/1     Running   0          3h47m
pod/prometheus-584757d974-lhmvt             2/2     Running   0          3h47m

NAME                                TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                       AGE
service/grafana                     ClusterIP      10.98.24.77      <none>        3000/TCP                                                      3h47m
service/istio-egressgateway         ClusterIP      10.98.3.21       <none>        80/TCP,443/TCP,15443/TCP                                      3h47m
service/istio-ingressgateway        LoadBalancer   10.99.165.79     localhost     15020:30774/TCP,80:30895/TCP,443:31134/TCP,15029:31511/TCP,15030:31292/TCP,15031:32062/TCP,15032:31637/TCP,31400:31482/TCP,15443:31354/TCP   3h47m
service/istio-pilot                 ClusterIP      10.111.250.87    <none>        15010/TCP,15011/TCP,15012/TCP,8080/TCP,15014/TCP,443/TCP      3h47m
service/istiod                      ClusterIP      10.98.198.20     <none>        15012/TCP,443/TCP                                             3h47m
service/jaeger-agent                ClusterIP      None             <none>        5775/UDP,6831/UDP,6832/UDP                                    3h47m
service/jaeger-collector            ClusterIP      10.111.222.130   <none>        14267/TCP,14268/TCP,14250/TCP                                 3h47m
service/jaeger-collector-headless   ClusterIP      None             <none>        14250/TCP                                                     3h47m
service/jaeger-query                ClusterIP      10.97.54.55      <none>        16686/TCP                                                     3h47m
service/kiali                       ClusterIP      10.108.68.201    <none>        20001/TCP                                                     3h47m
service/prometheus                  ClusterIP      10.97.234.176    <none>        9090/TCP                                                      3h47m
service/tracing                     ClusterIP      10.105.107.112   <none>        80/TCP                                                        3h47m
service/zipkin                      ClusterIP      10.109.155.38    <none>        9411/TCP                                                      3h47m

确保service/istio-ingressgateway对外监听localhost端口没有被Windows本机占用，如果有冲突，修改监听端口即可

部署Bookinfo

$ kubectl label namespace book istio-injection=enabled
namespace/book labeled

$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -n book
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created

$ kubectl get pods -n book
NAME                              READY   STATUS    RESTARTS   AGE
details-v1-74f858558f-xnvwz       2/2     Running   0          64s
productpage-v1-76589d9fdc-knv7t   2/2     Running   0          64s
ratings-v1-7855f5bcb9-blrkh       2/2     Running   0          64s
reviews-v1-64bc5454b9-6d96p       2/2     Running   0          64s
reviews-v2-76c64d4bdf-6xmb6       2/2     Running   0          64s
reviews-v3-5545c7c78f-j8bxg       2/2     Running   0          64s

$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml -n book
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created

$ curl localhost/productpage
<!DOCTYPE html>
<html>
  <head>
    <title>Simple Bookstore App</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">

<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="static/bootstrap/css/bootstrap.min.css">

<!-- Optional theme -->
<link rel="stylesheet" href="static/bootstrap/css/bootstrap-theme.min.css">

  </head>
......

参考：

• k8s-for-docker-desktop
• Docker on windows fails to pull linux images behind proxy