
創建 istio 目錄
[root@centos-110 ~]# mkdir istio
[root@centos-110 ~]# cd istio
方案一:
# 去下面的地址下載壓縮包
$ tar -zvxf istio-1.0.0-linux.tar.gz
方案二:
# 使用官方的安裝腳本安裝
運行如下命令,自動下載並解壓最新的發布包
$ curl -L https://git.io/getLatestIstio | sh -
[root@centos-110 istio]# curl -L https://git.io/getLatestIstio | sh -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:09 --:--:-- 0
100 1456 100 1456 0 0 73 0 0:00:19 0:00:19 --:--:-- 388
Downloading istio-1.0.0 from https://github.com/istio/istio/releases/download/1.0.0/istio-1.0.0-linux.tar.gz ...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 614 0 614 0 0 60 0 --:--:-- 0:00:10 --:--:-- 133
100 14.1M 100 14.1M 0 0 270k 0 0:00:53 0:00:53 --:--:-- 464k
Downloaded into istio-1.0.0:
bin install istio.VERSION LICENSE README.md samples tools
Add /root/istio/istio-1.0.0/bin to your path; e.g copy paste in your shell and/or ~/.profile:
export PATH="$PATH:/root/istio/istio-1.0.0/bin"
[root@centos-110 istio]#
安裝目錄包含如下內容:
-
在 install/ 目錄中包含了 Kubernetes 安裝所需的 .yaml 文件
-
samples/ 目錄中是示例應用
-
istioctl 客戶端文件保存在 bin/ 目錄之中。istioctl 的功能是手工進行 Envoy Sidecar 的注入,以及對路由規則、策略的管理
-
istio.VERSION 配置文件
# 安裝配置環境變量
編輯/etc/profile,添加istioctl 到PATH
[root@centos-110 istio-1.0.0]# vim /etc/profile
在profile文件底部,增加如下一行:
export PATH=$PATH:/root/istio/istio-1.0.0/bin
執行source命令,使修改馬上生效
[root@centos-110 istio-1.0.0]# source /etc/profile
[root@centos-110 istio-1.0.0]# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/root/istio/istio-1.0.0/bin
驗證istioctl 安裝成功
[root@centos-110 bin]# istioctl version
Version: 1.0.0
GitRevision: 3a136c90ec5e308f236e0d7ebb5c4c5e405217f4
User: root@71a9470ea93c
Hub: gcr.io/istio-release
GolangVersion: go1.10.1
BuildStatus: Clean
# 安裝Istio的CRD(Custom Resource Definitions)
kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml
# 安裝Istio - Sidecars之間不啟用TLS認證
$ kubectl apply -f install/kubernetes/istio-demo.yaml
需要拉取鏡像:
示例:拉取 gcr.io/istio-release/citadel:1.0.0 鏡像
[root@centos-110 ~]# docker pull
registry.cn-hangzhou.aliyuncs.com/istio-release/citadel:1.0.0
1.0.0: Pulling from istio-release/citadel
887bbdf2518e: Pull complete
549fcf855a71: Pull complete
1c1bf79cad30: Pull complete
Digest: sha256:01d182138511deba644e039ecccf87b048c3a88f12e8f0085c873ef7d1734dbf
Status: Downloaded newer image for
registry.cn-hangzhou.aliyuncs.com/istio-release/citadel:1.0.0
[root@centos-110 ~]# docker tag
registry.cn-hangzhou.aliyuncs.com/istio-release/citadel:1.0.0 gcr.io/istio-release/citadel:1.0.0
[root@centos-110 ~]# docker rmi
registry.cn-hangzhou.aliyuncs.com/istio-release/citadel:1.0.0
示例:拉取 gcr.io/istio-release/galley:1.0.0 鏡像
[root@centos-110 ~]# docker pull
registry.cn-hangzhou.aliyuncs.com/istio-release/galley:1.0.0
[root@centos-110 ~]# docker tag
registry.cn-hangzhou.aliyuncs.com/istio-release/galley:1.0.0 gcr.io/istio-release/galley:1.0.0
[root@centos-110 ~]# docker rmi
registry.cn-hangzhou.aliyuncs.com/istio-release/galley:1.0.0
示例:拉取 gcr.io/istio-release/pilot:1.0.0 鏡像
docker tag registry.cn-hangzhou.aliyuncs.com/istio-release/pilot:1.0.0 gcr.io/istio-release/pilot:1.0.0
示例:拉取 gcr.io/istio-release/sidecar_injector:1.0.0 鏡像
docker pull registry.cn-hangzhou.aliyuncs.com/istio-release/sidecar_injector:1.0.0
docker tag registry.cn-hangzhou.aliyuncs.com/istio-release/sidecar_injector:1.0.0 gcr.io/istio-release/sidecar_injector:1.0.0
docker rmi registry.cn-hangzhou.aliyuncs.com/istio-release/sidecar_injector:1.0.0
拉取其他鏡像的類似,只需要簡單替換一下 image name 即可。
參考上面的docker 命令,獲取如下所有鏡像:
gcr.io/istio-release/citadel:1.0.0
gcr.io/istio-release/galley:1.0.0
gcr.io/istio-release/proxyv2:1.0.0
gcr.io/istio-release/grafana:1.0.0
gcr.io/istio-release/mixer:1.0.0
gcr.io/istio-release/servicegraph:1.0.0
gcr.io/istio-release/pilot:1.0.0
gcr.io/istio-release/sidecar_injector:1.0.0
下面這個鏡像是sidecar 自動注入是需要使用的鏡像:
gcr.io/istio-release/proxy_init:1.0.0
docker tag
registry.cn-hangzhou.aliyuncs.com/istio-release/proxy_init:1.0.0 gcr.io/istio-release/proxy_init:1.0.0
驗證安裝結果
確認下列 Kubernetes 服務已經部署:istio-pilot、 istio-ingressgateway、istio-policy、istio-telemetry、prometheus 、istio-sidecar-injector(可選)。
kubectl get svc -n istio-system
確保所有相應的Kubernetes pod都已被部署且所有的容器都已啟動並正在運行:istio-pilot-*、istio-ingressgateway-*、istio-egressgateway-*、istio-policy-*、istio-telemetry-*、istio-citadel-*、prometheus-*、istio-sidecar-injector-*(可選)。
kubectl get pods -o wide -n istio-system
從上面的輸出可以看到,這里部署的主要是Istio控制面的服務,而數據面的網絡代理要如何部署呢?
根據服務網格(Service Mesh)的架構可以得知,網絡代理是隨着應用程序以sidecar的方式部署的,在下面部署Bookinfo示例程序時會演示如何部署網絡代理。
至此,Istio 已經安裝完成了。:)
參考鏈接:
注入 Istio sidecar
Install with helm
控制 Ingress 流量
Bookinfo 應用
Istio及Bookinfo示例程序安裝試用筆記