一、概述
在安裝 Istio 之前,需要一個運行着 Kubernetes 的兼容版本的 cluster。
Istio 1.8 已經在 Kubernetes 版本 1.16, 1.17, 1.18, 1.19 中測試過。
- 通過選擇合適的 platform-specific setup instructions 來創建一個集群。
有些平台提供了 managed control plane,您可以使用它來代替手動安裝 Istio。如果您選擇的平台支持這種方式,並且您選擇使用它,那么,在創建完集群后,您將完成 Istio 的安裝。因此,可以跳過以下說明。
二、下載 Istio
環境說明
操作系統:centos 7.6
主機名:k8s-master
ip地址:192.168.31.236
配置:2核2g
操作系統:centos 7.6
主機名:k8s-node01
ip地址:192.168.31.16
配置:2核4g
下載 Istio,下載內容將包含:安裝文件、示例和 istioctl 命令行工具。
1. 訪問 Istio release 頁面下載與您操作系統對應的安裝文件。在 macOS 或 Linux 系統中,也可以通過以下命令下載最新版本的 Istio:
注意:官方文檔給的命令:
curl -L https://istio.io/downloadIstio | sh -
是無法執行的,提示:curl: (7) Failed connect to raw.githubusercontent.com:443; 拒絕連接
下載最新版本:1.81.1
wget https://github.com/istio/istio/releases/download/1.8.1/istio-1.8.1-linux-amd64.tar.gz tar zxvf istio-1.8.1-linux-amd64.tar.gz -C /usr/local/
設置環境變量
echo 'export ISTIO_HOME=/usr/local/istio-1.8.1' >> /etc/profile echo 'export PATH=$PATH:$ISTIO_HOME/bin' >> /etc/profile
加載變量
source /etc/profile
查看版本
istioctl version
使用 istioctl 的安裝方式
在學習、實驗環境我們可以選擇 demo 這個 profile 進行安裝,如下示例:
istioctl install --set profile=demo -y
查看istio相應的 namespace 和 pod 是否已經正常創建:
[root@k8s-master ~]# kubectl get ns |grep istio istio-system Active 82m
查看pods
[root@k8s-master ~]# kubectl get pods -n istio-system NAME READY STATUS RESTARTS AGE istio-egressgateway-6f9f4ddc9c-2sjgk 1/1 Running 0 2m33s istio-ingressgateway-78b47bc88b-85fd8 1/1 Running 0 2m33s istiod-67dbfcd4dd-qq5kg 1/1 Running 0 3m7s
檢查 istio 的 CRD 和 API 資源:
[root@k8s-master ~]# kubectl get crd |grep istio authorizationpolicies.security.istio.io 2021-01-04T10:10:26Z destinationrules.networking.istio.io 2021-01-04T10:10:26Z envoyfilters.networking.istio.io 2021-01-04T10:10:26Z gateways.networking.istio.io 2021-01-04T10:10:26Z istiooperators.install.istio.io 2021-01-04T10:10:26Z peerauthentications.security.istio.io 2021-01-04T10:10:26Z requestauthentications.security.istio.io 2021-01-04T10:10:26Z serviceentries.networking.istio.io 2021-01-04T10:10:26Z sidecars.networking.istio.io 2021-01-04T10:10:26Z virtualservices.networking.istio.io 2021-01-04T10:10:26Z workloadentries.networking.istio.io 2021-01-04T10:10:27Z workloadgroups.networking.istio.io 2021-01-04T10:10:27Z [root@k8s-master ~]# [root@k8s-master ~]# kubectl api-resources |grep istio istiooperators iop,io install.istio.io true IstioOperator destinationrules dr networking.istio.io true DestinationRule envoyfilters networking.istio.io true EnvoyFilter gateways gw networking.istio.io true Gateway serviceentries se networking.istio.io true ServiceEntry sidecars networking.istio.io true Sidecar virtualservices vs networking.istio.io true VirtualService workloadentries we networking.istio.io true WorkloadEntry workloadgroups wg networking.istio.io true WorkloadGroup authorizationpolicies security.istio.io true AuthorizationPolicy peerauthentications pa security.istio.io true PeerAuthentication requestauthentications ra security.istio.io true RequestAuthentication [root@k8s-master ~]#
安裝 dashboard 組件。命令如下:
kubectl apply -f /usr/local/istio-1.8.1/samples/addons -n istio-system
輸出:
serviceaccount/grafana created configmap/grafana created service/grafana created deployment.apps/grafana created configmap/istio-grafana-dashboards created configmap/istio-services-grafana-dashboards created deployment.apps/jaeger created service/tracing created service/zipkin created service/jaeger-collector created customresourcedefinition.apiextensions.k8s.io/monitoringdashboards.monitoring.kiali.io created serviceaccount/kiali created configmap/kiali created clusterrole.rbac.authorization.k8s.io/kiali-viewer created clusterrole.rbac.authorization.k8s.io/kiali created clusterrolebinding.rbac.authorization.k8s.io/kiali created service/kiali created deployment.apps/kiali created serviceaccount/prometheus created configmap/prometheus created clusterrole.rbac.authorization.k8s.io/prometheus created clusterrolebinding.rbac.authorization.k8s.io/prometheus created service/prometheus created deployment.apps/prometheus created unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
將istio-ingressgateway改為NodePort方式,方便訪問
kubectl patch service istio-ingressgateway -n istio-system -p '{"spec":{"type":"NodePort"}}'
本文參考鏈接: