安装istio v1.0 详细过程和步骤
创建 istio 目录
[root@centos-110 ~]# mkdir istio
[root@centos-110 ~]# cd istio
方案一:
# 去下面的地址下载压缩包
$ tar -zvxf istio-1.0.0-linux.tar.gz
方案二:
# 使用官方的安装脚本安装
运行如下命令,自动下载并解压最新的发布包
$ curl -L https://git.io/getLatestIstio | sh -
[root@centos-110 istio]# curl -L https://git.io/getLatestIstio | sh -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:09 --:--:-- 0
100 1456 100 1456 0 0 73 0 0:00:19 0:00:19 --:--:-- 388
Downloading istio-1.0.0 from https://github.com/istio/istio/releases/download/1.0.0/istio-1.0.0-linux.tar.gz ...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 614 0 614 0 0 60 0 --:--:-- 0:00:10 --:--:-- 133
100 14.1M 100 14.1M 0 0 270k 0 0:00:53 0:00:53 --:--:-- 464k
Downloaded into istio-1.0.0:
bin install istio.VERSION LICENSE README.md samples tools
Add /root/istio/istio-1.0.0/bin to your path; e.g copy paste in your shell and/or ~/.profile:
export PATH="$PATH:/root/istio/istio-1.0.0/bin"
[root@centos-110 istio]#
安装目录包含如下内容:
-
在 install/ 目录中包含了 Kubernetes 安装所需的 .yaml 文件
-
samples/ 目录中是示例应用
-
istioctl 客户端文件保存在 bin/ 目录之中。istioctl 的功能是手工进行 Envoy Sidecar 的注入,以及对路由规则、策略的管理
-
istio.VERSION 配置文件
# 安装配置环境变量
编辑/etc/profile,添加istioctl 到PATH
[root@centos-110 istio-1.0.0]# vim /etc/profile
在profile文件底部,增加如下一行:
export PATH=$PATH:/root/istio/istio-1.0.0/bin
执行source命令,使修改马上生效
[root@centos-110 istio-1.0.0]# source /etc/profile
[root@centos-110 istio-1.0.0]# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/root/istio/istio-1.0.0/bin
验证istioctl 安装成功
[root@centos-110 bin]# istioctl version
Version: 1.0.0
GitRevision: 3a136c90ec5e308f236e0d7ebb5c4c5e405217f4
User: root@71a9470ea93c
Hub: gcr.io/istio-release
GolangVersion: go1.10.1
BuildStatus: Clean
# 安装Istio的CRD(Custom Resource Definitions)
kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml
# 安装Istio - Sidecars之间不启用TLS认证
$ kubectl apply -f install/kubernetes/istio-demo.yaml
需要拉取镜像:
示例:拉取 gcr.io/istio-release/citadel:1.0.0 镜像
[root@centos-110 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/istio-release/citadel:1.0.0
1.0.0: Pulling from istio-release/citadel
887bbdf2518e: Pull complete
549fcf855a71: Pull complete
1c1bf79cad30: Pull complete
Digest: sha256:01d182138511deba644e039ecccf87b048c3a88f12e8f0085c873ef7d1734dbf
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/istio-release/citadel:1.0.0
[root@centos-110 ~]# docker tag registry.cn-hangzhou.aliyuncs.com/istio-release/citadel:1.0.0 gcr.io/istio-release/citadel:1.0.0
[root@centos-110 ~]# docker rmi registry.cn-hangzhou.aliyuncs.com/istio-release/citadel:1.0.0
示例:拉取 gcr.io/istio-release/galley:1.0.0 镜像
[root@centos-110 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/istio-release/galley:1.0.0
[root@centos-110 ~]# docker tag registry.cn-hangzhou.aliyuncs.com/istio-release/galley:1.0.0 gcr.io/istio-release/galley:1.0.0
[root@centos-110 ~]# docker rmi registry.cn-hangzhou.aliyuncs.com/istio-release/galley:1.0.0
示例:拉取 gcr.io/istio-release/pilot:1.0.0 镜像
docker tag registry.cn-hangzhou.aliyuncs.com/istio-release/pilot:1.0.0 gcr.io/istio-release/pilot:1.0.0
示例:拉取 gcr.io/istio-release/sidecar_injector:1.0.0 镜像
docker pull registry.cn-hangzhou.aliyuncs.com/istio-release/sidecar_injector:1.0.0
docker tag registry.cn-hangzhou.aliyuncs.com/istio-release/sidecar_injector:1.0.0 gcr.io/istio-release/sidecar_injector:1.0.0
docker rmi registry.cn-hangzhou.aliyuncs.com/istio-release/sidecar_injector:1.0.0
拉取其他镜像的类似,只需要简单替换一下 image name 即可。
参考上面的docker 命令,获取如下所有镜像:
gcr.io/istio-release/citadel:1.0.0
gcr.io/istio-release/galley:1.0.0
gcr.io/istio-release/proxyv2:1.0.0
gcr.io/istio-release/grafana:1.0.0
gcr.io/istio-release/mixer:1.0.0
gcr.io/istio-release/servicegraph:1.0.0
gcr.io/istio-release/pilot:1.0.0
gcr.io/istio-release/sidecar_injector:1.0.0
下面这个镜像是sidecar 自动注入是需要使用的镜像:
gcr.io/istio-release/proxy_init:1.0.0
docker tag registry.cn-hangzhou.aliyuncs.com/istio-release/proxy_init:1.0.0 gcr.io/istio-release/proxy_init:1.0.0
验证安装结果
确认下列 Kubernetes 服务已经部署:istio-pilot、 istio-ingressgateway、istio-policy、istio-telemetry、prometheus 、istio-sidecar-injector(可选)。
kubectl get svc -n istio-system
确保所有相应的Kubernetes pod都已被部署且所有的容器都已启动并正在运行:istio-pilot-*、istio-ingressgateway-*、istio-egressgateway-*、istio-policy-*、istio-telemetry-*、istio-citadel-*、prometheus-*、istio-sidecar-injector-*(可选)。
kubectl get pods -o wide -n istio-system
从上面的输出可以看到,这里部署的主要是Istio控制面的服务,而数据面的网络代理要如何部署呢?
根据服务网格(Service Mesh)的架构可以得知,网络代理是随着应用程序以sidecar的方式部署的,在下面部署Bookinfo示例程序时会演示如何部署网络代理。
至此,Istio 已经安装完成了。:)
参考链接:
注入 Istio sidecar
Install with helm
控制 Ingress 流量
Bookinfo 应用
Istio及Bookinfo示例程序安装试用笔记