istio 安装试用

1. 命令行工具

curl -L https://git.io/getIstio | sh -

2. 环境变量配置

export PATH=$PWD/bin:$PATH

3. RBAC 检验

kubectl api-versions | grep rbac

以下为官方介绍：

If the command displays an error, or does not display anything, it means the cluster does not support RBAC, and you can proceed to step 5 below.
If the command displays ‘beta’ version, or both ‘alpha’ and ‘beta’, please apply istio-rbac-beta.yaml configuration:
kubectl apply -f install/kubernetes/istio-rbac-beta.yaml
Copy
If you get an error
Error from server (Forbidden): error when creating "install/kubernetes/istio-rbac-beta.yaml": clusterroles.rbac.authorization.k8s.io "istio-manager" is forbidden: attempt to grant extra privileges: [{[*] [istio.io] [istioconfigs] [] []} {[*] [istio.io] [istioconfigs.istio.io] [] []} {[*] [extensions] [thirdpartyresources] [] []} {[*] [extensions] [thirdpartyresources.extensions] [] []} {[*] [extensions] [ingresses] [] []} {[*] [] [configmaps] [] []} {[*] [] [endpoints] [] []} {[*] [] [pods] [] []} {[*] [] [services] [] []}] user=&{user@example.org [...]
Copy
You need to add the following: (replace the name with your own)
kubectl create clusterrolebinding myname-cluster-admin-binding --clusterrole=cluster-admin --user=myname@example.org
Copy
If the command displays only ‘alpha’ version, please apply istio-rbac-alpha.yaml configuration:
kubectl apply -f install/kubernetes/istio-rbac-alpha.yaml

4. 安装核心组件（注意service type 的定义）

kubectl apply -f install/kubernetes/istio.yaml

kubectl apply -f install/kubernetes/istio-auth.yaml

5. 监控组件安装

kubectl apply -f install/kubernetes/addons/prometheus.yaml
kubectl apply -f install/kubernetes/addons/grafana.yaml
kubectl apply -f install/kubernetes/addons/servicegraph.yaml

6. bookinfo 例子安装

kubectl apply -f <(istioctl kube-inject -f samples/apps/bookinfo/bookinfo.yaml)

7. 几个问题

安装需要使用serviceaccount 注意配置，istioctl 需要使用kubectl config 注意配置

主要是 kubectl config set-cluster kubectl config set-context  kubectl use-context 命令

因为部分容器需要按照特权模式运行，需要配置apiserver controller-manager  --allow-privileged=true

同时服务默认部分使用的是云平台的loadblance 测试环境可能没有，所以需要改为NodePort

8. 总结

        总之安装还是比较简单的，但是还需要深入研究，每个组件的设计，以及功能。

9. 参考文档

        bookino :https://istio.io/docs/samples/bookinfo.html

        install: https://istio.io/docs/tasks/installing-istio.html

        ppt 介绍： https://istio.io/talks/istio_talk_gluecon_2017.pdf