安装Istio
一、概述
在安装 Istio 之前,需要一个运行着 Kubernetes 的兼容版本的 cluster。
Istio 1.8 已经在 Kubernetes 版本 1.16, 1.17, 1.18, 1.19 中测试过。
- 通过选择合适的 platform-specific setup instructions 来创建一个集群。
有些平台提供了 managed control plane,您可以使用它来代替手动安装 Istio。如果您选择的平台支持这种方式,并且您选择使用它,那么,在创建完集群后,您将完成 Istio 的安装。因此,可以跳过以下说明。
二、下载 Istio
环境说明
操作系统:centos 7.6
主机名:k8s-master
ip地址:192.168.31.236
配置:2核2g
操作系统:centos 7.6
主机名:k8s-node01
ip地址:192.168.31.16
配置:2核4g
下载 Istio,下载内容将包含:安装文件、示例和 istioctl 命令行工具。
1. 访问 Istio release 页面下载与您操作系统对应的安装文件。在 macOS 或 Linux 系统中,也可以通过以下命令下载最新版本的 Istio:
注意:官方文档给的命令:
curl -L https://istio.io/downloadIstio | sh -
是无法执行的,提示:curl: (7) Failed connect to raw.githubusercontent.com:443; 拒绝连接
下载最新版本:1.81.1
wget https://github.com/istio/istio/releases/download/1.8.1/istio-1.8.1-linux-amd64.tar.gz tar zxvf istio-1.8.1-linux-amd64.tar.gz -C /usr/local/
设置环境变量
echo 'export ISTIO_HOME=/usr/local/istio-1.8.1' >> /etc/profile echo 'export PATH=$PATH:$ISTIO_HOME/bin' >> /etc/profile
加载变量
source /etc/profile
查看版本
istioctl version
使用 istioctl 的安装方式
在学习、实验环境我们可以选择 demo 这个 profile 进行安装,如下示例:
istioctl install --set profile=demo -y
查看istio相应的 namespace 和 pod 是否已经正常创建:
[root@k8s-master ~]# kubectl get ns |grep istio istio-system Active 82m
查看pods
[root@k8s-master ~]# kubectl get pods -n istio-system NAME READY STATUS RESTARTS AGE istio-egressgateway-6f9f4ddc9c-2sjgk 1/1 Running 0 2m33s istio-ingressgateway-78b47bc88b-85fd8 1/1 Running 0 2m33s istiod-67dbfcd4dd-qq5kg 1/1 Running 0 3m7s
检查 istio 的 CRD 和 API 资源:
[root@k8s-master ~]# kubectl get crd |grep istio authorizationpolicies.security.istio.io 2021-01-04T10:10:26Z destinationrules.networking.istio.io 2021-01-04T10:10:26Z envoyfilters.networking.istio.io 2021-01-04T10:10:26Z gateways.networking.istio.io 2021-01-04T10:10:26Z istiooperators.install.istio.io 2021-01-04T10:10:26Z peerauthentications.security.istio.io 2021-01-04T10:10:26Z requestauthentications.security.istio.io 2021-01-04T10:10:26Z serviceentries.networking.istio.io 2021-01-04T10:10:26Z sidecars.networking.istio.io 2021-01-04T10:10:26Z virtualservices.networking.istio.io 2021-01-04T10:10:26Z workloadentries.networking.istio.io 2021-01-04T10:10:27Z workloadgroups.networking.istio.io 2021-01-04T10:10:27Z [root@k8s-master ~]# [root@k8s-master ~]# kubectl api-resources |grep istio istiooperators iop,io install.istio.io true IstioOperator destinationrules dr networking.istio.io true DestinationRule envoyfilters networking.istio.io true EnvoyFilter gateways gw networking.istio.io true Gateway serviceentries se networking.istio.io true ServiceEntry sidecars networking.istio.io true Sidecar virtualservices vs networking.istio.io true VirtualService workloadentries we networking.istio.io true WorkloadEntry workloadgroups wg networking.istio.io true WorkloadGroup authorizationpolicies security.istio.io true AuthorizationPolicy peerauthentications pa security.istio.io true PeerAuthentication requestauthentications ra security.istio.io true RequestAuthentication [root@k8s-master ~]#
安装 dashboard 组件。命令如下:
kubectl apply -f /usr/local/istio-1.8.1/samples/addons -n istio-system
输出:
serviceaccount/grafana created configmap/grafana created service/grafana created deployment.apps/grafana created configmap/istio-grafana-dashboards created configmap/istio-services-grafana-dashboards created deployment.apps/jaeger created service/tracing created service/zipkin created service/jaeger-collector created customresourcedefinition.apiextensions.k8s.io/monitoringdashboards.monitoring.kiali.io created serviceaccount/kiali created configmap/kiali created clusterrole.rbac.authorization.k8s.io/kiali-viewer created clusterrole.rbac.authorization.k8s.io/kiali created clusterrolebinding.rbac.authorization.k8s.io/kiali created service/kiali created deployment.apps/kiali created serviceaccount/prometheus created configmap/prometheus created clusterrole.rbac.authorization.k8s.io/prometheus created clusterrolebinding.rbac.authorization.k8s.io/prometheus created service/prometheus created deployment.apps/prometheus created unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1" unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
将istio-ingressgateway改为NodePort方式,方便访问
kubectl patch service istio-ingressgateway -n istio-system -p '{"spec":{"type":"NodePort"}}'
本文参考链接:
