安装Istio

一、概述

在安装 Istio 之前，需要一个运行着 Kubernetes 的兼容版本的 cluster。

Istio 1.8 已经在 Kubernetes 版本 1.16, 1.17, 1.18, 1.19 中测试过。

• 通过选择合适的 platform-specific setup instructions 来创建一个集群。

有些平台提供了 managed control plane，您可以使用它来代替手动安装 Istio。如果您选择的平台支持这种方式，并且您选择使用它，那么，在创建完集群后，您将完成 Istio 的安装。因此，可以跳过以下说明。

二、下载 Istio

环境说明

操作系统：centos 7.6
主机名：k8s-master
ip地址：192.168.31.236
配置：2核2g

操作系统：centos 7.6
主机名：k8s-node01
ip地址：192.168.31.16
配置：2核4g

下载 Istio，下载内容将包含：安装文件、示例和 istioctl 命令行工具。

1. 访问 Istio release 页面下载与您操作系统对应的安装文件。在 macOS 或 Linux 系统中，也可以通过以下命令下载最新版本的 Istio：
注意：官方文档给的命令：

curl -L https://istio.io/downloadIstio | sh - 

是无法执行的，提示：curl: (7) Failed connect to raw.githubusercontent.com:443; 拒绝连接

下载最新版本：1.81.1

wget https://github.com/istio/istio/releases/download/1.8.1/istio-1.8.1-linux-amd64.tar.gz
tar zxvf istio-1.8.1-linux-amd64.tar.gz -C /usr/local/

设置环境变量

echo 'export ISTIO_HOME=/usr/local/istio-1.8.1' >> /etc/profile
echo 'export PATH=$PATH:$ISTIO_HOME/bin' >> /etc/profile

加载变量

source /etc/profile

查看版本

istioctl version

使用 istioctl 的安装方式

在学习、实验环境我们可以选择 demo 这个 profile 进行安装，如下示例：

istioctl install --set profile=demo -y

查看istio相应的 namespace 和 pod 是否已经正常创建：

[root@k8s-master ~]# kubectl get ns |grep istio
istio-system      Active   82m

查看pods

[root@k8s-master ~]# kubectl get pods -n istio-system
NAME                                    READY   STATUS    RESTARTS   AGE
istio-egressgateway-6f9f4ddc9c-2sjgk    1/1     Running   0          2m33s
istio-ingressgateway-78b47bc88b-85fd8   1/1     Running   0          2m33s
istiod-67dbfcd4dd-qq5kg                 1/1     Running   0          3m7s

检查 istio 的 CRD 和 API 资源：

[root@k8s-master ~]# kubectl get crd |grep istio
authorizationpolicies.security.istio.io    2021-01-04T10:10:26Z
destinationrules.networking.istio.io       2021-01-04T10:10:26Z
envoyfilters.networking.istio.io           2021-01-04T10:10:26Z
gateways.networking.istio.io               2021-01-04T10:10:26Z
istiooperators.install.istio.io            2021-01-04T10:10:26Z
peerauthentications.security.istio.io      2021-01-04T10:10:26Z
requestauthentications.security.istio.io   2021-01-04T10:10:26Z
serviceentries.networking.istio.io         2021-01-04T10:10:26Z
sidecars.networking.istio.io               2021-01-04T10:10:26Z
virtualservices.networking.istio.io        2021-01-04T10:10:26Z
workloadentries.networking.istio.io        2021-01-04T10:10:27Z
workloadgroups.networking.istio.io         2021-01-04T10:10:27Z
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl api-resources |grep istio
istiooperators                    iop,io       install.istio.io               true         IstioOperator
destinationrules                  dr           networking.istio.io            true         DestinationRule
envoyfilters                                   networking.istio.io            true         EnvoyFilter
gateways                          gw           networking.istio.io            true         Gateway
serviceentries                    se           networking.istio.io            true         ServiceEntry
sidecars                                       networking.istio.io            true         Sidecar
virtualservices                   vs           networking.istio.io            true         VirtualService
workloadentries                   we           networking.istio.io            true         WorkloadEntry
workloadgroups                    wg           networking.istio.io            true         WorkloadGroup
authorizationpolicies                          security.istio.io              true         AuthorizationPolicy
peerauthentications               pa           security.istio.io              true         PeerAuthentication
requestauthentications            ra           security.istio.io              true         RequestAuthentication
[root@k8s-master ~]#

安装 dashboard 组件。命令如下：

kubectl apply -f /usr/local/istio-1.8.1/samples/addons -n istio-system

输出：

serviceaccount/grafana created
configmap/grafana created
service/grafana created
deployment.apps/grafana created
configmap/istio-grafana-dashboards created
configmap/istio-services-grafana-dashboards created
deployment.apps/jaeger created
service/tracing created
service/zipkin created
service/jaeger-collector created
customresourcedefinition.apiextensions.k8s.io/monitoringdashboards.monitoring.kiali.io created
serviceaccount/kiali created
configmap/kiali created
clusterrole.rbac.authorization.k8s.io/kiali-viewer created
clusterrole.rbac.authorization.k8s.io/kiali created
clusterrolebinding.rbac.authorization.k8s.io/kiali created
service/kiali created
deployment.apps/kiali created
serviceaccount/prometheus created
configmap/prometheus created
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created
service/prometheus created
deployment.apps/prometheus created
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"
unable to recognize "/usr/local/istio-1.8.1/samples/addons/kiali.yaml": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"

将istio-ingressgateway改为NodePort方式，方便访问

 kubectl patch service istio-ingressgateway -n istio-system -p '{"spec":{"type":"NodePort"}}'

本文参考链接：

https://istio.io/latest/zh/docs/setup/getting-started/