Funky's NoteBook

Install Istio using helm

istio
字数统计: 1,516阅读时长: 8 min
2019/03/25 Share

使用 Helm 安装 istio v1.1

一、下载 Istio

1、你可以通过以下官方提供的脚本安装最新版本的 istio,也可以通过设置ISTIO_VERSION对应的版本安装指定版本的 istio

1
$ curl -L https://git.io/getLatestIstio | ISTIO_VERSION=1.1.0 sh -

执行完毕您将看见如下输出:

1
2
3
4
5
6
7
8
9
10
11
12
13
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
100  1631  100  1631    0     0    471      0  0:00:03  0:00:03 --:--:--   838
Downloading istio-1.1.0 from https://github.com/istio/istio/releases/download/1.1.0/istio-1.1.0-linux.tar.gz ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   614    0   614    0     0    553      0 --:--:--  0:00:01 --:--:--   554
100 15.0M  100 15.0M    0     0  1651k      0  0:00:09  0:00:09 --:--:-- 2405k
Downloaded into istio-1.1.0:
bin  install  istio.VERSION  LICENSE  README.md  samples  tools
Add /root/istio-1.1.0/bin to your path; e.g copy paste in your shell and/or ~/.profile:
export PATH="$PATH:/root/istio-1.1.0/bin"

接下来移动到刚刚下载好的 istio 包目录中:

1
cd istio-1.1.0

安装目录中包含:

  • install/ 目录中包含了 Kubernetes 安装所需的 .yaml 文件
  • samples/ 目录中是示例应用
  • istioctl 客户端文件保存在 bin/ 目录之中。istioctl 的功能是手工进行 Envoy Sidecar 的注入。
  • istio.VERSION 配置文件

2、把 istioctl 客户端加入 PATH 环境变量,如果是 macOS 或者 Linux,可以这样实现:

1
$ export PATH=$PWD/bin:$PATH

3、如果你想持久化使用可以将下面的内容放入/etc/profile 文件中:

1
export PATH="$PATH:/root/istio-1.1.0/bin"

执行命令使其立即生效:

1
source /etc/profile

4、测试 istioctl 是否正常工作:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
$ istioctl 

Istio configuration command line utility.

Create, list, modify, and delete configuration resources in the Istio
system.

Available routing and traffic management configuration types:

        [virtualservice gateway destinationrule serviceentry httpapispec httpapispecbinding quotaspec quotaspecbinding servicerole servicerolebinding policy]

See https://istio.io/docs/reference/ for an overview of Istio routing.

Usage:
  istioctl [command]

Available Commands:
  authn          Interact with Istio authentication policies
  context-create Create a kubeconfig file suitable for use with istioctl in a non kubernetes environment
  create         Create policies and rules
  delete         Delete policies or rules
  deregister     De-registers a service instance
  experimental   Experimental commands that may be modified or deprecated
  gen-deploy     Generates the configuration for Istio's control plane.
  get            Retrieve policies and rules
  help           Help about any command
  kube-inject    Inject Envoy sidecar into Kubernetes pod resources
  proxy-config   Retrieve information about proxy configuration from Envoy [kube only]
  proxy-status   Retrieves the synchronization status of each Envoy in the mesh [kube only]
  register       Registers a service instance (e.g. VM) joining the mesh
  replace        Replace existing policies and rules
  version        Prints out build version information

如果你和我一样显示上面类似的输出,说明 istioctl 已经正常工作。

三、在使用 Helm 安装 Istio前的步骤

  • 完成必要的 Kubernetes 平台设置

  • 检查对 Pod 和服务的要求

  • 安装高于 2.10 版本的 Helm 客户端](https://docs.helm.sh/using_helm)。

  • 默认情况下,Istio 使用 LoadBalancer 服务类型,而有些平台是不支持 LoadBalancer 服务的。对于缺少 LoadBalancer 支持的平台,执行下面的安装步骤时,可以在 Helm 命令中加入 --set gateways.istio-ingressgateway.type=NodePort --set gateways.istio-egressgateway.type=NodePort 选项,使用 NodePort 来替代 LoadBalancer 服务类型。

四、 通过 helm template 安装 istio

1、首先为 istio 组件创建命名空间:

1
2
$ kubectl create namespace istio-system
namespace/istio-system created

2、使用 kubectl apply 安装 Istio 的 CRD:

1
2
3
4
5
6
7
8
9
$ helm template install/kubernetes/helm/istio-init --name istio-init --namespace istio-system | kubectl apply -f -

configmap/istio-crd-10 created
configmap/istio-crd-11 created
serviceaccount/istio-init-service-account created
clusterrole.rbac.authorization.k8s.io/istio-init-istio-system created
clusterrolebinding.rbac.authorization.k8s.io/istio-init-admin-role-binding-istio-system created
job.batch/istio-init-crd-10 created
job.batch/istio-init-crd-11 created

Note: 这个 install 文件夹在位置在上面下载好的 istio-1.1.0的文件夹里。

3、验证 53 个 IstioCRD 是否正常被提交到 Kubernetes 的 api-server上:

1
2
$ kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l
53

Note: 需要等待一段时间才会发现 53 个 CRD 被提交。

4、安装 Istio 相关组件

1
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system | kubectl apply -f -

你会看见如下内容:

1
2
3
4
5
6
7
8
9
10
poddisruptionbudget.policy/istio-galley created
poddisruptionbudget.policy/istio-ingressgateway created
poddisruptionbudget.policy/istio-policy created
poddisruptionbudget.policy/istio-telemetry created
poddisruptionbudget.policy/istio-pilot created
configmap/istio-galley-configuration created
configmap/prometheus created
configmap/istio-security-custom-resources created
configmap/istio created
...

五、 确认安装情况

1、查询 istio service 是否正常工作,参考配置文件中的组件表,验证是否已部署与所选配置文件对应的Kubernetes服务:

1
2
3
4
5
6
7
8
9
10
$ kubectl get svc -n istio-system
NAME                     TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                                                                                                                                      AGE
istio-citadel            ClusterIP      10.107.52.72    <none>        8060/TCP,15014/TCP                                                                                                                           7m17s
istio-galley             ClusterIP      10.104.83.81    <none>        443/TCP,15014/TCP,9901/TCP                                                                                                                   7m21s
istio-ingressgateway     LoadBalancer   10.105.98.58    <pending>     80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:31425/TCP,15030:31954/TCP,15031:31062/TCP,15032:31998/TCP,15443:30439/TCP,15020:32728/TCP   7m21s
istio-pilot              ClusterIP      10.98.88.41     <none>        15010/TCP,15011/TCP,8080/TCP,15014/TCP                                                                                                       7m18s
istio-policy             ClusterIP      10.96.94.133    <none>        9091/TCP,15004/TCP,15014/TCP                                                                                                                 7m21s
istio-sidecar-injector   ClusterIP      10.107.175.68   <none>        443/TCP                                                                                                                                      7m17s
istio-telemetry          ClusterIP      10.98.191.165   <none>        9091/TCP,15004/TCP,15014/TCP,42422/TCP                                                                                                       7m21s
prometheus               ClusterIP      10.104.51.23    <none>        9090/TCP

2、确保部署了相应的 Kubernetes pod 并且状态为 Running:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
kubectl get pods -n istio-system
NAME                                      READY   STATUS      RESTARTS   AGE
istio-citadel-645ffc4999-z7p26            1/1     Running     0          11m
istio-cleanup-secrets-1.1.0-7rzbf         0/1     Completed   0          11m
istio-galley-978f9447f-lncnn              1/1     Running     0          11m
istio-ingressgateway-8ccdc79bc-2zd4n      1/1     Running     0          11m
istio-init-crd-10-kxdhd                   0/1     Completed   0          16m
istio-init-crd-11-jclsq                   0/1     Completed   0          16m
istio-pilot-5d5dc955dd-ntbd2              2/2     Running     0          11m
istio-policy-c9469c4df-dj6jw              2/2     Running     2          11m
istio-security-post-install-1.1.0-hqgwl   0/1     Completed   0          11m
istio-sidecar-injector-6dcc9d5c64-sxd5s   1/1     Running     0          11m
istio-telemetry-55d5b7d4dc-fcl47          2/2     Running     3          11m
prometheus-66c9f5694-8cxkl                1/1     Running     0          11m

Note: 其中有几个 Completed 不影响,这个是 istio-init 执行初始化的结果。

可选: 卸载 istio 及其相关组件

  • 卸载 istio:
1
2
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system | kubectl delete -f -
$ kubectl delete namespace istio-system
  • 删除 CRD 与 istio 的相关配置:
1
$ kubectl delete -f install/kubernetes/helm/istio-init/files

原文作者:Linus Lee

原文链接:http://note.run-linux.com/2019/03/25/Install-istio-with-helm/

发表日期:March 25th 2019, 5:43:18 pm

更新日期:March 26th 2019, 9:39:09 pm

版权声明:本文采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可

CATALOG
  1. 1. 使用 Helm 安装 istio v1.1
    1. 1.1. 一、下载 Istio
    2. 1.2. 三、在使用 Helm 安装 Istio前的步骤
    3. 1.3. 四、 通过 helm template 安装 istio
    4. 1.4. 五、 确认安装情况
    5. 1.5. 可选: 卸载 istio 及其相关组件
Total : 30
2022
2020
2019
2018
2017
arch Data Structure docker Go k8s istio scraping open-source Linux