Github:https://github.com/istio/istio
官方地址https://istio.io/
中文文档:https://istio.io/latest/zh/docs/

安装

一键脚本安装

  1.  curl -L https://istio.io/downloadIstio | sh -

执行版本和操作系统

  1. $ curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.6.8 TARGET_ARCH=x86_64 sh -

release安装

https://github.com/istio/istio/releases/

  1.  $ wget https://github.com/istio/istio/releases/download/1.10.3/istio-1.10.3-linux-amd64.tar.gz
  2.  $ tar -zxvf istio-1.10.3-linux-amd64.tar.gz
  3.  $ cd istio-1.10.3

目录

  1. ls -la
  2. total 24
  3. drwxr-x---  6 root root   115 Jul 15 13:32 .
  4. drwxr-xr-x  3 root root    65 Jul 23 01:30 ..
  5. drwxr-x---  2 root root    22 Jul 15 13:32 bin
  6. -rw-r--r--  1 root root 11348 Jul 15 13:32 LICENSE
  7. drwxr-xr-x  5 root root    52 Jul 15 13:32 manifests
  8. -rw-r-----  1 root root   854 Jul 15 13:32 manifest.yaml
  9. -rw-r--r--  1 root root  5866 Jul 15 13:32 README.md
  10. drwxr-xr-x 20 root root   332 Jul 15 13:32 samples
  11. drwxr-xr-x  3 root root    57 Jul 15 13:32 tools

其中 samples/ 目录下面是一些示例应用程序,bin/ 目录下面的 istioctl 是 Istio 的 CLI 工具,可以将该 bin/ 目录加入到 PATH 路径之下,也可以直接拷贝到某个 PATH 目录下去:

  1. cp bin/istioctl /usr/local/bin/istioctl
  2. istioctl version
  3. no running Istio pods in "istio-system"
  4. 1.10.3

采用的是 demo 配置组合的形式,这是因为它包含了一组专为测试准备的功能集合,另外还有用于生产或性能测试的配置组合。

  1. istioctl install --set profile=demo -y
  2. Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/v1.10/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for details.
  3. ! values.global.jwtPolicy is deprecated; use Values.global.jwtPolicy=third-party-jwt. See http://istio.io/latest/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for more information instead
  4.  Istio core installed                                                                                                                               
  5.  Istiod installed                                                                                                                                   
  6.  Ingress gateways installed                                                                                                                         
  7.  Egress gateways installed                                                                                                                          
  8.  Installation complete                                                                                                                              Thank you for installing Istio 1.10.  Please take a few minutes to tell us about your install/upgrade experience!  https://forms.gle/KjkrDnMPByq7akrYA

安装完成后查看 istio-system 命名空间下面的 Pod 运行状态:

  1. # kubectl get pods -n istio-system
  2. NAME                                    READY   STATUS    RESTARTS   AGE
  3. istio-egressgateway-5c8d96c9b5-95fnw    1/1     Running   0          2m4s
  4. istio-ingressgateway-6bcfd457f9-4z96h   1/1     Running   0          2m5s
  5. istiod-775bcf58f7-6hl5c                 1/1     Running   0          3m15s

给 namespace 添加一个 isito-injection=enabled 的 label 标签,指示 Istio 在部署应用的时候,可以自动注入 Envoy Sidecar 代理,比如这里我们给 default 命名空间注入自动标签:

  1. kubectl label ns default istio-injection=enabled
  2. namespace/default labeled