Istio学习的开始(一):在Kubernetes安装Istio

2017-10-24 阅读: Istio

Istio是由Google, IBM, Lyft开源的Service Mesh项目。 Istio的Introduction中说它是一个用来连接、管理和保护微服务的开放平台。 因为是个人学习Istio的开篇,对Istio概念的第一印象先停留在前面一句话上,本篇的目标是先在我们的k8s集群上部署Istio。

安装Istio

注意Istio还在快速发展,这里安装的是最新的Istio 0.2.9,后续的版本极有可能发生变化,本来也是学习和体验这里就不废话了。 当前的Istio要求在Kubernetes 1.7.4及以上版本,要求k8s集群开启RBAC,另外kubectl的版本也需要是1.7以后的版本。

这里在一个两节点的k8s 1.8.1集群上安装。从Istio 0.2.7开始,Istio被部署在Kubernetes集群的istio-system namespace下,并且在这个命名空间下可以管理所有其他命名空间的微服务。

首先下载Istio的安装包:

wget https://github.com/istio/istio/releases/download/0.2.9/istio-0.2.9-linux.tar.gz
tar -zxvf istio-0.2.9-linux.tar.gz
cd istio-0.2.9

解压缩的目录结构如下:

├── bin
│   └── istioctl
├── CONTRIBUTING.md
├── install
│   ├── consul
│   ├── eureka
│   ├── kubernetes
│   ├── README.md
│   └── tools
├── istio.VERSION
├── LICENSE
├── README.md
└── samples
    ├── bookinfo
    ├── CONFIG-MIGRATION.md
    ├── helloworld
    ├── httpbin
    ├── README.md
    └── sleep
  • 其中install/kubernetes目录中包含了在k8s集群上部署Istio的.yaml文件
  • bin/istioctl说是用来手动将Envoy作为sidecar proxy注入

下面读一下install/kubernetes/README.md:

cat install/kubernetes/README.md:
# Install Istio on an existing Kubernetes cluster

Please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/quick-start.html).

## Directory structure
This directory contains files needed for installing Istio on a Kubernetes cluster.

* istio.yaml - use this file for installation without authentication enabled
* istio-auth.yaml - use this file for installation with authentication enabled
* istio-initializer.yaml - use this file for installation of istio initializer for transparent injection.
* istio-one-namespace.yaml - use this file for installation without authentication enabled. Istio control plane and applications will be in one single namespace, mainly used for testing.
* istio-one-namespace-auth.yaml - use this file for installation with authentication enabled. Istio control plane and applications will be in one single namespace, mainly used for testing.
* templates - directory contains the templates used to generate istio.yaml and istio-auth.yaml
* addons - directory contains optional components (Prometheus, Grafana, Service Graph, Zipkin, Zipkin to Stackdriver)
* updateVersion.sh in the parent directory can be run to regenerate installation files

我们先来部署没有mutual TLS authentication的Istio:

kubectl apply -f install/kubernetes/istio.yaml
namespace "istio-system" created
......
deployment "istio-ca" created

验证是否部署成功,确认istio-system下的istio-pilot-*, istio-mixer-*, istio-ingress-*, istio-egress-*, istio-ca-*这些Pod处于Running状态。 因为我这里没有部署istio-initializer.yaml,所以忽略istio-initializer-*

kubectl get pods -n istio-system
NAME                             READY     STATUS    RESTARTS   AGE
istio-ca-6c4779c95d-sq6sj        1/1       Running   0          5m
istio-egress-f567897c6-tlz4b     1/1       Running   0          5m
istio-ingress-69bbfd76b8-9c24k   1/1       Running   0          5m
istio-mixer-6549f6db4c-x6x4t     2/2       Running   0          5m
istio-pilot-5f74bfb8f4-b7bbf     1/1       Running   0          5m

最后将istioctl文件拷贝到/usr/bin目录下。

istioctl version
Version: 0.2.9
GitRevision: 48ce32e6909d120a8ecee58b6b7a84094da36b7c
GitBranch: master
User: root@881c9704f303
GolangVersion: go1.8.3

参考

标题:Istio学习的开始(一):在Kubernetes安装Istio
本文链接:https://blog.frognew.com/2017/10/quick-istio-1.html
转载请注明出处。

目录