Istio学习的开始(一):在Kubernetes安装Istio
2017-10-24
Istio是由Google, IBM, Lyft开源的Service Mesh项目。 Istio的Introduction中说它是一个用来连接、管理和保护微服务的开放平台。 因为是个人学习Istio的开篇,对Istio概念的第一印象先停留在前面一句话上,本篇的目标是先在我们的k8s集群上部署Istio。
安装Istio #
注意Istio还在快速发展,这里安装的是最新的Istio 0.2.9,后续的版本极有可能发生变化,本来也是学习和体验这里就不废话了。 当前的Istio要求在Kubernetes 1.7.4及以上版本,要求k8s集群开启RBAC,另外kubectl的版本也需要是1.7以后的版本。
这里在一个两节点的k8s 1.8.1集群上安装。从Istio 0.2.7开始,Istio被部署在Kubernetes集群的istio-system namespace下,并且在这个命名空间下可以管理所有其他命名空间的微服务。
首先下载Istio的安装包:
1wget https://github.com/istio/istio/releases/download/0.2.9/istio-0.2.9-linux.tar.gz
2tar -zxvf istio-0.2.9-linux.tar.gz
3cd istio-0.2.9
解压缩的目录结构如下:
1├── bin
2│ └── istioctl
3├── CONTRIBUTING.md
4├── install
5│ ├── consul
6│ ├── eureka
7│ ├── kubernetes
8│ ├── README.md
9│ └── tools
10├── istio.VERSION
11├── LICENSE
12├── README.md
13└── samples
14 ├── bookinfo
15 ├── CONFIG-MIGRATION.md
16 ├── helloworld
17 ├── httpbin
18 ├── README.md
19 └── sleep
- 其中install/kubernetes目录中包含了在k8s集群上部署Istio的
.yaml文件 - bin/istioctl说是用来手动将Envoy作为sidecar proxy注入
下面读一下install/kubernetes/README.md:
1cat install/kubernetes/README.md:
2# Install Istio on an existing Kubernetes cluster
3
4Please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/quick-start.html).
5
6## Directory structure
7This directory contains files needed for installing Istio on a Kubernetes cluster.
8
9* istio.yaml - use this file for installation without authentication enabled
10* istio-auth.yaml - use this file for installation with authentication enabled
11* istio-initializer.yaml - use this file for installation of istio initializer for transparent injection.
12* istio-one-namespace.yaml - use this file for installation without authentication enabled. Istio control plane and applications will be in one single namespace, mainly used for testing.
13* istio-one-namespace-auth.yaml - use this file for installation with authentication enabled. Istio control plane and applications will be in one single namespace, mainly used for testing.
14* templates - directory contains the templates used to generate istio.yaml and istio-auth.yaml
15* addons - directory contains optional components (Prometheus, Grafana, Service Graph, Zipkin, Zipkin to Stackdriver)
16* updateVersion.sh in the parent directory can be run to regenerate installation files
我们先来部署没有mutual TLS authentication的Istio:
1kubectl apply -f install/kubernetes/istio.yaml
2namespace "istio-system" created
3......
4deployment "istio-ca" created
验证是否部署成功,确认istio-system下的istio-pilot-*, istio-mixer-*, istio-ingress-*, istio-egress-*, istio-ca-*这些Pod处于Running状态。
因为我这里没有部署istio-initializer.yaml,所以忽略istio-initializer-*。
1kubectl get pods -n istio-system
2NAME READY STATUS RESTARTS AGE
3istio-ca-6c4779c95d-sq6sj 1/1 Running 0 5m
4istio-egress-f567897c6-tlz4b 1/1 Running 0 5m
5istio-ingress-69bbfd76b8-9c24k 1/1 Running 0 5m
6istio-mixer-6549f6db4c-x6x4t 2/2 Running 0 5m
7istio-pilot-5f74bfb8f4-b7bbf 1/1 Running 0 5m
最后将istioctl文件拷贝到/usr/bin目录下。
1istioctl version
2Version: 0.2.9
3GitRevision: 48ce32e6909d120a8ecee58b6b7a84094da36b7c
4GitBranch: master
5User: root@881c9704f303
6GolangVersion: go1.8.3