一、环境准备
1.1环境信息
| 主机名 | IP地址 | 用途 |
|---|---|---|
| zhengzw-k8s-master | 10.10.100.7 | K8s Master |
| zhengzw-k8s-node-1 | 10.10.100.15 | K8s Worker |
| zhengzw-k8s-node-1 | 10.10.100.52 | K8s Worker |
OS:Ubuntu 18.4
K8s version:1.15.5
Istio version:1.4.0
1.2软件下载
Windows:
cli: https://github.com/istio/istio/releases/download/1.4.0/istioctl-1.4.0-win.zip
release: https://github.com/istio/istio/releases/download/1.4.0/istio-1.4.0-win.zip
Linux:
cli: https://github.com/istio/istio/releases/download/1.4.0/istioctl-1.4.0-linux.tar.gz
release: https://github.com/istio/istio/releases/download/1.4.0/istio-1.4.0-linux.tar.gz
二、部署
2.1部署方式
2.1.1通过istioctl部署
需要把istioctl命令加入PATH环境变量
# 部署default类型
istioctl manifest apply
# 部署demo类型
istioctl manifest apply --set profile=demo
# 基于default调节功能参数
istioctl manifest apply --set values.global.mtls.enabled=true --set values.global.controlPlaneSecurityEnabled=true
2.1.2通过helm部署
# 创建istio-system命名空间
kubectl create namespace istio-system
# 创建istio CRD
helm template install/kubernetes/helm/istio-init --namespace istio-system | kubectl apply -f -
# 检查CRD是否部署完成
kubectl -n istio-system wait --for=condition=complete job --all
# 部署istio
helm template install/kubernetes/helm/istio --namespace istio-system | kubectl apply -f -
2.1.3通过istio-operator部署
kubectl apply -f https://istio.io/operator.yaml
kubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha2
kind: IstioControlPlane
metadata:
namespace: istio-operator
name: example-istiocontrolplane
spec:
profile: demo
EOF
2.2查看istio-system资源
ubuntu@zhengzw-k8s-node-1:~/istio-1.4.0/samples/bookinfo/platform/kube$ kubectl get all -n istio-system
NAME READY STATUS RESTARTS AGE
pod/grafana-6c8f45499-rg5p6 1/1 Running 0 12h
pod/istio-citadel-784d7df6b6-x8ztx 1/1 Running 0 12h
pod/istio-egressgateway-6d9bb5b7fd-t6q4b 1/1 Running 0 12h
pod/istio-galley-7c4f46cb88-5rfmq 1/1 Running 0 12h
pod/istio-ingressgateway-79f779dbd-5vbf8 1/1 Running 0 12h
pod/istio-pilot-7dbbc6d47c-8sjqb 1/1 Running 0 12h
pod/istio-policy-76cf7d86c-b6bmf 1/1 Running 12 12h
pod/istio-sidecar-injector-74cd6dcd84-z2csh 1/1 Running 0 12h
pod/istio-telemetry-7b969c885c-w5l4l 1/1 Running 12 12h
pod/istio-tracing-78548677bc-vpk6g 1/1 Running 0 12h
pod/kiali-fb5f485fb-kb82k 1/1 Running 0 12h
pod/prometheus-685585888b-vz8kk 1/1 Running 0 12h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/grafana NodePort 10.43.179.93 <none> 3000:32181/TCP 12h
service/istio-citadel ClusterIP 10.43.224.2 <none> 8060/TCP,15014/TCP 12h
service/istio-egressgateway ClusterIP 10.43.174.150 <none> 80/TCP,443/TCP,15443/TCP 12h
service/istio-galley ClusterIP 10.43.179.89 <none> 443/TCP,15014/TCP,9901/TCP,15019/TCP 12h
service/istio-ingressgateway LoadBalancer 10.43.23.250 <pending> 15020:32732/TCP,80:31542/TCP,443:30290/TCP,15029:30490/TCP,15030:32752/TCP,15031:31730/TCP,15032:31100/TCP,15443:31932/TCP 12h
service/istio-pilot ClusterIP 10.43.142.224 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 12h
service/istio-policy ClusterIP 10.43.109.166 <none> 9091/TCP,15004/TCP,15014/TCP 12h
service/istio-sidecar-injector ClusterIP 10.43.208.202 <none> 443/TCP 12h
service/istio-telemetry ClusterIP 10.43.253.226 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 12h
service/jaeger-agent ClusterIP None <none> 5775/UDP,6831/UDP,6832/UDP 12h
service/jaeger-collector ClusterIP 10.43.207.194 <none> 14267/TCP,14268/TCP,14250/TCP 12h
service/jaeger-query ClusterIP 10.43.176.51 <none> 16686/TCP 12h
service/kiali NodePort 10.43.90.1 <none> 20001:31055/TCP 12h
service/prometheus ClusterIP 10.43.184.162 <none> 9090/TCP 12h
service/tracing ClusterIP 10.43.101.134 <none> 9411/TCP 12h
service/zipkin ClusterIP 10.43.52.101 <none> 9411/TCP 12h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/grafana 1/1 1 1 12h
deployment.apps/istio-citadel 1/1 1 1 12h
deployment.apps/istio-egressgateway 1/1 1 1 12h
deployment.apps/istio-galley 1/1 1 1 12h
deployment.apps/istio-ingressgateway 1/1 1 1 12h
deployment.apps/istio-pilot 1/1 1 1 12h
deployment.apps/istio-policy 1/1 1 1 12h
deployment.apps/istio-sidecar-injector 1/1 1 1 12h
deployment.apps/istio-telemetry 1/1 1 1 12h
deployment.apps/istio-tracing 1/1 1 1 12h
deployment.apps/kiali 1/1 1 1 12h
deployment.apps/prometheus 1/1 1 1 12h
NAME DESIRED CURRENT READY AGE
replicaset.apps/grafana-6c8f45499 1 1 1 12h
replicaset.apps/istio-citadel-784d7df6b6 1 1 1 12h
replicaset.apps/istio-egressgateway-6d9bb5b7fd 1 1 1 12h
replicaset.apps/istio-galley-7c4f46cb88 1 1 1 12h
replicaset.apps/istio-ingressgateway-79f779dbd 1 1 1 12h
replicaset.apps/istio-pilot-7dbbc6d47c 1 1 1 12h
replicaset.apps/istio-policy-76cf7d86c 1 1 1 12h
replicaset.apps/istio-sidecar-injector-74cd6dcd84 1 1 1 12h
replicaset.apps/istio-telemetry-7b969c885c 1 1 1 12h
replicaset.apps/istio-tracing-78548677bc 1 1 1 12h
replicaset.apps/kiali-fb5f485fb 1 1 1 12h
replicaset.apps/prometheus-685585888b 1 1 1 12h
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/istio-telemetry Deployment/istio-telemetry 2%/80% 1 5 1 12h
ubuntu@zhengzw-k8s-node-1:~/istio-1.4.0/samples/bookinfo/platform/kube$
ubuntu@zhengzw-k8s-node-1:~/istio-1.4.0/samples/bookinfo/platform/kube$ kubectl get all -n istio-system
NAME READY STATUS RESTARTS AGE
pod/grafana-6c8f45499-rg5p6 1/1 Running 0 12h
pod/istio-citadel-784d7df6b6-x8ztx 1/1 Running 0 12h
pod/istio-egressgateway-6d9bb5b7fd-t6q4b 1/1 Running 0 12h
pod/istio-galley-7c4f46cb88-5rfmq 1/1 Running 0 12h
pod/istio-ingressgateway-79f779dbd-5vbf8 1/1 Running 0 12h
pod/istio-pilot-7dbbc6d47c-8sjqb 1/1 Running 0 12h
pod/istio-policy-76cf7d86c-b6bmf 1/1 Running 12 12h
pod/istio-sidecar-injector-74cd6dcd84-z2csh 1/1 Running 0 12h
pod/istio-telemetry-7b969c885c-w5l4l 1/1 Running 12 12h
pod/istio-tracing-78548677bc-vpk6g 1/1 Running 0 12h
pod/kiali-fb5f485fb-kb82k 1/1 Running 0 12h
pod/prometheus-685585888b-vz8kk 1/1 Running 0 12h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/grafana NodePort 10.43.179.93 <none> 3000:32181/TCP 12h
service/istio-citadel ClusterIP 10.43.224.2 <none> 8060/TCP,15014/TCP 12h
service/istio-egressgateway ClusterIP 10.43.174.150 <none> 80/TCP,443/TCP,15443/TCP 12h
service/istio-galley ClusterIP 10.43.179.89 <none> 443/TCP,15014/TCP,9901/TCP,15019/TCP 12h
service/istio-ingressgateway LoadBalancer 10.43.23.250 <pending> 15020:32732/TCP,80:31542/TCP,443:30290/TCP,15029:30490/TCP,15030:32752/TCP,15031:31730/TCP,15032:31100/TCP,15443:31932/TCP 12h
service/istio-pilot ClusterIP 10.43.142.224 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 12h
service/istio-policy ClusterIP 10.43.109.166 <none> 9091/TCP,15004/TCP,15014/TCP 12h
service/istio-sidecar-injector ClusterIP 10.43.208.202 <none> 443/TCP 12h
service/istio-telemetry ClusterIP 10.43.253.226 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 12h
service/jaeger-agent ClusterIP None <none> 5775/UDP,6831/UDP,6832/UDP 12h
service/jaeger-collector ClusterIP 10.43.207.194 <none> 14267/TCP,14268/TCP,14250/TCP 12h
service/jaeger-query ClusterIP 10.43.176.51 <none> 16686/TCP 12h
service/kiali NodePort 10.43.90.1 <none> 20001:31055/TCP 12h
service/prometheus ClusterIP 10.43.184.162 <none> 9090/TCP 12h
service/tracing ClusterIP 10.43.101.134 <none> 9411/TCP 12h
service/zipkin ClusterIP 10.43.52.101 <none> 9411/TCP 12h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/grafana 1/1 1 1 12h
deployment.apps/istio-citadel 1/1 1 1 12h
deployment.apps/istio-egressgateway 1/1 1 1 12h
deployment.apps/istio-galley 1/1 1 1 12h
deployment.apps/istio-ingressgateway 1/1 1 1 12h
deployment.apps/istio-pilot 1/1 1 1 12h
deployment.apps/istio-policy 1/1 1 1 12h
deployment.apps/istio-sidecar-injector 1/1 1 1 12h
deployment.apps/istio-telemetry 1/1 1 1 12h
deployment.apps/istio-tracing 1/1 1 1 12h
deployment.apps/kiali 1/1 1 1 12h
deployment.apps/prometheus 1/1 1 1 12h
NAME DESIRED CURRENT READY AGE
replicaset.apps/grafana-6c8f45499 1 1 1 12h
replicaset.apps/istio-citadel-784d7df6b6 1 1 1 12h
replicaset.apps/istio-egressgateway-6d9bb5b7fd 1 1 1 12h
replicaset.apps/istio-galley-7c4f46cb88 1 1 1 12h
replicaset.apps/istio-ingressgateway-79f779dbd 1 1 1 12h
replicaset.apps/istio-pilot-7dbbc6d47c 1 1 1 12h
replicaset.apps/istio-policy-76cf7d86c 1 1 1 12h
replicaset.apps/istio-sidecar-injector-74cd6dcd84 1 1 1 12h
replicaset.apps/istio-telemetry-7b969c885c 1 1 1 12h
replicaset.apps/istio-tracing-78548677bc 1 1 1 12h
replicaset.apps/kiali-fb5f485fb 1 1 1 12h
replicaset.apps/prometheus-685585888b 1 1 1 12h
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/istio-telemetry Deployment/istio-telemetry 2%/80% 1 5 1 12h
2.3查看版本
ubuntu@zhengzw-k8s-node-1:~/istio-1.4.0/samples/bookinfo/platform/kube$ istioctl version
client version: 1.4.0
control plane version: 1.4.0
data plane version: 1.4.0 (2 proxies)
2.4为default添加istio注入
ubuntu@zhengzw-k8s-node-1:~/istio-1.4.0/install/kubernetes$ kubectl label namespace default istio-injection=enable
namespace/default labeled
ubuntu@zhengzw-k8s-node-1:~/istio-1.4.0/install/kubernetes$ kubectl get ns -L istio-injection
NAME STATUS AGE ISTIO-INJECTION
cattle-system Active 16h
default Active 16h enable
ingress-nginx Active 16h
istio-system Active 12h disabled
kube-node-lease Active 16h
kube-public Active 16h
kube-system Active 16h