应用 Istioctl 装置 istio
下载 Istio
转到 Istio 公布 页面,下载针对你操作系统的安装文件, 或用自动化工具下载并提取最新版本(Linux 或 macOS):
[root@k8s-master-node1 ~]# curl -L https://istio.io/downloadIstio | sh -若无奈下载能够手动写入文件进行执行
脚本内容:
#!/bin/sh# Copyright Istio Authors## Licensed under the Apache License, Version 2.0 (the "License");# you may not use this file except in compliance with the License.# You may obtain a copy of the License at## http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an "AS IS" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.## This file will be fetched as: curl -L https://git.io/getLatestIstio | sh -# so it should be pure bourne shell, not bash (and not reference other scripts)## The script fetches the latest Istio release candidate and untars it.# You can pass variables on the command line to download a specific version# or to override the processor architecture. For example, to download# Istio 1.6.8 for the x86_64 architecture,# run curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.6.8 TARGET_ARCH=x86_64 sh -.set -e# Determines the operating system.OS="$(uname)"if [ "x${OS}" = "xDarwin" ] ; then OSEXT="osx"else OSEXT="linux"fi# Determine the latest Istio version by version number ignoring alpha, beta, and rc versions.if [ "x${ISTIO_VERSION}" = "x" ] ; then ISTIO_VERSION="$(curl -sL https://github.com/istio/istio/releases | \ grep -o 'releases/[0-9]*.[0-9]*.[0-9]*/' | sort -V | \ tail -1 | awk -F'/' '{ print $2}')" ISTIO_VERSION="${ISTIO_VERSION##*/}"fiLOCAL_ARCH=$(uname -m)if [ "${TARGET_ARCH}" ]; then LOCAL_ARCH=${TARGET_ARCH}ficase "${LOCAL_ARCH}" in x86_64) ISTIO_ARCH=amd64 ;; armv8*) ISTIO_ARCH=arm64 ;; aarch64*) ISTIO_ARCH=arm64 ;; armv*) ISTIO_ARCH=armv7 ;; amd64|arm64) ISTIO_ARCH=${LOCAL_ARCH} ;; *) echo "This system's architecture, ${LOCAL_ARCH}, isn't supported" exit 1 ;;esacif [ "x${ISTIO_VERSION}" = "x" ] ; then printf "Unable to get latest Istio version. Set ISTIO_VERSION env var and re-run. For example: export ISTIO_VERSION=1.0.4" exit 1;fiNAME="istio-$ISTIO_VERSION"URL="https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-${OSEXT}.tar.gz"ARCH_URL="https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-${OSEXT}-${ISTIO_ARCH}.tar.gz"with_arch() { printf "\nDownloading %s from %s ...\n" "$NAME" "$ARCH_URL" if ! curl -o /dev/null -sIf "$ARCH_URL"; then printf "\n%s is not found, please specify a valid ISTIO_VERSION and TARGET_ARCH\n" "$ARCH_URL" exit 1 fi curl -fsLO "$ARCH_URL" filename="istio-${ISTIO_VERSION}-${OSEXT}-${ISTIO_ARCH}.tar.gz" tar -xzf "${filename}" rm "${filename}"}without_arch() { printf "\nDownloading %s from %s ..." "$NAME" "$URL" if ! curl -o /dev/null -sIf "$URL"; then printf "\n%s is not found, please specify a valid ISTIO_VERSION\n" "$URL" exit 1 fi curl -fsLO "$URL" filename="istio-${ISTIO_VERSION}-${OSEXT}.tar.gz" tar -xzf "${filename}" rm "${filename}"}# Istio 1.6 and above support arch# Istio 1.5 and below do not have arch supportARCH_SUPPORTED="1.6"if [ "${OS}" = "Linux" ] ; then # This checks if ISTIO_VERSION is less than ARCH_SUPPORTED (version-sort's before it) if [ "$(printf '%s\n%s' "${ARCH_SUPPORTED}" "${ISTIO_VERSION}" | sort -V | head -n 1)" = "${ISTIO_VERSION}" ]; then without_arch else with_arch fielif [ "x${OS}" = "xDarwin" ] ; then without_archelse printf "\n\n" printf "Unable to download Istio %s at this moment!\n" "$ISTIO_VERSION" printf "Please verify the version you are trying to download.\n\n" exit 1fiprintf ""printf "\nIstio %s Download Complete!\n" "$ISTIO_VERSION"printf "\n"printf "Istio has been successfully downloaded into the %s folder on your system.\n" "$NAME"printf "\n"BINDIR="$(cd "$NAME/bin" && pwd)"printf "Next Steps:\n"printf "See https://istio.io/latest/docs/setup/install/ to add Istio to your Kubernetes cluster.\n"printf "\n"printf "To configure the istioctl client tool for your workstation,\n"printf "add the %s directory to your environment path variable with:\n" "$BINDIR"printf "\t export PATH=\"\$PATH:%s\"\n" "$BINDIR"printf "\n"printf "Begin the Istio pre-installation check by running:\n"printf "\t istioctl x precheck \n"printf "\n"printf "Need more information? Visit https://istio.io/latest/docs/setup/install/ \n"[root@k8s-master-node1 ~]# bash istio.sh转到 Istio 包目录。例如,如果包是 istio-1.11.4:
[root@k8s-master-node1 ~]# cd istio-1.11.4/[root@k8s-master-node1 ~/istio-1.11.4]# lltotal 28drwxr-x---. 2 root root 22 Oct 13 22:50 bin-rw-r--r--. 1 root root 11348 Oct 13 22:50 LICENSEdrwxr-xr-x. 5 root root 52 Oct 13 22:50 manifests-rw-r-----. 1 root root 854 Oct 13 22:50 manifest.yaml-rw-r--r--. 1 root root 5866 Oct 13 22:50 README.mddrwxr-xr-x. 21 root root 4096 Oct 13 22:50 samplesdrwxr-xr-x. 3 root root 57 Oct 13 22:50 tools[root@k8s-master-node1 ~/istio-1.11.4]#装置目录蕴含:
samples/ 目录下的示例应用程序
bin/ 目录下的 istioctl 客户端二进制文件 .
将 istioctl 客户端退出搜寻门路(Linux or macOS):
$ export PATH=$PWD/bin:$PATHexport PATH=/root/istio-1.11.4/bin:$PATH[root@k8s-master-node1 ~/istio-1.11.4]# export PATH=$PWD/bin:$PATH[root@k8s-master-node1 ~/istio-1.11.4]#[root@k8s-master-node1 ~/istio-1.11.4]# vim /etc/profile[root@k8s-master-node1 ~/istio-1.11.4]# tail -n 2 /etc/profileexport PATH=/root/istio-1.11.4/bin:$PATH[root@k8s-master-node1 ~/istio-1.11.4]#应用默认配置档装置 Istio
最简略的抉择是用上面命令装置 Istio 默认 配置档:
[root@k8s-master-node1 ~]# istioctl versionno running Istio pods in "istio-system"1.11.4[root@k8s-master-node1 ~]#[root@k8s-master-node1 ~]#[root@k8s-master-node1 ~]# istioctl install --set profile=demo -y✔ Istio core installed ✔ Istiod installed ✔ Egress gateways installed ✔ Ingress gateways installed ✔ Installation complete Thank you for installing Istio 1.11. Please take a few minutes to tell us about your install/upgrade experience! https://forms.gle/kWULBRjUv7hHci7T6[root@k8s-master-node1 ~]#查看istio相应的 namespace 和 pod 是否曾经失常创立
[root@k8s-master-node1 ~]#[root@k8s-master-node1 ~]# kubectl get pods -n istio-systemNAME READY STATUS RESTARTS AGEistio-egressgateway-756d4db566-wh949 1/1 Running 0 2mistio-ingressgateway-8577c57fb6-2vrtg 1/1 Running 0 2mistiod-5847c59c69-l2dt2 1/1 Running 0 2m39s[root@k8s-master-node1 ~]#[root@k8s-master-node1 ~]#[root@k8s-master-node1 ~]#[root@k8s-master-node1 ~]#查看 istio 的 CRD 和 API 资源
[root@k8s-master-node1 ~]#[root@k8s-master-node1 ~]# kubectl get crd |grep istioauthorizationpolicies.security.istio.io 2021-11-01T09:43:55Zdestinationrules.networking.istio.io 2021-11-01T09:43:55Zenvoyfilters.networking.istio.io 2021-11-01T09:43:55Zgateways.networking.istio.io 2021-11-01T09:43:55Zistiooperators.install.istio.io 2021-11-01T09:43:55Zpeerauthentications.security.istio.io 2021-11-01T09:43:55Zrequestauthentications.security.istio.io 2021-11-01T09:43:55Zserviceentries.networking.istio.io 2021-11-01T09:43:55Zsidecars.networking.istio.io 2021-11-01T09:43:55Ztelemetries.telemetry.istio.io 2021-11-01T09:43:55Zvirtualservices.networking.istio.io 2021-11-01T09:43:55Zworkloadentries.networking.istio.io 2021-11-01T09:43:55Zworkloadgroups.networking.istio.io 2021-11-01T09:43:55Z[root@k8s-master-node1 ~]#[root@k8s-master-node1 ~]# kubectl api-resources |grep istioistiooperators iop,io install.istio.io/v1alpha1 true IstioOperatordestinationrules dr networking.istio.io/v1beta1 true DestinationRuleenvoyfilters networking.istio.io/v1alpha3 true EnvoyFiltergateways gw networking.istio.io/v1beta1 true Gatewayserviceentries se networking.istio.io/v1beta1 true ServiceEntrysidecars networking.istio.io/v1beta1 true Sidecarvirtualservices vs networking.istio.io/v1beta1 true VirtualServiceworkloadentries we networking.istio.io/v1beta1 true WorkloadEntryworkloadgroups wg networking.istio.io/v1alpha3 true WorkloadGroupauthorizationpolicies security.istio.io/v1beta1 true AuthorizationPolicypeerauthentications pa security.istio.io/v1beta1 true PeerAuthenticationrequestauthentications ra security.istio.io/v1beta1 true RequestAuthenticationtelemetries telemetry telemetry.istio.io/v1alpha1 true Telemetry[root@k8s-master-node1 ~]#装置 dashboard 组件。命令如下
[root@k8s-master-node1 ~]# kubectl apply -f /root/istio-1.11.4/samples/addons/ -n istio-systemserviceaccount/grafana createdconfigmap/grafana createdservice/grafana createddeployment.apps/grafana createdconfigmap/istio-grafana-dashboards createdconfigmap/istio-services-grafana-dashboards createddeployment.apps/jaeger createdservice/tracing createdservice/zipkin createdservice/jaeger-collector createdserviceaccount/kiali createdconfigmap/kiali createdclusterrole.rbac.authorization.k8s.io/kiali-viewer createdclusterrole.rbac.authorization.k8s.io/kiali createdclusterrolebinding.rbac.authorization.k8s.io/kiali createdrole.rbac.authorization.k8s.io/kiali-controlplane createdrolebinding.rbac.authorization.k8s.io/kiali-controlplane createdservice/kiali createddeployment.apps/kiali createdserviceaccount/prometheus createdconfigmap/prometheus createdclusterrole.rbac.authorization.k8s.io/prometheus createdclusterrolebinding.rbac.authorization.k8s.io/prometheus createdservice/prometheus createddeployment.apps/prometheus created[root@k8s-master-node1 ~]#[root@k8s-master-node1 ~]# kubectl get pods -n istio-systemNAME READY STATUS RESTARTS AGEgrafana-68cc7d6d78-792cw 1/1 Running 0 88sistio-egressgateway-756d4db566-wh949 1/1 Running 0 6m9sistio-ingressgateway-8577c57fb6-2vrtg 1/1 Running 0 6m9sistiod-5847c59c69-l2dt2 1/1 Running 0 6m48sjaeger-5d44bc5c5d-n6zjq 1/1 Running 0 88skiali-fd9f88575-svz7g 1/1 Running 0 87sprometheus-77b49cb997-7d4s9 2/2 Running 0 86s[root@k8s-master-node1 ~]#将istio-ingressgateway改为NodePort形式,不便拜访
[root@k8s-master-node1 ~]# kubectl patch service istio-ingressgateway -n istio-system -p '{"spec":{"type":"NodePort"}}'service/istio-ingressgateway patched[root@k8s-master-node1 ~]#Linux运维交换社区
Linux运维交换社区,互联网新闻以及技术交换。
46篇原创内容
公众号
https://blog.csdn.net/qq_3392...
https://my.oschina.net/u/3981543
https://www.zhihu.com/people/...
https://segmentfault.com/u/hp...
https://juejin.cn/user/331578...
https://space.bilibili.com/35...
https://cloud.tencent.com/dev...
知乎、CSDN、开源中国、思否、掘金、哔哩哔哩、腾讯云