鲲鹏社区首页
中文
注册
开发者
支持
我要评分
文档获取效率
文档正确性
内容完整性
文档易理解
提交
在线提单
论坛求助

安装Istio

  • 安装Istio前请参见《Containerd 1.4 安装指南(CentOS 8.1&openEuler 20.03)》进行源码编译安装和K8s集群环境搭建,具体章节请参见4-源码编译安装5-搭建K8s集群环境
  • 本安装步骤作为示例,具体安装需考虑业务场景。
  • 由于Istio组件默认不会调度到master节点,故至少需要一个子节点。
  1. 下载istio 1.8.1。
    1
2
    		 
    cd root
wget https://github.com/istio/istio/releases/download/1.8.1/istio-1.8.1-linux-arm64.tar.gz
  2. 解压。
    1
    		 
    tar -xzvf istio-1.8.1-linux-arm64.tar.gz
  3. 进入Istio包目录。
    1
    		 
    cd istio-1.8.1
  4. 将istioctl添加至环境变量(写入“/etc/profile”文件中)。
    1
    		 
    export PATH=$PWD/bin:$PATH
  5. 验证istioctl命令。
    1
    		 
    istioctl version

  6. 安装istio operator。

    虽然Istio从1.6开始支持linux/arm64,但是官方镜像仓库并没有提供arm64的镜像,所以需要更改仓库地址。

    1
    		 
    istioctl operator init --hub=docker.io/querycapistio
  7. 安装Istio。
      1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
    		 
    kubectl create ns istio-system
kubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  name: example-iop
  namespace: istio-system
spec:
  hub: docker.io/querycapistio
  meshConfig:
    accessLogFile: /dev/stdout
  components:
    egressGateways:
    - namespace: istio-system
      name: istio-egressgateway
      enabled: true
      k8s:
        affinity:
          nodeAffinity:
            preferredDuringSchedulingIgnoredDuringExecution:
            - preference:
                matchExpressions:
                - key: kubernetes.io/arch
                  operator: In
                  values:
                  - arm64
              weight: 2
            requiredDuringSchedulingIgnoredDuringExecution:
              nodeSelectorTerms:
              - matchExpressions:
                - key: kubernetes.io/arch
                  operator: In
                  values:
                  - arm64
        resources:
          requests:
            cpu: 10m
            memory: 40Mi
    ingressGateways:
    - namespace: istio-system
      name: istio-ingressgateway
      enabled: true
      k8s:
        affinity:
          nodeAffinity:
            preferredDuringSchedulingIgnoredDuringExecution:
            - preference:
                matchExpressions:
                - key: kubernetes.io/arch
                  operator: In
                  values:
                  - arm64
              weight: 2
            requiredDuringSchedulingIgnoredDuringExecution:
              nodeSelectorTerms:
              - matchExpressions:
                - key: kubernetes.io/arch
                  operator: In
                  values:
                  - arm64
        resources:
          requests:
            cpu: 10m
            memory: 40Mi
        service:
          ports:
            - port: 15021
              targetPort: 15021
              name: status-port
            - port: 80
              targetPort: 8080
              name: http2
            - port: 443
              targetPort: 8443
              name: https
            - port: 31400
              targetPort: 31400
              name: tcp
              # This is the port where sni routing happens
            - port: 15443
              targetPort: 15443
              name: tls
    pilot:
      k8s:
        env:
          - name: PILOT_TRACE_SAMPLING
            value: "100"
        resources:
          requests:
            cpu: 10m
            memory: 100Mi
  values:
    global:
      proxy:
        resources:
          requests:
            cpu: 10m
            memory: 40Mi
    pilot:
      autoscaleEnabled: false
    gateways:
      istio-egressgateway:
        autoscaleEnabled: false
      istio-ingressgateway:
        autoscaleEnabled: false
EOF
  8. 验证Istio是否安装成功。
    kubectl get pods -n istio-system