安装Istio

安装Istio前请参见《Containerd 1.4 安装指南（CentOS 8.1&openEuler 20.03）》进行源码编译安装和K8s集群环境搭建，具体章节请参见4-源码编译安装和5-搭建K8s集群环境。
本安装步骤作为示例，具体安装需考虑业务场景。
由于Istio组件默认不会调度到master节点，故至少需要一个子节点。

下载istio 1.8.1。

cd root
wget https://github.com/istio/istio/releases/download/1.8.1/istio-1.8.1-linux-arm64.tar.gz

解压。

tar -xzvf istio-1.8.1-linux-arm64.tar.gz

进入Istio包目录。
```
cd istio-1.8.1
```
将istioctl添加至环境变量（写入“/etc/profile”文件中）。
```
export PATH=$PWD/bin:$PATH
```
验证istioctl命令。
```
istioctl version
```
安装istio operator。

虽然Istio从1.6开始支持linux/arm64，但是官方镜像仓库并没有提供arm64的镜像，所以需要更改仓库地址。
```
istioctl operator init --hub=docker.io/querycapistio
```

安装Istio。

kubectl create ns istio-system
kubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  name: example-iop
  namespace: istio-system
spec:
  hub: docker.io/querycapistio
  meshConfig:
    accessLogFile: /dev/stdout
  components:
    egressGateways:
    - namespace: istio-system
      name: istio-egressgateway
      enabled: true
      k8s:
        affinity:
          nodeAffinity:
            preferredDuringSchedulingIgnoredDuringExecution:
            - preference:
                matchExpressions:
                - key: kubernetes.io/arch
                  operator: In
                  values:
                  - arm64
              weight: 2
            requiredDuringSchedulingIgnoredDuringExecution:
              nodeSelectorTerms:
              - matchExpressions:
                - key: kubernetes.io/arch
                  operator: In
                  values:
                  - arm64
        resources:
          requests:
            cpu: 10m
            memory: 40Mi
    ingressGateways:
    - namespace: istio-system
      name: istio-ingressgateway
      enabled: true
      k8s:
        affinity:
          nodeAffinity:
            preferredDuringSchedulingIgnoredDuringExecution:
            - preference:
                matchExpressions:
                - key: kubernetes.io/arch
                  operator: In
                  values:
                  - arm64
              weight: 2
            requiredDuringSchedulingIgnoredDuringExecution:
              nodeSelectorTerms:
              - matchExpressions:
                - key: kubernetes.io/arch
                  operator: In
                  values:
                  - arm64
        resources:
          requests:
            cpu: 10m
            memory: 40Mi
        service:
          ports:
            - port: 15021
              targetPort: 15021
              name: status-port
            - port: 80
              targetPort: 8080
              name: http2
            - port: 443
              targetPort: 8443
              name: https
            - port: 31400
              targetPort: 31400
              name: tcp
              # This is the port where sni routing happens
            - port: 15443
              targetPort: 15443
              name: tls
    pilot:
      k8s:
        env:
          - name: PILOT_TRACE_SAMPLING
            value: "100"
        resources:
          requests:
            cpu: 10m
            memory: 100Mi
  values:
    global:
      proxy:
        resources:
          requests:
            cpu: 10m
            memory: 40Mi
    pilot:
      autoscaleEnabled: false
    gateways:
      istio-egressgateway:
        autoscaleEnabled: false
      istio-ingressgateway:
        autoscaleEnabled: false
EOF

验证Istio是否安装成功。
```
kubectl get pods -n istio-system
```

父主题： Istio 安装指南（CentOS 8.1&openEuler 20.03）