前言

接下來講一下 Istio 如何安裝在一個 Kubernetes 的環境當中，首先要有一個 Kubernetes 叢集，在Day1~Day5有這部分的相關介紹，以下以 Ubuntu 16.04 LTS 作為例子。

安裝 Istio on Kubernetes

Step1. 下載 Istio Release

如果作業系統為非 Linux 的可到官方GITHUB 下載其他作業系統的 Release Assets

curl -L https://git.io/getLatestIstio | ISTIO_VERSION=1.3.0 sh -

Step2. 切換目錄至 Istio release 的根目錄

cd istio-1.3.0

Step3. 在環境變數中加入 Istio binary 的路徑，在Istio完成安裝後即可呼叫 istioctl

export PATH=$PWD/bin:$PATH

Step4. 安裝 Istio Kubernetes Custom Resource Definitions (CRD)

for i in install/kubernetes/helm/istio-init/files/crd*yaml; do kubectl apply -f $i; done

Step5. 安裝 Istio

kubectl apply -f install/kubernetes/istio-demo.yaml # 須設定，微服務與微服務之間才會有安全性
kubectl apply -f install/kubernetes/istio-demo-auth.yaml # 預設微服務與微服務之間的通訊就具有安全性

Step6. 檢查安裝是否成功

kubectl get service -n istio-system
grafana                  ClusterIP      10.105.38.110    <none>        3000/TCP
istio-citadel            ClusterIP      10.97.66.196     <none>        8060/TCP,15014/TCP
istio-egressgateway      ClusterIP      10.98.184.244    <none>        80/TCP,443/TCP,15443/TCP
istio-galley             ClusterIP      10.102.157.239   <none>        443/TCP,15014/TCP,9901/TCP
istio-ingressgateway     LoadBalancer   10.102.106.49    <pending>     15020:32572/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:31366/TCP,15030:30579/TCP,15031:31528/TCP,15032:30936/TCP,15443:30336/TCP
istio-pilot              ClusterIP      10.103.191.208   <none>        15010/TCP,15011/TCP,8080/TCP,15014/TCP
istio-policy             ClusterIP      10.98.74.199     <none>        9091/TCP,15004/TCP,15014/TCP
istio-sidecar-injector   ClusterIP      10.102.22.61     <none>        443/TCP,15014/TCP
istio-telemetry          ClusterIP      10.104.70.199    <none>        9091/TCP,15004/TCP,15014/TCP,42422/TCP
jaeger-agent             ClusterIP      None             <none>        5775/UDP,6831/UDP,6832/UDP
jaeger-collector         ClusterIP      10.103.76.116    <none>        14267/TCP,14268/TCP
jaeger-query             ClusterIP      10.101.118.75    <none>        16686/TCP
kiali                    ClusterIP      10.106.22.125    <none>        20001/TCP
prometheus               ClusterIP      10.103.111.226   <none>        9090/TCP
tracing                  ClusterIP      10.102.152.93    <none>        80/TCP
zipkin                   ClusterIP      10.108.94.75     <none>        9411/TCP

kubectl get pod -n istio-system
istio-citadel-679b7c9b5b-n6h9t            1/1     Running     0          5d18h
istio-cleanup-secrets-1.3.0-gvbx7         0/1     Completed   0          5d18h
istio-egressgateway-64b7886444-zx9vz      1/1     Running     0          5d18h
istio-galley-5b597b94bb-8rjw7             1/1     Running     0          5d18h
istio-grafana-post-install-1.3.0-zd6pb    0/1     Completed   0          5d18h
istio-ingressgateway-7965c97677-6ftd9     1/1     Running     0          5d18h
istio-pilot-86879ff58b-llg8b              2/2     Running     0          5d18h
istio-policy-644695fddc-4zcv9             2/2     Running     1          5d18h
istio-security-post-install-1.3.0-gq59q   0/1     Completed   0          5d18h
istio-sidecar-injector-68f4668959-gzt46   1/1     Running     0          5d18h
istio-telemetry-5957ddf445-q25b2          2/2     Running     2          5d18h
istio-tracing-669fd4b9f8-79947            1/1     Running     0          5d18h
kiali-94f8cbd99-tr7kr                     1/1     Running     0          5d18h
prometheus-776fdf7479-jxpr2               1/1     Running     0          5d18h

部署應用程式

將一個 namespace 的所有 POD 標記istio-injection=enabled，使得在部署服務時可以在該服務加掛 side car container

kubectl label namespace <namespace> istio-injection=enabled
kubectl apply -f <your-app-spec>.yaml -n <namespace>