k8s系列之十四安装Istio

Istio 是一个开源的服务网格（Service Mesh），用于连接、管理和保护微服务。它提供了一组功能强大的工具，包括流量管理、安全性、监控和跟踪等，以帮助在微服务架构中更好地管理服务之间的通信。

一些主要的 Istio 功能包括：

流量管理： Istio 可以对流量进行智能路由、负载均衡和故障转移，还支持 A/B 测试和金丝雀发布等高级部署模式。
策略和安全性：它提供了细粒度的访问控制、认证和授权机制，可以在微服务之间强化安全通信。
监控和跟踪： Istio 集成了 Prometheus 和 Jaeger 等开源工具，用于实时监控和分析微服务的性能和行为。
自动化治理：通过使用 Istio，你可以更容易地管理服务发现、负载均衡和故障恢复，而无需修改服务代码。

总的来说，Istio 提供了一种灵活且强大的方法，用于解决微服务架构中常见的网络通信、安全性和可观察性等问题。

1.环境要求

我之前的k8s版本是1.18，所以我选择安装的是1.10.4版本；
在这里插入图片描述
集群情况：

节点	ip
k8s-master	192.168.200.128
k8s-node1	192.168.200.129
k8s-node2	192.168.200.130

下载 Istio

用自动化工具下载并提取最新版本（Linux 或 macOS）

curl -L https://istio.io/downloadIstio | sh -

指定版本下载，用来下载指定的、不同处理器体系的版本。例如，要为 x86_64 架构下载 Istio 1.21.0，请运行

curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.21.0 TARGET_ARCH=x86_64 sh -

由于网络原因，会提示：curl: (7) Failed connect to raw.githubusercontent.com:443; 拒绝连接

所以需要我们手动下载需要的版本，使用wget 下载。

wget https://github.com/istio/istio/releases/download/1.10.4/istio-1.10.4-linux-amd64.tar.gz

解压文件

tar zxvf istio-1.10.4-linux-amd64.tar.gz -C /usr/local/

设置环境变量

echo 'export ISTIO_HOME=/usr/local/istio-1.10.4' >> /etc/profile
echo 'export PATH=$PATH:$ISTIO_HOME/bin' >> /etc/profile

加载变量

source /etc/profile

查看版本

[root@k8s-master ~]# istioctl version
client version: 1.10.4
control plane version: 1.10.4
data plane version: 1.10.4 (2 proxies)

安装Istio

在学习、实验环境我们可以选择 demo 这个 profile 进行安装，如下示例：

istioctl install --set profile=demo -y

查看istio安装结果：

[root@k8s-master ~]# kubectl get ns |grep istio
istio-system           Active   36m

查看pods

[root@k8s-master ~]# kubectl get pods -n istio-system
NAME                                    READY   STATUS    RESTARTS   AGE
istio-egressgateway-5495ff7cd4-wl54w    1/1     Running   0          36m
istio-ingressgateway-7ff744449d-785tw   1/1     Running   0          36m
istiod-5bbb77c878-zpp85

检查 istio 的 CRD 和 API 资源：

kubectl get crd |grep istio
kubectl api-resources |grep istio

创建Kiali的CRDs

[root@k8s-master ~]# cd istio-1.10.4/samples/addons/
[root@k8s-master addons]# ls
extras  grafana.yaml  jaeger.yaml  kiali.yaml  prometheus_vm_tls.yaml  prometheus_vm.yaml  prometheus.yaml  README.md
[root@k8s-master addons]# vi kiali-crd.yaml

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:name: monitoringdashboards.monitoring.kiali.io
spec:group: monitoring.kiali.ionames:kind: MonitoringDashboardlistKind: MonitoringDashboardListplural: monitoringdashboardssingular: monitoringdashboardscope: Namespacedversions:- name: v1alpha1served: truestorage: true

执行kiali-crd.yaml

[root@k8s-master addons]# kubectl apply -f kiali-crd.yaml
customresourcedefinition.apiextensions.k8s.io/monitoringdashboards.monitoring.kiali.io created

安装 Kiali 和其他插件，命令如下：

[root@k8s-master addons]# kubectl apply -f /usr/local/istio-1.10.4/samples/addons -n istio-system
serviceaccount/grafana created
configmap/grafana created
service/grafana created
deployment.apps/grafana created
configmap/istio-grafana-dashboards created
configmap/istio-services-grafana-dashboards created
deployment.apps/jaeger created
service/tracing created
service/zipkin created
service/jaeger-collector created
customresourcedefinition.apiextensions.k8s.io/monitoringdashboards.monitoring.kiali.io configured
serviceaccount/kiali created
configmap/kiali created
clusterrole.rbac.authorization.k8s.io/kiali-viewer created
clusterrole.rbac.authorization.k8s.io/kiali created
clusterrolebinding.rbac.authorization.k8s.io/kiali created
role.rbac.authorization.k8s.io/kiali-controlplane created
rolebinding.rbac.authorization.k8s.io/kiali-controlplane created
service/kiali created
deployment.apps/kiali created
monitoringdashboard.monitoring.kiali.io/envoy created
monitoringdashboard.monitoring.kiali.io/go created
monitoringdashboard.monitoring.kiali.io/kiali created
monitoringdashboard.monitoring.kiali.io/micrometer-1.0.6-jvm-pool created
monitoringdashboard.monitoring.kiali.io/micrometer-1.0.6-jvm created
monitoringdashboard.monitoring.kiali.io/micrometer-1.1-jvm created
monitoringdashboard.monitoring.kiali.io/microprofile-1.1 created
monitoringdashboard.monitoring.kiali.io/microprofile-x.y created
monitoringdashboard.monitoring.kiali.io/nodejs created
monitoringdashboard.monitoring.kiali.io/quarkus created
monitoringdashboard.monitoring.kiali.io/springboot-jvm-pool created
monitoringdashboard.monitoring.kiali.io/springboot-jvm created
monitoringdashboard.monitoring.kiali.io/springboot-tomcat created
monitoringdashboard.monitoring.kiali.io/thorntail created
monitoringdashboard.monitoring.kiali.io/tomcat created
monitoringdashboard.monitoring.kiali.io/vertx-client created
monitoringdashboard.monitoring.kiali.io/vertx-eventbus created
monitoringdashboard.monitoring.kiali.io/vertx-jvm created
monitoringdashboard.monitoring.kiali.io/vertx-pool created
monitoringdashboard.monitoring.kiali.io/vertx-server created
serviceaccount/prometheus created
configmap/prometheus created
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created
service/prometheus created
deployment.apps/prometheus created
serviceaccount/prometheus unchanged
configmap/prometheus configured
clusterrole.rbac.authorization.k8s.io/prometheus configured
clusterrolebinding.rbac.authorization.k8s.io/prometheus unchanged
service/prometheus unchanged
deployment.apps/prometheus configured
serviceaccount/prometheus unchanged
configmap/prometheus configured
clusterrole.rbac.authorization.k8s.io/prometheus unchanged
clusterrolebinding.rbac.authorization.k8s.io/prometheus unchanged
service/prometheus unchanged
deployment.apps/prometheus configured
[root@k8s-master addons]#

将istio-ingressgateway改为NodePort方式，方便访问

 kubectl patch service istio-ingressgateway -n istio-system -p '{"spec":{"type":"NodePort"}}'

到此istio按照完成！
kiali 是一款 istio 服务网格可视化工具，提供了服务拓补图、全链路跟踪、指标遥测、配置校验、健康检查等功能。

kiali使用

上面已经安装了kiali，查看pod和svc

[root@k8s-master addons]# kubectl get pods -n istio-system|grep kiali
kiali-6c77f9c466-kbz95                  1/1     Running   0          9m15s
[root@k8s-master addons]# kubectl get svc -n istio-system|grep kiali
kiali                  ClusterIP   10.1.196.137   <none>        20001/TCP,9090/TCP                                                           9m23s

需要将 service 的服务类型设置为 nodeport，执行命令如下：

kubectl patch svc -n istio-system kiali -p '{"spec": {"type": "NodePort"}}'

再次查看svc

[root@k8s-master addons]# kubectl get svc -n istio-system|grep kiali
kiali                  NodePort    10.1.196.137   <none>        20001:31188/TCP,9090:31926/TCP                                               10m

可以看到20001对应的端口是31188

通过浏览器访问：

http://192.168.200.128:31188/

可以看到页面：
在这里插入图片描述