Once we know that Istio is a good thing and helps us quickly implement some of the key points in microservitization, the next step is to think about how to use Istio. Istio is now strongly associated with Kubernetes. If you are not too familiar with Kubernetes you can learn from the author’s article, through Kubernetes ecological Istio can be very convenient to deploy and use.
Attach:
A meow blog :w-blog.cn
Istio official address :preliminary.istio. IO /zh
Istio Chinese document: preliminary. Istio. IO/useful/docs /
PS: This section is based on the latest ISTIO version 1.0.3
I. Kubernetes preparation
To set up Istio, you need to prepare the Kubernetes environment first. Rancher is used by the author to set up the environment. You can refer to the following blog posts:
Docker application container engine introduction and construction – meow meow blog space – open source China
Kubernetes(2) – Using Rancher to deploy K8S cluster (build Rancher) – Meow a mi blog space – open source China
Kubernetes(3) – Using Rancher to deploy K8S cluster (build Kubernetes) – Meow a mi blog space – open source China
Docker application container engine introduction and construction – meow a meow blog – CSDN blog
Kubernetes(2) – Using Rancher to deploy K8S cluster (build Rancher) – meow meow blog – CSDN blog
Kubernetes(3) – Using Rancher to deploy K8S cluster (build Kubernetes) – meow meow blog – CSDN blog
- Note that the Kubernetes template configuration items need to be modified during deployment, after which the Sidecar automatic injection can be used, otherwise you can only manually check in Sidecar.
- Find the Kubernetes Admission controllers option as follows
NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,Resourc eQuotaCopy the codeAdd two options at the specified location
MutatingAdmissionWebhook,ValidatingAdmissionWebhookCopy the codeThe following
NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,Mutatin gAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuotaCopy the codeThis is how the AdmissionRegistration API is launched
- Finally, select the environment template we prepared in advance when creating the cluster.
Then deploy k8S as described in my previous article:
PS: The K8S version used here is 1.11. A later version than 1.10 is recommended
Deploy Istio
PS: version 1.0.3 has completely used docker. IO and abandoned grc.io, so we don’t need to go over the wall or copy the image (not recommended to use versions before 1.0.3).
First go to the official Git to download the corresponding version package (liunx and MAC should be separate)
Releases istio/ Istio GitHub
> the tar - ZXVF istio - 1.0.3 - Linux. Tar. GzCopy the code2.1 installation istioctl
If sidecar is injected manually, use this command. If sidecar is injected automatically, do not install this command.
> sudo cp istio-1.0.3/bin/istioctl /usr/local/bin/sudo cp istio-1.0.3/bin/istioctl /usr/local/bin/Copy the code2.2 Installing Istio Core Components
A simple installation is done by running yamL which is officially prepared in advance, if there is a custom requirement (some internal components are not required and yamL can be built using HELM)
> kubectl apply - f istio - 1.0.3 / install/kubernetes istio - demo. YamlCopy the code
> kubectl get svc -n istio-systemCopy the code
> kubectl get pods -n istio-system Copy the codePS: It is normal that there will be three 0/1 tasks on this side, mainly three tasks will run only after the specified time or one-time scripts
End three.
At this point, ISTIO has been built. Istio is an uncut set of containers, including Grafaba + Prometheus (with disk and processing resources problems). If there is a need to independently deploy these components in the outer layer, yamL will need to be installed to learn and modify. Later in this series, we will also explain how to deploy non-core components in the outer layer (there are some differences to be careful of with each release).
PS: If you are unable to access the Internet, you can refer to the Egress Traffic Control section or Istio Prelim 1.1 / Control Egress Traffic