To get started with Istio, just follow these three steps:

  • [Set up your platform](#Set up your platform)
  • [Download the release](#Download the release)
  • [Install Istio]

Set up your platform

Before you can install Istio, you need a cluster running a compatible version of Kubernetes. Istio 1.4 has been tested with Kubernetes releases 1.13, 1.14, 1.15.

Create a cluster by selecting the appropriate platform-specific setup instructions.

Some platforms provide a managed control plane which you can use instead of installing Istio manually. If this is the case with your selected platform, and you choose to use it, you will be finished installing Istio after creating the cluster, so you can skip the following instructions. Refer to your platform service provider for further details and instructions.

Download the release

Download the Istio release which includes installation files, samples, and the istioctl command line utility.

  1. Go to the Istio release page to download the installation file corresponding to your OS. Alternatively, on a macOS or Linux system, you can run the following command to download and extract the latest release automatically:

    $ curl -L https://istio.io/downloadIstio | sh -

  2. Move to the Istio package directory. For example, if the package is istio-1.4.3:

    $ cd istio-1.4.3

    The installation directory contains:

    • Installation YAML files for Kubernetes in install/kubernetes
    • Sample applications in samples/
    • The istioctl client binary in the bin/ directory. istioctl is used when manually injecting Envoy as a sidecar proxy.
  3. Add the istioctl client to your path, on a macOS or Linux system:

    $ export PATH=$PWD/bin:$PATH

  4. You can optionally enable the auto-completion option when working with a bash or ZSH console.

Install Istio

These instructions assume you are new to Istio, providing streamlined instruction to install Istio’s built-in demo configuration profile. This installation lets you quickly get started evaluating Istio. If you are already familiar with Istio or interested in installing other configuration profiles or a more advanced deployment model, follow the installing with istioctl instructions instead.

The demo configuration profile is not suitable for performance evaluation. It is designed to showcase Istio functionality with high levels of tracing and access logging.

  1. Install the demo profile

$ istioctl manifest apply –set profile=demo

  1. Verify the installation by ensuring the following Kubernetes services are deployed and verify they all have an appropriate CLUSTER-IP except the jaeger-agent service:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
$ kubectl get svc -n istio-system
NAME                     TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)                                                                                                                                      AGE
grafana                  ClusterIP      172.21.211.123   <none>          3000/TCP                                                                                                                                     2m
istio-citadel            ClusterIP      172.21.177.222   <none>          8060/TCP,15014/TCP                                                                                                                           2m
istio-egressgateway      ClusterIP      172.21.113.24    <none>          80/TCP,443/TCP,15443/TCP                                                                                                                     2m
istio-galley             ClusterIP      172.21.132.247   <none>          443/TCP,15014/TCP,9901/TCP                                                                                                                   2m
istio-ingressgateway     LoadBalancer   172.21.144.254   52.116.22.242   15020:31831/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:30318/TCP,15030:32645/TCP,15031:31933/TCP,15032:31188/TCP,15443:30838/TCP   2m
istio-pilot              ClusterIP      172.21.105.205   <none>          15010/TCP,15011/TCP,8080/TCP,15014/TCP                                                                                                       2m
istio-policy             ClusterIP      172.21.14.236    <none>          9091/TCP,15004/TCP,15014/TCP                                                                                                                 2m
istio-sidecar-injector   ClusterIP      172.21.155.47    <none>          443/TCP,15014/TCP                                                                                                                            2m
istio-telemetry          ClusterIP      172.21.196.79    <none>          9091/TCP,15004/TCP,15014/TCP,42422/TCP                                                                                                       2m
jaeger-agent             ClusterIP      None             <none>          5775/UDP,6831/UDP,6832/UDP                                                                                                                   2m
jaeger-collector         ClusterIP      172.21.135.51    <none>          14267/TCP,14268/TCP                                                                                                                          2m
jaeger-query             ClusterIP      172.21.26.187    <none>          16686/TCP                                                                                                                                    2m
kiali                    ClusterIP      172.21.155.201   <none>          20001/TCP                                                                                                                                    2m
prometheus               ClusterIP      172.21.63.159    <none>          9090/TCP                                                                                                                                     2m
tracing                  ClusterIP      172.21.2.245     <none>          80/TCP                                                                                                                                       2m
zipkin                   ClusterIP      172.21.182.245   <none>          9411/TCP                                                                                                                                     2m

If your cluster is running in an environment that does not support an external load balancer (e.g., minikube), the EXTERNAL-IP of istio-ingressgateway will say <pending>. To access the gateway, use the service’s NodePort, or use port-forwarding instead.

Also ensure corresponding Kubernetes pods are deployed and have a STATUS of Running:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
$ kubectl get pods -n istio-system
NAME                                                           READY   STATUS      RESTARTS   AGE
grafana-f8467cc6-rbjlg                                         1/1     Running     0          1m
istio-citadel-78df5b548f-g5cpw                                 1/1     Running     0          1m
istio-egressgateway-78569df5c4-zwtb5                           1/1     Running     0          1m
istio-galley-74d5f764fc-q7nrk                                  1/1     Running     0          1m
istio-ingressgateway-7ddcfd665c-dmtqz                          1/1     Running     0          1m
istio-pilot-f479bbf5c-qwr28                                    1/1     Running     0          1m
istio-policy-6fccc5c868-xhblv                                  1/1     Running     2          1m
istio-sidecar-injector-78499d85b8-x44m6                        1/1     Running     0          1m
istio-telemetry-78b96c6cb6-ldm9q                               1/1     Running     2          1m
istio-tracing-69b5f778b7-s2zvw                                 1/1     Running     0          1m
kiali-99f7467dc-6rvwp                                          1/1     Running     0          1m
prometheus-67cdb66cbb-9w2hm                                    1/1     Running     0          1m

Next steps

With Istio installed, you can now deploy your own application or one of the sample applications provided with the installation.

The application must use either the HTTP/1.1 or HTTP/2.0 protocols for all its HTTP traffic; HTTP/1.0 is not supported. When you deploy your application using kubectl apply, the Istio sidecar injector will automatically inject Envoy containers into your application pods if they are started in namespaces labeled with istio-injection=enabled:

1
2
$ kubectl label namespace <namespace> istio-injection=enabled
$ kubectl create -n <namespace> -f <your-app-spec>.yaml

In namespaces without the istio-injection label, you can use istioctl kube-inject to manually inject Envoy containers in your application pods before deploying them:

$ istioctl kube-inject -f .yaml | kubectl apply -f -

If you are not sure where to begin, deploy the Bookinfo sample which will allow you to evaluate Istio’s features for traffic routing, fault injection, rate limiting, etc. Then explore the various Istio tasks that interest you.

The following tasks are a good place for beginners to start:

  • Request routing
  • Fault injection
  • Traffic shifting
  • Querying metrics
  • Visualizing metrics
  • Collecting logs
  • Rate limiting
  • Ingress gateways
  • Accessing external services
  • Visualizing your mesh

The next step is to customize Istio and deploy your own applications. Before you install and customize Istio to fit your platform and intended use, check out the following resources:

  • Deployment models
  • Deployment best practices
  • Pod requirements
  • General installation instructions

As you continue to use Istio, we look forward to hearing from you and welcoming you to our community.

Uninstall

The uninstall deletes the RBAC permissions, the istio-system namespace, and all resources hierarchically under it. It is safe to ignore errors for non-existent resources because they may have been deleted hierarchically.

$ istioctl manifest generate –set profile=demo | kubectl delete -f -

参考

https://istio.io/docs/setup/getting-started/