notes ： This article is based on istio-1.13.4 To write

1 About Istio

Istio yes Service Mesh An implementation of patterns , It is mainly used for the governance of microservices .Kubernetes It can cover the deployment of services 、 upgrade 、 Capacity expansion and other operation management capabilities , But for service governance , Such as the fusing of services 、 Current limiting 、 Dynamic routing 、 Call chain tracing can do nothing . therefore Istio And Kubernetes complementary , Become one of the best practices in microservice management .

Istio The core idea of service governance is to separate the function of service governance from business services , As a sidecar Containers , It can be decoupled and compatible with different languages , There is no need to use the same language as the business service . After the independence of public governance capacity , All components can be accessed , And sidecar So that the service can be accessed without any modification .

Istio There are four main features ：

• Traffic management ： On the basis of service connection , By controlling traffic and calls between services , Implement request routing 、 Load balancing 、 Overtime 、 retry 、 Fuse 、 fault injection 、 Redirection and so on
• Security ： Provide certificate configuration management , And service access authentication 、 Authorization and other security capabilities
• Policy control ： Provide access rate limiting capability .
• observation ： Get service running indicators and outputs , Provide call chain tracing and log collection capabilities .

2 install Istio

2.1 Download installation package

With the latest release Version as an example ,

wget https://github.com/istio/istio/releases/download/1.13.4/istio-1.13.4-linux-amd64.tar.gz

After decompressing , hold istioctl Copy to the system environment variable path In the path ,

[[email protected] istio]# tar -xf istio-1.13.4-linux-amd64.tar.gz 
[[email protected] istio]# cd istio-1.13.4/
[[email protected] istio-1.13.4]# cp bin/istioctl /usr/local/bin/

2.2 adopt istioctl install istio

[[email protected] istio-1.13.4]# istioctl install --set profile=demo --set hub=registry-1.docker.io/istio
This will install the Istio 1.13.4 demo profile with ["Istio core" "Istiod" "Ingress gateways" "Egress gateways"] components into the cluster. Proceed? (y/N) y
 Istio core installed                                                           
 Istiod installed                                                               
 Egress gateways installed                                                      
 Ingress gateways installed                                                     
 Installation complete                                                          
Making this installation the default for injection and validation.
...

profile Set to demo, The is installed Istiod,ingressgateway and egressgateway,
hub Set up a private image warehouse for yourself , You can put the images obtained from other channels into your own registry in , Easy to use .

After completion , We can see the corresponding pod, Default installed in istio-system namespace in ,

[[email protected] istio-1.13.4]# kubectl get pod -n istio-system
NAME                                   READY   STATUS    RESTARTS   AGE
istio-egressgateway-5dc6c98fbc-vdlml   1/1     Running   0          3d1h
istio-ingressgateway-87bbdd549-8776n   1/1     Running   0          3d1h
istiod-56b7b78cb5-94c69                1/1     Running   0          3d1h

3 install bookinfo application

3.1 establish bookinfo namespace

We build a new one namespace be used for demo Application deployment

kubectl create ns bookinfo

3.2 add to label

because Istio proxy The injection of is based on label, So we need to do it for demo namespace add to label,

[[email protected] ~]# kubectl label namespace bookinfo istio-injection=enabled
[[email protected] ~]# kubectl get ns --show-labels bookinfo
NAME       STATUS   AGE     LABELS
bookinfo   Active   4d12h   istio-injection=enabled,kubernetes.io/metadata.name=bookinfo

3.3 Deploy bookinfo

First, replace the image warehouse with your own , And then directly apply Just go ,

[[email protected] istio-1.13.4]# sed -i 's/image: docker.io/image: my-registry/g' samples/bookinfo/platform/kube/bookinfo.yaml
[[email protected] istio-1.13.4]# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -n bookinfo
[[email protected] istio-1.13.4]# kubectl get pod -n bookinfo
NAME                              READY   STATUS    RESTARTS   AGE
details-v1-657d49f566-58tfz       2/2     Running   0          4d
productpage-v1-64b66f8976-zpn88   2/2     Running   0          4d
ratings-v1-567b968c8-67tqb        2/2     Running   0          4d10h
reviews-v1-8bff59b-tbkrp          2/2     Running   0          4d
reviews-v2-5c8cdd5b76-st9m9       2/2     Running   0          4d
reviews-v3-dcb96c9fb-t6rj4        2/2     Running   0          4d

Then we can view the application pod Container information in , You can see that it has been injected istio-proxy,

[[email protected] istio-1.13.4]# kubectl get pod productpage-v1-64b66f8976-hsvdb -n bookinfo -o jsonpath='{.status.containerStatuses}' | jq
[
  {
    
    "containerID": "docker://83156e219de60dd69084744fa75ba4116cd4c804002b0439387adc7bf2f3153e",
    "image": "my-registry/istio/proxyv2:1.13.4",
    ...
    "name": "istio-proxy",
    "ready": true,
    "restartCount": 0,
    "started": true,
    ...
  },
  {
    
    "containerID": "docker://b99a84708d9fdc967eb3fd2c47726911dba4ffec4e3e32ceb0a67e6ed5d3dbd4",
    "image": "my-registry/istio/examples-bookinfo-productpage-v1:1.16.2",
    ...
    "name": "productpage",
    "ready": true,
    ...
  }
]

3.4 Add routing rules

After service deployment , You also need to add routing rules , Route the request to the corresponding service ,

kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml -n bookinfo

3.5 Access the service

3.5.1 adopt nodeport

• obtain host ip, That is to say ingressgateway pod Location machine ip,

kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}'

• obtain port, That is to say 80 The destination port of the port mapping , namely 30579

[[email protected] istio-1.13.4]# kubectl -n istio-system get service istio-ingressgateway
NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                                                                      AGE
istio-ingressgateway   LoadBalancer   10.111.130.87   <pending>     15021:31042/TCP,80:30579/TCP,443:32271/TCP,31400:30485/TCP,15443:31231/TCP   4d10h

Actual visit ：

3.5.2 adopt externalip

Because we test locally , You can't use the public network LB, So we can directly put externalip Change to a node Of ip, So that we can pass through 80 Port access ,

[[email protected] istio-1.13.4]# kubectl -n istio-system get service istio-ingressgateway
NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                                                                      AGE
istio-ingressgateway   LoadBalancer   10.111.130.87   <pending>     15021:31042/TCP,80:30579/TCP,443:32271/TCP,31400:30485/TCP,15443:31231/TCP   4d10h
[[email protected] istio-1.13.4]# kubectl patch svc istio-ingressgateway --namespace istio-system --patch '{"spec": { "externalIPs": ["192.168.0.181"] }}'
service/istio-ingressgateway patched
[[email protected] istio-1.13.4]# kubectl -n istio-system get service istio-ingressgateway
NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                                                                      AGE
istio-ingressgateway   LoadBalancer   10.111.130.87   192.168.0.181   15021:31042/TCP,80:30579/TCP,443:32271/TCP,31400:30485/TCP,15443:31231/TCP   4d10h

4 uninstall istio

istioctl x uninstall --purge

Reference documents ：

1. https://istio.io/latest/docs/setup/getting-started/
2. https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/
3. https://istio.io/latest/docs/tasks/