GetMesh 概述
GetMesh 是开始使用 Istio 最简单的方法,并确保您使用的是受信任和支持的 Istio 版本。安装和更新 GetMesh 非常简单,只需执行以下命令即可。
1 | curl -sL https://istio.tetratelabs.io/getmesh/install.sh | bash |
为什么使用 getmesh CLI
GetMesh CLI 简化了 Istio 的安装、管理和升级,使您可以最大限度地利用服务网格和开源的优势。
GetIsio CLI 工具满足企业级需求,因为它:
- 强制获取 Istio 的认证版本,并只允许安装 Istio 的兼容版本。
- 允许在多个 istioctl 版本之间无缝切换。
- 符合 FIPS 标准。
- 通过整合多个来源的验证库,提供基于平台的 Istio 配置验证。
- 使用一些云提供商证书管理系统来创建 Istio CA 证书,用于签署服务网格管理工作负载。
- 提供附加的与云提供商多个集成点。
对于企业生命周期和变更管理实践来说,Istio 的发布时间表可能非常激进。GetMesh 通过针对不同的 Kubernetes 发行版测试所有 Istio 版本的功能完整性来解决这一问题。GetMesh 的 Istio 版本积极支持安全补丁和其他 bug 更新,比上游 Istio 提供的支持寿命要长得多。
安装和更新 GetMesh
Tetrate Istio Distro可以通过以下命令获得
1
2
3
4
5
6
7
8
9
10
11
12
13curl -sL https://istio.tetratelabs.io/getmesh/install.sh | bash
# 输出内容如下
tetratelabs/getmesh info checking GitHub for latest tag
tetratelabs/getmesh info found version: 1.1.5 for v1.1.5/linux/amd64
tetratelabs/getmesh info installed /root/.getmesh/bin/getmesh
tetratelabs/getmesh info updating user profile (/root/.bash_profile)...
tetratelabs/getmesh info the following two lines are added into your profile (/root/.bash_profile):
export GETMESH_HOME="$HOME/.getmesh"
export PATH="$GETMESH_HOME/bin:$PATH"
Finished installation. Open a new terminal to start using getmesh!最好挂载代理,否则安装会很慢,可能安装失败!
默认情况下,这将下载最新版本的 Tetrate Istio Distro 和认证的 Istio。要检查下载是否成功,运行 version 命令。
1
2
3
4
5
6
7getmesh version
# 输出内容如下
getmesh version: 1.1.5
active istioctl: 1.18.2-tetrate-v0
no ready Istio pods in "istio-system"
1.18.2-tetrate-v0或者
1
getmesh version --remote=false #只有客户端版本的详细信息
以下表格的输出说明 Tetrate Istio Distro已成功安装。
1
2getmesh version: 1.1.5
active istioctl: 1.18.2-tetrate-v0要查看 Tetrate Istio Distro及其支持的功能的可用命令列表,运行 help 命令。
1
getmesh --help
下载 Tetrate Istio Distro后,可以通过运行 update 命令自我更新到最新版本。
1
getmesh update
虽然我们建议始终使用最新的 GetMesh,但如果用户出于测试或其他原因想下载不同版本的 GetMesh,可以使用以下命令。
1
2export GETISTIO_VERSION=<your_version> # 比如说0.5.0
curl -sL https://istio.tetratelabs.io/getmesh/install.sh | bash这将把现有的 Tetrate Istio Distro 版本覆盖到刚刚下载的版本。
安装 istio
GetMesh 默认与你的 Kubernetes 配置所定义的集群进行通信。在继续之前,请确保你连接到了正确的集群。
使用
getmesh fetch
切换到需要安装的 istio 版本风格1
getmesh fetch --version 1.16.6 --flavor tetrate --flavor-version 0
输出信息如下
1
2
3
4For more information about 1.16.6-tetrate-v0, please refer to the release notes:
- https://istio.io/latest/news/releases/1.16.x/announcing-1.16.6/
istioctl switched to 1.16.6-tetrate-v0 now使用
getmesh list
查看当前的版本风格1
2
3
4
5
6
7
8
9
10
11# getmesh list
ISTIO VERSION FLAVOR FLAVOR VERSION K8S VERSIONS END OF LIFE
1.18.2 tetrate 0 1.23,1.24,1.25,1.26 2024-12-07
... 省略 N 行 ...
1.17.1 istio 0 1.23,1.24,1.25,1.26 2024-08-14
1.17.0 tetrate 0 1.23,1.24,1.25,1.26 2024-08-14
1.17.0 istio 0 1.23,1.24,1.25,1.26 2024-08-14
*1.16.6 tetrate 0 1.22,1.23,1.24,1.25 2024-01-15
1.16.6 tetratefips 0 1.22,1.23,1.24,1.25 2024-01-15
1.16.6 istio 0 1.22,1.23,1.24,1.25 2024-01-15
...使用以下命令来完成安装 Istio 的安装
1
getmesh istioctl install --set profile=demo
输出信息如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74✔ No issues found when checking the cluster. Istio is safe to install or upgrade!
To get started, check out https://istio.io/latest/docs/setup/getting-started/
This will install the Istio 1.16.6 demo profile with ["Istio core" "Istiod" "Ingress gateways" "Egress gateways"] components into the cluster. Proceed? (y/N) y
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete Making this installation the default for injection and validation.
Thank you for installing Istio 1.16. Please take a few minutes to tell us about your install/upgrade experience! https://forms.gle/99uiMML96AmsXY5d6
1 Istio control planes detected, checking --revision "default" only
✔ Deployment: istio-ingressgateway.istio-system checked successfully
✔ PodDisruptionBudget: istio-ingressgateway.istio-system checked successfully
✔ Role: istio-ingressgateway-sds.istio-system checked successfully
✔ RoleBinding: istio-ingressgateway-sds.istio-system checked successfully
✔ Service: istio-ingressgateway.istio-system checked successfully
✔ ServiceAccount: istio-ingressgateway-service-account.istio-system checked successfully
✔ Deployment: istio-egressgateway.istio-system checked successfully
✔ PodDisruptionBudget: istio-egressgateway.istio-system checked successfully
✔ Role: istio-egressgateway-sds.istio-system checked successfully
✔ RoleBinding: istio-egressgateway-sds.istio-system checked successfully
✔ Service: istio-egressgateway.istio-system checked successfully
✔ ServiceAccount: istio-egressgateway-service-account.istio-system checked successfully
✔ ClusterRole: istiod-istio-system.istio-system checked successfully
✔ ClusterRole: istio-reader-istio-system.istio-system checked successfully
✔ ClusterRoleBinding: istio-reader-istio-system.istio-system checked successfully
✔ ClusterRoleBinding: istiod-istio-system.istio-system checked successfully
✔ ServiceAccount: istio-reader-service-account.istio-system checked successfully
✔ Role: istiod-istio-system.istio-system checked successfully
✔ RoleBinding: istiod-istio-system.istio-system checked successfully
✔ ServiceAccount: istiod-service-account.istio-system checked successfully
✔ CustomResourceDefinition: wasmplugins.extensions.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: destinationrules.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: envoyfilters.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: gateways.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: proxyconfigs.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: serviceentries.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: sidecars.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: virtualservices.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: workloadentries.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: workloadgroups.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: authorizationpolicies.security.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: peerauthentications.security.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: requestauthentications.security.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: telemetries.telemetry.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: istiooperators.install.istio.io.istio-system checked successfully
✔ ClusterRole: istiod-clusterrole-istio-system.istio-system checked successfully
✔ ClusterRole: istiod-gateway-controller-istio-system.istio-system checked successfully
✔ ClusterRoleBinding: istiod-clusterrole-istio-system.istio-system checked successfully
✔ ClusterRoleBinding: istiod-gateway-controller-istio-system.istio-system checked successfully
✔ ConfigMap: istio.istio-system checked successfully
✔ Deployment: istiod.istio-system checked successfully
✔ ConfigMap: istio-sidecar-injector.istio-system checked successfully
✔ MutatingWebhookConfiguration: istio-sidecar-injector.istio-system checked successfully
✔ PodDisruptionBudget: istiod.istio-system checked successfully
✔ ClusterRole: istio-reader-clusterrole-istio-system.istio-system checked successfully
✔ ClusterRoleBinding: istio-reader-clusterrole-istio-system.istio-system checked successfully
✔ Role: istiod.istio-system checked successfully
✔ RoleBinding: istiod.istio-system checked successfully
✔ Service: istiod.istio-system checked successfully
✔ ServiceAccount: istiod.istio-system checked successfully
✔ EnvoyFilter: stats-filter-1.13.istio-system checked successfully
✔ EnvoyFilter: tcp-stats-filter-1.13.istio-system checked successfully
✔ EnvoyFilter: stats-filter-1.14.istio-system checked successfully
✔ EnvoyFilter: tcp-stats-filter-1.14.istio-system checked successfully
✔ EnvoyFilter: stats-filter-1.15.istio-system checked successfully
✔ EnvoyFilter: tcp-stats-filter-1.15.istio-system checked successfully
✔ EnvoyFilter: stats-filter-1.16.istio-system checked successfully
✔ EnvoyFilter: tcp-stats-filter-1.16.istio-system checked successfully
✔ ValidatingWebhookConfiguration: istio-validator-istio-system.istio-system checked successfully
Checked 15 custom resource definitions
Checked 3 Istio Deployments
✔ Istio is installed and verified successfully查看 getmesh、运行 Istiod、Envoy 和活动 istioctl 的版本
1
getmesh version
输出信息如下
1
2
3
4
5getmesh version: 1.1.5
active istioctl: 1.16.6-tetrate-v0
client version: 1.16.6-tetrate-v0
control plane version: 1.16.6
data plane version: 1.16.6-tetrate-v0 (2 proxies)