istio

This document installs istio based on Kubernetes v1.25.4 version.

Before deployment, you can read through some points to note for istio.

Environmental Parameter Adjustment

Each node in the Kubernetes cluster needs to perform these operations.

sysctl -w fs.inotify.max_user_watches=10485760
sysctl -w fs.inotify.max_user_instances=10240

cat >> /etc/sysctl.conf <<EOF
fs.inotify.max_user_watches=10485760
fs.inotify.max_user_instances=10240
EOF

Importing Images

Each node in the Kubernetes cluster needs to perform these operations.

Internet-accessible Server

crictl pull registry.cn-hangzhou.aliyuncs.com/mdpublic/proxyv2:1.18.0
crictl pull registry.cn-hangzhou.aliyuncs.com/mdpublic/pilot:1.18.0

Non-Internet-accessible Server

# Image file download link, upload to the deployment server after download
https://pdpublic.mingdao.com/private-deployment/offline/common/istio-1.18.0-images.tar.gz
# Import images
docker load -i istio-1.18.0-images.tar.gz
# Start local registry
docker run -d -p 5000:5000 --restart always --name registry registry:2
# Upload to local registry
for i in $(docker images | grep 'istio' | awk 'NR!=0{print $1":"$2}');do docker tag $i $(echo $i | sed -e "s/istio/127.0.0.1:5000/");done
for i in $(docker images | grep :5000 | awk 'NR!=0{print $1":"$2}');do docker push $i;done

Deploying istio

Operate only on the first Master node of Kubernetes.

1. Download istio installation package.

   Internet-accessible Server

   wget https://pdpublic.mingdao.com/private-deployment/offline/common/istio-1.18.0-linux-amd64.tar.gz

   Non-Internet-accessible Server

   # istio installation package download link, upload to the deployment server after download
   https://pdpublic.mingdao.com/private-deployment/offline/common/istio-1.18.0-linux-amd64.tar.gz

2. Extract to installation directory.

   tar -zxvf istio-1.18.0-linux-amd64.tar.gz
   mv istio-1.18.0/ /usr/local/istio

3. Configure environment variables.

   cat >> ~/.bashrc <<\EOF
   export PATH=/usr/local/istio/bin/:$PATH
   EOF
   source ~/.bashrc

4. Verify istio command to check the version.

   istioctl version

5. Install istio in the k8s cluster.

   Internet-accessible Server

   istioctl install --set profile=default -y --set values.global.hub=registry.cn-hangzhou.aliyuncs.com/mdpublic

   Non-Internet-accessible Server

   istioctl install --set profile=default -y --set values.global.hub=127.0.0.1:5000

6. Enable namespace automatic injection.

   kubectl label namespace default istio-injection=enabled --overwrite