安装Calico、helm、istio-base、istiod、gateway

安装Calico（修改cidr相同于pods-cidr）

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.31.2/manifests/tigera-operator.yaml

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.31.2/manifests/custom-resources.yaml

部署helm

sudo apt-get install curl gpg apt-transport-https --yes
curl -fsSL https://packages.buildkite.com/helm-linux/helm-debian/gpgkey | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/helm.gpg] https://packages.buildkite.com/helm-linux/helm-debian/any/ any main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helm

helm安装istio-base、istiod、gateway

helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo add aliyun  https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
helm repo update

helm pull istio/base --untar
helm pull istio/istiod --untar
helm pull istio/gateway --untar

修改helm模板配置

  global:
    hub: registry.cn-hangzhou.aliyuncs.com/istio
    tag: <version>

安装

helm install istio-base ./base -n istio-system --set defaultRevision=default --create-namespace
helm ls -n istio-system


helm install istiod ./istiod -n istio-system --wait

kubectl create namespace istio-ingress
helm install istio-ingress ./gateway -n istio-ingress --wait

由于 Istio-ingressgateway 默认使用的是 LoadBalancer，需要修改 Service ，将 istio-ingressway 的网络类型从 LoadBalancer 改成 NodePort，以便直接通过服务器的 IP 访问。

kubectl edit svc istio-ingress -n istio-system