istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

zh-translation: /blog/2019/introducing-istio-operator/index.md (#6180) 

* zh-translation: /blog/2019/introducing-istio-operator/index.md

ref: servicemesher/istio-official-translation#1460

* resolve lint error

* Update index.md

* Update index.md

* Update index.md

* Update reviewer's comments
This commit is contained in:
Guangming Luo 2019-12-25 10:17:25 +08:00 committed by Istio Automation
parent e3e917451e
commit 47f8b4974c
1 changed files with 40 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
content/zh/blog/2019/introducing-istio-operator/index.md
View File

@ -1,6 +1,6 @@
---
title: Introducing the Istio Operator
description: Introduction to Istio's new operator-based installation and control plane management feature.
title: Istio Operator 简介
description: 关于 Istio 基于 operator 的安装和控制平面管理特性的介绍。
publishdate: 2019-11-14
subtitle:
attribution: Martin Ostrowski (Google), Frank Budinsky (IBM)
@ -8,43 +8,22 @@ keywords: [install,configuration,istioctl,operator]
target_release: 1.4
---
Kubernetes [operators](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) provide
a pattern for encoding human operational knowledge in software and are a popular way to simplify
the administration of software infrastructure components. Istio is a natural candidate for an automated
operator as it is challenging to administer.
Kubernetes [operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) 提供了一种将人类运维知识编码到软件中的模式是一种简化软件基础结构组件管理的流行方法。Istio 是自动 operator 的理想选择,因为它的管理具有挑战性。
Up until now, [Helm](https://github.com/helm/helm) has been the primary tool to install and upgrade Istio.
Istio 1.4 introduces a new method of [installation using {{< istioctl >}}](/zh/docs/setup/install/istioctl/).
This new installation method builds on the strengths of Helm with the addition of the
following:
到目前为止,[Helm](https://github.com/helm/helm) 一直是安装和升级 Istio 的主要工具。Istio 1.4 引入了一种新的[使用{{< istioctl >}}安装](/zh/docs/setup/install/istioctl/)方法。这种新的安装方法建立在 Helm 的优势之上,并添加了以下内容:
- Users only need to install one tool: `istioctl`
- All API fields are validated
- Small customizations not in the API don't require chart or API changes
- Version specific upgrade hooks can be easily and robustly implemented
- 用户只需要安装一个工具:`istioctl`
- 验证所有 API 字段
- 不在 API 中的小型定制不需要更改 chart 或 API
- 版本特定的升级 hook 可以很容易和稳健地实现
The [Helm installation](/zh/docs/setup/install/helm/) method is in the process of deprecation. Upgrading from Istio
1.4 with a version not initially installed with Helm will also be replaced by a new
[{{< istioctl >}} upgrade feature](/zh/docs/setup/upgrade/istioctl-upgrade/).
[Helm 安装](/zh/docs/setup/install/helm/)方法正在弃用中。从 Istio 1.4 升级到一个默认没有安装 Helm 的版本也会被一个新的[{{< istioctl >}} 升级特性](/zh/docs/setup/upgrade/istioctl-upgrade/)所取代。
The new `istioctl` installation commands use a
[custom resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)
to configure the installation. The custom resource is part of a new Istio operator
implementation intended to simplify the common administrative tasks of installation, upgrade,
and complex configuration changes for Istio. Validation and checking for installation and upgrade
is tightly integrated with the tools to prevent common errors and simplify troubleshooting.
新的 `istioctl` 安装命令使用一个[自定义资源](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)来配置安装。自定义资源是新的 Istio operator 实现的一部分,该实现旨在简化安装、升级和复杂的 Istio 配置更改等常见管理任务。安装和升级的验证和检查与工具紧密集成,以防止常见错误并简化故障排除。
## The Operator API
## Operator API{#the-Operator-API}
Every operator implementation requires a
[custom resource definition (CRD)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions)
to define its custom resource, that is, its API. Istio's operator API is defined by the
[`IstioControlPlane` CRD](/zh/docs/reference/config/istio.operator.v1alpha12.pb/),
which is generated from an
[`IstioControlPlane` proto](https://github.com/istio/operator/blob/{{< source_branch_name >}}/pkg/apis/istio/v1alpha2/istiocontrolplane_types.proto).
The API supports all of Istio's current [configuration profiles](/zh/docs/setup/additional-setup/config-profiles/)
using a single field to select the profile. For example, the following `IstioControlPlane` resource
configures Istio using the `demo` profile:
每个 operator 实现都需要一个[自定义资源定义CRD](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) 来定义它的自定义资源即它的API。Istio 的 operator API 由 [`IstioControlPlane` CRD](/zh/docs/reference/config/istio.operator.v1alpha12.pb/) 定义,它是由一个 [`IstioControlPlane` 原型](https://github.com/istio/operator/blob/{{< source_branch_name >}}/pkg/apis/istio/v1alpha2/istiocontrolplane_types.proto)生成的。API 支持所有 Istio 当前的[配置文件](/zh/docs/setup/additional-setup/config-profiles/) ,通过使用一个字段来选择 profile。例如下面的 `IstioControlPlane` 资源使用 `demo` profile 配置 Istio
{{< text yaml >}}
apiVersion: install.istio.io/v1alpha2
@ -56,7 +35,7 @@ spec:
profile: demo
{{< /text >}}
You can then customize the configuration with additional settings. For example, to disable telemetry:
然后可以使用其他设置来自定义配置。例如,禁用遥测:
{{< text yaml >}}
apiVersion: install.istio.io/v1alpha2
@ -70,118 +49,85 @@ spec:
enabled: false
{{< /text >}}
## Installing with {{< istioctl >}}
## 通过{{< istioctl >}}安装{#install-with-Istio}
The recommended way to use the Istio operator API is through a new set of `istioctl` commands.
For example, to install Istio into a cluster:
使用 Istio operator API 的推荐方法是通过一组新的 `istioctl` 命令。例如,要在集群中安装 Istio
{{< text bash >}}
$ istioctl manifest apply -f <your-istiocontrolplane-customresource>
{{< /text >}}
Make changes to the installation configuration by editing the configuration file and executing
`istioctl manifest apply` again.
通过编辑配置文件并再次执行 `istioctl manifest apply` 来更改安装配置。
To upgrade to a new version of Istio:
升级到新版本的 Istio
{{< text bash >}}
$ istioctl x upgrade -f <your-istiocontrolplane-config-changes>
{{< /text >}}
In addition to specifying the complete configuration in an `IstioControlPlane` resource,
the `istioctl` commands can also be passed individual settings using a `--set` flag:
除了在 `IstioControlPlane` 资源中指定完整的配置外,`istioctl` 命令还可以使用 `--set` 标志传递单独的设置:
{{< text bash >}}
$ istioctl manifest apply --set telemetry.enabled=false
{{< /text >}}
There are also a number of other `istioctl` commands that, for example, help you list, display,
and compare configuration profiles and manifests.
还有许多其他 `istioctl` 命令,例如,它们可以帮助您列出、显示和比较配置 profile 和 manifest。
Refer to the Istio [install instructions](/zh/docs/setup/install/istioctl) for more details.
更多信息请参考 Istio [安装说明](/zh/docs/setup/install/istioctl)。
## Istio Controller (alpha)
## Istio Controller (alpha){#Istio-controller-alpha}
Operator implementations use a Kubernetes controller to continuously monitor their custom resource
and apply the corresponding configuration changes. The Istio controller monitors an `IstioControlPlane`
resource and reacts to changes by updating the Istio installation configuration in the corresponding cluster.
Operator 实现使用 Kubernetes controller 来持续监控它们的自定义资源并应用相应的配置更改。Istio controller 监控一个 `IstioControlPlane` 资源,并通过更新相应集群中的 Istio 安装配置来响应更改。
In the 1.4 release, the Istio controller is in the alpha phase of development and not fully
integrated with `istioctl`. It is, however,
[available for experimentation](/zh/docs/setup/install/standalone-operator/) using `kubectl` commands.
For example, to install the controller and a default version of Istio into your cluster,
run the following command:
在 1.4 版中Istio controller 处于开发的 alpha 阶段,没有完全集成到 `istioctl` 中。但是,可以使用 `kubectl` 命令来做[实验](/zh/docs/setup/install/standalone-operator/)。例如,要将 controller 和默认版本的 Istio 安装到集群中,请运行以下命令:
{{< text bash >}}
$ kubectl apply -f https://<repo URL>/operator.yaml
$ kubectl apply -f https://<repo URL>/default-cr.yaml
{{< /text >}}
You can then make changes to the Istio installation configuration:
然后你可以对 Istio 的安装配置进行修改:
{{< text bash >}}
$ kubectl edit istiocontrolplane example-istiocontrolplane -n istio-system
{{< /text >}}
As soon as the resource is updated, the controller will detect the changes and respond by updating
the Istio installation correspondingly.
一旦资源更新controller 将检测到这些变化,并相应地更新 Istio 安装。
Both the operator controller and `istioctl` commands share the same implementation. The significant
difference is the execution context. In the `istioctl` case, the operation runs in the admin users
command execution and security context. In the controller case, a pod in the cluster runs the code
in its security context. In both cases, configuration is validated against a schema and the same correctness
checks are performed.
Operator controller 和 `istioctl` 命令共享相同的实现。重要的区别在于其执行上下文。对于 `istioctl`,操作在管理用户的命令执行和安全上下文中运行。对于 controller集群中的一个 pod 在其安全上下文中运行代码。在这两种情况下,都根据一个 schema 来验证配置,并执行相同的正确性检查。
## Migration from Helm
## 从 Helm 迁移{#migration-from-helm}
To help ease the transition from previous configurations using Helm,
`istioctl` and the controller support pass-through access for the full Helm installation API.
为了方便从使用 Helm 过渡,`istioctl` 和 controller 支持对 Helm 安装 API 的直通访问。
You can pass Helm configuration options using `istioctl --set` by prepending the string `values.` to the option name.
For example, instead of this Helm command:
您可以使用 `istioctl --set` 来传递 Helm 配置选项,方法是将字符串 `values.` 放在配置选项前面。例如,对于这个 Helm 命令:
{{< text bash >}}
$ helm template ... --set global.mtls.enabled=true
{{< /text >}}
You can use this `istioctl` command:
您可以使用 `istioctl` 这个命令:
{{< text bash >}}
$ istioctl manifest generate ... --set values.global.mtls.enabled=true
{{< /text >}}
You can also set Helm configuration values in an `IstioControlPlane` custom resource.
See [Customize Istio settings using Helm](/zh/docs/setup/install/istioctl/#customize-Istio-settings-using-the-helm-API)
for details.
你也可以在一个 `IstioControlPlane` 自定义资源中设置 Helm 配置值。参见[使用 Helm 自定义 Istio 设置](/zh/docs/setup/install/istioctl/#customize-Istio-settings-using-the-helm-API)。
Another feature to help with the transition from Helm is the alpha
[{{< istioctl >}} manifest migrate](/zh/docs/reference/commands/istioctl/#istioctl-manifest-migrate) command.
This command can be used to automatically convert a Helm `values.yaml` file to a corresponding
`IstioControlPlane` configuration.
另一个可以帮助从 Helm 迁移的特性是这个 alpha 命令:[{{< istioctl >}} manifest migrate](/zh/docs/reference/commands/istioctl/#istioctl-manifest-migrate)。此命令可用于将Helm `values.yaml` 文件自动转换为相应的 `IstioControlPlane` 配置。
## Implementation
## 实现{#implementation}
Several frameworks have been created to help implement operators by generating stubs for some or all of
the components. The Istio operator was created with the help of a combination of
[kubebuilder](https://github.com/kubernetes-sigs/kubebuilder) and
[operator framework](https://github.com/operator-framework). Istio's installation now uses a proto to
describe the API such that runtime validation can be executed against a schema.
已经创建了几个框架,通过为部分或所有组件生成存根来帮助实现 operator。Istio operator 是在 [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder) 和 [operator framework](https://github.com/operator-framework) 的帮助下创建的。Istio 的安装现在使用 proto 来描述 API这样就可以通过 schema 对执行运行时进行验证。
More information about the implementation can be found in the README and ARCHITECTURE documents
in the [Istio operator repository](https://github.com/istio/operator).
有关实现的更多信息可以在 [Istio operator 仓库](https://github.com/istio/operator)中的 README 和 ARCHITECTURE 文档中找到。
## Summary
## 总结{#summary}
Starting in Istio 1.4, Helm installation is being replaced by new `istioctl` commands using
a new operator custom resource definition, `IstioControlPlane`, for the configuration API.
An alpha controller is also available for early experimentation with the operator.
从 Istio 1.4 开始Helm 安装将被新的 `istioctl` 命令所取代,该命令使用新的 operator 自定义资源定义,`IstioControlPlane`,作为配置 API。一个 alpha controller 也被提供用于 operator 的早期实验。
The new `istioctl` commands and operator controller both validate configuration schemas and perform a range of
checks for installation change or upgrade. These checks are tightly integrated with the tools to prevent
common errors and simplify troubleshooting.
新的 `istioctl` 命令和 operator controller 都会验证配置 schema并执行安装更改或升级的一系列检查。这些检查与工具紧密集成以防止常见错误并简化故障排除。
The Istio maintainers expect that this new approach will improve the user experience during Istio
installation and upgrade, better stabilize the installation API, and help users better manage and
monitor their Istio installations.
Istio 维护者们期望这种新方法能够改善安装和升级期间的用户体验,更好地稳定安装 API帮助用户更好地管理和监控他们的 Istio 安装。
We welcome your feedback about the new installation approach at [discuss.istio.io](https://discuss.istio.io/).
我们欢迎您在 [discuss.istio.io](https://discuss.istio.io/) 上对新的安装方法提出反馈。