diff --git a/content/en/docs/setup/additional-setup/cni/index.md b/content/en/docs/setup/additional-setup/cni/index.md index 290c2e9bbb..ede620cf52 100644 --- a/content/en/docs/setup/additional-setup/cni/index.md +++ b/content/en/docs/setup/additional-setup/cni/index.md @@ -60,6 +60,10 @@ See [compatibility with other CNI plugins](#compatibility-with-other-cni-plugins In most environments, a basic Istio cluster with CNI enabled can be installed using the following commands: +{{< tabset category-name="gateway-install-type" >}} + +{{< tab name="IstioOperator" category-value="iop" >}} + {{< text bash >}} $ cat < istio-cni.yaml apiVersion: install.istio.io/v1alpha1 @@ -72,6 +76,18 @@ EOF $ istioctl install -f istio-cni.yaml -y {{< /text >}} +{{< /tab >}} + +{{< tab name="Helm" category-value="helm" >}} + +{{< text bash >}} +$ helm install istio-cni istio/cni -n kube-system --wait +{{< /text >}} + +{{< /tab >}} + +{{< /tabset >}} + This will deploy an `istio-cni-node` DaemonSet into the cluster, which installs the Istio CNI plugin binary to each node and sets up the necessary configuration for the plugin. The CNI DaemonSet runs with [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) `PriorityClass`. @@ -91,47 +107,52 @@ This race condition is mitigated by a "detect and repair" method. Please take a look at [race condition & mitigation](#race-condition--mitigation) section to understand the implication of this mitigation. {{< /tip >}} +### Installing with Helm + +The Istio CNI and Istio discovery chart use different values that require you set the following, either in an overrides values file or at your command prompt when installing the `istiod` chart, to manage network annotations when chaining CNI plugins: + +* `values.istio_cni.enabled` should be set to the same value as `values.cni.enabled`. + +* `values.istio_cni.chained` should be set to the same value as `values.cni.chained`. + +{{< text bash >}} +$ helm install istiod istio/istiod -n istio-system --set values.istio_cni.enabled=true --wait +{{< /text >}} + ### Hosted Kubernetes settings The `istio-cni` plugin is expected to work with any hosted Kubernetes version using CNI plugins. The default installation configuration works with most platforms. Some platforms required special installation settings. -* Google Kubernetes Engine +{{< tabset category-name="cni-platform" >}} - {{< text yaml >}} - apiVersion: install.istio.io/v1alpha1 - kind: IstioOperator - spec: - components: - cni: - enabled: true - namespace: kube-system - values: - cni: - cniBinDir: /home/kubernetes/bin - {{< /text >}} +{{< tab name="Google Kubernetes Engine" category-value="gke" >}} -* Red Hat OpenShift 4.2+ +{{< text yaml >}} +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + cni: + enabled: true + namespace: kube-system + values: + cni: + cniBinDir: /home/kubernetes/bin +{{< /text >}} - {{< text yaml >}} - apiVersion: install.istio.io/v1alpha1 - kind: IstioOperator - spec: - components: - cni: - enabled: true - namespace: kube-system - values: - sidecarInjectorWebhook: - injectedAnnotations: - k8s.v1.cni.cncf.io/networks: istio-cni - cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - cniConfFileName: istio-cni.conf - chained: false - {{< /text >}} +{{< /tab >}} + +{{< tab name="Red Hat OpenShift 4.2+" category-value="ocp" >}} + +{{< text bash >}} +$ istioctl install --set profile=openshift +{{< /text >}} + +{{< /tab >}} + +{{< /tabset >}} ## Operation details @@ -144,6 +165,8 @@ When upgrading Istio with [canary upgrade](/docs/setup/upgrade/canary/), because it is recommended to operate and upgrade the CNI component separately from the revisioned control plane. The following `IstioOperator` can be used to operate the CNI component independently. +This is not a problem for Helm as the istio-cni is installed separately. + {{< text yaml >}} apiVersion: install.istio.io/v1alpha1 kind: IstioOperator diff --git a/content/en/docs/setup/additional-setup/cni/snips.sh b/content/en/docs/setup/additional-setup/cni/snips.sh index ec21c8cede..60f579533d 100644 --- a/content/en/docs/setup/additional-setup/cni/snips.sh +++ b/content/en/docs/setup/additional-setup/cni/snips.sh @@ -32,6 +32,14 @@ EOF istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true -f istio-cni.yaml -y } +snip_install_istio_with_cni_plugin_2() { +helm install istio-cni istio/cni -n kube-system --wait +} + +snip_installing_with_helm_1() { + helm install istiod istio/istiod -n istio-system --set values.istio_cni.enabled=true --wait +} + ! read -r -d '' snip_hosted_kubernetes_settings_1 <<\ENDSNIP apiVersion: install.istio.io/v1alpha1 kind: IstioOperator @@ -45,24 +53,9 @@ spec: cniBinDir: /home/kubernetes/bin ENDSNIP -! read -r -d '' snip_hosted_kubernetes_settings_2 <<\ENDSNIP -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - components: - cni: - enabled: true - namespace: kube-system - values: - sidecarInjectorWebhook: - injectedAnnotations: - k8s.v1.cni.cncf.io/networks: istio-cni - cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - cniConfFileName: istio-cni.conf - chained: false -ENDSNIP +snip_hosted_kubernetes_settings_2() { +istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --set profile=openshift +} ! read -r -d '' snip_upgrade_1 <<\ENDSNIP apiVersion: install.istio.io/v1alpha1 diff --git a/content/en/docs/setup/install/helm/index.md b/content/en/docs/setup/install/helm/index.md index f10f0680f2..62f9111563 100644 --- a/content/en/docs/setup/install/helm/index.md +++ b/content/en/docs/setup/install/helm/index.md @@ -64,6 +64,8 @@ You can display the default values of configuration parameters using the `helm s In the output locate the entry for `istio-base` and make sure the status is set to `deployed`. +1. If you intend to use Istio CNI chart you must do so now. See [Install Istio with the CNI plugin](/docs/setup/additional-setup/cni/#installing-with-helm) for more info. + 1. Install the Istio discovery chart which deploys the `istiod` service: {{< text syntax=bash snip_id=install_discovery >}}