istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Extract platform prerequisites (#1834) 

* Extract platform prerequisites

* Reorg

* Remove the inner pages from the menu

* Conform to the site directory structure

* Fix the link wording to match the title of the link and the uppercase

* Fix lint errors

* more lint errors
This commit is contained in:
Andra Cismaru 2018-07-17 22:49:37 -07:00 committed by istio-bot
parent f3a5f3e078
commit 78b4c20adf
7 changed files with 335 additions and 317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/blog/2018/export-logs-through-stackdriver/index.md
View File

@ -50,7 +50,7 @@ Common setup for all sinks:
1. Record the ID of the dataset. It will be needed to configure the Stackdriver handler.
It would be of the form `bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET_ID]`
1. Give [sinks writer identity](https://cloud.google.com/logging/docs/api/tasks/exporting-logs#writing_to_the_destination): `cloud-logs@system.gserviceaccount.com` BigQuery Data Editor role in IAM.
1. If using [Google Kubernetes Engine](/docs/setup/kubernetes/quick-start/#google-kubernetes-engine), make sure `bigquery` [Scope](https://cloud.google.com/sdk/gcloud/reference/container/clusters/create) is enabled on the cluster.
1. If using [Google Kubernetes Engine](/docs/setup/kubernetes/platform-setup/#google-kubernetes-engine), make sure `bigquery` [Scope](https://cloud.google.com/sdk/gcloud/reference/container/clusters/create) is enabled on the cluster.
#### Google Cloud Storage (GCS)
@ -65,7 +65,7 @@ Common setup for all sinks:
1. Recode the ID of the topic. It will be needed to configure Stackdriver.
It would be of the form `pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]`
1. Give [sinks writer identity](https://cloud.google.com/logging/docs/api/tasks/exporting-logs#writing_to_the_destination): `cloud-logs@system.gserviceaccount.com` Pub/Sub Publisher role in IAM.
1. If using [Google Kubernetes Engine](/docs/setup/kubernetes/quick-start/#google-kubernetes-engine), make sure `pubsub` [Scope](https://cloud.google.com/sdk/gcloud/reference/container/clusters/create) is enabled on the cluster.
1. If using [Google Kubernetes Engine](/docs/setup/kubernetes/platform-setup/#google-kubernetes-engine), make sure `pubsub` [Scope](https://cloud.google.com/sdk/gcloud/reference/container/clusters/create) is enabled on the cluster.
### Setting up Stackdriver

2
content/docs/examples/endpoints/index.md
View File

@ -21,7 +21,7 @@ You may test the service using the following command:
$ curl --request POST --header "content-type:application/json" --data '{"message":"hello world"}' "http://${EXTERNAL_IP}:80/echo?key=${ENDPOINTS_KEY}"
{{< /text >}}
You need to install Istio with [instructions](/docs/setup/kubernetes/quick-start/#google-kubernetes-engine).
You need to install Istio with [instructions](/docs/setup/kubernetes/platform-setup/#google-kubernetes-engine).
## HTTP Endpoints service

43
content/docs/setup/kubernetes/download-release/index.md Normal file
View File

@ -0,0 +1,43 @@
---
title: Download the Istio release
description: Instructions to download the Istio release.
weight: 10
keywords: [kubernetes]
---
## Download and prepare for the installation
Istio is installed in its own `istio-system` namespace and can manage
services from all other namespaces.
1. Go to the [Istio release](https://github.com/istio/istio/releases) page to
download the installation file corresponding to your OS. On a macOS or
Linux system, you can run the following command to download and
extract the latest release automatically:
{{< text bash >}}
$ curl -L https://git.io/getLatestIstio | sh -
{{< /text >}}
1. Move to the Istio package directory . For example, if the package is
istio-{{< istio_version >}}.0:
{{< text bash >}}
$ cd istio-{{< istio_version >}}.0
{{< /text >}}
The installation directory contains:
* Installation `.yaml` files for Kubernetes in `install/`
* Sample applications in `samples/`
* The `istioctl` client binary in the `bin/` directory. `istioctl` is
used when manually injecting Envoy as a sidecar proxy and for creating
routing rules and policies.
* The `istio.VERSION` configuration file
1. Add the `istioctl` client to your PATH environment variable, on a macOS or
Linux system:
{{< text bash >}}
$ export PATH=$PWD/bin:$PATH
{{< /text >}}

6
content/docs/setup/kubernetes/helm-install/index.md
View File

@ -15,11 +15,9 @@ plane and the sidecars for the Istio data plane.
## Prerequisites
1. [Setup Istio in
Kubernetes](/docs/setup/kubernetes/quick-start/#platform-setup).
1. [Download the Istio release](/docs/setup/kubernetes/download-release/).
1. [Download](/docs/setup/kubernetes/quick-start/#download-and-prepare-for-the-installation)
the latest Istio release.
1. [Kubernetes platform setup](/docs/setup/kubernetes/platform-setup/).
1. [Install the Helm client](https://docs.helm.sh/using_helm/#installing-helm).

283
content/docs/setup/kubernetes/platform-setup/index.md Normal file
View File

@ -0,0 +1,283 @@
---
title: Kubernetes platform setup
description: Instructions to setup the Kubernetes cluster for Istio.
weight: 10
keywords: [kubernetes]
---
Follow these instructions to setup the Kubernetes cluster for Istio.
## Prerequisites
The following instructions require:
* Access to a Kubernetes **1.9 or newer** cluster with
[RBAC (Role-Based Access Control)](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
enabled.
* [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) **1.9 or
newer** installed. Version **1.10** is recommended.
> If you installed Istio 0.2.x,
> [uninstall](https://archive.istio.io/v0.2/docs/setup/kubernetes/quick-start#uninstalling)
> it completely before installing the newer version. Remember to uninstall
> the Istio sidecar for all Istio enabled application pods too.
## Platform setup
This section describes the setup in different Kubernetes providers.
### Minikube
1. To run Istio locally, install the latest version of
[Minikube](https://kubernetes.io/docs/setup/minikube/), version **0.28.0 or
later**.
1. Select a
[VM driver](https://kubernetes.io/docs/setup/minikube/#quickstart)
and substitute `your_vm_driver_choice` below with the installed virtual
machine (VM) driver.
On Kubernetes **1.9**:
{{< text bash >}}
$ minikube start --memory=4096 --kubernetes-version=v1.9.4 \
--vm-driver=`your_vm_driver_choice`
{{< /text >}}
On Kubernetes **1.10**:
{{< text bash >}}
$ minikube start --memory=4096 --kubernetes-version=v1.10.0 \
--vm-driver=`your_vm_driver_choice`
{{< /text >}}
### Google Kubernetes Engine
1. Create a new cluster.
{{< text bash >}}
$ gcloud container clusters create <cluster-name> \
--cluster-version=1.10.5-gke.0 \
--zone <zone> \
--project <project-id>
{{< /text >}}
1. Retrieve your credentials for `kubectl`.
{{< text bash >}}
$ gcloud container clusters get-credentials <cluster-name> \
--zone <zone> \
--project <project-id>
{{< /text >}}
1. Grant cluster administrator (admin) permissions to the current user. To
create the necessary RBAC rules for Istio, the current user requires admin
permissions.
{{< text bash >}}
$ kubectl create clusterrolebinding cluster-admin-binding \
--clusterrole=cluster-admin \
--user=$(gcloud config get-value core/account)
{{< /text >}}
### IBM Cloud Kubernetes Service (IKS)
1. Create a new lite cluster.
{{< text bash >}}
$ bx cs cluster-create --name <cluster-name> --kube-version 1.9.7
{{< /text >}}
Alternatively, you can create a new paid cluster:
{{< text bash >}}
$ bx cs cluster-create --location location --machine-type u2c.2x4 \
--name <cluster-name> --kube-version 1.9.7
{{< /text >}}
1. Retrieve your credentials for `kubectl`. Replace `<cluster-name>` with the
name of the cluster you want to use:
{{< text bash >}}
$(bx cs cluster-config <cluster-name>|grep "export KUBECONFIG")
{{< /text >}}
### IBM Cloud Private
[Configure the kubectl CLI](https://www.ibm.com/support/knowledgecenter/SSBS6K_2.1.0/manage_cluster/cfc_cli.html)
to access the IBM Cloud Private Cluster.
### OpenShift Origin
By default, OpenShift doesn't allow containers running with user ID (UID) 0.
Enable containers running with UID 0 for Istio's service accounts:
{{< text bash >}}
$ oc adm policy add-scc-to-user anyuid -z istio-ingress-service-account \
-n istio-system
$ oc adm policy add-scc-to-user anyuid -z default -n istio-system
$ oc adm policy add-scc-to-user anyuid -z prometheus -n istio-system
$ oc adm policy add-scc-to-user anyuid \
-z istio-egressgateway-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-citadel-service-account \
-n istio-system
$ oc adm policy add-scc-to-user anyuid \
-z istio-ingressgateway-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid \
-z istio-cleanup-old-ca-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-mixer-post-install-account \
-n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-mixer-service-account \
-n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-pilot-service-account \
-n istio-system
$ oc adm policy add-scc-to-user anyuid \
-z istio-sidecar-injector-service-account -n istio-system
{{< /text >}}
The list above accounts for the default Istio service accounts. If you enabled
other Istio services, like _Grafana_ for example, you need to enable its
service account with a similar command.
A service account that runs application pods needs privileged security context
constraints as part of sidecar injection.
{{< text bash >}}
$ oc adm policy add-scc-to-user privileged -z default -n <target-namespace>
{{< /text >}}
> Check for `SELINUX` in this [discussion](https://github.com/istio/issues/issues/34)
> with respect to Istio in case you see issues bringing up the Envoy.
### AWS with Kops
When you install a new cluster with Kubernetes version 1.9, the prerequisite to
enable `admissionregistration.k8s.io/v1beta1` is covered.
Nevertheless, you must update the list of admission controllers.
1. Open the configuration file:
{{< text bash >}}
$ kops edit cluster $YOURCLUSTER
{{< /text >}}
1. Add the following in the configuration file:
{{< text yaml >}}
kubeAPIServer:
admissionControl:
- NamespaceLifecycle
- LimitRanger
- ServiceAccount
- PersistentVolumeLabel
- DefaultStorageClass
- DefaultTolerationSeconds
- MutatingAdmissionWebhook
- ValidatingAdmissionWebhook
- ResourceQuota
- NodeRestriction
- Priority
{{< /text >}}
1. Perform the update:
{{< text bash >}}
$ kops update cluster
$ kops update cluster --yes
{{< /text >}}
1. Launch the rolling update:
{{< text bash >}}
$ kops rolling-update cluster
$ kops rolling-update cluster --yes
{{< /text >}}
1. Validate the update with the `kubectl` client on the `kube-api` pod, you
should see new admission controller:
{{< text bash >}}
$ for i in `kubectl \
get pods -nkube-system | grep api | awk '{print $1}'` ; \
do kubectl describe pods -nkube-system \
$i | grep "/usr/local/bin/kube-apiserver" ; done
{{< /text >}}
1. Review the output:
{{< text plain >}}
[...]
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,
PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,
MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,
NodeRestriction,Priority
[...]
{{< /text >}}
### Azure
You must use `ACS-Engine` to deploy your cluster.
1. Follow the instructions to get and install the `acs-engine` binary with
[their instructions](https://github.com/Azure/acs-engine/blob/master/docs/acsengine.md#install).
1. Download Istio's `api model definition`:
{{< text bash >}}
$ wget https://raw.githubusercontent.com/Azure/acs-engine/master/examples/service-mesh/istio.json
{{< /text >}}
1. Deploy your cluster using the `istio.json` template. You can find references
to the parameters in the
[official docs](https://github.com/Azure/acs-engine/blob/master/docs/kubernetes/deploy.md#step-3-edit-your-cluster-definition).
| Parameter | Expected value |
|---------------------------------------|----------------------------|
| `subscription_id` | Azure Subscription Id |
| `dns_prefix` | Cluster DNS Prefix |
| `location` | Cluster Location |
{{< text bash >}}
$ acs-engine deploy --subscription-id <subscription_id> \
--dns-prefix <dns_prefix> --location <location> --auto-suffix \
--api-model istio.json
{{< /text >}}
> After a few minutes, you can find your cluster on your Azure subscription
> in a resource group called `<dns_prefix>-<id>`. Assuming `dns_prefix` has
> the value `myclustername`, a valid resource group with a unique cluster
> ID is `mycluster-5adfba82`. The `acs-engine` generates your `kubeconfig`
> file in the `_output` folder.
1. Use the `<dns_prefix>-<id>` cluster ID, to copy your `kubeconfig` to your
machine from the `_output` folder:
{{< text bash >}}
$ cp _output/<dns_prefix>-<id>/kubeconfig/kubeconfig.<location>.json \
~/.kube/config
{{< /text >}}
For example:
{{< text bash >}}
$ cp _output/mycluster-5adfba82/kubeconfig/kubeconfig.westus2.json \
~/.kube/config
{{< /text >}}
1. Check if the right Istio flags were deployed:
{{< text bash >}}
$ kubectl describe pod --namespace kube-system
$(kubectl get pods --namespace kube-system | grep api | cut -d ' ' -f 1) \
| grep admission-control
{{< /text >}}
1. Confirm the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook`
flags are present:
{{< text plain >}}
--admission-control=...,MutatingAdmissionWebhook,...,
ValidatingAdmissionWebhook,...
{{< /text >}}

312
content/docs/setup/kubernetes/quick-start/index.md
View File

@ -1,5 +1,5 @@
---
title: Istio Setup in Kubernetes
title: Quick Start with Kubernetes
description: Instructions to setup the Istio service mesh in a Kubernetes cluster.
weight: 10
keywords: [kubernetes]
@ -10,315 +10,9 @@ cluster.
## Prerequisites
The following instructions require:
1. [Download the Istio release](/docs/setup/kubernetes/download-release/).
* Access to a Kubernetes **1.9 or newer** cluster with
[RBAC (Role-Based Access Control)](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
enabled.
* [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) **1.9 or
newer** installed. Version **1.10** is recommended.
> If you installed Istio 0.2.x,
> [uninstall](https://archive.istio.io/v0.2/docs/setup/kubernetes/quick-start#uninstalling)
> it completely before installing the newer version. Remember to uninstall
> the Istio sidecar for all Istio enabled application pods too.
## Platform setup
This section describes the setup in different platforms.
### Setup Minikube
1. To install Istio locally, install the latest version of
[Minikube](https://kubernetes.io/docs/setup/minikube/), version **0.28.0 or
later**.
1. Select a
[VM driver](https://kubernetes.io/docs/setup/minikube/#quickstart)
and substitute `your_vm_driver_choice` below with the installed virtual
machine (VM) driver.
On Kubernetes **1.9**:
{{< text bash >}}
$ minikube start --memory=4096 --kubernetes-version=v1.9.4 \
--vm-driver=`your_vm_driver_choice`
{{< /text >}}
On Kubernetes **1.10**:
{{< text bash >}}
$ minikube start --memory=4096 --kubernetes-version=v1.10.0 \
--vm-driver=`your_vm_driver_choice`
{{< /text >}}
### Google Kubernetes Engine
1. Create a new cluster.
{{< text bash >}}
$ gcloud container clusters create <cluster-name> \
--cluster-version=1.10.5-gke.0 \
--zone <zone> \
--project <project-id>
{{< /text >}}
1. Retrieve your credentials for `kubectl`.
{{< text bash >}}
$ gcloud container clusters get-credentials <cluster-name> \
--zone <zone> \
--project <project-id>
{{< /text >}}
1. Grant cluster administrator (admin) permissions to the current user. To
create the necessary RBAC rules for Istio, the current user requires admin
permissions.
{{< text bash >}}
$ kubectl create clusterrolebinding cluster-admin-binding \
--clusterrole=cluster-admin \
--user=$(gcloud config get-value core/account)
{{< /text >}}
### IBM Cloud Kubernetes Service (IKS)
1. Create a new lite cluster.
{{< text bash >}}
$ bx cs cluster-create --name <cluster-name> --kube-version 1.9.7
{{< /text >}}
Alternatively, you can create a new paid cluster:
{{< text bash >}}
$ bx cs cluster-create --location location --machine-type u2c.2x4 \
--name <cluster-name> --kube-version 1.9.7
{{< /text >}}
1. Retrieve your credentials for `kubectl`. Replace `<cluster-name>` with the
name of the cluster you want to use:
{{< text bash >}}
$(bx cs cluster-config <cluster-name>|grep "export KUBECONFIG")
{{< /text >}}
### IBM Cloud Private
[Configure the kubectl CLI](https://www.ibm.com/support/knowledgecenter/SSBS6K_2.1.0/manage_cluster/cfc_cli.html)
to access the IBM Cloud Private Cluster.
### OpenShift Origin
By default, OpenShift doesn't allow containers running with user ID (UID) 0.
Enable containers running with UID 0 for Istio's service accounts:
{{< text bash >}}
$ oc adm policy add-scc-to-user anyuid -z istio-ingress-service-account \
-n istio-system
$ oc adm policy add-scc-to-user anyuid -z default -n istio-system
$ oc adm policy add-scc-to-user anyuid -z prometheus -n istio-system
$ oc adm policy add-scc-to-user anyuid \
-z istio-egressgateway-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-citadel-service-account \
-n istio-system
$ oc adm policy add-scc-to-user anyuid \
-z istio-ingressgateway-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid \
-z istio-cleanup-old-ca-service-account -n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-mixer-post-install-account \
-n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-mixer-service-account \
-n istio-system
$ oc adm policy add-scc-to-user anyuid -z istio-pilot-service-account \
-n istio-system
$ oc adm policy add-scc-to-user anyuid \
-z istio-sidecar-injector-service-account -n istio-system
{{< /text >}}
The list above accounts for the default Istio service accounts. If you enabled
other Istio services, like _Grafana_ for example, you need to enable its
service account with a similar command.
A service account that runs application pods needs privileged security context
constraints as part of sidecar injection.
{{< text bash >}}
$ oc adm policy add-scc-to-user privileged -z default -n <target-namespace>
{{< /text >}}
> Check for `SELINUX` in this [discussion](https://github.com/istio/issues/issues/34)
> with respect to Istio in case you see issues bringing up the Envoy.
### AWS with Kops
When you install a new cluster with Kubernetes version 1.9, the prerequisite to
enable `admissionregistration.k8s.io/v1beta1` is covered.
Nevertheless, you must update the list of admission controllers.
1. Open the configuration file:
{{< text bash >}}
$ kops edit cluster $YOURCLUSTER
{{< /text >}}
1. Add the following in the configuration file:
{{< text yaml >}}
kubeAPIServer:
admissionControl:
- NamespaceLifecycle
- LimitRanger
- ServiceAccount
- PersistentVolumeLabel
- DefaultStorageClass
- DefaultTolerationSeconds
- MutatingAdmissionWebhook
- ValidatingAdmissionWebhook
- ResourceQuota
- NodeRestriction
- Priority
{{< /text >}}
1. Perform the update:
{{< text bash >}}
$ kops update cluster
$ kops update cluster --yes
{{< /text >}}
1. Launch the rolling update:
{{< text bash >}}
$ kops rolling-update cluster
$ kops rolling-update cluster --yes
{{< /text >}}
1. Validate the update with the `kubectl` client on the `kube-api` pod, you
should see new admission controller:
{{< text bash >}}
$ for i in `kubectl \
get pods -nkube-system | grep api | awk '{print $1}'` ; \
do kubectl describe pods -nkube-system \
$i | grep "/usr/local/bin/kube-apiserver" ; done
{{< /text >}}
1. Review the output:
{{< text plain >}}
[...]
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,
PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,
MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,
NodeRestriction,Priority
[...]
{{< /text >}}
### Azure
You must use `ACS-Engine` to deploy your cluster.
1. Follow the instructions to get and install the `acs-engine` binary with
[their instructions](https://github.com/Azure/acs-engine/blob/master/docs/acsengine.md#install).
1. Download Istio's `api model definition`:
{{< text bash >}}
$ wget https://raw.githubusercontent.com/Azure/acs-engine/master/examples/service-mesh/istio.json
{{< /text >}}
1. Deploy your cluster using the `istio.json` template. You can find references
to the parameters in the
[official docs](https://github.com/Azure/acs-engine/blob/master/docs/kubernetes/deploy.md#step-3-edit-your-cluster-definition).
| Parameter | Expected value |
|---------------------------------------|----------------------------|
| `subscription_id` | Azure Subscription Id |
| `dns_prefix` | Cluster DNS Prefix |
| `location` | Cluster Location |
{{< text bash >}}
$ acs-engine deploy --subscription-id <subscription_id> \
--dns-prefix <dns_prefix> --location <location> --auto-suffix \
--api-model istio.json
{{< /text >}}
> After a few minutes, you can find your cluster on your Azure subscription
> in a resource group called `<dns_prefix>-<id>`. Assuming `dns_prefix` has
> the value `myclustername`, a valid resource group with a unique cluster
> ID is `mycluster-5adfba82`. The `acs-engine` generates your `kubeconfig`
> file in the `_output` folder.
1. Use the `<dns_prefix>-<id>` cluster ID, to copy your `kubeconfig` to your
machine from the `_output` folder:
{{< text bash >}}
$ cp _output/<dns_prefix>-<id>/kubeconfig/kubeconfig.<location>.json \
~/.kube/config
{{< /text >}}
For example:
{{< text bash >}}
$ cp _output/mycluster-5adfba82/kubeconfig/kubeconfig.westus2.json \
~/.kube/config
{{< /text >}}
1. Check if the right Istio flags were deployed:
{{< text bash >}}
$ kubectl describe pod --namespace kube-system
$(kubectl get pods --namespace kube-system | grep api | cut -d ' ' -f 1) \
| grep admission-control
{{< /text >}}
1. Confirm the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook`
flags are present:
{{< text plain >}}
--admission-control=...,MutatingAdmissionWebhook,...,
ValidatingAdmissionWebhook,...
{{< /text >}}
## Download and prepare for the installation
Istio is installed in its own `istio-system` namespace and can manage
services from all other namespaces.
1. Go to the [Istio release](https://github.com/istio/istio/releases) page to
download the installation file corresponding to your OS. On a macOS or
Linux system, you can run the following command to download and
extract the latest release automatically:
{{< text bash >}}
$ curl -L https://git.io/getLatestIstio | sh -
{{< /text >}}
1. Move to the Istio package directory . For example, if the package is
istio-{{< istio_version >}}.0:
{{< text bash >}}
$ cd istio-{{< istio_version >}}.0
{{< /text >}}
The installation directory contains:
* Installation `.yaml` files for Kubernetes in `install/`
* Sample applications in `samples/`
* The `istioctl` client binary in the `bin/` directory. `istioctl` is
used when manually injecting Envoy as a sidecar proxy and for creating
routing rules and policies.
* The `istio.VERSION` configuration file
1. Add the `istioctl` client to your PATH environment variable, on a macOS or
Linux system:
{{< text bash >}}
$ export PATH=$PWD/bin:$PATH
{{< /text >}}
1. [Kubernetes platform setup](/docs/setup/kubernetes/platform-setup/).
## Installation steps

2
content_zh/docs/setup/kubernetes/sidecar-injection/index.md
View File

@ -64,7 +64,7 @@ sleep 1 1 1 1 2h sleep,istio-pro
### Sidecar 的自动注入
使用 Kubernetes 的 [mutating webhook admission controller](https://kubernetes.io/docs/admin/admission-controllers),可以进行 Sidecar 的自动注入。Kubernetes 1.9 以后的版本才具备这一能力。使用这一功能之前首先要检查 kube-apiserver 的进程,是否具备 `admission-control` 参数,并且这个参数的值中需要包含 `MutatingAdmissionWebhook` 以及 `ValidatingAdmissionWebhook` 两项,并且按照正确的顺序加载,这样才能启用 `admissionregistration` API
使用 Kubernetes 的 [mutating webhook admission controller](https://kubernetes.io/docs/admin/admission-controllers/),可以进行 Sidecar 的自动注入。Kubernetes 1.9 以后的版本才具备这一能力。使用这一功能之前首先要检查 kube-apiserver 的进程,是否具备 `admission-control` 参数,并且这个参数的值中需要包含 `MutatingAdmissionWebhook` 以及 `ValidatingAdmissionWebhook` 两项,并且按照正确的顺序加载,这样才能启用 `admissionregistration` API
{{< text bash >}}
$ kubectl api-versions | grep admissionregistration