istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update sidecar getting started guide (#15436) 

* Update sidecar getting started guide.

* Fix tests

* Apply suggestions from code review

Co-authored-by: Faseela K <k.faseela@gmail.com>

* Fix gencheck

---------

Co-authored-by: Faseela K <k.faseela@gmail.com>
This commit is contained in:
Craig Box 2024-07-30 16:43:11 +12:00 committed by GitHub
parent b5b97e5534
commit a13a2bbd1d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
23 changed files with 445 additions and 480 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/en/blog/2024/v1-apis/index.md
View File

@ -69,7 +69,7 @@ This is the full list of supported API versions:
| Telemetry | [Telemetry](/docs/reference/config/telemetry/) | `v1`, `v1alpha1` |
| Extension | [Wasm Plugin](/docs/reference/config/proxy_extensions/wasm-plugin/) | `v1alpha1` |
Istio can also be configured [using the Kubernetes Gateway API](/docs/setup/additional-setup/getting-started/).
Istio can also be configured [using the Kubernetes Gateway API](/docs/setup/getting-started/).
## Using the `v1` Istio APIs

2
content/en/boilerplates/trace-generation.md
View File

@ -1,7 +1,7 @@
---
---
To see trace data, you must send requests to your service. The number of requests depends on Istio's sampling rate and can be configured using the [Telemetry API](/docs/tasks/observability/telemetry/). With the default sampling rate of 1%, you need to send at least 100 requests before the first trace is visible.
To send a 100 requests to the `productpage` service, use the following command:
To send 100 requests to the `productpage` service, use the following command:
{{< text bash >}}
$ for i in $(seq 1 100); do curl -s -o /dev/null "http://$GATEWAY_URL/productpage"; done

4
content/en/docs/ops/diagnostic-tools/istioctl/index.md
View File

@ -30,7 +30,7 @@ We recommend you use an `istioctl` version that is the same version as your Isti
Using matching versions helps avoid unforeseen issues.
{{< tip >}}
If you have already [downloaded the Istio release](/docs/setup/getting-started/#download), you should
If you have already [downloaded the Istio release](/docs/setup/additional-setup/download-istio-release/), you should
already have `istioctl` and do not need to install it again.
{{< /tip >}}
@ -172,7 +172,7 @@ To enable `istioctl` completion on your system, follow the steps for your prefer
{{< warning >}}
You will need to download the full Istio release containing the auto-completion files (in the `/tools` directory).
If you haven't already done so, [download the full release](/docs/setup/getting-started/#download) now.
If you haven't already done so, [download the full release](/docs/setup/additional-setup/download-istio-release/) now.
{{< /warning >}}
{{< tabset category-name="profile" >}}

4
content/en/docs/ops/integrations/spire/index.md
View File

@ -93,7 +93,7 @@ A ClusterSPIFFEID must be applied prior to installing Istio in order for the Ing
The example ClusterSPIFFEID enables automatic workload registration for all workloads with the `spiffe.io/spire-managed-identity: "true"` label. For pods with this label, the values specified in the `spiffeIDTemplate` will be extracted to form the SPIFFE ID.
1. [Download the Istio release](/docs/setup/getting-started/#download).
1. [Download the Istio release](/docs/setup/additional-setup/download-istio-release/).
1. Create the Istio configuration with custom patches for the Ingress-gateway and istio-proxy. The Ingress Gateway component includes the `spiffe.io/spire-managed-identity: "true"` label.
@ -194,7 +194,7 @@ Note that `SPIRE Controller Manager` is used in the [quick start](#option-1-quic
### Option 2: Configuration for Manual Workload Registration with SPIRE
1. [Download the Istio release](/docs/setup/getting-started/#download).
1. [Download the Istio release](/docs/setup/additional-setup/download-istio-release/).
1. After [deploying SPIRE](#install-spire) into your environment, and verifying that all deployments are in `Ready` state, configure Istio with custom patches for the Ingress-gateway as well as for istio-proxy.

2
content/en/docs/setup/additional-setup/customize-installation-helm/index.md
View File

@ -11,7 +11,7 @@ test: n/a
Before you begin, check the following prerequisites:
1. [Download the Istio release](/docs/setup/getting-started/#download).
1. [Download the Istio release](/docs/setup/additional-setup/download-istio-release/).
1. Perform any necessary [platform-specific setup](/docs/setup/platform-setup/).
1. Check the [Requirements for Pods and Services](/docs/ops/deployment/application-requirements/).
1. [Usage of helm for Istio installation](/docs/setup/install/helm).

2
content/en/docs/setup/additional-setup/customize-installation/index.md
View File

@ -11,7 +11,7 @@ test: n/a
Before you begin, check the following prerequisites:
1. [Download the Istio release](/docs/setup/getting-started/#download).
1. [Download the Istio release](/docs/setup/additional-setup/download-istio-release/).
1. Perform any necessary [platform-specific setup](/docs/setup/platform-setup/).
1. Check the [Requirements for Pods and Services](/docs/ops/deployment/application-requirements/).

58
content/en/docs/setup/additional-setup/download-istio-release/index.md Normal file
View File

@ -0,0 +1,58 @@
---
title: Download the Istio release
description: Get the files required to install and explore Istio.
weight: 30
keywords: [profiles,install,release,istioctl]
owner: istio/wg-environments-maintainers
test: n/a
---
Each Istio release includes a _release archive_ which contains:
- the [`istioctl`](/docs/ops/diagnostic-tools/istioctl/) binary
- [installation profiles](/docs/setup/additional-setup/config-profiles/) and [Helm charts](/docs/setup/install/helm)
- samples, including the [Bookinfo](/docs/examples/bookinfo/) application
A release archive is built for each supported processor architecture and operating system.
## Download Istio {#download}
1. Go to the [Istio release]({{< istio_release_url >}}) page to
download the installation file for your OS, or download and
extract the latest release automatically (Linux or macOS):
{{< text bash >}}
$ curl -L https://istio.io/downloadIstio | sh -
{{< /text >}}
{{< tip >}}
The command above downloads the latest release (numerically) of Istio.
You can pass variables on the command line to download a specific version
or to override the processor architecture.
For example, to download Istio {{< istio_full_version >}} for the x86_64 architecture,
run:
{{< text bash >}}
$ curl -L https://istio.io/downloadIstio | ISTIO_VERSION={{< istio_full_version >}} TARGET_ARCH=x86_64 sh -
{{< /text >}}
{{< /tip >}}
1. Move to the Istio package directory. For example, if the package is
`istio-{{< istio_full_version >}}`:
{{< text syntax=bash snip_id=none >}}
$ cd istio-{{< istio_full_version >}}
{{< /text >}}
The installation directory contains:
- Sample applications in `samples/`
- The [`istioctl`](/docs/reference/commands/istioctl) client binary in the
`bin/` directory.
1. Add the `istioctl` client to your path (Linux or macOS):
{{< text bash >}}
$ export PATH=$PWD/bin:$PATH
{{< /text >}}

214
content/en/docs/setup/additional-setup/getting-started/index.md → content/en/docs/setup/additional-setup/getting-started-istio-apis/index.md
View File

@ -1,35 +1,14 @@
---
title: Getting Started with Istio and Kubernetes Gateway API
description: Try Istios features quickly and easily.
weight: 5
aliases:
- /docs/setup/kubernetes/getting-started/
- /docs/setup/kubernetes/
- /docs/setup/kubernetes/install/kubernetes/
keywords: [getting-started, install, bookinfo, quick-start, kubernetes, gateway-api]
title: Getting Started without the Gateway API
description: Try Istios features with the legacy Istio APIs.
weight: 80
keywords: [getting-started, install, bookinfo, quick-start, kubernetes]
owner: istio/wg-environments-maintainers
test: yes
---
{{< tip >}}
{{< boilerplate gateway-api-future >}}
The following instructions allow you to get started with Istio using the Gateway API.
If you prefer to use the tried-and-proven Istio APIs for traffic management, you should use
[these instructions](/docs/setup/getting-started/) instead.
{{< /tip >}}
{{< warning >}}
The Kubernetes Gateway API CRDs do not come installed by default on most Kubernetes clusters, so make sure they are
installed before using the Gateway API:
{{< text bash >}}
$ kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || \
{ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref={{< k8s_gateway_api_version >}}" | kubectl apply -f -; }
{{< /text >}}
{{< /warning >}}
This guide lets you quickly evaluate Istio. If you are already familiar with
This guide lets you quickly evaluate Istio, using only its legacy APIs. If you want to use the Kubernetes Gateway API, [please see that example](/docs/setup/getting-started/).
If you are already familiar with
Istio or interested in installing other configuration profiles or
advanced [deployment models](/docs/ops/deployment/deployment-models/), refer to our
[which Istio installation method should I use?](/about/faq/#install-method-selection)
@ -103,16 +82,12 @@ Follow these steps to get started with Istio:
[platform instructions](/docs/setup/platform-setup/) for details.
{{< /warning >}}
Unlike [Istio Gateways](/docs/concepts/traffic-management/#gateways), creating
[Kubernetes Gateways](https://gateway-api.sigs.k8s.io/api-types/gateway/) will, by default, also
[deploy associated gateway proxy services](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment).
Therefore, because they won't be used, we disable the deployment of the default Istio gateway services that
are normally installed as part of the `demo` profile.
{{< text bash >}}
$ istioctl install -f @samples/bookinfo/demo-profile-no-gateways.yaml@ -y
$ istioctl install --set profile=demo -y
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete
{{< /text >}}
@ -190,23 +165,16 @@ Follow these steps to get started with Istio:
## Open the application to outside traffic {#ip}
The Bookinfo application is deployed but not accessible from the outside. To make it accessible,
you need to create an ingress gateway, which maps a path to a
you need to create an
[Istio Ingress Gateway](/docs/concepts/traffic-management/#gateways), which maps a path to a
route at the edge of your mesh.
1. Create a [Kubernetes Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/) for the Bookinfo application:
1. Associate this application with the Istio gateway:
{{< text bash >}}
$ kubectl apply -f @samples/bookinfo/gateway-api/bookinfo-gateway.yaml@
gateway.gateway.networking.k8s.io/bookinfo-gateway created
httproute.gateway.networking.k8s.io/bookinfo created
{{< /text >}}
Because creating a Kubernetes `Gateway` resource will also
[deploy an associated proxy service](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment),
run the following command to wait for the gateway to be ready:
{{< text bash >}}
$ kubectl wait --for=condition=programmed gtw bookinfo-gateway
$ kubectl apply -f @samples/bookinfo/networking/bookinfo-gateway.yaml@
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
{{< /text >}}
1. Ensure that there are no issues with the configuration:
@ -218,31 +186,149 @@ route at the edge of your mesh.
### Determining the ingress IP and ports
1. Set the `INGRESS_HOST` and `INGRESS_PORT` variables for accessing the gateway:
Follow these instructions to set the `INGRESS_HOST` and `INGRESS_PORT` variables
for accessing the gateway. Use the tabs to choose the instructions for your
chosen platform:
{{< boilerplate external-loadbalancer-support >}}
{{< tabset category-name="gateway-ip" >}}
{{< text bash >}}
$ export INGRESS_HOST=$(kubectl get gtw bookinfo-gateway -o jsonpath='{.status.addresses[0].value}')
$ export INGRESS_PORT=$(kubectl get gtw bookinfo-gateway -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
{{< /text >}}
{{< tab name="Minikube" category-value="external-lb" >}}
1. Set `GATEWAY_URL`:
Run this command in a new terminal window to start a Minikube tunnel that
sends traffic to your Istio Ingress Gateway. This will provide an external
load balancer, `EXTERNAL-IP`, for `service/istio-ingressgateway`.
{{< text bash >}}
$ minikube tunnel
{{< /text >}}
Set the ingress host and ports:
{{< text bash >}}
$ export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
$ export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
$ export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
{{< /text >}}
Ensure an IP address and ports were successfully assigned to each environment variable:
{{< text bash >}}
$ echo "$INGRESS_HOST"
127.0.0.1
{{< /text >}}
{{< text bash >}}
$ echo "$INGRESS_PORT"
80
{{< /text >}}
{{< text bash >}}
$ echo "$SECURE_INGRESS_PORT"
443
{{< /text >}}
{{< /tab >}}
{{< tab name="Other platforms" category-value="node-port" >}}
Execute the following command to determine if your Kubernetes cluster is running in an environment that supports external load balancers:
{{< text bash >}}
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 172.21.109.129 130.211.10.121 80:31380/TCP,443:31390/TCP,31400:31400/TCP 17h
{{< /text >}}
If the `EXTERNAL-IP` value is set, your environment has an external load balancer that you can use for the ingress gateway.
If the `EXTERNAL-IP` value is `<none>` (or perpetually `<pending>`), your environment does not provide an external load balancer for the ingress gateway.
In this case, you can access the gateway using the service's [node port](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport).
Choose the instructions corresponding to your environment:
**Follow these instructions if you have determined that your environment has an external load balancer.**
Set the ingress IP and ports:
{{< text bash >}}
$ export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
$ export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
$ export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
{{< /text >}}
{{< warning >}}
In certain environments, the load balancer may be exposed using a host name, instead of an IP address.
In this case, the ingress gateway's `EXTERNAL-IP` value will not be an IP address,
but rather a host name, and the above command will have failed to set the `INGRESS_HOST` environment variable.
Use the following command to correct the `INGRESS_HOST` value:
{{< text bash >}}
$ export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
{{< /text >}}
{{< /warning >}}
**Follow these instructions if your environment does not have an external load balancer and choose a node port instead.**
Set the ingress ports:
{{< text bash >}}
$ export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
$ export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
{{< /text >}}
_GKE:_
{{< text bash >}}
$ export INGRESS_HOST=worker-node-address
{{< /text >}}
You need to create firewall rules to allow the TCP traffic to the `ingressgateway` service's ports.
Run the following commands to allow the traffic for the HTTP port, the secure port (HTTPS) or both:
{{< text bash >}}
$ gcloud compute firewall-rules create allow-gateway-http --allow "tcp:$INGRESS_PORT"
$ gcloud compute firewall-rules create allow-gateway-https --allow "tcp:$SECURE_INGRESS_PORT"
{{< /text >}}
_IBM Cloud Kubernetes Service:_
{{< text bash >}}
$ ibmcloud ks workers --cluster cluster-name-or-id
$ export INGRESS_HOST=public-IP-of-one-of-the-worker-nodes
{{< /text >}}
_Docker For Desktop:_
{{< text bash >}}
$ export INGRESS_HOST=127.0.0.1
{{< /text >}}
_Other environments:_
{{< text bash >}}
$ export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')
{{< /text >}}
{{< /tab >}}
{{< /tabset >}}
1. Set `GATEWAY_URL`:
{{< text bash >}}
$ export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
{{< /text >}}
1. Ensure an IP address and port were successfully assigned to the environment variable:
1. Ensure an IP address and port were successfully assigned to the environment variable:
{{< text bash >}}
$ echo "$GATEWAY_URL"
169.48.8.37:80
127.0.0.1:80
{{< /text >}}
### Verify external access {#confirm}
Confirm that the Bookinfo application is accessible from outside the cluster
Confirm that the Bookinfo application is accessible from outside
by viewing the Bookinfo product page using a browser.
1. Run the following command to retrieve the external address of the Bookinfo application.
@ -346,17 +432,3 @@ If no longer needed, use the following command to remove it:
{{< text bash >}}
$ kubectl label namespace default istio-injection-
{{< /text >}}
If you installed the Kubernetes Gateway API CRDs and would now like to remove them, run one of the following commands:
- If you ran any tasks that required the **experimental version** of the CRDs:
{{< text bash >}}
$ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref={{< k8s_gateway_api_version >}}" | kubectl delete -f -
{{< /text >}}
- Otherwise:
{{< text bash >}}
$ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref={{< k8s_gateway_api_version >}}" | kubectl delete -f -
{{< /text >}}

0
content/en/docs/setup/additional-setup/getting-started/kiali-example2.png → content/en/docs/setup/additional-setup/getting-started-istio-apis/kiali-example2.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 178 KiB

After

Width:  |  Height:  |  Size: 178 KiB

116
content/en/docs/setup/additional-setup/getting-started/snips.sh → content/en/docs/setup/additional-setup/getting-started-istio-apis/snips.sh
View File

@ -17,15 +17,10 @@
####################################################################################################
# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
# docs/setup/additional-setup/getting-started/index.md
# docs/setup/additional-setup/getting-started-istio-apis/index.md
####################################################################################################
source "content/en/boilerplates/snips/trace-generation.sh"
snip__1() {
kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || \
{ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.1.0" | kubectl apply -f -; }
}
snip_download_istio_1() {
curl -L https://istio.io/downloadIstio | sh -
}
@ -39,12 +34,14 @@ export PATH=$PWD/bin:$PATH
}
snip_install_istio_1() {
istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true -f samples/bookinfo/demo-profile-no-gateways.yaml -y
istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --set profile=demo -y
}
! IFS=$'\n' read -r -d '' snip_install_istio_1_out <<\ENDSNIP
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete
ENDSNIP
@ -113,41 +110,112 @@ kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.
ENDSNIP
snip_open_the_application_to_outside_traffic_1() {
kubectl apply -f samples/bookinfo/gateway-api/bookinfo-gateway.yaml
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
}
! IFS=$'\n' read -r -d '' snip_open_the_application_to_outside_traffic_1_out <<\ENDSNIP
gateway.gateway.networking.k8s.io/bookinfo-gateway created
httproute.gateway.networking.k8s.io/bookinfo created
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
ENDSNIP
snip_open_the_application_to_outside_traffic_2() {
kubectl wait --for=condition=programmed gtw bookinfo-gateway
}
snip_open_the_application_to_outside_traffic_3() {
istioctl analyze
}
! IFS=$'\n' read -r -d '' snip_open_the_application_to_outside_traffic_3_out <<\ENDSNIP
! IFS=$'\n' read -r -d '' snip_open_the_application_to_outside_traffic_2_out <<\ENDSNIP
✔ No validation issues found when analyzing namespace: default.
ENDSNIP
snip_determining_the_ingress_ip_and_ports_1() {
export INGRESS_HOST=$(kubectl get gtw bookinfo-gateway -o jsonpath='{.status.addresses[0].value}')
export INGRESS_PORT=$(kubectl get gtw bookinfo-gateway -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
minikube tunnel
}
snip_determining_the_ingress_ip_and_ports_2() {
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
}
snip_determining_the_ingress_ip_and_ports_3() {
echo "$GATEWAY_URL"
echo "$INGRESS_HOST"
}
! IFS=$'\n' read -r -d '' snip_determining_the_ingress_ip_and_ports_3_out <<\ENDSNIP
169.48.8.37:80
127.0.0.1
ENDSNIP
snip_determining_the_ingress_ip_and_ports_4() {
echo "$INGRESS_PORT"
}
! IFS=$'\n' read -r -d '' snip_determining_the_ingress_ip_and_ports_4_out <<\ENDSNIP
80
ENDSNIP
snip_determining_the_ingress_ip_and_ports_5() {
echo "$SECURE_INGRESS_PORT"
}
! IFS=$'\n' read -r -d '' snip_determining_the_ingress_ip_and_ports_5_out <<\ENDSNIP
443
ENDSNIP
snip_determining_the_ingress_ip_and_ports_6() {
kubectl get svc istio-ingressgateway -n istio-system
}
! IFS=$'\n' read -r -d '' snip_determining_the_ingress_ip_and_ports_6_out <<\ENDSNIP
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 172.21.109.129 130.211.10.121 80:31380/TCP,443:31390/TCP,31400:31400/TCP 17h
ENDSNIP
snip_determining_the_ingress_ip_and_ports_7() {
export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
}
snip_determining_the_ingress_ip_and_ports_8() {
export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
}
snip_determining_the_ingress_ip_and_ports_9() {
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
}
snip_determining_the_ingress_ip_and_ports_10() {
export INGRESS_HOST=worker-node-address
}
snip_determining_the_ingress_ip_and_ports_11() {
gcloud compute firewall-rules create allow-gateway-http --allow "tcp:$INGRESS_PORT"
gcloud compute firewall-rules create allow-gateway-https --allow "tcp:$SECURE_INGRESS_PORT"
}
snip_determining_the_ingress_ip_and_ports_12() {
ibmcloud ks workers --cluster cluster-name-or-id
export INGRESS_HOST=public-IP-of-one-of-the-worker-nodes
}
snip_determining_the_ingress_ip_and_ports_13() {
export INGRESS_HOST=127.0.0.1
}
snip_determining_the_ingress_ip_and_ports_14() {
export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')
}
snip_determining_the_ingress_ip_and_ports_15() {
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
}
snip_determining_the_ingress_ip_and_ports_16() {
echo "$GATEWAY_URL"
}
! IFS=$'\n' read -r -d '' snip_determining_the_ingress_ip_and_ports_16_out <<\ENDSNIP
127.0.0.1:80
ENDSNIP
snip_verify_external_access_1() {
@ -180,11 +248,3 @@ kubectl delete namespace istio-system
snip_uninstall_3() {
kubectl label namespace default istio-injection-
}
snip_uninstall_4() {
kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v1.1.0" | kubectl delete -f -
}
snip_uninstall_5() {
kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.1.0" | kubectl delete -f -
}

27
content/en/docs/setup/additional-setup/getting-started/test.sh → content/en/docs/setup/additional-setup/getting-started-istio-apis/test.sh
View File

@ -15,13 +15,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.
source "tests/util/gateway-api.sh"
install_gateway_api_crds
set -e
set -u
set -o pipefail
source "tests/util/samples.sh"
# Download Istio
# Skipping this as we use the istioctl built from istio/istio reference
@ -33,7 +32,11 @@ _wait_for_deployment istio-system istiod
# Label the namespace
# remove the injection label to prevent the following command from failing
kubectl label namespace default istio-injection-
_verify_same snip_install_istio_2 "$snip_install_istio_2_out"
snip_install_istio_2
# TODO: how to make sure previous tests cleaned up everything?
# Cleanup sleep
cleanup_sleep_sample
# Deploy the sample Application
snip_deploy_the_sample_application_1
@ -54,15 +57,17 @@ _verify_like snip_deploy_the_sample_application_4 "$snip_deploy_the_sample_appli
# Open to outside traffic
_verify_contains snip_open_the_application_to_outside_traffic_1 "$snip_open_the_application_to_outside_traffic_1_out"
_wait_for_gateway default bookinfo-gateway
snip_open_the_application_to_outside_traffic_2
_wait_for_istio gateway default bookinfo-gateway
# Ensure no issues with configuration - istioctl analyze
_verify_contains snip_open_the_application_to_outside_traffic_3 "$snip_open_the_application_to_outside_traffic_3_out"
_verify_contains snip_open_the_application_to_outside_traffic_2 "$snip_open_the_application_to_outside_traffic_2_out"
# Get GATEWAY_URL
snip_determining_the_ingress_ip_and_ports_1
snip_determining_the_ingress_ip_and_ports_2
# export the INGRESS_ environment variables
# TODO make this work more generally. Currently using snips for Kind.
snip_determining_the_ingress_ip_and_ports_9
snip_determining_the_ingress_ip_and_ports_14
snip_determining_the_ingress_ip_and_ports_15
# Verify external access
get_bookinfo_productpage() {
@ -77,9 +82,7 @@ _verify_contains snip_view_the_dashboard_1 'deployment "kiali" successfully roll
# TODO Verify the browser output
# @cleanup
samples/bookinfo/platform/kube/cleanup.sh
cleanup_bookinfo_sample
snip_uninstall_1
snip_uninstall_2
snip_uninstall_3
remove_gateway_api_crds

BIN
content/en/docs/setup/getting-started/bookinfo-browser.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 366 KiB

290
content/en/docs/setup/getting-started/index.md
View File

@ -3,18 +3,15 @@ title: Getting Started
description: Try Istios features quickly and easily.
weight: 5
aliases:
- /docs/setup/kubernetes/getting-started/
- /docs/setup/kubernetes/
- /docs/setup/kubernetes/install/kubernetes/
keywords: [getting-started, install, bookinfo, quick-start, kubernetes]
- /docs/setup/additional-setup/getting-started/
- /latest/docs/setup/additional-setup/getting-started/
keywords: [getting-started, install, bookinfo, quick-start, kubernetes, gateway-api]
owner: istio/wg-environments-maintainers
test: yes
---
{{< tip >}}
{{< boilerplate gateway-api-future >}}
If you would like to get started with Istio using the Gateway API,
refer to the [future getting started instructions](/docs/setup/additional-setup/getting-started/) instead of the following.
Want to explore Istio's {{< gloss "ambient" >}}ambient mode{{< /gloss >}}? Visit the [Getting Started with Ambient Mode](/docs/ambient/getting-started) guide!
{{< /tip >}}
This guide lets you quickly evaluate Istio. If you are already familiar with
@ -23,15 +20,12 @@ advanced [deployment models](/docs/ops/deployment/deployment-models/), refer to
[which Istio installation method should I use?](/about/faq/#install-method-selection)
FAQ page.
These steps require you to have a {{< gloss >}}cluster{{< /gloss >}} running a
[supported version](/docs/releases/supported-releases#support-status-of-istio-releases) of Kubernetes ({{< supported_kubernetes_versions >}}). You can use any supported platform, for
example [Minikube](https://kubernetes.io/docs/tasks/tools/install-minikube/) or
others specified by the
[platform-specific setup instructions](/docs/setup/platform-setup/).
You will need a Kubernetes cluster to proceed. If you don't have a cluster, you can use [kind](/docs/setup/platform-setup/kind) or any other [supported Kubernetes platform](/docs/setup/platform-setup).
Follow these steps to get started with Istio:
1. [Download and install Istio](#download)
1. [Install the Kubernetes Gateway API CRDs](#gateway-api)
1. [Deploy the sample application](#bookinfo)
1. [Open the application to outside traffic](#ip)
1. [View the dashboard](#dashboard)
@ -39,26 +33,14 @@ Follow these steps to get started with Istio:
## Download Istio {#download}
1. Go to the [Istio release]({{< istio_release_url >}}) page to
download the installation file for your OS, or download and
extract the latest release automatically (Linux or macOS):
download the installation file for your OS, or [download and
extract the latest release automatically](/docs/setup/additional-setup/download-istio-release)
(Linux or macOS):
{{< text bash >}}
$ curl -L https://istio.io/downloadIstio | sh -
{{< /text >}}
{{< tip >}}
The command above downloads the latest release (numerically) of Istio.
You can pass variables on the command line to download a specific version
or to override the processor architecture.
For example, to download Istio {{< istio_full_version >}} for the x86_64 architecture,
run:
{{< text bash >}}
$ curl -L https://istio.io/downloadIstio | ISTIO_VERSION={{< istio_full_version >}} TARGET_ARCH=x86_64 sh -
{{< /text >}}
{{< /tip >}}
1. Move to the Istio package directory. For example, if the package is
`istio-{{< istio_full_version >}}`:
@ -80,24 +62,25 @@ Follow these steps to get started with Istio:
## Install Istio {#install}
1. For this installation, we use the `demo`
[configuration profile](/docs/setup/additional-setup/config-profiles/). It's
selected to have a good set of defaults for testing, but there are other
profiles for production or performance testing.
For this guide, we use the `demo`
[configuration profile](/docs/setup/additional-setup/config-profiles/). It is
selected to have a good set of defaults for testing, but there are other
profiles for production, performance testing or [OpenShift](/docs/setup/platform-setup/openshift/).
{{< warning >}}
If your platform has a vendor-specific configuration profile, e.g., Openshift, use
it in the following command, instead of the `demo` profile. Refer to your
[platform instructions](/docs/setup/platform-setup/) for details.
{{< /warning >}}
Unlike [Istio Gateways](/docs/concepts/traffic-management/#gateways), creating
[Kubernetes Gateways](https://gateway-api.sigs.k8s.io/api-types/gateway/) will, by default, also
[deploy gateway proxy servers](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment).
Because they won't be used, we disable the deployment of the default Istio gateway services that
are normally installed as part of the `demo` profile.
1. Install Istio using the `demo` profile, without any gateways:
{{< text bash >}}
$ istioctl install --set profile=demo -y
$ istioctl install -f @samples/bookinfo/demo-profile-no-gateways.yaml@ -y
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete
Made this installation the default for injection and validation.
{{< /text >}}
1. Add a namespace label to instruct Istio to automatically inject Envoy
@ -108,12 +91,26 @@ Follow these steps to get started with Istio:
namespace/default labeled
{{< /text >}}
## Install the Kubernetes Gateway API CRDs {#gateway-api}
The Kubernetes Gateway API CRDs do not come installed by default on most Kubernetes clusters, so make sure they are
installed before using the Gateway API.
1. Install the Gateway API CRDs, if they are not already present:
{{< text bash >}}
$ kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || \
{ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref={{< k8s_gateway_api_version >}}" | kubectl apply -f -; }
{{< /text >}}
## Deploy the sample application {#bookinfo}
You have configured Istio to inject sidecar containers into any application you deploy in your `default` namespace.
1. Deploy the [`Bookinfo` sample application](/docs/examples/bookinfo/):
{{< text bash >}}
$ kubectl apply -f @samples/bookinfo/platform/kube/bookinfo.yaml@
$ kubectl apply -f {{< github_file >}}/samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
@ -130,7 +127,7 @@ Follow these steps to get started with Istio:
deployment.apps/productpage-v1 created
{{< /text >}}
1. The application will start. As each pod becomes ready, the Istio sidecar will be
The application will start. As each pod becomes ready, the Istio sidecar will be
deployed along with it.
{{< text bash >}}
@ -156,14 +153,9 @@ Follow these steps to get started with Istio:
reviews-v3-7dbcdcbc56-m8dph 2/2 Running 0 2m41s
{{< /text >}}
{{< tip >}}
Re-run the previous command and wait until all pods report READY `2/2` and
STATUS `Running` before you go to the next step. This might take a few minutes
depending on your platform.
{{< /tip >}}
Note that the pods show `READY 2/2`, confirming they have their application container and the Istio sidecar container.
1. Verify everything is working correctly up to this point. Run this command to
see if the app is running inside the cluster and serving HTML pages by
1. Validate that the app is running inside the cluster by
checking for the page title in the response:
{{< text bash >}}
@ -173,184 +165,51 @@ Follow these steps to get started with Istio:
## Open the application to outside traffic {#ip}
The Bookinfo application is deployed but not accessible from the outside. To make it accessible,
you need to create an
[Istio Ingress Gateway](/docs/concepts/traffic-management/#gateways), which maps a path to a
The Bookinfo application is deployed, but not accessible from the outside. To make it accessible,
you need to create an ingress gateway, which maps a path to a
route at the edge of your mesh.
1. Associate this application with the Istio gateway:
1. Create a [Kubernetes Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/) for the Bookinfo application:
{{< text bash >}}
$ kubectl apply -f @samples/bookinfo/networking/bookinfo-gateway.yaml@
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
{{< text syntax=bash snip_id=deploy_bookinfo_gateway >}}
$ kubectl apply -f @samples/bookinfo/gateway-api/bookinfo-gateway.yaml@
gateway.gateway.networking.k8s.io/bookinfo-gateway created
httproute.gateway.networking.k8s.io/bookinfo created
{{< /text >}}
1. Ensure that there are no issues with the configuration:
By default, Istio creates a `LoadBalancer` service for a gateway. As we will access this gateway by a tunnel, we don't need a load balancer. If you want to learn about how load balancers are configured for external IP addresses, read the [ingress gateways](/docs/tasks/traffic-management/ingress/ingress-control/) documentation.
{{< text bash >}}
$ istioctl analyze
✔ No validation issues found when analyzing namespace: default.
1. Change the service type to `ClusterIP` by annotating the gateway:
{{< text syntax=bash snip_id=annotate_bookinfo_gateway >}}
$ kubectl annotate gateway bookinfo-gateway networking.istio.io/service-type=ClusterIP --namespace=default
{{< /text >}}
### Determining the ingress IP and ports
Follow these instructions to set the `INGRESS_HOST` and `INGRESS_PORT` variables
for accessing the gateway. Use the tabs to choose the instructions for your
chosen platform:
{{< tabset category-name="gateway-ip" >}}
{{< tab name="Minikube" category-value="external-lb" >}}
Run this command in a new terminal window to start a Minikube tunnel that
sends traffic to your Istio Ingress Gateway. This will provide an external
load balancer, `EXTERNAL-IP`, for `service/istio-ingressgateway`.
{{< text bash >}}
$ minikube tunnel
{{< /text >}}
Set the ingress host and ports:
{{< text bash >}}
$ export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
$ export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
$ export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
{{< /text >}}
Ensure an IP address and ports were successfully assigned to each environment variable:
{{< text bash >}}
$ echo "$INGRESS_HOST"
127.0.0.1
{{< /text >}}
{{< text bash >}}
$ echo "$INGRESS_PORT"
80
{{< /text >}}
{{< text bash >}}
$ echo "$SECURE_INGRESS_PORT"
443
{{< /text >}}
{{< /tab >}}
{{< tab name="Other platforms" category-value="node-port" >}}
Execute the following command to determine if your Kubernetes cluster is running in an environment that supports external load balancers:
{{< text bash >}}
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 172.21.109.129 130.211.10.121 80:31380/TCP,443:31390/TCP,31400:31400/TCP 17h
{{< /text >}}
If the `EXTERNAL-IP` value is set, your environment has an external load balancer that you can use for the ingress gateway.
If the `EXTERNAL-IP` value is `<none>` (or perpetually `<pending>`), your environment does not provide an external load balancer for the ingress gateway.
In this case, you can access the gateway using the service's [node port](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport).
Choose the instructions corresponding to your environment:
**Follow these instructions if you have determined that your environment has an external load balancer.**
Set the ingress IP and ports:
{{< text bash >}}
$ export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
$ export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
$ export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
{{< /text >}}
{{< warning >}}
In certain environments, the load balancer may be exposed using a host name, instead of an IP address.
In this case, the ingress gateway's `EXTERNAL-IP` value will not be an IP address,
but rather a host name, and the above command will have failed to set the `INGRESS_HOST` environment variable.
Use the following command to correct the `INGRESS_HOST` value:
{{< text bash >}}
$ export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
{{< /text >}}
{{< /warning >}}
**Follow these instructions if your environment does not have an external load balancer and choose a node port instead.**
Set the ingress ports:
{{< text bash >}}
$ export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
$ export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
{{< /text >}}
_GKE:_
{{< text bash >}}
$ export INGRESS_HOST=worker-node-address
{{< /text >}}
You need to create firewall rules to allow the TCP traffic to the `ingressgateway` service's ports.
Run the following commands to allow the traffic for the HTTP port, the secure port (HTTPS) or both:
{{< text bash >}}
$ gcloud compute firewall-rules create allow-gateway-http --allow "tcp:$INGRESS_PORT"
$ gcloud compute firewall-rules create allow-gateway-https --allow "tcp:$SECURE_INGRESS_PORT"
{{< /text >}}
_IBM Cloud Kubernetes Service:_
{{< text bash >}}
$ ibmcloud ks workers --cluster cluster-name-or-id
$ export INGRESS_HOST=public-IP-of-one-of-the-worker-nodes
{{< /text >}}
_Docker For Desktop:_
{{< text bash >}}
$ export INGRESS_HOST=127.0.0.1
{{< /text >}}
_Other environments:_
{{< text bash >}}
$ export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')
{{< /text >}}
{{< /tab >}}
{{< /tabset >}}
1. Set `GATEWAY_URL`:
1. To check the status of the gateway, run:
{{< text bash >}}
$ export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
$ kubectl get gateway
NAME CLASS ADDRESS PROGRAMMED AGE
bookinfo-gateway istio bookinfo-gateway-istio.default.svc.cluster.local True 42s
{{< /text >}}
1. Ensure an IP address and port were successfully assigned to the environment variable:
## Access the application
{{< text bash >}}
$ echo "$GATEWAY_URL"
127.0.0.1:80
{{< /text >}}
You will connect to the Bookinfo `productpage` service through the gateway you just provisioned. To access the gateway, you need to use the `kubectl port-forward` command:
### Verify external access {#confirm}
{{< text syntax=bash snip_id=none >}}
$ kubectl port-forward svc/bookinfo-gateway-istio 8080:80
{{< /text >}}
Confirm that the Bookinfo application is accessible from outside
by viewing the Bookinfo product page using a browser.
Open your browser and navigate to `http://localhost:8080/productpage` to view the Bookinfo application.
1. Run the following command to retrieve the external address of the Bookinfo application.
{{< image width="80%" link="./bookinfo-browser.png" caption="Bookinfo Application" >}}
{{< text bash >}}
$ echo "http://$GATEWAY_URL/productpage"
{{< /text >}}
1. Paste the output from the previous command into your web browser and confirm that the Bookinfo product page is displayed.
If you refresh the page, you should see the book reviews and ratings changing as the requests are distributed across the different versions of the `reviews` service.
## View the dashboard {#dashboard}
Istio integrates with [several](/docs/ops/integrations) different telemetry applications. These can help you gain
Istio integrates with [several different telemetry applications](/docs/ops/integrations). These can help you gain
an understanding of the structure of your service mesh, display the topology of the mesh, and analyze the health of your mesh.
Use the following instructions to deploy the [Kiali](/docs/ops/integrations/kiali/) dashboard, along with [Prometheus](/docs/ops/integrations/prometheus/), [Grafana](/docs/ops/integrations/grafana), and [Jaeger](/docs/ops/integrations/jaeger/).
@ -364,11 +223,6 @@ Use the following instructions to deploy the [Kiali](/docs/ops/integrations/kial
deployment "kiali" successfully rolled out
{{< /text >}}
{{< tip >}}
If there are errors trying to install the addons, try running the command again. There may
be some timing issues which will be resolved when the command is run again.
{{< /tip >}}
1. Access the Kiali dashboard.
{{< text bash >}}
@ -441,3 +295,17 @@ If no longer needed, use the following command to remove it:
{{< text bash >}}
$ kubectl label namespace default istio-injection-
{{< /text >}}
If you installed the Kubernetes Gateway API CRDs and would now like to remove them, run one of the following commands:
- If you ran any tasks that required the **experimental version** of the CRDs:
{{< text bash >}}
$ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref={{< k8s_gateway_api_version >}}" | kubectl delete -f -
{{< /text >}}
- Otherwise:
{{< text bash >}}
$ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref={{< k8s_gateway_api_version >}}" | kubectl delete -f -
{{< /text >}}

145
content/en/docs/setup/getting-started/snips.sh
View File

@ -25,24 +25,19 @@ snip_download_istio_1() {
curl -L https://istio.io/downloadIstio | sh -
}
snip_download_istio_2() {
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.23.0 TARGET_ARCH=x86_64 sh -
}
snip_download_istio_4() {
snip_download_istio_3() {
export PATH=$PWD/bin:$PATH
}
snip_install_istio_1() {
istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --set profile=demo -y
istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true -f samples/bookinfo/demo-profile-no-gateways.yaml -y
}
! IFS=$'\n' read -r -d '' snip_install_istio_1_out <<\ENDSNIP
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete
Made this installation the default for injection and validation.
ENDSNIP
snip_install_istio_2() {
@ -53,8 +48,13 @@ kubectl label namespace default istio-injection=enabled
namespace/default labeled
ENDSNIP
snip_install_the_kubernetes_gateway_api_crds_1() {
kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || \
{ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.1.0" | kubectl apply -f -; }
}
snip_deploy_the_sample_application_1() {
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.23/samples/bookinfo/platform/kube/bookinfo.yaml
}
! IFS=$'\n' read -r -d '' snip_deploy_the_sample_application_1_out <<\ENDSNIP
@ -109,119 +109,28 @@ kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.
<title>Simple Bookstore App</title>
ENDSNIP
snip_open_the_application_to_outside_traffic_1() {
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
snip_deploy_bookinfo_gateway() {
kubectl apply -f samples/bookinfo/gateway-api/bookinfo-gateway.yaml
}
! IFS=$'\n' read -r -d '' snip_open_the_application_to_outside_traffic_1_out <<\ENDSNIP
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
! IFS=$'\n' read -r -d '' snip_deploy_bookinfo_gateway_out <<\ENDSNIP
gateway.gateway.networking.k8s.io/bookinfo-gateway created
httproute.gateway.networking.k8s.io/bookinfo created
ENDSNIP
snip_open_the_application_to_outside_traffic_2() {
istioctl analyze
snip_annotate_bookinfo_gateway() {
kubectl annotate gateway bookinfo-gateway networking.istio.io/service-type=ClusterIP --namespace=default
}
! IFS=$'\n' read -r -d '' snip_open_the_application_to_outside_traffic_2_out <<\ENDSNIP
✔ No validation issues found when analyzing namespace: default.
snip_open_the_application_to_outside_traffic_3() {
kubectl get gateway
}
! IFS=$'\n' read -r -d '' snip_open_the_application_to_outside_traffic_3_out <<\ENDSNIP
NAME CLASS ADDRESS PROGRAMMED AGE
bookinfo-gateway istio bookinfo-gateway-istio.default.svc.cluster.local True 42s
ENDSNIP
snip_determining_the_ingress_ip_and_ports_1() {
minikube tunnel
}
snip_determining_the_ingress_ip_and_ports_2() {
export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
}
snip_determining_the_ingress_ip_and_ports_3() {
echo "$INGRESS_HOST"
}
! IFS=$'\n' read -r -d '' snip_determining_the_ingress_ip_and_ports_3_out <<\ENDSNIP
127.0.0.1
ENDSNIP
snip_determining_the_ingress_ip_and_ports_4() {
echo "$INGRESS_PORT"
}
! IFS=$'\n' read -r -d '' snip_determining_the_ingress_ip_and_ports_4_out <<\ENDSNIP
80
ENDSNIP
snip_determining_the_ingress_ip_and_ports_5() {
echo "$SECURE_INGRESS_PORT"
}
! IFS=$'\n' read -r -d '' snip_determining_the_ingress_ip_and_ports_5_out <<\ENDSNIP
443
ENDSNIP
snip_determining_the_ingress_ip_and_ports_6() {
kubectl get svc istio-ingressgateway -n istio-system
}
! IFS=$'\n' read -r -d '' snip_determining_the_ingress_ip_and_ports_6_out <<\ENDSNIP
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 172.21.109.129 130.211.10.121 80:31380/TCP,443:31390/TCP,31400:31400/TCP 17h
ENDSNIP
snip_determining_the_ingress_ip_and_ports_7() {
export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
}
snip_determining_the_ingress_ip_and_ports_8() {
export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
}
snip_determining_the_ingress_ip_and_ports_9() {
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
}
snip_determining_the_ingress_ip_and_ports_10() {
export INGRESS_HOST=worker-node-address
}
snip_determining_the_ingress_ip_and_ports_11() {
gcloud compute firewall-rules create allow-gateway-http --allow "tcp:$INGRESS_PORT"
gcloud compute firewall-rules create allow-gateway-https --allow "tcp:$SECURE_INGRESS_PORT"
}
snip_determining_the_ingress_ip_and_ports_12() {
ibmcloud ks workers --cluster cluster-name-or-id
export INGRESS_HOST=public-IP-of-one-of-the-worker-nodes
}
snip_determining_the_ingress_ip_and_ports_13() {
export INGRESS_HOST=127.0.0.1
}
snip_determining_the_ingress_ip_and_ports_14() {
export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')
}
snip_determining_the_ingress_ip_and_ports_15() {
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
}
snip_determining_the_ingress_ip_and_ports_16() {
echo "$GATEWAY_URL"
}
! IFS=$'\n' read -r -d '' snip_determining_the_ingress_ip_and_ports_16_out <<\ENDSNIP
127.0.0.1:80
ENDSNIP
snip_verify_external_access_1() {
echo "http://$GATEWAY_URL/productpage"
}
snip_view_the_dashboard_1() {
kubectl apply -f samples/addons
kubectl rollout status deployment/kiali -n istio-system
@ -248,3 +157,11 @@ kubectl delete namespace istio-system
snip_uninstall_3() {
kubectl label namespace default istio-injection-
}
snip_uninstall_4() {
kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v1.1.0" | kubectl delete -f -
}
snip_uninstall_5() {
kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.1.0" | kubectl delete -f -
}

39
content/en/docs/setup/getting-started/test.sh
View File

@ -15,12 +15,13 @@
# See the License for the specific language governing permissions and
# limitations under the License.
source "tests/util/gateway-api.sh"
install_gateway_api_crds
set -e
set -u
set -o pipefail
source "tests/util/samples.sh"
# Download Istio
# Skipping this as we use the istioctl built from istio/istio reference
@ -32,11 +33,7 @@ _wait_for_deployment istio-system istiod
# Label the namespace
# remove the injection label to prevent the following command from failing
kubectl label namespace default istio-injection-
snip_install_istio_2
# TODO: how to make sure previous tests cleaned up everything?
# Cleanup sleep
cleanup_sleep_sample
_verify_same snip_install_istio_2 "$snip_install_istio_2_out"
# Deploy the sample Application
snip_deploy_the_sample_application_1
@ -56,33 +53,23 @@ _verify_like snip_deploy_the_sample_application_3 "$snip_deploy_the_sample_appli
_verify_like snip_deploy_the_sample_application_4 "$snip_deploy_the_sample_application_4_out"
# Open to outside traffic
_verify_contains snip_open_the_application_to_outside_traffic_1 "$snip_open_the_application_to_outside_traffic_1_out"
_wait_for_istio gateway default bookinfo-gateway
_verify_contains snip_deploy_bookinfo_gateway "$snip_deploy_bookinfo_gateway_out"
_wait_for_gateway default bookinfo-gateway
snip_annotate_bookinfo_gateway
# Ensure no issues with configuration - istioctl analyze
_verify_contains snip_open_the_application_to_outside_traffic_2 "$snip_open_the_application_to_outside_traffic_2_out"
# Get GATEWAY_URL
# export the INGRESS_ environment variables
# TODO make this work more generally. Currently using snips for Kind.
snip_determining_the_ingress_ip_and_ports_9
snip_determining_the_ingress_ip_and_ports_14
snip_determining_the_ingress_ip_and_ports_15
# Verify external access
get_bookinfo_productpage() {
curl -s "http://${GATEWAY_URL}/productpage" | grep -o "<title>.*</title>"
}
_verify_contains get_bookinfo_productpage "<title>Simple Bookstore App</title>"
# Ensure no issues with configuration
_verify_like snip_open_the_application_to_outside_traffic_3 "$snip_open_the_application_to_outside_traffic_3_out"
# verify Kiali deployment
_verify_contains snip_view_the_dashboard_1 'deployment "kiali" successfully rolled out'
# Verify Kiala dashboard
# Verify Kiali dashboard
# TODO Verify the browser output
# @cleanup
cleanup_bookinfo_sample
samples/bookinfo/platform/kube/cleanup.sh
snip_uninstall_1
snip_uninstall_2
snip_uninstall_3
remove_gateway_api_crds

2
content/en/docs/setup/install/istioctl/index.md
View File

@ -28,7 +28,7 @@ via command-line options for individual settings or for passing a yaml file cont
Before you begin, check the following prerequisites:
1. [Download the Istio release](/docs/setup/getting-started/#download).
1. [Download the Istio release](/docs/setup/additional-setup/download-istio-release/).
1. Perform any necessary [platform-specific setup](/docs/setup/platform-setup/).
1. Check the [Requirements for Pods and Services](/docs/ops/deployment/application-requirements/).

4
content/en/docs/setup/install/operator/index.md
View File

@ -85,7 +85,7 @@ You can alternatively deploy the operator using Helm:
-n istio-operator
{{< /text >}}
Note that you need to [download the Istio release](/docs/setup/getting-started/#download)
Note that you need to [download the Istio release](/docs/setup/additional-setup/download-istio-release/)
to run the above command.
{{< /tip >}}
@ -291,7 +291,7 @@ $ helm install istio-operator manifests/charts/istio-operator \
--set revision={{< istio_full_version_revision >}}
{{< /text >}}
Note that you need to [download the Istio release](/docs/setup/getting-started/#download)
Note that you need to [download the Istio release](/docs/setup/additional-setup/download-istio-release/)
to run the above command.
{{< /tip >}}

2
content/en/docs/setup/install/virtual-machine/index.md
View File

@ -15,7 +15,7 @@ Follow this guide to deploy Istio and connect a virtual machine to it.
## Prerequisites
1. [Download the Istio release](/docs/setup/getting-started/#download)
1. [Download the Istio release](/docs/setup/additional-setup/download-istio-release/)
1. Perform any necessary [platform-specific setup](/docs/setup/platform-setup/)
1. Check the requirements [for Pods and Services](/docs/ops/deployment/application-requirements/)
1. Virtual machines must have IP connectivity to the ingress gateway in the connecting mesh, and optionally every pod in the mesh via L3 networking if enhanced performance is desired.

2
content/en/docs/setup/platform-setup/kind/index.md
View File

@ -58,7 +58,7 @@ Follow these instructions to prepare a kind cluster for Istio installation.
Switched to context "kind-istio-testing".
{{< /text >}}
Once you are done setting up a kind cluster, you can proceed to [install Istio](/docs/setup/getting-started/#download)
Once you are done setting up a kind cluster, you can proceed to [install Istio](/docs/setup/additional-setup/download-istio-release/)
on it.
1. When you are done experimenting and you want to delete the existing cluster, use the following command:

2
content/en/docs/setup/upgrade/in-place/index.md
View File

@ -44,7 +44,7 @@ are configured with a minimum availability of 1.
The commands in this section should be run using the new version of `istioctl` which
can be found in the `bin/` subdirectory of the downloaded package.
1. [Download the new Istio release](/docs/setup/getting-started/#download)
1. [Download the new Istio release](/docs/setup/additional-setup/download-istio-release/)
and change directory to the new release directory.
1. Ensure that your Kubernetes configuration points to the cluster to upgrade:

2
content/en/docs/tasks/traffic-management/ingress/gateway-api/index.md
View File

@ -20,7 +20,7 @@ and [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/)
{{< tip >}}
Many of the Istio traffic management documents include instructions for using either the Istio or Kubernetes API
(see the [control ingress traffic task](/docs/tasks/traffic-management/ingress/ingress-control), for example).
You can even use the Gateway API, right from the start, by following the [future getting started instructions](/docs/setup/additional-setup/getting-started/).
You can use the Gateway API, right from the start, by following the [getting started instructions](/docs/setup/getting-started/).
{{< /tip >}}
## Setup

2
content/en/news/releases/1.16.x/announcing-1.16/upgrade-notes/index.md
View File

@ -13,4 +13,4 @@ Users upgrading from 1.14.x to Istio 1.16.0 should also reference the [1.15 chan
## Gateway API Resources
The Gateway API integration has been upgraded to read `v1beta1` resources for `HTTPRoute`, `Gateway`, and `GatewayClass`. If using the new Gateway API feature for traffic management, which is currently beta, this change requires the gateway-api to be version 0.5.0 or higher. For more information, see the Kubernetes Gateway API [Getting Started Guide](/docs/setup/additional-setup/getting-started).
The Gateway API integration has been upgraded to read `v1beta1` resources for `HTTPRoute`, `Gateway`, and `GatewayClass`. If using the new Gateway API feature for traffic management, which is currently beta, this change requires the gateway-api to be version 0.5.0 or higher. For more information, see the Kubernetes Gateway API [Getting Started Guide](/docs/setup/getting-started/).

4
layouts/shortcodes/relnote.html
View File

@ -105,9 +105,9 @@
{{ if eq $release_location "main" }}
{{ if .Site.Data.args.preliminary }}
{{/* we don't go to the language-specific page, since it might not be there when introducing a new language */}}
{{ $download_link = printf "https://istio.io/docs/setup/getting-started/#download" }}
{{ $download_link = printf "https://istio.io/docs/setup/additional-setup/download-istio-release/" }}
{{ else if not .Site.Data.args.archive }}
{{ $download_link = printf "%s/docs/setup/getting-started/#download" $lang }}
{{ $download_link = printf "%s/docs/setup/additional-setup/download-istio-release/" $lang }}
{{ end }}
{{ end }}