From b875d07075491c99bf2d4abd0c4e55151d17bcb4 Mon Sep 17 00:00:00 2001 From: Lin Sun Date: Tue, 28 Aug 2018 14:02:55 -0400 Subject: [PATCH] adding minimal istio doc (#2349) * adding minimal istio doc * fix spell error * address steve comment * address steve comment * change to 2.10 per discussion * fix CI lint errors * remove aliases * fix broken link * fix link * fix link * address yossi's good catches! --- .../concepts/policies-and-telemetry/index.md | 2 +- .../kubernetes/advanced-install/index.md | 34 +++++ .../setup/kubernetes/helm-install/index.md | 33 ----- .../setup/kubernetes/minimal-install/index.md | 119 ++++++++++++++++++ 4 files changed, 154 insertions(+), 34 deletions(-) create mode 100644 content/docs/setup/kubernetes/minimal-install/index.md diff --git a/content/docs/concepts/policies-and-telemetry/index.md b/content/docs/concepts/policies-and-telemetry/index.md index e87386000a..d6d91c152c 100644 --- a/content/docs/concepts/policies-and-telemetry/index.md +++ b/content/docs/concepts/policies-and-telemetry/index.md @@ -47,7 +47,7 @@ At a high level, Mixer provides: Beyond these purely functional aspects, Mixer also has [reliability and scalability](#reliability-and-latency) benefits as outlined below. Policy enforcement and telemetry collection are entirely driven from configuration. -It's possible to [completely disable these features](/docs/setup/kubernetes/helm-install/#customization-example-traffic-management-minimal-set) +It's possible to [completely disable these features](/docs/setup/kubernetes/minimal-install/) and avoid the need to run the Mixer component in an Istio deployment. ## Adapters diff --git a/content/docs/setup/kubernetes/advanced-install/index.md b/content/docs/setup/kubernetes/advanced-install/index.md index f68a1eeab6..b16dbff803 100644 --- a/content/docs/setup/kubernetes/advanced-install/index.md +++ b/content/docs/setup/kubernetes/advanced-install/index.md @@ -28,3 +28,37 @@ If you wish to take advantage of Istio's L7 traffic management capabilities, in addition to obtaining in-depth telemetry and performing distributed request tracing, deploy Istio Pilot and Mixer. In addition, disable policy enforcement at the Mixer. + +## Customization Example: Traffic Management And Security Minimal Set + +Istio has a rich feature set, but you may only want to use a subset of these. For instance, you might be only interested in installing the minimum necessary services to support traffic management and security functionality. + +This example shows how to install the minimal set of components necessary to use [traffic management](/docs/tasks/traffic-management/) features. + +Execute the following command to install the Pilot and Citadel: + +{{< text bash >}} +$ helm install install/kubernetes/helm/istio --name istio --namespace istio-system \ + --set ingress.enabled=false \ + --set gateways.istio-ingressgateway.enabled=false \ + --set gateways.istio-egressgateway.enabled=false \ + --set galley.enabled=false \ + --set sidecarInjectorWebhook.enabled=false \ + --set mixer.enabled=false \ + --set prometheus.enabled=false \ + --set global.proxy.envoyStatsd.enabled=false +{{< /text >}} + +Ensure the `istio-pilot-*` and `istio-citadel-*` Kubernetes pods are deployed and their containers are up and running: + +{{< text bash >}} +$ kubectl get pods -n istio-system +NAME READY STATUS RESTARTS AGE +istio-citadel-b48446f79-wd4tk 1/1 Running 0 1m +istio-pilot-58c65f74bc-2f5xn 2/2 Running 0 1m +{{< /text >}} + +With this minimal set you can install your own application and [configure request routing](/docs/tasks/traffic-management/request-routing/). You will need to [manually inject the sidecar](/docs/setup/kubernetes/sidecar-injection/#manual-sidecar-injection). + +[Installation Options](/docs/reference/config/installation-options/) has the full list of options allowing you to tailor the Istio installation to your needs. Before you override the default value with `--set` in `helm install`, please check the configurations for the option in `install/kubernetes/helm/istio/values.yaml` and uncomment the commented context if needed. + diff --git a/content/docs/setup/kubernetes/helm-install/index.md b/content/docs/setup/kubernetes/helm-install/index.md index da126508ed..dd0482d31f 100644 --- a/content/docs/setup/kubernetes/helm-install/index.md +++ b/content/docs/setup/kubernetes/helm-install/index.md @@ -92,39 +92,6 @@ to manage the lifecycle of Istio. $ helm install install/kubernetes/helm/istio --name istio --namespace istio-system {{< /text >}} -## Customization Example: Traffic Management Minimal Set - -Istio has a rich feature set, but you may only want to use a subset of these. For instance, you might be only interested in installing the minimum necessary to support traffic management functionality. - -This example shows how to install the minimal set of components necessary to use [traffic management](/docs/tasks/traffic-management/) features. - -Execute the following command to install the Pilot and Citadel: - -{{< text bash >}} -$ helm install install/kubernetes/helm/istio --name istio --namespace istio-system \ - --set ingress.enabled=false \ - --set gateways.istio-ingressgateway.enabled=false \ - --set gateways.istio-egressgateway.enabled=false \ - --set galley.enabled=false \ - --set sidecarInjectorWebhook.enabled=false \ - --set mixer.enabled=false \ - --set prometheus.enabled=false \ - --set global.proxy.envoyStatsd.enabled=false -{{< /text >}} - -Ensure the `istio-pilot-*` and `istio-citadel-*` Kubernetes pods are deployed and their containers are up and running: - -{{< text bash >}} -$ kubectl get pods -n istio-system -NAME READY STATUS RESTARTS AGE -istio-citadel-b48446f79-wd4tk 1/1 Running 0 1m -istio-pilot-58c65f74bc-2f5xn 2/2 Running 0 1m -{{< /text >}} - -With this minimal set you can install your own application and [configure request routing](/docs/tasks/traffic-management/request-routing/) for instance. You will need to [manually inject the sidecar](/docs/setup/kubernetes/sidecar-injection/#manual-sidecar-injection). - -[Installation Options](/docs/reference/config/installation-options/) has the full list of options allowing you to tailor the Istio installation to your needs. Before you override the default value with `--set` in `helm install`, please check the configurations for the option in `install/kubernetes/helm/istio/values.yaml` and uncomment the commented context if needed. - ## Uninstall * For option 1, uninstall using `kubectl`: diff --git a/content/docs/setup/kubernetes/minimal-install/index.md b/content/docs/setup/kubernetes/minimal-install/index.md new file mode 100644 index 0000000000..f74ee22485 --- /dev/null +++ b/content/docs/setup/kubernetes/minimal-install/index.md @@ -0,0 +1,119 @@ +--- +title: Minimal Istio Installation +description: Install minimal Istio using Helm. +weight: 31 +keywords: [kubernetes,helm, minimal] +icon: /img/helm.svg +--- + +Quick start instructions for the minimal setup and configuration of Istio using Helm. +This minimal install provides traffic management features of Istio. + +## Prerequisites + +Refer to the [prerequisites](/docs/setup/kubernetes/quick-start/#prerequisites) described in the Quick Start guide. + +## Installation steps + +1. If using a Helm version prior to 2.10.0, install Istio's [Custom Resource Definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) +via `kubectl apply`, and wait a few seconds for the CRDs to be committed in the kube-apiserver: + + {{< text bash >}} + $ kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml + {{< /text >}} + +1. Choose one of the following two +**mutually exclusive** options described below. + +### Option 1: Install with Helm via `helm template` + +1. Render Istio's core components to a Kubernetes manifest called `istio.yaml`: + + {{< text bash >}} + $ helm template install/kubernetes/helm/istio --name istio --namespace istio-system \ + --set security.enabled=false \ + --set ingress.enabled=false \ + --set gateways.istio-ingressgateway.enabled=false \ + --set gateways.istio-egressgateway.enabled=false \ + --set galley.enabled=false \ + --set sidecarInjectorWebhook.enabled=false \ + --set mixer.enabled=false \ + --set prometheus.enabled=false \ + --set global.proxy.envoyStatsd.enabled=false \ + --set pilot.sidecar=false > $HOME/istio-minimal.yaml + {{< /text >}} + +1. Install the Pilot component via the manifest: + + {{< text bash >}} + $ kubectl create namespace istio-system + $ kubectl apply -f $HOME/istio-minimal.yaml + {{< /text >}} + +### Option 2: Install with Helm and Tiller via `helm install` + +This option allows Helm and +[Tiller](https://github.com/kubernetes/helm/blob/master/docs/architecture.md#components) +to manage the lifecycle of Istio. + +1. If a service account has not already been installed for Tiller, install one: + + {{< text bash >}} + $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml + {{< /text >}} + +1. Install Tiller on your cluster with the service account: + + {{< text bash >}} + $ helm init --service-account tiller + {{< /text >}} + +1. Install Istio: + + {{< text bash >}} + $ helm install install/kubernetes/helm/istio --name istio-minimal --namespace istio-system \ + --set security.enabled=false \ + --set ingress.enabled=false \ + --set gateways.istio-ingressgateway.enabled=false \ + --set gateways.istio-egressgateway.enabled=false \ + --set galley.enabled=false \ + --set sidecarInjectorWebhook.enabled=false \ + --set mixer.enabled=false \ + --set prometheus.enabled=false \ + --set global.proxy.envoyStatsd.enabled=false \ + --set pilot.sidecar=false + {{< /text >}} + +1. Ensure the `istio-pilot-*` Kubernetes pod is deployed and its container is up and running: + +{{< text bash >}} +$ kubectl get pods -n istio-system +NAME READY STATUS RESTARTS AGE +istio-pilot-58c65f74bc-2f5xn 1/1 Running 0 1m +{{< /text >}} + +## Uninstall + +* For option 1, uninstall using `kubectl`: + + {{< text bash >}} + $ kubectl delete -f $HOME/istio-minimal.yaml + {{< /text >}} + +* For option 2, uninstall using Helm: + + {{< text bash >}} + $ helm delete --purge istio-minimal + {{< /text >}} + + If your Helm version is less than 2.10.0, then you need to manually cleanup extra job resource before redeploy new version of Istio chart: + + {{< text bash >}} + $ kubectl -n istio-system delete job --all + {{< /text >}} + +* If desired, delete the CRDs: + + {{< text bash >}} + $ kubectl delete -f install/kubernetes/helm/istio/templates/crds.yaml -n istio-system + {{< /text >}}