istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use helm charts from downloaded release (#3689) 

* Use charts from downloaded release

* fix circleci errors

* bad link

* more bad links

* undo fix links
This commit is contained in:
Frank Budinsky 2019-03-14 16:38:37 -04:00 committed by istio-bot
parent bb81b68d9c
commit dd8b7aac40
4 changed files with 69 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/boilerplates/helm-security-warning.md
View File

@ -1,7 +1,7 @@
---
---
{{< warning >}}
The instructions for using Helm with Tiller do not use secure defaults. See
the [Helm Security Guidelines](https://helm.sh/docs/using_helm/#securing-your-helm-installation)
The instructions for using Helm with Tiller do not use secure defaults.
See the [Helm Security Guidelines](https://helm.sh/docs/using_helm/#securing-your-helm-installation)
for further steps to secure a Tiller-based installation.
{{< /warning >}}

190
content/docs/setup/kubernetes/install/helm/index.md
View File

@ -25,61 +25,37 @@ and then further customize the configuration for your specific needs.
## Prerequisites
1. [Download the Istio release](/docs/setup/kubernetes/download/).
1. Perform any necessary [platform-specific setup](/docs/setup/kubernetes/prepare/platform-setup/).
1. Check the [Requirements for Pods and Services](/docs/setup/kubernetes/prepare/requirements/) on Pods and Services.
1. Check the [Requirements for Pods and Services](/docs/setup/kubernetes/prepare/requirements/).
1. [Install a Helm client with a version higher than 2.10](https://github.com/helm/helm/blob/master/docs/install.md).
1. Istio by default uses `LoadBalancer` service object types. Some platforms do not support `LoadBalancer`
service objects. For platforms lacking `LoadBalancer` support, install Istio with `NodePort` support
instead with the flags `--set gateways.istio-ingressgateway.type=NodePort`
appended to the end of the Helm instructions in the installation steps below.
1. [Install a Helm client](https://github.com/helm/helm/blob/master/docs/install.md) with a version higher than 2.10.
{{< tip >}}
These instructions assume the `istio-init` container will be used to setup `iptables` to redirect network traffic
to/from Envoy sidecars. If you plan to customize the configuration to use `--set istio_cni.enabled=true`, you also
need to ensure that a CNI plugin is enabled. Refer to [CNI Setup](/docs/setup/kubernetes/additional-setup/cni/)
need to ensure that a CNI plugin is deployed. Refer to [CNI Setup](/docs/setup/kubernetes/additional-setup/cni/)
for details.
{{< /tip >}}
## Installation steps
The following commands may be run from any directory. We use Helm to obtain the charts via a secure
HTTPS endpoint hosted in Istio's infrastructure throughout this document.
The following commands use the Helm charts that are included in the Istio release image.
Change directory to the root of the release and then
choose one of the following two **mutually exclusive** options:
1. To deploy Istio without using Tiller, follow the instructions for [option 1](/docs/setup/kubernetes/install/helm/#option-1-install-with-helm-via-helm-template).
1. To use [Helm's Tiller pod](https://helm.sh/) to manage your Istio release, follow the instructions for [option 2](/docs/setup/kubernetes/install/helm/#option-2-install-with-helm-and-tiller-via-helm-install).
{{< tip >}}
The techniques in this document use Istio's daily build of Istio 1.1 Helm packages. These
Helm charts may be slightly ahead of any particular snapshot as the project finishes the release
candidates prior to 1.1 release. To use a snapshot-specific release, change the repo add URL to
the appropriate snapshot. For example, if you want to run with snapshot 6, use the
[URL](https://gcsweb.istio.io/gcs/istio-prerelease/prerelease/1.1.0-snapshot.6/charts) in installation step 1 below.
Istio, by default, uses `LoadBalancer` service object types. Some platforms do not support `LoadBalancer`
service objects. For platforms lacking `LoadBalancer` support, install Istio with `NodePort` support
instead with the flags `--set gateways.istio-ingressgateway.type=NodePort`
appended to the end of the Helm instructions in the installation steps below.
{{< /tip >}}
1. Update Helm's local package cache with the location of the Helm daily release:
{{< text bash >}}
$ helm repo add istio.io "https://gcsweb.istio.io/gcs/istio-prerelease/daily-build/release-1.1-latest-daily/charts/"
{{< /text >}}
1. Make an Istio working directory for fetching the charts:
{{< text bash >}}
$ mkdir -p $HOME/istio-fetch
{{< /text >}}
1. Fetch the helm templates needed for installation:
{{< text bash >}}
$ helm fetch istio.io/istio-init --untar --untardir $HOME/istio-fetch
$ helm fetch istio.io/istio --untar --untardir $HOME/istio-fetch
{{< /text >}}
1. Choose one of the following two **mutually exclusive** options described below.
- To deploy Istio without using Tiller, follow the instructions for [option 1](/docs/setup/kubernetes/install/helm/#option-1-install-with-helm-via-helm-template).
- To use [Helm's Tiller pod](https://helm.sh/) to manage your Istio release, follow the instructions for [option 2](/docs/setup/kubernetes/install/helm/#option-2-install-with-helm-and-tiller-via-helm-install).
### Option 1: Install with Helm via `helm template`
Choose this option if your cluster doesn't have [Tiller](https://github.com/kubernetes/helm/blob/master/docs/architecture.md#components)
@ -96,31 +72,10 @@ deployed and you don't want to install it.
(CRDs) using `kubectl apply`, and wait a few seconds for the CRDs to be committed in the Kubernetes API-server:
{{< text bash >}}
$ helm template $HOME/istio-fetch/istio-init --name istio-init --namespace istio-system | kubectl apply -f -
$ helm template install/kubernetes/helm/istio-init --name istio-init --namespace istio-system | kubectl apply -f -
{{< /text >}}
{{< warning >}}
Do not manually delete Custom Resource Definitions from the generated yaml. Doing so will cause precondition
checks on various components to fail and will stop Istio from starting up correctly.
<p> If you *absolutely have to* delete CRDs, then update Galley deployment settings to explicitly indicate the kinds of deleted CRDs:
{{< text bash >}}
$ kubectl -n istio-system edit deployment istio-galley
{{< /text >}}
{{< text yaml >}}
containers:
- command:
- /usr/local/bin/galley
- server
# ...
- --excludedResourceKinds
- noop # exclude CRD w/ kind: noop
{{< /text >}}
{{< /warning >}}
1. Verify all `58` Istio CRDs were committed to the Kubernetes API-server using the following command:
1. Verify that all `58` Istio CRDs were committed to the Kubernetes api-server using the following command:
{{< text bash >}}
$ kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l
@ -141,7 +96,7 @@ $ kubectl -n istio-system edit deployment istio-galley
{{% tab name="default" cookie-value="default" %}}
{{< text bash >}}
$ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system | kubectl apply -f -
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system | kubectl apply -f -
{{< /text >}}
{{% /tab %}}
@ -149,8 +104,8 @@ $ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system |
{{% tab name="demo" cookie-value="demo" %}}
{{< text bash >}}
$ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-demo.yaml | kubectl apply -f -
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-demo.yaml | kubectl apply -f -
{{< /text >}}
{{% /tab %}}
@ -158,8 +113,8 @@ $ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
{{% tab name="demo-auth" cookie-value="demo-auth" %}}
{{< text bash >}}
$ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-demo-auth.yaml | kubectl apply -f -
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-demo-auth.yaml | kubectl apply -f -
{{< /text >}}
{{% /tab %}}
@ -167,8 +122,8 @@ $ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
{{% tab name="minimal" cookie-value="minimal" %}}
{{< text bash >}}
$ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-minimal.yaml | kubectl apply -f -
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-minimal.yaml | kubectl apply -f -
{{< /text >}}
{{% /tab %}}
@ -176,8 +131,8 @@ $ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
{{% tab name="remote" cookie-value="remote" %}}
{{< text bash >}}
$ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-remote.yaml | kubectl apply -f -
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-remote.yaml | kubectl apply -f -
{{< /text >}}
{{% /tab %}}
@ -185,8 +140,8 @@ $ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
{{% tab name="sds" cookie-value="sds" %}}
{{< text bash >}}
$ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-sds-auth.yaml | kubectl apply -f -
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-sds-auth.yaml | kubectl apply -f -
{{< /text >}}
{{% /tab %}}
@ -205,26 +160,7 @@ to manage the lifecycle of Istio.
If not already defined, create one using following command:
{{< text bash >}}
$ kubectl apply -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
EOF
$ kubectl apply -f @install/kubernetes/helm/helm-service-account.yaml@
{{< /text >}}
1. Install Tiller on your cluster with the service account:
@ -236,7 +172,7 @@ to manage the lifecycle of Istio.
1. Install the `istio-init` chart to bootstrap all the Istio's CRDs:
{{< text bash >}}
$ helm install istio.io/istio-init --name istio-init --namespace istio-system
$ helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system
{{< /text >}}
1. Verify that all `58` Istio CRDs were committed to the Kubernetes api-server using the following command:
@ -260,7 +196,7 @@ to manage the lifecycle of Istio.
{{% tab name="default" cookie-value="default" %}}
{{< text bash >}}
$ helm install istio.io/istio --name istio --namespace istio-system
$ helm install install/kubernetes/helm/istio --name istio --namespace istio-system
{{< /text >}}
{{% /tab %}}
@ -268,8 +204,8 @@ $ helm install istio.io/istio --name istio --namespace istio-system
{{% tab name="demo" cookie-value="demo" %}}
{{< text bash >}}
$ helm install istio.io/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-demo.yaml
$ helm install install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-demo.yaml
{{< /text >}}
{{% /tab %}}
@ -277,8 +213,8 @@ $ helm install istio.io/istio --name istio --namespace istio-system \
{{% tab name="demo-auth" cookie-value="demo-auth" %}}
{{< text bash >}}
$ helm install istio.io/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-demo-auth.yaml
$ helm install install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-demo-auth.yaml
{{< /text >}}
{{% /tab %}}
@ -286,8 +222,8 @@ $ helm install istio.io/istio --name istio --namespace istio-system \
{{% tab name="minimal" cookie-value="minimal" %}}
{{< text bash >}}
$ helm install istio.io/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-minimal.yaml
$ helm install install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-minimal.yaml
{{< /text >}}
{{% /tab %}}
@ -295,8 +231,8 @@ $ helm install istio.io/istio --name istio --namespace istio-system \
{{% tab name="remote" cookie-value="remote" %}}
{{< text bash >}}
$ helm install istio.io/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-remote.yaml
$ helm install install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-remote.yaml
{{< /text >}}
{{% /tab %}}
@ -304,8 +240,8 @@ $ helm install istio.io/istio --name istio --namespace istio-system \
{{% tab name="sds" cookie-value="sds" %}}
{{< text bash >}}
$ helm install istio.io/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-sds-auth.yaml
$ helm install install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-sds-auth.yaml
{{< /text >}}
{{% /tab %}}
@ -314,8 +250,9 @@ $ helm install istio.io/istio --name istio --namespace istio-system \
## Verifying the installation
1. Run the following command to verify that all the Kubernetes services corresponding to your selected
[configuration profile](/docs/setup/kubernetes/additional-setup/config-profiles/) have been deployed:
1. Referring to components table in
[configuration profiles](/docs/setup/kubernetes/additional-setup/config-profiles/),
verify that the Kubernetes services corresponding to your selected profile have been deployed.
{{< text bash >}}
$ kubectl get svc -n istio-system
@ -329,14 +266,14 @@ $ helm install istio.io/istio --name istio --namespace istio-system \
## Uninstall
1. If you installed Istio with the `helm template`, uninstall with these commands:
* If you installed Istio using the `helm template` command, uninstall with these commands:
{{< tabset cookie-name="helm_profile" >}}
{{% tab name="default" cookie-value="default" %}}
{{< text bash >}}
$ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system | kubectl delete -f -
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system | kubectl delete -f -
$ kubectl delete namespace istio-system
{{< /text >}}
@ -345,8 +282,8 @@ $ kubectl delete namespace istio-system
{{% tab name="demo" cookie-value="demo" %}}
{{< text bash >}}
$ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-demo.yaml | kubectl delete -f -
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-demo.yaml | kubectl delete -f -
$ kubectl delete namespace istio-system
{{< /text >}}
@ -355,8 +292,8 @@ $ kubectl delete namespace istio-system
{{% tab name="demo-auth" cookie-value="demo-auth" %}}
{{< text bash >}}
$ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-demo-auth.yaml | kubectl delete -f -
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-demo-auth.yaml | kubectl delete -f -
$ kubectl delete namespace istio-system
{{< /text >}}
@ -365,8 +302,8 @@ $ kubectl delete namespace istio-system
{{% tab name="minimal" cookie-value="minimal" %}}
{{< text bash >}}
$ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-minimal.yaml | kubectl delete -f -
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-minimal.yaml | kubectl delete -f -
$ kubectl delete namespace istio-system
{{< /text >}}
@ -375,8 +312,8 @@ $ kubectl delete namespace istio-system
{{% tab name="remote" cookie-value="remote" %}}
{{< text bash >}}
$ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-remote.yaml | kubectl delete -f -
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-remote.yaml | kubectl delete -f -
$ kubectl delete namespace istio-system
{{< /text >}}
@ -385,8 +322,8 @@ $ kubectl delete namespace istio-system
{{% tab name="sds" cookie-value="sds" %}}
{{< text bash >}}
$ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system \
--values $HOME/istio-fetch/istio/values-istio-sds-auth.yaml | kubectl delete -f -
$ helm template install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-sds-auth.yaml | kubectl delete -f -
$ kubectl delete namespace istio-system
{{< /text >}}
@ -394,7 +331,7 @@ $ kubectl delete namespace istio-system
{{< /tabset >}}
1. If you installed Istio using `Tiller`, uninstall with these commands:
* If you installed Istio using Helm and Tiller, uninstall with these commands:
{{< text bash >}}
$ helm delete --purge istio
@ -412,15 +349,10 @@ configuration data rather than unexpectedly lose it.
Deleting CRDs permanently deletes any configuration changes that you have made to Istio.
{{< /warning >}}
The `istio-init` chart contains all raw CRDs in the `istio-init/files` directory. After fetching this
chart, you can simply delete the CRDs using `kubectl`.
1. To permanently delete Istio's CRDs and the entire Istio configuration, run:
The `istio-init` chart contains all raw CRDs in the `istio-init/files` directory.
You can simply delete the CRDs using `kubectl`.
To permanently delete Istio's CRDs and the entire Istio configuration, run:
{{< text bash >}}
$ mkdir -p $HOME/istio-fetch
$ helm fetch istio.io/istio-init --untar --untardir $HOME/istio-fetch
$ kubectl delete -f $HOME/istio-fetch/istio-init/files
$ kubectl delete -f install/kubernetes/helm/istio-init/files
{{< /text >}}

15
content/docs/setup/kubernetes/install/kubernetes/index.md
View File

@ -23,20 +23,7 @@ This permits customization of Istio to operator specific requirements.
1. [Download the Istio release](/docs/setup/kubernetes/download/).
1. [Kubernetes platform setup](/docs/setup/kubernetes/prepare/platform-setup/):
* [Alibaba Cloud](/docs/setup/kubernetes/prepare/platform-setup/alicloud/)
* [Azure](/docs/setup/kubernetes/prepare/platform-setup/azure/)
* [Docker For Desktop](/docs/setup/kubernetes/prepare/platform-setup/docker/)
* [Google Container Engine (GKE)](/docs/setup/kubernetes/prepare/platform-setup/gke/)
* [IBM Cloud](/docs/setup/kubernetes/prepare/platform-setup/ibm/)
* [Minikube](/docs/setup/kubernetes/prepare/platform-setup/minikube/)
* [OpenShift Origin](/docs/setup/kubernetes/prepare/platform-setup/openshift/)
* [Oracle Cloud Infrastructure (OKE)](/docs/setup/kubernetes/prepare/platform-setup/oci/)
{{< tip >}}
Istio {{< istio_version >}} has been tested with these Kubernetes releases: {{< supported_kubernetes_versions >}}.
{{< /tip >}}
1. Perform any necessary [platform-specific setup](/docs/setup/kubernetes/prepare/platform-setup/).
1. Check the [Requirements for Pods and Services](/docs/setup/kubernetes/prepare/requirements/).

10
content/docs/setup/kubernetes/prepare/requirements/index.md
View File

@ -23,11 +23,11 @@ cluster must satisfy the following requirements:
- `tls`
- `udp`
For example, `name: http2-foo` or `name: http` are valid port names, but
`name: http2foo` is not. If the port name does not begin with a recognized
prefix or if the port is unnamed, traffic on the port is treated as
plain TCP traffic unless the port [explicitly](https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service)
uses `Protocol: UDP` to signify a UDP port.
For example, `name: http2-foo` or `name: http` are valid port names, but
`name: http2foo` is not. If the port name does not begin with a recognized
prefix or if the port is unnamed, traffic on the port is treated as
plain TCP traffic unless the port [explicitly](https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service)
uses `Protocol: UDP` to signify a UDP port.
- **Pod ports**: Pods must include an explicit list of the ports each
container listens on. Use a `containerPort` configuration in the container