istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/archive/v0.2/docs/setup/kubernetes/quick-start.html

33 lines
23 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en" itemscope itemtype="https://schema.org/WebPage" style="overflow-y: scroll;"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="title" content="Quick Start"><meta name="og:title" content="Quick Start"><meta name="og:image" content="/v0.2/img/logo.png"/><meta name="description" content="Quick Start instructions to setup the Istio service mesh in a Kubernetes cluster."><meta name="og:description" content="Quick Start instructions to setup the Istio service mesh in a Kubernetes cluster."><title>Istioldie 0.2 / Quick Start</title><script> window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date; ga('create', 'UA-98480406-2', 'auto'); ga('send', 'pageview'); </script> <script async src='https://www.google-analytics.com/analytics.js'></script><link rel="alternate" type="application/rss+xml" title="Istio Blog RSS" href="/v0.2/feed.xml"><link rel="apple-touch-icon" href="/v0.2/favicons/apple-touch-icon.png" sizes="180x180"><link rel="icon" type="image/png" href="/v0.2/favicons/android-chrome-96x96.png" sizes="96x96" ><link rel="icon" type="image/png" href="/v0.2/favicons/favicon-32x32.png" sizes="32x32"><link rel="icon" type="image/png" href="/v0.2/favicons/favicon-16x16.png" sizes="16x16"><link rel="manifest" href="/v0.2/favicons/manifest.json"><link rel="mask-icon" href="/v0.2/favicons/safari-pinned-tab.svg" color="#2DA6B0"><meta name="msapplication-TileColor" content="#ffffff"><meta name="msapplication-TileImage" content="/v0.2/favicons/mstile-150x150.png"><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic"><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"><link rel="stylesheet" href="/v0.2/css/all.css"><link rel="stylesheet" href="/v0.2/css/prism.css"> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script></head><body class="language-unknown"><div class="nav-hero-container" style="z-index: 200000;"><nav id="header-nav" class="navbar navbar-inverse" role="navigation"><div class="container"><div class="row"><div class="col-md-11 nofloat center-block "><div class="navbar-header"> <button type="button" class="hamburger navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="navbar-brand" href="/v0.2/"><div> <img src="/v0.2/img/logo.png" alt="Istio" width="36px" height="54px"/> <span class="brand-name">Istioldie 0.2</span></div></a></div><div class="collapse navbar-collapse" id="navbar-collapse-1"><ul class="nav navbar-nav navbar-right"><li><a href="/v0.2/about/" >About</a></li><li><a href="/v0.2/docs/" class='current'>Docs</a></li><li><a href="/v0.2/blog/" >Blog</a></li><li><a href="/v0.2/community/" >Community</a></li><li><a href="/v0.2/faq/" >FAQ</a></li><li class="dropdown"><li class="dropdown"> <a class="dropdown-toggle" data-toggle="dropdown" href=""> <i class='fa fa-lg fa-cog'></i> <span class="caret"></span> </a><ul class="dropdown-menu"><h6 class="dropdown-header">Other versions of this site</h6><li> <a href="https://istio.io">Current Release</a></li><li> <a href="https://preliminary.istio.io">Next Release</a></li><li> <a href="https://archive.istio.io">Older Releases</a></li></ul></li><li><form name="cse" id="searchbox_demo" class="navbar-form navbar-right" role="search"> <input type="hidden" name="cx" value="013699703217164175118:iwwf17ikgf4" /> <input type="hidden" name="ie" value="utf-8" /> <input type="hidden" name="hl" value="en" /><div class="form-group"><div class="input-group"> <input name="q" class="form-control" type="text" size="30" /><div class="input-group-addon"> <span class="btn-search glyphicon glyphicon-search"></span></div></div></div></form> <script type="text/javascript" src="https://www.google.com/cse/brand?form=searchbox_demo"></script></li></ul></div></div></div></div></nav></div><div class="container"><div class="row"><div class="col-md-11 nofloat center-block" style="margin-top: 3px;"><ul class="col-sm-10 nav nav-tabs"><li role="presentation" ><a href="/v0.2/docs/">Welcome</a></li><li role="presentation" ><a href="/v0.2/docs/concepts/">Concepts</a></li><li role="presentation" class='active'><a href="/v0.2/docs/setup/">Setup</a></li><li role="presentation" ><a href="/v0.2/docs/tasks/">Tasks</a></li><li role="presentation" ><a href="/v0.2/docs/guides/">Guides</a></li><li role="presentation" ><a href="/v0.2/docs/reference/">Reference</a></li></ul></div></div></div><script src="/v0.2/js/navtree.js"></script><div class="container docs"><div class="row"><div class="col-md-11 nofloat center-block"><div class="row"><div id="sidebar-container" class="col-sm-3"><ul class="doc-side-nav"><li><h5 class='doc-side-nav-title'>Setup</h5></li><script type="text/javascript"> var docs = []; docs.push({path: [ "cloudfoundry", "index.md", ], url: "/docs/setup/cloudfoundry/", title: "Cloud Foundry", order: 40, overview: "Instructions for installing the Istio control plane in Cloud Foundry."}); docs.push({path: [ "cloudfoundry", "install.md", ], url: "/docs/setup/cloudfoundry/install.html", title: "Installation", order: 10, overview: "Instructions for installing the Istio control plane in Cloud Foundry."}); docs.push({path: [ "consul", "faq.md", ], url: "/docs/setup/consul/faq.html", title: "FAQ", order: 100, overview: "Frequently asked questions, current limitations and troubleshooting tips."}); docs.push({path: [ "consul", "index.md", ], url: "/docs/setup/consul/", title: "Nomad & Consul", order: 20, overview: "Instructions for installing the Istio control plane in a Consul based environment, with or without Nomad."}); docs.push({path: [ "consul", "install.md", ], url: "/docs/setup/consul/install.html", title: "Installation", order: 30, overview: "Instructions for installing the Istio control plane in a Consul based environment, with or without Nomad."}); docs.push({path: [ "consul", "quick-start.md", ], url: "/docs/setup/consul/quick-start.html", title: "Quick Start on Docker", order: 10, overview: "Quick Start instructions to setup the Istio service mesh with Docker Compose."}); docs.push({path: [ "eureka", "faq.md", ], url: "/docs/setup/eureka/faq.html", title: "FAQ", order: 100, overview: "Frequently asked questions, current limitations and troubleshooting tips."}); docs.push({path: [ "eureka", "index.md", ], url: "/docs/setup/eureka/", title: "Eureka", order: 30, overview: "Instructions for installing the Istio control plane in a Eureka based environment."}); docs.push({path: [ "eureka", "install.md", ], url: "/docs/setup/eureka/install.html", title: "Installation", order: 30, overview: "Instructions for installing the Istio control plane in an Eureka based environment."}); docs.push({path: [ "eureka", "quick-start.md", ], url: "/docs/setup/eureka/quick-start.html", title: "Quick Start on Docker", order: 10, overview: "Quick Start instructions to setup the Istio service mesh with Docker Compose."}); docs.push({path: [ "index.md", ], url: "/docs/setup/", title: "Setup", order: 15, overview: "Setup contains instructions for installing the Istio control plane in various environments (e.g., Kubernetes, Consul, etc.), as well as instructions for installing the sidecar in the application deployment."}); docs.push({path: [ "kubernetes", "faq.md", ], url: "/docs/setup/kubernetes/faq.html", title: "FAQ", order: 100, overview: "Frequently asked questions, current limitations and troubleshooting tips on this topic."}); docs.push({path: [ "kubernetes", "index.md", ], url: "/docs/setup/kubernetes/", title: "Kubernetes", order: 10, overview: "Instructions for installing the Istio control plane on Kubernetes and adding VMs into the mesh."}); docs.push({path: [ "kubernetes", "mesh-expansion.md", ], url: "/docs/setup/kubernetes/mesh-expansion.html", title: "Istio Mesh Expansion", order: 60, overview: "Instructions for integrating VMs and bare metal hosts into an Istio mesh deployed on Kubernetes."}); docs.push({path: [ "kubernetes", "quick-start.md", ], url: "/docs/setup/kubernetes/quick-start.html", title: "Quick Start", order: 10, overview: "Quick Start instructions to setup the Istio service mesh in a Kubernetes cluster."}); docs.push({path: [ "kubernetes", "sidecar-injection.md", ], url: "/docs/setup/kubernetes/sidecar-injection.html", title: "Installing Istio Sidecar", order: 50, overview: "Instructions for installing the Istio sidecar in application pods automatically using the Istio initializer or manually using istioctl CLI."}); docs.push({path: [ "mesos", "index.md", ], url: "/docs/setup/mesos/", title: "Mesos", order: 50, overview: "Instructions for installing the Istio control plane in Apache Mesos."}); docs.push({path: [ "mesos", "install.md", ], url: "/docs/setup/mesos/install.html", title: "Installation", order: 10, overview: "Instructions for installing the Istio control plane in Apache Mesos."}); genNavBarTree(docs) </script></ul></div><div id="tab-container" class="col-xs-1 tab-neg-margin pull-left"> <a id="sidebar-tab" class="glyphicon glyphicon-chevron-left" href="javascript:void 0;"></a></div><div id="content-container" class="thin-left-border col-sm-9 markdown"><div id="toc" class="toc"></div><div id="doc-content"><h1>Quick Start</h1><p>Quick Start instructions to install and configure Istio in a Kubernetes cluster.</p><h2 id="prerequisites">Prerequisites</h2><p>The following instructions require you have access to a Kubernetes <strong>1.7.3 or newer</strong> cluster with <a href="https://kubernetes.io/docs/admin/authorization/rbac/">RBAC (Role-Based Access Control)</a> enabled. You will also need <code>kubectl</code> <strong>1.7.3 or newer</strong> installed. If you wish to enable <a href="/v0.2/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection">automatic injection of sidecar</a>, you need to turn on Kubernetes alpha features in your cluster.</p><blockquote><p>Note: If you installed Istio 0.1.x, <a href="https://archive.istio.io/v0.1/docs/tasks/installing-istio.html#uninstalling">uninstall</a> it completely before installing the newer version (including the Istio sidecar for all Istio enabled application pods).</p></blockquote><ul><li><p>Depending on your Kubernetes provider:</p><ul><li><p>To install Istio locally, install the latest version of <a href="https://kubernetes.io/docs/getting-started-guides/minikube/">Minikube</a> (version 0.22.1 or later).</p></li><li><p><a href="https://cloud.google.com/container-engine">Google Container Engine</a></p><ul><li>Retrieve your credentials for kubectl (replace <code>&lt;cluster-name&gt;</code> with the name of the cluster you want to use, and <code>&lt;zone&gt;</code> with the zone where that cluster is located):<pre><code class="language-bash">gcloud container clusters get-credentials &lt;cluster-name&gt; --zone &lt;zone&gt; --project &lt;project-name&gt;
</code></pre></li><li>Grant cluster admin permissions to the current user (admin permissions are required to create the necessary RBAC rules for Istio):<pre><code class="language-bash">kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)
</code></pre></li></ul></li><li><p><a href="https://www.ibm.com/cloud-computing/bluemix/containers">IBM Bluemix Container Service</a></p><ul><li>Retrieve your credentials for kubectl (replace <code>&lt;cluster-name&gt;</code> with the name of the cluster you want to use):<pre><code class="language-bash">$(bx cs cluster-config &lt;cluster-name&gt;|grep "export KUBECONFIG")
</code></pre></li></ul></li><li><p><a href="https://www.openshift.org">Openshift Origin</a> version 3.7 or later</p><ul><li>Openshift by default does not allow containers running with UID 0. Enable containers running with UID 0 for Istios service accounts for ingress and egress:<pre><code class="language-bash">oc adm policy add-scc-to-user anyuid -z istio-ingress-service-account -n istio-system
oc adm policy add-scc-to-user anyuid -z istio-egress-service-account -n istio-system
oc adm policy add-scc-to-user anyuid -z default -n istio-system
</code></pre></li><li>Service account that runs application pods need privileged security context constraints as part of sidecar injection.<pre><code class="language-bash">oc adm policy add-scc-to-user privileged -z default -n &lt;target-namespace&gt;
</code></pre></li></ul></li></ul></li><li><p>Install or upgrade the Kubernetes CLI <a href="https://kubernetes.io/docs/tasks/tools/install-kubectl/">kubectl</a> to match the version supported by your cluster (version 1.7 or later for CRD support).</p></li></ul><h2 id="installation-steps">Installation steps</h2><p>Starting with the 0.2 release, Istio is installed in its own <code>istio-system</code> namespace, and can manage micro-services from all other namespaces.</p><ol><li>Go to the <a href="https://github.com/istio/istio/releases">Istio release</a> page to download the installation file corresponding to your OS. If you are using a MacOS or Linux system, you can also run the following command to download and extract the latest release automatically:<pre><code class="language-bash"> curl -L https://git.io/getLatestIstio | sh -
</code></pre></li><li>Extract the installation file and change the directory to the file location. The installation directory contains:<ul><li>Installation <code>.yaml</code> files for Kubernetes in <code>install/</code></li><li>Sample applications in <code>samples/</code></li><li>The <code>istioctl</code> client binary in the <code>bin/</code> directory. <code>istioctl</code> is used when manually injecting Envoy as a sidecar proxy and for creating routing rules and policies.</li><li>The <code>istio.VERSION</code> configuration file</li></ul></li><li>Change directory to istio package. For example, if the package is istio-0.2.7<pre><code class="language-bash"> cd istio-0.2.7
</code></pre></li><li>Add the <code>istioctl</code> client to your PATH. For example, run the following command on a MacOS or Linux system:<pre><code class="language-bash"> export PATH=$PWD/bin:$PATH
</code></pre></li><li>Install Istios core components. Choose one of the two <em><strong>mutually exclusive</strong></em> options below:</li></ol><p>a) Install Istio without enabling <a href="/v0.2/docs/concepts/security/mutual-tls.html">mutual TLS authentication</a> between sidecars. Choose this option for clusters with existing applications, applications where services with an Istio sidecar need to be able to communicate with other non-Istio Kubernetes services, and applications that use <a href="https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/">liveliness and readiness probes</a>, headless services, or StatefulSets.</p><pre><code class="language-bash"> kubectl apply -f install/kubernetes/istio.yaml
</code></pre><p><em><strong>OR</strong></em></p><p>b) Install Istio and enable <a href="/v0.2/docs/concepts/security/mutual-tls.html">mutual TLS authentication</a> between sidecars.:</p><pre><code class="language-bash"> kubectl apply -f install/kubernetes/istio-auth.yaml
</code></pre><p>Both options create the <code>istio-system</code> namespace along with the required RBAC permissions, and deploy Istio-Pilot, Istio-Mixer, Istio-Ingress, Istio-Egress, and Istio-CA (Certificate Authority).</p><ol><li><em>Optional:</em> If your cluster has Kubernetes alpha features enabled, and you wish to enable a <a href="/v0.2/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection">automatic injection of sidecar</a>, install the Istio-Initializer:<pre><code class="language-bash"> kubectl apply -f install/kubernetes/istio-initializer.yaml
</code></pre></li></ol><h2 id="verifying-the-installation">Verifying the installation</h2><ol><li>Ensure the following Kubernetes services are deployed: <code>istio-pilot</code>, <code>istio-mixer</code>, <code>istio-ingress</code>, <code>istio-egress</code>.<pre><code class="language-bash"> kubectl get svc -n istio-system
</code></pre><pre><code class="language-bash"> NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-egress 10.83.247.89 &lt;none&gt; 80/TCP 5h
istio-ingress 10.83.245.171 35.184.245.62 80:32730/TCP,443:30574/TCP 5h
istio-pilot 10.83.251.173 &lt;none&gt; 8080/TCP,8081/TCP 5h
istio-mixer 10.83.244.253 &lt;none&gt; 9091/TCP,9094/TCP,42422/TCP 5h
</code></pre><p>Note: If your cluster is running in an environment that does not support an external load balancer (e.g., minikube), the <code>EXTERNAL-IP</code> of <code>istio-ingress</code> says <code>&lt;pending&gt;</code>. You must access the application using the service NodePort, or use port-forwarding instead.</p></li><li>Ensure the corresponding Kubernetes pods are deployed and all containers are up and running: <code>istio-pilot-*</code>, <code>istio-mixer-*</code>, <code>istio-ingress-*</code>, <code>istio-egress-*</code>, <code>istio-ca-*</code>, and, optionally, <code>istio-initializer-*</code>.<pre><code class="language-bash"> kubectl get pods -n istio-system
</code></pre><pre><code class="language-bash"> istio-ca-3657790228-j21b9 1/1 Running 0 5h
istio-egress-1684034556-fhw89 1/1 Running 0 5h
istio-ingress-1842462111-j3vcs 1/1 Running 0 5h
istio-initializer-184129454-zdgf5 1/1 Running 0 5h
istio-pilot-2275554717-93c43 1/1 Running 0 5h
istio-mixer-2104784889-20rm8 2/2 Running 0 5h
</code></pre></li></ol><h2 id="deploy-your-application">Deploy your application</h2><p>You can now deploy your own application or one of the sample applications provided with the installation like <a href="/v0.2/docs/guides/bookinfo.html">BookInfo</a>. Note: the application must use HTTP/1.1 or HTTP/2.0 protocol for all its HTTP traffic because HTTP/1.0 is not supported.</p><p>If you started the <a href="/v0.2/docs/setup/kubernetes/sidecar-injection.html">Istio-Initializer</a>, as shown above, you can deploy the application directly using <code>kubectl create</code>. The Istio-Initializer will automatically inject Envoy containers into your application pods:</p><pre><code class="language-bash"> kubectl create -f &lt;your-app-spec&gt;.yaml
</code></pre><p>If you do not have the Istio-Initializer installed, you must use <a href="/v0.2/docs/reference/commands/istioctl.html#istioctl-kube-inject">istioctl kube-inject</a> to manuallly inject Envoy containers in your application pods before deploying them:</p><pre><code class="language-bash"> kubectl create -f &lt;(istioctl kube-inject -f &lt;your-app-spec&gt;.yaml)
</code></pre><h2 id="uninstalling">Uninstalling</h2><ul><li><p>Uninstall Istio initializer:</p><p>If you installed Istio with initializer enabled, uninstall it:</p><pre><code class="language-bash">kubectl delete -f install/kubernetes/istio-initializer.yaml
</code></pre></li><li><p>Uninstall Istio core components. For the 0.2 release, the uninstall deletes the RBAC permissions, the <code>istio-system</code> namespace, and hierarchically all resources under it. It is safe to ignore errors for non-existent resources because they may have been deleted hierarchically.</p><p>a) If you installed Istio with mutual TLS authentication disabled:</p><pre><code class="language-bash">kubectl delete -f install/kubernetes/istio.yaml
</code></pre><p><em><strong>OR</strong></em></p><p>b) If you installed Istio with mutual TLS authentication enabled:</p><pre><code class="language-bash">kubectl delete -f install/kubernetes/istio-auth.yaml
</code></pre></li></ul><h2 id="whats-next">Whats next</h2><ul><li><p>See the sample <a href="/v0.2/docs/guides/bookinfo.html">BookInfo</a> application.</p></li><li><p>See how to <a href="/v0.2/docs/tasks/security/mutual-tls.html">test Istio mutual TLS Authentication</a>.</p></li></ul></div></div></div></div></div></div><script src="/v0.2/js/sidemenu.js"></script><footer><div class="container"><div class="row"><div class="col-md-2"></div><div class="col-md-3 col-sm-4 col-xs-12 center-block"><ul class="toggle"><p class="header">Docs</p><li><a href="/v0.2/docs/">Welcome</a></li><li><a href="/v0.2/docs/concepts">Concepts</a></li><li><a href="/v0.2/docs/setup">Setup</a></li><li><a href="/v0.2/docs/tasks">Tasks</a></li><li><a href="/v0.2/docs/guides">Guides</a></li><li><a href="/v0.2/docs/reference">Reference</a></li></ul></div><hr class="footer-sections" /><div class="col-md-3 col-sm-4 col-xs-12 center-block"><ul class="toggle"><p class="header">Resources</p><li><a href="/v0.2/faq">Frequently Asked Questions</a></li><li><a href="/v0.2/troubleshooting">Troubleshooting Guide</a></li><li><a href="/v0.2/bugs">Report a Bug</a></li><li><a href="https://github.com/istio/istio.github.io/issues/new?title=Issue with _docs/setup/kubernetes/quick-start.md">Report a Doc Issue</a></li><li><a href="https://github.com/istio/istio.github.io/edit/master/_docs/setup/kubernetes/quick-start.md">Edit This Page on GitHub</a></li></ul></div><hr class="footer-sections" /><div class="col-md-3 col-sm-4 col-xs-12 center-block"><ul class="toggle"><p class="header">Community</p><li><a href="https://groups.google.com/forum/#!forum/istio-users" target="_blank"><span class="group">User</span></a> | <a href="https://groups.google.com/forum/#!forum/istio-dev" target="_blank">Dev</a> | <a href="https://github.com/istio/istio/blob/master/GROUPS.md#working-groups" target="_blank">Working Group Lists</a></li><li><a href="https://twitter.com/IstioMesh" target="_blank"><span class="twitter">Twitter</span></a></li><li><a href="https://github.com/istio/istio" target="_blank"><span class="github">GitHub</span></a></li></ul></div><div class="col-md-1"></div></div><div class="row"><p class="description small text-center"> Istio 0.2, Copyright &copy; 2017 Istio Authors<br> Archived on 12-Nov-2017</p></div></div></footer><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/jquery.validate.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery.form/4.2.1/jquery.form.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-visible/1.2.0/jquery.visible.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> <script src="/v0.2/js/common.js"></script> <script src="/v0.2/js/buttons.js"></script> <script src="/v0.2/js/search.js"></script> <script src="/v0.2/js/prism.js"></script></body></html>
Reference in New Issue View Git Blame Copy Permalink