istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/content/en/docs/setup/platform-setup/azure/index.md

4.0 KiB
Raw Blame History

title description weight skip_seealso aliases keywords owner test
Azure Instructions to set up an Azure cluster for Istio. 10 true
/docs/setup/kubernetes/prepare/platform-setup/azure/
/docs/setup/kubernetes/platform-setup/azure/
platform-setup
azure
istio/wg-environments-maintainers no

Follow these instructions to prepare an Azure cluster for Istio.

{{< tip >}} Azure offers a {{< gloss >}}managed control plane{{< /gloss >}} add-on for the Azure Kubernetes Service (AKS), which you can use instead of installing Istio manually. Please refer to Deploy Istio-based service mesh add-on for Azure Kubernetes Service for details and instructions. {{< /tip >}}

You can deploy a Kubernetes cluster to Azure via AKS or Cluster API provider for Azure (CAPZ) for self-managed Kubernetes or AKS which fully supports Istio.

AKS

You can create an AKS cluster via numerous means such as the az cli, the Azure portal, az cli with Bicep, or Terraform

For the az cli option, complete az login authentication OR use cloud shell, then run the following commands below.

  1. Determine the desired region name which supports AKS

    {{< text bash >}} $ az provider list --query "[?namespace=='Microsoft.ContainerService'].resourceTypes[] | [?resourceType=='managedClusters'].locations[]" -o tsv {{< /text >}}

  2. Verify the supported Kubernetes versions for the desired region

    Replace my location using the desired region value from the above step, and then execute:

    {{< text bash >}} $ az aks get-versions --location "my location" --query "orchestrators[].orchestratorVersion" {{< /text >}}

  3. Create the resource group and deploy the AKS cluster

    Replace myResourceGroup and myAKSCluster with desired names, my location using the value from step 1, 1.28.3 if not supported in the region, and then execute:

    {{< text bash >}} $ az group create --name myResourceGroup --location "my location" $ az aks create --resource-group myResourceGroup --name myAKSCluster --node-count 3 --kubernetes-version 1.28.3 --generate-ssh-keys {{< /text >}}

  4. Get the AKS kubeconfig credentials

    Replace myResourceGroup and myAKSCluster with the names from the previous step and execute:

    {{< text bash >}} $ az aks get-credentials --resource-group myResourceGroup --name myAKSCluster {{< /text >}}

Using Gateway API with Azure

If you are using Gateway API with AKS, you might also need add the following configuration to the Gateway resource:

{{< text yaml >}} infrastructure: annotations: service.beta.kubernetes.io/port_<http[s] port>_health-probe_protocol: tcp {{< /text >}}

where <http[s] port> is the port number of your HTTP(S) listener. If you have multiple HTTP(S) listeners, you need to add an annotation for each listener. This annotation is required for Azure Load Balancer health checks to work when the / path does not respond with a 200.

For example, if you are following the Ingress Gateways example using Gateway API, you will need deploy the following Gateway instead:

{{< text bash >}} $ kubectl apply -f - <<EOF apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: httpbin-gateway spec: infrastructure: annotations: service.beta.kubernetes.io/port_80_health-probe_protocol: tcp gatewayClassName: istio listeners:

  • name: http hostname: "httpbin.example.com" port: 80 protocol: HTTP allowedRoutes: namespaces: from: Same EOF {{< /text >}}