istio.io/index.md at 3239fa5cb770bc7fdc78d1613bd2aad77643a126

6.9 KiB

Raw Blame History

title: Installation with Helm description: Install Istio with the included Helm chart. weight: 20 keywords: [kubernetes,helm] aliases: - /docs/setup/kubernetes/helm.html - /docs/tasks/integrating-services-into-istio.html icon: helm

Quick start instructions for the setup and configuration of Istio using Helm. This is the recommended install method for installing Istio to your production environment as it offers rich customization to the Istio control plane and the sidecars for the Istio data plane.

Prerequisites

Perform any necessary platform-specific setup.
Check the Requirements for Pods and Services on Pods and Services.
Install a Helm client with a version higher than 2.10.
Istio by default uses LoadBalancer service object types. Some platforms do not support LoadBalancer service objects. For platforms lacking LoadBalancer support, install Istio with NodePort support instead with the flags --set gateways.istio-ingressgateway.type=NodePort --set gateways.istio-egressgateway.type=NodePort appended to the end of the Helm instructions in the installation steps below.

Installation steps

The following commands may be run from any directory. We use Helm to obtain the charts via a secure HTTPS endpoint hosted in Istio's infrastructure throughout this document.

{{< tip >}} The techniques in this document use Istio's daily build of Istio 1.1 Helm packages. These Helm charts may be slightly ahead of any particular snapshot as the project finishes the release candidates prior to 1.1 release. To use a snapshot-specific release, change the repo add URL to the appropriate snapshot. For example, if you want to run with snapshot 6, use the URL in installation step 1 below. {{< /tip >}}

Update Helm's local package cache with the location of the Helm daily release:

{{< text bash >}}

$ helm repo add istio.io "https://gcsweb.istio.io/gcs/istio-prerelease/daily-build/release-1.1-latest-daily/charts/"

{{< /text >}}
Choose one of the following two mutually exclusive options described below.
- To use Kubernetes manifests to deploy Istio, follow the instructions for option 1.
- To use Helm's Tiller pod to manage your Istio release, follow the instructions for option 2.
{{< tip >}} To customize Istio and install addons, use the --set <key>=<value> option in the helm template or install command. Installation Options references supported installation key and value pairs. {{< /tip >}}

Option 1: Install with Helm via `helm template`

Choose this option if your cluster doesn't have Tiller deployed and you don't want to install it.

Make an Istio working directory for fetching the charts:

{{< text bash >}}

$ mkdir -p $HOME/istio-fetch

{{< /text >}}
Fetch the helm templates needed for installation:

{{< text bash >}}

$ helm fetch istio.io/istio-init --untar --untardir $HOME/istio-fetch $ helm fetch istio.io/istio --untar --untardir $HOME/istio-fetch

{{< /text >}}
Create a namespace for the istio-system components:

{{< text bash >}}

$ kubectl create namespace istio-system

{{< /text >}}
Install all the Istio's Custom Resource Definitions or CRDs for short via kubectl apply, and wait a few seconds for the CRDs to be committed to the Kubernetes API server:

{{< text bash >}}

$ helm template $HOME/istio-fetch/istio-init --name istio-init --namespace istio-system | kubectl apply -f -

{{< /text >}}
Render and apply Istio's core components:

{{< text bash >}}

$ helm template $HOME/istio-fetch/istio --name istio --namespace istio-system | kubectl apply -f -

{{< /text >}}
Uninstall steps:

{{< text bash >}}

$ kubectl delete namespace istio-system

{{< /text >}}
If desired, run the following command to delete all CRDs:

{{< warning >}} Deleting CRDs permanently deletes any configuration changes that you have made to Istio. {{< /warning >}}

{{< text bash >}}

$ kubectl delete -f $HOME/istio-fetch/istio-init/files

{{< /text >}}

Option 2: Install with Helm and Tiller via `helm install`

This option allows Helm and Tiller to manage the lifecycle of Istio.

If a service account has not already been installed for Tiller, install one:

{{< text bash >}}

$ kubectl apply -f @install/kubernetes/helm/helm-service-account.yaml@

{{< /text >}}
Install Tiller on your cluster with the service account:

{{< text bash >}}

$ helm init --service-account tiller

{{< /text >}}
Install the istio-init chart to bootstrap all the Istio's CRDs:

{{< text bash >}}

$ helm install istio.io/istio-init --name istio-init --namespace istio-system

{{< /text >}}
To verify all Istio's CRDs were committed in the Kubernetes api-server, check that all CRDs that Istio uses are instantiated. Verify that the number of total CRDs created was 56 for Istio:

{{< text bash >}}

$ kubectl get crds | grep 'istio.io|certmanager.k8s.io' | wc -l

{{< /text >}}
Install the istio chart:

{{< text bash >}}

$ helm install istio --name istio --namespace istio-system

{{< /text >}}
Uninstall steps:

{{< text bash >}}

$ helm delete --purge istio $ helm delete --purge istio-init

{{< /text >}}

Deleting CRDs and Istio Configuration

{{< tip >}} Istio, by design, expects Istio's Custom Resources contained within CRDs to leak into the Kubernetes environment. CRDs contain the runtime configuration set by the operator. Because of this, we consider it better for operators to explicitly delete the runtime configuration data rather than unexpectedly lose it. {{< /tip >}}

{{< warning >}} Deleting CRDs permanently deletes any configuration changes that you have made to Istio. {{< /warning >}}

{{< tip >}} The istio-init chart contains all raw CRDs in the istio-init/ifiles directory. After fetching this chart, you can simply delete the CRDs using kubectl. {{< /tip >}}

To permanently delete Istio's CRDs and all Istio configuration:

{{< text bash >}}

$ mkdir -p $HOME/istio-fetch $ helm fetch istio.io/istio-init --untar --untardir $HOME/istio-fetch $ kubectl delete -f $HOME/istio-fetch/istio-init/files

{{< /text >}}

6.9 KiB Raw Blame History