istio.io/index.md at 5e89d73d81406993c14bb80f8271bf7c3d2da992

17 KiB

Raw Blame History

title

description

weight

aliases

keywords

owner

test

Getting Started

Try Istio’s features quickly and easily.

/docs/setup/kubernetes/getting-started/

/docs/setup/kubernetes/

/docs/setup/kubernetes/install/kubernetes/

getting-started

install

bookinfo

quick-start

kubernetes

istio/wg-environments-maintainers

yes

{{< tip >}} Istio intends to make the Kubernetes Gateway API the default API for traffic management in the future. Although the Gateway API is currently a beta feature in Istio you can still get started with Istio using the future API if you prefer. Refer to the future getting started instructions instead of the following. {{< /tip >}}

This guide lets you quickly evaluate Istio. If you are already familiar with Istio or interested in installing other configuration profiles or advanced deployment models, refer to our which Istio installation method should I use? FAQ page.

These steps require you to have a {{< gloss >}}cluster{{< /gloss >}} running a supported version of Kubernetes ({{< supported_kubernetes_versions >}}). You can use any supported platform, for example Minikube or others specified by the platform-specific setup instructions.

Follow these steps to get started with Istio:

Download and install Istio
Deploy the sample application
Open the application to outside traffic
View the dashboard

Download Istio

Go to the [Istio release]({{< istio_release_url >}}) page to download the installation file for your OS, or download and extract the latest release automatically (Linux or macOS):

{{< text bash >}} $ curl -L https://istio.io/downloadIstio | sh - {{< /text >}}

{{< tip >}} The command above downloads the latest release (numerically) of Istio. You can pass variables on the command line to download a specific version or to override the processor architecture. For example, to download Istio {{< istio_full_version >}} for the x86_64 architecture, run:

{{< text bash >}} $ curl -L https://istio.io/downloadIstio | ISTIO_VERSION={{< istio_full_version >}} TARGET_ARCH=x86_64 sh - {{< /text >}}

{{< /tip >}}
Move to the Istio package directory. For example, if the package is istio-{{< istio_full_version >}}:

{{< text syntax=bash snip_id=none >}} $ cd istio-{{< istio_full_version >}} {{< /text >}}

The installation directory contains:
- Sample applications in samples/
- The istioctl client binary in the bin/ directory.
Add the istioctl client to your path (Linux or macOS):

{{< text bash >}} $ export PATH=$PWD/bin:$PATH {{< /text >}}

Install Istio

For this installation, we use the demo configuration profile. It's selected to have a good set of defaults for testing, but there are other profiles for production or performance testing.

{{< warning >}} If your platform has a vendor-specific configuration profile, e.g., Openshift, use it in the following command, instead of the demo profile. Refer to your platform instructions for details. {{< /warning >}}

{{< text bash >}} $ istioctl install --set profile=demo -y ✔ Istio core installed ✔ Istiod installed ✔ Egress gateways installed ✔ Ingress gateways installed ✔ Installation complete {{< /text >}}
Add a namespace label to instruct Istio to automatically inject Envoy sidecar proxies when you deploy your application later:

{{< text bash >}} $ kubectl label namespace default istio-injection=enabled namespace/default labeled {{< /text >}}

Deploy the sample application

Deploy the Bookinfo sample application:

{{< text bash >}} $ kubectl apply -f @samples/bookinfo/platform/kube/bookinfo.yaml@ service/details created serviceaccount/bookinfo-details created deployment.apps/details-v1 created service/ratings created serviceaccount/bookinfo-ratings created deployment.apps/ratings-v1 created service/reviews created serviceaccount/bookinfo-reviews created deployment.apps/reviews-v1 created deployment.apps/reviews-v2 created deployment.apps/reviews-v3 created service/productpage created serviceaccount/bookinfo-productpage created deployment.apps/productpage-v1 created {{< /text >}}
The application will start. As each pod becomes ready, the Istio sidecar will be deployed along with it.

{{< text bash >}} $ kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE details ClusterIP 10.0.0.212 9080/TCP 29s kubernetes ClusterIP 10.0.0.1 443/TCP 25m productpage ClusterIP 10.0.0.57 9080/TCP 28s ratings ClusterIP 10.0.0.33 9080/TCP 29s reviews ClusterIP 10.0.0.28 9080/TCP 29s {{< /text >}}

and

{{< text bash >}} $ kubectl get pods NAME READY STATUS RESTARTS AGE details-v1-558b8b4b76-2llld 2/2 Running 0 2m41s productpage-v1-6987489c74-lpkgl 2/2 Running 0 2m40s ratings-v1-7dc98c7588-vzftc 2/2 Running 0 2m41s reviews-v1-7f99cc4496-gdxfn 2/2 Running 0 2m41s reviews-v2-7d79d5bd5d-8zzqd 2/2 Running 0 2m41s reviews-v3-7dbcdcbc56-m8dph 2/2 Running 0 2m41s {{< /text >}}

{{< tip >}} Re-run the previous command and wait until all pods report READY 2/2 and STATUS Running before you go to the next step. This might take a few minutes depending on your platform. {{< /tip >}}
Verify everything is working correctly up to this point. Run this command to see if the app is running inside the cluster and serving HTML pages by checking for the page title in the response:

{{< text bash >}} kubectl exec "(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o ""
{{< /text >}}

Open the application to outside traffic

The Bookinfo application is deployed but not accessible from the outside. To make it accessible, you need to create an Istio Ingress Gateway, which maps a path to a route at the edge of your mesh.

Associate this application with the Istio gateway:

{{< text bash >}} $ kubectl apply -f @samples/bookinfo/networking/bookinfo-gateway.yaml@ gateway.networking.istio.io/bookinfo-gateway created virtualservice.networking.istio.io/bookinfo created {{< /text >}}
Ensure that there are no issues with the configuration:

{{< text bash >}} $ istioctl analyze ✔ No validation issues found when analyzing namespace: default. {{< /text >}}

Determining the ingress IP and ports

Follow these instructions to set the INGRESS_HOST and INGRESS_PORT variables for accessing the gateway. Use the tabs to choose the instructions for your chosen platform:

Run this command in a new terminal window to start a Minikube tunnel that sends traffic to your Istio Ingress Gateway. This will provide an external load balancer, EXTERNAL-IP, for service/istio-ingressgateway.

{{< text bash >}} $ minikube tunnel {{< /text >}}

Set the ingress host and ports:

{{< text bash >}} export INGRESS_HOST=(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}') export INGRESS_PORT=(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}') export SECURE_INGRESS_PORT=(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}') {{< /text >}}

Ensure an IP address and ports were successfully assigned to each environment variable:

{{< text bash >}} $ echo "$INGRESS_HOST" 127.0.0.1 {{< /text >}}

{{< text bash >}} $ echo "$INGRESS_PORT" 80 {{< /text >}}

{{< text bash >}} $ echo "$SECURE_INGRESS_PORT" 443 {{< /text >}}

Execute the following command to determine if your Kubernetes cluster is running in an environment that supports external load balancers:

{{< text bash >}} $ kubectl get svc istio-ingressgateway -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-ingressgateway LoadBalancer 172.21.109.129 130.211.10.121 80:31380/TCP,443:31390/TCP,31400:31400/TCP 17h {{< /text >}}

If the EXTERNAL-IP value is set, your environment has an external load balancer that you can use for the ingress gateway. If the EXTERNAL-IP value is <none> (or perpetually <pending>), your environment does not provide an external load balancer for the ingress gateway. In this case, you can access the gateway using the service's node port.

Choose the instructions corresponding to your environment:

Follow these instructions if you have determined that your environment has an external load balancer.

Set the ingress IP and ports:

{{< warning >}} In certain environments, the load balancer may be exposed using a host name, instead of an IP address. In this case, the ingress gateway's EXTERNAL-IP value will not be an IP address, but rather a host name, and the above command will have failed to set the INGRESS_HOST environment variable. Use the following command to correct the INGRESS_HOST value:

{{< text bash >}} export INGRESS_HOST=(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') {{< /text >}}

Follow these instructions if your environment does not have an external load balancer and choose a node port instead.

Set the ingress ports:

{{< text bash >}} export INGRESS_PORT=(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}') export SECURE_INGRESS_PORT=(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}') {{< /text >}}

GKE:

{{< text bash >}} $ export INGRESS_HOST=worker-node-address {{< /text >}}

You need to create firewall rules to allow the TCP traffic to the ingressgateway service's ports. Run the following commands to allow the traffic for the HTTP port, the secure port (HTTPS) or both:

{{< text bash >}} $ gcloud compute firewall-rules create allow-gateway-http --allow "tcp:$INGRESS_PORT" $ gcloud compute firewall-rules create allow-gateway-https --allow "tcp:$SECURE_INGRESS_PORT" {{< /text >}}

IBM Cloud Kubernetes Service:

{{< text bash >}} $ ibmcloud ks workers --cluster cluster-name-or-id $ export INGRESS_HOST=public-IP-of-one-of-the-worker-nodes {{< /text >}}

Docker For Desktop:

{{< text bash >}} $ export INGRESS_HOST=127.0.0.1 {{< /text >}}

Other environments:

{{< text bash >}} export INGRESS_HOST=(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}') {{< /text >}}

Set GATEWAY_URL:

{{< text bash >}} $ export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT {{< /text >}}
Ensure an IP address and port were successfully assigned to the environment variable:

{{< text bash >}} $ echo "$GATEWAY_URL" 192.168.99.100:32194 {{< /text >}}

Verify external access

Confirm that the Bookinfo application is accessible from outside by viewing the Bookinfo product page using a browser.

Run the following command to retrieve the external address of the Bookinfo application.

{{< text bash >}} $ echo "http://$GATEWAY_URL/productpage" {{< /text >}}
Paste the output from the previous command into your web browser and confirm that the Bookinfo product page is displayed.

View the dashboard

Istio integrates with several different telemetry applications. These can help you gain an understanding of the structure of your service mesh, display the topology of the mesh, and analyze the health of your mesh.

Use the following instructions to deploy the Kiali dashboard, along with Prometheus, Grafana, and Jaeger.

Install [Kiali and the other addons]({{< github_tree >}}/samples/addons) and wait for them to be deployed.

{{< text bash >}} $ kubectl apply -f samples/addons $ kubectl rollout status deployment/kiali -n istio-system Waiting for deployment "kiali" rollout to finish: 0 of 1 updated replicas are available... deployment "kiali" successfully rolled out {{< /text >}}

{{< tip >}} If there are errors trying to install the addons, try running the command again. There may be some timing issues which will be resolved when the command is run again. {{< /tip >}}
Access the Kiali dashboard.

{{< text bash >}} $ istioctl dashboard kiali {{< /text >}}
In the left navigation menu, select Graph and in the Namespace drop down, select default.

{{< tip >}} {{< boilerplate trace-generation >}} {{< /tip >}}

The Kiali dashboard shows an overview of your mesh with the relationships between the services in the Bookinfo sample application. It also provides filters to visualize the traffic flow.

{{< image link="./kiali-example2.png" caption="Kiali Dashboard" >}}

Next steps

Congratulations on completing the evaluation installation!

These tasks are a great place for beginners to further evaluate Istio's features using this demo installation:

Before you customize Istio for production use, see these resources:

Join the Istio community

We welcome you to ask questions and give us feedback by joining the Istio community.

Uninstall

To delete the Bookinfo sample application and its configuration, see Bookinfo cleanup.

The Istio uninstall deletes the RBAC permissions and all resources hierarchically under the istio-system namespace. It is safe to ignore errors for non-existent resources because they may have been deleted hierarchically.

{{< text bash >}} $ kubectl delete -f @samples/addons@ $ istioctl uninstall -y --purge {{< /text >}}

The istio-system namespace is not removed by default. If no longer needed, use the following command to remove it:

{{< text bash >}} $ kubectl delete namespace istio-system {{< /text >}}

The label to instruct Istio to automatically inject Envoy sidecar proxies is not removed by default. If no longer needed, use the following command to remove it:

{{< text bash >}} $ kubectl label namespace default istio-injection- {{< /text >}}

17 KiB Raw Blame History Unescape Escape