istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/content/docs/setup/kubernetes/helm-install/index.md

5.5 KiB
Raw Blame History

title description weight keywords aliases icon
Installation with Helm Install Istio with the included Helm chart. 20
kubernetes
helm
/docs/setup/kubernetes/helm.html
/docs/tasks/integrating-services-into-istio.html
helm

Quick start instructions for the setup and configuration of Istio using Helm. This is the recommended install method for installing Istio to your production environment as it offers rich customization to the Istio control plane and the sidecars for the Istio data plane.

Prerequisites

  1. Download the Istio release.

  2. Perform any necessary platform-specific setup.

  3. Check the Requirements for Pods and Services on Pods and Services.

  4. Install the Helm client.

  5. Istio by default uses LoadBalancer service object types. Some platforms do not support LoadBalancer service objects. For platforms lacking LoadBalancer support, install Istio with NodePort support instead with the flags --set gateways.istio-ingressgateway.type=NodePort --set gateways.istio-egressgateway.type=NodePort appended to the end of the Helm operation.

Installation steps

The following commands have relative references in the Istio directory. You must execute the commands in Istio's root directory.

  1. Update Helm's dependencies:

    {{< text bash >}} $ helm repo add istio.io "https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts" $ helm dep update install/kubernetes/helm/istio {{< /text >}}

  2. Choose one of the following two mutually exclusive options described below.

    To customize Istio and install addons, use the --set <key>=<value> option in the helm template or install command. Installation Options references supported installation key and value pairs.

Option 1: Install with Helm via helm template

  1. Install all the Istio's Custom Resource Definitions or CRDs for short via kubectl apply, and wait a few seconds for the CRDs to be committed to the Kubernetes API server:

    {{< text bash >}} $ for i in install/kubernetes/helm/istio-init/files/crd*yaml; do kubectl apply -f $i; done {{< /text >}}

  2. Render Istio's core components to a Kubernetes manifest called istio.yaml:

    {{< text bash >}} $ cat @install/kubernetes/namespace.yaml@ > $HOME/istio.yaml $ helm template install/kubernetes/helm/istio --name istio --namespace istio-system >> $HOME/istio.yaml {{< /text >}}

    If you want to enable global mutual TLS, set global.mtls.enabled to true for the last command:

    {{< text bash >}} $ helm template install/kubernetes/helm/istio --name istio --namespace istio-system --set global.mtls.enabled=true > $HOME/istio.yaml {{< /text >}}

  3. Install the components via the manifest:

    {{< text bash >}} $ kubectl apply -f $HOME/istio.yaml {{< /text >}}

Option 2: Install with Helm and Tiller via helm install

This option allows Helm and Tiller to manage the lifecycle of Istio.

  1. If a service account has not already been installed for Tiller, install one:

    {{< text bash >}} $ kubectl apply -f @install/kubernetes/helm/helm-service-account.yaml@ {{< /text >}}

  2. Install Tiller on your cluster with the service account:

    {{< text bash >}} $ helm init --service-account tiller {{< /text >}}

  3. Install the istio-init chart to bootstrap all the Istio's CRDs:

    {{< text bash >}} $ helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system {{< /text >}}

  4. Verify all the Istio's CRDs have been committed to the Kubernetes API server by checking all the CRD creation jobs complete with success:

    {{< text bash >}} $ kubectl get job --namespace istio-system | grep istio-crd {{< /text >}}

  5. Install the istio chart:

    {{< text bash >}} $ helm install install/kubernetes/helm/istio --name istio --namespace istio-system {{< /text >}}

    If you want to enable global mutual TLS, set global.mtls.enabled to true:

    {{< text bash >}} $ helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set global.mtls.enabled=true {{< /text >}}

Uninstall

  • For option 1, uninstall using kubectl:

    {{< text bash >}} $ kubectl delete -f $HOME/istio.yaml {{< /text >}}

  • For option 2, uninstall using Helm:

Uninstalling this chart does not delete Istio's registered CRDs. Istio by design expects CRDs to leak into the Kubernetes environment. As CRDs contain all runtime configuration data in custom resources the Istio designers feel it is better to explicitly delete this configuration rather then unexpectedly lose it.

{{< text bash >}}
$ helm delete --purge istio
$ helm delete --purge istio-init
{{< /text >}}
  • If desired, run the following command to delete all CRDs:

{{< warning_icon >}} Deleting CRDs will delete any configuration changes that you have made to Istio.

{{< text bash >}}
$ for i in install install/kubernetes/helm/istio-init/files/crd*yaml; do kubectl delete -f $i; done
{{< /text >}}