istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/_docs/tasks/installing-istio.md

8.1 KiB
Raw Blame History

title overview order layout type
Installing Istio This task shows you how to setup the Istio service mesh. 10 docs markdown

{% include home.html %}

This page shows how to install and configure Istio in a Kubernetes cluster.

Prerequisites

  • The following instructions assume you have access to a Kubernetes cluster. To install Kubernetes locally, try minikube.

  • If you are using Google Container Engine, please make sure you are using static client certificates before fetching cluster credentials:

    gcloud config set container/use_client_certificate True
gcloud container clusters get-credentials <cluster-name> --zone <zone> --project <project-name>

  • Please install kubectl or upgrade to the latest version supported by your cluster.

  • Ensure the curl command is present.

Installing on an existing cluster

For the {{ site.data.istio.version }} release, Istio must be installed in the same Kubernetes namespace as the applications. Instructions below will deploy Istio in the default namespace. They can be modified for deployment in a different namespace.

  1. Go to istio release page, and download and extract the installation files istioctl.tar.gz and the source code.

  2. Change directory to install/kubernetes:

    cd install/kubernetes

  3. Determine if your cluster has RBAC enabled and find out the RBAC api version by running this command:

    kubectl api-versions | grep rbac

    • If the command displays an error, or does not display anything, it means the cluster does not support RBAC, and you can proceed to step 4.

    • If the command displays 'alpha' version, please apply istio-rbac-alpha.yaml configuration:

    kubectl apply -f istio-rbac-alpha.yaml
    • If the command displays 'beta' version, please apply istio-rbac-beta.yaml configuration:
    kubectl apply -f istio-rbac-beta.yaml

  4. Install Istio's core components (Istio-Manager, Mixer, Ingress-Controller, and Istio CA if auth is enabled):

    If you would like to disable Istio Auth:

    kubectl apply -f istio.yaml

    If you would like to enable Istio Auth (For more information, please see Istio Auth installation guide):

    kubectl apply -f istio-auth.yaml

  5. Source the Istio configuration file:

    source ../../istio.VERSION

  6. Use one of the istioctl client binaries corresponding to your OS: istioctl-osx, istioctl-win.exe, istioctl-linux, targeted at Mac, Windows or Linux users respectively. For example, run the following commands on a Mac system:

    curl -L https://github.com/istio/istio/releases/download/0.1.0/istioctl.tar.gz > istioctl-0.1.0.tar.gz
tar xvfz istioctl-0.1.0.tar.gz
cp osx/istioctl  /usr/local/bin/ # or anywhere in your $PATH

    istioctl is needed to inject Envoy as a sidecar proxy. It also provides a convenient CLI for creating routing rules and policies. Note: If you already have a previously installed version of istioctl, make sure that it is compatible with the manager image used in istio.yaml. If in doubt, download again or add the --tag option when running istioctl kube-inject. Invoke istioctl kube-inject --help for more details.

  7. Optional: to view metrics collected by Mixer, install Prometheus, Grafana or ServiceGraph addons.

    Note: The Prometheus addon is required for both Grafana and the ServiceGraph example. Install prometheus.yaml as well as either or both of the other addons.

    kubectl apply -f addons/grafana.yaml
kubectl apply -f addons/prometheus.yaml
kubectl apply -f addons/servicegraph.yaml

    The Grafana addon provides a dashboard visualization of the metrics by Mixer to a Prometheus instance.

    The simplest way to access the Istio dashboard is to configure port-forwarding for the grafana service, as follows:

    kubectl port-forward $(kubectl get pod -l app=grafana -o jsonpath='{.items[0].metadata.name}') 3000:3000

    Then open a web browser to http://localhost:3000/dashboard/db/istio-dashboard.

    The dashboard at that location should look something like the following:

    Grafana Istio Dashboard

    NOTE: In some deployment environments, it will be possible to access the dashboard directly (without the kubectl port-forward command). This is because the default addon configuration requests an external IP address for the grafana service.

    When applicable, the external IP address for the grafana service can be retrieved via:

    kubectl get services grafana

    With the EXTERNAL-IP returned from that command, the Istio dashboard can be reached at http://<EXTERNAL-IP>:3000/dashboard/db/istio-dashboard.

Verifying the installation

  1. Ensure the following Kubernetes services were deployed: "istio-manager", "istio-mixer", "istio-ingress", and "istio-egress".

    kubectl get svc

    NAME                       CLUSTER-IP     EXTERNAL-IP     PORT(S)              AGE
istio-egress               10.7.241.106   <none>          80/TCP               39m
istio-ingress              10.83.241.84   35.184.70.168   80:30583/TCP         39m
istio-manager              10.83.251.26   <none>          8080/TCP             39m
istio-mixer                10.83.242.1    <none>          9091/TCP,42422/TCP   39m

    Note that if your cluster is running in an environment that does not support an external loadbalancer (e.g., minikube), the EXTERNAL-IP will say <pending> and you will need to access the application using the service NodePort instead.

  2. Check the corresponding Kubernetes pods were deployed: "istio-manager-*", "istio-mixer-*", "istio-ingress-*", "istio-egress-*", and "istio-ca-*" (if Istio Auth is enabled).

    kubectl get pods

    NAME                                       READY     STATUS    RESTARTS   AGE
istio-egress-597320923-0szj8               1/1       Running   0          49m
istio-ingress-594763772-j7jbz              1/1       Running   0          49m
istio-manager-373576132-p2t9k              1/1       Running   0          49m
istio-mixer-1154414227-56q3z               1/1       Running   0          49m
istio-ca-1726969296-9srv2                  1/1       Running   0          49m

Deploy your application

You can now deploy your own application or one of the Istio sample applications, for example BookInfo. Note that the application should use HTTP/1.1 or HTTP/2.0 protocol for all its HTTP traffic.

When deploying the application, use kube-inject to automatically inject Envoy containers in the pods running the services:

kubectl create -f <(istioctl kube-inject -f <your-app-spec>.yaml)

Uninstalling

  1. Change directory to install/kubernetes:

    cd install/kubernetes

  2. Uninstall Istio:

    If Istio has auth disabled:

    kubectl delete -f istio.yaml

    If Istio has auth enabled:

    kubectl delete -f istio-auth.yaml

  3. If RBAC was installed, please uninstall it:

    kubectl delete -f istio-rbac-beta.yaml

    or

    kubectl delete -f istio-rbac-alpha.yaml

  4. Delete the istioctl client:

    rm /usr/local/bin/istioctl

What's next