istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/_docs/tasks/installing-istio.md

6.3 KiB
Raw Blame History

title overview order layout type
Installing Istio This task shows you how to setup the Istio service mesh. 10 docs markdown

This page shows how to install and configure Istio in a Kubernetes cluster.

Prerequisites

  • The following instructions assume you have access to a Kubernetes cluster. To install Kubernetes locally, try minikube.

  • If you are using Google Container Engine, please make sure you are using static client certificates before fetching cluster credentials:

    gcloud config set container/use_client_certificate True
gcloud container clusters get-credentials <cluster-name> --zone <zone> --project <project-name>

  • Ensure the curl command is present.

Installing on an existing cluster

For the Alpha release, Istio must be installed in the same Kubernetes namespace as the applications. Instructions below will deploy Istio in the default namespace. They can be modified for deployment in a different namespace.

  1. Download and extract the istio installation files, or clone Istio's GitHub repository:

    git clone https://github.com/istio/istio

  2. Change directory to istio:

    cd istio

  3. Install Istio's core components (Istio-Manager, Mixer, Ingress-Controller, and Istio CA if auth is enabled):

    If you would like to disable Istio Auth:

    kubectl apply -f ./kubernetes/istio-15.yaml # for Kubernetes 1.5

    or

    kubectl apply -f ./kubernetes/istio-16.yaml # for Kubernetes 1.6 or later

    If you would like to enable Istio Auth (For more information, please see Istio Auth installation guide):

    kubectl apply -f ./kubernetes/istio-auth-15.yaml # for Kubernetes 1.5

    or

    kubectl apply -f ./kubernetes/istio-auth-16.yaml # for Kubernetes 1.6 or later

  4. Source the Istio configuration file:

    source istio.VERSION

  5. Download one of the istioctl client binaries corresponding to your OS: istioctl-osx, istioctl-win.exe, istioctl-linux, targeted at Mac, Windows or Linux users respectively. For example, run the following commands on a Mac system:

    curl ${ISTIOCTL_URL}/istioctl-osx > /usr/local/bin/istioctl
chmod +x /usr/local/bin/istioctl

    istioctl is needed to inject Envoy as a sidecar proxy. It also provides a convenient CLI for creating routing rules and policies. Note: If you already have a previously installed version of istioctl, make sure that it is compatible with the manager image used in istio.yaml. If in doubt, download again or add the --tag option when running istioctl kube-inject. Invoke istioctl kube-inject --help for more details.

  6. Optional: to view metrics collected by Mixer, install Prometheus, Grafana or ServiceGraph addons:

    kubectl apply -f ./kubernetes/addons/grafana.yaml
kubectl apply -f ./kubernetes/addons/prometheus.yaml
kubectl apply -f ./kubernetes/addons/servicegraph.yaml

    The Grafana image provided as part of this sample contains a built-in Istio dashboard that you can access from:

    http://<grafana-svc-external-IP>:3000/dashboard/db/istio-dashboard

    The addons yaml files contain services configured as type LoadBalancer. If services are deployed with type NodePort, start kubectl proxy, and edit Grafana's Istio-dashboard to use the proxy. Access Grafana via kubectl proxy:

    http://127.0.0.1:8001/api/v1/proxy/namespaces/default/services/grafana:3000/dashboard/db/istio-dashboard

Verifying the installation

  1. Ensure the following Kubernetes services were deployed: "istio-manager", "istio-mixer", and "istio-ingress".

    kubectl get svc
NAME                       CLUSTER-IP     EXTERNAL-IP     PORT(S)              AGE
istio-ingress              10.83.241.84   35.184.70.168   80:30583/TCP         39m
istio-manager              10.83.251.26   <none>          8080/TCP             39m
istio-mixer                10.83.242.1    <none>          9091/TCP,42422/TCP   39m

    Note that if your cluster is running in an environment that does not support an external loadbalancer (e.g., minikube), the EXTERNAL-IP will say <pending> and you will need to access the application using the service NodePort instead.

  2. Check the corresponding Kubernetes pods were deployed: "istio-manager-*", "istio-mixer-*", "istio-ingress-*" and "istio-ca-*" (if Istio Auth is enabled).

    kubectl get pods
NAME                                       READY     STATUS    RESTARTS   AGE
istio-ingress-594763772-j7jbz              1/1       Running   0          49m
istio-manager-373576132-p2t9k              1/1       Running   0          49m
istio-mixer-1154414227-56q3z               1/1       Running   0          49m
istio-ca-1726969296-9srv2                  1/1       Running   0          49m

Deploy your application

You can now deploy your own application or one of the Istio sample applications, for example bookinfo. Note that the application should use HTTP/1.1 or HTTP/2.0 protocol for all its HTTP traffic.

When deploying the application, use kube-inject to automatically inject Envoy containers in the pods running the services:

kubectl create -f <(istioctl kube-inject -f <your-app-spec>.yaml)

Uninstalling

  1. Uninstall Istio:

    If Istio has auth disabled:

    kubectl delete -f ./kubernetes/istio-16.yaml

    If Istio has auth enabled:

    kubectl delete -f ./kubernetes/istio-auth-16.yaml

  2. Delete the istioctl client:

    rm /usr/local/bin/istioctl

What's next