HackMD
Istio Installation in Kubernetes
tags: ITRI, istio
Reference
- Official Website: Customizable Install with Helm
Installation
Go to the Istio release page to download the installation file.
# curl -L https://git.io/getLatestIstio | sh -
Move to the Istio package directory.
# cd istio-<version>
建立 service account for Tiller.
# kubectl apply -f install/kubernetes/helm/helm-service-account.yaml
serviceaccount/tiller unchanged
clusterrolebinding.rbac.authorization.k8s.io/tiller unchanged
Install Tiller on your cluster with the service account.
# helm init --service-account tiller
Install the istio-init chart to bootstrap all the Istio’s CRDs.
# helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system
Verify that all 23 Istio CRDs were committed to the Kubernetes api-server.
# kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l
23
Select a configuration profile and then install the istio chart corresponding to your chosen profile.
# helm install install/kubernetes/helm/istio --name istio --namespace istio-system
/* 省略 */
To get started running application with Istio, execute the following steps:
1. Label namespace that application object will be deployed to by the following command (take default namespace as an example)
$ kubectl label namespace default istio-injection=enabled
$ kubectl get namespace -L istio-injection
2. Deploy your applications
$ kubectl apply -f <your-application>.yaml
For more information on running Istio, visit:
https://istio.io/
According to the above hint, label default namespace with istio-injection.
# kubectl label namespace default istio-injection=enabled
# kubectl get namespace -L istio-injection
Verifying the installation
Verify Kubernetes services.
# kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-citadel ClusterIP 10.233.61.201 <none> 8060/TCP,15014/TCP 51m
istio-galley ClusterIP 10.233.24.133 <none> 443/TCP,15014/TCP,9901/TCP 51m
istio-ingressgateway LoadBalancer 10.233.37.102 <pending> 15020:32340/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:30264/TCP,15030:31190/TCP,15031:32531/TCP,15032:32067/TCP,15443:31502/TCP 51m
istio-pilot ClusterIP 10.233.0.162 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 51m
istio-policy ClusterIP 10.233.16.223 <none> 9091/TCP,15004/TCP,15014/TCP 51m
istio-sidecar-injector ClusterIP 10.233.35.237 <none> 443/TCP 51m
istio-telemetry ClusterIP 10.233.63.186 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 51m
Ensure the corresponding Kubernetes pods are deployed and have a STATUS of Running.
# kubectl get pods -n istio-system
# NAME READY STATUS RESTARTS AGE
istio-citadel-578df76b47-rlscm 1/1 Running 0 53m
istio-galley-7c996cbdd8-q9qjg 1/1 Running 0 53m
istio-ingressgateway-66f96b5c79-4zvvm 1/1 Running 0 53m
istio-init-crd-10-7ndcs 0/1 Completed 0 53m
istio-init-crd-11-bhx6l 0/1 Completed 0 53m
istio-init-crd-12-kjz92 0/1 Completed 0 53m
istio-pilot-86c5944b94-xnl5f 2/2 Running 0 53m
istio-policy-757dc76657-kcbl4 2/2 Running 3 53m
istio-sidecar-injector-fc58d99f-fnms2 1/1 Running 0 53m
istio-telemetry-5c7fb7cff5-kk787 2/2 Running 3 53m
