Step 1: Download Istio
root@topgun01 [ ~ ]# curl -L <https://istio.io/downloadIstio> | ISTIO_VERSION=1.9.6 sh -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 102 100 102 0 0 375 0 --:--:-- --:--:-- --:--:-- 375
100 4573 100 4573 0 0 13732 0 --:--:-- --:--:-- --:--:-- 13732
Downloading istio-1.9.6 from <https://github.com/istio/istio/releases/download/1.9.6/istio-1.9.6-linux-amd64.tar.gz> ...
Istio 1.9.6 Download Complete!
Istio has been successfully downloaded into the istio-1.9.6 folder on your system.
Next Steps:
See <https://istio.io/latest/docs/setup/install/> to add Istio to your Kubernetes cluster.
To configure the istioctl client tool for your workstation,
add the /root/istio-1.9.6/bin directory to your environment path variable with:
export PATH="$PATH:/root/istio-1.9.6/bin"
Begin the Istio pre-installation check by running:
istioctl x precheck
Need more information? Visit <https://istio.io/latest/docs/setup/install/>
Step 2: Pre-Check and Move Istioctl to /usr/local/bin
root@topgun01 [ ~/istio-1.9.6 ]# ./bin/istioctl x precheck
Checking the cluster to make sure it is ready for Istio installation...
#1. Kubernetes-api
-----------------------
Can initialize the Kubernetes client.
Can query the Kubernetes API Server.
#2. Kubernetes-version
-----------------------
Istio is compatible with Kubernetes: v1.20.5+vmware.2.
#3. Istio-existence
-----------------------
Istio will be installed in the istio-system namespace.
#4. Kubernetes-setup
-----------------------
Can create necessary Kubernetes configurations: Namespace,ClusterRole,ClusterRoleBinding,CustomResourceDefinition,Role,ServiceAccount,Service,Deployments,ConfigMap.
#5. SideCar-Injector
-----------------------
This Kubernetes cluster supports automatic sidecar injection. To enable automatic sidecar injection see <https://istio.io/v1.9/docs/setup/additional-setup/sidecar-injection/#deploying-an-app>
-----------------------
Install Pre-Check passed! The cluster is ready for Istio installation.
root@topgun01 [ ~/istio-1.9.6/bin ]# cp istioctl /usr/local/bin
Step 3: Installation
root@topgun01 [ ~/istio-1.9.6 ]# istioctl install
This will install the Istio 1.9.6 profile with ["Istio core" "Istiod" "Ingress gateways"] components into the cluster. Proceed? (y/N) y
✔ Istio core installed
✔ Istiod installed
✔ Ingress gateways installed
✔ Installation complete root@topgun01 [ ~/istio-1.9.6 ]#
Step 4: Check the installation
root@topgun01 [ ~/istio-1.9.6 ]# k get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
avi-system ako-0 1/1 Running 0 4d1h
istio-system istio-ingressgateway-5b47bfbd5f-gvkfh 1/1 Running 0 4m48s
istio-system istiod-9f584c646-vwzwv 1/1 Running 0 5m6s
kube-system antrea-agent-2896s 2/2 Running 0 4d1h
kube-system antrea-agent-d7k68 2/2 Running 0 4d1h
kube-system antrea-controller-7b8f59b5d-8xvrn 1/1 Running 0 4d1h
kube-system coredns-68d49685bd-pdp54 1/1 Running 0 4d1h
kube-system coredns-68d49685bd-v6lxh 1/1 Running 0 4d1h
kube-system etcd-tkg-vmc-workload-c04-control-plane-c9cfn 1/1 Running 0 4d1h
kube-system kube-apiserver-tkg-vmc-workload-c04-control-plane-c9cfn 1/1 Running 0 4d1h
kube-system kube-controller-manager-tkg-vmc-workload-c04-control-plane-c9cfn 1/1 Running 0 4d1h
kube-system kube-proxy-l5w5q 1/1 Running 0 4d1h
kube-system kube-proxy-pcdcx 1/1 Running 0 4d1h
kube-system kube-scheduler-tkg-vmc-workload-c04-control-plane-c9cfn 1/1 Running 0 4d1h
kube-system kube-vip-tkg-vmc-workload-c04-control-plane-c9cfn 1/1 Running 0 4d1h
kube-system metrics-server-7887b69cd6-66mh9 1/1 Running 0 4d1h
kube-system vsphere-cloud-controller-manager-5pskv 1/1 Running 0 4d1h
kube-system vsphere-csi-controller-85d6fbd455-qj2lh 6/6 Running 0 4d1h
kube-system vsphere-csi-node-crx2s 3/3 Running 0 4d1h
kube-system vsphere-csi-node-k688g 3/3 Running 0 4d1h
pinniped-concierge pinniped-concierge-86d4f7bc4b-bc46s 1/1 Running 0 4d1h
pinniped-concierge pinniped-concierge-86d4f7bc4b-kb6lj 1/1 Running 0 4d1h
pinniped-concierge pinniped-concierge-kube-cert-agent-1cd94ff1 1/1 Running 0 4d1h
pinniped-supervisor pinniped-post-deploy-job-5xhr5 0/1 Completed 0 4d1h
tkg-system kapp-controller-556f567b47-r86mx 1/1 Running 0 4d1h
root@topgun01 [ ~/istio-1.9.6/samples/addons ]# k get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default adservice ClusterIP 100.206.152.77 <none> 9555/TCP 11m
default cartservice ClusterIP 100.206.221.167 <none> 7070/TCP 11m
default checkoutservice ClusterIP 100.206.128.114 <none> 5050/TCP 11m
default currencyservice ClusterIP 100.206.65.103 <none> 7000/TCP 11m
default emailservice ClusterIP 100.206.53.35 <none> 5000/TCP 11m
default frontend ClusterIP 100.206.163.222 <none> 80/TCP 11m
default frontend-external LoadBalancer 100.206.119.237 192.168.100.102 80:30373/TCP 11m
default kubernetes ClusterIP 100.206.0.1 <none> 443/TCP 4d1h
default paymentservice ClusterIP 100.206.207.170 <none> 50051/TCP 11m
default productcatalogservice ClusterIP 100.206.125.239 <none> 3550/TCP 11m
default recommendationservice ClusterIP 100.206.8.228 <none> 8080/TCP 11m
default redis-cart ClusterIP 100.206.85.38 <none> 6379/TCP 11m
default shippingservice ClusterIP 100.206.241.2 <none> 50051/TCP 11m
istio-system grafana ClusterIP 100.206.55.214 <none> 3000/TCP 8m58s
istio-system istio-ingressgateway LoadBalancer 100.206.211.147 192.168.100.101 15021:31648/TCP,80:32717/TCP,443:30040/TCP,15012:32163/TCP,15443:30626/TCP 24m
istio-system istiod ClusterIP 100.206.165.22 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 24m
istio-system kiali ClusterIP 100.206.83.167 <none> 20001/TCP,9090/TCP 9m23s
istio-system prometheus ClusterIP 100.206.107.73 <none> 9090/TCP 9m6s
kube-system antrea ClusterIP 100.206.192.171 <none> 443/TCP 4d1h
kube-system cloud-controller-manager NodePort 100.206.69.21 <none> 443:30424/TCP 4d1h
kube-system kube-dns ClusterIP 100.206.0.10 <none> 53/UDP,53/TCP,9153/TCP 4d1h
kube-system metrics-server ClusterIP 100.206.83.94 <none> 443/TCP 4d1h
pinniped-concierge pinniped-concierge-api ClusterIP 100.206.112.92 <none> 443/TCP
Step 5: Enable Istio injection
root@topgun01 [ ~/istio-1.9.6 ]# kubectl label namespace default istio-injection=enabled
namespace/default labeled
Step 6: Download Demo Application and Install Demo Application
wget <https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/master/release/istio-manifests.yaml>
wget <https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/master/release/kubernetes-manifests.yaml>
root@topgun01 [ ~/microsdemo ]# ls
istio-manifests.yaml kubernetes-manifests.yaml
root@topgun01 [ ~/microsdemo ]# cd ..
root@topgun01 [ ~ ]# k create -f ./microsdemo/
gateway.networking.istio.io/frontend-gateway created
virtualservice.networking.istio.io/frontend-ingress created
serviceentry.networking.istio.io/allow-egress-googleapis created
serviceentry.networking.istio.io/allow-egress-google-metadata created
virtualservice.networking.istio.io/frontend created
deployment.apps/emailservice created
service/emailservice created
deployment.apps/checkoutservice created
service/checkoutservice created
deployment.apps/recommendationservice created
service/recommendationservice created
deployment.apps/frontend created
service/frontend created
service/frontend-external created
deployment.apps/paymentservice created
service/paymentservice created
deployment.apps/productcatalogservice created
service/productcatalogservice created
deployment.apps/cartservice created
service/cartservice created
deployment.apps/loadgenerator created
deployment.apps/currencyservice created
service/currencyservice created
deployment.apps/shippingservice created
service/shippingservice created
deployment.apps/redis-cart created
service/redis-cart created
deployment.apps/adservice created
service/adservice created
Step 7: Install Add-on
root@topgun01 [ ~/istio-1.9.6/samples/addons ]# k create -f kiali.yaml
Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
customresourcedefinition.apiextensions.k8s.io/monitoringdashboards.monitoring.kiali.io created
serviceaccount/kiali created
configmap/kiali created
clusterrole.rbac.authorization.k8s.io/kiali-viewer created
clusterrole.rbac.authorization.k8s.io/kiali created
clusterrolebinding.rbac.authorization.k8s.io/kiali created
role.rbac.authorization.k8s.io/kiali-controlplane created
rolebinding.rbac.authorization.k8s.io/kiali-controlplane created
service/kiali created
deployment.apps/kiali created
monitoringdashboard.monitoring.kiali.io/envoy created
monitoringdashboard.monitoring.kiali.io/go created
monitoringdashboard.monitoring.kiali.io/kiali created
monitoringdashboard.monitoring.kiali.io/micrometer-1.0.6-jvm-pool created
monitoringdashboard.monitoring.kiali.io/micrometer-1.0.6-jvm created
monitoringdashboard.monitoring.kiali.io/micrometer-1.1-jvm created
monitoringdashboard.monitoring.kiali.io/microprofile-1.1 created
monitoringdashboard.monitoring.kiali.io/microprofile-x.y created
monitoringdashboard.monitoring.kiali.io/nodejs created
monitoringdashboard.monitoring.kiali.io/quarkus created
monitoringdashboard.monitoring.kiali.io/springboot-jvm-pool created
monitoringdashboard.monitoring.kiali.io/springboot-jvm created
monitoringdashboard.monitoring.kiali.io/springboot-tomcat created
monitoringdashboard.monitoring.kiali.io/thorntail created
monitoringdashboard.monitoring.kiali.io/tomcat created
monitoringdashboard.monitoring.kiali.io/vertx-client created
monitoringdashboard.monitoring.kiali.io/vertx-eventbus created
monitoringdashboard.monitoring.kiali.io/vertx-jvm created
monitoringdashboard.monitoring.kiali.io/vertx-pool created
monitoringdashboard.monitoring.kiali.io/vertx-server created
root@topgun01 [ ~/istio-1.9.6/samples/addons ]# k create -f prometheus.yaml
serviceaccount/prometheus created
configmap/prometheus created
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created
service/prometheus created
deployment.apps/prometheus created
root@topgun01 [ ~/istio-1.9.6/samples/addons ]# k create -f grafana.yaml
serviceaccount/grafana created
configmap/grafana created
service/grafana created
deployment.apps/grafana created
configmap/istio-grafana-dashboards created
configmap/istio-services-grafana-dashboards created
root@topgun01 [ ~/istio-1.9.6/samples/addons ]# k create -f jaeger.yaml
deployment.apps/jaeger created
service/tracing created
service/zipkin created
service/jaeger-collector created
Step 8: istioctl verify-install
root@topgun01 [ ~/istio-1.9.6/samples/addons ]# istioctl verify-install
1 Istio control planes detected, checking --revision "default" only
✔ HorizontalPodAutoscaler: istio-ingressgateway.istio-system checked successfully
✔ Deployment: istio-ingressgateway.istio-system checked successfully
✔ PodDisruptionBudget: istio-ingressgateway.istio-system checked successfully
✔ Role: istio-ingressgateway-sds.istio-system checked successfully
✔ RoleBinding: istio-ingressgateway-sds.istio-system checked successfully
✔ Service: istio-ingressgateway.istio-system checked successfully
✔ ServiceAccount: istio-ingressgateway-service-account.istio-system checked successfully
✔ ClusterRole: istiod-istio-system.istio-system checked successfully
✔ ClusterRole: istio-reader-istio-system.istio-system checked successfully
✔ ClusterRoleBinding: istio-reader-istio-system.istio-system checked successfully
✔ ClusterRoleBinding: istiod-istio-system.istio-system checked successfully
✔ Role: istiod-istio-system.istio-system checked successfully
✔ RoleBinding: istiod-istio-system.istio-system checked successfully
✔ ServiceAccount: istio-reader-service-account.istio-system checked successfully
✔ ServiceAccount: istiod-service-account.istio-system checked successfully
✔ ValidatingWebhookConfiguration: istiod-istio-system.istio-system checked successfully
✔ CustomResourceDefinition: destinationrules.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: envoyfilters.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: gateways.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: serviceentries.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: sidecars.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: virtualservices.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: workloadentries.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: workloadgroups.networking.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: authorizationpolicies.security.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: peerauthentications.security.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: requestauthentications.security.istio.io.istio-system checked successfully
✔ CustomResourceDefinition: istiooperators.install.istio.io.istio-system checked successfully
✔ HorizontalPodAutoscaler: istiod.istio-system checked successfully
✔ ConfigMap: istio.istio-system checked successfully
✔ Deployment: istiod.istio-system checked successfully
✔ ConfigMap: istio-sidecar-injector.istio-system checked successfully
✔ MutatingWebhookConfiguration: istio-sidecar-injector.istio-system checked successfully
✔ PodDisruptionBudget: istiod.istio-system checked successfully
✔ Service: istiod.istio-system checked successfully
✔ EnvoyFilter: metadata-exchange-1.8.istio-system checked successfully
✔ EnvoyFilter: tcp-metadata-exchange-1.8.istio-system checked successfully
✔ EnvoyFilter: stats-filter-1.8.istio-system checked successfully
✔ EnvoyFilter: tcp-stats-filter-1.8.istio-system checked successfully
✔ EnvoyFilter: metadata-exchange-1.9.istio-system checked successfully
✔ EnvoyFilter: tcp-metadata-exchange-1.9.istio-system checked successfully
✔ EnvoyFilter: stats-filter-1.9.istio-system checked successfully
✔ EnvoyFilter: tcp-stats-filter-1.9.istio-system checked successfully
Checked 12 custom resource definitions
Checked 2 Istio Deployments
✔ Istio is installed and verified successfully
root@topgun01 [ ~/istio-1.9.6/samples/addons ]# k get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
avi-system ako-0 1/1 Running 0 4d3h
default adservice-5844cffbd4-rtgzj 2/2 Running 0 130m
default cartservice-fdc659ddc-qq22n 2/2 Running 1 130m
default checkoutservice-64db75877d-65tc2 2/2 Running 0 130m
default currencyservice-9b7cdb45b-nrdtn 2/2 Running 0 130m
default emailservice-64d98b6f9d-bh57z 2/2 Running 0 130m
default frontend-76ff9556-qk7bj 2/2 Running 0 130m
default loadgenerator-589648f87f-jwtnq 2/2 Running 0 130m
default paymentservice-65bdf6757d-xbwdf 2/2 Running 0 130m
default productcatalogservice-5cd47f8cc8-st5nm 2/2 Running 0 130m
default recommendationservice-b75687c5b-kzh7c 2/2 Running 0 130m
default redis-cart-74594bd569-jgc96 2/2 Running 0 130m
default shippingservice-778554994-kkmjb 2/2 Running 0 130m
istio-system grafana-784c89f4cf-fssq2 1/1 Running 0 127m
istio-system istio-ingressgateway-5b47bfbd5f-gvkfh 1/1 Running 0 142m
istio-system istiod-9f584c646-vwzwv 1/1 Running 0 142m
istio-system jaeger-7f78b6fb65-5vxvq 1/1 Running 0 26s
istio-system kiali-dc84967d9-d6mjw 1/1 Running 0 127m
istio-system prometheus-7bfddb8dbf-4vksc 2/2 Running 0 127m
kube-system antrea-agent-2896s 2/2 Running 0 4d3h
kube-system antrea-agent-d7k68 2/2 Running 0 4d3h
kube-system antrea-agent-v8b5c 2/2 Running 0 124m
kube-system antrea-agent-z9dlp 2/2 Running 0 124m
kube-system antrea-controller-7b8f59b5d-8xvrn 1/1 Running 0 4d3h
kube-system coredns-68d49685bd-pdp54 1/1 Running 0 4d3h
kube-system coredns-68d49685bd-v6lxh 1/1 Running 0 4d3h
kube-system etcd-tkg-vmc-workload-c04-control-plane-c9cfn 1/1 Running 0 4d3h
kube-system kube-apiserver-tkg-vmc-workload-c04-control-plane-c9cfn 1/1 Running 0 4d3h
kube-system kube-controller-manager-tkg-vmc-workload-c04-control-plane-c9cfn 1/1 Running 0 4d3h
kube-system kube-proxy-l5w5q 1/1 Running 0 4d3h
kube-system kube-proxy-pbdpn 1/1 Running 0 124m
kube-system kube-proxy-pcdcx 1/1 Running 0 4d3h
kube-system kube-proxy-zjfb9 1/1 Running 0 124m
kube-system kube-scheduler-tkg-vmc-workload-c04-control-plane-c9cfn 1/1 Running 0 4d3h
kube-system kube-vip-tkg-vmc-workload-c04-control-plane-c9cfn 1/1 Running 0 4d3h
kube-system metrics-server-7887b69cd6-66mh9 1/1 Running 0 4d3h
kube-system vsphere-cloud-controller-manager-5pskv 1/1 Running 0 4d3h
kube-system vsphere-csi-controller-85d6fbd455-qj2lh 6/6 Running 0 4d3h
kube-system vsphere-csi-node-7h6dv 3/3 Running 0 124m
kube-system vsphere-csi-node-crx2s 3/3 Running 0 4d3h
kube-system vsphere-csi-node-dsbwq 3/3 Running 0 124m
kube-system vsphere-csi-node-k688g 3/3 Running 0 4d3h
pinniped-concierge pinniped-concierge-86d4f7bc4b-bc46s 1/1 Running 0 4d3h
pinniped-concierge pinniped-concierge-86d4f7bc4b-kb6lj 1/1 Running 0 4d3h
pinniped-concierge pinniped-concierge-kube-cert-agent-1cd94ff1 1/1 Running 0 4d3h
pinniped-supervisor pinniped-post-deploy-job-5xhr5 0/1 Completed 0 4d3h
tkg-system kapp-controller-556f567b47-r86mx 1/1 Running 0 4d3h
root@topgun01 [ ~/istio-1.9.6/samples/addons ]# k get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default adservice ClusterIP 100.206.152.77 <none> 9555/TCP 130m
default cartservice ClusterIP 100.206.221.167 <none> 7070/TCP 130m
default checkoutservice ClusterIP 100.206.128.114 <none> 5050/TCP 130m
default currencyservice ClusterIP 100.206.65.103 <none> 7000/TCP 130m
default emailservice ClusterIP 100.206.53.35 <none> 5000/TCP 130m
default frontend ClusterIP 100.206.163.222 <none> 80/TCP 130m
default frontend-external LoadBalancer 100.206.119.237 192.168.100.102 80:30373/TCP 130m
default kubernetes ClusterIP 100.206.0.1 <none> 443/TCP 4d3h
default paymentservice ClusterIP 100.206.207.170 <none> 50051/TCP 130m
default productcatalogservice ClusterIP 100.206.125.239 <none> 3550/TCP 130m
default recommendationservice ClusterIP 100.206.8.228 <none> 8080/TCP 130m
default redis-cart ClusterIP 100.206.85.38 <none> 6379/TCP 130m
default shippingservice ClusterIP 100.206.241.2 <none> 50051/TCP 130m
istio-system grafana ClusterIP 100.206.55.214 <none> 3000/TCP 127m
istio-system istio-ingressgateway LoadBalancer 100.206.211.147 192.168.100.101 15021:31648/TCP,80:32717/TCP,443:30040/TCP,15012:32163/TCP,15443:30626/TCP 142m
istio-system istiod ClusterIP 100.206.165.22 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 142m
istio-system jaeger-collector ClusterIP 100.206.53.254 <none> 14268/TCP,14250/TCP 32s
istio-system kiali ClusterIP 100.206.83.167 <none> 20001/TCP,9090/TCP 127m
istio-system prometheus ClusterIP 100.206.107.73 <none> 9090/TCP 127m
istio-system tracing ClusterIP 100.206.191.105 <none> 80/TCP 32s
istio-system zipkin ClusterIP 100.206.45.104 <none> 9411/TCP 32s
kube-system antrea ClusterIP 100.206.192.171 <none> 443/TCP 4d3h
kube-system cloud-controller-manager NodePort 100.206.69.21 <none> 443:30424/TCP 4d3h
kube-system kube-dns ClusterIP 100.206.0.10 <none> 53/UDP,53/TCP,9153/TCP 4d3h
kube-system metrics-server ClusterIP 100.206.83.94 <none> 443/TCP 4d3h
pinniped-concierge pinniped-concierge-api ClusterIP 100.206.112.92 <none> 443/TCP 4d3h
Step 9: Connect to Add-on
root@topgun01 [ ~ ]# istioctl dashboard --help
Access to Istio web UIs
Usage:
istioctl dashboard [flags]
istioctl dashboard [command]
Aliases:
dashboard, dash, d
Available Commands:
controlz Open ControlZ web UI
envoy Open Envoy admin web UI
grafana Open Grafana web UI
jaeger Open Jaeger web UI
kiali Open Kiali web UI
prometheus Open Prometheus web UI
zipkin Open Zipkin web UI
Flags:
--address string Address to listen on. Only accepts IP address or localhost as a value. When localhost is supplied, istioctl will try to bind on both 127.0.0.1 and ::1 and will fail if neither of these address are available to bind. (default "localhost")
--browser When --browser is supplied as false, istioctl dashboard will not open the browser. Default is true which means istioctl dashboard will always open a browser to view the dashboard. (default true)
-h, --help help for dashboard
-p, --port int Local port to listen to
Global Flags:
--context string The name of the kubeconfig context to use
-c, --kubeconfig string Kubernetes configuration file
-n, --namespace string Config namespace
Use "istioctl dashboard [command] --help" for more information about a command.
istioctl dashboard jaeger -p 14268 &
istioctl dashboard grafana -p 3000 &
istioctl dashboard kiali -p 20001 &
istioctl dashboard prometheus -p 9090