search
CommunityLicense

Istio

Istio Setup

Istio is a power traffic mesh management tool. It also provides an ingress gateway for the Kubernetes cluster.

hashtag
Installation

hashtag
Operator Setup

  • The following setup can be done from the client machine. This installs Istio Operator, Istio Service Mesh, Istio Ingressgateway components.

  • From kubernetes/istioarrow-up-right directory, run;

    istioctl operator init
kubectl apply -f istio-operator.yaml

    • Wait for istiod and ingressgateway pods to start.

  • Or, for Rancher cluster, run:

    kubectl apply -f istio-operator-no-ingress.yaml

    • Wait for istiod to start and ingressgateway pods to get deleted if any.

    • Run the following:

      kubectl apply -f istio-ef-spdy-upgrade.yaml

hashtag
Namespace Setup

(Skip this section for Rancher cluster)

Once the above Operator setup is done, gateways need to be set up on each namespace. This assumes that the namespace (and relevant Rancher project) are created.

  • Edit and run this to define the variables:

  • Run this apply gateways

hashtag
Multiple ingress gateways

By default the installation scripts enable two Istio Ingress gateways - public and private. The public gateway is disabled by default. You may enable the same while opening up services to the public by following the steps given below. To create more private gateways, refer here.

circle-exclamation

Having only one private gateway implies that all users can open URLs in all namespaces. Access control to services may be accomplished by authentication/authorization of the respective services via Keycloak

hashtag
Enabling public gateway

TBD.

hashtag
Creating private gateways

TBD.

PreviousFirewallNextAdding Nodes to Cluster

Last updated

Was this helpful?