Istio

Istio Setup

Istio is a power traffic mesh management tool. It also provides an ingress gateway for the Kubernetes cluster.

Installation

Operator Setup

The following setup can be done from the client machine. This installs Istio Operator, Istio Service Mesh, Istio Ingressgateway components.
From kubernetes/istio directory, run;
```
istioctl operator init
kubectl apply -f istio-operator.yaml
```
- Wait for istiod and ingressgateway pods to start.
Or, for Rancher cluster, run:
```
kubectl apply -f istio-operator-no-ingress.yaml
```
- Wait for istiod to start and ingressgateway pods to get deleted if any.
- Run the following:
  kubectl apply -f istio-ef-spdy-upgrade.yaml

Namespace Setup

(Skip this section for Rancher cluster)

Once the above Operator setup is done, gateways need to be set up on each namespace. This assumes that the namespace (and relevant Rancher project) are created.

Edit and run this to define the variables:

export NS=dev
export WILDCARD_HOSTNAME='*.dev.your.org'

Run this apply gateways

envsubst < istio-gateway.yaml | kubectl apply -f -

Multiple ingress gateways

By default the installation scripts enable two Istio Ingress gateways - public and private. The public gateway is disabled by default. You may enable the same while opening up services to the public by following the steps given below. To create more private gateways, refer here.

Having only one private gateway implies that all users can open URLs in all namespaces. Access control to services may be accomplished by authentication/authorization of the respective services via Keycloak

Enabling public gateway

TBD.

Creating private gateways

TBD.

PreviousFirewall NextAdding Nodes to Cluster

Last updated 5 months ago