Azure
Follow these instructions to prepare an Azure cluster for Istio.
Azure offers a managed control plane add-on for the Azure Kubernetes Service (AKS), which you can use instead of installing Istio manually. Please refer to Deploy Istio-based service mesh add-on for Azure Kubernetes Service for details and instructions.
You can deploy a Kubernetes cluster to Azure via AKS or AKS-Engine (DEPRECATED) which fully supports Istio.
AKS
You can create an AKS cluster via the az cli or the Azure portal.
For the az
cli option, complete az login
authentication OR use cloud shell, then run the following commands below.
Determine the desired region name which supports AKS
$ az provider list --query "[?namespace=='Microsoft.ContainerService'].resourceTypes[] | [?resourceType=='managedClusters'].locations[]" -o tsv
Verify the supported Kubernetes versions for the desired region
Replace
my location
using the desired region value from the above step, and then execute:$ az aks get-versions --location "my location" --query "orchestrators[].orchestratorVersion"
At the time of this document update, the minimum supported AKS Kubernetes version is 1.24.9
Create the resource group and deploy the AKS cluster
Replace
myResourceGroup
andmyAKSCluster
with desired names,my location
using the value from step 1,1.10.5
if not supported in the region, and then execute:$ az group create --name myResourceGroup --location "my location"
$ az aks create --resource-group myResourceGroup --name myAKSCluster --node-count 3 --kubernetes-version 1.10.5 --generate-ssh-keys
Get the AKS
kubeconfig
credentialsReplace
myResourceGroup
andmyAKSCluster
with the names from the previous step and execute:$ az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
AKS-Engine
The AKS Engine project is deprecated for Azure public cloud customers. Please consider using Azure Kubernetes Service (AKS) with the Istio add-on for managed Kubernetes or Cluster API Provider Azure for self-managed Kubernetes.
Follow the instructions to get and install the
aks-engine
binary.Download the
aks-engine
API model definition that supports deploying Istio:$ wget https://raw.githubusercontent.com/Azure/aks-engine/master/examples/service-mesh/istio.json
Note: It is possible to use other API model definitions which will work with Istio. The
MutatingAdmissionWebhook
andValidatingAdmissionWebhook
admission control flags and RBAC are enabled by default. See aks-engine API model default values for further information.Deploy your cluster using the
istio.json
template. You can find references to the parameters in the official docs.Parameter Expected value subscription_id
Azure Subscription Id dns_prefix
Cluster DNS Prefix location
Cluster Location $ aks-engine deploy --subscription-id <subscription_id> \
--dns-prefix <dns_prefix> --location <location> --auto-suffix \
--api-model istio.json
After a few minutes, you can find your cluster on your Azure subscription in a resource group called
<dns_prefix>-<id>
. Assumingdns_prefix
has the valuemyclustername
, a valid resource group with a unique cluster ID ismycluster-5adfba82
. Theaks-engine
generates yourkubeconfig
file in the_output
folder.Use the
<dns_prefix>-<id>
cluster ID, to copy yourkubeconfig
to your machine from the_output
folder:$ cp \_output/<dns_prefix>-<id>/kubeconfig/kubeconfig.<location>.json \
~/.kube/config
For example:
$ cp \_output/mycluster-5adfba82/kubeconfig/kubeconfig.westus2.json \
~/.kube/config