Standalone Operator Install [Experimental]

The following information describes an experimental feature, which is intendedfor evaluation purposes only.

This guide installs Istio using the standalone Istiooperator.The only dependencies required are a supported Kubernetes cluster and the kubectl command.

To install Istio for production use, we recommend installing with istioctlinstead.

Prerequisites

  1. $ kubectl apply -f https://istio.io/operator.yaml

This command runs the operator by creating the following resources in the istio-operator namespace:

  • The operator custom resource definition
  • The operator controller deployment
  • A service to access operator metrics
  • Necessary Istio operator RBAC rules

Install

To install the Istio demo configuration profileusing the operator, run the following command:

  1. $ kubectl apply -f - <<EOF
  2. apiVersion: install.istio.io/v1alpha2
  3. kind: IstioControlPlane
  4. metadata:
  5.   namespace: istio-operator
  6.   name: example-istiocontrolplane
  7. spec:
  8.   profile: demo
  9. EOF

The controller will detect the IstioControlPlane resource and then install the Istiocomponents corresponding to the specified (demo) configuration.

The Istio operator controller begins the process of installing Istio within 90 seconds ofthe creation of the IstioControlPlane resource. The Istio installation completes within 120seconds.

You can confirm the Istio control plane services have been deployed with the following commands:

  1. $ kubectl get svc -n istio-system
  2. NAME                     TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)                                                                                                                      AGE
  3. grafana                  ClusterIP      10.106.149.76    <none>          3000/TCP                                                                                                                     2m
  4. istio-citadel            ClusterIP      10.111.189.16    <none>          8060/TCP,15014/TCP                                                                                                           2m
  5. istio-egressgateway      ClusterIP      10.97.119.223    <none>          80/TCP,443/TCP,15443/TCP                                                                                                     2m
  6. istio-galley             ClusterIP      10.106.200.132   <none>          443/TCP,15014/TCP,9901/TCP,15019/TCP                                                                                         2m
  7. istio-ingressgateway     LoadBalancer   10.107.91.133    192.168.7.130   15020:30729/TCP,80:32583/TCP,443:30117/TCP,15029:30696/TCP,15030:31442/TCP,15031:30091/TCP,15032:31346/TCP,15443:30067/TCP   2m
  8. istio-pilot              ClusterIP      10.109.79.164    <none>          15010/TCP,15011/TCP,8080/TCP,15014/TCP                                                                                       2m
  9. istio-policy             ClusterIP      10.105.198.243   <none>          9091/TCP,15004/TCP,15014/TCP                                                                                                 2m
  10. istio-sidecar-injector   ClusterIP      10.107.11.188    <none>          443/TCP                                                                                                                      2m
  11. istio-telemetry          ClusterIP      10.104.68.42     <none>          9091/TCP,15004/TCP,15014/TCP,42422/TCP                                                                                       2m
  12. jaeger-agent             ClusterIP      None             <none>          5775/UDP,6831/UDP,6832/UDP                                                                                                   2m
  13. jaeger-collector         ClusterIP      10.109.110.61    <none>          14267/TCP,14268/TCP,14250/TCP                                                                                                2m
  14. jaeger-query             ClusterIP      10.97.1.46       <none>          16686/TCP                                                                                                                    2m
  15. kiali                    ClusterIP      10.99.4.200      <none>          20001/TCP                                                                                                                    2m
  16. prometheus               ClusterIP      10.99.185.175    <none>          9090/TCP                                                                                                                     2m
  17. tracing                  ClusterIP      10.104.66.2      <none>          9411/TCP                                                                                                                     2m
  18. zipkin                   ClusterIP      10.99.242.51     <none>          9411/TCP                                                                                                                     2m
  1. $ kubectl get pods -n istio-system
  2. NAME                                      READY   STATUS    RESTARTS   AGE
  3. grafana-5f798469fd-72hk6                  1/1     Running   0          1m
  4. istio-citadel-7dfd85d968-q2h5t            1/1     Running   0          1m
  5. istio-egressgateway-7f9b4f8b6b-nr889      1/1     Running   0          1m
  6. istio-galley-7474b7b86-jgc6h              1/1     Running   0          1m
  7. istio-ingressgateway-5d97687586-9v4sw     1/1     Running   0          1m
  8. istio-pilot-76dcbf686c-2z98w              1/1     Running   0          1m
  9. istio-policy-7f7f7758c5-h5x8z             1/1     Running   3          1m
  10. istio-sidecar-injector-7795bb5888-l5w6g   1/1     Running   0          1m
  11. istio-telemetry-7f5bfccf69-ld65r          1/1     Running   2          1m
  12. istio-tracing-cd67ddf8-w97mg              1/1     Running   0          1m
  13. kiali-7964898d8c-9gfs4                    1/1     Running   0          1m
  14. prometheus-586d4445c7-ctxlg               1/1     Running   0          1m

Update

Now, with the controller running, you can change the Istio configuration by editing or replacingthe IstioControlPlane resource. The controller will detect the change and respond by updatingthe Istio installation correspondingly.

For example, you can switch the installation to the defaultprofile with the following command:

  1. $ kubectl apply -f - <<EOF
  2. apiVersion: install.istio.io/v1alpha2
  3. kind: IstioControlPlane
  4. metadata:
  5.   namespace: istio-operator
  6.   name: example-istiocontrolplane
  7. spec:
  8.   profile: default
  9. EOF

You can also enable or disable specific features or components.For example, to disable the telemetry feature:

  1. $ kubectl apply -f - <<EOF
  2. apiVersion: install.istio.io/v1alpha2
  3. kind: IstioControlPlane
  4. metadata:
  5.   namespace: istio-operator
  6.   name: example-istiocontrolplane
  7. spec:
  8.   profile: default
  9.   telemetry:
  10.     enabled: false
  11. EOF

Refer to the IstioControlPlane APIfor the complete set of configuration settings.

Uninstall

Delete the Istio operator and Istio deployment:

  1. $ kubectl -n istio-operator get IstioControlPlane example-istiocontrolplane -o=json | jq '.metadata.finalizers = null' | kubectl delete -f -
  2. $ kubectl delete ns istio-operator --grace-period=0 --force
  3. $ kubectl delete ns istio-system --grace-period=0 --force

See also

DNS Certificate Management

Provision and manage DNS certificates in Istio.

Introducing the Istio Operator

Introduction to Istio's new operator-based installation and control plane management feature.

Secure Webhook Management

A more secure way to manage Istio webhooks.

Demystifying Istio's Sidecar Injection Model

De-mystify how Istio manages to plugin its data-plane components into an existing deployment.

Customizable Install with Helm

Install and configure Istio for in-depth evaluation or production use.

Customizable Install with Istioctl

Install and customize any Istio configuration profile for in-depth evaluation or production use.