Deploy

Before dabbling into the installation of Istio, it is necessary to ensure that your Kubernetes cluster (only versions v1.9.0 and later are supported) is already deployed and that you have set up your local kubectl client appropriately. For instance, using minikube, you would need:

minikube start --memory=4096 --kubernetes-version=v1.11.1 --vm-driver=hyperkit

Downloading Istio

curl -L https://git.io/getLatestIstio | sh -
sudo apt-get install -y jq
ISTIO_VERSION=$(curl -L -s https://api.github.com/repos/istio/istio/releases/latest | jq -r .tag_name)
cd istio-${ISTIO_VERSION}
cp bin/istioctl /usr/local/bin

Deploying Istio Service

Initiating the Helm Tiller:

kubectl create -f install/kubernetes/helm/helm-service-account.yaml
helm init --service-account tiller

Then, deploy through Helm:

kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml
helm install install/kubernetes/helm/istio --name istio --namespace istio-system \
  --set ingress.enabled=true \
  --set gateways.enabled=true \
  --set galley.enabled=true \
  --set sidecarInjectorWebhook.enabled=true \
  --set mixer.enabled=true \
  --set prometheus.enabled=true \
  --set grafana.enabled=true \
  --set servicegraph.enabled=true \
  --set tracing.enabled=true \
  --set kiali.enabled=false

Upon completion, you can validate whether services within the isotio-system namespace are running properly:

$ kubectl -n istio-system get pod
$ kubectl -n istio-system get service

Mesh Extension

• The server to be connected must be accessible via IP to service endpoints within the mesh, which often requires support from VPN or VPC, or non-NAT and non-firewall blocked direct routes provided by container networks. There's no need for the server to access cluster IP addresses assigned by Kubernetes.

After deployment, applications can be registered with Istio, like so:

# istioctl register servicename machine-ip portname:port
$ istioctl -n onprem register mysql 1.2.3.4 3306
$ istioctl -n onprem register svc1 1.2.3.4 http:7000

Prometheus, Grafana, and Zipkin

Once all pods are up and running, these services can be accessed through NodePort, the external IP of the load balancing service, or kubectl proxy. For instance, to access through kubectl proxy, launch it first:

$ kubectl proxy

Then access Grafana at http://localhost:8001/api/v1/namespaces/istio-system/services/grafana:3000/proxy/, and ServiceGraph at http://localhost:8001/api/v1/namespaces/istio-system/services/servicegraph:8088/proxy/, which displays a diagram of the connections between services.

• /d3graph Provides a JSON serialization for D3 visualization.

• /graph Provides a generic JSON serialization.

You can access the Zipkin trace page at http://localhost:8001/api/v1/namespaces/istio-system/services/zipkin:9411/proxy/, and the Prometheus page at http://localhost:8001/api/v1/namespaces/istio-system/services/prometheus:9090/proxy/.