Standalone Operator Install

    To install Istio for production use, we recommend installing with istioctl instead.

    1. Perform any necessary .

    2. Check the Requirements for Pods and Services.

    3. Install the .

    4. Deploy the Istio operator:

      This command runs the operator by creating the following resources in the istio-operator namespace:

      • The operator custom resource definition
      • The operator controller deployment
      • A service to access operator metrics
      • Necessary Istio operator RBAC rules

      See the available istioctl operator init flags to control which namespaces the controller and Istio are installed into and the installed Istio image sources and versions.

      You can alternatively deploy the operator using Helm:

      1. $ helm template manifests/charts/istio-operator/ \
      2.   --set hub=docker.io/istio \
      3.   --set tag=1.6.0 \
      4.   --set operatorNamespace=istio-operator \
      5.   --set istioNamespace=istio-system | kubectl apply -f -

      Note that you need to download the Istio release to run the above command.

    To install the Istio demo using the operator, run the following command:

    1. $ kubectl create ns istio-system
    2. $ kubectl apply -f - <<EOF
    3. apiVersion: install.istio.io/v1alpha1
    4. kind: IstioOperator
    5. metadata:
    6.   namespace: istio-system
    7. spec:
    8.   profile: demo
    9. EOF

    The Istio operator controller begins the process of installing Istio within 90 seconds of the creation of the IstioOperator resource. The Istio installation completes within 120 seconds.

    You can confirm the Istio control plane services have been deployed with the following commands:

    1. $ kubectl get svc -n istio-system
    3. grafana                     ClusterIP      10.104.1.213     <none>        3000/TCP                                                                     13s
    4. istio-egressgateway         ClusterIP      10.103.243.113   <none>        80/TCP,443/TCP,15443/TCP                                                     17s
    5. istio-ingressgateway        LoadBalancer   10.101.204.227   <pending>     15020:31077/TCP,80:30689/TCP,443:32419/TCP,31400:31411/TCP,15443:30176/TCP   17s
    6. istiod                      ClusterIP      10.96.237.249    <none>        15010/TCP,15012/TCP,443/TCP,15014/TCP,53/UDP,853/TCP                         30s
    7. jaeger-agent                ClusterIP      None             <none>        5775/UDP,6831/UDP,6832/UDP                                                   13s
    8. jaeger-collector            ClusterIP      10.109.244.165   <none>        14267/TCP,14268/TCP,14250/TCP                                                13s
    9. jaeger-collector-headless   ClusterIP      None             <none>        14250/TCP                                                                    13s
    10. jaeger-query                ClusterIP      10.105.128.63    <none>        16686/TCP                                                                    13s
    11. kiali                       ClusterIP      10.102.172.30    <none>        20001/TCP                                                                    13s
    12. prometheus                  ClusterIP      10.102.190.194   <none>        9090/TCP                                                                     13s
    13. tracing                     ClusterIP      10.110.231.250   <none>        80/TCP                                                                       13s
    14. zipkin                      ClusterIP      10.96.63.117     <none>        9411/TCP                                                                     13s

    Now, with the controller running, you can change the Istio configuration by editing or replacing the IstioOperator resource. The controller will detect the change and respond by updating the Istio installation correspondingly.

    For example, you can switch the installation to the default profile with the following command:

    1. $ kubectl apply -f - <<EOF
    2. apiVersion: install.istio.io/v1alpha1
    3. kind: IstioOperator
    4. metadata:
    5.   namespace: istio-system
    6.   name: example-istiocontrolplane
    7. spec:
    8. EOF

    You can also enable or disable components and modify resource settings. For example, to enable the component and increase pilot memory requests:

    1. $ kubectl apply -f - <<EOF
    2. apiVersion: install.istio.io/v1alpha1
    3. kind: IstioOperator
    4. metadata:
    5.   namespace: istio-system
    6.   name: example-istiocontrolplane
    7. spec:
    8.   profile: default
    9.   components:
    10.     pilot:
    11.       k8s:
    12.         resources:
    13.           requests:
    14.             memory: 3072Mi
    15.   addonComponents:
    16.     grafana:
    17.       enabled: true
    18. EOF

    You can observe the changes that the controller makes in the cluster in response to IstioOperator CR updates by checking the operator controller logs:

    1. $ kubectl logs -f -n istio-operator $(kubectl get pods -n istio-operator -lname=istio-operator -o jsonpath='{.items[0].metadata.name}')

    Refer to the IstioOperator API for the complete set of configuration settings.

    Delete the Istio deployment:

    Wait until Istio is uninstalled - this may take some time. Delete the Istio operator:

    1. $ istioctl operator remove

    Or:

    1. $ kubectl delete ns istio-operator --grace-period=0 --force
    2. $ kubectl delete ns istio-system --grace-period=0 --force

    Community partner tooling of Wasm for Istio by Solo.io.

    Introducing istiod: simplifying the control plane

    Istiod consolidates the Istio control plane components into a single binary.

    Configuring Wasm extensions for Envoy and Istio declaratively.

    Redefining extensibility in proxies - introducing WebAssembly to Envoy and Istio

    The future of Istio extensibility using WASM.

    A vision statement and roadmap for Istio in 2020.

    Provision and manage DNS certificates in Istio.