Standalone Operator Install [Experimental]

The following information describes an experimental feature, which is intendedfor evaluation purposes only.

This guide installs Istio using the standalone Istiooperator.The only dependencies required are a supported Kubernetes cluster and the kubectl command.

To install Istio for production use, we recommend installing with istioctlinstead.

Prerequisites

  1. $ kubectl apply -f https://istio.io/operator.yaml

This command runs the operator by creating the following resources in the istio-operator namespace:

  • The operator custom resource definition
  • The operator controller deployment
  • A service to access operator metrics
  • Necessary Istio operator RBAC rules

Install

To install the Istio demo configuration profileusing the operator, run the following command:

  1. $ kubectl apply -f - <<EOF
  2. apiVersion: install.istio.io/v1alpha2
  3. kind: IstioControlPlane
  4. metadata:
  5. namespace: istio-operator
  6. name: example-istiocontrolplane
  7. spec:
  8. profile: demo
  9. EOF

The controller will detect the IstioControlPlane resource and then install the Istiocomponents corresponding to the specified (demo) configuration.

The Istio operator controller begins the process of installing Istio within 90 seconds ofthe creation of the IstioControlPlane resource. The Istio installation completes within 120seconds.

You can confirm the Istio control plane services have been deployed with the following commands:

  1. $ kubectl get svc -n istio-system
  2. NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
  3. grafana ClusterIP 10.106.149.76 <none> 3000/TCP 2m
  4. istio-citadel ClusterIP 10.111.189.16 <none> 8060/TCP,15014/TCP 2m
  5. istio-egressgateway ClusterIP 10.97.119.223 <none> 80/TCP,443/TCP,15443/TCP 2m
  6. istio-galley ClusterIP 10.106.200.132 <none> 443/TCP,15014/TCP,9901/TCP,15019/TCP 2m
  7. istio-ingressgateway LoadBalancer 10.107.91.133 192.168.7.130 15020:30729/TCP,80:32583/TCP,443:30117/TCP,15029:30696/TCP,15030:31442/TCP,15031:30091/TCP,15032:31346/TCP,15443:30067/TCP 2m
  8. istio-pilot ClusterIP 10.109.79.164 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 2m
  9. istio-policy ClusterIP 10.105.198.243 <none> 9091/TCP,15004/TCP,15014/TCP 2m
  10. istio-sidecar-injector ClusterIP 10.107.11.188 <none> 443/TCP 2m
  11. istio-telemetry ClusterIP 10.104.68.42 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 2m
  12. jaeger-agent ClusterIP None <none> 5775/UDP,6831/UDP,6832/UDP 2m
  13. jaeger-collector ClusterIP 10.109.110.61 <none> 14267/TCP,14268/TCP,14250/TCP 2m
  14. jaeger-query ClusterIP 10.97.1.46 <none> 16686/TCP 2m
  15. kiali ClusterIP 10.99.4.200 <none> 20001/TCP 2m
  16. prometheus ClusterIP 10.99.185.175 <none> 9090/TCP 2m
  17. tracing ClusterIP 10.104.66.2 <none> 9411/TCP 2m
  18. zipkin ClusterIP 10.99.242.51 <none> 9411/TCP 2m
  1. $ kubectl get pods -n istio-system
  2. NAME READY STATUS RESTARTS AGE
  3. grafana-5f798469fd-72hk6 1/1 Running 0 1m
  4. istio-citadel-7dfd85d968-q2h5t 1/1 Running 0 1m
  5. istio-egressgateway-7f9b4f8b6b-nr889 1/1 Running 0 1m
  6. istio-galley-7474b7b86-jgc6h 1/1 Running 0 1m
  7. istio-ingressgateway-5d97687586-9v4sw 1/1 Running 0 1m
  8. istio-pilot-76dcbf686c-2z98w 1/1 Running 0 1m
  9. istio-policy-7f7f7758c5-h5x8z 1/1 Running 3 1m
  10. istio-sidecar-injector-7795bb5888-l5w6g 1/1 Running 0 1m
  11. istio-telemetry-7f5bfccf69-ld65r 1/1 Running 2 1m
  12. istio-tracing-cd67ddf8-w97mg 1/1 Running 0 1m
  13. kiali-7964898d8c-9gfs4 1/1 Running 0 1m
  14. prometheus-586d4445c7-ctxlg 1/1 Running 0 1m

Update

Now, with the controller running, you can change the Istio configuration by editing or replacingthe IstioControlPlane resource. The controller will detect the change and respond by updatingthe Istio installation correspondingly.

For example, you can switch the installation to the defaultprofile with the following command:

  1. $ kubectl apply -f - <<EOF
  2. apiVersion: install.istio.io/v1alpha2
  3. kind: IstioControlPlane
  4. metadata:
  5. namespace: istio-operator
  6. name: example-istiocontrolplane
  7. spec:
  8. profile: default
  9. EOF

You can also enable or disable specific features or components.For example, to disable the telemetry feature:

  1. $ kubectl apply -f - <<EOF
  2. apiVersion: install.istio.io/v1alpha2
  3. kind: IstioControlPlane
  4. metadata:
  5. namespace: istio-operator
  6. name: example-istiocontrolplane
  7. spec:
  8. profile: default
  9. telemetry:
  10. enabled: false
  11. EOF

Refer to the IstioControlPlane APIfor the complete set of configuration settings.

Uninstall

Delete the Istio operator and Istio deployment:

  1. $ kubectl -n istio-operator get IstioControlPlane example-istiocontrolplane -o=json | jq '.metadata.finalizers = null' | kubectl delete -f -
  2. $ kubectl delete ns istio-operator --grace-period=0 --force
  3. $ kubectl delete ns istio-system --grace-period=0 --force

See also

DNS Certificate Management

Provision and manage DNS certificates in Istio.

Introducing the Istio Operator

Introduction to Istio's new operator-based installation and control plane management feature.

Secure Webhook Management

A more secure way to manage Istio webhooks.

Demystifying Istio's Sidecar Injection Model

De-mystify how Istio manages to plugin its data-plane components into an existing deployment.

Customizable Install with Helm

Install and configure Istio for in-depth evaluation or production use.

Customizable Install with Istioctl

Install and customize any Istio configuration profile for in-depth evaluation or production use.