Getting Started
- Set up your platform
- Download the release
- Install Istio
- Next steps
- Uninstall
- See also

Getting Started

To get started with Istio, just follow these three steps:

Set up your platform
Download the release
Install Istio

Set up your platform

Before you can install Istio, you need a cluster running a compatible version of Kubernetes.Istio 1.4 has been tested with Kubernetes releases 1.13, 1.14, 1.15.

Create a cluster by selecting the appropriate platform-specific setup instructions.

Some platforms provide a managed control plane which you can use instead ofinstalling Istio manually. If this is the case with your selected platform, and you choose to use it,you will be finished installing Istio after creating the cluster, so you can skip the following instructions.Refer to your platform service provider for further details and instructions.

Download the release

Download the Istio release which includes installation files, samples, and theistioctl command line utility.

Go to the Istio release page todownload the installation file corresponding to your OS. Alternatively, on a macOS orLinux system, you can run the following command to download andextract the latest release automatically:

$ curl -L https://istio.io/downloadIstio | sh -

Move to the Istio package directory. For example, if the package isistio-1.4.2:

$ cd istio-1.4.2

The installation directory contains:

Installation YAML files for Kubernetes in install/kubernetes
Sample applications in samples/
The istioctl client binary in the bin/ directory. istioctl isused when manually injecting Envoy as a sidecar proxy.
- Add the istioctl client to your path, on a macOS orLinux system:

$ export PATH=$PWD/bin:$PATH

You can optionally enable the auto-completion option when working with a bash or ZSH console.

Install Istio

These instructions assume you are new to Istio, providing streamlined instruction toinstall Istio’s built-in demo configuration profile.This installation lets you quickly get started evaluating Istio.If you are already familiar with Istio or interested in installing other configuration profilesor a more advanced deployment model,follow the installing with istioctl instructions instead.

The demo configuration profile is not suitable for performance evaluation. Itis designed to showcase Istio functionality with high levels of tracing andaccess logging.

Install the demo profile

$ istioctl manifest apply --set profile=demo

Verify the installation by ensuring the following Kubernetes services are deployed and verify they allhave an appropriate CLUSTER-IP except the jaeger-agent service:

$ kubectl get svc -n istio-system
NAME                     TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)                                                                                                                                      AGE
grafana                  ClusterIP      172.21.211.123   <none>          3000/TCP                                                                                                                                     2m
istio-citadel            ClusterIP      172.21.177.222   <none>          8060/TCP,15014/TCP                                                                                                                           2m
istio-egressgateway      ClusterIP      172.21.113.24    <none>          80/TCP,443/TCP,15443/TCP                                                                                                                     2m
istio-galley             ClusterIP      172.21.132.247   <none>          443/TCP,15014/TCP,9901/TCP                                                                                                                   2m
istio-ingressgateway     LoadBalancer   172.21.144.254   52.116.22.242   15020:31831/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:30318/TCP,15030:32645/TCP,15031:31933/TCP,15032:31188/TCP,15443:30838/TCP   2m
istio-pilot              ClusterIP      172.21.105.205   <none>          15010/TCP,15011/TCP,8080/TCP,15014/TCP                                                                                                       2m
istio-policy             ClusterIP      172.21.14.236    <none>          9091/TCP,15004/TCP,15014/TCP                                                                                                                 2m
istio-sidecar-injector   ClusterIP      172.21.155.47    <none>          443/TCP,15014/TCP                                                                                                                            2m
istio-telemetry          ClusterIP      172.21.196.79    <none>          9091/TCP,15004/TCP,15014/TCP,42422/TCP                                                                                                       2m
jaeger-agent             ClusterIP      None             <none>          5775/UDP,6831/UDP,6832/UDP                                                                                                                   2m
jaeger-collector         ClusterIP      172.21.135.51    <none>          14267/TCP,14268/TCP                                                                                                                          2m
jaeger-query             ClusterIP      172.21.26.187    <none>          16686/TCP                                                                                                                                    2m
kiali                    ClusterIP      172.21.155.201   <none>          20001/TCP                                                                                                                                    2m
prometheus               ClusterIP      172.21.63.159    <none>          9090/TCP                                                                                                                                     2m
tracing                  ClusterIP      172.21.2.245     <none>          80/TCP                                                                                                                                       2m
zipkin                   ClusterIP      172.21.182.245   <none>          9411/TCP                                                                                                                                     2m

If your cluster is running in an environment that does notsupport an external load balancer (e.g., minikube), theEXTERNAL-IP of istio-ingressgateway will say<pending>. To access the gateway, use the service’sNodePort, or use port-forwarding instead.

Also ensure corresponding Kubernetes pods are deployed and have a STATUS of Running:

$ kubectl get pods -n istio-system
NAME                                                           READY   STATUS      RESTARTS   AGE
grafana-f8467cc6-rbjlg                                         1/1     Running     0          1m
istio-citadel-78df5b548f-g5cpw                                 1/1     Running     0          1m
istio-egressgateway-78569df5c4-zwtb5                           1/1     Running     0          1m
istio-galley-74d5f764fc-q7nrk                                  1/1     Running     0          1m
istio-ingressgateway-7ddcfd665c-dmtqz                          1/1     Running     0          1m
istio-pilot-f479bbf5c-qwr28                                    1/1     Running     0          1m
istio-policy-6fccc5c868-xhblv                                  1/1     Running     2          1m
istio-sidecar-injector-78499d85b8-x44m6                        1/1     Running     0          1m
istio-telemetry-78b96c6cb6-ldm9q                               1/1     Running     2          1m
istio-tracing-69b5f778b7-s2zvw                                 1/1     Running     0          1m
kiali-99f7467dc-6rvwp                                          1/1     Running     0          1m
prometheus-67cdb66cbb-9w2hm                                    1/1     Running     0          1m

Next steps

With Istio installed, you can now deploy your own application or one of the sample applicationsprovided with the installation.

The application must use either the HTTP/1.1 or HTTP/2.0 protocols for all its HTTPtraffic; HTTP/1.0 is not supported.

When you deploy your application using kubectl apply,the Istio sidecar injectorwill automatically inject Envoy containers into yourapplication pods if they are started in namespaces labeled with istio-injection=enabled:

$ kubectl label namespace <namespace> istio-injection=enabled
$ kubectl create -n <namespace> -f <your-app-spec>.yaml

In namespaces without the istio-injection label, you can useistioctl kube-injectto manually inject Envoy containers in your application pods before deployingthem:

$ istioctl kube-inject -f <your-app-spec>.yaml | kubectl apply -f -

If you are not sure where to begin,deploy the Bookinfo samplewhich will allow you to evaluate Istio’s features for traffic routing, fault injection, ratelimiting, etc. Then explore the various Istio tasks that interest you.

The following tasks are a good place for beginners to start:

Request routing
Fault injection
Traffic shifting
Querying metrics
Visualizing metrics
Collecting logs
Rate limiting
Ingress gateways
Accessing external services
Visualizing your mesh

The next step is to customize Istio and deploy your own applications.Before you install and customize Istio to fit your platform and intended use,check out the following resources:

Deployment models
Deployment best practices
Pod requirements
General installation instructions

As you continue to use Istio, we look forward to hearing from you and welcomingyou to our community.

Uninstall

The uninstall deletes the RBAC permissions, the istio-system namespace, andall resources hierarchically under it. It is safe to ignore errors fornon-existent resources because they may have been deleted hierarchically.

$ istioctl manifest generate --set profile=demo | kubectl delete -f -

Getting Started

Getting Started

Set up your platform

Download the release

Install Istio

Next steps

Uninstall

See also