• Standalone Operator Install [Experimental]
    • Prerequisites
    • Install
    • Update
    • Uninstall
    • See also

    Standalone Operator Install [Experimental]

    The following information describes an experimental feature, which is intendedfor evaluation purposes only.

    This guide installs Istio using the standalone Istiooperator.The only dependencies required are a supported Kubernetes cluster and the kubectl command.

    To install Istio for production use, we recommend installing with istioctlinstead.

    Prerequisites

    • Perform any necessary platform-specific setup.

    • Check the Requirements for Pods and Services.

    • Deploy the Istio operator:

    1. $ kubectl apply -f https://istio.io/operator.yaml

    This command runs the operator by creating the following resources in the istio-operator namespace:

    • The operator custom resource definition
    • The operator controller deployment
    • A service to access operator metrics
    • Necessary Istio operator RBAC rules

    Install

    To install the Istio demo configuration profileusing the operator, run the following command:

    1. $ kubectl apply -f - <<EOF
    2. apiVersion: install.istio.io/v1alpha2
    3. kind: IstioControlPlane
    4. metadata:
    5. namespace: istio-operator
    6. name: example-istiocontrolplane
    7. spec:
    8. profile: demo
    9. EOF

    The controller will detect the IstioControlPlane resource and then install the Istiocomponents corresponding to the specified (demo) configuration.

    The Istio operator controller begins the process of installing Istio within 90 seconds ofthe creation of the IstioControlPlane resource. The Istio installation completes within 120seconds.

    You can confirm the Istio control plane services have been deployed with the following commands:

    1. $ kubectl get svc -n istio-system
    2. NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
    3. grafana ClusterIP 10.106.149.76 <none> 3000/TCP 2m
    4. istio-citadel ClusterIP 10.111.189.16 <none> 8060/TCP,15014/TCP 2m
    5. istio-egressgateway ClusterIP 10.97.119.223 <none> 80/TCP,443/TCP,15443/TCP 2m
    6. istio-galley ClusterIP 10.106.200.132 <none> 443/TCP,15014/TCP,9901/TCP,15019/TCP 2m
    7. istio-ingressgateway LoadBalancer 10.107.91.133 192.168.7.130 15020:30729/TCP,80:32583/TCP,443:30117/TCP,15029:30696/TCP,15030:31442/TCP,15031:30091/TCP,15032:31346/TCP,15443:30067/TCP 2m
    8. istio-pilot ClusterIP 10.109.79.164 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 2m
    9. istio-policy ClusterIP 10.105.198.243 <none> 9091/TCP,15004/TCP,15014/TCP 2m
    10. istio-sidecar-injector ClusterIP 10.107.11.188 <none> 443/TCP 2m
    11. istio-telemetry ClusterIP 10.104.68.42 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 2m
    12. jaeger-agent ClusterIP None <none> 5775/UDP,6831/UDP,6832/UDP 2m
    13. jaeger-collector ClusterIP 10.109.110.61 <none> 14267/TCP,14268/TCP,14250/TCP 2m
    14. jaeger-query ClusterIP 10.97.1.46 <none> 16686/TCP 2m
    15. kiali ClusterIP 10.99.4.200 <none> 20001/TCP 2m
    16. prometheus ClusterIP 10.99.185.175 <none> 9090/TCP 2m
    17. tracing ClusterIP 10.104.66.2 <none> 9411/TCP 2m
    18. zipkin ClusterIP 10.99.242.51 <none> 9411/TCP 2m
    1. $ kubectl get pods -n istio-system
    2. NAME READY STATUS RESTARTS AGE
    3. grafana-5f798469fd-72hk6 1/1 Running 0 1m
    4. istio-citadel-7dfd85d968-q2h5t 1/1 Running 0 1m
    5. istio-egressgateway-7f9b4f8b6b-nr889 1/1 Running 0 1m
    6. istio-galley-7474b7b86-jgc6h 1/1 Running 0 1m
    7. istio-ingressgateway-5d97687586-9v4sw 1/1 Running 0 1m
    8. istio-pilot-76dcbf686c-2z98w 1/1 Running 0 1m
    9. istio-policy-7f7f7758c5-h5x8z 1/1 Running 3 1m
    10. istio-sidecar-injector-7795bb5888-l5w6g 1/1 Running 0 1m
    11. istio-telemetry-7f5bfccf69-ld65r 1/1 Running 2 1m
    12. istio-tracing-cd67ddf8-w97mg 1/1 Running 0 1m
    13. kiali-7964898d8c-9gfs4 1/1 Running 0 1m
    14. prometheus-586d4445c7-ctxlg 1/1 Running 0 1m

    Update

    Now, with the controller running, you can change the Istio configuration by editing or replacingthe IstioControlPlane resource. The controller will detect the change and respond by updatingthe Istio installation correspondingly.

    For example, you can switch the installation to the defaultprofile with the following command:

    1. $ kubectl apply -f - <<EOF
    2. apiVersion: install.istio.io/v1alpha2
    3. kind: IstioControlPlane
    4. metadata:
    5. namespace: istio-operator
    6. name: example-istiocontrolplane
    7. spec:
    8. profile: default
    9. EOF

    You can also enable or disable specific features or components.For example, to disable the telemetry feature:

    1. $ kubectl apply -f - <<EOF
    2. apiVersion: install.istio.io/v1alpha2
    3. kind: IstioControlPlane
    4. metadata:
    5. namespace: istio-operator
    6. name: example-istiocontrolplane
    7. spec:
    8. profile: default
    9. telemetry:
    10. enabled: false
    11. EOF

    Refer to the IstioControlPlane APIfor the complete set of configuration settings.

    Uninstall

    Delete the Istio operator and Istio deployment:

    1. $ kubectl -n istio-operator get IstioControlPlane example-istiocontrolplane -o=json | jq '.metadata.finalizers = null' | kubectl delete -f -
    2. $ kubectl delete ns istio-operator --grace-period=0 --force
    3. $ kubectl delete ns istio-system --grace-period=0 --force

    See also

    DNS Certificate Management

    Provision and manage DNS certificates in Istio.

    Introducing the Istio Operator

    Introduction to Istio's new operator-based installation and control plane management feature.

    Secure Webhook Management

    A more secure way to manage Istio webhooks.

    Demystifying Istio's Sidecar Injection Model

    De-mystify how Istio manages to plugin its data-plane components into an existing deployment.

    Customizable Install with Helm

    Install and configure Istio for in-depth evaluation or production use.

    Customizable Install with Istioctl

    Install and customize any Istio configuration profile for in-depth evaluation or production use.