How to Install Istio

What Is Istio?

Istio is an open-source service mesh that makes it easier for a team to create a network or server cluster of deployed services. Istio provides several vital services consistently across a mesh network such as:

• Traffic Management: Istio simplifies the configuration of service-level properties like circuit breakers, timeouts, and retries.
• Security: Istio provides an underlying secure communication channel between various endpoints.
• Policies: Istio enforces specific policies to dynamically rate-limit the traffic to a service. It also applies whitelists, blacklists, and denials to restrict access to services, header rewrites, and redirects.
• Observability: This includes comprehensive tracking, monitoring, and logging features.
• Platform Support This encompasses support for Kubernetes, Consul, and other services running on individual virtual machines.
• Integration and Customization: This includes solutions for ACLs, logging, monitoring, quotas, etc.

To summarize, Istio helps with the rollout of multi-cloud deployments by letting you deliver, secure, control, and monitor services on your multi-cloud implantation. In this installation scenario, Istio is considered platform independent so no reference point is provided to a specific operating system.

Prerequisites

Before you can start the installation of Istio, you need to set up a Kubernetes cluster with a version of K8s that is compatible with Istio. Istio 1.4 works with Kubernetes versions 1.13 - 1.15. Liquid Web offers several types of multi-node server clusters that can be adjusted to fit your needs. 

If you are unsure precisely what Kubernetes is, you can read more about it in that link. A containerization system is a fast, secure, and lightweight platform for running microservices. More benefits of containerization can be found in this article. 

After we have Kubernetes installed and a server cluster set up, we can begin the installation of Istio.

Download Istio & Prepare the Installation 

First, we will download the latest version of Istio.

[root@host /]# curl -L https://istio.io/downloadIstio | sh -

The output should look like this

root@host:~# curl -L https://istio.io/downloadIstio | sh -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current    Dload  Upload   Total   Spent    Left  Speed 100   107  100   107    0     0    312      0 --:--:-- --:--:-- --:--:--   313
100  2804  100  2804    0     0   6258      0 --:--:-- --:--:-- --:--:-- 35493
Downloading istio-1.4.3 from https://github.com/istio/istio/releases/download/1.4.3/istio-1.4.3-linux.tar.gz ...  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current  Dload  Upload   Total   Spent    Left  Speed
100   614    0   614    0     0   2951      0 --:--:-- --:--:-- --:--:--  2951
100 32.7M  100 32.7M    0     0  25.2M      0  0:00:01  0:00:01 --:--:-- 39.8M
Istio 1.4.3 Download Complete!

Istio has been successfully downloaded into the istio-1.4.3 folder on your system.

Next Steps:
See https://istio.io/docs/setup/kubernetes/install/ to add Istio to your Kubernetes cluster.

To configure the istioctl client tool for your workstation,
add the /root/istio-1.4.3/bin directory to your environment path variable with:
	 export PATH="$PATH:/root/istio-1.4.3/bin"

Begin the Istio pre-installation verification check by running:
	 istioctl verify-install 

Need more information? Visit https://istio.io/docs/setup/kubernetes/install/ 
root@host:~# 

Then, cd into the Istio package directory with command below

root@host:~# cd istio-1.4.3/

Your installation directory should contain the following directories and files.

root@host:~/istio-1.4.3# ll
total 48
drwxr-x---  6 root root  4096 Jan  6 14:45 ./
drwx------ 10 root root  4096 Feb 11 12:56 ../
-rw-r--r--  1 root root 11348 Jan  6 14:45 LICENSE
-rw-r--r--  1 root root  6080 Jan  6 14:45 README.md
drwxr-x---  2 root root  4096 Jan  6 14:45 bin/
drwxr-xr-x  6 root root  4096 Jan  6 14:45 install/
-rw-r-----  1 root root   657 Jan  6 14:45 manifest.yaml
drwxr-xr-x 19 root root  4096 Jan  6 14:45 samples/
drwxr-x---  3 root root  4096 Jan  6 14:45 tools/
root@host:~/istio-1.4.3# 

Next, add the istioctl client to your path

[root@host istio-1.4.3]# export PATH=$PWD/bin:$PATH

Install Istio

You are now ready to begin the installation itself. We will demonstrate the installation process using a demo profile. First, we will apply the demo manifest

[root@host istio-1.4.3]# istioctl manifest apply --set profile=demo

After this process has completed, verify the installation, and make sure that Kubernetes services have an appropriate IP address assigned to the cluster (except for the jaeger-agent service) with the following command.

[root@host istio-1.4.3]# kubectl get svc -n istio-system

The output should look like this. (the output has been reformatted for easier viewing)

[root@host kubectl get svc -n istio-system

NAME          TYPE       CLUSTER-IP      EXTERNAL-IP  PORT(S)   AGE
Grafana       ClusterIP  172.21.211.123  <none>       3000/TCP  2m

Istio-citadel ClusterIP  172.21.177.222  <none>  8060/TCP,15014/TCP 2m

Istio-egressgateway  ClusterIP 172.21.113.24 <none> 80/TCP,443/TCP,15443/TCP 2m

Istio-galley  ClusterIP  172.21.132.247   <none> 443/TCP,15014/TCP,9901/TCP 2m

Istio-ingressgateway loadBalancer 172.21.144.254 52.116.22.242 15020:31831/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:30318/TCP,15030:32645/TCP,15031:31933/TCP,15032:31188/TCP,15443:30838/TCP   2m

Istio-pilot   ClusterIP  172.21.105.205 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 2m

Istio-policy  ClusterIP  172.21.14.236  <none> 9091/TCP,15004/TCP,15014/TCP 2m

Istio-sidecar-injector  ClusterIP  172.21.155.47  <none> 443/TCP,15014/TCP 2m

Istio-telemetry ClusterIP 172.21.196.79   <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 2m

Jaeger-agent ClusterIP  None  <none>  5775/UDP,6831/UDP,6832/UDP  2m

Jaeger-collector  ClusterIP  172.21.135.51  <none> 14267/TCP,14268/TCP 2m

Jaeger-query  ClusterIP  172.21.26.187  <none>  16686/TCP  2m

Kiali  ClusterIP  172.21.155.201  <none>  20001/TCP  2m

Prometheus  ClusterIP  172.21.63.159  <none>  9090/TCP  2m

Tracing  ClusterIP  172.21.2.245  <none>  80/TCP  2m

Zipkin   lusterIP   172.21.182.245 <none> 9411/TCP

In addition to this, the following Kubernetes pods should be deployed and have a status of running:

[root@host istio-1.4.3]# kubectl get pods -n istio-system

NAME READY   STATUS      RESTARTS   AGE
Grafana-f8467cc6-rbjlg 1/1     Running     0          1m

Istio-citadel-78df5b548f-g5cpw 1/1     Running     0          1m

Istio-egressgateway-78569df5c4-zwtb5 1/1     Running     0          1m

Istio-galley-74d5f764fc-q7nrk 1/1     Running     0          1m

Istio-ingressgateway-7ddcfd665c-dmtqz 1/1     Running     0          1m

Istio-pilot-f479bbf5c-qwr28 1/1     Running     0          1m

Istio-policy-6fccc5c868-xhblv 1/1     Running     2          1m

Istio-sidecar-injector-78499d85b8-x44m6 1/1     Running     0          1m

Istio-telemetry-78b96c6cb6-ldm9q 1/1     Running     2          1m

Istio-tracing-69b5f778b7-s2zvw 1/1     Running     0          1m

Kiali-99f7467dc-6rvwp 1/1     Running     0          1m

Prometheus-67cdb66cbb-9w2hm 1/1     Running     0          1m

This completes the installation phase if using the demo profile. Please keep in mind that the demo profile should not be used for performance evaluation. The purpose of the demo profile is to simply show the functionalities of Istio. You can now deploy your application, but keep in mind that that applications must use HTTP/1.1 or HTTP/2.0 since HTTP/1.0 is no longer supported by Istio. 

Deployment

These commands will help you with the deployment of your applications:

root@host istio-1.4.3]# kubectl label namespace <namespace> istio-injection=enabled

And then:

[root@host istio-1.4.3]# kubectl create -n <namespace> -f <your-app-spec>.yaml

Uninstall Istio

To uninstall Istio, use the following command.

[root@host istio-1.4.3]# istioctl manifest generate --set profile=demo | kubectl delete -f -

It is usually safe to ignore any non-existent resource errors during the uninstallation process because the resources are removed in a hierarchical manner. The uninstallation process removes all the RBAC permissions, the Istio related namespaces, and all other resources in the hierarchy under it. 

Conclusion

We hope that you enjoy using Istio because it is a truly powerful and useful service. For more information, articles, and guides about Istio visit the official page at istio.io/.

Talk To An Expert...

Do you have questions about running Istio, Kubernetes or other modern platforms on a server cluster? Need a small staging cluster to review how you are going to deploy your application?

Give us a call at 800.580.4985, or open a chat or ticket with us to speak with one of our knowledgeable Solutions Team or an experienced Hosting Advisors today! Liquid Web has the technological savvy to offer assistance or advice in how best to set up this type of platform to deploy your apps on!