Getting Started

To get started with Istio, just follow these three steps:

  1. Set up your platform
  2. Download the release
  3. Install Istio

Set up your platform

Before you can install Istio, you need a cluster running a compatible version of Kubernetes. Istio 1.4 has been tested with Kubernetes releases 1.13, 1.14, 1.15.

Some platforms provide a managed control plane which you can use instead of installing Istio manually. If this is the case with your selected platform, and you choose to use it, you will be finished installing Istio after creating the cluster, so you can skip the following instructions. Refer to your platform service provider for further details and instructions.

Download the release

Download the Istio release which includes installation files, samples, and the istioctl command line utility.

  1. Go to the Istio release page to download the installation file corresponding to your OS. Alternatively, on a macOS or Linux system, you can run the following command to download and extract the latest release automatically:

    $ curl -L https://istio.io/downloadIstio | sh -
    
  2. Move to the Istio package directory. For example, if the package is istio-1.4.0:

    $ cd istio-1.4.0
    

    The installation directory contains:

    • Installation YAML files for Kubernetes in install/kubernetes
    • Sample applications in samples/
    • The istioctl client binary in the bin/ directory. istioctl is used when manually injecting Envoy as a sidecar proxy.
  3. Add the istioctl client to your path, on a macOS or Linux system:

    $ export PATH=$PWD/bin:$PATH
    
  4. You can optionally enable the auto-completion option when working with a bash or ZSH console.

Install Istio

These instructions assume you are new to Istio, providing streamlined instruction to install Istio’s built-in demo configuration profile. This installation lets you quickly get started evaluating Istio. If you are already familiar with Istio or interested in installing other configuration profiles or a more advanced deployment model, follow the installing with istioctl instructions instead.

  1. Install the demo profile

    $ istioctl manifest apply --set profile=demo
    
  2. Verify the installation by ensuring the following Kubernetes services are deployed and verify they all have an appropriate CLUSTER-IP except the jaeger-agent service:

    $ kubectl get svc -n istio-system
    NAME                     TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)                                                                                                                                      AGE
    grafana                  ClusterIP      172.21.211.123   <none>          3000/TCP                                                                                                                                     2m
    istio-citadel            ClusterIP      172.21.177.222   <none>          8060/TCP,15014/TCP                                                                                                                           2m
    istio-egressgateway      ClusterIP      172.21.113.24    <none>          80/TCP,443/TCP,15443/TCP                                                                                                                     2m
    istio-galley             ClusterIP      172.21.132.247   <none>          443/TCP,15014/TCP,9901/TCP                                                                                                                   2m
    istio-ingressgateway     LoadBalancer   172.21.144.254   52.116.22.242   15020:31831/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:30318/TCP,15030:32645/TCP,15031:31933/TCP,15032:31188/TCP,15443:30838/TCP   2m
    istio-pilot              ClusterIP      172.21.105.205   <none>          15010/TCP,15011/TCP,8080/TCP,15014/TCP                                                                                                       2m
    istio-policy             ClusterIP      172.21.14.236    <none>          9091/TCP,15004/TCP,15014/TCP                                                                                                                 2m
    istio-sidecar-injector   ClusterIP      172.21.155.47    <none>          443/TCP,15014/TCP                                                                                                                            2m
    istio-telemetry          ClusterIP      172.21.196.79    <none>          9091/TCP,15004/TCP,15014/TCP,42422/TCP                                                                                                       2m
    jaeger-agent             ClusterIP      None             <none>          5775/UDP,6831/UDP,6832/UDP                                                                                                                   2m
    jaeger-collector         ClusterIP      172.21.135.51    <none>          14267/TCP,14268/TCP                                                                                                                          2m
    jaeger-query             ClusterIP      172.21.26.187    <none>          16686/TCP                                                                                                                                    2m
    kiali                    ClusterIP      172.21.155.201   <none>          20001/TCP                                                                                                                                    2m
    prometheus               ClusterIP      172.21.63.159    <none>          9090/TCP                                                                                                                                     2m
    tracing                  ClusterIP      172.21.2.245     <none>          80/TCP                                                                                                                                       2m
    zipkin                   ClusterIP      172.21.182.245   <none>          9411/TCP                                                                                                                                     2m
    

    Also ensure corresponding Kubernetes pods are deployed and have a STATUS of Running:

    $ kubectl get pods -n istio-system
    NAME                                                           READY   STATUS      RESTARTS   AGE
    grafana-f8467cc6-rbjlg                                         1/1     Running     0          1m
    istio-citadel-78df5b548f-g5cpw                                 1/1     Running     0          1m
    istio-egressgateway-78569df5c4-zwtb5                           1/1     Running     0          1m
    istio-galley-74d5f764fc-q7nrk                                  1/1     Running     0          1m
    istio-ingressgateway-7ddcfd665c-dmtqz                          1/1     Running     0          1m
    istio-pilot-f479bbf5c-qwr28                                    1/1     Running     0          1m
    istio-policy-6fccc5c868-xhblv                                  1/1     Running     2          1m
    istio-sidecar-injector-78499d85b8-x44m6                        1/1     Running     0          1m
    istio-telemetry-78b96c6cb6-ldm9q                               1/1     Running     2          1m
    istio-tracing-69b5f778b7-s2zvw                                 1/1     Running     0          1m
    kiali-99f7467dc-6rvwp                                          1/1     Running     0          1m
    prometheus-67cdb66cbb-9w2hm                                    1/1     Running     0          1m
    

Next steps

With Istio installed, you can now deploy your own application or one of the sample applications provided with the installation.

When you deploy your application using kubectl apply, the Istio sidecar injector will automatically inject Envoy containers into your application pods if they are started in namespaces labeled with istio-injection=enabled:

$ kubectl label namespace <namespace> istio-injection=enabled
$ kubectl create -n <namespace> -f <your-app-spec>.yaml

In namespaces without the istio-injection label, you can use istioctl kube-inject to manually inject Envoy containers in your application pods before deploying them:

$ istioctl kube-inject -f <your-app-spec>.yaml | kubectl apply -f -

If you are not sure where to begin, deploy the Bookinfo sample which will allow you to evaluate Istio’s features for traffic routing, fault injection, rate limiting, etc. Then explore the various Istio tasks that interest you.

The following tasks are a good place for beginners to start:

The next step is to customize Istio and deploy your own applications. Before you install and customize Istio to fit your platform and intended use, check out the following resources:

As you continue to use Istio, we look forward to hearing from you and welcoming you to our community.

Uninstall

The uninstall deletes the RBAC permissions, the istio-system namespace, and all resources hierarchically under it. It is safe to ignore errors for non-existent resources because they may have been deleted hierarchically.

$ istioctl manifest generate --set profile=demo | kubectl delete -f -