To get started with Istio, just follow these three steps:
Set up your platform
Before you can install Istio, you need a cluster running a compatible version of Kubernetes. Istio 1.4 has been tested with Kubernetes releases 1.13, 1.14, 1.15.
Create a cluster by selecting the appropriate platform-specific setup instructions.
Some platforms provide a managed control plane which you can use instead of installing Istio manually. If this is the case with your selected platform, and you choose to use it, you will be finished installing Istio after creating the cluster, so you can skip the following instructions. Refer to your platform service provider for further details and instructions.
Download the release
Download the Istio release which includes installation files, samples, and the istioctl command line utility.
Go to the Istio release page to download the installation file corresponding to your OS. Alternatively, on a macOS or Linux system, you can run the following command to download and extract the latest release automatically:
$ curl -L https://istio.io/downloadIstio | sh -
Move to the Istio package directory. For example, if the package is
$ cd istio-1.4.4
The installation directory contains:
- Installation YAML files for Kubernetes in
- Sample applications in
istioctlclient binary in the
istioctlis used when manually injecting Envoy as a sidecar proxy.
- Installation YAML files for Kubernetes in
istioctlclient to your path, on a macOS or Linux system:
$ export PATH=$PWD/bin:$PATH
You can optionally enable the auto-completion option when working with a bash or ZSH console.
These instructions assume you are new to Istio, providing streamlined instruction to
install Istio’s built-in
demo configuration profile.
This installation lets you quickly get started evaluating Istio.
If you are already familiar with Istio or interested in installing other configuration profiles
or a more advanced deployment model,
follow the installing with istioctl instructions instead.
$ istioctl manifest apply --set profile=demo
Verify the installation by ensuring the following Kubernetes services are deployed and verify they all have an appropriate
$ kubectl get svc -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE grafana ClusterIP 172.21.211.123 <none> 3000/TCP 2m istio-citadel ClusterIP 172.21.177.222 <none> 8060/TCP,15014/TCP 2m istio-egressgateway ClusterIP 172.21.113.24 <none> 80/TCP,443/TCP,15443/TCP 2m istio-galley ClusterIP 172.21.132.247 <none> 443/TCP,15014/TCP,9901/TCP 2m istio-ingressgateway LoadBalancer 172.21.144.254 184.108.40.206 15020:31831/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:30318/TCP,15030:32645/TCP,15031:31933/TCP,15032:31188/TCP,15443:30838/TCP 2m istio-pilot ClusterIP 172.21.105.205 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 2m istio-policy ClusterIP 172.21.14.236 <none> 9091/TCP,15004/TCP,15014/TCP 2m istio-sidecar-injector ClusterIP 172.21.155.47 <none> 443/TCP,15014/TCP 2m istio-telemetry ClusterIP 172.21.196.79 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 2m jaeger-agent ClusterIP None <none> 5775/UDP,6831/UDP,6832/UDP 2m jaeger-collector ClusterIP 172.21.135.51 <none> 14267/TCP,14268/TCP 2m jaeger-query ClusterIP 172.21.26.187 <none> 16686/TCP 2m kiali ClusterIP 172.21.155.201 <none> 20001/TCP 2m prometheus ClusterIP 172.21.63.159 <none> 9090/TCP 2m tracing ClusterIP 172.21.2.245 <none> 80/TCP 2m zipkin ClusterIP 172.21.182.245 <none> 9411/TCP 2m
Also ensure corresponding Kubernetes pods are deployed and have a
$ kubectl get pods -n istio-system NAME READY STATUS RESTARTS AGE grafana-f8467cc6-rbjlg 1/1 Running 0 1m istio-citadel-78df5b548f-g5cpw 1/1 Running 0 1m istio-egressgateway-78569df5c4-zwtb5 1/1 Running 0 1m istio-galley-74d5f764fc-q7nrk 1/1 Running 0 1m istio-ingressgateway-7ddcfd665c-dmtqz 1/1 Running 0 1m istio-pilot-f479bbf5c-qwr28 1/1 Running 0 1m istio-policy-6fccc5c868-xhblv 1/1 Running 2 1m istio-sidecar-injector-78499d85b8-x44m6 1/1 Running 0 1m istio-telemetry-78b96c6cb6-ldm9q 1/1 Running 2 1m istio-tracing-69b5f778b7-s2zvw 1/1 Running 0 1m kiali-99f7467dc-6rvwp 1/1 Running 0 1m prometheus-67cdb66cbb-9w2hm 1/1 Running 0 1m
With Istio installed, you can now deploy your own application or one of the sample applications provided with the installation.
When you deploy your application using
the Istio sidecar injector
will automatically inject Envoy containers into your
application pods if they are started in namespaces labeled with
$ kubectl label namespace <namespace> istio-injection=enabled $ kubectl create -n <namespace> -f <your-app-spec>.yaml
In namespaces without the
istio-injection label, you can use
to manually inject Envoy containers in your application pods before deploying
$ istioctl kube-inject -f <your-app-spec>.yaml | kubectl apply -f -
If you are not sure where to begin, deploy the Bookinfo sample which will allow you to evaluate Istio’s features for traffic routing, fault injection, rate limiting, etc. Then explore the various Istio tasks that interest you.
The following tasks are a good place for beginners to start:
- Request routing
- Fault injection
- Traffic shifting
- Querying metrics
- Visualizing metrics
- Collecting logs
- Rate limiting
- Ingress gateways
- Accessing external services
- Visualizing your mesh
The next step is to customize Istio and deploy your own applications. Before you install and customize Istio to fit your platform and intended use, check out the following resources:
As you continue to use Istio, we look forward to hearing from you and welcoming you to our community.
The uninstall deletes the RBAC permissions, the
istio-system namespace, and
all resources hierarchically under it. It is safe to ignore errors for
non-existent resources because they may have been deleted hierarchically.
$ istioctl manifest generate --set profile=demo | kubectl delete -f -