Customizable Install with Helm
Follow this guide to install and configure an Istio mesh for in-depth evaluation or production use.
This installation guide uses Helm1 charts that provide rich
customization of the Istio control plane and of the sidecars for the Istio data plane.
You can simply use helm template to generate the configuration and then install it
using kubectl apply, or you can choose to use helm install and let
Tiller
completely manage the installation.
Using these instructions, you can select any one of Istio’s built-in configuration profiles2 and then further customize the configuration for your specific needs.
Prerequisites
Perform any necessary platform-specific setup3.
Check the Requirements for Pods and Services4.
Install a Helm client5 with a version higher than 2.10.
Helm chart release repositories
The commands in this guide use the Helm charts that are included in the Istio release image. If you want to use the Istio release Helm chart repository instead, adjust the commands accordingly and add the Istio release repository as follows:
Installation steps
Change directory to the root of the release and then choose one of the following two mutually exclusive options:
- To deploy Istio without using Tiller, follow the instructions for option 1.
- To use Helm’s Tiller pod6 to manage your Istio release, follow the instructions for option 2.
Option 1: Install with Helm via helm template
Choose this option if your cluster doesn’t have Tiller deployed and you don’t want to install it.
Create a namespace for the
istio-systemcomponents:Install all the Istio Custom Resource Definitions (CRDs) using
kubectl apply, and wait a few seconds for the CRDs to be committed in the Kubernetes API-server:Verify that all
23Istio CRDs were committed to the Kubernetes api-server using the following command:Select a configuration profile2 and then render and apply Istio’s core components corresponding to your chosen profile. The default profile is recommended for production deployments:
Install the Istio CNI8 components:
Enable CNI in Istio by setting --set istio_cni.enabled=true in addition to the settings for your chosen profile.
For example, to configure the default profile:
Option 2: Install with Helm and Tiller via helm install
This option allows Helm and Tiller to manage the lifecycle of Istio.
Make sure you have a service account with the
cluster-adminrole defined for Tiller. If not already defined, create one using following command:Install Tiller on your cluster with the service account:
Install the
istio-initchart to bootstrap all the Istio’s CRDs:Verify that all
23Istio CRDs were committed to the Kubernetes api-server using the following command:Select a configuration profile2 and then install the
istiochart corresponding to your chosen profile. The default profile is recommended for production deployments:
Install the Istio CNI8 chart:
Enable CNI in Istio by setting --set istio_cni.enabled=true in addition to the settings for your chosen profile.
For example, to configure the default profile:
Verifying the installation
Referring to components table in configuration profiles2, verify that the Kubernetes services corresponding to your selected profile have been deployed.
Ensure the corresponding Kubernetes pods are deployed and have a
STATUSofRunning:
Uninstall
- If you installed Istio using the
helm templatecommand, uninstall with these commands:
If you installed Istio using Helm and Tiller, uninstall with these commands:
Deleting CRDs and Istio Configuration
Istio, by design, expects Istio’s Custom Resources contained within CRDs to leak into the Kubernetes environment. CRDs contain the runtime configuration set by the operator. Because of this, we consider it better for operators to explicitly delete the runtime configuration data rather than unexpectedly lose it.
The istio-init chart contains all raw CRDs in the istio-init/files directory.
You can simply delete the CRDs using kubectl.
To permanently delete Istio’s CRDs and the entire Istio configuration, run: