Deploy Istio

This guide will walk you through deploying Istio and the Istio CRDs in your cluster. EFK uses Istio as its service mesh to control how workloads communicate with each other, apply authorization policies, encrypt traffic, and provide enhanced security.

Fast Forward

If you have already deployed Istio to your cluster, expand this box to fast-forward.

1. Proceed to the Verify section.

Choose one of the following options to deploy Istio:

• Option 1: Deploy Istio Automatically (preferred).
• Option 2: Deploy Istio Manually.

What You’ll Need

• A configured management environment.
• Your clone of the Arrikto GitOps repository.
• An existing Kubernetes cluster.

Option 1: Deploy Istio Automatically (preferred)

Choose one of the following options, based on your cloud provider.

AWS

Azure

Google Cloud

Deploy Istio by following the on-screen instructions on the rok-deploy user interface.

If rok-deploy is not already running, start it with:

root@rok-tools:~# rok-deploy --run-from istio

Proceed to the Summary section.

Currently, rok-deploy does not support automatic deployment of Istio on Azure Cloud. Please follow the instructions in the Option 2: Deploy Istio Manually section to deploy Istio manually.

Currently, rok-deploy does not support automatic deployment of Istio on Google Cloud. Please follow the instructions in the Option 2: Deploy Istio Manually section to deploy Istio manually.

Option 2: Deploy Istio Manually

If you want to deploy Istio manually, follow the instructions below.

Procedure

1. Go to your GitOps repository, inside your rok-tools management environment:

   

   root@rok-tools:~# cd ~/ops/deployments

2. Deploy Istio CRDs and resources in the istio-system namespace:

   

   root@rok-tools:~/ops/deployments# rok-deploy --apply install/istio

Verify

1. Verify that the Istio daemon Pod is up and running. Check the Pod status and verify field STATUS is Running and field READY is 1/1:

   

   root@rok-tools:~/ops/deployments# kubectl get pods -n istio-system -l app=istiod NAME READY STATUS RESTARTS AGE istiod-55cdc9bb69-892zk 1/1 Running 0 9m42s

2. Verify that the Istio Ingress Gateway Pod is up and running. Check the Pod status and verify field STATUS is Running and field READY is 1/1:

   

   root@rok-tools:~/ops/deployments# kubectl get pods -n istio-system -l app=istio-ingressgateway NAME READY STATUS RESTARTS AGE istio-ingressgateway-5f67fb9d94-dl5np 1/1 Running 0 9m42s

Summary

You have successfully deployed Istio as the service mesh of your EKF cluster.

What’s Next

The next step is to create a Cloud Identity and provide it with permissions on your storage account so Rok can use it to store snapshots.

• Create Cloud Identity