This guide will walk you through deploying Istio and the Istio CRDs in your cluster. EFK uses Istio as its service mesh to control how workloads communicate with each other, apply authorization policies, encrypt traffic, and provide enhanced security.
If you have already deployed Istio to your cluster, expand this box to fast-forward.
- Proceed to the Verify section.
Choose one of the following options to deploy Istio:
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing Kubernetes cluster.
Option 1: Deploy Istio Automatically (preferred)¶
Choose one of the following options, based on your cloud provider.
Deploy Istio by following the on-screen instructions on the
rok-deploy user interface.
rok-deploy is not already running, start it with:
Proceed to the Summary section.
rok-deploydoes not support automatic deployment of Istio on Azure Cloud. Please follow the instructions in the Option 2: Deploy Istio Manually section to deploy Istio manually.
rok-deploydoes not support automatic deployment of Istio on Google Cloud. Please follow the instructions in the Option 2: Deploy Istio Manually section to deploy Istio manually.
Option 2: Deploy Istio Manually¶
If you want to deploy Istio manually, follow the instructions below.
Go to your GitOps repository, inside your
rok-toolsmanagement environment:root@rok-tools:~# cd ~/ops/deployments
Deploy Istio CRDs and resources in the
istio-systemnamespace:root@rok-tools:~/ops/deployments# rok-deploy --apply install/istio
Verify that the Istio daemon Pod is up and running. Check the Pod status and verify field STATUS is Running and field READY is 1/1:root@rok-tools:~/ops/deployments# kubectl get pods -n istio-system -l app=istiod NAME READY STATUS RESTARTS AGE istiod-55cdc9bb69-892zk 1/1 Running 0 9m42s
Verify that the Istio Ingress Gateway Pod is up and running. Check the Pod status and verify field STATUS is Running and field READY is 1/1:root@rok-tools:~/ops/deployments# kubectl get pods -n istio-system -l app=istio-ingressgateway NAME READY STATUS RESTARTS AGE istio-ingressgateway-5f67fb9d94-dl5np 1/1 Running 0 9m42s
You have successfully deployed Istio as the service mesh of your EKF cluster.
The next step is to create a Cloud Identity and provide it with permissions on your storage account so Rok can use it to store snapshots.