Installation on K8S cluster.


#install with helm


Prerequisites: 


1. Install the Helm client, version 3.6 or above. 

2. Configure the Helm repository: 

        helm repo add istio https://istio-release.storage.googleapis.com/charts 

        helm repo update 

3. Download the latest version of Istio to a local directory. 

        curl -L https://istio.io/downloadIstio | sh -     

        or

        Download specific version   

        curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.17.2 TARGET_ARCH=x86_64 sh –   

4. Set path variable for istioctl   

        cd istio-1.17.2; export PATH=$PWD/bin:$PATH 



Installation steps 

1. Create the namespace istio-system for the Istio components: 

        kubectl create namespace istio-system 

2. Install the Istio base chart which contains cluster-wide Custom Resource Definitions (CRDs) which must be installed prior to the deployment of the Istio control plane 

        helm install istio-base istio/base -n istio-system 

3. Install the Istio discovery chart which deploys the istiod service: 

        helm install istiod istio/istiod -n istio-system --wait 

4. Verify the Istio discovery chart installation: 

        helm ls -n istio-system 

5. Get the status of the installed helm chart to ensure it is deployed: 

        helm status istiod -n istio-system 



Deploy a sample application: 

1. Refer example –  bookinfo from istio documentation  

       kubectl create ns pk 

        kubectl label namespace pk istio-injection=enabled

        cd istio-1.17.2; export PATH=$PWD/bin:$PATH 

        kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -n pk

        kubectl get pods –n pk





2. Enable gateways : 

        helm install istio-ingressgateway istio/gateway -n istio-system 

3. Configure and test an ingress gateway :   

    -Confirm that the Istio ingress gateway is running: 

        kubectl get pod -l app=istio-ingressgateway -n istio-system   



4. .Expose the bookinfo application on an ingress gateway:

        kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml -n pk


5.Set the GATEWAY_URL environment variable (see determining the ingress IP and ports for details):  

        export INGRESS_HOST=$(kubectl -n istio-system  get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 2 export INGRESS_PORT=$(kubectl -n istio-system  get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}') 


    export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT 


6. In order to access the application, you need to discover the IP address and port of the cluster to define the external URL. 


        echo http://${GATEWAY_URL}/productpage 








Monitoring  :


Under istio folder apply the monitoring tool deployments:


Go to the below path, you will get the all YAML's files.




cd /root/istio-1.24.1/samples/addons/

then hit this commands-->  kubectl apply -f samples/addon  






Configure Istio to expose and access the deployed addons outside of a cluster. Remote access to the telemetry addons can be configured in several diverse ways: 


1. Setup the local proxy and access the deployed addons service via localhost: 

        kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=kiali -o jsonpath='{.items[0].metadata.name}') 20001:20001 & 


http://localhost:20001 


2. .Remote access of telemetry addons service via secure (via https) (tried this) 

        Refer remotely accessing telemetry addons from Istio documentation.

3. Create Kiali secret token for secure access Kiali UI. 

        kubectl -n istio-system create token kiali-service-account 







ISTIO sync steps with SWIFT


1. Create Namespaces (istio-system for control plane components and istio-app for deployed application) and required prerequisites on source and target clusters

2. Discover source and target cluster with swift.



3. Sync istio controlplane (istio-system) namespace (use sync-webhooks flag to sync webhook like mutatingwebhookconfiguration and validatingwebhookconfiguration)


    We will see passthrough sync mode with SWIFT.


- For this we have to go 'Sync Administration' and click on 'All Replication'




- After click on 'New', we will have to click on 'Application Replication' and choose 'Passthrough Replication'





- Choose the source and target cluster along with your Istio namespace and it automatically will select 'Sync webhook'  as you can see in below snippet as we are migrating control plane.






- Once you click on Add button, it will start the istio replication.




- Control plane is completed.



- Now we can migrate the actual app.




- Now app also migrated successfully.



-  Pls check below checkpoints of the sync.



- Also, please validate whether the MutatingWebhookConfiguration and ValidatingWebhookConfiguration have migrated successfully. Below is a snippet from the target cluster. 




- Application has been replicated successfully at target side.