Instructions to deploy Istio and Kiali on a running Kubernetes cluster.
- A working Kubernetes cluster.
kubectlinstalled in thePATHwith a working configuration.- Admin role on the Kubernetes cluster.
helmclient installed in thePATH.
minikube works fine and is easy to deploy provided that you have at 4 CPUs and 8GB of RAM to dedicate.
It also supports services of type LoadBalancer with minikube tunnel.
curl -L https://git.io/getLatestIstio | ISTIO_VERSION=1.1.6 sh -
cd istio-1.1.6
export PATH=$PWD/bin:$PATHkubectl apply -f install/kubernetes/helm/istio/templates/crds.yamlThis uses the Helm client to render the Kubernetes manifest locally.
# LoadBalancer requires a Kubernetes cluster that supports this flavor. Set it to NodePort otherwise.
# The Grafana and Jaeger URLs will be accessed through port-forward (see below).
# This enables tracing with 25% of requests sampled.
helm template install/kubernetes/helm/istio --name istio \
--namespace istio-system \
--set gateways.enabled=true --set gateways.istio-ingressgateway.type=LoadBalancer \
--set kiali.enabled=false \
--set kiali.dashboard.grafanaURL=http://localhost:3000/ --set kiali.dashboard.jaegerURL=http://localhost:16686/ \
--set prometheus.tag=v2.9.2 \
--set grafana.enabled=true --set grafana.image.tag=6.1.6 \
--set tracing.enabled=true --set pilot.traceSampling=25.0 \
> /tmp/istio.yml
kubectl create namespace istio-system
kubectl apply -f /tmp/istio.yml
# Delete the default ingress gateway that we won't use anyway.
kubectl delete gateways/istio-autogenerated-k8s-ingressOpenShift variant:
...
--set global.proxy.privileged=true
...Kiali is deployed using an operator. There's a Bash script in the Kiali project that will setup everything.
bash <(curl -L https://git.io/getLatestKialiOperator)Note: if using Openshift, you will have the choice to leverage OpenShift OAuth for login.
kubectl config set-context --current --namespace=istio-system
kubectl get podsAll pods should be either Running or Completed.
NAME READY STATUS RESTARTS AGE
grafana-65bfcb7f7b-bmrx7 1/1 Running 0 153m
istio-citadel-856f994c58-l5z7j 1/1 Running 0 153m
istio-cleanup-secrets-4dhgt 0/1 Completed 0 153m
istio-egressgateway-5649fcf57-4rz6m 1/1 Running 0 153m
istio-galley-7665f65c9c-6596c 1/1 Running 0 153m
istio-grafana-post-install-h5k9s 0/1 Completed 0 153m
istio-ingressgateway-6755b9bbf6-rhcvl 1/1 Running 0 153m
istio-pilot-56855d999b-5wqcm 2/2 Running 0 153m
istio-policy-6fcb6d655f-txwl5 2/2 Running 0 153m
istio-security-post-install-fh8z4 0/1 Completed 0 153m
istio-sidecar-injector-768c79f7bf-hczjm 1/1 Running 0 153m
istio-telemetry-664d896cf5-rw8wg 2/2 Running 0 153m
istio-tracing-6b994895fd-f4j8j 1/1 Running 0 153m
kiali-67c69889b5-ljsmm 1/1 Running 0 153m
prometheus-5b8d8fcbdc-xzjzx 1/1 Running 0 149m
In a separate Shell terminal, run:
kubectl port-forward svc/kiali 20001Then go to http://localhost:20001/ to access the Kiali dashboard.
For OpenShift, you can just create a route.
oc expose service kiali -n istio-systemIn separate terminals, run:
kubectl port-forward -n istio-system svc/prometheus 9090
kubectl port-forward -n istio-system svc/grafana 3000
kubectl port-forward -n istio-system svc/tracing 16686:80For OpenShift, you can just create routes.
oc expose service prometheus -n istio-system
oc expose service grafana -n istio-system
oc expose service tracing -n istio-systemSee the httpbin scenario.
See the bookinfo scenario.
Apache License 2.0, see LICENSE.