BestHub
Sign in
Cloud Native 4 min read

Step-by-Step Guide to Installing Istio on a Kubernetes Cluster

This article provides a step-by-step guide to installing Istio on a Kubernetes cluster, including verifying node status, creating the istio-system namespace, copying the istioctl binary, selecting a profile, generating manifests, and checking deployed pods and services.

Practical DevOps Architecture
Practical DevOps Architecture
Practical DevOps Architecture
Step-by-Step Guide to Installing Istio on a Kubernetes Cluster

First, verify that the Kubernetes cluster is running correctly by listing nodes:

kubectl get nodes
NAME   STATUS   ROLES                AGE   VERSION
master Ready   control-plane,master 59d  v1.20.0
node1  Ready   <none>               59d  v1.20.0
node2  Ready   <none>               59d  v1.20.0

Next, create the istio-system namespace:

kubectl create namespace istio-system
namespace/istio-system created

Copy the istioctl binary to /usr/bin/ and run the installer:

cp -r istioctl /usr/bin/
istioctl install
This will install the Istio default profile with ["Istio core" "Istiod" "Ingress gateways"] components into the cluster. Proceed? (y/N)

List available Istio configuration profiles and dump the default profile:

istioctl profile list
default
demo
empty
minimal
openshift
preview
remote

istioctl profile dump default

Check the pods in the istio-system namespace to confirm successful deployment:

kubectl get pods -n istio-system
NAME                                 READY   STATUS    RESTARTS   AGE
istio-ingressgateway-866c58dfd7-pk9rg   1/1     Running   0          152m
istiod-68fb7dff99-8nfbv                1/1     Running   0          153m

Generate the full Istio manifest, which includes the Service definition for istiod and its ports:

istioctl manifest generate
---
apiVersion: v1
kind: Service
metadata:
  name: istiod
  namespace: istio-system
  labels:
    istio.io/rev: default
    install.operator.istio.io/owning-resource: unknown
    operator.istio.io/component: "Pilot"
    app: istiod
    istio: pilot
    release: istio
spec:
  ports:
  - port: 15010
    name: grpc-xds # plaintext
    protocol: TCP
  - port: 15012
    name: https-dns # mTLS with k8s-signed cert
    protocol: TCP
  - port: 443
    name: https-webhook # validation and injection
    targetPort: 15017
    protocol: TCP
  - port: 15014
    name: http-monitoring # prometheus stats
    protocol: TCP
  selector:
    app: istiod
    istio: pilot
---

Images in the original article illustrate the command outputs and the generated manifest.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

DevOpsService MeshInstallation
Practical DevOps Architecture
Written by

Practical DevOps Architecture

Hands‑on DevOps operations using Docker, K8s, Jenkins, and Ansible—empowering ops professionals to grow together through sharing, discussion, knowledge consolidation, and continuous improvement.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment