Installing and configuring Istio components on K8s

Here's a step-by-step guide to installing and configuring Istio components, setting up basic routing, and implementing server-side authentication on Kubernetes:

  1. Install Istio:

  2. Download the latest release of Istio from the official Istio website.

  3. Extract the files from the downloaded package.

  4. Assuming you have a Kubernetes cluster, install Istio by running the following command:

    $ istioctl install --set profile=default

  5. Verify Istio installation:

  6. Run the following command to ensure all necessary Istio components are running:

    $ kubectl get pods -n istio-system

  • All the Istio pods should be in a "Running" state.

  • Enable automatic sidecar injection:

  • Label your Kubernetes namespace to enable automatic sidecar injection by running:

    $ kubectl label namespace istio-injection=enabled

  • This label allows Istio to automatically inject sidecar proxies into each pod in the specified namespace.

  • Set up basic routing:

  • Create a Kubernetes deployment, service, and virtual service for your application.

  • Create a deployment.yaml file with the necessary configuration for your application deployment.

  • Run the following command to create the deployment:

    $ kubectl apply -f deployment.yaml

  • Create a service.yaml file with the necessary configuration for your application service.

  • Run the following command to create the service:

    $ kubectl apply -f service.yaml

  • Create a virtualservice.yaml file with the necessary configuration for your virtual service, including the destination rules.

  • Run the following command to create the virtual service:

    $ kubectl apply -f virtualservice.yaml

  • This sets up the routing for your application.

  • Implement server-side authentication:

  • Generate a server certificate and a private key for your application.

  • Create a Kubernetes secret to store the server certificate and private key:

    $ kubectl create secret tls --cert=path/to/certificate.crt --key=path/to/private/key.key

  • Update your virtual service configuration to enable server-side authentication and specify the secret:

    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
    name:
    spec:
    hosts:
    -
    gateways:
    -
    http:
    - match:
    - uri:
    prefix: /
    route:
    - destination:
    host:
    port:
    number:
    weight: 100
    tls:
    credentialName:
    mode: SIMPLE

  • Apply the updated virtual service configuration:

    $ kubectl apply -f updated-virtualservice.yaml

  • This enables server-side authentication for your application.

That's it! You have now installed and configured Istio, set up basic routing, and implemented server-side authentication on Kubernetes. You can now further explore advanced Istio features based on your application requirements.

相关推荐
阿里云云原生1 天前
研发视角的新突破:当 AI Coding 工具集成全域运维诊断,排查线上故障只需 3 分钟
云原生
小猿姐2 天前
唯品会大规模数据库云原生实践:基于 KubeBlocks 管理数千实例的统一运维之路
运维·elasticsearch·云原生
阿里云云原生2 天前
AgentTeams 和 Claude Tag 都进入群聊模式,是新范式还是新叙事?
云原生·agent
阿里云云原生3 天前
Higress v2.2.3 发布:正式入驻 CNCF Sandbox,AI Gateway 与 Ingress 迁移能力双向加固
云原生
阿里云云原生4 天前
香港站【企业 AI Agent 工程化实战专场】来啦,邀您7月9日见!
云原生·agent
阿里云云原生4 天前
研发域与运维域的“数字握手”:通过 Agentic Skills 实现 DevOps 全链路自动化
云原生
阿里云云原生8 天前
AI 开发新常态:当 Cursor、Claude、Codex 并行,如何统一管理散落的 Skill 资产?
云原生·ai编程
探索云原生8 天前
K8s 1.36 这个 GA 特性,把 initContainer 拉模型的 hack 干掉了
ai·云原生·kubernetes
Java之美8 天前
从edge-trigger到level-trigger,谈谈 Kubernetes controller 的开发范式
云原生
阿里云云原生9 天前
深度解构:当 Append-only 的 SLS 遇上 Update/Delete,是如何实现设计权衡的?
云原生