Istio.io is an open platform that provides a uniform way to connect, manage, and secure microservices. This article describes installing and running on OpenShift (>=1.5 as of now) only. If you would like to know more theory I encourage you to read this post by @christianposta
Note that some of the permissions mentioned in this article may be more than what is needed. I plan to do further research and publish another article or comments on this post with accurate permissions in the future. For updates follow me on twitter @debianmaster
Run as Cluster Administrator on Master
oc login -u system:admin
Istio installation requires that you are the cluster-admin; you can use any cluster admin user for this purpose.
Choose a Namespace and Provide Permissions
oc project default
oc adm policy add-scc-to-user anyuid -z default
oc adm policy add-scc-to-user privileged -z default
oc patch scc/privileged --patch {\"allowedCapabilities\":[\"NET_ADMIN\"]}
NET_ADMIN privilege is needed for iptable NAT redirect chains updated by Istio.
Install Istio Service Mesh
git clone https://github.com/istio/istio
git checkout 0.1.5
Apply Necessary Permissions
oc adm policy add-cluster-role-to-user cluster-admin -z istio-manager-service-account
oc adm policy add-cluster-role-to-user cluster-admin -z istio-ingress-service-account
oc adm policy add-cluster-role-to-user cluster-admin -z default
oc adm policy add-scc-to-user anyuid -z istio-ingress-service-account
oc adm policy add-scc-to-user privileged -z istio-ingress-service-account
oc adm policy add-scc-to-user anyuid -z istio-manager-service-account
oc adm policy add-scc-to-user privileged -z istio-manager-service-account
Many permissions are needed currently, but this may change. Istio installation creates custom service accounts and they need privileges to be able to create ThirdPartyResources.
Deploying Istio
oc apply -f istio/install/kubernetes/istio.yaml
Install Addons
oc apply -f istio/install/kubernetes/addons/prometheus.yaml
oc apply -f istio/install/kubernetes/addons/grafana.yaml
oc apply -f istio/install/kubernetes/addons/servicegraph.yaml
Deploy Sample App
Install istioctl first
curl -L https://git.io/getIstio | sh -
export PATH="$PATH:/Users/YOUR_USERNAME/istio/istio-0.1.5/bin"
Note: Don't forget to replace with the appropriate value.
Deploy bookInfo App
oc apply -f <(istioctl kube-inject -f istio/samples/apps/bookinfo/bookinfo.yaml)
oc expose svc servicegrap
Test Service Mesh / Using Grafana Pod (or Another Pod)
$ export GRAFANA=$(oc get pods -l app=grafana -o jsonpath={.items[0].metadata.name})
$ oc exec $GRAFANA -- curl -o /dev/null -s -w "%{http_code}\n" http://istio-ingress/productpage
$ open http://$(oc get routes servicegraph -o jsonpath={.spec.host})/dotviz
Conclusion
You should see something like this at the end showing the service graph.
See it in action
About the author
Browse by channel
Automation
The latest on IT automation that spans tech, teams, and environments
Artificial intelligence
Explore the platforms and partners building a faster path for AI
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
Explore how we reduce risks across environments and technologies
Edge computing
Updates on the solutions that simplify infrastructure at the edge
Infrastructure
Stay up to date on the world’s leading enterprise Linux platform
Applications
The latest on our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Developer resources
- Customer support
- Red Hat value calculator
- Red Hat Ecosystem Catalog
- Find a partner
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit