Install Istio and Gloo Mesh
Ambient is an alpha feature and is currently supported in a single cluster setup only. Alpha features are likely to change, are not fully tested, and are not supported for production. For more information, see Gloo feature maturity.
Before you begin
-
Create or use an existing Kubernetes cluster, and save the cluster name in an environment variable. Note: The cluster name must be alphanumeric with no special characters except a hyphen (-), lowercase, and begin with a letter (not a number).
export CLUSTER_NAME=<cluster_name> -
Install
meshctl, the Gloo command line tool for bootstrapping Gloo Platform, registering clusters, describing configured resources, and more. Be sure to download version2.4.1, which uses the latest Gloo Mesh installation values.curl -sL https://run.solo.io/meshctl/install | GLOO_MESH_VERSION=v2.4.1 sh - export PATH=$HOME/.gloo-mesh/bin:$PATH -
Set environment variables for the Istio repository and image version that you want to install. You can find both values in the Istio images built by Solo.io support article.
export REPO=<repo-key> export ISTIO_IMAGE=<image-tag>
Install Istio and Gloo Mesh in ambient mode
-
Install the Solo Istio CLI. You can find the CLI version and the repository from which to download that version in the Istio images built by Solo.io support article.
-
Install the Istio operator.
istioctl operator init \ --hub $REPO \ --tag $ISTIO_IMAGE -
Create an Istio operator CRD to set up Istio with the ambient profile.
kubectl apply -f- <<EOF apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: namespace: istio-system name: example-istiocontrolplane spec: hub: $REPO tag: $ISTIO_IMAGE components: cni: enabled: true namespace: kube-system profile: ambient values: ztunnel: meshConfig: defaultConfig: proxyMetadata: ISTIO_META_DNS_CAPTURE: "true" ISTIO_META_DNS_AUTO_ALLOCATE: "false" DNS_PROXY_ADDR: "0.0.0.0:15053" meshConfig: defaultConfig: proxyMetadata: ISTIO_META_DNS_CAPTURE: "true" ISTIO_META_DNS_AUTO_ALLOCATE: "false" DNS_PROXY_ADDR: "0.0.0.0:15053" accessLogFile: /dev/stdout EOF -
Verify that the components of the Istio ambient mesh are successfully installed. Because the ztunnel is deployed as a daemon set, the number of ztunnel pods equals the number of nodes in your cluster. Note that it might take a few seconds for the pods to become available.
kubectl get pods -n istio-systemExample output:
istiod-d765ff7cf-46dbm 1/1 Running 0 2m4s ztunnel-648wc 1/1 Running 0 2m8s ztunnel-6rhp5 1/1 Running 0 2m8s ztunnel-hllxg 1/1 Running 0 2m8s ztunnel-mg4w7 1/1 Running 0 2m8s ztunnel-s8j5t 1/1 Running 0 2m8s ztunnel-xgvnc 1/1 Running 0 2m8s -
Verify that the Istio CNI pods are up and running. Because the Istio CNI is deployed as a daemon set, the number of Istio CNI pods equals the number of nodes in your cluster.
kubectl get pods -n kube-system | grep istio-cniExample output:
istio-cni-node-55kj6 2/2 Running 0 62s istio-cni-node-5cz2q 2/2 Running 0 62s istio-cni-node-cp469 2/2 Running 0 62s istio-cni-node-h2ckw 2/2 Running 0 62s istio-cni-node-mdsnt 2/2 Running 0 62s istio-cni-node-s7wb2 2/2 Running 0 62s -
Install Gloo Mesh Enterprise in ambient mode.
meshctl install --profiles gloo-mesh-single \ --set common.cluster=$CLUSTER_NAME \ --set alpha.ambientEnabled=true \ --set licensing.glooMeshLicenseKey=$GLOO_MESH_LICENSE_KEY \ --set istioInstallations.enabled=false \ --set glooMgmtServer.createGlobalWorkspace=true -
Verify that Gloo Mesh is correctly installed. This check might take a few seconds to verify that:
- Your Gloo Mesh product license is valid and current.
- The Gloo Mesh CRDs are installed at the correct version.
- The Gloo Mesh pods are running and healthy.
- The Gloo agent is running and connected to the management server.
meshctl check