Navigation :

Install Istio and Gloo Mesh

You have two options to set up Gloo Mesh Enterprise and Istio in ambient mode. You can either use an IstioLifecycleManager resource to manage the Istio installations across clusters more easily or manually install Istio and Gloo Mesh in ambient mode.

Ambient is an alpha feature and is currently supported in a single cluster setup only. Alpha features are likely to change, are not fully tested, and are not supported for production. For more information, see Gloo feature maturity.

Before you begin

  1. Create or use an existing Kubernetes cluster, and save the cluster name in an environment variable. Note: The cluster name must be alphanumeric with no special characters except a hyphen (-), lowercase, and begin with a letter (not a number).

    export CLUSTER_NAME=<cluster_name>

  2. Install meshctl, the Gloo command line tool for bootstrapping Gloo Platform, registering clusters, describing configured resources, and more. Be sure to download version 2.5.0-beta3, which uses the latest Gloo Mesh installation values.

    curl -sL https://run.solo.io/meshctl/install | GLOO_MESH_VERSION=v2.5.0-beta3 sh -
export PATH=$HOME/.gloo-mesh/bin:$PATH

  3. Set environment variables for the Istio repository and image version that you want to install. You can find both values in the Istio images built by Solo.io support article.

    export REPO=<repo-key>
export ISTIO_IMAGE=<image-tag>

Install Istio and Gloo Mesh in ambient mode

  1. Install Gloo Mesh Enterprise in ambient mode.

    meshctl install --profiles gloo-mesh-single \
  --set common.cluster=$CLUSTER_NAME \
  --set featureGates.AmbientMode=true \
  --set licensing.glooMeshLicenseKey=$GLOO_MESH_LICENSE_KEY \
  --set istioInstallations.enabled=false \
  --set glooMgmtServer.createGlobalWorkspace=true

  2. Verify that Gloo Mesh is correctly installed. This check might take a few seconds to verify that:

    • Your Gloo Mesh product license is valid and current.
    • The Gloo Mesh CRDs are installed at the correct version.
    • The Gloo Mesh pods are running and healthy.
    • The Gloo agent is running and connected to the management server.
    meshctl check

  3. Create an IstioLifecycleManager resource in your cluster to install Istio in ambient mode.

    kubectl apply -f- <<EOF
apiVersion: admin.gloo.solo.io/v2
kind: IstioLifecycleManager
metadata:
  name: istiod-control-plane
  namespace: gloo-mesh
spec:
  installations:
  - clusters:
    - name: $CLUSTER_NAME
      defaultRevision: false
    istioOperatorSpec:
      profile: ambient
      hub: $REPO
      tag: $ISTIO_IMAGE
      namespace: istio-system
      meshConfig:
        defaultConfig:
          holdApplicationUntilProxyStarts: true
          proxyMetadata:
            ISTIO_META_DNS_CAPTURE: "true"
            ISTIO_META_DNS_AUTO_ALLOCATE: "false"
            DNS_PROXY_ADDR: "0.0.0.0:15053"
        accessLogFile: /dev/stdout
        rootNamespace: istio-system
      components:
        cni:
          enabled: true
          namespace: kube-system
        pilot:
          k8s:
            env:
            - name: PILOT_ENABLE_K8S_SELECT_WORKLOAD_ENTRIES
              value: "false"
            - name: PILOT_SKIP_VALIDATE_TRUST_DOMAIN
              value: "true"
      values:
         ztunnel:
           meshConfig:
             defaultConfig:
               proxyMetadata:
                 ISTIO_META_DNS_CAPTURE: "true"
                 ISTIO_META_DNS_AUTO_ALLOCATE: "false"
                 DNS_PROXY_ADDR: "0.0.0.0:15053"
EOF

  4. Verify that the components of the Istio ambient mesh are successfully installed. Because the ztunnel is deployed as a daemon set, the number of ztunnel pods equals the number of nodes in your cluster. Note that it might take a few seconds for the pods to become available.

    kubectl get pods -n istio-system

    Example output:

    istiod-d765ff7cf-46dbm                  1/1     Running   0          2m4s
ztunnel-648wc                           1/1     Running   0          2m8s
ztunnel-6rhp5                           1/1     Running   0          2m8s
ztunnel-hllxg                           1/1     Running   0          2m8s
ztunnel-mg4w7                           1/1     Running   0          2m8s
ztunnel-s8j5t                           1/1     Running   0          2m8s
ztunnel-xgvnc                           1/1     Running   0          2m8s

  5. Verify that the Istio CNI pods are up and running. Because the Istio CNI is deployed as a daemon set, the number of Istio CNI pods equals the number of nodes in your cluster.

    kubectl get pods -n kube-system | grep istio-cni

    Example output:

    istio-cni-node-6q26l                                             1/1     Running   0          38m
istio-cni-node-7gg8k                                             1/1     Running   0          38m
istio-cni-node-lcrcd                                             1/1     Running   0          38m
istio-cni-node-lws52                                             1/1     Running   0          38m
istio-cni-node-v4fjf                                             1/1     Running   0          38m
istio-cni-node-v7bdc                                             1/1     Running   0          38m

  1. Install the Solo Istio CLI. You can find the CLI version and the repository from which to download that version in the Istio images built by Solo.io support article.

  2. Install the Istio operator.

    istioctl operator init \
  --hub $REPO \
  --tag $ISTIO_IMAGE

  3. Create the istio-system namespace.

    kubectl create ns istio-system

  4. Create an Istio operator CRD to set up Istio with the ambient profile.

    kubectl apply -f- <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: example-istiocontrolplane
spec:
  hub: $REPO
  tag: $ISTIO_IMAGE
  components:
    cni:
      enabled: true
      namespace: kube-system
  profile: ambient
  values:
    ztunnel:
      meshConfig:
        defaultConfig:
          proxyMetadata:
            ISTIO_META_DNS_CAPTURE: "true"
            ISTIO_META_DNS_AUTO_ALLOCATE: "false"
            DNS_PROXY_ADDR: "0.0.0.0:15053"
    meshConfig:
      defaultConfig:
        proxyMetadata:
          ISTIO_META_DNS_CAPTURE: "true"
          ISTIO_META_DNS_AUTO_ALLOCATE: "false"
          DNS_PROXY_ADDR: "0.0.0.0:15053"
      accessLogFile: /dev/stdout
EOF

  5. Verify that the components of the Istio ambient mesh are successfully installed. Because the ztunnel is deployed as a daemon set, the number of ztunnel pods equals the number of nodes in your cluster. Note that it might take a few seconds for the pods to become available.

    kubectl get pods -n istio-system

    Example output:

    istiod-d765ff7cf-46dbm                  1/1     Running   0          2m4s
ztunnel-648wc                           1/1     Running   0          2m8s
ztunnel-6rhp5                           1/1     Running   0          2m8s
ztunnel-hllxg                           1/1     Running   0          2m8s
ztunnel-mg4w7                           1/1     Running   0          2m8s
ztunnel-s8j5t                           1/1     Running   0          2m8s
ztunnel-xgvnc                           1/1     Running   0          2m8s

  6. Verify that the Istio CNI pods are up and running. Because the Istio CNI is deployed as a daemon set, the number of Istio CNI pods equals the number of nodes in your cluster.

    kubectl get pods -n kube-system | grep istio-cni

    Example output:

    istio-cni-node-55kj6                                             2/2     Running   0          62s
istio-cni-node-5cz2q                                             2/2     Running   0          62s
istio-cni-node-cp469                                             2/2     Running   0          62s
istio-cni-node-h2ckw                                             2/2     Running   0          62s
istio-cni-node-mdsnt                                             2/2     Running   0          62s
istio-cni-node-s7wb2                                             2/2     Running   0          62s

  7. Install Gloo Mesh Enterprise in ambient mode.

    meshctl install --profiles gloo-mesh-single \
  --set common.cluster=$CLUSTER_NAME \
  --set featureGates.AmbientMode=true \
  --set licensing.glooMeshLicenseKey=$GLOO_MESH_LICENSE_KEY \
  --set istioInstallations.enabled=false \
  --set glooMgmtServer.createGlobalWorkspace=true

  8. Verify that Gloo Mesh is correctly installed. This check might take a few seconds to verify that:

    • Your Gloo Mesh product license is valid and current.
    • The Gloo Mesh CRDs are installed at the correct version.
    • The Gloo Mesh pods are running and healthy.
    • The Gloo agent is running and connected to the management server.
    meshctl check

Next

Deploy sample apps