Experimental: Install Istio by using Gloo Mesh

Streamline the Istio installation process by using Gloo Mesh to install Istio in your remote clusters.

With a Gloo Mesh-managed installation, you no longer need to use istioctl to individually install Istio in each remote cluster. Instead, Gloo Mesh translates your IstioOperator configuration into Istio control planes and resources in your remote clusters for you. Gloo Mesh can currently manage the Istio installation for Istio version 1.8 or greater.

This feature does not currently support upgrading Istio installations or managing existing Istio installations. Until management of the full lifecycle of Istio is supported, do not use this feature in production.

Before you begin

  1. Install Gloo Mesh Enterprise into a management cluster.
  2. Register each remote cluster with Gloo Mesh.

Step 1: Prepare the Istio operator

Prepare the IstioOperator resource that you want to use to configure your Istio installations. For example Istio install profiles, see Installing Istio.

Keep in mind the following changes that Gloo Mesh applies to the Istio operator configuration when it is used:

Step 2: Install the Istio operator with Gloo Mesh

  1. Get the names of the remote clusters that are registered with Gloo Mesh.

    kubectl get kubernetescluster -n gloo-mesh --context $MGMT_CONTEXT
    

    Example output:

    NAME           AGE
    cluster-1      27s
    cluster-2      23s
    
  2. Create the Gloo Mesh-managed installation resource in your management cluster by using the meshctl command or by creating and applying the IstioInstallation resource.

meshctl installation

Specify the comma-separated list of registered cluster names and your Istio operator configuration in the following command. For more information, see the meshctl istio install reference documentation.

meshctl istio install --kubecontext $MGMT_CONTEXT --clusters <cluster_list> --file <istio_operator_spec> --name <installation_name>

Example command:

meshctl istio install --kubecontext $MGMT_CONTEXT --clusters cluster-1,cluster-2 --file operator-1-11-4.yaml --name managed-installation

kubectl installation

  1. Create an IstioInstallation resource and save the file as managed-installation.yaml. Specify the registered cluster names in the spec.clusters section and your Istio operator configuration in the spec.istioOperatorSpec section.
    apiVersion: admin.enterprise.mesh.gloo.solo.io/v1alpha1
    kind: IstioInstallation
    metadata:
      name: managed-installation
      namespace: gloo-mesh
    spec:
      clusters:
        - name: cluster-1
        - name: cluster-2
      istioOperatorSpec:
        profile: minimal
        hub: gcr.io/istio-enterprise
        tag: 1.11.4-solo
        namespace: istio-system
        [...]
    
  2. Apply the IstioInstallation resource to your management cluster.
    kubectl apply -f managed-installation.yaml --context $MGMT_CONTEXT
    

Step 3: Verify the Istio installation

  1. In each remote cluster, check the status of the IstioInstallationInstance, which is created with the same name and in the same namespace as the IstioInstallation resource. The Istio installation instance contains the Istio operator configuration and information on the status of the installation.

    kubectl get IstioInstallationInstance -n gloo-mesh --context $REMOTE_CONTEXT1
    

    In this example output, the state of the installation is HEALTHY. If there are issues with your installation, the status includes additional details in the message. You can also inspect the logs of the controller and the operator that are listed in the status section.

    apiVersion: admin.agent.enterprise.mesh.gloo.solo.io/v1alpha1
    kind: IstioInstallationInstance
    metadata:
      name: managed-installation
      namespace: gloo-mesh
    spec:
      istioOperatorSpec:
        [...]
    status:
      state: HEALTHY
      generatedRevision: 1-11
      istioOperator:
        name: gloo-mesh-istio-operator-1-11
        namespace: istio-system-1-11
      istioOperatorController:
        name: istio-operator-1-11
        namespace: gloo-mesh-iop-1-11
    
  2. In each remote cluster, verify that the Istio resources that you specified in your Istio operator configuration are successfully installing. For example, verify that the Istio control plane pods are running.

    kubectl get pods -n istio-system --context $REMOTE_CONTEXT1
    

    Example output:

    NAME                                    READY   STATUS    RESTARTS   AGE
    istiod-7795ccf9dc-vr4cq                 1/1     Running   0          5d22h