-
Create
istio-systemandbookinfonamespace -
Create istio app in ArgoCD e.g.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: istio
spec:
destination:
name: ''
namespace: istio-system
server: 'https://kubernetes.default.svc'
source:
path: istio-manifests
repoURL: '$REPO_URL_HERE'
targetRevision: HEAD
project: default
Note that the manifests folder contains the Istio manifests along with OpenShift specific resources:
- SCC to grant
anyuidpermissions to istio pods and injected workloads - A
NetworkAttachmentDefinitionresource which supports theistio-cniplugin - An OpenShift
Routeresource exposing theistio-ingressgatewayfor ingress traffic to the mesh
See the official docs for more info.
- Label
bookinfonamespace with the injection and discovery label and labelistio-systemwith the discovery label.
The discovery label is used to limit the namespaces that will participate in the mesh since by default the full cluster is available. See this blog post for more info. (Note: this feature was contributed to Istio by solo.io)
oc label namespace bookinfo istio-injection=enabled
oc label namespace bookinfo istio-discovery=enabled
oc label namespace istio-system istio-discovery=enabled
- Create bookinfo app in ArgoCD e.g.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: bookinfo
spec:
destination:
name: ''
namespace: bookinfo
server: 'https://kubernetes.default.svc'
source:
path: bookinfo
repoURL: '$REPO_URL_HERE'
targetRevision: HEAD
project: default
- Access bookinfo Product Page via correct route, e.g. http://istio-ingressgateway-istio-system.$ROUTER-DOMAIN/productpage
-
Download
istioctlfrom istio.io -
Generate istio manifests via
istioctland append
istioctl manifest generate --set profile=openshift > manifests.yaml
Using discovery selectors:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
profile: openshift
tag: 1.10.3
meshConfig:
discoverySelectors:
- matchLabels:
istio-discovery: enabled