Contact UsGet started

Installing Istio

Written by
Improved by
Updated at October 9, 2024

Istio implements a service mesh, a low-latency infrastructure layer used to process a massive volume of network communications between services in a Managed Service for Kubernetes cluster.

Istio provides:

  • Encrypted service-to-service communication in a cluster.
  • Authentication across services.
  • Load balancing for HTTP, TCP, RPC, and WebSocket traffic.
  • Detailed traffic monitoring based on extensive routing rules.

The application contains Istio Ingress Gateway, a component for setting up an entry point for external traffic.

Note

To use Istio, you need a node group with at least 6 GB of RAM.

Getting started

  1. If you do not have the Yandex Cloud command line interface yet, install and initialize it.

    The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  2. Make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.

    Warning

    The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.

  3. Install kubectl and configure it to work with the created cluster.

Installation using Yandex Cloud Marketplace

  1. Go to the folder page and select Managed Service for Kubernetes.
  2. Click the name of the cluster you need and select the Marketplace tab.
  3. Under Application available for installation, select Istio and click Go to install.
  4. Configure the application:
    • Namespace: Select or create a namespace for Istio. We do not recommend installing the application in the default namespace.
    • Application name: Specify the app name.
    • Install add-ons: Select this option to automatically install add-ons: the Kiali management console, and such components as Grafana, Prometheus, Jaeger, and Loki.
  5. Click Install.
  6. Wait for the application to change its status to Deployed.

Installation using a Helm chart

  1. Install Helm v3.8.0 or higher.

  2. Install kubectl and configure it to work with the created cluster.

  3. To install a Helm chart with Istio, run this command:

    helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/istio/istio \
  --version 1.21.2-1 \
  --untar && \
helm install \
  --namespace <namespace> \
  --create-namespace \
istio ./istio/

    Note

    If you are using a Helm version below 3.8.0, append the export HELM_EXPERIMENTAL_OCI=1 && \ string to the command to enable Open Container Initiative (OCI) support in the Helm client.

See also

Previous
Upgrading the Application Load Balancer Ingress controller
Next
Installing Jaeger