Note: Be aware of the platform setup required for OpenShift when installing Istio.
To install with Helm, you must first create the namespace that you wish to install in if the namespace does not exist already. The default namespace used is dubbo-system and can be created as follows:
kubectl create namespace dubbo-system
The installation process using the Helm charts is as follows:
base chart creates cluster-wide CRDs, cluster bindings and cluster resources. It is possible to change the namespace from dubbo-system but it is not recommended.helm install istio-base -n dubbo-system manifests/charts/base
istio-cni chart installs the CNI plugin. This should be installed after the base chart and prior to istiod chart. Need to add --set istio_cni.enabled=true to the istiod install to enable its usage.helm install istio-cni -n kube-system manifests/charts/istio-cni --set cni.cniBinDir="/var/lib/cni/bin" --set cni.cniConfDir="/etc/cni/multus/net.d" --set cni.chained=false --set cni.cniConfFileName="istio-cni.conf" --set cni.excludeNamespaces[0]="dubbo-system" --set cni.excludeNamespaces[1]="kube-system" --set cni.repair.enabled=false --set cni.logLevel=info
istio-control/istio-discovery chart installs a revision of istiod.helm install -n dubbo-system istio-17 manifests/charts/istio-control/istio-discovery --set istio_cni.enabled=true --set global.jwtPolicy=first-party-jwt --set sidecarInjectorWebhook.injectedAnnotations."k8s\.v1\.cni\.cncf\.io/networks"="istio-cni"
gateways charts install a load balancer with ingress and egress.Ingress secrets and access should be separated from the control plane.
helm install -n dubbo-system istio-ingress manifests/charts/gateways/istio-ingress --set global.jwtPolicy=first-party-jwt
Egress secrets and access should be separated from the control plane.
helm install -n dubbo-system istio-egress manifests/charts/gateways/istio-egress --set global.jwtPolicy=first-party-jwt