I am trying to install multicluster istio mesh using manifests from istio repo. I changed default.yaml file from istio release.
I create the manifests using:
istioctl manifest generate --manifests ./manifests
The istioOperator:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
spec:
hub: gcr.io/istio-testing
tag: latest
# You may override parts of meshconfig by uncommenting the following lines.
meshConfig:
defaultConfig:
proxyMetadata: {}
enablePrometheusMerge: true
# Opt-out of global http2 upgrades.
# Destination rule is used to opt-in.
# h2_upgrade_policy: DO_NOT_UPGRADE
# Traffic management feature
components:
base:
enabled: true
pilot:
enabled: true
# Istio Gateway feature
ingressGateways:
- name: istio-ingressgateway
enabled: true
egressGateways:
- name: istio-egressgateway
enabled: false
# Istio CNI feature
cni:
enabled: false
# istiod remote configuration wwhen istiod isn't installed on the cluster
istiodRemote:
enabled: false
# Global values passed through to helm global.yaml.
# Please keep this in sync with manifests/charts/global.yaml
values:
global:
meshID: mesh1
multiCluster:
clusterName: cluster1
network: network1
istioNamespace: istio-system
istiod:
enableAnalysis: false
logging:
level: "default:info"
logAsJson: false
pilotCertProvider: istiod
jwtPolicy: third-party-jwt
proxy:
image: proxyv2
clusterDomain: "cluster.local"
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 2000m
memory: 1024Mi
logLevel: warning
componentLogLevel: "misc:error"
privileged: false
enableCoreDump: false
statusPort: 15020
readinessInitialDelaySeconds: 1
readinessPeriodSeconds: 2
readinessFailureThreshold: 30
includeIPRanges: "*"
excludeIPRanges: ""
excludeOutboundPorts: ""
excludeInboundPorts: ""
autoInject: enabled
tracer: "zipkin"
proxy_init:
image: proxyv2
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 10m
memory: 10Mi
# Specify image pull policy if default behavior isn't desired.
# Default behavior: latest images will be Always else IfNotPresent.
imagePullPolicy: ""
operatorManageWebhooks: false
tracer:
lightstep: {}
zipkin: {}
datadog: {}
stackdriver: {}
imagePullSecrets: []
arch:
amd64: 2
s390x: 2
ppc64le: 2
oneNamespace: false
defaultNodeSelector: {}
configValidation: true
meshExpansion:
enabled: false
useILB: false
omitSidecarInjectorConfigMap: false
defaultResources:
requests:
cpu: 10m
defaultPodDisruptionBudget:
enabled: true
priorityClassName: ""
useMCP: false
sds:
token:
aud: istio-ca
sts:
servicePort: 0
meshNetworks: {}
mountMtlsCerts: false
base:
enableCRDTemplates: false
validationURL: ""
pilot:
autoscaleEnabled: true
autoscaleMin: 1
autoscaleMax: 5
replicaCount: 1
image: pilot
traceSampling: 1.0
env: {}
cpu:
targetAverageUtilization: 80
nodeSelector: {}
keepaliveMaxServerConnectionAge: 30m
enableProtocolSniffingForOutbound: true
enableProtocolSniffingForInbound: true
deploymentLabels:
configMap: true
telemetry:
enabled: true
v2:
enabled: true
metadataExchange:
wasmEnabled: false
prometheus:
wasmEnabled: false
enabled: true
stackdriver:
enabled: false
logging: false
monitoring: false
topology: false
configOverride: {}
istiodRemote:
injectionURL: ""
gateways:
istio-egressgateway:
zvpn: {}
env: {}
autoscaleEnabled: true
type: ClusterIP
name: istio-egressgateway
secretVolumes:
- name: egressgateway-certs
secretName: istio-egressgateway-certs
mountPath: /etc/istio/egressgateway-certs
- name: egressgateway-ca-certs
secretName: istio-egressgateway-ca-certs
mountPath: /etc/istio/egressgateway-ca-certs
istio-ingressgateway:
autoscaleEnabled: true
type: LoadBalancer
name: istio-ingressgateway
zvpn: {}
env: {}
secretVolumes:
- name: ingressgateway-certs
secretName: istio-ingressgateway-certs
mountPath: /etc/istio/ingressgateway-certs
- name: ingressgateway-ca-certs
secretName: istio-ingressgateway-ca-certs
mountPath: /etc/istio/ingressgateway-ca-certs
kubectl apply -f {generated manifest}
kubectl label ns sample istio-injection=enabled
kubectl apply -f samples/sleep/sleep.yaml
No sidecar is created and the istiod pod has following log:
2021-01-11T16:06:33.983044Z info Sidecar injection request for sample/httpbin-66cdbdb6c5-***** (actual name not yet known)
2021-01-11T16:06:34.015160Z info Sidecar injection request for sample/httpbin-66cdbdb6c5-***** (actual name not yet known)
2021-01-11T16:06:34.778156Z info ads Push debounce stable[30] 1: 100.160784ms since last change, 100.16061ms since last push, full=false
2021-01-11T16:06:34.778226Z info ads XDS: Incremental Pushing:2021-01-11T16:06:33Z/20 ConnectedEndpoints:2
2021-01-11T16:06:34.977133Z info ads Incremental push, service sleep.sample.svc.cluster.local has no endpoints
2021-01-11T16:06:35.077306Z info ads Push debounce stable[31] 2: 100.114592ms since last change, 110.809711ms since last push, full=true
2021-01-11T16:06:35.078442Z info ads XDS: Pushing:2021-01-11T16:06:35Z/21 Services:18 ConnectedEndpoints:2
2021-01-11T16:06:35.078676Z info ads CDS: PUSH for node:istio-ingressgateway-7665678695-2x54p.istio-system resources:1
2021-01-11T16:06:35.078688Z info ads CDS: PUSH for node:istio-ingressgateway-7665678695-dwnzq.istio-system resources:1
2021-01-11T16:06:35.078721Z info ads LDS: PUSH for node:istio-ingressgateway-7665678695-2x54p.istio-system resources:0
2021-01-11T16:06:35.078728Z info ads LDS: PUSH for node:istio-ingressgateway-7665678695-dwnzq.istio-system resources:0
2021-01-11T16:06:35.771862Z info Sidecar injection request for sample/sleep-8f795f47d-***** (actual name not yet known)
$ kubectl version --short
Client Version: v1.20.0
$ istioctl version --remote
client version: 1.8.0
control plane version: 1.8.0
data plane version: 1.8.0 (2 proxies)
I am using EKS cluster.
kubectl get po -n sample
NAME READY STATUS RESTARTS AGE
httpbin-66cdbdb6c5-94dpr 1/1 Running 0 7m24s
httpbin-66cdbdb6c5-p8f6q 1/1 Running 0 11s
sleep-8f795f47d-526hb 1/1 Running 0 26m