From 71b7e1ac642e593ebbf22a4029d363bf263d41f2 Mon Sep 17 00:00:00 2001 From: Catherine Luse Date: Wed, 16 Dec 2020 00:00:38 -0700 Subject: [PATCH] Document installing Istio on an RKE2 cluster #2877 https://github.com/rancher/docs/issues/2877#issuecomment-739077980 --- content/rancher/v2.x/en/istio/v2.5/_index.md | 36 ++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/content/rancher/v2.x/en/istio/v2.5/_index.md b/content/rancher/v2.x/en/istio/v2.5/_index.md index 8c3777276c3..a3151365d15 100644 --- a/content/rancher/v2.x/en/istio/v2.5/_index.md +++ b/content/rancher/v2.x/en/istio/v2.5/_index.md @@ -28,6 +28,7 @@ Istio needs to be set up by a `cluster-admin` before it can be used in a project - [Migrate from Previous Istio Version](#migrate-from-previous-istio-version) - [Accessing Visualizations](#accessing-visualizations) - [Architecture](#architecture) +- [Additional steps for installing Istio on an RKE2 cluster](#additional-steps-for-installing-istio-on-an-rke2-cluster) # What's New in Rancher v2.5 @@ -65,6 +66,8 @@ Note that this is not a production-qualified deployment of Jaeger. This deployme Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/resources) to run all of the components of Istio. +If you are installing Istio on RKE2 cluster, some additional steps are required. For details, see [this section.](#additional-steps-for-installing-istio-on-an-rke2-cluster) + # Setup Guide Refer to the [setup guide]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/setup) for instructions on how to set up Istio and use it in a project. @@ -116,3 +119,36 @@ By default, each Rancher-provisioned cluster has one NGINX ingress controller al ### Egress Support By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file]({{}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#overlay-file). + +# Additional Steps for Installing Istio on an RKE2 Cluster + +Through the **Cluster Explorer,** when installing or upgrading Istio through **Apps & Marketplace,** + +1. Click **Components.** +1. Check the box next to **Enabled CNI.** +1. Add a custom overlay file specifying `cniBinDir` and `cniConfDir`. For more information on these options, refer to the [Istio documentation.](https://istio.io/latest/docs/setup/additional-setup/cni/#helm-chart-parameters) An example is below: + + ```yaml + apiVersion: install.istio.io/v1alpha1 + kind: IstioOperator + spec: + components: + cni: + enabled: true + values: + cni: + image: rancher/istio-install-cni:1.7.3 + excludeNamespaces: + - istio-system + - kube-system + logLevel: info + cniBinDir: /opt/cni/bin + cniConfDir: /etc/cni/net.d + ``` +1. After installing Istio, you'll notice the cni-node pods in the istio-system namespace in a CrashLoopBackoff error. Manually edit the `istio-cni-node` daemonset to include the following on the `install-cni` container: + ```yaml + securityContext: + privileged: true + ``` + +**Result:** Now you should be able to utilize Istio as desired, including sidecar injection and monitoring via Kiali.