diff --git a/content/rancher/v2.x/en/istio/_index.md b/content/rancher/v2.x/en/istio/_index.md index d2f6c8db74a..891169a5498 100644 --- a/content/rancher/v2.x/en/istio/_index.md +++ b/content/rancher/v2.x/en/istio/_index.md @@ -3,10 +3,12 @@ title: Istio weight: 15 --- -_Available as of v2.5.0_ +_Available as of v2.4.0_ [Istio](https://istio.io/) is an open-source tool that makes it easier for DevOps teams to observe, control, troubleshoot, and secure the traffic within a complex network of microservices. +> Rancher's Istio integration changed significantly in v2.5. If you are using Rancher v2.4, refer to the [legacy documentation.](../legacy) + As a network of microservices changes and grows, the interactions between them can become more difficult to manage and understand. In such a situation, it is useful to have a service mesh as a separate infrastructure layer. Istio's service mesh lets you manipulate traffic between microservices without changing the microservices directly. Our integration of Istio is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. @@ -22,25 +24,23 @@ This service mesh provides features that include but are not limited to the foll After Istio is enabled in a cluster, you can leverage Istio's control plane functionality with `kubectl`. -Rancher's Istio integration comes with support for the following addon(s): +Rancher's Istio integration comes with support for [Kiali.](https://www.kiali.io/) Kiali provides a diagram that shows the services within a service mesh and how they are connected, including the traffic rates and latencies between them. You can check the health of the service mesh, or drill down to see the incoming and outgoing requests to a single component. -- **Get the full picture of your microservice architecture with Kiali.** [Kiali](https://www.kiali.io/) provides a diagram that shows the services within a service mesh and how they are connected, including the traffic rates and latencies between them. You can check the health of the service mesh, or drill down to see the incoming and outgoing requests to a single component. - -# What's New +# What's New in Rancher v2.5 The overall architecture of Istio has been simplified. A single component, Istiod, has been created by combining Pilot, Citadel, Galley and the sidecar injector. Node Agent functionality has also been merged into istio-agent. -Addons that were previously installed by Istio (cert-manager, Grafana, Jaeger, Kiali, Prometheus, Zipkin ) will now need to be installed separately. Istio will support installation of integrations that are from the Istio Project and will maintain compatibility with those that are not. +Addons that were previously installed by Istio (cert-manager, Grafana, Jaeger, Kiali, Prometheus, Zipkin) will now need to be installed separately. Istio will support installation of integrations that are from the Istio Project and will maintain compatibility with those that are not. -A Prometheus integration will still be available through an installation of Rancher Monitoring (insert link here), or by installing your own prometheus operator. Rancher's Istio chart will also install kiali by default to ensure you can get a full picture of your microservice out of the box. +A Prometheus integration will still be available through an installation of [Rancher Monitoring,](../../monitoring-alerting) or by installing your own Prometheus operator. Rancher's Istio chart will also install Kiali by default to ensure you can get a full picture of your microservices out of the box. -Istio has migrated away from Helm as a way to install Istio and now provides installation through the Istioctl binary or Istio Operator. To ensure the easiest interaction with Istio, Rancher's Istio will maintain a helm chart that utilizes the Istioctl binary to manage your Istio installation. +Istio has migrated away from Helm as a way to install Istio and now provides installation through the istioctl binary or Istio Operator. To ensure the easiest interaction with Istio, Rancher's Istio will maintain a Helm chart that utilizes the istioctl binary to manage your Istio installation. -This helm chart will be available via the Apps and Marketplace in the UI. A user that has access to the Rancher Chart's catalog will need to set up Istio before it ca be used in the project. +This Helm chart will be available via the Apps and Marketplace in the UI. A user that has access to the Rancher Chart's catalog will need to set up Istio before it can be used in the project. # Prerequisites -Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory](instert new url here) to run all of the components of Istio. +Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory](./resources) to run all of the components of Istio. # Setup Guide diff --git a/content/rancher/v2.x/en/istio/cluster-istio/_index.md b/content/rancher/v2.x/en/istio/cluster-istio/_index.md index 9634043898d..f5a85b3da49 100644 --- a/content/rancher/v2.x/en/istio/cluster-istio/_index.md +++ b/content/rancher/v2.x/en/istio/cluster-istio/_index.md @@ -3,9 +3,9 @@ title: Istio weight: 5 --- -_Available as of v2.5.0_ +_Available as of v2.4.0_ -> If you are usnig a rancher version less than v2.5.0, the older way of setting up Istio is documented in [this section]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/) +> This section is about the new version of the Istio app in Rancher v2.5.0. If you are using a rancher version less than v2.5.0, the older way of setting up Istio is documented in [this section.]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/) [Istio](https://istio.io/) is an open-source tool that makes it easier for DevOps teams to observe, control, troubleshoot, and secure the traffic within a complex network of microservices. diff --git a/content/rancher/v2.x/en/istio/disabling-istio/_index.md b/content/rancher/v2.x/en/istio/disabling-istio/_index.md index 3457d3fd51d..56f8acc197e 100644 --- a/content/rancher/v2.x/en/istio/disabling-istio/_index.md +++ b/content/rancher/v2.x/en/istio/disabling-istio/_index.md @@ -8,14 +8,14 @@ This section describes how to uninstall Istio in a cluster or disable a namespac # Uninstall Istio in a Cluster -To Uninstall Istio, +To uninstall Istio, -1. From Dashboard UI, navigate to **Installed Apps** in **Apps & Marketplace** and locate the rancher-istio installation +1. From the **Cluster Explorer,** navigate to **Installed Apps** in **Apps & Marketplace** and locate the `rancher-istio` installation. 1. Select all the apps in the `istio-system` namespace and click **Delete**. **Result:** The `rancher-istio` app in the cluster gets removed. The Istio sidecar cannot be deployed on any workloads in the cluster. -**Note:** You can no longer disable and reenable your Istio installation. If you would like to save your settings for a future install, view and save individual yamls to refer to. +**Note:** You can no longer disable and reenable your Istio installation. If you would like to save your settings for a future install, view and save individual YAMLs to refer to. # Disable Istio in a Namespace diff --git a/content/rancher/v2.x/en/istio/resources/_index.md b/content/rancher/v2.x/en/istio/resources/_index.md index fc6ea7f46e1..27783c6e78d 100644 --- a/content/rancher/v2.x/en/istio/resources/_index.md +++ b/content/rancher/v2.x/en/istio/resources/_index.md @@ -6,7 +6,7 @@ aliases: - /rancher/v2.x/en/project-admin/istio/config/ - /rancher/v2.x/en/cluster-admin/tools/istio/resources --- -_Available as of v2.5.0_ +_This section applies to Istio in Rancher v2.5.0. If you are using Rancher v2.4.x, refer to [this section.](../../legacy/resources)_ This section describes the minimum recommended computing resources for the Istio components in a cluster. diff --git a/content/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/_index.md b/content/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/_index.md index fd6b5a91f69..718d6f94551 100644 --- a/content/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/_index.md +++ b/content/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/_index.md @@ -8,16 +8,17 @@ aliases: This cluster uses the default Nginx controller to allow traffic into the cluster. Only a user with the following [Kubernetes default roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) assigned can configure and install Istio in a Kubernetes cluster. + - Admin - Edit -> If the cluster has a Pod Security Policy enabled there are [prerequisites steps]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/setup/enable-istio-in-cluster/enable-istio-with-psp/) +> If the cluster has a Pod Security Policy enabled there are [prerequisites steps.]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/setup/enable-istio-in-cluster/enable-istio-with-psp/) 1. From the Rancher Dashboard's **Cluster Explorer** view, navigate to available Charts in **Apps & Marketplace** 1. Select the Istio chart from the rancher provided charts 1. Optional: Configure member access and [resource limits]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/resources/) for the Istio components. Ensure you have enough resources on your worker nodes to enable Istio. 1. Optional: Make additional configuration changes to values.yaml if needed -1. Optional: Add additioanl resources or configuartion via the [overlay file](link to overlay file) +1. Optional: Add additional resources or configuration via the [overlay file](#overlay-file) 1. Click **Install**. **Result:** Istio is installed at the cluster level. @@ -33,9 +34,9 @@ When Istio is installed in the cluster, the label for Istio sidecar auto injecti ## Overlay File -An Overlay File is designed to support extensive configation of your Istio installation. It allows you to make changes to any values available in the [IstioOperator API](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/). This will ensure you can customize the default installation to fit any scenario. +An Overlay File is designed to support extensive configuration of your Istio installation. It allows you to make changes to any values available in the [IstioOperator API](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/). This will ensure you can customize the default installation to fit any scenario. -The Overlay File will add configuration ontop of the default installation that is provided from the Istio chart installation. This means you do not need to redefine the components that already defined for installation. +The Overlay File will add configuration on top of the default installation that is provided from the Istio chart installation. This means you do not need to redefine the components that already defined for installation. For more information on Overlay Files, refer to the (documentation)[https://istio.io/latest/docs/setup/install/istioctl/#configure-component-settings] diff --git a/content/rancher/v2.x/en/istio/setup/enable-istio-in-namespace/_index.md b/content/rancher/v2.x/en/istio/setup/enable-istio-in-namespace/_index.md index 3eca4d8ec98..4e74c56d523 100644 --- a/content/rancher/v2.x/en/istio/setup/enable-istio-in-namespace/_index.md +++ b/content/rancher/v2.x/en/istio/setup/enable-istio-in-namespace/_index.md @@ -11,7 +11,7 @@ This namespace setting will only affect new workloads in the namespace. Any pree > **Prerequisite:** To enable Istio in a namespace, the cluster must have Istio installed. -1. In the Rancher Dashboard, open the kubectl shell +1. In the Rancher **Cluster Explorer,** open the kubectl shell. 1. Then run `kubectl label namespace istio-injection=enabled` **Result:** The namespace now has the label `istio-injection=enabled`. All new workloads deployed in this namespace will have the Istio sidecar injected by default. @@ -30,7 +30,7 @@ sidecar.istio.io/inject: “false” To add the annotation to a workload, -1. From the **Cluster Explorer** view, use the side-nav to select the **Overview** page for workloads +1. From the **Cluster Explorer** view, use the side-nav to select the **Overview** page for workloads. 1. Go to the workload that should not have the sidecar and edit as yaml 1. Add the following key, value `sidecar.istio.io/inject: false` as an annotation on the workload 1. Click **Save.** diff --git a/content/rancher/v2.x/en/istio/setup/gateway/_index.md b/content/rancher/v2.x/en/istio/setup/gateway/_index.md index 60f8780fd65..1fd1fcd7c51 100644 --- a/content/rancher/v2.x/en/istio/setup/gateway/_index.md +++ b/content/rancher/v2.x/en/istio/setup/gateway/_index.md @@ -7,9 +7,9 @@ aliases: The gateway to each cluster can have its own port or load balancer, which is unrelated to a service mesh. By default, each Rancher-provisioned cluster has one NGINX ingress controller allowing traffic into the cluster. -You can use the NGINX ingress controller with or without Istio installed. If this is the only gateway to your cluster, Istio will be able to route traffic from service to service, but Istio will not be able to receive traffic from outside the cluster. +You can use the Nginx Ingress controller with or without Istio installed. If this is the only gateway to your cluster, Istio will be able to route traffic from service to service, but Istio will not be able to receive traffic from outside the cluster. -To allow Istio to receive external traffic, you need to enable Istio's gateway, which works as a north-south proxy for external traffic. When you enable the Istio gateway, the result is that your cluster will have two ingresses. +To allow Istio to receive external traffic, you need to enable Istio's gateway, which works as a north-south proxy for external traffic. When you enable the Istio gateway, the result is that your cluster will have two Ingresses. You will also need to set up a Kubernetes gateway for your services. This Kubernetes resource points to Istio's implementation of the ingress gateway to the cluster. @@ -17,7 +17,7 @@ You can route traffic into the service mesh with a load balancer or just Istio's For more information on the Istio gateway, refer to the [Istio documentation.](https://istio.io/docs/reference/config/networking/v1alpha3/gateway/) -![In an Istio-enabled cluster, you can have two ingresses: the default Nginx ingress, and the default Istio controller.]({{}}/img/rancher/istio-ingress.svg) +![In an Istio-enabled cluster, you can have two Ingresses: the default Nginx Ingress, and the default Istio controller.]({{}}/img/rancher/istio-ingress.svg) # Enable the Istio Gateway