Istio-operator is a Kubernetes operator to deploy and manage Istio resources for a Kubernetes cluster.
Istio is an open platform to connect, manage, and secure microservices and it is emerging as the standard for building service meshes on Kubernetes. It is built out on multiple components and a rather complex deployment scheme (around 14 Helm subcharts and 50+ CRDs). Installing, upgrading and operating these components requires deep understanding of Istio and Helm (the standard/supported way of deploying Istio).
The goal of the Istio-operator is to automate and simplify these and enable popular service mesh use cases (multi cluster federation, canary releases, resource reconciliation, etc) by introducing easy higher level abstractions.
At Banzai Cloud we are building a Kubernetes distribution and platform, Pipeline and operate Istio clusters for our customers. While we were comfortably operating Istio using the standard Helm deployments on 6 cloud providers and on-premise with Pipeline, recently our customers were asking for multi-cloud service mesh deployments. This required lots of configurations, manual interventions during scaling or removing clusters from the mesh and become an operational burden. Pipeline automates the whole Kubernetes experience (from creating clusters, centralized logging, federated monitoring, multi-dimensional autoscaling, disaster recovery, security scans, etc) and we needed a way to automagically operate Istio.
At the same time there is a huge interest in the Istio community for an operator, but due to resource constraints and the need of supporting Helm, building one it was discarded. There were several initiatives to simplify Istio:
- Istio Operator for Kubernetes
- Operator
- Initial implementation of Galley registers the CRDs
- Handle upgrades with an istio-init chart
however, none of these gave a full solution to automate the Istio experience and make it consumable for the wider audience. Our motivation is to build an open source solution and a community which drives the innovation and features of this operator.
If you are willing to kickstart your Istio experience using Pipeline, check out the free developer beta:
The operator (release-1.1 branch) installs the 1.1.3 version of Istio, and can run on Minikube v0.33.1+ and Kubernetes 1.10.0+.
As a pre-requisite it needs a Kubernetes cluster (you can create one using Pipeline).
- Set
KUBECONFIGpointing towards your cluster - Run
make deploy(deploys the operator in theistio-systemnamespace to the cluster) - Set your Istio configurations in a Kubernetes custom resource (sample:
config/samples/istio_v1beta1_istio.yaml) and run this command to deploy the Istio components:
kubectl create -n istio-system -f config/samples/istio_v1beta1_istio.yamlAlternatively, if you just can’t let go of Helm completely, you can deploy the operator using a Helm chart, which is available in the Banzai Cloud stable Helm repo:
helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com/
helm install --name=istio-operator --namespace=istio-system banzaicloud-stable/istio-operatorCheck out the upgrade docs to see how to upgrade between minor or major Istio versions.
Check out the multi-cluster federation docs.
Check out the developer docs.
Please note that the Istio operator is under heavy development and new releases might introduce breaking changes. We are striving to keep backward compatibility as much as possible while adding new features at a fast pace. Issues, new features or bugs are tracked on the projects GitHub page - please feel free to add yours!
To track some of the significant features and future items from the roadmap please visit the roadmap doc.
sample
apiVersion: istio.banzaicloud.io/ 64B9 v1beta1 kind: Istio metadata: creationTimestamp: '2019-04-29T08:40:23Z' finalizers: - istio-operator.finializer.banzaicloud.io generation: 2 labels: controller-tools.k8s.io: '1.0' name: istio-sample namespace: istio-system resourceVersion: '52500844' selfLink: >- /apis/istio.banzaicloud.io/v1beta1/namespaces/istio-system/istios/istio-sample uid: 6e1c94fb-6a5a-11e9-b9d9-5254005148aa spec: autoInjectionNamespaces: - bookinfo citadel: enabled: true image: 'istio/citadel:1.1.3' replicaCount: 1 defaultPodDisruptionBudget: enabled: true galley: enabled: true image: 'istio/galley:1.1.3' replicaCount: 1 gateways: egress: enabled: true maxReplicas: 2 minReplicas: 1 replicaCount: 1 sds: enabled: false image: 'docker.io/istio/node-agent-k8s:1.1.3' serviceType: ClusterIP enabled: true ingress: enabled: true maxReplicas: 2 minReplicas: 1 replicaCount: 1 sds: enabled: false image: 'docker.io/istio/node-agent-k8s:1.1.3' serviceType: LoadBalancer k8singress: enabled: true imagePullPolicy: IfNotPresent includeIPRanges: '*' meshExpansion: false mixer: enabled: true image: 'istio/mixer:1.1.3' maxReplicas: 2 minReplicas: 1 replicaCount: 1 mtls: false nodeAgent: enabled: false image: 'istio/node-agent-k8s:1.1.3' outboundTrafficPolicy: mode: ALLOW_ANY pilot: enabled: true image: 'istio/pilot:1.1.3' maxReplicas: 2 minReplicas: 1 replicaCount: 1 traceSampling: 1 proxy: image: 'istio/proxyv2:1.1.3' proxyInit: image: 'istio/proxy_init:1.1.3' sds: enabled: false sidecarInjector: autoInjectionPolicyEnabled: true enabled: true image: 'istio/sidecar_injector:1.1.3' initCNIConfiguration: binDir: /opt/cni/bin confDir: /etc/cni/net.d enabled: false excludeNamespaces: - istio-system image: 'gcr.io/istio-release/install-cni:master-latest-daily' logLevel: info replicaCount: 1 rewriteAppHTTPProbe: true tracing: datadog: address: '$(HOST_IP):8126' enabled: true lightstep: accessToken: address: 'lightstep-satellite.lightstep:9292' cacertPath: /etc/lightstep/cacert.pem tracer: zipkin zipkin: address: 'zipkin.istio-system:9411' version: 1.1.3