3.4.5 Install and Configure Istio

Install Istio, 1.12.1 or later versions, onto the Kubernetes cluster with the default Istio profile.

Skip this section if you don't want to install MicroTx in an Istio service mesh.

Oracle recommends using the default Istio profile for production environments. Additionally, create logs that you can use for audits and enable distributed tracing to monitor and troubleshoot microservices-based distributed systems, such as monitoring distributed transactions, analyzing the root cause, analyze service dependency, and optimize performance or latency. For more information, see https://istio.io/latest/docs/setup/additional-setup/config-profiles/.

Perform the following steps to install and configure Istio on your local machine:

1. Run the following command to download Istio.

   curl -sL https://istio.io/downloadIstioctl | sh -

2. Move to the Istio package directory. For example, if the package is istio-1.12.1:

   cd istio-1.12.1

3. Add the istioctl client tool which is located in the bin folder to the PATH for your workstation. The following example specifies the a sample value. Provide the path based on your environment.

   export PATH=$PWD/bin:$PATH

4. Run prerequisite checks to validate if the cluster meets Istio install requirements.

   istioctl x precheck

   The following message is displayed. You can proceed with the next step and install Istio if there are no issues.

   No issues found when checking the cluster. Istio is safe to install or upgrade!
   

5. Run the following commands to install and configure Istio in Kubernetes. Skip this step if you are using OpenShift.
   1. Run the following command to install Istio on Kubernetes with the default Istio profile.

      istioctl install --set meshConfig.accessLogFile=/dev/stdout \
          --set meshConfig.accessLogEncoding=JSON \
          --set meshConfig.enableTracing=true \
          --set meshConfig.defaultConfig.tracing.sampling=100.0

      Only in Oracle Linux 8 environments, run the following command to pass an additional flag, --set components.cni.enabled=true. For example:

      istioctl install --set meshConfig.accessLogFile=/dev/stdout \
          --set meshConfig.accessLogEncoding=JSON \
          --set meshConfig.enableTracing=true \
          --set meshConfig.defaultConfig.tracing.sampling=100.0 \
          --set components.cni.enabled=true

   2. Label the namespace that you have created with istio-injection=enabled to put automatic sidecar injection into effect. The following command labels the otmm namespace:

      Sample Command

      kubectl label namespace otmm istio-injection=enabled

      Sample Response

      namespace/otmm labeled

6. Run the following commands to install and configure Istio in OpenShift. Skip this step for Kubernetes.
   1. Run the following command to install Istio on OpenShift with the default Istio profile.

      istioctl install --set profile=openshift \
          --set meshConfig.accessLogFile=/dev/stdout \
          --set meshConfig.accessLogEncoding=JSON \
          --set meshConfig.enableTracing=true \
          --set meshConfig.defaultConfig.tracing.sampling=100.0 \
          --set components.cni.enabled=true

   2. After Istio is installed, expose an OpenShift route for the Istio ingress gateway.

      oc -n istio-system expose svc/istio-ingressgateway --port=http2

   3. Label the project that you have created with istio-injection=enabled to put automatic sidecar injection into effect. The following command labels the otmm project in OpenShift:

      Sample Command

      oc label project otmm istio-injection=enabled