search string side menu

BRIX On-Premises > BRIX On-Premises Enterprise > Install add-on components for BRIX / Install Istio

Install Istio

Istio is an alternative to Linkerd and represents a dedicated level of infrastructure called Service Mesh. It helps manage communication between services, handle retries, timeouts, and automatically encrypt connections.

Installing the Istio add-on component provides balancing of gRPC traffic when scaling BRIX services. It also provides telemetry — success rates, latencies, etc.

Service Mesh is a necessary component to enable support for scaling services on the side of the BRIX application. Without an installed Service Mesh, traffic balancing when scaling BRIX microservices will not work correctly.

Installation consists of five steps:

  1. Modify kernel parameters on worker nodes (optional).
  2. Downloading the Helm chart and configuration file.
  3. Fill out the configuration file.
  4. Install the Istio chart using helm in the Kubernetes cluster
  5. Enable Istio in the namespace with the BRIX application.

Step 1: Modify kernel parameters on worker nodes (optional)

Before installation, ensure that the operating system parameters are set correctly. If parameters for increasing inotify limits are not set, add them to the configuration file /etc/sysctl.conf:

sudo nano /etc/sysctl.conf
fs.inotify.max_user_instances = 1024
fs.inotify.max_user_watches = 1048576

Update the parameter values with the following command:

sysctl -p

Step 2: Download the Helm chart and configuration file

For installation via the internet, get the configuration file values-istio.yaml by executing the command:

helm repo add elma365 https://charts.elma365.tech
helm repo update
helm show values elma365/istio > values-istio.yaml

Obtaining the configuration file for installation in a closed-loop environment without internet access

  1. On a computer with internet access, download the BRIX images and upload them to your local image registry:

helm repo add elma365 https://charts.elma365.tech
helm repo update
helm pull elma365/istio

For more details, see Download BRIX images.

  1. Copy the downloaded chart archive istio-X.Y.Z.tgz to the server where the installation will be performed.
  2. Unpack this chart and copy the default configuration file values.yaml to values-istio.yaml:

tar -xf istio-X.Y.Z.tgz

Step 3: Fill out the configuration file

Fill out the configuration file values-istio.yaml for the installation of the Istio service.

For the istioNamespace parameter, specify the namespace in which Istio is being installed.

To ensure high availability of Istio:

  • enable service autoscaling and set the minimum and maximum number of replicas in the parameters pilot.autoscaleMin and pilot.autoscaleMax;
  • without autoscaling, set the number of service replicas in the parameter pilot.replicaCount.

## Istio settings
global:
  ## namespace for Istio (must be created before installation using kubectl create ns)
  istioNamespace: istio-system
...
istiod:
  pilot:
    ## service autoscaling
    autoscaleEnabled: true
    ## minimum and maximum number of replicas
    autoscaleMin: 1
    autoscaleMax: 5
    ## number of service replicas without autoscaling
    replicaCount: 1
...

Fill out the parameters for connecting to a private registry for installation in a closed-loop environment without internet access

To connect to a private registry, you need to:

  1. Download BRIX images and upload them to the local image registry. For more details, see Download BRIX images.
  2. Set the address and path for the parameter global.hub.
  3. Specify the name of the secret with access rights to the private registry in the parameter global.imagePullSecrets. The secret must be manually created and encrypted in Base64.

## Istio settings
global:
...
  ## parameters for connecting to a private registry
  ## address and path for the private registry
  hub: registry.example.com/istio
  tag: 1.19.0
  ## the secret with access rights to the private registry must be manually created, encrypted in Base64
  imagePullSecrets:
    - myRegistryKeySecretName
...

Where repository format is:

  • Address is registry.example.com.
  • Path is /istio.

Step 4: Install the Istio chart using helm in the Kubernetes cluster

Install the Istio chart in namespace istio-system. Namespace will be created during installation if it was not previously created.

For installation via the internet:

helm upgrade --install istio elma365/istio -f values-istio.yaml -n istio-system --create-namespace

For offline installation without internet access, go to the directory with the downloaded chart and execute the command:

helm upgrade --install istio ./istio -f values-istio.yaml -n istio-system --create-namespace

Step 5: Enable Istio in the namespace with the BRIX application

In the described example, the BRIX application is installed in namespace elma365.

Начало внимание

Before enabling Istio, you must check and disable other Service Mesh in the namespace where the BRIX application is installed.

The concurrent operation of multiple Service Meshes is not allowed.

To disable Linkerd, remove the namespace annotation with the BRIX application:

kubectl annotate namespace elma365 linkerd.io/inject-

Конец внимание

Add a  label to the namespace with the BRIX application for automatic injection of Istio-proxy containers into the BRIX services using the command:

kubectl label namespace elma365 istio-injection=enabled --overwrite

Restart all BRIX application services using the command:

kubectl rollout restart deploy [-n namespace] && kubectl rollout restart ds [-n namespace]

Delete the Istio chart using helm in the Kubernetes cluster

Начало внимание

Before removing the Istio add-on component, disable autoscaling on the side of the BRIX application.

Конец внимание

To delete the Istio chart in the namespace istio-system, execute the command:

helm uninstall istio -n istio-system

install-ingress-nginx.html install-nodelocal-dns-cache.html