Merge pull request #270252 from MGoedtel/task233097

prmerger-automator[bot] · web-flow · commit 1478c1eea205 · 2024-03-26T19:20:16.000Z
update AKS istio-deploy-addon
diff --git a/articles/aks/istio-deploy-addon.md b/articles/aks/istio-deploy-addon.md
@@ -3,7 +3,7 @@ title: Deploy Istio-based service mesh add-on for Azure Kubernetes Service
 description: Deploy Istio-based service mesh add-on for Azure Kubernetes Service
 ms.topic: article
 ms.custom: devx-track-azurecli
-ms.date: 04/09/2023
+ms.date: 03/26/2024
 ms.author: shasb
 author: shashankbarsin
 ---
@@ -16,6 +16,13 @@ For more information on Istio and the service mesh add-on, see [Istio-based serv
 
 ## Before you begin
 
+* The add-on requires Azure CLI version 2.57.0 or later installed. You can run `az --version` to verify version. To install or upgrade, see [Install Azure CLI][azure-cli-install].
+* To find information about which Istio add-on revisions are available in a region and their compatibility with AKS cluster versions, use the command [`az aks mesh get-revisions`][az-aks-mesh-get-revisions]:
+
+    ```azurecli-interactive
+    az aks mesh get-revisions --location <location> -o table
+    ```
+
 ### Set environment variables
 
 ```bash
@@ -24,25 +31,17 @@ export RESOURCE_GROUP=<resource-group-name>
 export LOCATION=<location>
 ```
 
+## Install Istio add-on
 
-### Verify Azure CLI version
-
-The add-on requires Azure CLI version 2.57.0 or later installed. You can run `az --version` to verify version. To install or upgrade, see [Install Azure CLI][azure-cli-install].
-
-## Get available Istio add-on revisions
-To find information about which Istio add-on revisions are available in a region and their compatibility with AKS cluster versions, use:
-
-```azurecli-interactive
-az aks mesh get-revisions --location <location> -o table
-```
-
+This section includes steps to install the Istio add-on during cluster creation or enable for an existing cluster using the Azure CLI. If you want to install the add-on using Bicep, see [install an AKS cluster with the Istio service mesh add-on using Bicep][install-aks-cluster-istio-bicep]. To learn more about the Bicep resource definition for an AKS cluster, see [Bicep managedCluster reference][bicep-aks-resource-definition].
 
-## Install Istio add-on
 ### Revision selection
+
 If you enable the add-on without specifying a revision, a default supported revision is installed for you.
 
-If you wish to specify the revision instead:
-1. Use the `get-revisions` command in the [previous step](#get-available-istio-add-on-revisions) to check which revisions are available for different AKS cluster versions in a region.
+To specify a revision, perform the following steps.
+
+1. Use the [`az aks mesh get-revisions`][az-aks-mesh-get-revisions] command to check which revisions are available for different AKS cluster versions in a region.
 1. Based on the available revisions, you can include the `--revision asm-X-Y` (ex: `--revision asm-1-20`) flag in the enable command you use for mesh installation.
 
 ### Install mesh during cluster creation
@@ -102,20 +101,22 @@ istiod-asm-1-18-74f7f7c46c-xfdtl   1/1     Running   0          2m
 
 ## Enable sidecar injection
 
-To automatically install sidecar to any new pods, you will need to annotate your namespaces with the revision label corresponding to the control plane revision currently installed. 
+To automatically install sidecar to any new pods, you will need to annotate your namespaces with the revision label corresponding to the control plane revision currently installed.
 
 If you're unsure which revision is installed, use:
+
 ```bash
 az aks show --resource-group ${RESOURCE_GROUP} --name ${CLUSTER}  --query 'serviceMeshProfile.istio.revisions'
 ```
 
 Apply the revision label:
+
 ```bash
 kubectl label namespace default istio.io/rev=asm-X-Y
 ```
 
 > [!IMPORTANT]
->  The default `istio-injection=enabled` labeling doesn't work. Explicit versioning matching the control plane revision (ex: `istio.io/rev=asm-1-18`) is required. 
+> The default `istio-injection=enabled` labeling doesn't work. Explicit versioning matching the control plane revision (ex: `istio.io/rev=asm-1-18`) is required.
 
 For manual injection of sidecar using `istioctl kube-inject`, you need to specify extra parameters for `istioNamespace` (`-i`) and `revision` (`-r`). For example:
 
@@ -124,15 +125,19 @@ kubectl apply -f <(istioctl kube-inject -f sample.yaml -i aks-istio-system -r as
 ```
 
 ## Trigger sidecar injection
+
 You can either deploy the sample application provided for testing, or trigger sidecar injection for existing workloads.
 
 ### Existing applications
+
 If you have existing applications to be added to the mesh, ensure their namespaces are labeled as in the previous step, and then restart their deployments to trigger sidecar injection:
+
 ```bash
 kubectl rollout restart -n <namespace> <deployment name>
 ```
 
 Verify that sidecar injection succeeded by ensuring all containers are ready and looking for the `istio-proxy` container in the `kubectl describe` output, for example:
+
 ```bash
 kubectl describe pod -n namespace <pod name>
 ```
@@ -149,7 +154,7 @@ kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.18/samp
 
 Confirm several deployments and services are created on your cluster. For example:
 
-```
+```output
 service/details created
 serviceaccount/bookinfo-details created
 deployment.apps/details-v1 created
@@ -174,7 +179,7 @@ kubectl get services
 
 Confirm the following services were deployed:
 
-```
+```output
 NAME          TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
 details       ClusterIP   10.0.180.193   <none>        9080/TCP   87s
 kubernetes    ClusterIP   10.0.0.1       <none>        443/TCP    15m
@@ -187,7 +192,7 @@ reviews       ClusterIP   10.0.73.95     <none>        9080/TCP   86s
 kubectl get pods
 ```
 
-```
+```output
 NAME                              READY   STATUS    RESTARTS   AGE
 details-v1-558b8b4b76-2llld       2/2     Running   0          2m41s
 productpage-v1-6987489c74-lpkgl   2/2     Running   0          2m40s
@@ -197,7 +202,6 @@ reviews-v2-7d79d5bd5d-8zzqd       2/2     Running   0          2m41s
 reviews-v3-7dbcdcbc56-m8dph       2/2     Running   0          2m41s
 ```
 
-
 Confirm that all the pods have status of `Running` with 2 containers in the `READY` column. The second container (`istio-proxy`) added to each pod is the Envoy sidecar injected by Istio, and the other is the application container.
 
 To test this sample application against ingress, check out [next-steps](#next-steps).
@@ -235,14 +239,17 @@ az group delete --name ${RESOURCE_GROUP} --yes --no-wait
 
 * [Deploy external or internal ingresses for Istio service mesh add-on][istio-deploy-ingress]
 
-[istio-about]: istio-about.md
+<!--- External Links --->
+[install-aks-cluster-istio-bicep]: https://github.com/Azure-Samples/aks-istio-addon-bicep
+[uninstall-istio-oss]: https://istio.io/latest/docs/setup/install/istioctl/#uninstall-istio
 
+<!--- Internal Links --->
+[istio-about]: istio-about.md
 [azure-cli-install]: /cli/azure/install-azure-cli
 [az-feature-register]: /cli/azure/feature#az-feature-register
 [az-feature-show]: /cli/azure/feature#az-feature-show
 [az-provider-register]: /cli/azure/provider#az-provider-register
-
 [uninstall-osm-addon]: open-service-mesh-uninstall-add-on.md
-[uninstall-istio-oss]: https://istio.io/latest/docs/setup/install/istioctl/#uninstall-istio
-
 [istio-deploy-ingress]: istio-deploy-ingress.md
+[az-aks-mesh-get-revisions]: /cli/azure/aks/mesh#az-aks-mesh-get-revisions(aks-preview)
+[bicep-aks-resource-definition]: /azure/templates/microsoft.containerservice/managedclusters
