You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/istio-about.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,17 +1,16 @@
1
1
---
2
-
title: Istio-based service mesh add-on for Azure Kubernetes Service (preview)
2
+
title: Istio-based service mesh add-on for Azure Kubernetes Service
3
3
description: Istio-based service mesh add-on for Azure Kubernetes Service.
4
4
ms.topic: article
5
5
ms.date: 04/09/2023
6
6
ms.author: shasb
7
+
author: shashankbarsin
7
8
---
8
9
9
-
# Istio-based service mesh add-on for Azure Kubernetes Service (preview)
10
+
# Istio-based service mesh add-on for Azure Kubernetes Service
10
11
11
12
[Istio][istio-overview] addresses the challenges developers and operators face with a distributed or microservices architecture. The Istio-based service mesh add-on provides an officially supported and tested integration for Azure Kubernetes Service (AKS).
12
13
13
-
[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
14
-
15
14
## What is a Service Mesh?
16
15
17
16
Modern applications are typically architected as distributed collections of microservices, with each collection of microservices performing some discrete business function. A service mesh is a dedicated infrastructure layer that you can add to your applications. It allows you to transparently add capabilities like observability, traffic management, and security, without adding them to your own code. The term **service mesh** describes both the type of software you use to implement this pattern, and the security or network domain that is created when you use that software.
@@ -47,9 +46,10 @@ This service mesh add-on uses and builds on top of open-source Istio. The add-on
47
46
Istio-based service mesh add-on for AKS has the following limitations:
48
47
* The add-on doesn't work on AKS clusters that are using [Open Service Mesh addon for AKS][open-service-mesh-about].
49
48
* The add-on doesn't work on AKS clusters that have Istio installed on them already outside the add-on installation.
50
-
*Managed lifecycle of mesh on how Istio versions are installed and later made available for upgrades.
49
+
*The add-on doesn't support adding pods associated with virtual nodes to be added under the mesh.
51
50
* Istio doesn't support Windows Server containers.
52
51
* Customization of mesh based on the following custom resources is blocked for now - `EnvoyFilter, ProxyConfig, WorkloadEntry, WorkloadGroup, Telemetry, IstioOperator, WasmPlugin`
52
+
* Gateway API for Istio ingress gateway or managing mesh traffic (GAMMA) are currently not yet supported with Istio addon.
### Verify Azure CLI and aks-preview extension versions
29
-
The add-on requires:
30
-
* Azure CLI version 2.49.0 or later installed. To install or upgrade, see [Install Azure CLI][azure-cli-install].
31
-
*`aks-preview` Azure CLI extension of version 0.5.163 or later installed
32
-
33
-
You can run `az --version` to verify above versions.
34
-
35
-
To install the aks-preview extension, run the following command:
36
-
37
-
```azurecli-interactive
38
-
az extension add --name aks-preview
39
-
```
40
27
41
-
Run the following command to update to the latest version of the extension released:
28
+
### Verify Azure CLI version
42
29
43
-
```azurecli-interactive
44
-
az extension update --name aks-preview
45
-
```
30
+
The add-on requires Azure CLI version 2.57.0 or later installed. You can run `az --version` to verify version. To install or upgrade, see [Install Azure CLI][azure-cli-install].
46
31
47
32
## Install Istio add-on at the time of cluster creation
48
33
@@ -96,33 +81,33 @@ Confirm the `istiod` pod has a status of `Running`. For example:
96
81
97
82
```
98
83
NAME READY STATUS RESTARTS AGE
99
-
istiod-asm-1-17-74f7f7c46c-xfdtl 1/1 Running 0 2m
84
+
istiod-asm-1-18-74f7f7c46c-xfdtl 1/1 Running 0 2m
100
85
```
101
86
102
87
## Enable sidecar injection
103
88
104
89
To automatically install sidecar to any new pods, annotate your namespaces:
> The default `istio-injection=enabled` labeling doesn't work. Explicit versioning (`istio.io/rev=asm-1-17`) is required.
96
+
> The default `istio-injection=enabled` labeling doesn't work. Explicit versioning (`istio.io/rev=asm-1-18`) is required.
112
97
113
98
114
99
For manual injection of sidecar using `istioctl kube-inject`, you need to specify extra parameters for `istioNamespace` (`-i`) and `revision` (`-r`). Example:
Copy file name to clipboardExpand all lines: articles/aks/istio-deploy-ingress.md
+5-7Lines changed: 5 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,20 +1,18 @@
1
1
---
2
-
title: Azure Kubernetes Service (AKS) external or internal ingresses for Istio service mesh add-on (preview)
3
-
description: Deploy external or internal ingresses for Istio service mesh add-on for Azure Kubernetes Service (preview)
2
+
title: Azure Kubernetes Service (AKS) external or internal ingresses for Istio service mesh add-on
3
+
description: Deploy external or internal ingresses for Istio service mesh add-on for Azure Kubernetes Service
4
4
ms.topic: how-to
5
5
ms.service: azure-kubernetes-service
6
6
ms.subservice: aks-networking
7
-
author: asudbring
7
+
author: shashankbarsin
8
8
ms.date: 08/07/2023
9
-
ms.author: allensu
9
+
ms.author: shasb
10
10
---
11
11
12
-
# Azure Kubernetes Service (AKS) external or internal ingresses for Istio service mesh add-on deployment (preview)
12
+
# Azure Kubernetes Service (AKS) external or internal ingresses for Istio service mesh add-on deployment
13
13
14
14
This article shows you how to deploy external or internal ingresses for Istio service mesh add-on for Azure Kubernetes Service (AKS) cluster.
15
15
16
-
[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
17
-
18
16
## Prerequisites
19
17
20
18
This guide assumes you followed the [documentation][istio-deploy-addon] to enable the Istio add-on on an AKS cluster, deploy a sample application and set environment variables.
Copy file name to clipboardExpand all lines: articles/aks/istio-meshconfig.md
+4-5Lines changed: 4 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,20 +1,19 @@
1
1
---
2
-
title: Configure Istio-based service mesh add-on for Azure Kubernetes Service (preview)
3
-
description: Configure Istio-based service mesh add-on for Azure Kubernetes Service (preview)
2
+
title: Configure Istio-based service mesh add-on for Azure Kubernetes Service
3
+
description: Configure Istio-based service mesh add-on for Azure Kubernetes Service
4
4
ms.topic: article
5
5
ms.custom: devx-track-azurecli
6
6
ms.date: 02/14/2024
7
7
ms.author: shasb
8
+
author: shashankbarsin
8
9
---
9
10
10
-
# Configure Istio-based service mesh add-on for Azure Kubernetes Service (preview)
11
+
# Configure Istio-based service mesh add-on for Azure Kubernetes Service
11
12
12
13
Open-source Istio uses [MeshConfig][istio-meshconfig] to define mesh-wide settings for the Istio service mesh. Istio-based service mesh add-on for AKS builds on top of MeshConfig and classifies different properties as supported, allowed, and blocked.
13
14
14
15
This article walks through how to configure Istio-based service mesh add-on for Azure Kubernetes Service and the support policy applicable for such configuration.
15
16
16
-
[!INCLUDE [preview features callout](includes/preview/preview-callout.md)]
17
-
18
17
## Prerequisites
19
18
20
19
This guide assumes you followed the [documentation][istio-deploy-addon] to enable the Istio add-on on an AKS cluster.
Copy file name to clipboardExpand all lines: articles/aks/istio-plugin-ca.md
+8-24Lines changed: 8 additions & 24 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,42 +1,26 @@
1
1
---
2
-
title: Plug in CA certificates for Istio-based service mesh add-on on Azure Kubernetes Service (preview)
3
-
description: Plug in CA certificates for Istio-based service mesh add-on on Azure Kubernetes Service (preview)
2
+
title: Plug in CA certificates for Istio-based service mesh add-on on Azure Kubernetes Service
3
+
description: Plug in CA certificates for Istio-based service mesh add-on on Azure Kubernetes Service
4
4
ms.topic: conceptual
5
5
ms.custom: devx-track-azurecli
6
6
ms.date: 12/04/2023
7
+
ms.author: shasb
8
+
author: shashankbarsin
7
9
---
8
10
9
-
# Plug in CA certificates for Istio-based service mesh add-on on Azure Kubernetes Service (preview)
11
+
# Plug in CA certificates for Istio-based service mesh add-on on Azure Kubernetes Service
10
12
11
-
In the Istio-based service mesh addon for Azure Kubernetes Service (preview), by default the Istio certificate authority (CA) generates a self-signed root certificate and key and uses them to sign the workload certificates. To protect the root CA key, you should use a root CA, which runs on a secure machine offline. You can use the root CA to issue intermediate certificates to the Istio CAs that run in each cluster. An Istio CA can sign workload certificates using the administrator-specified certificate and key, and distribute an administrator-specified root certificate to the workloads as the root of trust. This article addresses how to bring your own certificates and keys for Istio CA in the Istio-based service mesh add-on for Azure Kubernetes Service.
13
+
In the Istio-based service mesh addon for Azure Kubernetes Service, by default the Istio certificate authority (CA) generates a self-signed root certificate and key and uses them to sign the workload certificates. To protect the root CA key, you should use a root CA, which runs on a secure machine offline. You can use the root CA to issue intermediate certificates to the Istio CAs that run in each cluster. An Istio CA can sign workload certificates using the administrator-specified certificate and key, and distribute an administrator-specified root certificate to the workloads as the root of trust. This article addresses how to bring your own certificates and keys for Istio CA in the Istio-based service mesh add-on for Azure Kubernetes Service.
12
14
13
15
[](./media/istio/istio-byo-ca.png#lightbox)
14
16
15
17
This article addresses how you can configure the Istio certificate authority with a root certificate, signing certificate and key provided as inputs using Azure Key Vault to the Istio-based service mesh add-on.
16
18
17
-
[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
18
-
19
19
## Before you begin
20
20
21
-
### Verify Azure CLI and aks-preview extension versions
22
-
23
-
The add-on requires:
24
-
* Azure CLI version 2.49.0 or later installed. To install or upgrade, see [Install Azure CLI][install-azure-cli].
25
-
*`aks-preview` Azure CLI extension of version 0.5.163 or later installed
26
-
27
-
You can run `az --version` to verify above versions.
28
-
29
-
To install the aks-preview extension, run the following command:
30
-
31
-
```azurecli-interactive
32
-
az extension add --name aks-preview
33
-
```
34
-
35
-
Run the following command to update to the latest version of the extension released:
21
+
### Verify Azure CLI version
36
22
37
-
```azurecli-interactive
38
-
az extension update --name aks-preview
39
-
```
23
+
The add-on requires Azure CLI version 2.57.0 or later installed. You can run `az --version` to verify version. To install or upgrade, see [Install Azure CLI][azure-cli-install].
0 commit comments