Istio addon GA

shashankbarsin · web-flow · commit f71f0f41037c · 2024-02-27T03:40:44.000+05:30
diff --git a/articles/aks/istio-about.md b/articles/aks/istio-about.md
@@ -1,17 +1,16 @@
 ---
-title: Istio-based service mesh add-on for Azure Kubernetes Service (preview)
+title: Istio-based service mesh add-on for Azure Kubernetes Service
 description: Istio-based service mesh add-on for Azure Kubernetes Service.
 ms.topic: article
 ms.date: 04/09/2023
 ms.author: shasb
+author: shashankbarsin
 ---
 
-# Istio-based service mesh add-on for Azure Kubernetes Service (preview)
+# Istio-based service mesh add-on for Azure Kubernetes Service
 
 [Istio][istio-overview] addresses the challenges developers and operators face with a distributed or microservices architecture. The Istio-based service mesh add-on provides an officially supported and tested integration for Azure Kubernetes Service (AKS).
 
-[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
-
 ## What is a Service Mesh?
 
 Modern applications are typically architected as distributed collections of microservices, with each collection of microservices performing some discrete business function. A service mesh is a dedicated infrastructure layer that you can add to your applications. It allows you to transparently add capabilities like observability, traffic management, and security, without adding them to your own code. The term **service mesh** describes both the type of software you use to implement this pattern, and the security or network domain that is created when you use that software.
@@ -50,6 +49,7 @@ Istio-based service mesh add-on for AKS has the following limitations:
 * Managed lifecycle of mesh on how Istio versions are installed and later made available for upgrades.
 * Istio doesn't support Windows Server containers.
 * Customization of mesh based on the following custom resources is blocked for now - `EnvoyFilter, ProxyConfig, WorkloadEntry, WorkloadGroup, Telemetry, IstioOperator, WasmPlugin`
+* Gateway API for Istio ingress gateway or managing mesh traffic (GAMMA) are currently not yet supported with Istio addon.
 
 ## Next steps
 
diff --git a/articles/aks/istio-deploy-addon.md b/articles/aks/istio-deploy-addon.md
@@ -1,20 +1,19 @@
 ---
-title: Deploy Istio-based service mesh add-on for Azure Kubernetes Service (preview)
-description: Deploy Istio-based service mesh add-on for Azure Kubernetes Service (preview)
+title: Deploy Istio-based service mesh add-on for Azure Kubernetes Service
+description: Deploy Istio-based service mesh add-on for Azure Kubernetes Service
 ms.topic: article
 ms.custom: devx-track-azurecli
 ms.date: 04/09/2023
 ms.author: shasb
+author: shashankbarsin
 ---
 
-# Deploy Istio-based service mesh add-on for Azure Kubernetes Service (preview)
+# Deploy Istio-based service mesh add-on for Azure Kubernetes Service
 
 This article shows you how to install the Istio-based service mesh add-on for Azure Kubernetes Service (AKS) cluster.
 
 For more information on Istio and the service mesh add-on, see [Istio-based service mesh add-on for Azure Kubernetes Service][istio-about].
 
-[!INCLUDE [preview features callout](includes/preview/preview-callout.md)]
-
 ## Before you begin
 
 ### Set environment variables
@@ -25,44 +24,9 @@ export RESOURCE_GROUP=<resource-group-name>
 export LOCATION=<location>
 ```
 
-### Verify Azure CLI and aks-preview extension versions
-The add-on requires:
-* Azure CLI version 2.49.0 or later installed. To install or upgrade, see [Install Azure CLI][azure-cli-install].
-* `aks-preview` Azure CLI extension of version 0.5.163 or later installed
-
-You can run `az --version` to verify above versions.
-
-To install the aks-preview extension, run the following command:
-
-```azurecli-interactive
-az extension add --name aks-preview
-```
-
-Run the following command to update to the latest version of the extension released:
-
-```azurecli-interactive
-az extension update --name aks-preview
-```
-
-### Register the _AzureServiceMeshPreview_ feature flag
+### Verify Azure CLI version
 
-Register the `AzureServiceMeshPreview` feature flag by using the [az feature register][az-feature-register] command:
-
-```azurecli-interactive
-az feature register --namespace "Microsoft.ContainerService" --name "AzureServiceMeshPreview"
-```
-
-It takes a few minutes for the feature to register. Verify the registration status by using the [az feature show][az-feature-show] command:
-
-```azurecli-interactive
-az feature show --namespace "Microsoft.ContainerService" --name "AzureServiceMeshPreview"
-```
-
-When the status reflects *Registered*, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [az provider register][az-provider-register] command:
-
-```azurecli-interactive
-az provider register --namespace Microsoft.ContainerService
-```
+The add-on requires Azure CLI version 2.57.0 or later installed. You can run `az --version` to verify version. To install or upgrade, see [Install Azure CLI][azure-cli-install].
 
 ## Install Istio add-on at the time of cluster creation
 
@@ -116,33 +80,33 @@ Confirm the `istiod` pod has a status of `Running`. For example:
 
 ```
 NAME                               READY   STATUS    RESTARTS   AGE
-istiod-asm-1-17-74f7f7c46c-xfdtl   1/1     Running   0          2m
+istiod-asm-1-18-74f7f7c46c-xfdtl   1/1     Running   0          2m
 ```
 
 ## Enable sidecar injection
 
 To automatically install sidecar to any new pods, annotate your namespaces:
 
 ```bash
-kubectl label namespace default istio.io/rev=asm-1-17
+kubectl label namespace default istio.io/rev=asm-1-18
 ```
 
 > [!IMPORTANT]
->  The default `istio-injection=enabled` labeling doesn't work. Explicit versioning (`istio.io/rev=asm-1-17`) is required.
+>  The default `istio-injection=enabled` labeling doesn't work. Explicit versioning (`istio.io/rev=asm-1-18`) is required.
 
 
 For manual injection of sidecar using `istioctl kube-inject`, you need to specify extra parameters for `istioNamespace` (`-i`) and `revision` (`-r`). Example:
 
 ```bash
-kubectl apply -f <(istioctl kube-inject -f sample.yaml -i aks-istio-system -r asm-1-17) -n foo
+kubectl apply -f <(istioctl kube-inject -f sample.yaml -i aks-istio-system -r asm-1-18) -n foo
 ```
 
 ## Deploy sample application
 
 Use `kubectl apply` to deploy the sample application on the cluster:
 
 ```bash
-kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.17/samples/bookinfo/platform/kube/bookinfo.yaml
+kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.18/samples/bookinfo/platform/kube/bookinfo.yaml
 ```
 
 Confirm several deployments and services are created on your cluster. For example:
@@ -207,7 +171,7 @@ To test this sample application against ingress, check out [next-steps](#next-st
 Use `kubectl delete` to delete the sample application:
 
 ```bash
-kubectl delete -f https://raw.githubusercontent.com/istio/istio/release-1.17/samples/bookinfo/platform/kube/bookinfo.yaml
+kubectl delete -f https://raw.githubusercontent.com/istio/istio/release-1.18/samples/bookinfo/platform/kube/bookinfo.yaml
 ```
 
 If you don't intend to enable Istio ingress on your cluster and want to disable the Istio add-on, run the following command:
diff --git a/articles/aks/istio-deploy-ingress.md b/articles/aks/istio-deploy-ingress.md
@@ -1,20 +1,18 @@
 ---
-title: Azure Kubernetes Service (AKS) external or internal ingresses for Istio service mesh add-on (preview)
-description: Deploy external or internal ingresses for Istio service mesh add-on for Azure Kubernetes Service (preview)
+title: Azure Kubernetes Service (AKS) external or internal ingresses for Istio service mesh add-on
+description: Deploy external or internal ingresses for Istio service mesh add-on for Azure Kubernetes Service
 ms.topic: how-to
 ms.service: azure-kubernetes-service
 ms.subservice: aks-networking
-author: asudbring
+author: shashankbarsin
 ms.date: 08/07/2023
-ms.author: allensu
+ms.author: shasb
 ---
 
-# Azure Kubernetes Service (AKS) external or internal ingresses for Istio service mesh add-on deployment (preview)
+# Azure Kubernetes Service (AKS) external or internal ingresses for Istio service mesh add-on deployment
 
 This article shows you how to deploy external or internal ingresses for Istio service mesh add-on for Azure Kubernetes Service (AKS) cluster.
 
-[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
-
 ## Prerequisites
 
 This guide assumes you followed the [documentation][istio-deploy-addon] to enable the Istio add-on on an AKS cluster, deploy a sample application and set environment variables.
diff --git a/articles/aks/istio-meshconfig.md b/articles/aks/istio-meshconfig.md
@@ -1,20 +1,19 @@
 ---
-title: Configure Istio-based service mesh add-on for Azure Kubernetes Service (preview)
-description: Configure Istio-based service mesh add-on for Azure Kubernetes Service (preview)
+title: Configure Istio-based service mesh add-on for Azure Kubernetes Service
+description: Configure Istio-based service mesh add-on for Azure Kubernetes Service
 ms.topic: article
 ms.custom: devx-track-azurecli
 ms.date: 02/14/2024
 ms.author: shasb
+author: shashankbarsin
 ---
 
-# Configure Istio-based service mesh add-on for Azure Kubernetes Service (preview)
+# Configure Istio-based service mesh add-on for Azure Kubernetes Service
 
 Open-source Istio uses [MeshConfig][istio-meshconfig] to define mesh-wide settings for the Istio service mesh. Istio-based service mesh add-on for AKS builds on top of MeshConfig and classifies different properties as supported, allowed, and blocked.
 
 This article walks through how to configure Istio-based service mesh add-on for Azure Kubernetes Service and the support policy applicable for such configuration.
 
-[!INCLUDE [preview features callout](includes/preview/preview-callout.md)]
-
 ## Prerequisites
 
 This guide assumes you followed the [documentation][istio-deploy-addon] to enable the Istio add-on on an AKS cluster.
diff --git a/articles/aks/istio-plugin-ca.md b/articles/aks/istio-plugin-ca.md
@@ -1,62 +1,26 @@
 ---
-title: Plug in CA certificates for Istio-based service mesh add-on on Azure Kubernetes Service (preview)
-description: Plug in CA certificates for Istio-based service mesh add-on on Azure Kubernetes Service (preview)
+title: Plug in CA certificates for Istio-based service mesh add-on on Azure Kubernetes Service
+description: Plug in CA certificates for Istio-based service mesh add-on on Azure Kubernetes Service
 ms.topic: conceptual
 ms.custom: devx-track-azurecli
 ms.date: 12/04/2023
+ms.author: shasb
+author: shashankbarsin
 ---
 
-# Plug in CA certificates for Istio-based service mesh add-on on Azure Kubernetes Service (preview)
+# Plug in CA certificates for Istio-based service mesh add-on on Azure Kubernetes Service
 
-In the Istio-based service mesh addon for Azure Kubernetes Service (preview), by default the Istio certificate authority (CA) generates a self-signed root certificate and key and uses them to sign the workload certificates. To protect the root CA key, you should use a root CA, which runs on a secure machine offline. You can use the root CA to issue intermediate certificates to the Istio CAs that run in each cluster. An Istio CA can sign workload certificates using the administrator-specified certificate and key, and distribute an administrator-specified root certificate to the workloads as the root of trust. This article addresses how to bring your own certificates and keys for Istio CA in the Istio-based service mesh add-on for Azure Kubernetes Service.
+In the Istio-based service mesh addon for Azure Kubernetes Service, by default the Istio certificate authority (CA) generates a self-signed root certificate and key and uses them to sign the workload certificates. To protect the root CA key, you should use a root CA, which runs on a secure machine offline. You can use the root CA to issue intermediate certificates to the Istio CAs that run in each cluster. An Istio CA can sign workload certificates using the administrator-specified certificate and key, and distribute an administrator-specified root certificate to the workloads as the root of trust. This article addresses how to bring your own certificates and keys for Istio CA in the Istio-based service mesh add-on for Azure Kubernetes Service.
 
 [ ![Diagram that shows root and intermediate CA with Istio.](./media/istio/istio-byo-ca.png) ](./media/istio/istio-byo-ca.png#lightbox)
 
 This article addresses how you can configure the Istio certificate authority with a root certificate, signing certificate and key provided as inputs using Azure Key Vault to the Istio-based service mesh add-on.
 
-[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
-
 ## Before you begin
 
-### Verify Azure CLI and aks-preview extension versions
-
-The add-on requires:
-* Azure CLI version 2.49.0 or later installed. To install or upgrade, see [Install Azure CLI][install-azure-cli].
-* `aks-preview` Azure CLI extension of version 0.5.163 or later installed
-
-You can run `az --version` to verify above versions.
-
-To install the aks-preview extension, run the following command:
-
-```azurecli-interactive
-az extension add --name aks-preview
-```
-
-Run the following command to update to the latest version of the extension released:
-
-```azurecli-interactive
-az extension update --name aks-preview
-```
-
-### Register the _AzureServiceMeshPreview_ feature flag
-
-Register the `AzureServiceMeshPreview` feature flag by using the [az feature register][az-feature-register] command:
-
-```azurecli-interactive
-az feature register --namespace "Microsoft.ContainerService" --name "AzureServiceMeshPreview"
-```
-
-It takes a few minutes for the feature to register. Verify the registration status by using the [az feature show][az-feature-show] command:
-
-```azurecli-interactive
-az feature show --namespace "Microsoft.ContainerService" --name "AzureServiceMeshPreview"
-```
-
-When the status reflects *Registered*, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [az provider register][az-provider-register] command:
+### Verify Azure CLI version
 
-```azurecli-interactive
-az provider register --namespace Microsoft.ContainerService
-```
+The add-on requires Azure CLI version 2.57.0 or later installed. You can run `az --version` to verify version. To install or upgrade, see [Install Azure CLI][azure-cli-install].
 
 ### Set up Azure Key Vault
 
diff --git a/articles/aks/istio-upgrade.md b/articles/aks/istio-upgrade.md
@@ -1,12 +1,13 @@
 ---
-title: Upgrade Istio-based service mesh add-on for Azure Kubernetes Service (preview)
-description: Upgrade Istio-based service mesh add-on for Azure Kubernetes Service (preview).
+title: Upgrade Istio-based service mesh add-on for Azure Kubernetes Service
+description: Upgrade Istio-based service mesh add-on for Azure Kubernetes Service
 ms.topic: conceptual
 ms.date: 05/04/2023
-
+ms.author: shasb
+author: shashankbarsin
 ---
 
-# Upgrade Istio-based service mesh add-on for Azure Kubernetes Service (preview)
+# Upgrade Istio-based service mesh add-on for Azure Kubernetes Service
 
 This article addresses upgrade experiences for Istio-based service mesh add-on for Azure Kubernetes Service (AKS).
 
