Installing istio with Rancher is quite easy, but in combination wit alerting for MS Teams some guidance might be helpful. I guide you trough the process of the complete installation

Istio Operator

Installation

Prerequisites

Since we want to use restricted pod security policies with Istio we have to use the Istio CNI plugin.

Follow the instructions from the Rancher documentation.

1. In Rancher ensure ingress Gateway is enabled → see Installation and Configuration Details Container Platform

2. Open the “Cluster Explorer”

3. Select the desired project

4. Open “Apps & Marketplace” and open “istio

5. Select “Components” and then select these options

   • Version: 1.9.300 (latest, depends on the version of Rancher)
   • Install into Project: System
   • Components: select all

   

6. We override some of the default options with the istio-overlay-file Select Overlay File and add this snippet:

   apiVersion: install.istio.io/v1alpha1
   kind: IstioOperator
   spec:
   hub: docker.intra # not needed
   values:
     pilot:
     autoscaleEnabled: true
     autoscaleMax: 5
     autoscaleMin: 3
   components:
     ingressGateways:
       - name: istio-ingressgateway
         k8s:
           hpaSpec:
             minReplicas: 3
     egressGateways:
       - name: istio-egressgateway
         k8s:
           hpaSpec:
             minReplicas: 3
     pilot:
       k8s:
         hpaSpec:
           minReplicas: 3

to clarify

In previous versions we had the custom answers, but we have to clarify what is still needed: Case 00309732 · Custom answers equivalent for istio 1.9 (suse.com)

Some of them are obsolete as they are either enabled by default or not valid anymore

gateways.istio-egressgateway.autoscaleMin = 3
gateways.istio-ingressgateway.autoscaleMin = 3
global.controlPlaneSecurityEnabled = true
global.outboundTrafficPolicy.mode = REGISTRY_ONLY
kiali.hub = ci-tools.intra:5000
kiali.replicaCount = 3

1. Click “Install”

Reference

Installation of istio is documented at Confluence.

Some reference documentation for this:

• IstioOperator Options
• Global Mesh Options
• Health Checking of Istio Services
• Istio Configuration Options
• Enable Istio with Pod Security Policies
• Overlay File

Tips

Check what’s installed

See also Install with Istioctl

kubectl -n istio-system get IstioOperator installed-state -o yaml