Installing Istio in GKE

Question

Found 2 ways of installing istio in GKE, not sure which is the recommended way and what is the difference. 1. Installing via lots of commands shown in the Istio document 2. I have an existing GKE cluster, their is an option to edit the cluster and add-on as Istio enabled

While tried the 2 way i cannot see any istio related services like citadel, galley, telemetry in the GKE Cluster workload UI console but i can see it running in the terminal if i run as kubectl get pods -n istio-system Is their any differance in the installation, which is the recommended way to install ?

Answer 1

Answering the question:

Found 2 ways of installing istio in GKE, not sure which is the recommended way and what is the difference.

Both ways are correct (enabling Istio on GKE addon and/or with istioctl/operator). The main difference is that there are some differences between them (version used, additional configuration options, automatic updates, etc.).

Citing the official documentation:

Should I use Istio on GKE?

While Istio on GKE does manage installation and upgrade, it uses default installation options for the control plane that are suited for most needs. However, you should be aware of these limitations:

• The version of Istio installed is tied to the GKE version, and you will not be able to update them independently.
• There are strong limitations over the configuration of the control plane. You should review these limitations before using the Istio on GKE add-on in production.

If you need to use a more recent open source version of Istio, or want greater control over your Istio control plane configuration (which may happen in some production use cases), we recommend that you use the open source version of Istio rather than the Istio on GKE add-on.

-- Cloud.google.com: Istio: Istio on GKE: Overview: Should I use Istio on GKE

Also worth to mention is that:

Note that the Istio on GKE add-on automatically sets the access scopes in the cluster's node pool for Cloud Monitoring, Logging, and Trace.

-- Cloud.google.com: Istio: Istio on GKE: Overview: Support

What that means is that the installation from Istio.io could require additional configuration/steps to send the logs to Stackdriver.

---

It's also worth to mention that there are some significant changes when it comes to GKE cluster that has 1.17.9-gke.6300 version or newer with Istio on GKE addon enabled.

Starting with version 1.6, the Istio on Google Kubernetes Engine add-on uses the Istio Operator for installation and configuration . The Istio Operator follows the Kubernetes Operator pattern. The Operator lets you configure Istio by defining a Kubernetes custom resource definition (CRD) for the Istio installation. The Operator then uses a controller to make changes to the installation to match the custom resource.

When you upgrade your cluster to 1.17.9-gke.6300 or higher, the Istio 1.6 Operator and control plane are installed alongside the existing 1.4.x Istio control plane. The upgrade requires user action and follows the dual control plane upgrade process (referred to as canary upgrades in the Istio documentation).

-- Cloud.google.com: Istio: Istion on GKE: Upgrade with Operator

---

Following on:

While tried the 2 way i cannot see any istio related services like citadel, galley, telemetry in the GKE Cluster workload UI console but i can see it running in the terminal if i run as kubectl get pods -n istio-system

Have you waited any time between kubectl reported the resources in istio-system and checking it in Cloud Console -> Kubernetes Engine -> Workloads?

You can also check if the boxes in below image are set correctly.