# setup Istio into your kubernetes cluster
$ istioctl manifest apply --set profile=demo
# To enable the Grafana dashboard on top of the default profile
$ istioctl manifest apply --set addonComponents.grafana.enabled=true
Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT
- Applying manifest for component Base...
✔ Finished applying manifest for component Base.
- Applying manifest for component Pilot...
✔ Finished applying manifest for component Pilot.
Waiting for resources to become ready...
- Applying manifest for component EgressGateways...
- Applying manifest for component IngressGateways...
- Applying manifest for component AddonComponents...
✔ Finished applying manifest for component EgressGateways.
✔ Finished applying manifest for component IngressGateways.
✔ Finished applying manifest for component AddonComponents.
✔ Installation complete
Verify
kubectl get svc -n istio-system
kubectl get pods -n istio-system
# verify generated
istioctl manifest generate <your original installation options> > $HOME/generated-manifest.yaml
istioctl verify-install -f $HOME/generated-manifest.yaml
Enable
Add a namespace label to instruct Istio to automatically inject Envoy sidecar proxies when you deploy your application later:
switch on/off istio for default namespace
kubectl label namespace default istio-injection=enabled
kubectl get namespace -L istio-injection
# Disabling injection for the `default` namespace
kubectl label namespace default istio-injection-
if you want to exclude a specific pod from getting istio sidecar injected, add this to Deployment kind