Prerequisite CLI tools

You will need in this tutorial:

  • openshift

    • Mac: brew install openshift-cli

  • minishift

  • docker

    • Mac OS

    • Fedora: dnf install docker

  • kubectl

    • Mac OS

    • Fedora: dnf install kubernetes-client

  • oc (eval $(minishift oc-env))

  • Apache Maven

    • Mac OS

    • Fedora: dnf install maven

  • stern

  • istioctl (will be installed via the steps below)

  • curl, gunzip, tar

    • Mac OS: built-in or part of your bash shell

    • Fedora: should also be installed already, but just in case…​ dnf install curl gzip tar

  • git

    • dnf install git

  • siege

    • MAC OS: brew install siege

    • Fedora: dnf install siege

If you want to validate if everything is installed at once, just open a terminal and run:

curl -sL | HAS_ALLOW_UNSAFE=y bash -s

The output should be something like:

✔ minishift
✔ docker 18.09.0
✔ oc
✔ kubectl
✔ git 2.17.2
✔ mvn 3.5.0
✔ curl 7.54.0
✔ stern 1.6.0
✔ siege 4.0.4

You can check quickly if you are missing any tool and decide if you want to install or not.

Setup minishift

In case of using Minishift you need at least minishift v1.24.0.


# add the location of minishift executable to PATH
# I also keep other handy tools like kubectl and
# in that directory

minishift profile set istio-tutorial
minishift config set memory 8GB
minishift config set cpus 3
minishift config set image-caching true
minishift config set openshift-version v3.11.0
minishift addon enable admin-user

#cdk 3.7 bug - docker url check
minishift config set skip-startup-checks true

minishift start
#This needs to be executed again if you restart minishift.
minishift ssh -- sudo setenforce 0

# Openshift console bug. anyuid needs to be applied after startup
minishift addon apply anyuid

Setup environment

eval $(minishift oc-env)
oc login $(minishift ip):8443 -u admin -p admin
In this tutorial, you will often be polling the customer endpoint with curl, while simultaneously viewing logs via stern or and issuing commands via oc and istioctl. Consider using three terminal windows.

Upstream Istio installation


# Mac OS:
curl -L | tar xz

# Fedora/RHEL:
curl -L | tar xz

# Both:
cd istio-1.1.9
export ISTIO_HOME=`pwd`
oc apply -f install/kubernetes/helm/istio-init/files/crd-11.yaml
kubectl apply -f install/kubernetes/helm/istio-init/files/crd-11.yaml

oc apply -f install/kubernetes/istio-demo.yaml
kubectl apply -f install/kubernetes/istio-demo.yaml

oc project istio-system
kubectl config set-context $(kubectl config current-context) --namespace=istio-system

oc expose svc istio-ingressgateway --port=80
oc expose svc grafana
oc expose svc prometheus
oc expose svc tracing
oc expose service kiali --path=/kiali
oc adm policy add-cluster-role-to-user admin system:serviceaccount:istio-system:kiali-service-account -z default

Wait for Istio’s components to be ready

$ oc get pods -w
$ kubectl get pods -w

NAME                                        READY     STATUS      RESTARTS   AGE
grafana-55cd86b44c-2vndc                  1/1     Running     0          88m
istio-citadel-f9fbdd9df-xzzr7             1/1     Running     0          88m
istio-cleanup-secrets-1.1.6-d5css         0/1     Completed   0          88m
istio-egressgateway-895fb885d-bdqkv       1/1     Running     0          89m
istio-galley-5797db85b8-4866m             1/1     Running     0          89m
istio-grafana-post-install-1.1.6-6dk5h    0/1     Completed   0          89m
istio-ingressgateway-58f959476f-82zsf     1/1     Running     0          89m
istio-pilot-57d4bb58ff-tt8r4              2/2     Running     0          88m
istio-policy-79b88bcdf9-qqp4r             2/2     Running     6          88m
istio-security-post-install-1.1.6-8mmxj   0/1     Completed   0          88m
istio-sidecar-injector-7698fc57fb-dlnx4   1/1     Running     0          88m
istio-telemetry-b9799c89-d94hj            2/2     Running     6          88m
istio-tracing-7454db9d79-9qwqr            1/1     Running     0          88m
kiali-66d74fc6cc-zdzzt                    1/1     Running     0          88m
prometheus-7d9fb4b69c-ww5w7               1/1     Running     0          88m

And if you need quick access to the OpenShift console

minishift console
On your first launch of the OpenShift console via minishift, you will receive a warning like "Your connection is not private". For our demo, simply select "Proceed to 192.168.xx.xx (unsafe)" to bypass the warning. Both the username and the password are set to admin, thanks to the admin-user add-on.