Prerequisites Steps for GKE:
An automatically created firewall rule does not open port 15017. This is needed by the Pilot discovery validation webhook.
gcloud compute firewall-rules list --filter="name~gke-${CLUSTER_NAME}-[0-9a-z]*-master" gcloud compute firewall-rules update <firewall-rule-name> --allow tcp:10250,tcp:443,tcp:15017
Grant cluster administrator (admin) permissions to the current user. To create the necessary RBAC rules for Istio, the current user requires admin permissions.
kubectl create clusterrolebinding cluster-admin-binding \ --clusterrole=cluster-admin \ --user=$(gcloud config get-value core/account)
Resources should have app label in order to Kiali dashboard to work
Note: If you are planning to use mTLS for POD to POD (Service to Service) communication, need to install istio-csr for automated certificate management.
References
https://github.com/cert-manager/istio-csr (Needed only if we are planning to use mTLS)
Installation Methods:
Standalone(Single Cluster and Single Network without HA):
helm repo add istio https://istio-release.storage.googleapis.com/charts kubectl create namespace istio-system helm install istio-base istio/base -n istio-system helm install istiod istio/istiod -n istio-system --wait kubectl create namespace istio-ingressgateway kubectl label namespace istio-ingressgateway istio-injection=enabled helm install istio-ingressgateway istio/gateway -n istio-ingress --wait helm status istiod -n istio-system