Prepare Your Cluster
Before onboarding your cluster to Tetrate Istio Subscription Plus (TIS Plus), it's crucial to perform several pre-checks to ensure a smooth onboarding process. This guide outlines the necessary checks and provides step-by-step instructions.
Onboarding Pre-Checks
Verify TIS Plus Management Plane Access
Ensure you have access to the TIS Plus Management Plane.
- Follow the steps in TIS Plus Access to access the Management Plane using a browser or the tctl helper tool.
- Verify that you can successfully log in and view your organization details.
Confirm TIS Plus Images Availability
Ensure all required TIS Plus images are available in your target repository.
- Follow the steps in TIS Plus Software Images to sync images from the Tetrate private repository to your chosen target repository.
- Verify that all required images are present in your target repository after the sync process.
Set Up Pull Secrets in the TIS Plus Namespace
If your Kubernetes cluster requires credentials to download TIS Plus images:
-
Create the TIS Plus namespace (default is tis-plus-system):
kubectl get namespace tis-plus-system || kubectl create namespace tis-plus-system
-
Create the image pull secret:
kubectl create secret docker-registry tis-plus-pull-secret \
--docker-server=<your-registry-server> \
--docker-username=<your-username> \
--docker-password=<your-password> \
--docker-email=<your-email> \
-n tis-plus-system
-
Verify Overall Cluster Health
Ensure your cluster is in a healthy state.
-
Check the status of all nodes
kubectl get nodes
Ensure all nodes are in the
Ready
state. -
Verify the status of all pods
kubectl get pods --all-namespaces
Look for any pods in
CrashLoopBackOff
,Error
, orPending
states. Resolve any issues before proceeding. -
Check for any problematic events
kubectl get events --all-namespaces --sort-by='.lastTimestamp'
Address any warning or error events before continuing.
-
Check for Unhealthy Mutating Webhooks
Mutating webhooks can interfere with the installation of new resources. Ensure all webhooks are healthy before proceeding.
- List all mutating webhooks:
kubectl get mutatingwebhookconfigurations
- For each webhook, check its status:
kubectl describe mutatingwebhookconfiguration webhook-name
- Look for any issues in the Conditions section of the output. If you find any unhealthy webhooks, work with your cluster administrator to resolve the issues before proceeding.
- List all mutating webhooks:
Check that Tracing and ALS services ae enabled
Tracing and ALS services should be enabled in the cluster so that post-onboarding, the traces and logs can be sent to the TIS+ Management Plane.
-
Check the Status of Tracing and ALS services:
kubectl -n istio-system get configmap istio -o jsonpath='{.data.mesh}' | grep -E 'enableEnvoyAccessLogService|enableTracing'
The output should look something like this:
enableEnvoyAccessLogService: true
enableTracing: true -
If either Tracing or ALS services are disabled, enable them
-
Troubleshooting
If you encounter issues during the pre-checks:
- Ensure your Kubernetes cluster meets the version requirements specified in the prerequisites.
- Verify that Istio is correctly installed and functioning in your cluster.
- Check your cluster's resource availability to ensure it can accommodate the TIS Plus components.
- Review your network policies to ensure they allow communication between the necessary components.
Next Steps
After completing these pre-checks, your cluster should be ready for onboarding to TIS Plus. If you encounter any issues during these checks, please resolve them before proceeding with the onboarding process. For any questions or assistance, contact the Tetrate support team.