Skip to main content
logoTetrate Istio Subscription PlusVersion: Latest

Prepare Your Cluster

Before onboarding your cluster to Tetrate Istio Subscription Plus (TIS Plus), it's crucial to perform several pre-checks to ensure a smooth onboarding process. This guide outlines the necessary checks and provides step-by-step instructions.

Onboarding Pre-Checks

  1. Verify TIS Plus Management Plane Access

    Ensure you have access to the TIS Plus Management Plane.

    • Follow the steps in TIS Plus Access to access the Management Plane using a browser or the tctl helper tool.
    • Verify that you can successfully log in and view your organization details.

  2. Confirm TIS Plus Images Availability

    Ensure all required TIS Plus images are available in your target repository.

    • Follow the steps in TIS Plus Software Images to sync images from the Tetrate private repository to your chosen target repository.
    • Verify that all required images are present in your target repository after the sync process.

  3. Set Up Pull Secrets in the TIS Plus Namespace

    If your Kubernetes cluster requires credentials to download TIS Plus images:

    • Create the TIS Plus namespace (default is tis-plus-system):

      kubectl get namespace tis-plus-system || kubectl create namespace tis-plus-system

    • Create the image pull secret:

      kubectl create secret docker-registry tis-plus-pull-secret \
          --docker-server=<your-registry-server> \
          --docker-username=<your-username> \
          --docker-password=<your-password> \
          --docker-email=<your-email> \
          -n tis-plus-system

  4. Verify Overall Cluster Health

    Ensure your cluster is in a healthy state.

    • Check the status of all nodes

      kubectl get nodes

      Ensure all nodes are in the Ready state.

    • Verify the status of all pods

      kubectl get pods --all-namespaces

      Look for any pods in CrashLoopBackOff, Error, or Pending states. Resolve any issues before proceeding.

    • Check for any problematic events

      kubectl get events --all-namespaces --sort-by='.lastTimestamp'

      Address any warning or error events before continuing.

  5. Check for Unhealthy Mutating Webhooks

    Mutating webhooks can interfere with the installation of new resources. Ensure all webhooks are healthy before proceeding.

    • List all mutating webhooks: 
      kubectl get mutatingwebhookconfigurations
    • For each webhook, check its status: 
      kubectl describe mutatingwebhookconfiguration webhook-name
    • Look for any issues in the Conditions section of the output. If you find any unhealthy webhooks, work with your cluster administrator to resolve the issues before proceeding.

  6. Check that Tracing and ALS services are enabled

    Tracing and ALS services should be enabled in the cluster so that post-onboarding, the traces and logs can be sent to the TIS+ Management Plane.

    • Check the Status of Tracing and ALS services:

      kubectl -n istio-system get configmap istio -o jsonpath='{.data.mesh}' | grep -E 'enableEnvoyAccessLogService|enableTracing'

      The output should look something like this:

      enableEnvoyAccessLogService: true
      enableTracing: true

    • If either Tracing or ALS services are disabled, enable them

Troubleshooting

If you encounter issues during the pre-checks:

  • Ensure your Kubernetes cluster meets the version requirements specified in the prerequisites.
  • Verify that Istio is correctly installed and functioning in your cluster.
  • Check your cluster's resource availability to ensure it can accommodate the TIS Plus components.
  • Review your network policies to ensure they allow communication between the necessary components.

Next Steps

After completing these pre-checks, your cluster should be ready for onboarding to TIS Plus. If you encounter any issues during these checks, please resolve them before proceeding with the onboarding process. For any questions or assistance, contact the Tetrate support team.