Google Kubernetes Engine

    1. Create a new cluster.

      The default installation of Istio requires nodes with >1 vCPU. If you are installing with the demo configuration profile, you can remove the argument to use the smaller n1-standard-1 machine size instead.

      To use the Istio CNI feature on GKE, please check the for prerequisite cluster configuration steps.

      An automatically created firewall rule does not open port 15017. This is needed by the Pilot discovery validation webhook.

      To review this firewall rule for master access:

      1. $ gcloud compute firewall-rules list --filter="name~gke-${CLUSTER_NAME}-[0-9a-z]*-master"

      To replace the existing rule and allow master access:

      1.     --zone $ZONE \
      2.     --project $PROJECT_ID

    3. Grant cluster administrator (admin) permissions to the current user. To create the necessary RBAC rules for Istio, the current user requires admin permissions.

    In some cases, a firewall rule must be explicitly created to allow cross-cluster traffic.

    The following instructions will allow communication between all clusters in your project. Adjust the commands as needed.

      2. $ ALL_CLUSTER_CIDRS=$(join_by , $(echo "${ALL_CLUSTER_CIDRS}"))
      3. $ ALL_CLUSTER_NETTAGS=$(gcloud --project $PROJECT_ID compute instances list --format='value(tags.items.[0])' | sort | uniq)
      4. $ ALL_CLUSTER_NETTAGS=$(join_by , $(echo "${ALL_CLUSTER_NETTAGS}"))