deploy istio 1.3 for production

deploy istio for production cluster.

istio 1.3.5
kubernetes 1.16 w/o LoadBalancer
helm: 3.0

## prepare
# helm repo add istio.io https://storage.googleapis.com/istio-release/releases/1.3.5/charts/

version=1.3.5
wget -c https://github.com/istio/istio/releases/download/$version/istio-$version-linux.tar.gz
tar zxfv istio-$version-linux.tar.gz
cp istio-$version/bin/istioctl  /usr/local/bin/

# helm 2.x
helm template istio-$version/install/kubernetes/helm/istio-init --name istio-init --namespace istio-system > istio-init-$version.yaml
helm template install/kubernetes/helm/istio --name istio --namespace istio-system > istio-install-$version.yaml


# helm 3.x  default settings
helm template istio-init  istio-$version/install/kubernetes/helm/istio-init  --namespace istio-system > istio-init-$version.yaml

helm template istio istio-$version/install/kubernetes/helm/istio --namespace istio-system > istio-install-$version.yaml

# helm 3.x custom settings
# gateway type LoadBalancer ==> ClusterIP

helm template istio istio-$version/install/kubernetes/helm/istio --namespace istio-system \
--set gateways.istio-ingressgateway.type=ClusterIP \
> istio-install-$version.yaml

## for china use azure mirror image 
sed -i -e 's?docker.io?dockerhub.azk8s.cn?g' -e 's?quay.io?quay.azk8s.cn?g' -e 's?k8s.gcr.io?gcr.azk8s.cn/google-containers?g' istio*$version*.yaml

## init now
kubectl create namespace istio-system
kubectl apply -f istio-init-$version.yaml

# waiting for miniuts
watch -n1 'kubectl get crds | grep istio.io| wc -l'
#=>23 is OK then CTRL-C 

kubectl apply -f istio-install-$version.yaml

# change gateway type to ClusterIP
kubectl patch svc istio-ingressgateway -n istio-system -p '{"spec": {"type": "ClusterIP"}}'

kubectl edit svc istio-ingressgateway -n istio-system
REMOVE : nodeport: xxx number
EDIT:  type: LoadBalancer  ==> type: ClusterIP

refer:
https://istio.io/docs/setup/install/helm/
https://istio.io/docs/reference/config/installation-options/#global-options