istio · istio-testing · Dec 12, 2024 · Dec 5, 2024 · Dec 5, 2024 · Dec 6, 2024
@@ -25,7 +25,7 @@ The following lists some of the pros and cons of each of the available methods:
 
 1. [Install using Helm](/docs/setup/install/helm/)
 
-    Using Helm charts allows easy integration with Helm based workflows and automated resource pruning during upgrades.
+    Allows easy integration with Helm-based workflows and automated resource pruning during upgrades.
 
     Pros:
 
@@ -37,7 +37,7 @@ The following lists some of the pros and cons of each of the available methods:
     - Fewer checks and validations compared to `istioctl install`.
     - Some administrative tasks require more steps and have higher complexity.
 
-1. Generated Kubernetes manifest
+1. Apply a generated Kubernetes manifest
 
     - [Generating Kubernetes manifests with `istioctl`](/docs/setup/install/istioctl/#generate-a-manifest-before-installation)
     - [Generating Kubernetes manifests with `helm`](/docs/setup/install/helm/#generate-a-manifest-before-installation)

@@ -230,27 +230,32 @@ $ kubectl get crd -oname | grep --color=never 'istio.io' | xargs kubectl delete
 
 You can generate the manifests for each component before installing Istio using the `helm template`
 sub-command.
-For example, use the following command to generate a manifest that can be installed with `kubectl` for the `istiod` component:
+For example, to generate a manifest that can be installed with `kubectl` for the `istiod` component:
 
 {{< text syntax=bash snip_id=none >}}
-$ helm template istiod istio/istiod -n istio-system --kube-version <Kubernetes version of target cluster> > istiod.yaml
+$ helm template istiod istio/istiod -n istio-system --kube-version {Kubernetes version of target cluster} > istiod.yaml
 {{< /text >}}
 
-The generated manifest can be used to inspect what exactly is installed as well as to track changes to the manifest over time. Note that any additional flags or values overrides you would normally use for installation should also be supplied to the `helm template` command.
+The generated manifest can be used to inspect what exactly is installed as well as to track changes to the manifest over time.
 
-The following can be used to install the manifest generated above, which will create the `istiod` component in the target cluster:
+{{< tip >}}
+Any additional flags or custom values overrides you would normally use for installation should also be supplied to the `helm template` command.
+{{< /tip >}}
+
+To install the manifest generated above, which will create the `istiod` component in the target cluster:
 
 {{< text syntax=bash snip_id=none >}}
 $ kubectl apply -f istiod.yaml
 {{< /text >}}
 
-Note that this alternative installation method may not apply the resources with the same sequencing of dependencies as `helm install` and is not tested in Istio releases.
-
 {{< warning >}}
 If attempting to install and manage Istio using `helm template`, please note the following caveats:
 
 1. The Istio namespace (`istio-system` by default) must be created manually.
 
+1. Resources may not be installed with the same sequencing of dependencies as
+`helm install` and is not tested as part of Istio releases.
+
 1. While `helm install` will automatically detect environment specific settings from your Kubernetes context,
 `helm template` cannot as it runs offline, which may lead to unexpected results. In particular, you must ensure
 that you follow [these steps](/docs/ops/best-practices/security/#configure-third-party-service-account-tokens) if your

@@ -110,20 +110,17 @@ $ istioctl install --set profile=demo
 
 You can generate the manifest before installing Istio using the `manifest generate`
 sub-command.
-For example, use the following command to generate a manifest for the `default` profile:
+For example, use the following command to generate a manifest for the `default` profile that can be installed with `kubectl`:
 
 {{< text bash >}}
 $ istioctl manifest generate > $HOME/generated-manifest.yaml
 {{< /text >}}
 
-The generated manifest can be used to inspect what exactly is installed as well as to track changes to the manifest
-over time. While the `IstioOperator` CR represents the full user configuration and is sufficient for tracking it,
-the output from `manifest generate` also captures possible changes in the underlying charts and therefore can be
-used to track the actual installed resources.
+The generated manifest can be used to inspect what exactly is installed as well as to track changes to the manifest over time. While the `IstioOperator` CR represents the full user configuration and is sufficient for tracking it, the output from `manifest generate` also captures possible changes in the underlying charts and therefore can be used to track the actual installed resources.
 
-The output from `manifest generate` can also be used to install Istio using `kubectl apply` or equivalent. However,
-these alternative installation methods may not apply the resources with the same sequencing of dependencies as
-`istioctl install` and are not tested in an Istio release.
+{{< tip >}}
+Any additional flags or custom values overrides you would normally use for installation should also be supplied to the `istioctl manifest generate` command.
+{{< /tip >}}
 
 {{< warning >}}
 If attempting to install and manage Istio using `istioctl manifest generate`, please note the following caveats:
@@ -137,12 +134,13 @@ not create the `istiod-default-validator` validating webhook configuration unles
     $ istioctl manifest generate --set values.defaultRevision=default
     {{< /text >}}
 
+1. Resources may not be installed with the same sequencing of dependencies as
+`istioctl install` and is not tested as part of Istio releases.
+
 1. While `istioctl install` will automatically detect environment specific settings from your Kubernetes context,
 `manifest generate` cannot as it runs offline, which may lead to unexpected results. In particular, you must ensure
 that you follow [these steps](/docs/ops/best-practices/security/#configure-third-party-service-account-tokens) if your
-Kubernetes environment does not support third party service account tokens.
-
-Note that it is recommended to append `--cluster-specific` to your `istio manifest generate` command to detect the target cluster's environment, which will embed those cluster-specific environment settings into the generated manifests. This does require network access to a live cluster, however.
+Kubernetes environment does not support third party service account tokens. It is recommended to append `--cluster-specific` to your `istio manifest generate` command to detect the target cluster's environment, which will embed those cluster-specific environment settings into the generated manifests. This requires network access to your running cluster.
 
 1. `kubectl apply` of the generated manifest may show transient errors due to resources not being available in the
 cluster in the correct order.