DevOps

Istio Tutorial: Getting Started with Istio Basics

Introduction

A practical way to manage microservices of a cloud-native application is to automate application network functions.

Istio is a configurable service mesh platform acting as a control plane, distributing the configuration to sidecar proxies and gateways. It is a popular option for connecting, monitoring, and securing containers in a Kubernetes cluster.

In this tutorial, you will learn how to install Istio, deploy a test application, and set up your Kubernetes cluster to work with the platform.

Istio Tutorial: Getting Started with Istio Basics

Prerequisites

  • A Kubernetes cluster (or minikube)
  • kubectl command-line tool

Download the Latest Istio Release

To download the latest release of Istio, navigate to the Istio release page on GitHub.

Alternatively, Linux users can use curl to download and extract the latest release automatically:

curl -L https://istio.io/downloadIstio | sh -

The command extracts the installation files to the folder named istio-[version]:

Downloading the latest Istio version using curl

To download an older version of Istio, use curl, but specify the version and the processor architecture by using the following syntax:

curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.6.8 TARGET_ARCH=x86_64 sh -

Istio Installation Guide

1. Start your Kubernetes cluster. This article uses minikube:

minikube start

2. Next, start Istio installation by moving in to the folder with the extracted files:

cd istio-1.9.2

3. The bin/ directory contains istioctl client binary. In Linux, add the client to your path by typing:

export PATH=$PWD/bin:$PATH

The variable set this way lasts only until you terminate the current shell session. To set the variable permanently, read how to set environment variables in Linux.

Note: To perform the above steps on Windows, manually extract the Istio installation archive and set the Windows environment variable for the istioctl binary.

4. Use the istioctl tool to initiate the installation process:

istioctl install --set profile=demo -y

The output confirms the successful installation:

Installing Istio using the instioctl tool

5. Istio can automatically inject Envoy sidecar proxies upon application deployment. To enable this, use kubectl to add a namespace label containing this instruction:

kubectl label namespace default istio-injection=enabled
Enabling istio-injection by labelling the namespace using kubectl

This concludes the Istio installation process.

Test Deployment via Bookinfo Application

The Istio installation archive contains all the files needed to deploy the sample application called Bookinfo.

1. Start by applying the bookinfo.yaml file using kubectl:

kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml

The system creates several deployments, services, and pods:

Applying the bookinfo.yaml file using kubectl

2. Check the running services:

kubectl get services
Checking active services using kubectl

3. Check if the pods are ready:

kubectl get pods

As the pods go up, Istio deploys sidecars along with them:

Checking active pods using kubectl

4. Wait until the READY label for each pod is 2/2. Then run the following command to see if the app is serving HTML pages correctly:

kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o ""

The output should be the title tag of the page, along with the title itself:

Confirming the successful initiation of the Bookstore application using curl

5. The next step is to open the app to outside traffic. Apply the bookinfo-gateway.yaml file from the samples folder:

kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

The output confirms that the application was successfully associated with the Istio gateway:

Applying the bookinfo-gateway.yaml file using kubectl

6. Use istioctl to analyze the configuration and check for potential issues:

istioctl analyze

If the system finds no issues, the following message is displayed:

Analyzing Istio system to find possible validation issues using the istioctl tool

7. To access the gateway set up in the previous step, set the ingress variables. First, export INGRESS_PORT:

export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')

8. Now, repeat the process for SECURE_INGRESS_PORT:

export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')

9. Use the echo command to check if the ports have been assigned successfully:

echo "$INGRESS_PORT" && echo "$SECURE_INGRESS_PORT"

The output shows the port numbers:

Confirming the successful port assignment for the ingress port and the secure ingress port

10. Export the INGRESS_HOST variable:

export INGRESS_HOST=$(minikube ip)

11. Check the variable with echo:

echo "$INGRESS_HOST"
Exporting the ingress host environmental variable

12. To direct traffic to the Istio Ingress Gateway, open a new terminal window and type the following command:

minikube tunnel

Minikube now serves as a load balancer for Istio. The output shows minikube directing traffic:

Using minikube tunnel to direct the traffic to the website

13. Go back to the previous terminal window and export the GATEWAY_URL variable, which consists of the INGRESS_HOST and INGRESS_PORT variables:

export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT

14. Use echo to see the entire IP address and port number:

echo "$GATEWAY_URL"
Checking the GATEWAY_URL variable using echo

15. Type the following command to view the external address of the application:

echo http://$GATEWAY_URL/productpage
Checking the web address of the Bookinfo site using echo

16. Copy the address obtained in the previous step and paste it into a web browser. The Bookinfo website loads successfully:

Screenshot of the Bookinfo app in Firefox

Set up a Kubernetes Cluster for Istio

Istio comes with a number of add-ons for popular Istio services, such as Grafana dashboard, Jaeger transaction tracing software, Prometheus metrics scraper, and Kiali management console.

1. Install those add-ons by applying the samples/addons folder:

kubectl apply -f samples/addons
Installing Istio add-ons from the sample/addons folder

Note: If the command returns errors, try executing it again since timing issues sometimes prevent the successful installation.

2. Now, create a Kubernetes Ingress resource for each of the addons. Do this by pasting the following into a yaml file.

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: istio-system
  namespace: istio-system
  annotations:
    kubernetes.io/ingress.class: istio
spec:
  rules:
  - host: my-istio-dashboard.io
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          serviceName: grafana
          servicePort: 3000
  - host: my-istio-tracing.io
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          serviceName: tracing
          servicePort: 9411
  - host: my-istio-logs-database.io
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          serviceName: prometheus
          servicePort: 9090
  - host: my-kiali.io
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          serviceName: kiali
          servicePort: 20001

3. Save the file and apply the configuration with kubectl:

kubectl apply -f [file-name]
Applying the yaml file with Istio addons Ingress resources

The add-ons are now configured and ready to be used.

Conclusion

Note: Learn how to do canary deployments with Istio.

After completing this tutorial, you should have been able to install and set up Istio in your Kubernetes cluster. You should also know how to deploy an application with Istio.

For more information about how Istio works, read What Is Istio? – Architecture, Features, Benefits and Challenges.

Đăng ký liền tay Nhận Ngay Bài Mới

Subscribe ngay

Cám ơn bạn đã đăng ký !

Lỗi đăng ký !

Add Comment

Click here to post a comment

Đăng ký liền tay
Nhận Ngay Bài Mới

Subscribe ngay

Cám ơn bạn đã đăng ký !

Lỗi đăng ký !