Introduction
A practical way to manage microservices of a cloud-native application is to automate application network functions.
Istio is a configurable service mesh platform acting as a control plane, distributing the configuration to sidecar proxies and gateways. It is a popular option for connecting, monitoring, and securing containers in a Kubernetes cluster.
In this tutorial, you will learn how to install Istio, deploy a test application, and set up your Kubernetes cluster to work with the platform.
Prerequisites
- A Kubernetes cluster (or minikube)
- kubectl command-line tool
Download the Latest Istio Release
To download the latest release of Istio, navigate to the Istio release page on GitHub.
Alternatively, Linux users can use curl
to download and extract the latest release automatically:
curl -L https://istio.io/downloadIstio | sh -
The command extracts the installation files to the folder named istio-[version]
:
To download an older version of Istio, use curl
, but specify the version and the processor architecture by using the following syntax:
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.6.8 TARGET_ARCH=x86_64 sh -
Istio Installation Guide
1. Start your Kubernetes cluster. This article uses minikube:
minikube start
2. Next, start Istio installation by moving in to the folder with the extracted files:
cd istio-1.9.2
3. The bin/
directory contains istioctl
client binary. In Linux, add the client to your path by typing:
export PATH=$PWD/bin:$PATH
The variable set this way lasts only until you terminate the current shell session. To set the variable permanently, read how to set environment variables in Linux.
Note: To perform the above steps on Windows, manually extract the Istio installation archive and set the Windows environment variable for the istioctl binary.
4. Use the istioctl
tool to initiate the installation process:
istioctl install --set profile=demo -y
The output confirms the successful installation:
5. Istio can automatically inject Envoy sidecar proxies upon application deployment. To enable this, use kubectl
to add a namespace label containing this instruction:
kubectl label namespace default istio-injection=enabled
This concludes the Istio installation process.
Test Deployment via Bookinfo Application
The Istio installation archive contains all the files needed to deploy the sample application called Bookinfo.
1. Start by applying the bookinfo.yaml
file using kubectl
:
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
The system creates several deployments, services, and pods:
2. Check the running services:
kubectl get services
3. Check if the pods are ready:
kubectl get pods
As the pods go up, Istio deploys sidecars along with them:
4. Wait until the READY
label for each pod is 2/2
. Then run the following command to see if the app is serving HTML pages correctly:
kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o ""
The output should be the title tag of the page, along with the title itself:
5. The next step is to open the app to outside traffic. Apply the bookinfo-gateway.yaml
file from the samples
folder:
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
The output confirms that the application was successfully associated with the Istio gateway:
6. Use istioctl
to analyze the configuration and check for potential issues:
istioctl analyze
If the system finds no issues, the following message is displayed:
7. To access the gateway set up in the previous step, set the ingress variables. First, export INGRESS_PORT
:
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
8. Now, repeat the process for SECURE_INGRESS_PORT
:
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
9. Use the echo command to check if the ports have been assigned successfully:
echo "$INGRESS_PORT" && echo "$SECURE_INGRESS_PORT"
The output shows the port numbers:
10. Export the INGRESS_HOST
variable:
export INGRESS_HOST=$(minikube ip)
11. Check the variable with echo
:
echo "$INGRESS_HOST"
12. To direct traffic to the Istio Ingress Gateway, open a new terminal window and type the following command:
minikube tunnel
Minikube now serves as a load balancer for Istio. The output shows minikube directing traffic:
13. Go back to the previous terminal window and export the GATEWAY_URL
variable, which consists of the INGRESS_HOST
and INGRESS_PORT
variables:
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
14. Use echo
to see the entire IP address and port number:
echo "$GATEWAY_URL"
15. Type the following command to view the external address of the application:
echo http://$GATEWAY_URL/productpage
16. Copy the address obtained in the previous step and paste it into a web browser. The Bookinfo website loads successfully:
Set up a Kubernetes Cluster for Istio
Istio comes with a number of add-ons for popular Istio services, such as Grafana dashboard, Jaeger transaction tracing software, Prometheus metrics scraper, and Kiali management console.
1. Install those add-ons by applying the samples/addons
folder:
kubectl apply -f samples/addons
Note: If the command returns errors, try executing it again since timing issues sometimes prevent the successful installation.
2. Now, create a Kubernetes Ingress resource for each of the addons. Do this by pasting the following into a yaml
file.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: istio-system
namespace: istio-system
annotations:
kubernetes.io/ingress.class: istio
spec:
rules:
- host: my-istio-dashboard.io
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: grafana
servicePort: 3000
- host: my-istio-tracing.io
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: tracing
servicePort: 9411
- host: my-istio-logs-database.io
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: prometheus
servicePort: 9090
- host: my-kiali.io
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: kiali
servicePort: 20001
3. Save the file and apply the configuration with kubectl:
kubectl apply -f [file-name]
The add-ons are now configured and ready to be used.
Conclusion
Note: Learn how to do canary deployments with Istio.
After completing this tutorial, you should have been able to install and set up Istio in your Kubernetes cluster. You should also know how to deploy an application with Istio.
For more information about how Istio works, read What Is Istio? – Architecture, Features, Benefits and Challenges.
Đăng ký liền tay Nhận Ngay Bài Mới
Subscribe ngay
Cám ơn bạn đã đăng ký !
Lỗi đăng ký !
Add Comment