Marcelo Carmona
Published on

Istio setup

Authors
istio and kubernetes logo

Istio is an open source service mesh that layers transparently onto existing distributed applications. Istio's powerful features provide a uniform and more efficient way to secure, connect, and monitor services. https://istio.io

Install Istio (mac os x)

check kubernetes namespaces kubectl get ns

check kubernetes namespaces

Install istioctl

brew install istioctl
istioctl install
istioctl install

With kubectl get ns you are going to see the new namespace created by istioctl

check kubernetes namespaces after install istioctl

With kubectl get pod -n istio-system you are going to see the new pods created by istio

check kubernetes namespaces after install istioctlistio mesh diagram

Istio is a very feature-rich service mesh that includes the following capabilities.

  • Traffic Management: This is the most basic feature of Istio.
  • Policy Control: Enables access control systems, telemetry capture, quota management, billing, etc.
  • Observability: Implemented in the sidecar proxy.
  • Security Authentication: The Citadel component does key and certificate management.

Run an example in Kubernetes

I'm going to use this example microservices-demo

git clone https://github.com/GoogleCloudPlatform/microservices-demo.git
# or download https://github.com/GoogleCloudPlatform/microservices-demo/blob/master/release/kubernetes-manifests.yaml
cd microservices-demo/release

Run the demo manifest kubectl apply -f kubernetes-manifests.yaml

run the demo manifest

Run kubectl get pod and wait until the status is running

wait until the status is runningthe demo is running

To configure the Envoy proxy injection we need to label the default namespace with istio-injection=enabled

Let see the current labels with kubectl get ns default --show-labels

show kubernetes labels

Run kubectl label namespace default istio-injection=enabled

show kubernetes labels with istio-injection=enabled

So now we can shut down all the pods and re-create them to see the proxies been injected

Run kubectl delete -f kubernetes-manifests.yaml

delete pods

Run kubectl get pod

check that we don't have pods

Run kubectl apply -f kubernetes-manifests.yaml

Run kubectl get pod

check the news pods

You can see now the proxy inside of any pod with kubectl describe pod <a-pod-name>

see the istio container inside the pod

Install Istio integrations for visualization and monitoring (kiali grafana promeheus and jeager)

We are going to use this addons

git clone https://github.com/istio/istio.git
cd istio
# To quickly deploy all addons:
kubectl apply -f samples/addons
install istio integrations

You can see the new pods running with kubectl get pod -n istio-system

show addons

To see the services run kubectl get svc -n istio-system

show services

port-foward to access to the frontend and kiali

Run kubectl port-forward svc/kiali -n istio-system 8081:80

port foward frontend

Run kubectl port-forward svc/kiali -n istio-system 20001

port foward kiali

Go to http://localhost:20001/ and you will see the Kiali dashboard

kiali screen shot