-
Notifications
You must be signed in to change notification settings - Fork 0
/
istio.md
306 lines (202 loc) · 8.59 KB
/
istio.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
---
myst:
html_meta:
"description lang=en": "Explore the potential of Istio, a robust service mesh solution, with our comprehensive guide. Learn how to effortlessly manage microservices, enhance CI/CD processes, and boost observability. Follow step-by-step instructions for Istio installation using istioctl and Helm, ensuring seamless microservices orchestration. Dive into Istio's powerful features and monitor your service mesh with Prometheus and Grafana."
"keywords": "Kubernetes, hands-on, Gulcan Topcu, Devops, istio, kube-proxy, grafana, prometheus, k3d, istioctl"
"property=og:locale": "en_US"
"property=og:image": "https://raw.githubusercontent.com/colossus06/kuberada-blog/main/og/istio.png"
---
<img src="https://raw.githubusercontent.com/colossus06/kuberada-blog/main/og/istio.png" alt="istio" class="bg-primary">
(istio)=
# Unlocking Istio's Power: A Step-by-Step Guide to Seamless Microservices Management
```{article-info}
:avatar: https://raw.githubusercontent.com/colossus06/kuberada-blog/main/og/author.png
:avatar-link: ../../../blogs/authors/gulcan.html
:author: Gulcan Topcu
:date: Jan 31, 2024
:read-time: 15 min read
:class-container: sd-p-2 sd-outline-light sd-rounded-2 sd-shadow-md
```
🏷️**Tagged with:**
```{button-link} ../../../blogs/tag/kubernetes.html
:color: success
:outline:
:shadow:
kubernetes
```
In the dynamic world of microservices, orchestrating, securing, and monitoring services can be intricate. Istio, a robust service mesh, steps in as the solution, offering a holistic approach to traffic management, security, and observability. We will see 2 different ways to install and get started with istio: with istioctl and helm. Let's dive into the intricacies of Istio and explore two different installation methods: using `istioctl` and Helm.
## In This Article:
1. Install Istio Components
* Using istioctl
* Using Helm
2. Enable Automatic Istio Sidecar Injection
3. Validate Istio-Proxy Sidecar Injection
4. Explore Pod Communication
5. Pod Communication Using Service Mesh
6. Monitor Service Mesh with Prometheus and Grafana
## Option 1: Installing Istio with `istioctl`
Begin by downloading Istioctl on Ubuntu:
```sh
curl -L https://istio.io/downloadIstio | sh -
```
Add Istioctl to your path:
```sh
export PATH=$HOME/.istioctl/bin:$PATH
```
Create a cluster with `k3d`:
```sh
k3d cluster create istio
```
Perform the Istio pre-installation check:
```sh
istioctl x precheck
```
![Istio Pre-installation Check](assets/20240130005014.png)
Install Istio with the default profile:
```sh
istioctl install
```
Verify the installation:
```sh
istioctl verify-install
```
Uninstall Istio:
```sh
istioctl uninstall --purge
```
## Option 2: Installing Istio with Helm
### Step 1: Install Base Istio Components
Add cluster-wide base components using Helm:
```sh
helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo update
helm search repo istio
```
![Helm Istio Repo Search](assets/20240130012326.png)
Customize default values:
```sh
helm show values istio/base
helm show values istio/istiod
```
Install CRDs and Istio control plane components:
```sh
k create ns istio-system
helm install istio-base istio/base -n istio-system
helm install istiod istio/istiod -n istio-system
```
![Helm Istio Installation](assets/20240130012500.png)
Check installed Helm charts:
```sh
k get po -n istio-system
helm ls -n istio-system
```
![Helm Charts Status](assets/20240130012847.png)
### Step 2: Enable Automatic Istio Sidecar Injection
Automate sidecar injection by labeling pods:
```sh
k label ns default istio-injection=enabled
```
Deploy the voting app resources with Helm:
```sh
helm repo add voting-app-istio https://gitlab.com/api/v4/projects/54113378/packages/helm/stable
helm repo update
helm search repo voting-app-istio
helm upgrade --install voting-app --set image.tag=latest voting-app-istio/charts
```
![Voting App Helm Deployment](assets/20240130013330.png)
### Step 3: Validate Istio-Proxy Sidecar Injection
Describe the voting-app pod to validate Istio-proxy sidecar injection:
```sh
k describe po worker-app | less
```
![Istio-Proxy Sidecar Injection Validation](assets/20240130014527.png)
### Step 4: Exploring Current Pod Communication
Identify NodePort and ClusterIP services:
![NodePort and ClusterIP Services](assets/20240130014611.png)
Shell into a pod and access a NodePort service:
```sh
k exec worker-deploy-7c4c4bc5bc-w4szc -it -- sh
apt update
apt install -y curl;curl voting-service
```
![Pod Communication Test](assets/20240130014937.png)
Use port-forwarding for communication:
```sh
k port-forward svc/voting-service 30004:80
```
Explore pod communication over kube-proxy.
### Step 5: Communicate Using Service Mesh
Delete kube-proxy and check if pods can still communicate over the service mesh:
```sh
k get ds -A
k delete ds kube-proxy -n kube-system
```
```sh
k exec worker-deploy-7c4c4bc5bc-w4szc -it -- curl voting-service
```
![Pod Communication Over Service Mesh](assets/20240130015639.png)
## Monitoring Service Mesh Using Prometheus and Grafana
```{tip}
You can find the grafana-value.yaml file on [blog's repository](https://github.com/kuberada/kuberada-labs/tree/main/get-started-with-istio). Clone the repo and change directory into `get-started-with-istio`.
```
**Find the labs here** 👇
```{button-link} https://github.com/kuberada/kuberada-labs
:color: success
Kuberada labs
```
Now that you know where to find the custom grafana yaml file, we're ready to create a monitoring stack for observing pod traffic.
**Adding and updating the repos:**
```sh
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add grafana https://grafana.github.io/helm-charts
```
**Installing Prometheus and Grafana:**
```sh
helm install prometheus prometheus-community/prometheus -n monitoring --create-namespace
helm install grafana grafana/grafana -n monitoring -f "grafana-value.yaml"
```
![Prometheus Grafana Installation](assets/20240130021111.png)
**Importing Istio Workload Dashboard:**
Login to Grafana, append `/dashboard/import` to the URL, type `7630` to import the Istio workload dashboard, and select Prometheus as the data source.
![Grafana Dashboard Import](assets/20240130021231.png)
Connect to the worker service and communicate with the voting-service:
```sh
k exec worker-deploy-7c4c4bc5bc-w4szc -it -- curl voting-service
k exec worker-deploy-7c4c4bc5bc-w4szc -it -- curl result-service
```
![Grafana Dashboard Traffic Monitoring](assets/20240130021456.png)
Select both source and destination for the reporter and examine the inbound traffic:
![Grafana Inbound Traffic](assets/20240130022139.png)
**Displaying the outgoing traffic from worker app:**
Intercepted traffic over the Istio proxy, displaying outgoing requests from `worker-deploy` to `voting-service` and `result-service`.
![Outgoing Traffic](assets/20240130022100.png)
![Outgoing Traffic](assets/20240130022118.png)
**Displaying the incoming requests in result and voting apps:**
Incoming requests to result app by worker app:
![Incoming Requests to Result App](assets/20240130022258.png)
Incoming requests to the voting app:
![Incoming Requests to Voting App](assets/20240130022448.png)
## Cleaning
Delete all the resources you used in this lab:
```sh
k delete ns monitoring
k delete ns istio-system
helm uninstall voting-app
```
![](assets/20240130024004.png)
## Recap
In this blog, we have successfully set up Istio on our Kubernetes cluster and explored its powerful features for traffic management and observability. Use this hands-on guide as a foundation for further experimentation and Istio integration into your microservices architecture. Happy meshing!
### References
- [Istio Architecture](https://istio.io/latest/docs/ops/deployment/architecture/)
- [Istio Releases](https://istio.io/latest/news/releases/)
- [Istioctl profiles](https://istio.io/v1.1/docs/setup/kubernetes/additional-setup/config-profiles/)
- [Kubernetes Documentation](https://kubernetes.io/docs/)
- [Istio Documentation](https://istio.io/latest/docs/)
- [Helm Documentation](https://helm.sh/docs/)
- [Grafana Istio Workload Dashboard](https://grafana.com/grafana/dashboards/7630-istio-workload-dashboard/)
Happy meshing!
👉 For a wealth of knowledge, check our blog archives.📚✨
<div style="text-align: center;">
<h2>Did you like kuberada? 🐶 </h2>
</div>
<br>