A service mesh is a network of cloud-native microservices. It is also referred to as horizontal networking among microservices. A service mesh is how one handles service-to-service communication. So Service mesh is a concept as well as a category of software tools that enable horizontal service to service communication. Practically service mesh is implemented by using network proxies aka service proxies. These service proxies are deployed alongside application code, mostly as a sidecar container. The application does not need to be aware of these service proxies or service mesh. Some of the examples of Service mesh are Istio, Linkerd and Consul connect. Envoy is one of the most used service proxies.
As mentioned above Istio is a tool to handle service mesh. Istio enables one you to connect, secure, control, and observe microservices that are part of a cloud-native application. Istio uses Envoy as a service proxy that in turn is used as a sidecar container. Istio is originally built by a collaboration of Google, IBM, Lyft and the community. It is an open-source tool. Istio can be used with various kinds of container orchestration tools. In this blog, we will take Kubernetes as container orchestration tools. Istio includes APIs that can be integrated into any logging platform, or telemetry or policy system. By doing so Istio lets you offload developers with the complexity of service control and management.
In this blog, you will learn how to:
Before you start you need to have a multi-node Kubernetes cluster installed. Make sure that you have an admin-like privilege to work on this cluster. If you don’t have a Kubernetes cluster setup, you can follow the blog to see how to set up a Kubernetes cluster on AWS ec2 instances [ Read: How to install Kubernetes cluster on AWS EC2 instances ]
Having said that this Istio setup will work on other Kubernetes clusters as well hosted or otherwise.
Log in to the master node (Or from wherever you run Kubectl command to manage your cluster)
Download the Istio package and initialize the PATH variable to access the Istioctl binary.
curl -L https://istio.io/downloadIstio | sh -
cd istio-1.5.0
export PATH=$PWD/bin:$PATH
Istio provides multiple different ways to get started with installation, based on what you want to do with Istio. There is a different set of objects that can be created if you are using it for learning purposes, and there are other sets of objects/configurations if you are installing it in your test/production setup. These various set of config/setting combination is also known as “profile”. To begin with, you can start with the “demo” profile. It consumes fewer resources with low footprints and installs more associated tools such as Prometheus, Kiali, Jaeger, Grafana, etc. You can list down all the profiles and compare their configuration as shown below -
istioctl profile list
istioctl profile dump demo >demo.txt
istioctl profile dump default >default.txt
vim -d demo.txt default.txt
Make sure your server has enough CPU/Mem resources. The demo profile makes sure that it installs Grafana, Prometheus Kiali, and other associated configuration objects.
istioctl manifest apply --set profile=demo
Add a namespace label to instruct Istio to automatically inject Envoy sidecar proxies when you deploy your application later:
kubectl label namespace default istio-injection=enabled
Istio uses a book-info application to explain its features and configurations. It is important to begin learning Istio with this example, as the documentation refers to this application quite often.
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
kubectl get services
kubectl get deploy
Wait for 5 minutes and then make sure it is working fine.
kubectl get po
kubectl get ep
kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
This should give you an output containing "<title>Simple Bookstore App</title>"
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
kubectl get gateway
kubectl get svc istio-ingressgateway -n istio-system
kubectl edit svc istio-ingressgateway -n istio-system
Change the service type from Loadbalancer to NodePort. Then find the nodeport corresponding to http2.
kubectl get svc istio-ingressgateway -n istio-system
kubectl get ep istio-ingressgateway -n istio-system
kubectl describe svc istio-ingressgateway -n istio-system |grep -i http2 |grep -i nodeport
The command above will show the value of the nodeport assigned. Now open the web browser and type:
http://public-ip:nodeport-value/productpage
You shall see a book-info website. Refresh the page multiple times and see the difference.
Now that you know how to deploy a microservices-based application using Istio, you can check out the training in Istio offered on zekeLabs.
Keywords : istio kubernetes microservices
Kubernetes is increasingly becoming the de-facto standard for container-orchestration. It is used for deploying and managing microservice-based applications. It also helps in scaling and maintaining as well. It is open-source software that was initially rel...
In this article, we would be discussing what Helm is and how it is used for the simple deployment of applications in the Kubernetes network. Continue reading to learn more about Helm in Kubernetes.
Kubernetes is a container orchestration platform that can be used to deploy and manage a containerized applications. Generally, Microservices-based applications are first converted into Docker (or other container runtimes) images and then these microservice...