istio

Unlocking Istio’s Power: A Step-by-Step Guide to Seamless Microservices Management

Gulcan Topcu

Jan 31, 2024

15 min read

🏷️Tagged with:

kubernetes

In the dynamic world of microservices, orchestrating, securing, and monitoring services can be intricate. Istio, a robust service mesh, steps in as the solution, offering a holistic approach to traffic management, security, and observability. We will see 2 different ways to install and get started with istio: with istioctl and helm. Let’s dive into the intricacies of Istio and explore two different installation methods: using istioctl and Helm.

In This Article:

  1. Install Istio Components

    • Using istioctl

    • Using Helm

  2. Enable Automatic Istio Sidecar Injection

  3. Validate Istio-Proxy Sidecar Injection

  4. Explore Pod Communication

  5. Pod Communication Using Service Mesh

  6. Monitor Service Mesh with Prometheus and Grafana

Option 1: Installing Istio with istioctl

Begin by downloading Istioctl on Ubuntu:

curl -L https://istio.io/downloadIstio | sh -

Add Istioctl to your path:

export PATH=$HOME/.istioctl/bin:$PATH

Create a cluster with k3d:

k3d cluster create istio

Perform the Istio pre-installation check:

istioctl x precheck

Istio Pre-installation Check

Install Istio with the default profile:

istioctl install

Verify the installation:

istioctl verify-install

Uninstall Istio:

istioctl uninstall --purge

Option 2: Installing Istio with Helm

Step 1: Install Base Istio Components

Add cluster-wide base components using Helm:

helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo update
helm search repo istio

Helm Istio Repo Search

Customize default values:

helm show values istio/base
helm show values istio/istiod

Install CRDs and Istio control plane components:

k create ns istio-system
helm install istio-base istio/base -n istio-system
helm install istiod istio/istiod -n istio-system

Helm Istio Installation

Check installed Helm charts:

k get po -n istio-system
helm ls -n istio-system

Helm Charts Status

Step 2: Enable Automatic Istio Sidecar Injection

Automate sidecar injection by labeling pods:

k label ns default istio-injection=enabled

Deploy the voting app resources with Helm:

helm repo add voting-app-istio https://gitlab.com/api/v4/projects/54113378/packages/helm/stable
helm repo update
helm search repo voting-app-istio
helm upgrade --install voting-app --set image.tag=latest voting-app-istio/charts

Voting App Helm Deployment

Step 3: Validate Istio-Proxy Sidecar Injection

Describe the voting-app pod to validate Istio-proxy sidecar injection:

k describe po worker-app | less

Istio-Proxy Sidecar Injection Validation

Step 4: Exploring Current Pod Communication

Identify NodePort and ClusterIP services:

NodePort and ClusterIP Services

Shell into a pod and access a NodePort service:

k exec worker-deploy-7c4c4bc5bc-w4szc -it -- sh
apt update
apt install -y curl;curl voting-service

Pod Communication Test

Use port-forwarding for communication:

k port-forward svc/voting-service 30004:80

Explore pod communication over kube-proxy.

Step 5: Communicate Using Service Mesh

Delete kube-proxy and check if pods can still communicate over the service mesh:

k get ds -A
k delete ds kube-proxy -n kube-system
k exec worker-deploy-7c4c4bc5bc-w4szc -it -- curl voting-service

Pod Communication Over Service Mesh

Monitoring Service Mesh Using Prometheus and Grafana

Tip

You can find the grafana-value.yaml file on blog’s repository. Clone the repo and change directory into get-started-with-istio.

Find the labs here 👇

Kuberada labs

Now that you know where to find the custom grafana yaml file, we’re ready to create a monitoring stack for observing pod traffic.

Adding and updating the repos:

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add grafana https://grafana.github.io/helm-charts

Installing Prometheus and Grafana:

helm install prometheus prometheus-community/prometheus -n monitoring --create-namespace
helm install grafana grafana/grafana -n monitoring -f "grafana-value.yaml"

Prometheus Grafana Installation

Importing Istio Workload Dashboard:

Login to Grafana, append /dashboard/import to the URL, type 7630 to import the Istio workload dashboard, and select Prometheus as the data source.

Grafana Dashboard Import

Connect to the worker service and communicate with the voting-service:

k exec worker-deploy-7c4c4bc5bc-w4szc -it -- curl voting-service
k exec worker-deploy-7c4c4bc5bc-w4szc -it -- curl result-service

Grafana Dashboard Traffic Monitoring

Select both source and destination for the reporter and examine the inbound traffic:

Grafana Inbound Traffic

Displaying the outgoing traffic from worker app:

Intercepted traffic over the Istio proxy, displaying outgoing requests from worker-deploy to voting-service and result-service.

Outgoing Traffic

Outgoing Traffic

Displaying the incoming requests in result and voting apps:

Incoming requests to result app by worker app:

Incoming Requests to Result App

Incoming requests to the voting app:

Incoming Requests to Voting App

Cleaning

Delete all the resources you used in this lab:

k delete ns monitoring
k delete ns istio-system
helm uninstall voting-app

Recap

In this blog, we have successfully set up Istio on our Kubernetes cluster and explored its powerful features for traffic management and observability. Use this hands-on guide as a foundation for further experimentation and Istio integration into your microservices architecture. Happy meshing!

References

Happy meshing!

Enjoyed this read?

If you found this guide helpful,check our blog archives 📚✨

  • Follow me on LinkedIn to get updated.

  • Read incredible Kubernetes Stories: Medium

  • Challenging projects: You’re already in the right place.

Until next time!