Istio Mastery ⛵ Session 0 - Microservices Deployment

Welcome to the Istio Hands-On series!

The target audience for this blog comprises users who are already familiar with microservices, service mesh, and want to learn Istio. If these concepts are new to you, I recommend reading my introductory blog on microservices and Istio. If you are unfamiliar with these topics, I recommend reading my blog article on microservices and service mesh beforehand. In these sessions, I’ll guide you through the step-by-step implementation of Istio for your microservices. To make it more digestible, I’ve divided the implementation process into five sessions:

1. Setup Istio Environment
2. Observability
3. Traffic Management
4. Security
5. Troubleshooting

In our inaugural session, Part 0, we’ll start by deploying microservices without Istio, and then we’ll delve into the process with Istio injection in the second session. While Istio provides a sample microservices project ( bookinfo), I’ve taken the initiative to create a simple microsoft architecture application. This will allow us not only to understand the basics but also to make adjustments to the application later.

For this project, we are utilizing these github repositories:

• DEMO MICROSERVICES
• ISTIO CONFIG FILES

Microservices Architecture

Application Overview

• 1 x Frontend App (Python Flask) with v1
• 1 x Reviews BFF (Golang) with v1, v2, v3
• 1 x Payment BFF (Golang) with v1, v2, v3
• 1 x Details BFF (Java) with v1, v2, v3

In a single Kubernetes cluster, we deploy a few services: frontend and BFF (backend-for-frontend) services (details, reviews, payment). The frontend service is configured with a LoadBalancer type to enable user interaction with the application. The other BFF services use ClusterIP as the service type. Additionally, we leverage an Ingress Controller to define paths and ingress rules.

Push Docker Images into Dockerhub

For detailed information about the application, visit this repository. We’ll push four Docker images into the official Docker registry, Docker Hub, to use them in the Kubernetes cluster later. We’ll push three different versions of BFF images for canary deployment and later for Istio.

• Payment App Image
• Reviews App Image
• Details App Image
• Frontend App Image

Deploy microservices to kubernetes cluster

After pushing the images, we’ll deploy the microservice applications. See the guide: link

Start Minikube Cluster

minikube start --memory=8192 --cpus=4 --driver=hyperkit

Deploy Microservices into Kubernetes Cluster

# deploy microservices with v1
kubectl apply -f k8s/no-service-mesh-mesh/apps-v1
# verfiy the services with v1
kubectl port-forward svc/frontend-service 5000 &

# update the services with v2
kubectl apply -f k8s/no-service-mesh-mesh/apps-v2
# verfiy the services with v2
kubectl port-forward svc/frontend-service 5000 &

# update the services with v3
kubectl apply -f k8s/no-service-mesh-mesh/apps-v3
# verfiy the services with v3
kubectl port-forward svc/frontend-service 5000 &

Deploy Kubernetes Ingress Controller and Ingress Rules

# enable minikube ingress controller to use ./k8s-ingress/ingress.yaml
minikube addons enable ingress

# verify the ingress controller
kubectl get pods -n ingress-nginx | grep ingress-nginx-controller

# deploy ingress rules
kubectl apply -f k8s/no-service-mesh-mesh/k8s-ingress/ingress.yaml

# wait and verify the ingress received the cluster IP
kubectl get ingress --watch

# update DNS for Local Domain Access
echo -e "$(minikube ip)\testing-yuya.com" | sudo tee -a /etc/hosts

Verify Applications

curl 'http://testing-yuya.com'
curl -X GET 'http://testing-yuya.com/details' -H 'Content-Type: application/json'
curl -X GET 'http://testing-yuya.com/payment' -H 'Content-Type: application/json'
curl -X GET 'http://testing-yuya.com/reviews' -H 'Content-Type: application/json'

Conclusion

In the current stage of our exploration, we have developed a microservices application that sets the stage for integration with Service Mesh through Istio in the upcoming session. One significant drawback of microservices without a service mesh is the complexity associated with deployment, canary deployment, and A/B testing. These tasks become challenging as traditional setups lack the straightforward ability to distribute traffic in specific percentages. Additionally, there may be instances where deploying redundant pods in parallel is necessary, followed by manual elimination at a later stage.

In the next article, we will delve into the installation of Istio and explore the utilization of sidecar injection from Istio. This will equip us with the tools needed to overcome the challenges posed by microservices deployments without a service mesh.

Happy coding!