Welcome to Istio Hands-On Pt 1!
If you haven’t read part 0 of the Istio Hands-On blog, please check it out here.
Below, you’ll find the table of contents detailing the Istio hands-on lab, organized into five informative sessions:
For this project, we are utilizing these github repositories:
In these sessions, we’ll learn how to install istioctl and configure an Istio mesh. There are various opportunities to install and configure the Istio mesh; you can refer to the official documentation here. This article provides a minimal overview of Istio setup. If you are interested in a deeper understanding of the topic, you can find a wealth of useful information in the Istio documentation.
Install and Enable Istioctl
Firstly, we need to install the istioctl command line tool, offering rich customization of the Istio control plane and sidecars for the Istio data plane. istioctl includes user input validation to prevent installation errors and customization options to override any configuration aspect.
# Install istioctl
curl -L https://istio.io/downloadIstio | sh -
# Verify the ctl version
ISTIOCTL_VERSION=$(ls | grep istio-1)
echo $ISTIOCTL_VERSION
# Set up the working directory path
export PATH="$PATH:$(pwd)/$ISTIOCTL_VERSION/bin"
# Verify the istioctl version
istioctl version
Install Istio Configuration Profiles
Istio provides flexible configuration profiles to suit different use cases. You can install Istio using istioctl or by applying Istio YAML manifests directly.
Option 1: Install Istio with istioctl
You can list all available profiles using:
istioctl profile list
To install a specific config profile using istioctl, use the following command:
# Install Istio profile
istioctl install --set profile=demo -y
Option 2: Install Istio with YAML Manifests
If you prefer to use YAML manifests, you canapply the manifests directly(istio/istio-manifests) using kubectl.
kubectl apply -f istio/istio-manifests
Verify the Installation Results
# Verifys
istioctl verify-install
# Verify all Istio components
kubectl get all -n istio-system
You can deploy a custom Istio profile, such as IstioOperator, tailored to your specific requirements. Here’s an example YAML configuration to illustrate how you can achieve this:
kubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: example-istiocontrolplane
spec:
profile: demo
components:
egressGateways:
- name: istio-egressgateway
enabled: false
ingressGateways:
- name: istio-ingressgateway
enabled: false
ingressGateways:
- name: custom-ingressgateway
enabled: true
EOF
Create a Namespace and enable istio injection
# Enable istio-injection for the default namespace
kubectl label namespace default istio-injection=enabled
kubectl get ns default --show-labels
kubectl get namespace -L istio-injection
Deploy microservices
# Deploy microservices (https://github.com/yuyatinnefeld/microservices)
kubectl apply -f k8s/service-mesh/apps
# Check the side-car proxy
istioctl analyze
# Check if all pods have a sidecar proxy (envoy)
kubectl get pod
# Port forwarding
kubectl port-forward svc/frontend-service 5000 &
# Call the frontend multiple times and verify whether the BFF API version varies.
curl 'http://localhost:5000'
Clean Up Istio Configuration
bash istio-cleanup.sh
Conclusion
In this session, we have successfully developed microservices with Istio injection. All services now have an envoy proxy. In the next article, we will explore Istio gateway and ingress. Following this setup, we will configure traffic management features such as A/B testing and canary deployment through virtual services and destination rules.