Welcome to Istio Hands-On Pt 1!

If you haven’t read part 0 of the Istio Hands-On blog, please check it out here.

Below, you’ll find the table of contents detailing the Istio hands-on lab, organized into five informative sessions:

  1. Setup Istio Environment
  2. Observability
  3. Traffic Management
  4. Security
  5. Troubleshooting

For this project, we are utilizing these github repositories:

In these sessions, we’ll learn how to install istioctl and configure an Istio mesh. There are various opportunities to install and configure the Istio mesh; you can refer to the official documentation here. This article provides a minimal overview of Istio setup. If you are interested in a deeper understanding of the topic, you can find a wealth of useful information in the Istio documentation.

Install and Enable Istioctl

Firstly, we need to install the istioctl command line tool, offering rich customization of the Istio control plane and sidecars for the Istio data plane. istioctl includes user input validation to prevent installation errors and customization options to override any configuration aspect.

# Install istioctl
curl -L https://istio.io/downloadIstio | sh -

# Verify the ctl version
ISTIOCTL_VERSION=$(ls | grep istio-1)
echo $ISTIOCTL_VERSION

# Set up the working directory path
export PATH="$PATH:$(pwd)/$ISTIOCTL_VERSION/bin"

# Verify the istioctl version
istioctl version

Install Istio Configuration Profiles

Istio provides flexible configuration profiles to suit different use cases. You can install Istio using istioctl or by applying Istio YAML manifests directly.

Option 1: Install Istio with istioctl

You can list all available profiles using:

istioctl profile list

To install a specific config profile using istioctl, use the following command:

# Install Istio profile
istioctl install --set profile=demo -y

Option 2: Install Istio with YAML Manifests

If you prefer to use YAML manifests, you canapply the manifests directly(istio/istio-manifests) using kubectl.

kubectl apply -f istio/istio-manifests

Verify the Installation Results

# Verifys
istioctl verify-install

# Verify all Istio components
kubectl get all -n istio-system

You can deploy a custom Istio profile, such as IstioOperator, tailored to your specific requirements. Here’s an example YAML configuration to illustrate how you can achieve this:

kubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: example-istiocontrolplane
spec:
  profile: demo
  components:
    egressGateways:
    - name: istio-egressgateway
      enabled: false
    ingressGateways:
    - name: istio-ingressgateway
      enabled: false
    ingressGateways:
    - name: custom-ingressgateway
      enabled: true
EOF

Create a Namespace and enable istio injection

# Enable istio-injection for the default namespace
kubectl label namespace default istio-injection=enabled
kubectl get ns default --show-labels
kubectl get namespace -L istio-injection

Deploy microservices

# Deploy microservices (https://github.com/yuyatinnefeld/microservices)
kubectl apply -f k8s/service-mesh/apps

# Check the side-car proxy
istioctl analyze

# Check if all pods have a sidecar proxy (envoy)
kubectl get pod

# Port forwarding
kubectl port-forward svc/frontend-service 5000 &

# Call the frontend multiple times and verify whether the BFF API version varies.
curl 'http://localhost:5000'

Clean Up Istio Configuration

bash istio-cleanup.sh

Conclusion

In this session, we have successfully developed microservices with Istio injection. All services now have an envoy proxy. In the next article, we will explore Istio gateway and ingress. Following this setup, we will configure traffic management features such as A/B testing and canary deployment through virtual services and destination rules.