The developerWorks Connections platform will be sunset on January 2, 2020. This blog will no longer be available unless an extension has been requested. More details available on our FAQ.

Malar's DevNotes

Matching: kiali

Introduction to Istio Service mesh

Malarvizhi_Kandasamy Tags: ubuntu introduction service mesh #ibmaot istio kiali grafana prometheus ‎ 2,421 Views

Istio Service Mesh

Istio service mesh is a sidecar container implementation for managing microservices.

Here are some of the features of this side car :

Monitoring,
tracing,
circuit breakers,
routing,
load balancing,
fault injection,
retries,
timeouts,
mirroring,
access control,
rate limiting, and more.

All these features and functions are available with a myriad of libraries with no changes to your source code. Istio runs in a Linux container in your Kubernetes pods (much like a sidecar rides along side a motorcycle) and injects and extracts functionality and information based on your configuration. Istio configuration lives outside of your code.

Installation of Istio in Ubuntu OS:

The steps are tried in OS: ubuntu 18.04 TLS of size : 8 Core 16GB RAM 250GB harddisk

1. Install Docker by following steps from :

https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-16-04

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

sudo apt-get update

apt-cache policy docker-ce

sudo apt-get install -y docker-ce

sudo systemctl status docker

2. Install kubectl by following steps from : https://kubernetes.io/docs/tasks/tools/install-kubectl/

curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl

chmod +x ./kubectl

sudo mv ./kubectl /usr/local/bin/kubectl

kubectl version

3. Install minikube:

Installing stable older version 0.33:

curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.33.0/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/

Configure minikube:
$ minikube config set memory 8192
$ minikube config set cpus 2
$ minikube config set disk-size 30g
$ minikube start --vm-driver=none
$ minikube status

minikube: Running
cluster: Running
kubectl: Correctly Configured: pointing to minikube-vm at 9.202.xxx.xxx

4. Install Istio version 1.1.7:

root@conform1:~# curl -L https://git.io/getLatestIstio | ISTIO_VERSION=1.1.7 sh -

.....

Downloading istio-1.1.7 from https://github.com/istio/istio/releases/download/1.1.7/istio-1.1.7-linux.tar.gz ...

...

Downloaded into istio-1.1.7:

Add /root/istio-1.1.7/bin to your path; e.g copy paste in your shell and/or ~/.profile:

export PATH="$PATH:/root/istio-1.1.7/bin"

5. Add Istio to path.

root@conform1:~# cd istio-1.1.7/

root@conform1:~/istio-1.1.7# vi /root/.bashrc

root@conform1:~/istio-1.1.7# pwd

/root/istio-1.1.7

root@conform1:~/istio-1.1.7# vi /root/.bashrc

export PATH="$PATH:/root/istio-1.1.7/bin"

6. Istio has extended Kubernetes via Custom Resource Definitions (CRD). Deploy the extensions by applying crds.yaml.

root@conform1:~/istio-1.1.7# for i in install/kubernetes/helm/istio-init/files/crd*yaml; do kubectl apply -f $i; done

customresourcedefinition.apiextensions.k8s.io/virtualservices.networking.istio.io created

customresourcedefinition.apiextensions.k8s.io/destinationrules.networking.istio.io created

customresourcedefinition.apiextensions.k8s.io/serviceentries.networking.istio.io created

...
customresourcedefinition.apiextensions.k8s.io/challenges.certmanager.k8s.io created

7. To Install Istio and enforce mutual TLS authentication by default, use the yaml istio-demo-auth.yaml:
root@conform1:~/istio-1.1.7# kubectl apply -f install/kubernetes/istio-demo-auth.yaml

namespace/istio-system created

customresourcedefinition.apiextensions.k8s.io/virtualservices.networking.istio.io unchanged

...

customresourcedefinition.apiextensions.k8s.io/challenges.certmanager.k8s.io unchanged

secret/kiali created

...

configmap/istio-galley-configuration created

configmap/istio-grafana-custom-resources created

configmap/istio-grafana-configuration-dashboards-galley-dashboard created

configmap/istio-grafana-configuration-dashboards-istio-mesh-dashboard created

configmap/istio-grafana-configuration-dashboards-istio-performance-dashboard created

configmap/istio-grafana-configuration-dashboards-istio-service-dashboard created

configmap/istio-grafana-configuration-dashboards-istio-workload-dashboard created

configmap/istio-grafana-configuration-dashboards-mixer-dashboard created

configmap/istio-grafana-configuration-dashboards-pilot-dashboard created

configmap/istio-grafana created

destinationrule.networking.istio.io/istio-telemetry created

....
8. Check if pods are running.

root@conform1:~/istio-1.1.7# kubectl get pods -n istio-system

NAME READY STATUS RESTARTS AGE

grafana-77b49c55db-9rbrm 1/1 Running 0 6m57s

istio-citadel-66d49b64fc-w7njf 1/1 Running 0 6m56s

istio-cleanup-secrets-1.1.7-4j8m5 0/1 Completed 0 7m

istio-egressgateway-5d5cb7bf5-9xrdt 1/1 Running 0 6m57s

istio-galley-77cfbf6c5c-px4v2 1/1 Running 0 6m57s

istio-grafana-post-install-1.1.7-7dxpn 0/1 Completed 0 7m

istio-ingressgateway-77b7576554-xwm97 1/1 Running 0 6m57s

istio-pilot-66c4785d55-dk5pv 2/2 Running 0 6m56s

istio-policy-5d4646d69b-g69xr 2/2 Running 6 6m57s

istio-security-post-install-1.1.7-bn8k9 0/1 Completed 0 7m

istio-sidecar-injector-779544894b-b45cs 1/1 Running 0 6m56s

istio-telemetry-79878c9b74-6rxvg 2/2 Running 5 6m56s

istio-tracing-595796cf54-7sf4j 1/1 Running 2 6m56s

kiali-5c584d45f6-l88m7 1/1 Running 0 6m57s

prometheus-5fffdf8848-n8shv 1/1 Running 0 6m56s

root@conform1:~/istio-1.1.7#

9. Lets deploy a sample Book Info application that consists of 4 micro services:

kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)

productpage: This micro service is the home page that fetches data from book details, ratings and reviews micro services.

ratings: This micro service contains ratings of a book.

reviews: This micro service contains reviews of a book.

details: This micro service contains details about a book.

10. Lets deploy Book Info application gateway :

kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

11. When you do kubectl get pods, it should list all pods of Book info application :

root@conform1:~/istio-1.1.7# kubectl get pods

NAME READY STATUS RESTARTS AGE

details-v1-86894b9b87-27tl5 2/2 Running 0 3m35s

productpage-v1-66c95688bf-px6th 2/2 Running 0 3m32s

ratings-v1-7d5657cdd7-6cvmm 2/2 Running 0 3m35s

reviews-v1-b5fcd7c6-dhpkd 2/2 Running 0 3m35s

reviews-v2-b9b79d84f-ql766 2/2 Running 0 3m35s

reviews-v3-b74bb7778-lsggn 2/2 Running 0 3m34s

12. Apply default destination rules for your Book info application:
kubectl apply -f samples/bookinfo/networking/destination-rule-all-mtls.yaml

13. The reviews microservice has 3 versions of service to showcase different behaviour and routing:

Version v1 doesn’t call the ratings service.
Version v2 calls the ratings service and displays each rating as 1 to 5 black stars.
Version v3 calls the ratings service and displays each rating as 1 to 5 red stars.

14. One of the features of Istio is to control traffic routing based on the HTTP request, such as user name, IP address or cookies.

The steps below will demonstrate that:

Run the command :

cat samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
--------------------------------------------------

apiVersion: networking.istio.io/v1alpha3

kind: VirtualService

metadata:

spec:

hosts:

- reviews

http:

- match:

- headers:

end-user:

exact: jason

route:

- destination:

host: reviews

subset: v2

- route:

- destination:

host: reviews

subset: v1

--------------------------------------------------

Here, the yaml file informs that user name "Jason" will see reviews v2 (black stars), where as others will see v1 (no stars).

Apply the yaml:
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml

Login to http://localhost:9080 product page application. Login as jason/jason. Refresh the page. You will see only black stars under review. Logout and review the page, you will see no stars.

15. Another feature of istio is traffic shaping.

The steps below will demonstrate that. It will route the traffic configured percentage to various review versions.

Run the command :

cat samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml

-------------------------------------------------

apiVersion: networking.istio.io/v1alpha3

kind: VirtualService

metadata:

spec:

hosts:

- reviews

http:

- route:

- destination:

host: reviews

subset: v1

weight: 50

- destination:

host: reviews

subset: v3

weight: 50

-------------------------------------------------

Here, the yaml file informs that 50% of traffic should flow to review v1 version(no stars) and 50% should flow to review v3 version(red stars).

Apply the yaml file:
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml

Visit http://localhost:9080 product page application. Refresh the page. You will see 50% of the time, red stars or 50% of the time, no stars.

16. Now, lets route the entire traffic to review v3 version. Here is the yaml for that:

cat samples/bookinfo/networking/virtual-service-reviews-v3.yaml

-------------------------------------------------

apiVersion: networking.istio.io/v1alpha3

kind: VirtualService

metadata:

spec:

hosts:

- reviews

http:

- route:

- destination:

host: reviews

subset: v3

-------------------------------------------------

Apply the yaml:

kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-v3.yaml

Visit http://localhost:9080 product page application. Refresh the page. You will see all the time, red stars.

17. Visualising metrics with Grafana :

Prometheus helps in collection of metrics and monitoring of data from micro services. Prometheus stores metric values at a given millisecond in time in a time series database, optionally with one or more labels. Prometheus comes along with Istio. In your local system, run the below command:

kubectl port-forward prometheus-5fffdf8848-n8shv -n istio-system 9090:9090

Visit http://localhost:9090 in your web browser. Find the metrics in Prometheus dashboard.

Istio provides insights on how application is working and performing using dashboard monitoring tool, Grafana.

In your local system, run the command :
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=grafana -o jsonpath='{.items[0].metadata.name}') 3000:3000 &

Visit http://localhost:3000/dashboard/db/istio-mesh-dashboard in your web browser. Add Prometheus as a datasource in Grafana dashboard, by specifying Prometheus address: http://localhost:9090

Navigate to Istio Workload dashboard by selecting from the drop down option.

Generate traffic by executing the command in a terminal :

---------------------------------------------------------------

while true; do
curl -s http://localhost:9080/productpage > /dev/null
echo -n .;
sleep 0.2
done

---------------------------------------------------------------

The Istio Dashboard will look similar to:

18. Visualising the microservices mesh using Kiali:

Forward port kiali

malars-mbp:~ malark$ kubectl port-forward kiali-5c584d45f6-bgfxx -n istio-system 20001:20001
Forwarding from 127.0.0.1:20001 -> 20001 Forwarding from [::1]:20001 -> 20001

Open the kiali console in the browser:

http://localhost:20001/kiali/console/

You can view the application under Graph menu in the console. Select the appropriate namespace and view your application.