Whilst I've been aware of Istio for some years, I've never really played with it.
Well, today that's changing ...
I'm following this tutorial guide: -
and starting by installing the CLI tool / installation file on my Mac: -
curl -L https://istio.io/downloadIstio | sh -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 102 100 102 0 0 72 0 0:00:01 0:00:01 --:--:-- 72
100 4549 100 4549 0 0 2693 0 0:00:01 0:00:01 --:--:-- 2693
Downloading istio-1.11.3 from https://github.com/istio/istio/releases/download/1.11.3/istio-1.11.3-osx.tar.gz ...
Istio 1.11.3 Download Complete!
Istio has been successfully downloaded into the istio-1.11.3 folder on your system.
Next Steps:
See https://istio.io/latest/docs/setup/install/ to add Istio to your Kubernetes cluster.
To configure the istioctl client tool for your workstation,
add the /Users/hayd/istio-1.11.3/bin directory to your environment path variable with:
export PATH="$PATH:/Users/hayd/istio-1.11.3/bin"
Begin the Istio pre-installation check by running:
istioctl x precheck
Need more information? Visit https://istio.io/latest/docs/setup/install/
Dload Upload Total Spent Left Speed
100 102 100 102 0 0 72 0 0:00:01 0:00:01 --:--:-- 72
100 4549 100 4549 0 0 2693 0 0:00:01 0:00:01 --:--:-- 2693
Downloading istio-1.11.3 from https://github.com/istio/istio/releases/download/1.11.3/istio-1.11.3-osx.tar.gz ...
Istio 1.11.3 Download Complete!
Istio has been successfully downloaded into the istio-1.11.3 folder on your system.
Next Steps:
See https://istio.io/latest/docs/setup/install/ to add Istio to your Kubernetes cluster.
To configure the istioctl client tool for your workstation,
add the /Users/hayd/istio-1.11.3/bin directory to your environment path variable with:
export PATH="$PATH:/Users/hayd/istio-1.11.3/bin"
Begin the Istio pre-installation check by running:
istioctl x precheck
Need more information? Visit https://istio.io/latest/docs/setup/install/
and adding the installation directory to my path: _
export PATH="$PATH:$HOME/istio-1.11.3/bin"
and validating the istioctl tool: -
which istioctl
/Users/hayd/istio-1.11.3/bin/istioctl
istioctl version
no running Istio pods in "istio-system"
1.11.3
and then install it into my K8s 1.20 cluster: -
istioctl install --set profile=demo -y
✔ Istio core installed
✔ Istiod installed
✔ Ingress gateways installed
✔ Egress gateways installed
✔ Installation complete
Thank you for installing Istio 1.11. Please take a few minutes to tell us about your install/upgrade experience! https://forms.gle/asdsdasdas
and checked the now running pods: -
kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
ibm-system addon-catalog-source-2x7hj 1/1 Running 0 42h
ibm-system catalog-operator-578f7c8857-666wd 1/1 Running 0 42h
ibm-system olm-operator-6c45d79d96-pjtmr 1/1 Running 0 42h
istio-system istio-egressgateway-5fdc76bf94-v5dpg 1/1 Running 0 59s
istio-system istio-ingressgateway-6bd7764b48-rr4fp 1/1 Running 0 59s
istio-system istiod-675949b7c5-zqg6w 1/1 Running 0 74s
kube-system calico-kube-controllers-78ccd56cd7-wqgtf 1/1 Running 0 42h
kube-system calico-node-pg6vv 1/1 Running 0 42h
kube-system calico-typha-ddd44968b-86cgs 1/1 Running 0 42h
kube-system calico-typha-ddd44968b-ffxmt 0/1 Pending 0 42h
kube-system calico-typha-ddd44968b-mqjrb 0/1 Pending 0 42h
kube-system coredns-7fc9f85d9c-5rwwv 1/1 Running 0 42h
kube-system coredns-7fc9f85d9c-bxtts 1/1 Running 0 42h
kube-system coredns-7fc9f85d9c-qk6gv 1/1 Running 0 42h
kube-system coredns-autoscaler-9cccfb98d-mw9qj 1/1 Running 0 42h
kube-system dashboard-metrics-scraper-7c75dcd466-d5b9f 1/1 Running 0 42h
kube-system ibm-keepalived-watcher-856k6 1/1 Running 0 42h
kube-system ibm-master-proxy-static-10.144.213.225 2/2 Running 0 42h
kube-system kubernetes-dashboard-659cd5b798-thd57 1/1 Running 0 42h
kube-system metrics-server-b7bc76594-4fdg2 2/2 Running 0 42h
kube-system vpn-546847fcbf-dzzml 1/1 Running 0 42h
and added the appropriate label for Envoy sidecar proxies: -
kubectl label namespace default istio-injection=enabled
namespace/default labeled
and then deployed the sample Bookinfo application: -
cd ~/istio-1.11.3/
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
and verified the created services: -
kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 172.21.9.104 <none> 9080/TCP 34m
kubernetes ClusterIP 172.21.0.1 <none> 443/TCP 43h
productpage ClusterIP 172.21.149.123 <none> 9080/TCP 34m
ratings ClusterIP 172.21.233.195 <none> 9080/TCP 34m
reviews ClusterIP 172.21.163.74 <none> 9080/TCP 34m
and pods: -
kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-79f774bdb9-zvnzr 2/2 Running 0 34m
productpage-v1-6b746f74dc-swnwk 2/2 Running 0 34m
ratings-v1-b6994bb9-kspd6 2/2 Running 0 34m
reviews-v1-545db77b95-bwdmz 2/2 Running 0 34m
reviews-v2-7bf8c9648f-h2nsl 2/2 Running 0 34m
reviews-v3-84779c7bbc-x2v2l 2/2 Running 0 34m
before testing the application: -
kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>
and then configure the Istio gateway: -
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
and run the istioctl analysis: -
istioctl analyze
✔ No validation issues found when analyzing namespace: default.
and set the INGRESS_PORT and SECURE_INGRESS_PORT variable: -
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
and grab the external IP of my K8s Compute Node into the INGRESS HOST: -
export INGRESS_HOST=$(kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}')
and set the the GATEWAY_URL variable: -
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
and then hit the sample application: -
curl $(echo "http://$GATEWAY_URL/productpage")
which returns a bunch of HTML 🤣
I also hit the same URL via a real browser: -
And, finally, deploy and access the Dashboard: -
kubectl apply -f samples/addons
serviceaccount/grafana created
configmap/grafana created
service/grafana created
deployment.apps/grafana created
configmap/istio-grafana-dashboards created
configmap/istio-services-grafana-dashboards created
deployment.apps/jaeger created
service/tracing created
service/zipkin created
service/jaeger-collector created
serviceaccount/kiali created
configmap/kiali created
clusterrole.rbac.authorization.k8s.io/kiali-viewer created
clusterrole.rbac.authorization.k8s.io/kiali created
clusterrolebinding.rbac.authorization.k8s.io/kiali created
role.rbac.authorization.k8s.io/kiali-controlplane created
rolebinding.rbac.authorization.k8s.io/kiali-controlplane created
service/kiali created
deployment.apps/kiali created
serviceaccount/prometheus created
configmap/prometheus created
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created
service/prometheus created
deployment.apps/prometheus created
kubectl rollout status deployment/kiali -n istio-system
Waiting for deployment "kiali" rollout to finish: 0 of 1 updated replicas are available...
deployment "kiali" successfully rolled out
istioctl dashboard kiali
http://localhost:20001/kiali
which popped up a browser ....
Having thrown some traffic at the application: -
for i in $(seq 1 100); do curl -s -o /dev/null "http://A.B.C.D:30588/productpage"; done
I could then see the application/flow/throughput etc. via the dashboard: -
To conclude, the Getting Started is really rather peachy, and definitely worth following through ....