Istio Hands-On
Content:
| Overview |
|---|
| 1. Setting up Minikube and Istio |
| 2. Installing Bookinfo |
| 3. Observability |
| 4. Traffic Management 1 |
| 5. Traffic Management 2 |
| APPENDIX - Important commands |
1 Create a Kubernetes instance on Minikube
I am going to assume that you already have Minikube installed on your workstation. If this is not the case follow the instructions in the Minikube documention.
To start a Kubernetes instance enter the following command in a shell:
minikube start --cpus 2 --memory 4096 --driver docker
This will start an instance with 2 virtual CPUs, 4 GB om RAM, using Docker (Desktop) as your virtualization platform.
NOTE: bwLehrpool
bwLehrpool has sufficient RAM to increase memory for Minikube, you can use this command instead:
minikube start --cpus 2 --memory 6144 --driver docker
which will assign 6 GB of RAM.
NOTE According to the Istio documentation a Minikube instance with at least 4 virtual CPUs and 16 GB of RAM is required. I have tested this workshop with the smaller configuration and it works but of course will not win a price for high performance.
2 Install Istio
This workshop is based on Istio version 1.24.2 (which was released in December 2024).
Official instructions can be found here.
-
Download Istio 1.24.2:
Note: On bwLehrpool you can skip this step, Istio 1.24.2 is already downloaded in the
studenthome directory! There is also a directoryistiowhich is a symbolic link. In this lab you will NOT work in the PERSISTENT directory.curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.24.2 TARGET_ARCH=x86_64 sh - -
Change into the Istio directory
cd istio-1.24.2Note: All exercises in this lab are performed from this directory!
On bwLehrpool this is
cd /home/student/istio -
Install Istio:
bin/istioctl install --set profile=demo -yOutput:
| \ | \ | \ /|| \ / || \ / || \ / || \ / || \ / || \ /______||__________\ ____________________ \__ _____/ \_____/ β Istio core installed β΅οΈ β Istiod installed π§ β Egress gateways installed π« β Ingress gateways installed π¬ β Installation complete -
Verify the the Istio installation:
Istio is installed into the istio-system namespace on Kubernetes.
kubectl get pod -n istio-systemOutput looks like this:
NAME READY STATUS RESTARTS AGE istio-egressgateway-7f4864f59c-jz6f9 1/1 Running 0 4m47s istio-ingressgateway-55d9fb9f-592zs 1/1 Running 0 4m47s istiod-555d47cb65-ss54h 1/1 Running 0 5m12sThe pod identifiers will be different but there should be 3 pods for egress gateway, ingress gateway, and istiod, all in status βRunningβ.
kubectl get svc -n istio-systemOutput looks like this:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-egressgateway ClusterIP 10.100.115.226 <none> 80/TCP,443/TCP 7m2s istio-ingressgateway LoadBalancer 10.107.101.80 <pending> 15021:31820/TCP,80:31043/TCP,443:30723/TCP,31400:31291/TCP,15443:31719/TCP 7m2s istiod ClusterIP 10.96.232.106 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 7m27sOutput should show 3 services, again for egress gateway, ingress gateway, and istiod.
-
VERY IMPORTANT: Enable automatic sidecar injection for default namespace
kubectl label namespace default istio-injection=enabledWithout this setting we will not use Istio although it is installed!
3 Install Telemetry Addons
We will now install the telemetry or observability add-ons:
- Prometheus (Monitoring)
- Grafana (Monitoring)
- Jaeger (Distributed Tracing)
- Kiali (Istio dashboard)
While still in the istio-1.20.1 directory, issue the following commands
kubectl apply -f samples/addons/prometheus.yaml
kubectl apply -f samples/addons/grafana.yaml
kubectl apply -f samples/addons/jaeger.yaml
kubectl apply -f samples/addons/kiali.yaml
Verify:
kubectl get pod -n istio-system
It will take a while for all the new pods to start, this is pushing the tiny cluster to its limits.
Output:
NAME READY STATUS RESTARTS AGE
grafana-6ccd56f4b6-2jnd7 1/1 Running 0 2m11s
istio-egressgateway-7f4864f59c-jz6f9 1/1 Running 0 17m
istio-ingressgateway-55d9fb9f-592zs 1/1 Running 0 17m
istiod-555d47cb65-ss54h 1/1 Running 0 17m
jaeger-5d44bc5c5d-r9mp5 1/1 Running 0 2m3s
kiali-79b86ff5bc-fpzd7 1/1 Running 0 117s
prometheus-64fd8ccd65-2dgdc 2/2 Running 0 2m18s
And for the services:
kubectl get svc -n istio-system
Output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
grafana ClusterIP 10.96.207.7 <none> 3000/TCP 2m43s
istio-egressgateway ClusterIP 10.100.115.226 <none> 80/TCP,443/TCP 17m
istio-ingressgateway LoadBalancer 10.107.101.80 <pending> 15021:31820/TCP,80:31043/TCP,443:30723/TCP,31400:31291/TCP,15443:31719/TCP 17m
istiod ClusterIP 10.96.232.106 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 18m
jaeger-collector ClusterIP 10.107.97.241 <none> 14268/TCP,14250/TCP,9411/TCP 2m34s
kiali ClusterIP 10.97.181.104 <none> 20001/TCP,9090/TCP 2m28s
prometheus ClusterIP 10.106.105.122 <none> 9090/TCP 2m49s
tracing ClusterIP 10.98.100.68 <none> 80/TCP,16685/TCP 2m34s
zipkin ClusterIP 10.103.150.84 <none> 9411/TCP 2m34s
Jaeger deployment creates 3 services: jaeger-collector, tracing, and zipkin. The tracing service will later provide the Jaeger UI.
Jaeger needs some additional configuration.
Install an extension provider referring to the Jaeger collector service.
Start by downloading (download to the istio directory) or creating a tracing.yaml file with this content:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
meshConfig:
enableTracing: true
defaultConfig:
tracing: {} # disable legacy MeshConfig tracing options
extensionProviders:
- name: jaeger
opentelemetry:
port: 4317
service: jaeger-collector.istio-system.svc.cluster.local
Then apply it:
bin/istioctl install -f ./tracing.yaml --skip-confirmation
Result should look like this:
|\
| \
| \
| \
/|| \
/ || \
/ || \
/ || \
/ || \
/ || \
/______||__________\
____________________
\__ _____/
\_____/
β Istio core installed β΅οΈ
β Istiod installed π§
β Ingress gateways installed π¬
- Pruning removed resources Removed apps/v1, Kind=Deployment/istio-egressgateway.istio-system.
Removed /v1, Kind=Service/istio-egressgateway.istio-system.
Removed /v1, Kind=ServiceAccount/istio-egressgateway-service-account.istio-system.
Removed rbac.authorization.k8s.io/v1, Kind=RoleBinding/istio-egressgateway-sds.istio-system.
Removed rbac.authorization.k8s.io/v1, Kind=Role/istio-egressgateway-sds.istio-system.
Removed policy/v1, Kind=PodDisruptionBudget/istio-egressgateway.istio-system.
β Installation complete
To enable tracing, download or create the following file telemetry.yaml:
apiVersion: telemetry.istio.io/v1
kind: Telemetry
metadata:
name: mesh-default
namespace: istio-system
spec:
tracing:
- providers:
- name: jaeger
Then apply it:
$ kubectl apply -f telemetry.yaml
Check the result of the command:
telemetry.telemetry.istio.io/mesh-default created