Setting up Istio Service Mesh in Kubernetes Cluster
1. Overview
In this article, we will learn what is service mesh and why we need it also we will see how easy it is to step up istio service mesh in the Kubernetes cluster. We will also enable the addons like Jaeger, Prometheus, Grafana, and Kiali and will see how the communication between microservices takes place.
2. What is Service Mesh
A service mesh is a configurable, low‑latency infrastructure layer designed to handle a high volume of network‑based interprocess communication among application infrastructure services using application programming interfaces (APIs). A service mesh ensures that communication among containerized and often ephemeral application infrastructure services is fast, reliable, and secure. The mesh provides critical capabilities including service discovery, load balancing, encryption, observability, traceability, authentication and authorization, and support for the circuit breaker pattern.
3. Why do we need a service mesh?
service meshes manage the communication layer, they allow developers to focus on adding business value with each service they build, rather than worrying about how each service communicates with all other services.
They are helpful in keeping the business logic separate from the non-functional logic
4. Features of Istio
Istio uses an extended version of the Envoy proxy. Envoy is a high-performance proxy developed in C++ to mediate all inbound and outbound traffic for all services in the service mesh. Envoy proxies are the only Istio components that interact with data plane traffic.
Envoy proxies are deployed as sidecars to services, logically augmenting the services with Envoy’s many built-in features, for example:
- Dynamic service discovery
- Load balancing
- TLS termination
- HTTP/2 and gRPC proxies
- Circuit breakers
- Health checks
- Staged rollouts with %-based traffic split
- Fault injection
- Rich metrics
5. Prerequisite
- In order to set up the istio on your Kubernetes cluster, you obviously need a running Kubernetes cluster with a minimum of 12GB of memory.
2. Make the configuration changes for your Kubernetes platform provider. Refer to this link for the guide.
6. Implementation
- Download the istio and set the environment path. The below command will download the latest version of the istio but can go to the Istio release page to download the specific version of the installation file for your OS.
curl -L https://istio.io/downloadIstio | sh -
2. Now, let's check if the istio-cli is properly set up or not.
3. Installing the istio in the Kubernetes, here I am using the demo profile, but you can choose the profile based on your requirement. You can get the available profiles here.
istioctl install --set profile=demo -y
4. Now our istio is installed successfully and we can start deploying microservice in the cluster. For this tutorial, I am using the google-cloud microservice example.
kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/master/release/kubernetes-manifests.yaml
5. Now let’s check all the pods that were created as part of the above deployment. But wait, what we see is that only one container is created as part of the deployment, the proxy (envoy) container is not created.
This means, for any pod, there must be two containers one for the actual microservice and the other for the proxy, but we see that there is no proxy container got created.
6. The solution to the above problem is that we need to add some labels to the namespace so that istiod can inject the proxy containers inside the pods.
First, let's check the labels for the default namespace.
kubectl get ns default --show-labels
Now let's add the istio-injection=enabled label to the namespace.
kubectl label namespace default istio-injection=enabled
7. Now let's try again to deploy the same example but before that, we will delete the previous deployment.
kubectl delete -f https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/master/release/kubernetes-manifests.yaml
and now let's create the same deployment that we did in one of the previous steps.
kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/master/release/kubernetes-manifests.yamland now if we take a look at the pods that were created, we will be able to see two containers per pod.
kubectl get pods -n default
and if we take a close took what containers are inside the pod, then we can clearly see that pod contains one service container and other istio-proxy.
8. Now, let's try to check our application for this I am going to do port-forwarding so that I can access it on my browser.
kubectl port-forward services/frontend-external 8081:80
and we can now access our application at http://localhost:8081 .
7. Telemetry applications (AddOns)
Istio integrates with several different telemetry applications. These can help you gain an understanding of the structure of your service mesh, display the topology of the mesh, and analyze the health of your mesh.
When we downloaded the istio, these applications came as part of examples. We can deploy these applications which will give insight of the microservices health, request tracing, etc.
cd istio-1.11.3
kubectl apply -f samples/addons
Let's port-forward the tracing application and check the request traces.
kubectl port-forward services/tracing 8081:80 -n istio-system
we can also access the Kiali dashboard using the following command
istioctl dashboard kiali
8. Conclusion
In this article, we learned about what service mesh is and why we need them, also we saw how we can set up service mesh in the Kubernetes cluster.
If you find this article helpful do hit the clap button and follow me for more such informative articles.
You can find me on Linkedin or stalk me on GitHub? If that’s too social for you, just drop a mail to adityaprakashjoshi1@gmail.com if you wish to talk tech with me.
