Istio Overview
Istio is an open source service mesh that layers transparently onto distributed applications running on Kubernetes. Istio's powerful features provide a uniform and more efficient way to secure, connect, and monitor services.
In this post, I'll explain the bare minimum steps needed in order to successfully install and test Istio on your local machine.
Prerequisites
A local Kubernetes cluster such as minikube, kind, K3s or microk8s. In this blog post I have chosen
minikubewith the use of theminikube tunnelto provide a load balancer for use by Istio.The kubectl command line tool to interact with the Kubernetes cluster.
Installation
Create a new minikube cluster:
minikube start -p minikube-istio
Start a minikube tunnel to provide a load balancer for use by Istio:
minikube tunnel -p minikube-istio
Download Istio as per the instructions in this link:
curl -L https://istio.io/downloadIstio | sh -
Add the istio-*/bin directory to your environment PATH variable and check the version:
istioctl version
The output should be similar to:
no ready Istio pods in "istio-system"
1.20.3
Install Istio with the demo profile:
istioctl install --set profile=demo
After successful installation, you should have an istio-system namespace available
kubectl get ns
You should see an output similar to:
NAME STATUS AGE
kube-system Active 4m22s
default Active 4m22s
kube-public Active 4m22s
kube-node-lease Active 4m22s
istio-system Active 2m49s
Check the Pods inside the istio-system namespace:
kubectl get pods -n istio-system
You should see the istiod, istio-ingressgateway and the istio-egressgateway pods up and running.
Automatic Injection of Sidecars
Automatic injection of sidecar containers is achieved by setting the label istio-injection=enabled on namespaces.
kubectl label ns default istio-injection=enabled
Create a simple deployment of nginx to test the sidecar injection:
kubectl create deploy my-nginx --image=nginx
Get the details of the pod:
kubectl get pod
You will see two containers for the Pod, as it includes the sidecar container:
NAME READY STATUS RESTARTS AGE
my-nginx-b8dd4cd6-4kh4x 2/2 Running 0 24s
Delete this deployment as we do not need it anymore:
kubectl delete deploy my-nginx
Demo Application
We will deploy an application with two Spring Boot microservices named customers and rest-client.
The customers microservice is a CRUD microservice that provides APIs to manipulate customer data.
The rest-client microservice acts as a client to the customers microservice and invokes it using the new RestClient in Spring Framework 6.1.x
Create the Gateway Resource:
kubectl apply -f https://raw.githubusercontent.com/adityasamant25/courses/main/istio/demo/gateway.yaml
Create the Deployment and Service for the rest-client application:
kubectl apply -f https://raw.githubusercontent.com/adityasamant25/courses/main/istio/demo/rest-client.yaml
Create the Deployment and Service for the customers application:
kubectl apply -f https://raw.githubusercontent.com/adityasamant25/courses/main/istio/demo/customers-v1.yaml
Create a Virtual Service for the rest-client and bind it to the Gateway resource:
kubectl apply -f https://raw.githubusercontent.com/adityasamant25/courses/main/istio/demo/rest-client-vs.yaml
Run CURL against the following URL:
curl http://127.0.0.1/api/customers
You should see an output of 3 customers as follows:
[
{"id":1,"firstName":"John","lastName":"Doe"},
{"id":2,"firstName":"Alice","lastName":"Smith"},
{"id":3,"firstName":"Bob","lastName":"Stevens"}
]
Summary
Congratulations! You have a functional Istio cluster up and running on your local machine.
You can now use this cluster to further explore the various features of Istio.
What's Next
Dig deeper into Istio's main features such as Observability, Traffic Management and Security.