Istio Overview

Istio is an open source service mesh that layers transparently onto distributed applications running on Kubernetes. Istio's powerful features provide a uniform and more efficient way to secure, connect, and monitor services.

In this post, I'll explain the bare minimum steps needed in order to successfully install and test Istio on your local machine.

Prerequisites

1. A local Kubernetes cluster such as minikube, kind, K3s or microk8s. In this blog post I have chosen minikube with the use of the minikube tunnel to provide a load balancer for use by Istio.

2. The kubectl command line tool to interact with the Kubernetes cluster.

Installation

Create a new minikube cluster:

minikube start -p minikube-istio

Start a minikube tunnel to provide a load balancer for use by Istio:

minikube tunnel -p minikube-istio

Download Istio as per the instructions in this link:

curl -L https://istio.io/downloadIstio | sh -

Add the istio-*/bin directory to your environment PATH variable and check the version:

istioctl version

The output should be similar to:

no ready Istio pods in "istio-system"
1.20.3

Install Istio with the demo profile:

istioctl install --set profile=demo

After successful installation, you should have an istio-system namespace available

kubectl get ns

You should see an output similar to:

NAME              STATUS   AGE
kube-system       Active   4m22s
default           Active   4m22s
kube-public       Active   4m22s
kube-node-lease   Active   4m22s
istio-system      Active   2m49s

Check the Pods inside the istio-system namespace:

kubectl get pods -n istio-system

You should see the istiod, istio-ingressgateway and the istio-egressgateway pods up and running.

Automatic Injection of Sidecars

Automatic injection of sidecar containers is achieved by setting the label istio-injection=enabled on namespaces.

kubectl label ns default istio-injection=enabled

Create a simple deployment of nginx to test the sidecar injection:

kubectl create deploy my-nginx --image=nginx

Get the details of the pod:

kubectl get pod

You will see two containers for the Pod, as it includes the sidecar container:

NAME                      READY   STATUS    RESTARTS   AGE
my-nginx-b8dd4cd6-4kh4x   2/2     Running   0          24s

Delete this deployment as we do not need it anymore:

kubectl delete deploy my-nginx

Demo Application

We will deploy an application with two Spring Boot microservices named customers and rest-client.

The customers microservice is a CRUD microservice that provides APIs to manipulate customer data.

The rest-client microservice acts as a client to the customers microservice and invokes it using the new RestClient in Spring Framework 6.1.x

Create the Gateway Resource:

kubectl apply -f https://raw.githubusercontent.com/adityasamant25/courses/main/istio/demo/gateway.yaml

Create the Deployment and Service for the rest-client application:

kubectl apply -f https://raw.githubusercontent.com/adityasamant25/courses/main/istio/demo/rest-client.yaml

Create the Deployment and Service for the customers application:

kubectl apply -f https://raw.githubusercontent.com/adityasamant25/courses/main/istio/demo/customers-v1.yaml

Create a Virtual Service for the rest-client and bind it to the Gateway resource:

kubectl apply -f https://raw.githubusercontent.com/adityasamant25/courses/main/istio/demo/rest-client-vs.yaml

Run CURL against the following URL:

curl http://127.0.0.1/api/customers

You should see an output of 3 customers as follows:

[
{"id":1,"firstName":"John","lastName":"Doe"},
{"id":2,"firstName":"Alice","lastName":"Smith"},
{"id":3,"firstName":"Bob","lastName":"Stevens"}
]

Summary

Congratulations! You have a functional Istio cluster up and running on your local machine.

You can now use this cluster to further explore the various features of Istio.

What's Next

Dig deeper into Istio's main features such as Observability, Traffic Management and Security.