Set up Istio on Minikube in 5 Steps — Get Sample application up and running

Image for post
Image for post

In the IT world, The best way to learn something is to install it, run it, and learn it. In this article, we will see how to get Istio the service mesh, up and running in Minikube. This article will be beneficial for those who already have Minikube up and running and would like to extend it with Service Mesh Istio. If you are hearing Minikube and Istio for the first time, the following links will provide more details

Minikube is a tool that makes it easy to run Kubernetes locally. It runs in a single node cluster in a VM on your laptop.(https://kubernetes.io/docs/setup/learning-environment/minikube/)

Service Mesh Istio is an Infrastructure layer used for service to service communication ( read Microservice ) (https://istio.io/latest/docs/concepts/what-is-istio/)

So In this article we will get first sample application run on Istio in 5 steps

  • Step 1 Prepration Step
  • Step 2 Download the Istio release
  • Step 3 Set up CRD
  • Step4 Install control plane
  • Step 5 Deploy Smaple applicaiton

Step 1 Prepration Step

All the instructions listed in this post are based on macOS. If you use a different OS, please refer to the link to official documentation given against each item.

  1. Install Docker: Please follow the instructions given on the official web site.
  2. Install Hypervisor, Minikube, and Kubectl: You can find the detailed instructions here
  3. Start Minikube. Please note that you should change the value for vm-driver based on the hypervisor that you use, following one use ‘virtualbox’:
$ minikube start -p Istio-demo --memory=8192 --cpus=3 --kubernetes-version=1.18.2 --vm-driver=virtualbox --disk-size=30g

The Minikube start command will start a new cluster Istio-demo, note the memory, and CPU requirement to run the Istio cluster.

Image for post
Image for post
The image shows the Minikube cluster with profile Istio demo is up and running

Step 2 Download the Istio Release

So you have Minikube running in your environment and its time to install service Mesh.

so the first task is to download the latest Istio release

$ curl -L https://git.io/getLatestIstio | sh -

The script will fetch the latest Istio version and untars it

If you would like to fetch a particular version ( This article is based on Istio version 1.4.6)

$ curl -L https://git.io/getLatestIstio | ISTIO_VERSION=1.4.6 sh -

Each release of Istio includes

  • Installation resources ( YAML files for Kuberneteste installation)
  • sample example ( sample application)
  • istioctl ( Istio CLI is used to creating routing routes and policies for listing creating and modifying the configuration resources, this is under bin folder). Istioctl can also be used to manually injecting envoy as service proxy.
  • configuration samples
Image for post
Image for post
Contents of the top-level folder containing Istio release

Add the bin folder in your path.

$ export PATH=$PWD/bin:$PATH

Step 3 Set up CRD (Custom resource definition)

So at this stage, you have downloaded the Istio release and have Minikube running

In Istio installation you should be aware of CRD’s ( Custom resource definition), in simple term, CRD allows definition and registration of non-Kubernetes resources. To register the CRD to the newly created Kubernetes cluster run the following command

$ for i in install/kubernetes/helm/istio-init/files/crd*yaml;
do kubectl apply -f $i; done
Image for post
Image for post
CRD is registered

Note that though we didn’t install CRD with Helm, bot Helm and Ansible support is part of installable, we have opted for a manual approach here.

Thus Istio registered new CRD’s which can be manipulated like any other Kubernetes object

$ kubectl get crd | grep istio
Image for post
Image for post
listing of CRD’s

Step 4 — Install control plane

It’s worthwhile at this point to know the different installation options

Install with strict mTLS authentication

Recommended for the new cluster, this enforces authentication between sidecar by default.

Install with permissive mTLS authentication

Use this if Kubernetes cluster with Istio need to communicate with non Istio cluster

Install the default mutual TLS authentication between sidecars for running the demo. When you configure Istio in mTLS permissive mode, it allows a service to accept both plain-text traffic and mTLS traffic, depending on the type of traffic a client sends. this command also installs Istio control plane component under its own namespace Istio system. control plane manages and configures proxies to route traffic

kubectl apply -f install/kubernetes/istio-demo.yaml

Wait a few minutes to let the installation run, the Docker images to properly download, and the deployments to succeed.

As mentioned earlier Istio’s control plane is installed in its own istio-system namespace, and from this namespace it manages services running in all other namespaces having services with sidecar proxies; or, in other words, all other namespaces that have services on the mesh.

Image for post
Image for post

you can verify the installation of control-plane

kubectl get pod -n istio-system
Image for post
Image for post

To explain the relationship between the control plane and the Data plane the below architecture digram will help

Image for post
Image for post
https://istio.io/latest/docs/ops/deployment/architecture/

The Data plane consists of a set of proxies(envoy) that mediate communication between microservices.control plane manages and configures proxies to route traffic

Step 5 — Deploying the Book application

The Kubernetes manifest files for Bookinfo are found in your release distribution folder at samples/bookinfo/.

From left to right users call the productpage microservice, which in turn calls the details and reviews microservices to populate the page. The details microservice contains book information. The reviews microservice contains book reviews and subsequently calls the ratings microservice to retrieve reviews.

Image for post
Image for post
https://istio.io/latest/docs/examples/bookinfo/

That each of these application services is written in a different language — Python, Ruby, Java, and Node.js — further demonstrates the value of a service mesh.

Istio’s service proxies can be manually or automatically injected as sidecars to application services, as shown here we are manually injecting the sidecar to the application service, lets deploy the demo app

kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)

check for pods

kubectl get pods
Image for post
Image for post

after few seconds all pods are running..note the containers count is 2/2 , ie one container for the application and another for the envoy/proxy

Image for post
Image for post

Define the ingress gateway for the application

kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

below instructions to set the INGRESS_HOST and INGRESS_PORT variables for accessing the gateway

export INGRESS_HOST=$(minikube ip)export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')

Get the URL

printenv$INGRESS_HOST:$INGRESS_PORT

This outputs 192.168.99.100:31380 in my machine.

With this information, I can access the demo app using the following URL: HTTP://192.168.99.100:31380/productpage

Image for post
Image for post

Congrats !!! you got first application run on Istio.

Let me know if you have any questions or comments

Written by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store