Open in app

Sign in

Write

Sign in

Photo by Luke van Zyl on Unsplash

Istio Service Mesh Implementation

Yogita Pol

--

Introduction

In previous article ,I explained need for Service Mesh and its various capabilities. Now its time to go more deeper into implementation.

This content mainly focus on following topics

  • Architecture of Istio
  • Implementation steps for Istio Service Mesh
  • Implementation steps for Istio add-ons
    - Grafana
    - Prometheus
    - Kiali
  • Capabilities of Kiali
  • Dashboards provided by Istio and Grafana

Istio Architecture

In Istio control plane is known as Istiod while proxy implementation is by Envoy.

Implementation steps for Istio

Install Istiod in k8s cluster

For installing istiod please refer following steps.
Please note if you are using macos you need to install first istioctl with the help of following command.

brew install istioctl

for more information refer following screenshot. it will install on our local machine.

We can then execute following command

istioctl install

This will install mainly control plane components in K8s cluster. in my case i am using Linode cluster.

Exact list of components are -

  • Install istio core
  • Install istiod
  • Install gateway

After istoctl installation completed we can able to see namespace istio-system.

Run Application in K8s Cluster

We will use microservices available from the Google cloud platform for deploying on linode . It is available on

Once cloned, go to the microservices-demo/release folder and run kubectl apply command. exact command and location as shown in following snapshot.

If you look at this, each pod has only one container running .
Istio it will not inject a proxy container as a sidecar by default. We need to enable it.

To enable istio at namespace level we need to add label to the default namespace

Now delete all pods in the default namespace and apply the manifest file again.

Apply the manifest file again.

if you observe now after labeling our namespace Istio has injected sidecar proxy. in Istio this side car proxy is provided by Envoy.

Installing Addons

In earlier sections, we configured envoy proxy now, we need to install addons as well. These will help us to work with Istio more effectively .

Please visit our istioctl dir and from samples dir we can install addons(please note it is same directory which is used for installing istioctl)

It will also show additional pods started in istio-system namespace.

it will install

  • Kiali
    - it is console for Istio Service Mesh
    - Mainly designed for working effectively with Istio Service Mesh topology.
    - Help identify problems in application.
  • Jaeger
    - Help track tracing
    - Please note although Kiali also provide tracing but it is not provide details at method level. These details provided by Jaeger.
    - Jaeger is initially developed by Uber
    - Similar product by Twitter (known as Zipkin)
  • Prometheus
    - Time series database used for observability.
  • Grafana
    - Helpful for designing dashboards and alerting.

Important Notes about Kiali

Get all services running in istio-system namespace.

We can do port forwarding for accessing kiali dashboard.

Enable mutual TLS(mTLS)

mTLS is enabled by default in Istio version 1.5 onwards (we are using 1.15 here). You have to enable security checkbox under Display tab kiali dashboard.

to view mTLS we need to enable Security checkbox.

it will start showing padlock

Important notes about Grafana

when we install Istio addon it will install Grafana and Prometheus as well. This Grafana installation has pre installed six grafana dashboards.

Generating load on micro services

kubectl run -i --tty load-generator --rm --image=busybox:1.28 --restart=Never -- /bin/sh -c "while sleep 0.01; do wget -q -O- http://frontend:80; done"

one of our microservice has service with name frontend running on port 80 . we will run it in kubernetes.

Please note we can use similar technique to generate load on other kubernetes services.

if we visit Istio Service Dashboard we can select required services based on our namespaces. in our case our service is in default namespace

we are having nearly 30 ops/second

100% requests are with non 5xx HTTP code.

Maximum incoming request duration is 200 ms.

Response size is nearly 30KB.

Summary

  • We have demonstrated important capabilities of service mesh implementation i.e. Istio
  • With the help of Service Mesh developers dont need to make any changes to theri code. it is boon for polygot microservices. at the end it is helping organisations develop microservises with confidence for improve security and observability

--

--

Yogita Pol

Written by Yogita Pol

5 Followers