How To Install Istio On Kubernetes Cluster
Istio is an open source service mesh that overlays current distributed applications in a transparent manner. Istio functions as a connective tissue between your services, providing features such as traffic control, service discovery, load balancing, resilience, observability, and security. In this blog, I’ll guide you to install Istio on the Kubernetes cluster step by step.
Prior to setting up Istio, I hope you have set up a Kubernetes cluster in minikube or any cloud platform. If you haven’t set up a K8s cluster yet, I recommend you to read one of my previous blog posts which will guide you to set up a Kubernetes cluster on Google Cloud Provider. If you are using minikube or any other cloud platform, refer to some materials and set up a K8s cluster.
Here, we are installing istio with istioctl.
1. Download Istio
1.1. Download the Istio installation file.
curl -L https://istio.io/downloadIstio | sh -
1.2. Move to the Istio package directory. Let’s say the downloaded Istio version is istio-1.13.0.
(If you are unable to find the Istio version, use ls command in the terminal and then you will see the istio directory.)
cd istio-1.13.0
1.3. Add the istioctl client to your path.
export PATH=$PWD/bin:$PATH
2. Install Istio
2.1. In this installation, we use the demo configuration profile.
istioctl install --set profile=demo -y
If your installation is successful, you will get the below result.
2.2. Add a namespace label to tell Istio to inject Envoy sidecar proxies automatically when you deploy your app later:
kubectl label namespace default \istio-injection=enabled
Note: Here, we are enabling envoy sidecar proxies injection for default namespace. If your application is going to be deployed in a different namespace, you will have to enable istio-injection for that particular namespace. For an example, let’s think my application is going to be deployed under the namespace, mesh-test. Then, you will have to change the above command like below.
kubectl label namespace mesh-test \istio-injection=enabled
Now, you have successfully set up Istio on K8s cluster!
3. Deploy the sample application
This is completely optional. If you have got your own application, deploy it with Istio and look at the results. However, istio directory has a sample application as well named bookinfo. Let’s deploy it and play around with it to become familiar with Istio.
3.1. Create the bookinfo namespace
kubectl create namespace bookinfo
3.2. Label the namespace to automatically create a sidecar for every container created in the bookinfo namespace.
kubectl label namespace bookinfo \istio-injection=enabled
3.3.Change directory to the Istio directory for the following commands to work.
cd istio-1.13.0
3.4. Create the bookinfo application in the bookinfo namespace using the YAML file provided with the download.
kubectl -n bookinfo apply -f \samples/bookinfo/platform/kube/bookinfo.yaml
This will install all of the BookInfo application’s components into the cluster’s bookinfo namespace.
Now, you can view all the components deployed with this application using a few commands.
3.5. You can get a list of the running services in the bookinfo namespace:
kubectl -n bookinfo get services
3.6. Display all of the pods running in the bookinfo namespace:
kubectl -n bookinfo get pods
This command shows all of the pods used to deliver the BookInfo application in a running state.
3.7. Now we will associate the BookInfo application with an Istio Service Mesh Ingress Gateway to enable the mesh to control the application flow by issuing the following command:
kubectl -n bookinfo apply -f \samples/bookinfo/networking/bookinfo-gateway.yaml
3.8. Now we need to know where to access the application. This command displays the Virtual IP Address on which the Load Balanced BookInfo application has been placed:
kubectl get svc istio-ingressgateway -n istio-system
If your Kubernetes cluster supports a LoadBalancer, the TYPE will be displayed as LoadBalancer, as in the following:
Using the example above, you can now access the BookInfo application by typing the following URL into your preferred browser:
http://34.81.53.32/productpage
Make sure to use the correct CLUSTER-IP or EXTERNAL-IP,as appropriate. The application will look like this:
When you refresh the URL, the stars displayed will randomly shift from RED to BLACK to NO STARS. This is intentional and is attached to the Load Balancing and Circuit Breaker Patterning Destination Rules described in the BookInfo application.
4. Conclusion
In this blog post, we were looking at how to set up Istio service mesh on Kubernetes and how to play around with deploying a sample application. We saw the sample bookinfo application as well.
The other most important thing which can be applicable with Istio is observability and traceability. Adding some observability add-ons to the implementation helps to enable us to see what is going on in the mesh and where there may be bottlenecks occurring or rules being applied. Kiali is a graphical dashboard, visualization tool, and user interface for Istio that allows you to view and modify the Istio configuration for your application directly in your web browser, and to visualize the behavior of your application. My next blog post will describe how to set up kiali in Istio.
Hope this blog post helped you! Thank You!
