Running Istio on IBM Cloud Private

A guide for IBM Cloud Private 1.2.0

Jesse Antoszyk
Jul 25, 2017 · 7 min read

Background

IBM Cloud private

IBM Cloud Private is a Kubernetes based platform that provides an integrated and private PaaS cloud platform for running on-premises enterprise workloads. The platform has three main use cases:

  • Developing and running production cloud native applications in a private cloud
  • Securely integrating and using data and services from sources external to the private cloud
  • Refactoring and modernizing heritage enterprise applications

For more information about IBM Cloud Private, see its official announcement page.

Istio

Istio is an encrypted service network mesh for microservices. Istio runs within Kubernetes, and its use requires no changes to the application code. Istio can manage traffic flows between microservices, enforce access policies, and aggregate telemetry data.
For more information about Istio, see Istio — About.

Install IBM Cloud Private

Install IBM Cloud Private V 1.2. See Installing a standard IBM Cloud Private environment for details.

Install kubectl

Install the Kubernetes command line interface, kubectl. See Install and Set Up kubectl.

The installation instructions for Linux are replicated below:

Download kubectl:

Make kubectl executable:

Move kubectl to your PATH:

To install kubectl for Power® 64-bit LE, you can obtain the installation binary from the IBM Cloud Private installation files. See Accessing your IBM Cloud Private cluster by using the kubectl CLI

For Power® 64-bit LE, run the following command:

Configure kubectl

Navigate to the IBM Cloud Private web console at https://<master_node_address>:8443 and log in. By default, the admin credentials are admin/admin.

Click admin to open the user menu and then click Configure Client. Copy the configuration information and paste it into the console of the machine where you installed kubectl. If you did not install kubectl on the master node of IBM Cloud Private, replace the server address in the first command with the web console URL that you use to access the dashboard.

Image for post
Image for post
Image for post
Image for post
  • The configuration information resembles the following code:

Check and Change Calico’s MTU

IBM Cloud Private uses Calico to manage network traffic. Calico is a scalable network fabric that can provide an IP-in-IP overlay for IP tunneling. Calico’s headers are 20 bytes, so you must set the maximum transmission unit (MTU) of the tunnel interface (tunl0 below) so that it is at least 20 bytes less than the size of the largest interfaces for each node in the IBM Cloud Private cluster.
To check the MTU values for each network interface, run this command from the master node of your cluster:

Review its output:

Scan the output for the interface with the lowest MTU value, excluding the the tunl0 interface. In this case, the ens3 interface has the lowest MTU value. Its MTU is 1450 bytes, and the MTU for tunl0, the tunnel, is 1440 bytes. Because of the 20 byte header size of messages in calico, the MTU size of the tunl0 interface must be reduced to to 1430 to avoid messages being lost.

To reduce the MTU size, download mtu.yaml from GitHub, and set the container arg value to 1430. The MTU size parameter is on line 22 of mtu.yaml.

The image name on line 45 of mtu.yaml references a placeholder. You must replace this image name parameter with the name of the calico-cal image that IBM Cloud Private uses. Determine the image name by running the following command:

The image value displays something like:

Specify the image name in line 45 of mtu.yaml.

To apply these changes to your environment, run this command:

Install the Helm and Istio

Return to the IBM Cloud Private dashboard.
Open the navigation menu and click System.

Image for post
Image for post

Click Repositories, then click Add Repository.

Image for post
Image for post

Add a repository with the name “incubator” and url http://storage.googleapis.com/kubernetes-charts-incubator.

Image for post
Image for post

Open the navigation menu and click App Center.

Image for post
Image for post

Locate the Istio package and click Install Package on its tile. The configuration page displays.

Image for post
Image for post

Scroll to the bottom, enable rbac.install, and click Review and Install. Review the settings and click Install.

Image for post
Image for post

Verify that the Istio Pods are Running

Before you test Istio, each Istio pods must be running:

In the command output, confirm that each pod is running.

Install the Istio CLI

Install istioctl, the Istio CLI. Run the following commands or follow the full installation instructions.

Download the Istio release:

Add istioctl to your local path:

Validate the Istio Install

The BookInfo App is the official Istio app. You can use this app to validate that your installation of Istio is working correctly. Install the Istio BookInfo app.

To install the BookInfo app, run this command:

After the pods initialize, confirm that they are running:

Review the output, and confirm that each pod has the Running status.

The istio ingress pod is a front-end proxy. The ingress pod and associated service act as a gateway for application communication between the outside world and istio-enabled applications. To communicate with the BookInfo application, we will need to know the public IP address of our cluster and the port that the Istio service is running. The commands below will accomplish that:

Run the following command:

If the command returns 200, then Istio has been successfully injected into the BookInfo application!

If you navigate to the URL that is in the curl command, a page like this one displays:

Image for post
Image for post

Conclusion

IBM Cloud Private is a Kubernetes based cloud platform. Running Istio within IBM Cloud Private allows for secure communication between running application with minimal additional configuration. Another example of using Istio can be found in Todd Kaplinger’s article Istio is not just for Microservices.

Originally published at developer.ibm.com.

IBM Cloud

Understand how to bring elastic runtimes to the Enterprise…

Jesse Antoszyk

Written by

DevOps Systems Engineer at BoxBoat Technologies. The opinions expressed here are my own.

IBM Cloud

IBM Cloud

Understand how to bring elastic runtimes to the Enterprise with effective security and data protection at scale.

Jesse Antoszyk

Written by

DevOps Systems Engineer at BoxBoat Technologies. The opinions expressed here are my own.

IBM Cloud

IBM Cloud

Understand how to bring elastic runtimes to the Enterprise with effective security and data protection at scale.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store