Istio 1.X — QuickStarter guide

Kubernetes is hailed as a modern-day operating system for cloud-native applications. It simplifies application deployment and management for applications running in the cloud.

However, when running applications deployed in production, security and failures cannot be overlooked. Kubernetes is not providing that magic stick that heals every issue or helps in troubleshooting and tracing errors/latencies for complex microservices architecture, etc... This is where Istio comes into play!

For a helicopter view on Istio and its architecture, I advise you to check my previous post, “Service Mesh — A new era for Microservices”.

Hands-on! Get it right

One of the quickest ways to get started with Istio is to leverage the natively provided installation profiles. These profiles are designed to showcase the basic Istio capabilities with modest resource requirements, where they contain an Istio control plane (also called Istiod), Istio Gateways (ingress/egress), and a few add-on components.

Never deploy “Defaults” into Production environments!

In the below paragraphs, together will install Istio while selecting the natively provided “demo” profile. We’ll validate the installation and examine its artifacts.

Istio Setup

While we have the option to use either “istioctl”, “Helm”, or the “Istio operator” to install Istio, in this paragraph, we will be relying on “istioctl” commands.

Please double check the most Istio compatible version with your Kubernetes cluster (Kubernetes 1.20 is only compatible with Istio v1.10 and above).

Setting up Istio is a matter of launching some commands to download a specific version of Istion, followed by setting up the Path Environment variable and then applying the desired profile to the Kubernetes cluster.

curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.10.0 sh -
export PATH=istio-1.11.1/bin:$PATH

Once the Path is updated, we can arrange some quick checks, such as verifying the installed version and pre-installation health-check.

istioctl version
istioctl x prechec

The above pre-installation step should not raise any issue.

Let’s quickly dump/list the existing profiles and fire the setup using the “Demo” profile, as below:

istioctl profile list
istioctl install --set profile=demo -y

The installation requires a few minutes to complete.

While waiting, feel free to “kubectl-watch” the Istio components getting deployed (Secrets, CRDs, Pods, and more..)

watch -n 1 kubectl get all,cm,secrets,envoyfilters -n istio-system
kubectl get crds -n istio-system

An easier way to verify the setup progress is using “IstioCtl verify-install”. Its output looks as below:

istioctl verify-install

Istio is Up & Running :) Piece of cake, right?

Istio Dashboard and Telemetry

Dealing with Istio is tricky and challenging without proper dashboarding and other capabilities (tracing, traffic routing, etc.).

Kiali, Jaeger, Grafana, Prometheus, and more are easily installable and well-integrated with Istio. A convenient way to install them is by using the natively provided addons:

kubectl apply -f samples/addonsv
kubectl get pods -n istio-system

Istio dashboards are in hands! Enjoy its complexity ;)

What’s next?

The Mesh layer is thoroughly set up to satisfy your needs. From here, you can start deploying your favorite Apps to the Kubernetes cluster, exposing the service to the Istio Ingress Gateway, and configure secure access to the service.

To be covered in a future post; Stay tuned.

From now on, Istio-Ingress and Istio-Egress gateways are the only paths to enable traffic into/from the mesh.

Please provide me with your valuable feedback and comments.