Photo by Jeremy Bishop on Unsplash

by Nikita Mazur

Containerum Platform

As the complexity of microservice applications grows, it becomes extremely difficult to track and manage interactions between services. To address this problem and make service-to-service communication simpler and more efficient, several service mesh applications exist, including Istio and linkerd. In this article we will have a look at Istio.

But first, what is a service mesh?

Basically, it is a dedicated infrastructure layer that ensures communication between services. Over the last year service mesh has become one of the key trends in cloud managent. It is implemented as an array of lightweight proxies that are deployed on top of applications. Service mesh software handles routing, load balancing, provides logging, telemetry, etc.

Istio was first announced in 2017, and on July 31 version 1.0 was released. It is based on Envoy proxy (L7) by Lyft, which works on network level (TCP/IP) and HTTP, supports gRPC, collects statistics and supports many Service Discovery and Load Balancing methods.

Istio is a production-ready solution that aims at solving common issues of applications with microservice architecture:

Service discovery

Load balancing

High Availability

Endpoint monitoring

Dynamic routing

Security

… and more

One of the key benefits of Istio is that it can be launched ‘on top’ of an existing application — it deploys an Envoy proxy-server for each service as a sidecar-container inside the same Pod. It means you don’t have to make any change to the code of your applications.

In this tutorial we will install Istio, deploy a demo application and monitor its metrics in Grafana. Let’s install Istio first.

Install Istio

Installation is pretty easy. Download the installation file for your OS:



cd istio-1.0.2

export PATH=$PWD/bin:$PATH curl -L https://git.io/getLatestIstio | sh -cd istio-1.0.2export PATH=$PWD/bin:$PATH

Once in the Istio directory, run:

kubectl apply -f install/kubernetes/istio-demo-auth.yaml

This will create the istio-system namespace and grant RBAC permissions. Besides, it will deploy plugins for metrics and logs, configure mutual TLS authentication between Envoy sidecars, and install core Istio components:

Istio-Pilot for service discovery and for configuring the Envoy sidecar proxies

The Mixer components Istio-Policy and Istio-Telemetry for usage policies and gathering telemetry data

Istio-Ingressgateway, which serves as an ingress point for external traffic

Istio-Citadel, which automates key and certificate management for Istio.

Now let’s check if all components are running:

kubectl get service -n istio-system

And the same for pods:

kubectl get pods -n istio-system

Ok, now let’s deploy a sample application!

Deploy the BookInfo sample application

To see how Istio works we will deploy BookInfo application. This is a simple application made up of four services. The source code and all the other files used in this example are located at the local Istio installation’s samples/bookinfo directory.

To enable Istio to manage services, it is necessary to inject a sidecar container to a pod:

kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)

Confirm that the application has been deployed correctly by running the following commands:

kubectl get services

Check the pods:

kubectl get pods

Finally, define the ingress gateway routing for the application to make it accessible from the outside:

kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

Check it:

kubectl get svc -n istio-system

Now this can be important: we have created a Load Balancer type of Service. If your service provider doesn’t support Load Balancers, create a ClusterIP service instead:

apiVersion: v1

kind: Service

metadata:

labels:

app: istio-ingressgateway

chart: gateways-1.0.1

heritage: Tiller

istio: ingressgateway

release: RELEASE-NAME

name: istio-ingressgateway

namespace: istio-system

spec:

ports:

- name: http2

port: 80

protocol: TCP

targetPort: 80

- name: https

port: 443

protocol: TCP

targetPort: 443

- name: tcp

port: 31400

protocol: TCP

targetPort: 31400

- name: tcp-pilot-grpc-tls

port: 15011

protocol: TCP

targetPort: 15011

- name: tcp-citadel-grpc-tls

port: 8060

protocol: TCP

targetPort: 8060

- name: tcp-dns-tls

port: 853

protocol: TCP

targetPort: 853

- name: http2-prometheus

port: 15030

protocol: TCP

targetPort: 15030

- name: http2-grafana

port: 15031

protocol: TCP

targetPort: 15031

externalIPs:

- 192.168.0.1 # your external IP here

selector:

app: istio-ingressgateway

istio: ingressgateway

sessionAffinity: None

type: ClusterIP

Don’t forget to put your external IP instead of 192.168.0.1. Save as istio-svc.yaml and then run:

kubectl create -f istio-svc.yaml

Let’s generate some load and send it to our sample app and see how Istio tracks it. For this purpose we’ll be using wrk utility. Let’s install it.

For CentOS:



sudo yum install -y openssl-devel git

git clone

cd wrk

make

sudo cp wrk /usr/bin sudo yum groupinstall ‘Development Tools’sudo yum install -y openssl-devel gitgit clone https://github.com/wg/wrk.git wrkcd wrkmakesudo cp wrk /usr/bin

For Ubuntu:

sudo apt-get install build-essential libssl-dev git -y

git clone https://github.com/wg/wrk.git wrk

cd wrk

sudo make

# move the executable to somewhere in your PATH, ex:

sudo cp wrk /usr/local/bin

Once installed, export your External IP address and launch wrk:

It’s time to go to Grafana to see what’s going on.

First, find the Grafana pod:

kubectl get po -n istio-system

Copy the name of the pod and forward it to port 3000:

kubectl port-forward %grafana-pod -n istio-system 3000

Open your browser: http://127.0.0.1:3000/ and go to ‘Istio Mesh Dashboard’.

You should see something like this:

This particular dashboard reflects the traffic that was generated as well as the global view of the services and workloads in the mesh. You can click on each particular service and see detailed stats, e.g.:

You can find more information about visualizing metrics in Grafana in the official docs.

Conclusion

We have just deployed Istio, a sample application and saw how to monitor it using Grafana. The article is a very basic introduction to Istio, and to learn more about it I’d suggest checking out the docs which are really well written and easy to understand.

Do you use service mesh software in your clusters? Please, share! And don’t forget to follow us on Twitter and join our Telegram chat to stay tuned!

Containerum Platform is an open source project for managing applications in Kubernetes available on GitHub. We are currently looking for community feedback, and invite everyone to test the platform! You can submit an issue, or just support the project by giving it a ⭐. Let’s make cloud management easier together!