Istio almost immediately strikes you as enterprise grade software. Not so much because of the complexity it introduces, but more because of the features it adds to your service mesh. Must-have features packaged together in a coherent framework:

Traffic Management

Security Policies

Telemetry

Performance Tuning

Since microk8s positions itself as the local Kubernetes cluster developers prototype on, it is no surprise that deployment of Istio is made dead simple. Let’s start with the microk8s deployment itself:

> sudo snap install microk8s --classic

Istio deployment available with:

> microk8s.enable istio

There is a single question that we need to respond to at this point. Do we want to enforce mutual TLS authentication among sidecars? Istio places a proxy to your services so as to take control over routing, security etc. If we know we have a mixed deployment with non-Istio and Istio enabled services we would rather not enforce mutual TLS:



Enabling Istio

Enabling DNS

Applying manifest

service/kube-dns created

serviceaccount/kube-dns created

configmap/kube-dns created

deployment.extensions/kube-dns created

Restarting kubelet

DNS is enabled

Enforce mutual TLS authentication ( > microk8s.enable istioEnabling IstioEnabling DNSApplying manifestservice/kube-dns createdserviceaccount/kube-dns createdconfigmap/kube-dns createddeployment.extensions/kube-dns createdRestarting kubeletDNS is enabledEnforce mutual TLS authentication ( https://bit.ly/2KB4j04 ) between sidecars? If unsure, choose N. (y/N): y

Believe it or not we are done, Istio v1.0 services are being set up, you can check the deployment progress with:

> watch microk8s.kubectl get all --all-namespaces

We have packaged istioctl in microk8s for your convenience:

> microk8s.istioctl get all --all-namespaces

NAME KIND NAMESPACE AGE

grafana-ports-mtls-disabled Policy.authentication.istio.io.v1alpha1 istio-system 2m DESTINATION-RULE NAME HOST SUBSETS NAMESPACE AGE

istio-policy istio-policy.istio-system.svc.cluster.local istio-system 3m

istio-telemetry istio-telemetry.istio-system.svc.cluster.local istio-system 3m GATEWAY NAME HOSTS NAMESPACE AGE

istio-autogenerated-k8s-ingress * istio-system 3m