Istio
- It is an open-source service mesh.
- It operates as a transparent layer among microservices within an application.
- Originally created by Google, IBM, and Lyft, it now falls under the CNCF.
- Managing, securing, and monitoring traffic between microservices.
Why Istio ?
- Istio employs a sidecar proxy (Envoy) alongside each microservice.
- These proxies intercept and manage all incoming and outgoing traffic within the application.
- Their role is crucial as they enable Istio to control traffic flow, enforce security policies, and gather telemetry data.
- Istio's control plane, consisting of components like Pilot and Mixer:
- Configures and monitors these proxies.
- Ensures consistent and coordinated behavior across all microservices.
Benifits of using Istio:
- Traffic Management
- Circuit Breaking and Request Retries
- Eases Microservices Management
- Policy Enforcement at Network Level
- Security
- Load Balancing
Prerequisites :
- A running Kubernetes cluster: This can be a self-managed cluster or a managed service like Amazon EKS.
- Kubectl – Kubernetes command-line tool.
- Helm – Package manager for Kubernetes.
Steps to install Istio using Helm charts
There are three steps involved in the process
- Add Istio repository to Helm
- Install Istio base chart
- Install Istio control plane
Step #1: Add Istio repository to Helm
Istio repository contains the necessary configurations and Istio charts for installing Istio. The first step is to add it to Helm by running the command below.
helm repo add istio https://istio-release.storage.googleapis.com/charts
Now, update Helm repository to get the latest charts:
helm repo update
istioctl x precheck
The istioctl x precheck command is used in the Istio service mesh to perform pre-installation checks before deploying Istio
Step #2: Install Istio base chart
Enter the following command to install the Istio base chart, which contains cluster-wide Custom Resource Definitions (CRDs). (Note that this is a requirement for installing the Istio control plane.)
helm install istio-base istio/base -n istio-system --create-namespace --set defaultRevision=default
In the above command,
istio-base
andistio/base
represent the chart name and the chart path, respectively.The chart will be installed in
istio-system
namespace. Since the namespace does not exist already, we passed the argument–create-namespace
to create it. The namespace will set up the validator required for Istio.defaultRevision: As the Istio base chart sets up a
ValidatingWebhookConfiguration
to perform resource validation, it is necessary to select a default revision that will be used for validation. We will use thedefault
revision here.
Step #3: Install Istio control plane
The below command will install the Istio control plane component, Istiod, into the istio-system
namespace.
helm install istiod istio/istiod -n istio-system --wait
Verify Istio base and Istiod deployment status
By running the following command, we can see the deployment status of istio-base and istiod.
helm ls -n istio-system
Also, run the following command to verify if it is actually running:
kubectl get deployments -n istio-system -o wide
We can see that the istiod
service’s pod is running.
If you prefer a video tutorial to help guide you through the process of Install Istio Using Helm Chart in AWS EKS
Top comments (0)