Recently we don't have a day that we never hear about "service mesh" at all.
The best way to understand misterious technology is trying it out by youeself.
We are so lucky to be born in this rich age that we have Amazon EKS, yes we can try cloud native tools whenever we like!
In this article I show you how to get started with Istio, one of the most popular OSS in the service mesh world.
Don't forget to try related tools for observability in the later part here, such as Kiali, Grafana, and Jaeger.
(For Japanese I have the same post here)
https://qiita.com/minorun365/items/f02eaa0786536741223a
What to prepare
- a PC for hands-on
- a CLI terminal app
- an AWS account
Istio & Kiali hands-on
Install tools
Install AWS CLI.
https://docs.aws.amazon.com/ja_jp/cli/latest/userguide/getting-started-install.html
Initial setup for AWS CLI and register your AWS account.
https://docs.aws.amazon.com/ja_jp/cli/latest/userguide/getting-started-quickstart.html
Execute below in your terminal app.
$ aws configure
AWS Access Key ID [None]: ********
AWS Secret Access Key [None]: ********
Default region name [None]: ap-northeast-1
Default output format [None]: json
You can check your access key ID and a secret via AWS Management Console.
Install eksctl and kubectl. It's easy to use Homebrew.
https://docs.aws.amazon.com/ja_jp/eks/latest/userguide/eksctl.html
https://kubernetes.io/ja/docs/tasks/tools/install-kubectl/
Create EKS Cluster
Execute command for creating EKS cluster via terminal.
$ eksctl create cluster --name "CLUSTER NAME AS YOU LIKE"
Enjoy coffee for 20 minutes so you can get a list of your woker nodes.
$ kubectl get node
NAME STATUS ROLES AGE VERSION
ip-192-168-26-107.ap-northeast-1.compute.internal Ready <none> 13m v1.22.6-eks-7d68063
ip-192-168-73-174.ap-northeast-1.compute.internal Ready <none> 13m v1.22.6-eks-7d68063
Install Istio
The official website of Istio provides us fabulous "Getting Started" guide so we use it here.
https://istio.io/latest/docs/setup/getting-started/
Download the latest Istio. 1.14.1 in this example.
$ curl -L https://istio.io/downloadIstio | sh -
Move Istio directory you downloaded.
$ cd istio-1.14.1
Add an environment variable into your PC.
$ export PATH=$PWD/bin:$PATH
Install istiocel.
$ istioctl install --set profile=demo -y
Don't forget to check your Istio version.
$ istioctl version
client version: 1.14.1
control plane version: 1.14.1
data plane version: 1.14.1 (2 proxies)
Enable namespace setting for Istio on your EKS cluster.
$ kubectl label namespace default istio-injection=enabled
namespace/default labeled
Deploy sample app on EKS
Deploy sample app named "bookinfo" on your EKS cluster.
$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
Check the service you deployed.
$ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 10.100.124.27 <none> 9080/TCP 4m14s
kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 49m
productpage ClusterIP 10.100.251.75 <none> 9080/TCP 4m13s
ratings ClusterIP 10.100.54.25 <none> 9080/TCP 4m14s
reviews ClusterIP 10.100.249.201 <none> 9080/TCP 4m13s
Wait a minute and find your pods waking.
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-7d88846999-j97r2 2/2 Running 0 98s
productpage-v1-7795568889-vzg9j 2/2 Running 0 98s
ratings-v1-754f9c4975-btfk9 2/2 Running 0 98s
reviews-v1-55b668fc65-rg2ft 2/2 Running 0 98s
reviews-v2-858f99c99-dkmmk 2/2 Running 0 98s
reviews-v3-7886dd86b9-m9xqh 2/2 Running 0 98s
Execute an command below on your pod for "ratings" app and you may get title section of an HTML page.
$ kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>
Enable external access to sample app
Deploy Ingress Gateway on you EKS Cluster.
$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
Check if there is no poblems on your service mesh.
$ istioctl analyze
✔ No validation issues found when analyzing namespace: default.
Confirm an External IP of the Ingress Gateway service.
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.100.8.158 ********.ap-northeast-1.elb.amazonaws.com 15021:32244/TCP,80:31172/TCP,443:32028/TCP,31400:32681/TCP,15443:30730/TCP 29m
Set environment variables for Ingress.
$ export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
$ export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
$ export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
$ export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
Check a combination of external host name and port number.
$ echo "$GATEWAY_URL"
********.ap-northeast-1.elb.amazonaws.com:80
Try external access.
$ open http://$GATEWAY_URL/productpage
Got it! You can access bookinfo app via your web browser.
Get o11y with dashboards
Deploy monitoring add-ons like Kiali and Grafana.
$ kubectl apply -f samples/addons
Execute below and wait for deploying Kiali.
$ kubectl rollout status deployment/kiali -n istio-systemWaiting for deployment "kiali" rollout to finish: 0 of 1 updated replicas are available...
deployment "kiali" successfully rolled out
Then launch Kiali.
$ istioctl dashboard kiali
You may successfully access to Kiali via web browser.
Open "Graph" in left columun and change namespace to "Select all" then you can see your service mesh graphically.
Grafana & Jaeger hands-on
You may be wise to find that you already have famous monitoring tools in samples/addons you installed for Kiali.
- Prometheus
- Grafana
- Jaeger
- Zipkin
Now you've deployed above so try to launch them.
Try Grafana
First launch Grafana, OSS for monitoring dashboard.
$ istioctl dashboard grafana
You can access preset dashboard for Istio, clicking Dashboard > Browse in left pane.
Try to open "Istio Control Plane Dashboard.”
Try Jaeger
Next try Jeager, OSS for distributed tracing.
Enable tracing.
istioctl install --set meshConfig.enableTracing=true
This will install the Istio 1.14.1 default profile with ["Istio core" "Istiod" "Ingress gateways"] components into the cluster. Proceed? (y/N) y
Launch Jaegar.
$ istioctl dashboard jaeger
Set any service in left pane and search traces.
You can find details of a trace if you click a marker of the trace in a graph in right pane.
For next steps
Next I'm excited to try "Next steps" contents in Istio official page.
https://istio.io/latest/docs/setup/getting-started/#next-steps
Of cource, I'm really interested in trying AWS App Mesh as well!
When you quit this hands-on, clean up your environment as below.
- Delete your EKS cluster
$ eksctl delete cluster --name "YOUR CLUSTER NAME"
- Clear your environment variables
$ unset INGRESS_HOST
$ unset INGRESS_PORT
$ unset SECURE_INGRESS_PORT
$ unset GATEWAY_URL
Top comments (0)