| Key | Value |
|---|---|
| Summary | This tutorial will guide you on installing Istio on Charmed Kubernetes |
| Categories | cloud, containers |
| Difficulty | 3 |
| Author | Marcelo Marcal marcelo.marcal@canonical.com |
Overview
Duration: 1:00
It is undeniable the advantages that cloud computing offers to companies of all sizes but brings DevOps the duty of maintaining and securing more complex deployments in a heterogeneous cloud environment.
The open source framework Istio helps connect, monitor, and secure microservices, including services running on Kubernetes Engine without requiring any service code changes.
This tutorial will guide you on installing Istio on your Charmed Kubernetes (CK).
What you’ll learn
- How to install Istio on your Charmed Kubernetes
- How to check if your Istio installation is working properly
- How to deploy a sample application
- How to clean up the sample application
What you’ll need
- An already installed Charmed Kubernetes
Having your CK cluster up and running, let’s start the install process on the next step!
Get your kubectl ready
Duration: 1:00
Kubectl command-line tool has to set up to allow you to control your Kubernetes cluster. If you haven’t installed or configured it, you’ll need to execute the following on the machine you have juju running on:
Create the ~/.kube directory
$ mkdir -p ~/.kube
Copy the configuration from your CK
$ juju scp kubernetes-master/0:config ~/.kube/config
Install the kubectl command-line tool
$ snap install kubectl --classic
Finally, check if you can list the control plane information of your cluster
$ kubectl cluster-info
Download Istio
Duration: 1:00
Download the lastest Istio release at https://github.com/istio/istio/releases
This tutorial is using the version 1.7.2.
$ wget https://github.com/istio/istio/releases/download/1.7.2/istio-1.7.2-linux-amd64.tar.gz
Extract the compressed file
$ tar -zxvf istio-1.7.2-linux-amd64.tar.gz
And then change the working directory to the newly created one.
$ cd istio-1.7.2
Add ./bin to your PATH environment variable.
$ export PATH=$PWD/bin:$PATH
To select a profile and install Istio, proceed to the next step.
Choose a configuration profile
Duration: 1:00
You’ll install the “demo” profile in this tutorial, but Istio has some other built-in configuration profiles that you can choose according to your needs:
$ istioctl profile list
Istio configuration profiles:
empty
minimal
preview
remote
default
demo
default
: Recommended for production deployments and primary clusters in a multicluster mesh.
demo
: configuration suitable to run the Bookinfo application and associated tasks.
minimal
: the minimal set of components necessary to use Istio’s traffic management features.
remote
: used for configuring remote clusters of a multicluster mesh.
preview
: contains experimental features.
empty
: an empty profile.
If you want in the future, install a different profile you can issue the command:
$ istioctl install --set profile=<profile name>
Install and verify your Istio deploy
Duration: 1:00
Install istio using the demo profile:
$ istioctl install --set profile=demo
âś” Istio core installed
âś” Istiod installed
âś” Egress gateways installed
âś” Ingress gateways installed
âś” Installation complete
Now, you can verify the deploy on istio-system namespace:
$ kubectl -n istio-system get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
istio-egressgateway 1/1 1 1 3m25s
istio-ingressgateway 1/1 1 1 3m25s
istiod 1/1 1 1 3m49s
Install the sample Bookinfo application
Duration: 4:00
Add the istio-injection=enabled label to the namespace that will host the application (the default namespace in this case):
$ kubectl label namespace default istio-injection=enabled
namespace/default labeled
Deploy the Bookinfo application:
$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
And check if details, productpage, ratings, and reviews services are installed:
$ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 10.152.183.201 <none> 9080/TCP 47s
kubernetes ClusterIP 10.152.183.1 <none> 443/TCP 5d1h
productpage ClusterIP 10.152.183.143 <none> 9080/TCP 46s
ratings ClusterIP 10.152.183.159 <none> 9080/TCP 47s
reviews ClusterIP 10.152.183.191 <none> 9080/TCP 47s
Check if all pods are in the Running status. It can take a few minutes, depending on your environment. Once each pod becomes ready, the Istio sidecar will be deployed along with it.
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-558b8b4b76-nq4bm 2/2 Running 0 5m11s
productpage-v1-6987489c74-c6pjz 2/2 Running 0 5m9s
ratings-v1-7dc98c7588-85k72 2/2 Running 0 5m10s
reviews-v1-7f99cc4496-87w7b 2/2 Running 0 5m10s
reviews-v2-7d79d5bd5d-ddq8x 2/2 Running 0 5m10s
reviews-v3-7dbcdcbc56-g9p6j 2/2 Running 0 5m9s
Verify if everything is working correctly up to this point. Run this command to see if the app is running inside the cluster and serving HTML pages by checking for the page title in the response:
$ kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -s productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>
It is expected that the “Simple Bookstore App” title shows on screen.
Launch the Bookinfo aplication from a browser
Duration: 1:00
Open the application to outside traffic by defining the ingress gateway:
$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
And then, verify the gateway has been created:
$ kubectl get gateway
NAME AGE
bookinfo-gateway 40s
Check for any issues on the default namespace:
$ istioctl analyze
âś” No validation issues found when analyzing namespace: default.
To access the sample application, get the port istio-ingressgateway port forwarding configuration by issuing:
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.152.183.36 <pending> 15021:31542/TCP,80:30778/TCP,443:30590/TCP,31400:30759/TCP,15443:31075/TCP 52m
Get hostIP from the istio ingresgateway host:
$ kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}'
192.168.210.18
Point the browser to the hostIP on the port that is forwarded to the pod 80 port (30778, in this case):
http://192.168.210.18:30778/productpage
You’ll notice if you reload this page, you will see different layouts for the “Book reviews” section because there are three versions of “reviews”, and Istio is not controlling the version routing yet.
Uninstall the Bookinfo application
Duration: 1:00
Once you have finished experimenting with the sample application, you can uninstall it by running the following command:
$ samples/bookinfo/platform/kube/cleanup.sh
namespace ? [default]
using NAMESPACE=default
virtualservice.networking.istio.io "bookinfo" deleted
gateway.networking.istio.io "bookinfo-gateway" deleted
Application cleanup may take up to one minute
service "details" deleted
serviceaccount "bookinfo-details" deleted
deployment.apps "details-v1" deleted
service "ratings" deleted
serviceaccount "bookinfo-ratings" deleted
deployment.apps "ratings-v1" deleted
service "reviews" deleted
serviceaccount "bookinfo-reviews" deleted
deployment.apps "reviews-v1" deleted
deployment.apps "reviews-v2" deleted
deployment.apps "reviews-v3" deleted
service "productpage" deleted
serviceaccount "bookinfo-productpage" deleted
deployment.apps "productpage-v1" deleted
Application cleanup successful
You can confirm that everything was removed listing virtualservices, gateway, and pods:
$ kubectl get virtualservices
No resources found in default namespace.
$ kubectl get gateway
No resources found in default namespace.
$ kubectl get pods
No resources found in default namespace.
That’s it!
Duration: 0:00
Congratulations! You made it!
At this point, you will have installed Istio, verified the installation, deployed the Bookinfo sample application, launched the application from the browser, and removed the application from your Charmed Kubernetes cluster.
Further reading
- The Istio documentation has everything you need to deploy, use, and operate Istio.
- If you want to know more about Charmed Kubernetes, please see the Kubernetes documentation on ubuntu.com