Skip to content

Istio

Overview

Istio is a popular service mesh with below functionalities:

  • Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic.

  • Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.

  • A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.

  • Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.

  • Secure service-to-service communication in a cluster with strong identity-based authentication and authorization.

What Will You Do

In this exercise,

  • You will create a cluster blueprint with "Istio" addon
  • You will then apply this cluster blueprint to a managed cluster

Important

This tutorial describes the steps to create and use a Istio based blueprint using the Web Console. The entire workflow can also be fully automated and embedded into an automation pipeline.

Assumptions

  • You have already provisioned or imported a Kubernetes cluster using the controller

Step 1: Download Istioctl

In this example, we will be using istio-1.6.8. Follow the below steps to download this release.

curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.6.8 TARGET_ARCH=x86_64 sh -

This will download the istio-1.6.8 release and untar the contents to "istio-1.6.8" directory.

Step 2: Generate Istio manifest

In this step, we will be generating the istio manifest which we will use for our deployment. Istio supports various deployment scenarios and provides an easy way to select them using profiles.

The components marked as X are installed within each profile:

default demo minimal remote empty preview
Core Components
istio-egressgateway x
istio-ingressgateway x x x
istiod x x x x

In this example, we will be using demo profile.

cd istio-1.6.8/bin
./istioctl manifest generate --set profile=demo > istio-1-6-8.yaml

Manifest is generated at istio-1.6.8/bin/istio-1-6-8.yaml

Step 3: Create Addon

  • Login into the Web Console and navigate to your Project as an Org Admin or Infrastructure Admin
  • Under Infrastructure, select "Namespaces" and create a new namespace called "istio-system"
  • Select "Addons" and "Create" a new Addon called "istio"
  • Ensure that you select "k8s YAML" for type and select the namespace as "istio-system"
  • Click CREATE to next step
  • Select "New Version" and give it a name called "v1.6.8"
  • Select Upload and chose the generated manifest file from "Step 2"
  • Click "SAVE CHANGES"

Create Istio addon

Step 4: Create Blueprint

Now, we are ready to assemble a custom cluster blueprint using this addon.

  • Under Infrastructure, select "Blueprints"
  • Create a new blueprint and give it a name such as "istio"
  • Select "New Version" and give it a version name. Ex: istio-1.6.8
  • Under Add-Ons, select "ADD MORE" and chose the "istio" addon created in Step 3.

Create Custom Blueprint

Step 5: Apply Blueprint

Now, we are ready to apply this blueprint to a cluster.

  • Click on Options for the target Cluster in the Web Console
  • Select "Update Blueprint" and select the "istio" blueprint from the dropdown and for the version select "istio-1.6.8" from the dropdown.
  • Click on "Save and Publish".

This will start the deployment of the addons configured in the "istio" blueprint to the targeted cluster. The blueprint sync process can take a few minutes. Once complete, the cluster will display the current cluster blueprint details and whether the sync was successful or not.

Apply Custom Blueprint

Step 6: Verify Deployment

Users can optionally verify whether the correct resources have been created on the cluster.

  • Click on the Kubectl button on the cluster to open a virtual terminal

First, we will verify if the istio-system namespace has been created

kubectl get ns istio-system

Next, we will verify if the pods are healthy in the "istio-system" namespace

kubectl get po -n istio-system
NAME                                    READY   STATUS    RESTARTS   AGE
grafana-5dc4b4676c-h6bdz                1/1     Running   0          3h26m
istio-egressgateway-6d98c888ff-6rcs5    1/1     Running   0          3h26m
istio-ingressgateway-6bff4c6896-6g9vc   1/1     Running   0          3h26m
istio-tracing-8584b4d7f9-67pnj          1/1     Running   0          3h26m
istiod-587bbdc654-tt9d5                 1/1     Running   0          3h26m
kiali-6f457f5964-gwll9                  1/1     Running   0          3h26m
prometheus-5db67458fb-5vlz7             2/2     Running   0          3h26m

Recap

Congratulations! You have successfully created a custom cluster blueprint with the "istio" addon and applied to a cluster.