Install Istio on Charmed Kubernetes

1. Overview

It is undeniable the advantages that cloud computing offers to companies of all sizes but brings DevOps the duty of maintaining and securing more complex deployments in a heterogeneous cloud environment.

The open source framework Istio helps connect, monitor, and secure microservices, including services running on Kubernetes Engine without requiring any service code changes.

This tutorial will guide you on installing Istio on your Charmed Kubernetes (CK).

What you’ll learn

  • How to install Istio on your Charmed Kubernetes
  • How to check if your Istio installation is working properly
  • How to deploy a sample application
  • How to clean up the sample application

What you’ll need

  • An already installed Charmed Kubernetes

Having your CK cluster up and running, let’s start the install process on the next step!


2. Get your kubectl ready

Kubectl command-line tool has to set up to allow you to control your Kubernetes cluster. If you haven’t installed or configured it, you’ll need to execute the following on the machine you have juju running on:

Create the ~/.kube directory

$ mkdir -p ~/.kube

Copy the configuration from your CK

$ juju scp kubernetes-master/0:config ~/.kube/config

Install the kubectl command-line tool

$ snap install kubectl --classic

Finally, check if you can list the control plane information of your cluster

$ kubectl cluster-info

3. Download Istio

Download the lastest Istio release at https://github.com/istio/istio/releases

This tutorial is using the version 1.7.2.

$ wget https://github.com/istio/istio/releases/download/1.7.2/istio-1.7.2-linux-amd64.tar.gz

Extract the compressed file

$ tar -zxvf istio-1.7.2-linux-amd64.tar.gz

And then change the working directory to the newly created one.

$ cd istio-1.7.2

Add ./bin to your PATH environment variable.

$ export PATH=$PWD/bin:$PATH

To select a profile and install Istio, proceed to the next step.


4. Choose a configuration profile

You’ll install the “demo” profile in this tutorial, but Istio has some other built-in configuration profiles that you can choose according to your needs:

$ istioctl profile list
Istio configuration profiles:
    empty
    minimal
    preview
    remote
    default
    demo

default
: Recommended for production deployments and primary clusters in a multicluster mesh.

demo
: configuration suitable to run the Bookinfo application and associated tasks.

minimal
: the minimal set of components necessary to use Istio’s traffic management features.

remote
: used for configuring remote clusters of a multicluster mesh.

preview
: contains experimental features.

empty
: an empty profile.

If you want in the future, install a different profile you can issue the command:

$ istioctl install --set profile=<profile name>

5. Install and verify your Istio deploy

Install istio using the demo profile:

$ istioctl install --set profile=demo
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete

Now, you can verify the deploy on istio-system namespace:

$ kubectl -n istio-system get deploy
NAME                   READY   UP-TO-DATE   AVAILABLE   AGE
istio-egressgateway    1/1     1            1           3m25s
istio-ingressgateway   1/1     1            1           3m25s
istiod                 1/1     1            1           3m49s

6. Install the sample Bookinfo application

Add the istio-injection=enabled label to the namespace that will host the application (the default namespace in this case):

$ kubectl label namespace default istio-injection=enabled
namespace/default labeled

Deploy the Bookinfo application:

$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created

And check if details, productpage, ratings, and reviews services are installed:

$ kubectl get services
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
details       ClusterIP   10.152.183.201   <none>        9080/TCP   47s
kubernetes    ClusterIP   10.152.183.1     <none>        443/TCP    5d1h
productpage   ClusterIP   10.152.183.143   <none>        9080/TCP   46s
ratings       ClusterIP   10.152.183.159   <none>        9080/TCP   47s
reviews       ClusterIP   10.152.183.191   <none>        9080/TCP   47s

Check if all pods are in the Running status. It can take a few minutes, depending on your environment. Once each pod becomes ready, the Istio sidecar will be deployed along with it.

$ kubectl get pods
NAME                              READY   STATUS    RESTARTS   AGE
details-v1-558b8b4b76-nq4bm       2/2     Running   0          5m11s
productpage-v1-6987489c74-c6pjz   2/2     Running   0          5m9s
ratings-v1-7dc98c7588-85k72       2/2     Running   0          5m10s
reviews-v1-7f99cc4496-87w7b       2/2     Running   0          5m10s
reviews-v2-7d79d5bd5d-ddq8x       2/2     Running   0          5m10s
reviews-v3-7dbcdcbc56-g9p6j       2/2     Running   0          5m9s

Verify if everything is working correctly up to this point. Run this command to see if the app is running inside the cluster and serving HTML pages by checking for the page title in the response:

$ kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -s productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>

It is expected that the “Simple Bookstore App” title shows on screen.


7. Launch the Bookinfo aplication from a browser

Open the application to outside traffic by defining the ingress gateway:

$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created

And then, verify the gateway has been created:

$ kubectl get gateway
NAME               AGE
bookinfo-gateway   40s

Check for any issues on the default namespace:

$ istioctl analyze
✔ No validation issues found when analyzing namespace: default.

To access the sample application, get the port istio-ingressgateway port forwarding configuration by issuing:

$ kubectl get svc istio-ingressgateway -n istio-system
NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                                                                 AGE
istio-ingressgateway   LoadBalancer   10.152.183.36   <pending>     15021:31542/TCP,80:30778/TCP,443:30590/TCP,31400:30759/TCP,15443:31075/TCP   52m

Get hostIP from the istio ingresgateway host:

$ kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}'
192.168.210.18

Point the browser to the hostIP on the port that is forwarded to the pod 80 port (30778, in this case):

http://192.168.210.18:30778/productpage

You’ll notice if you reload this page, you will see different layouts for the “Book reviews” section because there are three versions of “reviews”, and Istio is not controlling the version routing yet.


8. Uninstall the Bookinfo application

Once you have finished experimenting with the sample application, you can uninstall it by running the following command:

$ samples/bookinfo/platform/kube/cleanup.sh
namespace ? [default]
using NAMESPACE=default
virtualservice.networking.istio.io "bookinfo" deleted
gateway.networking.istio.io "bookinfo-gateway" deleted
Application cleanup may take up to one minute
service "details" deleted
serviceaccount "bookinfo-details" deleted
deployment.apps "details-v1" deleted
service "ratings" deleted
serviceaccount "bookinfo-ratings" deleted
deployment.apps "ratings-v1" deleted
service "reviews" deleted
serviceaccount "bookinfo-reviews" deleted
deployment.apps "reviews-v1" deleted
deployment.apps "reviews-v2" deleted
deployment.apps "reviews-v3" deleted
service "productpage" deleted
serviceaccount "bookinfo-productpage" deleted
deployment.apps "productpage-v1" deleted
Application cleanup successful

You can confirm that everything was removed listing virtualservices, gateway, and pods:

$ kubectl get virtualservices
No resources found in default namespace.
$ kubectl get gateway
No resources found in default namespace.
$ kubectl get pods
No resources found in default namespace.

9. That’s it!

Congratulations! You made it!

At this point, you will have installed Istio, verified the installation, deployed the Bookinfo sample application, launched the application from the browser, and removed the application from your Charmed Kubernetes cluster.

Further reading