<aside>
Needs to be revisted and reworked
</aside>
A service mesh is a dedicated infrastructure layer for facilitating service-to-service communications between services or microservices, using a proxy (services talk to each other, mutual TLS, better observability, etc..)
minikube start # to create a cluster if non exists, use --vm=true if failed
curl -L <https://istio.io/downloadIstio> | sh -
cd istio-
export PATH=$PWD/bin:$PATH
istioctl install --set profile=demo -y
istioctl verify-install
There are also different profiles for production and performance testing (different environments need different profiles) when the command is run, Istio is deployed in the cluster in the form of deployment named istiod in a namespace called istio-system (istiod has the citadel, pilot and galley components) there are also other services such as istio-ingressgateway and istio-engressgateway
To inject Istio, run kubectl label namespace default istio-injection=enabled then create/apply your deployment. Run istioctl analyze to double check then kubectl get pods and you should see extra container in each pod
Visualizer for Istio (an svc) also beneficial to identify problems with service meshes. The file can be found within the Istio directory at /root/istio-1.15.0/samples/addons so just kubectl apply it
kubectl apply -f /root/istio-1.15.0/samples/addons
Kiali’s service file (just in case)
---
apiVersion: v1
kind: Service
metadata:
name: kiali-svc
namespace: istio-system
labels:
helm.sh/chart: kiali-server-1.38.0
app: kiali
app.kubernetes.io/name: kiali
app.kubernetes.io/instance: kiali
version: "v1.38.0"
app.kubernetes.io/version: "v1.38.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: "kiali"
annotations:
spec:
ports:
- name: http
protocol: TCP
port: 20001
nodePort: 30007
- name: http-metrics
protocol: TCP
port: 9090
nodePort: 30008
type: NodePort
selector:
app.kubernetes.io/name: kiali
app.kubernetes.io/instance: kiali
---
apiVersion: v1
kind: Service
metadata:
labels:
component: "server"
app: prometheus-svc
release: prometheus
chart: prometheus-14.3.0
heritage: Helm
name: prometheus
namespace: istio-system
spec:
ports:
- name: http
port: 9090
protocol: TCP
targetPort: 9090
nodePort: 30009
selector:
component: "server"
app: prometheus
release: prometheus
sessionAffinity: None
type: "NodePort"
---
Basically loadbalancers that sit on the edge of the mesh and work similar to Nginx’s Ingress for clients to be able to access the product page. The Istio gateway is the main configuration for the inbound and outbound mesh (recommended approach than just using Kubernetes Ingress). Kubernetes uses controllers like Nginx, Istio on the other hand uses Envoy Proxies (sidecars)
Gateway is also an object kind in Kubernetes
All routing rules are configured through an object kind called VirtualServices (define rules for traffic coming from the ingress-gateway into the mesh) when it’s created Istio applies the configurations to all Envoy sidecar proxies (note: destination routing rules are applied after routing)
Gateway def. file example
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: httpbin-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "httpbin.example.com"