Implement Service Mesh Features With Istio Part 1 (Installing Components)

Install Istio, Kiali and Other Components In K8s Cluster

Posted by vmt1991 on 20 Apr 2024
Linux-Unix

I/Overview:

- A K8s administrator or developer may have demands in daily jobs as:

+ Has a simple solution for new members joining to team can know diagram and how all component of an existing deployed application working quickly.

+ Clearly understand performance (timeout, status-code,…) in communication between each services in application.

+ Implement more advanced features as security, monitoring, load balancing for containers.

=> Istio for Kubernetes is a service networking layer can implement transparently in cluster and offering all above demands.

- Component of Istio architecture include data plane and control plane:

+ Control Plane called istiod will manage all configuration, certificate and information of services. Istiod will dynamically manage and update all proxy servers (data plane) in cluster.

+ Data Plane called Proxy using Envoy proxy software deployed as sidecar container in every Pod of application. This proxy can intercepts all inbound and outbound traffic for all services (network traffic)and used for all functions as load-balancing, service-to-service authentication, authorization, health checking, and more.

II/Install Istio Using istioctl tool:

1/Download the Istio release:

# curl -L https://istio.io/downloadIstio | sh -

# cd istio-1.21.1

Re export PATH environment include istioctl client binary in bin folder

2/Install Istio:

- Load kernel module need for istio:

# cat <<EOT >> /etc/modules-load.d/k8s.conf

overlay

br_netfilter

nf_nat

xt_REDIRECT

xt_owner

iptable_nat

iptable_mangle

iptable_filter

EOT

# modprobe xt_owner; modprobe iptable_nat; modprobe iptable_mangle; modprobe iptable_filter

- Install Istio with demo profile

# istioctl install --set profile=demo -y

(there are many configuration profiles using when install istio: https://istio.io/latest/docs/setup/additional-setup/config-profiles/)

- All component of Istio deployed on namespace istio-system

- Add a namespace label to instruct Istio to automatically inject Envoy sidecar proxies when you deploy your application

# kubectl label namespace default istio-injection=enabled

3/Install Kiali and Jaeger component:

- Using Helm for installing Kiali for production environment:

- Install Helm first:

# curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3

# chmod 700 get_helm.sh

# ./get_helm.sh

- Adding the Kiali Helm Charts repository

# helm repo add kiali https://kiali.org/helm-charts

# helm repo update

- Installing Kiali using the Kiali operator (option --set cr.namespace=istio-system flags instructs to create a Kiali CR in the istio-system namespace)

# helm install \

    --set cr.create=true \

    --set cr.namespace=istio-system \

    --set cr.spec.auth.strategy="anonymous" \

    --namespace kiali-operator \

    --create-namespace \

    kiali-operator \

    kiali/kiali-operator

- Change service kiali in namespace istio-system from ClusterIP to NodePort (use port 32009)

# kubectl edit svc kiali -n istio-system

- Accessing Kiali dashboard using IP K8s node and port 32009

- Kialo currently cannot visualize application graph because still missing one component is Prometheus and Grafana.

- Install Jaeger component for tracing components in applications

# kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.21/samples/addons/jaeger.yaml

4/Install Prometheus and Grafana:

- Prometheus is an open source monitoring system with a time series database and a dimensional data model, flexible query language. You can use Prometheus with Istio to record metrics that track the health of Istio and of applications within the service mesh

# kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.21/samples/addons/prometheus.yaml

- Grafana is an open source monitoring solution that can be used to configure dashboards for Istio. You can use Grafana to monitor the health of Istio and of applications within the service mesh

# kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.21/samples/addons/grafana.yaml

- After deploy Prometheus and Grafana component on Kiali can display resource usage by Istio control plane

5/Deploy example application and using Kiali for visualizing and tracking performance metric:

- Using Helm install wordpress application in default namespace (already labeling istio-injection=enabled):

# cd  /sources
# helm pull --untar oci://registry-1.docker.io/bitnamicharts/wordpress
- Edit parameter persistence.enabled=false and mariadb.primary.persistence.enabled=false  in file value.yaml

- Add 2 custom label named app and version for Istio proxy reporting function

# helm install --namespace default wordpress-example \
  --set wordpressUsername=admin \
  --set wordpressPassword=admin123 \
  --set mariadb.auth.rootPassword=admin123 .

- Wordpress deploy successful and can be access using service NodePort with port 31658

- Return to Kiali dashboard menu Application already display app Wordpress (label app and version add to helm chart inprevious step)