Service Mesh with Istio

Course

Intro Video

Photo of Michael McClaren

Michael McClaren

Linux Training Architect I in Content

Length

05:10:38

Difficulty

Advanced

Course Details

In this course we will be looking at Istio and its capabilities. We will inspect its architecture and how it is installed. We will install it in a Docker environment as well as a Kubernetes cluster and get some insight into the types of problems that Istio solves.

Interactive Diagram: https://interactive.linuxacademy.com/diagrams/ServiceMeshwithIstio.html

Syllabus

Welcome

Why Are We Here?

Course Intro

00:02:12

Lesson Description:

In this short introductory video I talk briefly about the prerequisites for this course, and the version of Istio that I'm using. This this is an advanced course, and there will not be much time spent explaining commands that are, used unless they are specific to Isio.

About the Author

00:00:21

Lesson Description:

This is just a short intorduction for those who have not taken one of my courses.

The Basics

Istio Concepts

What Is Istio and What Can It Do?

00:07:57

Lesson Description:

In this lesson we will discuss the 3 core features of Istio Traffic Management, Security, and Observability. We will discuss examples from each of the three and how they can be used to secure production environments. This base knowledge will be used to further our understanding of Istio in the lessons that follow.

Overview of Istio Components

00:05:12

Lesson Description:

In this lesson we will look at the architecture of Istio and the components that make up that architecture. We will see what role of each component plays, and we will look at where they are deployed. Once we have a grasp of the physical layout, we can better understand how Istio does its job.

How Istio Does Its Job

00:07:16

Lesson Description:

In this last lesson of the concepts section we will look at how packets traverse the Istio mesh. Istio uses configured intelligent proxies to route packets. This is something that we need to understand so that in later lessons, when we are configuring the routing and traffic mangement policies, we know how those policies are applied.

Putting Istio to Work

Deploying Istio

Istio with Docker

00:12:23

Lesson Description:

In this lesson we will be installing Istio in a Docker environment. We will take a quick look at the moving parts and how they work together, as well as installing an application and ensuring the everything is working as expected. Although we are covering installation into a Docker environment, this is not as feature rich as some other installations. This is included here because it is officially documented and there is some talk of more features being added in the future. Commands used in this lesson: Add current user to docker group sudo usermod -aG docker cloud_user Install docker-compose and make it executable sudo curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-Linux-x86_64" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose Download Istio and unpack it wget https://github.com/istio/istio/releases/download/1.0.6/istio-1.0.6-linux.tar.gz tar -xvf istio-1.0.6-linux.tar.gz Preconfigure kubectl for pilot kubectl config set-context istio --cluster=istio kubectl config set-cluster istio --server=http://localhost:8080 kubectl config use-context istio Create a DOCKER_GATEWAY environment variable export DOCKER_GATEWAY=172.28.0.1: Bring up Istio's control plane Remember: this may need to be repeated to ensure the pilot container starts: docker-compose -f install/consul/istio.yaml up -d Change bookinfo.yaml to set port 30080 in place of port 9081 sed -i 's/9081/30080/' ./istio-1.0.6/samples/bookinfo/platform/consul/bookinfo.yaml ` Bring up the application docker-compose -f ./istio-1.0.6/samples/bookinfo/platform/consul/bookinfo.yaml up -d Bring up the sidecars docker-compose -f ./istio-1.0.6/samples/bookinfo/platform/consul/bookinfo.sidecars.yaml up -d

Istio with Kubernetes

00:10:39

Lesson Description:

In this lesson we will be installing Isito into a standard Kubernetes cluster, consisting of one master and 2 nodes, deployed in our Cloud Playground. We will cover the modificaitons needed in the Istio base installation to make it compatible with the Cloud Playground environent, and we will deploy a sample application to ensure that Istio is working as expected.

Inspecting Our Installations

00:12:16

Lesson Description:

In this lesson we will be skipping a bit ahead and getting into some routing rules, so that we can get Istio to show a bit of what it can do. This will confirm that our installations are configured correctly, and means we can proceed with the balance of the course. We will start with Kuberentes, and then repeat the process on Docker, so that we are prepared to undertake the hands-on labs that complete this section.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Working with Istio

Deploying an Application

00:09:44

Lesson Description:

In this lesson we will look at the sidecar injection process and see what is accomplished by issuing the kube-inject argument to istioctl. We will show that Istio requires the Envoy proxies to enforce routing rules, and we will discuss the init container that is used to deploy the proxies to the pods.

Istio Routing

00:10:12

Lesson Description:

In this lesson we will dig deeper into routing in Istio. We will discuss the path that traffic takes through the mesh and we will invoke some custom routes to show how routing can be done using virtual services and destination rules.

Istio Policies

00:10:32

Lesson Description:

In this lesson we will look at policies in Istio, rate limiting requests to our application specifically. We will look at the parts of a mixer rule that is used to apply rate limiting. We will also do a bit of troubleshooting and ensure that our policies are being applied correctly.

Istio Logging

00:10:10

Lesson Description:

In this lesson we will be looking at using Prometheus and Grafana to gain insight into the behavior of the traffic inside the Istion mesh. In order to gain access to this with a browser, we are going to be using Nginx to create a proxy for the services. This is the Nginx configuration that is used in the lesson, located at /etc/nginx/sites-enabled/default: server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; #location / {proxy_pass http://127.0.0.1:9090;} location / {proxy_pass http://127.0.0.1:3000;} } There are also 2 commands that are used to forward the ports. The command to forward the ports for Prometheus: kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=prometheus -o jsonpath='{.items[0].metadata.name}') 9090:9090 & The command the forward the port for Grafana: kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=grafana -o jsonpath='{.items[0].metadata.name}') 3000:3000 & The Prometheus course that is mentioned in this lesson: Kubernetes and Prometheus

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:30:00

Whats Next

Looking Ahead

Where Do We Go from Here?

00:01:38

Lesson Description:

I wanted to talk really quick about where to go from here. I mention some other courses that might be something you'll want to look at, including looking into Kubernetes on Amazon or Google. The important takeaway here is to never stop learning, and make sure that you are taking time every day to learn something new. I really enjopyed bringing you this course and I hope that you enjoyed it as well.