Skip to main content

Service Mesh with Istio


Intro Video

Photo of Michael McClaren

Michael McClaren

Linux Training Architect I in Content

Michael was always the guy that fixed the computers in his family, and eventually decided he wanted to prove he had the chops to become a true IT professional. He had worked as a master mechanic and was tired of turning wrenches every day. After his first certification, an MCSE in server 2003, doors started opening. He then proceeded to work as an entry-level sysadmin, and eventually found his way to Linux Academy. He credits one certification as making the difference and changing his life for the better.







Hands-on Labs


Course Details

In this course we will be looking at Istio and its capabilities. We will inspect its architecture and how it is installed. We will install it in a Docker environment as well as a Kubernetes cluster and get some insight into the types of problems that Istio solves.

Interactive Diagram:


Why Are We Here?

Course Intro


Lesson Description:

In this short introductory video I talk briefly about the prerequisites for this course, and the version of Istio that I'm using. This this is an advanced course, and there will not be much time spent explaining commands that are, used unless they are specific to Isio.

About the Author


Lesson Description:

This is just a short intorduction for those who have not taken one of my courses.

Istio Concepts

What Is Istio and What Can It Do?


Lesson Description:

In this lesson we will discuss the 3 core features of Istio Traffic Management, Security, and Observability. We will discuss examples from each of the three and how they can be used to secure production environments. This base knowledge will be used to further our understanding of Istio in the lessons that follow.

Overview of Istio Components


Lesson Description:

In this lesson we will look at the architecture of Istio and the components that make up that architecture. We will see what role of each component plays, and we will look at where they are deployed. Once we have a grasp of the physical layout, we can better understand how Istio does its job.

How Istio Does Its Job


Lesson Description:

In this last lesson of the concepts section we will look at how packets traverse the Istio mesh. Istio uses configured intelligent proxies to route packets. This is something that we need to understand so that in later lessons, when we are configuring the routing and traffic mangement policies, we know how those policies are applied.

Deploying Istio

Istio with Docker


Lesson Description:

In this lesson we will be installing Istio in a Docker environment. We will take a quick look at the moving parts and how they work together, as well as installing an application and ensuring the everything is working as expected. Although we are covering installation into a Docker environment, this is not as feature rich as some other installations. This is included here because it is officially documented and there is some talk of more features being added in the future. Commands used in this lesson: Add current user to docker group

sudo usermod -aG docker cloud_user
Install docker-compose and make it executable
sudo curl -L "" -o /usr/local/bin/docker-compose  

sudo chmod +x /usr/local/bin/docker-compose
Download Istio and unpack it

tar -xvf istio-1.0.6-linux.tar.gz
Preconfigure kubectl for pilot
kubectl config set-context istio --cluster=istio
kubectl config set-cluster istio --server=http://localhost:8080
kubectl config use-context istio
Create a DOCKER_GATEWAY environment variable
Bring up Istio's control plane Remember: this may need to be repeated to ensure the pilot container starts:
docker-compose -f install/consul/istio.yaml up -d
Change bookinfo.yaml to set port 30080 in place of port 9081
sed -i 's/9081/30080/' ./istio-1.0.6/samples/bookinfo/platform/consul/bookinfo.yaml
Bring up the application
docker-compose -f ./istio-1.0.6/samples/bookinfo/platform/consul/bookinfo.yaml up -d
Bring up the sidecars
docker-compose -f ./istio-1.0.6/samples/bookinfo/platform/consul/bookinfo.sidecars.yaml up -d

Istio with Kubernetes


Lesson Description:

In this lesson we will be installing Istio into a standard Kubernetes cluster, consisting of one master and 2 nodes, deployed in our Cloud Playground. We will cover the modifications needed in the Istio base installation to make it compatible with the Cloud Playground environent, and we will deploy a sample application to ensure that Istio is working as expected.

Download istio

tar -xvf istio-1.0.6-linux.tar.gz

cd istio-1.0.6

export PATH=$PWD/bin:$PATH


cd install
cd kubernetes
vim istio-demo.yaml
search for Balancer, find name istio-ingressgateway
goto spec, find LoadBalancer change that to NodePort
find ports, name http2 change the port to 30080
save and exit

kubectl apply -f ./istio-demo.yaml
kubectl -n istio-system get pods
wait for istio pods to complete/running
kubetl -n -istio-system get svc
verify node port

cd /home/cloud_user/istio-1.0.6/

kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)
kubectl get pods
ready 2/2

kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
check page

refresh > check stars

Inspecting Our Installations


Lesson Description:

In this lesson we will be skipping a bit ahead and getting into some routing rules, so that we can get Istio to show a bit of what it can do. This will confirm that our installations are configured correctly, and means we can proceed with the balance of the course. We will start with Kuberentes, and then repeat the process on Docker, so that we are prepared to undertake the hands-on labs that complete this section.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Working with Istio

Deploying an Application


Lesson Description:

In this lesson we will look at the sidecar injection process and see what is accomplished by issuing the kube-inject argument to istioctl. We will show that Istio requires the Envoy proxies to enforce routing rules, and we will discuss the init container that is used to deploy the proxies to the pods.

Istio Routing


Lesson Description:

In this lesson we will dig deeper into routing in Istio. We will discuss the path that traffic takes through the mesh and we will invoke some custom routes to show how routing can be done using virtual services and destination rules.

Istio Policies


Lesson Description:

In this lesson we will look at policies in Istio, rate limiting requests to our application specifically. We will look at the parts of a mixer rule that is used to apply rate limiting. We will also do a bit of troubleshooting and ensure that our policies are being applied correctly.

Istio Logging


Lesson Description:

In this lesson we will be looking at using Prometheus and Grafana to gain insight into the behavior of the traffic inside the Istion mesh. In order to gain access to this with a browser, we are going to be using Nginx to create a proxy for the services. This is the Nginx configuration that is used in the lesson, located at /etc/nginx/sites-enabled/default:

server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;  
#location / {proxy_pass;}
location / {proxy_pass;}
There are also 2 commands that are used to forward the ports. The command to forward the ports for Prometheus:
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=prometheus -o jsonpath='{.items[0]}') 9090:9090 &
The command the forward the port for Grafana:
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=grafana -o jsonpath='{.items[0]}') 3000:3000 &
The Prometheus course that is mentioned in this lesson: Kubernetes and Prometheus

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Looking Ahead

Where Do We Go from Here?


Lesson Description:

I wanted to talk really quick about where to go from here. I mention some other courses that might be something you'll want to look at, including looking into Kubernetes on Amazon or Google. The important takeaway here is to never stop learning, and make sure that you are taking time every day to learn something new. I really enjopyed bringing you this course and I hope that you enjoyed it as well.

Take this course and learn a new skill today.

Transform your learning with our all access plan.

Start 7-Day Free Trial