Before going to deploy the service into istio let’s first understand what is service mesh.
Service mesh is a dedicated infrastructure layer for handling service to service communication.
Basically, it’s a way to control how different micro services deployed on kubernetes will manage secure communication and traffic between them with lot’s of cross-cutting concerns like logging, security, etc.
Istio service mesh comes with lot’s of feature like –
- circuit-breaking
- load balancing
- service discovery
We will not talk about the feature here, so Let’s jump over to how we can deploy the micro service in service mesh so we have categories the deployment process in 3 phases.
- Download and install Istio on cluster
- Deploy the micro-service
- Setup the Gateway
Download and install Istio on cluster
For downloading the latest version, we can refer to the release page. Just download the tar.gz file and unzip it. In the directory, we will find istioctl client which we can use for to customise the configuration of service mesh istio and retrieve the information about proxy configuration.
Now set the istioctl client to your machine path and for installation of service mesh, we need to choose the configuration profile. There are a set of configuration profiles, we are going to use a demo profile which enables the components according to default settings.
use the following command for installing the demo configuration profile.
istioctl install --set profile=demoAs we know, istio automatically injects Envoy sidecar proxies when we deploy services. To enable this feature we need to enable the istio-injection in a particular namespace where we will deploy the application.
kubectl label namespace default istio-injection=enabled
Deploy the micro-service
Now let’s deploy the sample application by applying the following yaml file.
apiVersion: v1
kind: Service
metadata:
name: sample
namespace: default
labels:
app: sample
spec:
selector:
app: sample
ports:
- name: http
port: 8081
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sample
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: sample
version: 'v1'
template:
metadata:
labels:
app: sample
version: 'v1'
spec:
initContainers:
- name: init-ds
image: busybox:latest
command:
- '/bin/sh'
- '-c'
- |
while true
do
if [ $? -eq 0 ]; then
echo "DB is UP"
break
fi
echo "DB is not yet reachable;sleep for 10s before retry"
sleep 10
done
containers:
- name: sample-app
image: lokesh/bundle123:latest
imagePullPolicy: Always
env:
- name: SPRING_PROFILES_ACTIVE
value: prod
- name: SPRING_SLEUTH_PROPAGATION_KEYS
value: 'x-request-id,x-ot-span-context'
- name: JAVA_OPTS
value: ' -Xmx256m -Xms256m'
resources:
requests:
memory: '256Mi'
cpu: '50m'
limits:
memory: '512Mi'
cpu: '1'
ports:
- name: http
containerPort: 8081
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: sample
spec:
hosts:
- "*"
gateways:
- sample-gateway
http:
- match:
- uri:
exact: /getAllCustomer
- uri:
exact: /account/create
- uri:
exact: /bundles/istio/authz
- uri:
prefix: /getOrder
route:
- destination:
host: sample
port:
number: 8081Here we have applied Service, Deployment and virtual service resources. If we talk about virtual service, so virtual Service provides a rich way of specifying different traffic rules where clients send their requests from the destination workloads that actually implement them.
Verify the services by applying the following command.
kubectl get service
kubectl get podsYou will get two docker containers in the service sample pod. The one is for sample service and the other is for envoy proxy.
Setup the Gateway
Now we need to set up the gateway so that the service can be accessible from outside. Apply the following yaml file to create a gateway of sample application.
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: sample-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"Set the GATEWAY_URL environment variable in your shell to the public IP/port of the Istio Ingress gateway.
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export INGRESS_HOST=$(minikube ip)
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
echo $GATEWAY_URLNow you have successfully deployed the sample application into istio service mesh.
That’s pretty much it for this article. If you have any feedback or queries, please do let me know in the comments. Also, if you liked the article, please give me a thumbs up and I will keep writing blogs like this for you in the future as well. Keep reading and Keep coding.
