-
Notifications
You must be signed in to change notification settings - Fork 10
Lab 4: Configuring Istio for the application deployed in Lab2
By now we have installed Istio control plane and its components on the Kubernetes Cluster. However, at this point, Istio isn't observing or monitoring any services deployed in the cluster yet. This is because we need to let Istio know which services to monitor. This can be done in two ways, either we let Istio monitor services manually on a namespace basis, or, we can enable Istio to monitor a specific namespace for all the services that are currently running and future services that might get deployed. Either way, when Istio is asked to monitor a service it will start to deploy its Envoy sidecar proxy alongside each and every pod that consists of the service. The Envoy proxy is interpreting all the traffic flow and will also implement policies that we define for this service mesh.
- Enable namespace 'planespotter' to allow Envoy side car injection
kubectl label namespace planespotter istio-injection=enabled
- Enable Istio to inject Envoy Pods in Planespotter app
kubectl get deployment -n planespotter -o yaml | istioctl kube-inject -f - | kubectl apply -f -
To ensure Envoy Proxy is deployed with Planespotter app, check the number of pods of the planespotter deployment. You should see 2/2 pods in column 'READY' for each of the planespotter app and frontend pods.
kubectl get pods -n planespotter
- Create the Plane Spotter Gateway and Virtual Service
So far, all the planespotter services are accessible from within the cluster, to access planespotter app from outside the cluster we need to expose the service through a gateway. Since we want the application to be managed by Istio as well, we use Istio Ingress gateway to publish the planespotter frontend service.
Virtual Services: Istio uses a single Ingress gateway for all services that are part of a cluster. In order for Istio to know which service to route incoming traffic, we need to create a virtual service. A virtual service defines what type of traffic to forward to which service in the mesh. For example, foo.com/coffee needs to be routed to a different service than foo.com/tea. The below command will create both the Gateway and the virtual service. Go ahead and take a look at the yaml file to see how the services are defined.
- Create planespotter-frontend gateway using Istio Ingress and a Virtual Service to allow incoming traffic to the services that are part of the planespotter app.
kubectl apply -f https://raw.githubusercontent.com/Boskey/planespotter/master/kubernetes/planespotter-ingress-gateway.yaml -n planespotter
- Access Planespotter app
The planespotter app is now accessible via the Istio Ingress Gateway, to access the app from your browser, determine the URL for the ingress gateway
kubectl get svc istio-ingressgateway -n istio-system | awk '{print $4}' | grep istio
Copy the URL from the output.
To access the planespotter app, point your browser to the URL/index.html