Now that we have the Kubernetes cluster, we are ready to deploy Istio.
As part of this lab we will install Istio 0.8.0 on your kubernetes cluster.
Or your own Adapters... A variety of Istio adapters and add-ons are available to enable out of the box. In this workshop, we will enable the Prometheus, ServiceGraph, Jaeger, Granfana and SolarWinds adapters and add-ons.
Configuration of the SolarWinds adapter is included as an optional lab, which enables shipping of metrics to Appoptics, and/or logs to Loggly and/or logs to Papertrail. To use the SolarWinds adapter, you may reserve your temporary, free account here. Proceed to Optional Lab 2 for configuration instructions.
curl https://raw.githubusercontent.com/leecalcote/istio-service-mesh-workshop/master/deployment_files/istio-0.8.0/istio-solarwinds-0.8.0.yaml | sed "s/<appoptics token>/$AOTOKEN/g" | sed "s/<loggly token>/$LOGGLY_TOKEN/g" > istio.yaml
kubectl apply -f istio.yamlOn PWK you will see an error message like this one:
error: unable to recognize "istio.yaml": no matches for admissionregistration.k8s.io/, Kind=MutatingWebhookConfiguration
We have Kubernetes version 1.8 on PWK which does have support for mutating webhooks which is the reason for the error. You can continue with the lab without any issues.
Istio is deployed in a separate Kubernetes namespace istio-system. To check if Istio is deployed and also to see all the pieces that are deployed, we can do the following:
watch kubectl get all -n istio-systemOn a *nix system, you can setup istioctl by doing the following:
curl -L https://git.io/getLatestIstio | sh -The above command will get the latest Istio package, which at the time of this writing is 0.8.0.
export PATH="$PATH:/root/istio-0.8.0/bin"To verify istioctl is setup lets try to print out the command help
istioctl versionIstio comes with several addons like:
For the folks who did NOT want to use Appoptics, you choose to use prometheus and grafana for viewing the metrics from Istio.
For distributed tracing, you can choose between Zipkin or Jaeger.
Service graph is another add-on which can be used to generate a graph of services within an Istio mesh. Service graph too is deployed as part of Istio in this lab.
Istio, deployed as part of this workshop, comes deployed with Prometheus, Grafana, Jaeger and Service Graph.
By default, Istio addon services are deployed as ClusterIP type services, except Jaeger. We can expose the services outside the cluster by either changing the Kubernetes service type to NodePort or LoadBalancer or by port-forwarding or by configuring Kubernetes Ingress. In this lab, we will briefly demonstrate the NodePort and port-forwarding way of exposing services.
To expose them using NodePort service type, we can edit the services and change the service type from ClusterIP to NodePort
kubectl -n istio-system edit svc prometheuskubectl -n istio-system edit svc grafanakubectl -n istio-system edit svc servicegraphOnce this is done the services will be assigned dedicated ports on the hosts.
To find the assigned ports for grafana:
kubectl -n istio-system get svc grafanaTo find the assigned ports for prometheus:
kubectl -n istio-system get svc prometheusTo find the assigned ports for servicegraph:
kubectl -n istio-system get svc servicegraphTo find the assigned ports for jaeger, which was already exposed as a LoadBalancer service:
kubectl -n istio-system get svc tracingTo port-forward grafana:
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=grafana \
-o jsonpath='{.items[0].metadata.name}') 3000:3000 &To port-forward prometheus:
kubectl -n istio-system port-forward \
$(kubectl -n istio-system get pod -l app=prometheus -o jsonpath='{.items[0].metadata.name}') \
9090:9090 &To port-forward service graph:
kubectl -n istio-system port-forward \
$(kubectl -n istio-system get pod -l app=servicegraph -o jsonpath='{.items[0].metadata.name}') \
8088:8088 &In PWK, once a port is exposed it will appear on top of the page as shown below as clickable hyperlinks:
We can click on the new relevant links now and navigate to the addons web UI, if available.
If, for some reason, the links for the ports DONOT show up, you can grab the URL as shown in the image below, append the port and access the service.
Port-forwarding runs in the foreground. We have appeneded '&' to the end of the above 2 commands to run them in the background. If you donot want this behavior, please remove the '&'.