Wednesday, 13 October 2021

Tinkering with Istio and Envoy on IBM Kubernetes Service via macOS

Whilst I've been aware of Istio for some years, I've never really played with it.

Well, today that's changing ...

I'm following this tutorial guide: -

Getting Started

and starting by installing the CLI tool / installation file on my Mac: -

curl -L https://istio.io/downloadIstio | sh -

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   102  100   102    0     0     72      0  0:00:01  0:00:01 --:--:--    72
100  4549  100  4549    0     0   2693      0  0:00:01  0:00:01 --:--:--  2693
Downloading istio-1.11.3 from https://github.com/istio/istio/releases/download/1.11.3/istio-1.11.3-osx.tar.gz ...
Istio 1.11.3 Download Complete!
Istio has been successfully downloaded into the istio-1.11.3 folder on your system.
Next Steps:
See https://istio.io/latest/docs/setup/install/ to add Istio to your Kubernetes cluster.
To configure the istioctl client tool for your workstation,
add the /Users/hayd/istio-1.11.3/bin directory to your environment path variable with:
export PATH="$PATH:/Users/hayd/istio-1.11.3/bin"
Begin the Istio pre-installation check by running:
istioctl x precheck 
Need more information? Visit https://istio.io/latest/docs/setup/install/ 

and adding the installation directory to my path: _

export PATH="$PATH:$HOME/istio-1.11.3/bin"

and validating the istioctl tool: -

which istioctl

/Users/hayd/istio-1.11.3/bin/istioctl

istioctl version

no running Istio pods in "istio-system"
1.11.3

and then install it into my K8s 1.20 cluster: -

istioctl install --set profile=demo -y

✔ Istio core installed                                                                                                                                                                  
✔ Istiod installed                                                                                                                                                                       
✔ Ingress gateways installed                                                                                                                                                             
✔ Egress gateways installed                                                                                                                                                              
✔ Installation complete                                                                                                                                                                  
Thank you for installing Istio 1.11.  Please take a few minutes to tell us about your install/upgrade experience!  https://forms.gle/asdsdasdas

and checked the now running pods: -

kubectl get pods -A

NAMESPACE      NAME                                         READY   STATUS    RESTARTS   AGE
ibm-system     addon-catalog-source-2x7hj                   1/1     Running   0          42h
ibm-system     catalog-operator-578f7c8857-666wd            1/1     Running   0          42h
ibm-system     olm-operator-6c45d79d96-pjtmr                1/1     Running   0          42h
istio-system   istio-egressgateway-5fdc76bf94-v5dpg         1/1     Running   0          59s
istio-system   istio-ingressgateway-6bd7764b48-rr4fp        1/1     Running   0          59s
istio-system   istiod-675949b7c5-zqg6w                      1/1     Running   0          74s
kube-system    calico-kube-controllers-78ccd56cd7-wqgtf     1/1     Running   0          42h
kube-system    calico-node-pg6vv                            1/1     Running   0          42h
kube-system    calico-typha-ddd44968b-86cgs                 1/1     Running   0          42h
kube-system    calico-typha-ddd44968b-ffxmt                 0/1     Pending   0          42h
kube-system    calico-typha-ddd44968b-mqjrb                 0/1     Pending   0          42h
kube-system    coredns-7fc9f85d9c-5rwwv                     1/1     Running   0          42h
kube-system    coredns-7fc9f85d9c-bxtts                     1/1     Running   0          42h
kube-system    coredns-7fc9f85d9c-qk6gv                     1/1     Running   0          42h
kube-system    coredns-autoscaler-9cccfb98d-mw9qj           1/1     Running   0          42h
kube-system    dashboard-metrics-scraper-7c75dcd466-d5b9f   1/1     Running   0          42h
kube-system    ibm-keepalived-watcher-856k6                 1/1     Running   0          42h
kube-system    ibm-master-proxy-static-10.144.213.225       2/2     Running   0          42h
kube-system    kubernetes-dashboard-659cd5b798-thd57        1/1     Running   0          42h
kube-system    metrics-server-b7bc76594-4fdg2               2/2     Running   0          42h
kube-system    vpn-546847fcbf-dzzml                         1/1     Running   0          42h

and added the appropriate label for Envoy sidecar proxies: -

kubectl label namespace default istio-injection=enabled

namespace/default labeled

and then deployed the sample Bookinfo application: -

cd ~/istio-1.11.3/

kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml

service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created


and verified the created services: -

kubectl get services

NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
details       ClusterIP   172.21.9.104     <none>        9080/TCP   34m
kubernetes    ClusterIP   172.21.0.1       <none>        443/TCP    43h
productpage   ClusterIP   172.21.149.123   <none>        9080/TCP   34m
ratings       ClusterIP   172.21.233.195   <none>        9080/TCP   34m
reviews       ClusterIP   172.21.163.74    <none>        9080/TCP   34m

and pods: -

kubectl get pods

NAME                              READY   STATUS    RESTARTS   AGE
details-v1-79f774bdb9-zvnzr       2/2     Running   0          34m
productpage-v1-6b746f74dc-swnwk   2/2     Running   0          34m
ratings-v1-b6994bb9-kspd6         2/2     Running   0          34m
reviews-v1-545db77b95-bwdmz       2/2     Running   0          34m
reviews-v2-7bf8c9648f-h2nsl       2/2     Running   0          34m
reviews-v3-84779c7bbc-x2v2l       2/2     Running   0          34m

before testing the application: -

kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"

<title>Simple Bookstore App</title>

and then configure the Istio gateway: -

kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created

and run the istioctl analysis: -

istioctl analyze

✔ No validation issues found when analyzing namespace: default.

and set the INGRESS_PORT and SECURE_INGRESS_PORT variable: -

export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')

export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')

and grab the external IP of my K8s Compute Node into the INGRESS HOST: -

export INGRESS_HOST=$(kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}')

and set the the GATEWAY_URL variable: -

export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT

and then hit the sample application: -

curl $(echo "http://$GATEWAY_URL/productpage")

which returns a bunch of HTML 🤣

I also hit the same URL via a real browser: -





And, finally, deploy and access the Dashboard: -

kubectl apply -f samples/addons

serviceaccount/grafana created
configmap/grafana created
service/grafana created
deployment.apps/grafana created
configmap/istio-grafana-dashboards created
configmap/istio-services-grafana-dashboards created
deployment.apps/jaeger created
service/tracing created
service/zipkin created
service/jaeger-collector created
serviceaccount/kiali created
configmap/kiali created
clusterrole.rbac.authorization.k8s.io/kiali-viewer created
clusterrole.rbac.authorization.k8s.io/kiali created
clusterrolebinding.rbac.authorization.k8s.io/kiali created
role.rbac.authorization.k8s.io/kiali-controlplane created
rolebinding.rbac.authorization.k8s.io/kiali-controlplane created
service/kiali created
deployment.apps/kiali created
serviceaccount/prometheus created
configmap/prometheus created
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created
service/prometheus created
deployment.apps/prometheus created

kubectl rollout status deployment/kiali -n istio-system

Waiting for deployment "kiali" rollout to finish: 0 of 1 updated replicas are available...
deployment "kiali" successfully rolled out

istioctl dashboard kiali

http://localhost:20001/kiali

which popped up a browser ....

Having thrown some traffic at the application: -

for i in $(seq 1 100); do curl -s -o /dev/null "http://A.B.C.D:30588/productpage"; done

I could then see the application/flow/throughput etc. via the dashboard: -



To conclude, the Getting Started is really rather peachy, and definitely worth following through ....

No comments:

Note to self - use kubectl to query images in a pod or deployment

In both cases, we use JSON ... For a deployment, we can do this: - kubectl get deployment foobar --namespace snafu --output jsonpath="{...