DEV Community

Jasper Rodda
Jasper Rodda

Posted on • Updated on

Install/Setup - Service Mesh Capabilities via Istio on Kubernetes Cluster

1. What is a Service Mesh?

Modern applications are typically architected as distributed collections of microservices, with each collection of microservices performing some discrete business function. A service mesh is a dedicated infrastructure layer that you can add to your applications. It allows you to transparently add capabilities like observability, traffic management, and security, without adding them to your own code. The term “service mesh” describes both the type of software you use to implement this pattern, and the security or network domain that is created when you use that software. click here to read more.

2. What is Istio?

Istio is an open-source service mesh that layers transparently onto existing distributed applications. Istio’s powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring – with few or no service code changes. Its powerful control plane brings vital features, including:

  • Secure service-to-service communication in a cluster with TLS encryption, strong identity-based authentication and authorization
  • Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic
  • Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection
  • A pluggable policy layer and configuration API supporting access controls, rate limits and quotas
  • Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress click here to read more.

Setup Istio on Kubernetes cluster

helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo update

Enter fullscreen mode Exit fullscreen mode
  • create namespace
kubectl create namespace istio-system
Enter fullscreen mode Exit fullscreen mode
  • Install the Istio base chart

which contains cluster-wide Custom Resource Definitions (CRDs) which must be installed prior to the deployment of the Istio control plane:

helm install istio-base istio/base -n istio-system --set defaultRevision=default
Enter fullscreen mode Exit fullscreen mode
  • Validate the CRD installation with the helm ls command:
$ helm ls -n istio-system
NAME       NAMESPACE    REVISION UPDATED         STATUS   CHART         APP VERSION
istio-base istio-system 1        ... ... ... ... deployed base-1.16.1   1.16.1
istiod     istio-system 1        ... ... ... ... deployed istiod-1.16.1 1.16.1
Enter fullscreen mode Exit fullscreen mode
  • Get the status of the installed helm chart to ensure it is deployed:
$ helm status istiod -n istio-system
NAME: istiod
LAST DEPLOYED: Fri Jan 20 22:00:44 2023
NAMESPACE: istio-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
"istiod" successfully installed!

To learn more about the release, try:
  $ helm status istiod
  $ helm get all istiod

Next steps:
  * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/
  * Try out our tasks to get started on common configurations:
    * https://istio.io/latest/docs/tasks/traffic-management
    * https://istio.io/latest/docs/tasks/security/
    * https://istio.io/latest/docs/tasks/policy-enforcement/
    * https://istio.io/latest/docs/tasks/policy-enforcement/
  * Review the list of actively supported releases, CVE publications and our hardening guide:
    * https://istio.io/latest/docs/releases/supported-releases/
    * https://istio.io/latest/news/security/
    * https://istio.io/latest/docs/ops/best-practices/security/
Enter fullscreen mode Exit fullscreen mode
  • Check istiod service is successfully installed and its pods are running:
$ kubectl get deployments -n istio-system --output wide
NAME     READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES                         SELECTOR
istiod   1/1     1            1           10m   discovery    docker.io/istio/pilot:1.16.1   istio=pilot
Enter fullscreen mode Exit fullscreen mode
  • (Optional) Install an ingress gateway:
$ kubectl create namespace istio-ingress
$ helm install istio-ingress istio/gateway -n istio-ingress --wait
Enter fullscreen mode Exit fullscreen mode

Top comments (0)