Installing Istio

Prerequisites

• Kubernetes Cluster. For installing Kubernetes follow the article (Click Here)
• Istio supports Calico Network Policy. Please make sure you have calico network policy setup up in your Kubernetes Cluster.

Download Istio in master node

curl -L https://git.io/getLatestIstio | ISTIO_VERSION=1.3.3 sh -

cd to the folder

cd istio-1.3.3

Set the istioctl path

export PATH=$PWD/bin:$PATH

In this tutorial we are going to install demo installation of Istio.

In the on prem installation, you don’t have external load balancer. Hence, I am changing the load balancer to NodePort and changing the port to 30080

sed -i ‘s/LoadBalancer/NodePort/;s/31380/30080/’ install/kubernetes/istio-demo.yaml

Bring up the Istio control plane:

kubectl apply -f ./istio-1.0.6/install/kubernetes/istio-demo.yaml

In executing above command if some of the resources gives you an error. Kindly, wait 30s and re-run the above command. All the resources will be created.

Verify that the control plane is running:

kubectl -n istio-system get pods

When all of the pods are up and running then we can move on.

Follow these instructions if you have determined that your environment does not have an external load balancer, so you need to use a node port instead.

Set the ingress ports:

export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')

The default Istio installation uses automatic sidecar injection. Label the namespace that will host the application with istio-injection=enabled:

kubectl label namespace default istio-injection=enabled

Deploying Sample Application: Bookinfo

kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)

Confirm all services are correctly defined:

kubectl get svc

Confirm all pods are correctly running:

kubectl get pods

To confirm that the Bookinfo application is running, send a request to it by a curl command from some pod, for example from ratings:

kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"

Define the ingress gateway for the application:

kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

Confirm the gateway has been created:

kubectl get gateway

Verify the page loads at the URL:

http://<K8s_MASTER_IP ADDRESS>:30080/productpage