Service Mesh - Istio Part 1
In this series of article, we will look at service mesh and what are the problems they solve. There are lot of service mesh in the market today like Linkerd, Consul, OpenServiceMesh, kuma and others but the mesh which is feature rich and more popular one is Istio.
Service meshes provide the following features without having to change or modify the application
- Traffic management
- Observability
- Security
- MultiCluster
These features are provided by running a sidecar container along with the application container which will then intercept the incoming and outgoing traffic of the application container and provide the above mentioned features
Today we will look at Istio. More details regarding the same can be found here.The Istio components are combined together in the latest release into a single component called Istiod, which simplify the deployment and patching of the Istio control plane components
We will look at how to do traffic splitting using Istio in this article. Following will be the steps to setup Istio.
- Install Istio - More details can be found here.This step will install the components like Istiod(control plane), and the gateways. The gateways use envoy proxy similar to side car proxy which will provide the traffic inflow and outflow in the mesh.The components can be verified using the command
kubectl get service -n istio-system
- We will then add a label to a namespace to inject a side car container or proxy once the application is deployed.
kubectl label namespace default istio-injection=enabled
- We can then deploy the application. The apps in our case contains various components or microservices and one of the apps called tripviewer has multiple version which we will use for traffic splitting. we see the containers showing as 2/2 which confirms the side car container is installed along with the application container.
- Next, create a gateway to accept the outside traffic and provide routing to different service.
apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: trips-gateway spec: selector: istio: ingressgateway # use Istio default gateway implementation servers: - port: number: 80 name: http protocol: HTTP hosts: - "*"
- Next, create the virtual service using the gateway to route traffic to the service. In the below case we are routing traffic to a service called "poi"
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: poi spec: hosts: - "*" gateways: - trips-gateway http: - match: - uri: prefix: /api/poi route: - destination: port: number: 80 host: poi
- Next, We will see the traffic splitting feature for a micro service tripviewer. As mentioned earlier, we have two version of the app deployed with label v1 and v2. For traffic splitting, we need to define a virtual service along with a destination rule. The virtual service defines the traffic weight for different version of the app and also the subset which will be referred in the destination rule. In our case, we are splitting the traffic by 50% between the two version of the app.The destination rule specify the mapping between the subset and the version of the app
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: tripviewer spec: hosts: - "*" gateways: - trips-gateway http: - match: - uri: prefix: / route: - destination: host: tripviewer subset: v1 weight: 50 - destination: host: tripviewer subset: v2 weight: 50 --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: tripviewer spec: host: tripviewer subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2
Find more examples of traffic management here. In the upcoming articles, we will see various other features of Istio service mesh.