Tutorial: Explore Istio’s Traffic Rules and Telemetry Capabilities

Service mesh is becoming an indispensable technology for microservices developers. Istio, one of the most popular open source service mesh, has gained the attention of the community.
Istio delivers three capabilities to developers:
- Traffic routing
- Telemetry
- Security policies
If you are a beginner in the field of containers and microservices, the value of using a service mesh is hard to understand.
In this tutorial, I will walk you through all the steps involved in exploring Istio. From setting up a single-node Kubernetes cluster based on Minikube to applying traffic routing rules to visualizing the tracing information, this guide will help you appreciate the potential of Istio.
We will use the famous Bookinfo sample that ships with Istio.
Setting up Minikube for Istio
Since Istio needs more CPU and RAM, you need to pass additional parameters to Minikube during the launch. The below command launches Minikube with 4 CPU cores and 8GB of memory.
1 2 3 4 |
minikube start \ --memory=8192 \ --cpus=4 \ --vm-driver=virtualbox |
Wait for the Kubernetes cluster to come up before installing Istio.
Installing Istio
Istio can be easily installed with the helper script which involves deploying a set of Custom Resource Definitions (CRD).
Run the below commands to deploy Istio on Minikube.
1 |
curl -L https://git.io/getLatestIstio | sh - |
Since we are running Istio with Minikube, we need to make one change before going ahead with the next step – changing the Ingress Gateway service from type LoadBalancer to NodePort.
Open the file /install/kubernetes/istio-demo.yaml, search for LoadBalancer and replace it with NodePort.
Navigate to the root of Istio directory before running the below commands.
1 |
for i in install/kubernetes/helm/istio-init/files/crd*yaml; do kubectl apply -f $i; done |
1 |
kubectl apply -f install/kubernetes/istio-demo.yaml |
Istio objects are deployed into a namespace called istio-system.
Deploying the Bookinfo Sample
Istio can automatically attach a sidecar to every pod. To configure this, we need to add a label to the default namespace.
1 |
kubectl label namespace default istio-injection=enabled |
Let’s deploy the sample app into the default namespace. This sample microservices app has four microservices – products page, ratings, review, and details. Each service has multiple versions. The product page retrieves data from one of the versions of ratings, reviews, and details microservice.
We will explore how to dynamically configure the routes to different versions based on certain conditions.
1 |
kubectl apply -f ./samples/bookinfo/platform/kube/bookinfo.yaml |
To access the web app, we need to configure the gateway.
1 |
kubectl apply -f ./samples/bookinfo/networking/bookinfo-gateway.yaml |
Notice how each Pod has two containers. One of them is the Envoy proxy injected by Istio.
Let’s create a rule to route the traffic to all V1 services from the product page.
1 2 |
kubectl apply -f ./samples/bookinfo/networking/destination-rule-all.yaml kubectl apply -f ./samples/bookinfo/networking/virtual-service-all-v1.yaml |
We can now access the web app through the Ingress Gateway. Let’s retrieve the IP address and port from the Minkube.
1 2 3 |
export INGRESS_HOST=$(minikube ip) export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}') open http://$INGRESS_HOST:$INGRESS_PORT/productpage |
Version 1 of ratings service doesn’t show the stars while V2 and V2 services show black and red stars respectively. In the next step, we will selectively route the traffic to one of the versions of the ratings service.
Implementing Traffic Rules
While keeping the home page running, we will now configure a rule that points to V2 of the ratings service.
For a thorough overview of doing blue/green deployments with Istio, refer to one of my previous articles published at The New Stack.
The rule explicitly enables V2 for a user, jason. Only when he is logged in, he can see a 5-star rating widget.
Let’s deploy the traffic rule. Sign in as user jason and with password jason and refresh the page to see black stars below the review.
Feel free to explore the rule definition YAML file at samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml. Notice how the rule is defined based on the user name.
Exploring Telemetry Data
Istio comes with powerful telemetry and visualization tools. We will explore a couple of those tools to gain insights into tracing and visualizing the microservices call chain.
Let’s generate some traffic to the product page.
1 |
while true; do curl -s http://$INGRESS_HOST:$INGRESS_PORT/productpage > /dev/null && echo -n . && sleep 0.2; done |
Open the Grafana dashboard through port-forwarding.
1 |
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=grafana -o jsonpath='{.items[0].metadata.name}') 3000:3000 & |
Access the Istio mesh dashboard at http://localhost:3000/dashboard/db/istio-mesh-dashboard.
Feel free to explore other dashboards specific to each microservice.
Now, let’s look at the tracing information through Jaeger, an open source distributed tracing tool.
1 |
kubectl port-forward -n istio-system $(kubectl get pod -n istio-system -l app=jaeger -o jsonpath='{.items[0].metadata.name}') 16686:16686 & |
1 |
open http://localhost:16686/ |
Clicking on one of the spans gives us a detailed view of the entire call chain.
Finally, let’s install Weave Scope, a tool to visualize distributed microservices.
1 |
kubectl create -f 'https://cloud.weave.works/launch/k8s/weavescope.yaml' |
Expose the Weave Scope pod to access the dashboard.
1 2 3 |
pod=$(kubectl get pod -n weave --selector=name=weave-scope-app -o jsonpath={.items..metadata.name}) kubectl expose pod $pod -n weave --type=NodePort --port=4040 --target-port=4040 port=`kubectl get svc $pod -n=weave -o json | jq .spec.ports[].nodePort` |
1 |
open http://$INGRESS_HOST:$port |
Click on the default namespace to visualize all the microservices related to the BookInfo sample.
The objective of this tutorial is to highlight the out-of-the-box capabilities of Istio. You can easily implement some of these techniques for your own microservices-based applications.
Feature image by DavidRockDesign from Pixabay.