Networking / Service Mesh

Tutorial: Explore Istio’s Traffic Rules and Telemetry Capabilities

26 Apr 2019 3:00am, by

Service mesh is becoming an indispensable technology for microservices developers. Istio, one of the most popular open source service mesh, has gained the attention of the community.

Istio delivers three capabilities to developers:

  1. Traffic routing
  2. Telemetry
  3. Security policies

If you are a beginner in the field of containers and microservices, the value of using a service mesh is hard to understand.

In this tutorial, I will walk you through all the steps involved in exploring Istio. From setting up a single-node Kubernetes cluster based on Minikube to applying traffic routing rules to visualizing the tracing information, this guide will help you appreciate the potential of Istio.

We will use the famous Bookinfo sample that ships with Istio.

Setting up Minikube for Istio

Since Istio needs more CPU and RAM, you need to pass additional parameters to Minikube during the launch. The below command launches Minikube with 4 CPU cores and 8GB of memory.

Wait for the Kubernetes cluster to come up before installing Istio.

Installing Istio

Istio can be easily installed with the helper script which involves deploying a set of Custom Resource Definitions (CRD).

Run the below commands to deploy Istio on Minikube.

Since we are running Istio with Minikube, we need to make one change before going ahead with the next step – changing the Ingress Gateway service from type LoadBalancer to NodePort.

Open the file /install/kubernetes/istio-demo.yaml, search for LoadBalancer and replace it with NodePort.

Navigate to the root of Istio directory before running the below commands.

Istio objects are deployed into a namespace called istio-system.

Deploying the Bookinfo Sample

Istio can automatically attach a sidecar to every pod. To configure this, we need to add a label to the default namespace.

Let’s deploy the sample app into the default namespace. This sample microservices app has four microservices – products page, ratings, review, and details. Each service has multiple versions. The product page retrieves data from one of the versions of ratings, reviews, and details microservice.

We will explore how to dynamically configure the routes to different versions based on certain conditions.

To access the web app, we need to configure the gateway.

Notice how each Pod has two containers. One of them is the Envoy proxy injected by Istio.

Let’s create a rule to route the traffic to all V1 services from the product page.

We can now access the web app through the Ingress Gateway. Let’s retrieve the IP address and port from the Minkube.

Version 1 of ratings service doesn’t show the stars while V2 and V2 services show black and red stars respectively. In the next step, we will selectively route the traffic to one of the versions of the ratings service.

Implementing Traffic Rules

While keeping the home page running, we will now configure a rule that points to V2 of the ratings service.

For a thorough overview of doing blue/green deployments with Istio, refer to one of my previous articles published at The New Stack.

The rule explicitly enables V2 for a user, jason. Only when he is logged in, he can see a 5-star rating widget.

Let’s deploy the traffic rule. Sign in as user jason and with password jason and refresh the page to see black stars below the review.

Feel free to explore the rule definition YAML file at samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml. Notice how the rule is defined based on the user name.

Exploring Telemetry Data

Istio comes with powerful telemetry and visualization tools. We will explore a couple of those tools to gain insights into tracing and visualizing the microservices call chain.

Let’s generate some traffic to the product page.

Open the Grafana dashboard through port-forwarding.

Access the Istio mesh dashboard at http://localhost:3000/dashboard/db/istio-mesh-dashboard.

Feel free to explore other dashboards specific to each microservice.

Now, let’s look at the tracing information through Jaeger, an open source distributed tracing tool.

Clicking on one of the spans gives us a detailed view of the entire call chain.

Finally, let’s install Weave Scope, a tool to visualize distributed microservices.

Expose the Weave Scope pod to access the dashboard.

Click on the default namespace to visualize all the microservices related to the BookInfo sample.

The objective of this tutorial is to highlight the out-of-the-box capabilities of Istio. You can easily implement some of these techniques for your own microservices-based applications.

Feature image by DavidRockDesign from Pixabay.