Observability, Reliability, and Security with Service Mesh: Istio on Amazon EKS
Install prerequisite tools
# Install AWS CLI
curl " https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o " awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
# Install eksctl command line
curl --silent --location " https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$( uname -s) _amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version
# Install HELM v3
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
# Install kubectl
curl -LO " https://dl.k8s.io/release/$( curl -L -s https://dl.k8s.io/release/stable.txt) /bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
kubectl version --client
Build an Amazon EKS cluster
# Configure AWS CLI
aws configure
# Generate SSH Key
ssh-keygen
# Create a new eks cluster
eksctl create cluster \
--name=istio-eks-dev01 \
--node-type=t3.medium \
--ssh-access \
--kubeconfig=kubeconfig.conf
# Verify and access
export KUBECONFIG=$PWD /kubeconfig.conf
kubectl get nodes -o wide
Install Istio on Amazon EKS using Helm
# Configure the Helm repository
helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo update
# Create a new namespace for istio system
kubectl create namespace istio-system
# Install istio base
helm install istio-base istio/base \
-n istio-system \
--set tracing.enabled=true \
--set kiali.enabled=true \
--set grafana.enabled=true \
--wait
# Install istio discovery
helm install istiod istio/istiod -n istio-system --wait
# Verify Istio
helm ls -n istio-system
kubectl get deployments -n istio-system --output wide
kubectl get pods -n istio-system
kubectl -n istio-system get deploy
Install istio an ingress gateway
kubectl create namespace istio-ingress
helm install istio-ingress istio/gateway -n istio-ingress --wait
helm ls --namespace istio-ingress
Demo: BookInfo Application Sample
# Label default namespace
kubectl label namespace default istio-injection=enabled
# Apply the app
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/platform/kube/bookinfo.yaml
# Verify app and service
kubectl get services
kubectl get pods
kubectl exec " $( kubectl get pod -l app=ratings -o jsonpath=' {.items[0].metadata.name}' ) " -c ratings -- curl -sS productpage:9080/productpage | grep -o " <title>.*</title>"
# Expose app
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/networking/bookinfo-gateway.yaml
kubectl wait --for=condition=ready gtw bookinfo-gateway
# Get LB URL
export INGRESS_HOST=$( kubectl -n istio-ingress get service istio-ingress -o jsonpath=' {.status.loadBalancer.ingress[0].hostname}' )
export INGRESS_PORT=$( kubectl -n istio-ingress get service istio-ingress -o jsonpath=' {.spec.ports[?(@.name=="http2")].port}' )
export GATEWAY_URL=$INGRESS_HOST :$INGRESS_PORT
# Try to access via cli or browser
http://$GATEWAY_URL /productpage