Skip to content

Instantly share code, notes, and snippets.

@misskecupbung

misskecupbung/AWS_Summit_ASEAN_2023-Istio_on_Amazon_EKS.md

Last active April 16, 2023 04:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save misskecupbung/6f2d87b7d7e99f741ab37fb7f2f8612f to your computer and use it in GitHub Desktop.
Save misskecupbung/6f2d87b7d7e99f741ab37fb7f2f8612f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
AWS_Summit_ASEAN_2023-Istio_on_Amazon_EKS.md

AWS Summit ASEAN 2023

Observability, Reliability, and Security with Service Mesh: Istio on Amazon EKS

Requirements

Install prerequisite tools

# Install AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version

# Install eksctl command line
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version

# Install HELM v3
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

# Install kubectl
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
kubectl version --client

Build an Amazon EKS cluster

# Configure AWS CLI
aws configure

# Generate SSH Key
ssh-keygen

# Create a new eks cluster
eksctl create cluster \
  --name=istio-eks-dev01 \
  --node-type=t3.medium \
  --ssh-access \
  --kubeconfig=kubeconfig.conf
 
# Verify and access
export KUBECONFIG=$PWD/kubeconfig.conf
kubectl get nodes -o wide

Install Istio on Amazon EKS using Helm

# Configure the Helm repository
helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo update

# Create a new namespace for istio system
kubectl create namespace istio-system

# Install istio base
helm install istio-base istio/base \
  -n istio-system \
  --set tracing.enabled=true \
  --set kiali.enabled=true \
  --set grafana.enabled=true \
  --wait

# Install istio discovery
helm install istiod istio/istiod -n istio-system --wait

# Verify Istio
helm ls -n istio-system
kubectl get deployments -n istio-system --output wide
kubectl get pods -n istio-system
kubectl -n istio-system get deploy

Install istio an ingress gateway

kubectl create namespace istio-ingress
helm install istio-ingress istio/gateway -n istio-ingress --wait
helm ls --namespace istio-ingress

Demo: BookInfo Application Sample

# Label default namespace
kubectl label namespace default istio-injection=enabled

# Apply the app
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/platform/kube/bookinfo.yaml

# Verify app and service
kubectl get services
kubectl get pods
kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"

# Expose app
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/networking/bookinfo-gateway.yaml
kubectl wait --for=condition=ready gtw bookinfo-gateway

# Get LB URL
export INGRESS_HOST=$(kubectl -n istio-ingress get service istio-ingress -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
export INGRESS_PORT=$(kubectl -n istio-ingress get service istio-ingress -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT

# Try to access via cli or browser
http://$GATEWAY_URL/productpage

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment