DevOps / Kubernetes / OpenShift

Kubernetes Minikube #2 – Istio

Introduction

Everyone’s talking about Istio. Let’s mess around with Kubernetes’ Minikube to show off Istio and see what all the fuss is about. We will do this by reworking the OpenShift MiniLabs A/B Deployment example to work with Istio. Once completed invoking a URL such as http://192.168.86.66:31329 will alternate between the A/B versions of the application.
adelaide-cat.pngadelaide-city

Objective

This tutorial will cover the following:

  • Prepare Minikube for Istio and sidecar autoinjection
  • Install Istio components
  • Create a v1/v2 application for an A/B scenario testing
  • Create an Istio RouteRule for traffic shaping between v1/v2
  • Then reflect why it was all so hard the first time

istio

Setup

1. Launch Minikube

Start minikube as follows to ensure Istio features are enabled. Installing minikube was covered in blog #1 of this series. A script that launches minikube is located here.

# Stop/start minikube 
$ minikube stop
$ sudo minikube start \
  --vm-driver=none \
  --feature-gates=Accelerators=true \
  --extra-config=apiserver.Admission.PluginNames="Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,GenericAdmissionWebhook,ResourceQuota"

$ kubectl api-versions | grep admissionregistration

2. Install Istio

Installation instructions for istio are at https://istio.io/docs/setup/kubernetes/quick-start.html. Choose the steps related to Minikube, without the mutual TLS authentication option and include the automatic injection of sidecar option. Verify the istio-system is up and running as per the Istio website instructions.

$ istioctl version
$ kubectl get pods -n=istio-system
$ kubectl get services -n=istio-system

Verify

1. Setup A/B Sample

This example creates an application called “cotd”, with two versions “cats” and “cities”. Cats shows set of cat pictures, while Cities shows images of different cities. In the next step we will create an Istio RouteRule that will shape traffic to a Cotd/Istio Ingress endpoint in a weighted fashion between the two version.

# This will create the service, pods, ingress resources in the ab namespace
$ kubectl create -f https://raw.githubusercontent.com/StefanoPicozzi/cotd/master/etc/kubernetes/istio/ab-istio.yaml

# Check status of resources
$ kubectl get pod -n=ab
$ kubectl get service -n=ab
$ kubectl get ingress -n=ab

# Verify Istio sidecar injected 
$ echo $(kubectl get deployment cotd-v1 -n=ab -o jsonpath='{.metadata.annotations.sidecar\.istio\.io\/status}')
$ echo $(kubectl get deployment cotd-v2 -n=ab -o jsonpath='{.metadata.annotations.sidecar\.istio\.io\/status}')

# Point your Browser at this URL once all pods running
$ export COTD_URL=$(kubectl get pod -n istio-system -l istio=ingress -o 'jsonpath={.items[0].status.hostIP}'):$(kubectl get svc istio-ingress -n istio-system -o 'jsonpath={.spec.ports[0].nodePort}')
$ echo $COTD_URL

2. Create Istio RouteRule

The following istioctl command will create the traffic shaping route rule. Try this out, then make some changes to the rule and use istioctl replace to change and it confirm effects.

$ istioctl create -f https://raw.githubusercontent.com/StefanoPicozzi/cotd/master/etc/kubernetes/istio/ab-routerule.yaml
$ istioctl get routerules
$ export COTD_URL=$(kubectl get pod -n istio-system -l istio=ingress -o 'jsonpath={.items[0].status.hostIP}'):$(kubectl get svc istio-ingress -n istio-system -o 'jsonpath={.spec.ports[0].nodePort}')
$ echo $COTD_URL
192.168.86.66:31329

$ while true; do curl -s http://$COTD_URL/item.php | grep "data/images" | awk '{print $5}'; sleep 2; done
data/images/cats/brisbane.jpg
data/images/cats/wellington.jpg
data/images/cities/adelaide.jpg
data/images/cities/hobart.jpg
...

Trivia

Troubleshooting

For sure you will suffer some mild discomfort in using this 0.2x software. If things are misbehaving try recreating the istio-system pods. Launch the dashboard and inspect the istio-ingress logs. Check that /etc/resolv.conf has a valid entry, e.g. 8.8.8.8

$ kubectl delete pods --all -n=istio-system
$ minikube dashboard

Steak Knives

Knock about with the istio bookinfo example and try to reproduce some of the other routing rule scenarios as described at https://istio.io/docs/tasks/  .

Advertisements

One thought on “Kubernetes Minikube #2 – Istio

  1. Pingback: Messing with Kubernetes Minikube #1 – Configmaps, Storage, Ingress | emergile

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s