Difficulty: Beginner
Estimated Time: 40 minutes

This scenario explores seven traffic management features with the Istio service mesh.

... Service Mesh, a dedicated infrastructure layer to run fast, reliable and secure network of microservices, container orchestration systems to provide a higher level of deployment infrastructure abstraction, and evolution of continuous delivery systems [sic] to build, test and deploy microservices as containers. -- Zhamak Dehghani

A significant feature in Istio provides you the ability to control traffic of messages between services by submitting rules coded in declarative manifests (YAMLs). With this scenario, you can teach yourself these traffic management features by experimenting with each declaration and observing the behaviors.

In the following steps you will learn about these traffic management features:

Traffic Management Feature
Request Routing Route requests dynamically to multiple versions of a microservice.
Fault Injection Inject faults to test the resiliency of your application.
Traffic Shifting Migrate traffic from one version of a microservice to another (OSI Layer 7).
Traffic Shifting TCP Migrate TCP traffic from one version of a microservice to another (OSI Layer 5).
Request Timeouts Request service timeouts to services.
Circuit Breaking Configure circuit breaking for connections, requests, and outlier detection.
Mirroring Send a single request to multiple services.

After the installation steps, each traffic feature step is modular, so you can choose the individual steps that most interest you and skip over others.

If you compare the instructions in this scenario with the Istio documentation on these features, you will see that they are virtually the same. This is intentional, as the Istio documentation is well-written and this scenario provides a direct, hands-on way to experience the features. Another helpful background page is Traffic Management.

After this demonstration, hopefully you can recognize Istio's power. It's so easy to declare and submit these traffic rules. Take a moment and think about how else you would do this without a mesh like Istio installed. Adding this type of traffic logic and experimentation inside your services should be the last place you want to configure these states.

Lessons Learned

With these steps, you have learned:

  • ✔ How to install Istio on Kubernetes following its recommended best practices
  • ✔ How to install Istio's Bookinfo as a Hello World for Istio
  • ✔ How to start manipulating Istio declarations to control your network close to the application plane

Look for more scenarios to explore other Istio features as they arrive. The book Istio Up and Running offers more learning channels.

References


For a deeper understanding of these topics and more, join
Jonathan Johnson
at various conferences, symposiums, workshops, and meetups.

Software Architectures ★ Speaker ★ Workshop Hosting ★ Kubernetes & Java Specialist

Kubernetes Networking: Istio Traffic Management

Step 1 of 11

Kubernetes Cluster

For this scenario, Katacoda has just started a fresh Kubernetes cluster for you. Verify that it's ready for your use:

kubectl version --short && \ kubectl get nodes && \ kubectl get componentstatus && \ kubectl cluster-info

It should list a two-node cluster and the control plane components should be reporting Healthy. If it's not healthy, try again in a few moments. If it's still not functioning, refresh the browser tab to start a fresh scenario instance before proceeding.

The Helm package manager used for installing applications on Kubernetes is also available:

helm version --short

Kubernetes Dashboard

You can administer your cluster with the kubectl CLI tool or use the visual Kubernetes dashboard. The Dashboard can be accessed from the tab labeled Kubernetes Dashboard above the command line. When the Dashboard first appears, it will prompt you for an access token. You can run this script at any time to access the Dashboard token:

token.sh

This script will display the token in the terminal. Copy the green text using your browser's copy feature, then paste the token into the prompt when the Dashboard is accessed. If the Dashboard is still starting up, then Katacoda will report the access error. Once the dashboard Pod reports the status Running, it can be accessed:

kubectl get pods -n kube-system -l app.kubernetes.io/name=kubernetes-dashboard