Setting up Kubernetes and Istio on Minikube
October 29, 2018
This is another kubernetes/istio tutorial. I have found a few tutorials out there, but some of them are out of date, due to some breaking changes in kubernetes and istio. So I decided to document this, for myself, if for nobody else. I used the quickstart as the basis of this article. So if you find that easier to follow, please do so.
First let me lay out the versions of my Mac OS and the versions of kubernetes, minikube and istio that I am using/installing
- MacOS: 10.13,6 (High Sierra)
- kubernetes(client): 1.12.0
- kubernetes(server): 1.10.0
- minikube: v0.30.0
- istio: 1.0.3
Install a Hypervisor
Minikube needs this to virtualize a cluster on your local machine. I use VirtualBox, download the mac os version. Now, I know VirtualBox kind of sucks, so you can try and use Docker/Xhyve. I had issues getting it to work, but here are a couple of articles; if you are interested in giving it a shot
Install kubectl (I use brew to manage this)
> brew install kubernetes-cliThen check the version
> kubectl version
Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.0", GitCommit:"0ed33881dc4355495f623c6f22e7dd0b7632b7c0", GitTreeState:"clean", BuildDate:"2018-09-28T15:20:58Z", GoVersion:"go1.11", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.0", GitCommit:"fc32d2f3698e36b93322a3465f63a14e9f0eaead", GitTreeState:"clean", BuildDate:"2018-03-26T16:44:10Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}Install minikube
> brew cask install minikubeSet minikube context
> kubectl config use-context minikube
Context "minikube" modified.Download and Setup Istio
> curl -L https://git.io/getLatestIstio | sh -You will get a message to export the path,just copy the command and run it
> export PATH="$PATH:/Users/christopherlam/git/development/istio-1.0.3/bin"Start up Minikube
Since we are using VirtualBox we don’t have to set the driver; I believe VirtualBox is the default
> minikube start --memory=8192 --cpus=4 --kubernetes-version=v1.10.0 Install Istio onto Minikube
So when you downloaded Istio via the cURL command in the previous steps it downloaed some additional code and examples. Change into the istio directory i.e.
> cd ~/git/istio-1.0.3Install Istio’s Custom Resource Definitions
CRDs are one way to define resources, [Aggregated APIs][aggregated-api-url] is the other way
> kubectl apply -f install/kubernetes/helm/istion/templates/crds.yamlInstall Istio’s Core Components
I chose to install without mutual TLS authentication between sidecars. There are other options, such as installing with TLS authentication, using Helm, using Helm and Tiller, etc.
> kubectl apply -f install/kubernetes/istio-demo.yamlVerify the installation
> kubectl get svc -n istio-systemYou should see services like istio-ingressgateway, istio-telemetry, istio-sidecar-injector, etc
Since we are using minikube, it does not support an external load balancer. The EXTERNAL-IP of istio-ingress and istio-ingressgateway will say
Install the sample project BookInfo
> kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)Confirm that the services are running
> kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 10.108.0.216 <none> 9080/TCP 4d
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4d
productpage ClusterIP 10.96.126.187 <none> 9080/TCP 4d
ratings ClusterIP 10.106.50.27 <none> 9080/TCP 4d
reviews ClusterIP 10.109.237.86 <none> 9080/TCP 4dConfirm pods are running
> kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-6865b9b99d-vzz82 2/2 Running 1 4d
productpage-v1-f8c8fb8-6bldf 2/2 Running 1 4d
ratings-v1-77f657f55d-66m2t 2/2 Running 1 4d
reviews-v1-6b7f6db5c5-8gmsg 2/2 Running 1 4d
reviews-v2-7ff5966b99-hfxcd 2/2 Running 1 4d
reviews-v3-5df889bcff-2pqdd 2/2 Running 1 4dNow we need to make the app accessible
> kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yamlConfirm the gateway
> kubectl get gateway
NAME AGE
bookinfo-gateway 64sDetermine the IP address
Since you are running minikube there is no external load balancer, you can find the IP address of minikube by running the following command
> minikube ip
192.168.99.100Determine the port
This command will return the port number
> kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}'Now armed with the IP address and port you can hit the browser with the following url:
http://ip-address:port/productpage i.e. http://192.168.99.100:31380/productpage
Telemetry
Istio and Prometheus and Grafana
Check to see if Prometheus is running
> kubectl -n istio-system get svc prometheus
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
prometheus 10.59.241.54 <none> 9090/TCP 2mCheck to see if Grafana is running
> kubectl -n istio-system get svc grafana
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
grafana 10.59.247.103 <none> 3000/TCP 2m> kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=grafana -o jsonpath='{.items[0].metadata.name}') 3000:3000 &Various built-in Grafana Dashboards
- http://ip-address:3000/dashboard/db/istio-mesh-dashboard
- http://ip-address:3000/dashboard/db/istio-service-dashboard
- http://ip-address:3000/dashboard/db/istio-workload-dashboard
Istio and Jaeger
> kubectl port-forward -n istio-system $(kubectl get pod -n istio-system -l app=jaeger -o jsonpath='{.items[0].metadata.name}') 16686:16686 &http://ip-address:16686
Istio and Service Graph
Check to see if the Service Graph is running
> kubectl -n istio-system get svc servicegraph
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
servicegraph 10.59.253.165 <none> 8088/TCP 30s> kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=servicegraph -o jsonpath='{.items[0].metadata.name}') 8088:8088 &http://ip-address:8088/force/forcegraph.html