search
CommunityLicense

Istio

Istio Setup

Istioarrow-up-right is a service mesh that provides a way to connect, secure, control, and observe microservices. It is a powerful mesh management tool. It also provides an ingress gateway for the Kubernetes cluster. Currently, we use the Ingressgatewayarrow-up-right component of Istio which enables routing external traffic into Kubernetes services. Istio can be configured to do much more. See note below.

circle-info

Why Istio? What are the benefits of using Istio in OpenG2P setup?

  • We can have advanced traffic management setups like load balancing, retries & failovers, and fault injection for testing resilience.

  • We can use advanced deployment strategies like canary deployments and A/B testing, where Istio can route higher percentage of traffic to specific service versions.

  • We can enable security features like mTLS encryption for service-to-service traffic. Istio can also provide an authentication & authorization layer for services.

  • We can also define policies related to access control & rate limiting. One can define which services are allowed to access other services or limit the rate of requests accepted by a service.

  • More importantly Istio provides comprehensive observability features. We can visualize & monitor service-to-service traffic real-time, with tools like Kialiarrow-up-right, which would help identify performance bottlenecks and diagnose issues.

hashtag
Installation

hashtag
Operator Setup

  • The following setup can be done from the client machine. This installs Istio Operator, Istio Service Mesh, Istio Ingressgateway components.

  • From kubernetes/istioarrow-up-right directory, run;

    istioctl install -f istio-operator.yaml

    • Wait for istiod and ingressgateway pods to start.

  • Or, for Rancher cluster, run:

    kubectl apply -f istio-ef-spdy-upgrade.yaml

hashtag
Namespace Setup

Skip this section for Rancher cluster

Set up an Istio gateway on each namespace for a domain. This assumes that the namespace (and relevant Rancher project) are already created (use the Rancher console to create a namespace or via command line kubectl):

  • One command line define these variables (example):

  • Git clone https://github.com/openg2p/openg2p-deployment repo. In kubernetes/istioarrow-up-right directory, run the following:

PreviousFirewallNextAdding Nodes to Cluster

Last updated

Was this helpful?