Istio on EKS in 30minutes | Istio Service Mesh | Zero to Hero | Kiali and Jaeger usage

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

if you're working with kubernetes architecture you know how hard it is to manage your microservices within the kubernetes namespace with service meshes it's easy for you to manage your microservices deployment within the same cluster and also across the clusters in some of my earlier videos you would have seen different service meshes like link rd and also the architecture for east u in this particular video we are going to look at the istio deployment within the eks cluster we're going to see the hands-on part on how to do sdo installation within an eks cluster and also deploying a small application which is provided as a part of the hto documentation in order to understand the different flows and identifying the flows and looking at these flows using different observability tools and tracking them with that let's get [Music] started [Music] press the bell icon on the youtube app and never miss any update from tech primers in the current video i am going to use istio 1.9 specifically 1.9.2 so if you're following it now you can use the same link and then just follow the video so the first thing i'm going to need is the istio installation or the osteoctl installation and things like that so the first step necessary in order to get started is downloading istio you can follow this particular command curl download istio i just downloaded uh the same histo version it takes a while that's why i triggered it a few minutes ago and then it got downloaded and now i can do the configuration check so i'll set the path so that my uh istio cli works with the same version i'm going to do a pre-check so there is nothing configured right now that's why it is showing like that i will also say istio ctl version just to check the version of uh istio right now the master environment is not configured so what we are going to do is we are going to create the kubernetes cluster within the whole ekspace so let me go to the aws console and i will show you where i'm going to create it so i'm clicking on elastic kubernetes service within the aws console and i'll be using the region us east one which is not virginia i can go to the clusters and then i can show you there are no clusters right now i'm going to create a new cluster to create the eks cluster i'm going to leverage the eka ctl command so i'll be creating using this particular command ek ctl create cluster and uh that region which i'm using is usc1 i also want to reduce the number of nodes so i'm going to leverage only two different nodes uh because i have already selected m5 large as the type of ec2 instance which are already large so i can leverage the same and i have just triggered the command so let's wait for the cluster to be created let me open a new tab below so that i don't disturb the existing cluster creation shell so let me go to the shell and then i'll just say horizontally so this is going to create a new shell for me and let's go to the version sto1.9.2 so i'm inside the folder that's what this documentation says so we need to go into istio1.9.2 which we downloaded as a part of the curl command once we are inside there are different directories sample directory denotes we have some sample application which we are going to deploy and also we have some seo client library which is the bin right so we need to set the path for that as well so let me set it here and then we are sorted so once that's done we need to install istio in the kubernetes cluster so right now our cluster is getting created let's wait for the cluster creation to complete and then we will trigger the istio installation command so meanwhile i'll just copy the command what we are going to do we are going to install sdu and then we are going to set the profile as demo all right so that's what we are doing here and also hyphen y denotes uh installation yes for all the prompts so let me uh wait until this particular cluster gets created and then i will try to run the whole estuary installation so the cluster creation got completed right now i can see that message here so let's look at the nodes by doing the cube ctl get node this is returning the two nodes which we just created right now the eks cluster is using 1.18.9 version of kubernetes so i think we are all ready i'll just do a cube ctl get all hyphen m default so right now there are no parts running in this particular cluster i just want to check that so yeah there is nothing running right now it's just the default cluster ip servers which is there which is configured under the default namespace just to be clear i want to mention or i want to look at the different pods which are across the name space so that way i want you to show what is currently running and what we are going to add there are two different cube proxies two different aws node services and then there is core dns so all these are running on our individual nodes which we have configured we can't see the control plane because aws manages that now with that let's install istio so as a part of the installation you should be able to see different parts which get installed as a part of the istio hyphen system namespace which i'll show you in a bit so i have triggered the istio installation command so we should be able to see uh istio parts getting installed in this meanwhile let me keep the documentation ready yep so what's the next command so the next command is to inject uh istio into the namespace so i can directly do that or i don't have to inject stu instead i can deploy my application and then inject it so labels are basically a kind of what you call configurations using which your systems can behave so east you looks at a particular name space and then checks if that particular name space is eligible for installing or configuring istio or not so for namespaces you can configure stu so you can control your boundary at the name space level so i'm going to apply the cube ctl label namespace for the my default namespace because i am going to apply my application within the default namespace if i want to specifically do for a particular name space i can provide that right and then you have to provide this particular flag which says istio hyphen injection equal to enabled so based on this flag my istio sidecars and stuff like that will be installed as a part of my application installation so let me go back so instio installation is complete let's look at what's happening within my cluster now you can see that there are three different services which i've got introduced now compared to the earlier one they are all present in the name space called istio hyphen system so this is a new name space which istio creates right and um one is the egress proxy the ingress gateway and also the osteoid now if you remember the architecture diagram which i showed in the architecture video let me show that so this is the architecture diagram which i had shown right so the data plane is nothing but the sidecar container which will be sitting along with the application within the same pod right and that's what envoy is all about the data plane and control plane is where we will be storing so this is the oesteoid all right so osteoid is the ah is this particular part right so this is the monolithic uh application which easter uses earlier istio used to use microservices deployment but then they just merged a pilot gala and citral into one which is steered right so this is the whole control plane versus data plane right so this is already set up now when we deploy our application we will have one more sidecar sitting with our application and using that sidecar my control plane will speak to my application right so that's how the istio service mesh works now that my istio processes or pods are running i have my incoming connection and outgoing connection ready and also i have my istio istioid for doing the configurations so let me go back to the documentation and then deploy the sample so i'll just copy this command so that i can directly uh deploy the sample application so let me deploy that here right since we are already here in this folder we already have samples folder yeah so i think we should be good so i'm just using the cube ctl apply hyphen f and then giving this book info.yaml so this book info.yaml is going to create multiple services multiple service accounts deployments rating services so we will look at what are these microservices in a bit but it's just deployed already so let's look at what's happening in the pods so if you see here in the default namespace there are different applications which are getting created so for example there is one microservice called details which is v1 product page which is v1 ratings page which is v1 and then there are three different micro services which are reviews v1 v2 and v3 so these are three different versions of the same application which got deployed so let's wait for the application to uh finish running so i think it's already running all right so we are good here so the application which we deployed is already running notice that right now it has only one container so it just says one slash one right that basically means i don't have any side car which is running within the application which can take care of some additional uh service mesh stuff all right so it's just one slash one so only my application is running nothing else coming back to the documentation so that's what it's mentioned right so the next uh step is to get the details of the service so what we can do is we can go to cube ctl get service so this will show what are the different services which are created all my services are cluster ip that basically means i cannot access these services from outside the cluster so within the cluster if somebody assigns a cluster ip only the components within the cluster will be able to resolve this ip address because this is specific to a kubernetes cluster right so all my micro sources details product page ratings and reviews they all have been assigned to this particular cluster ip and they have different port mappings coming back to the documentation we already confirmed that we have a pod but if you notice all my containers are having two slash two this is because we did not apply our label within our cluster so i just wanted to show you without applying the label and then i will apply the label right now right so if you see the number of parts if i do cube ctl get bored this will show that my application is just deployed but then how will i access this right i mean right now there is no way for me to access because all my services are cluster ip right from my external uh cluster i cannot access this application so this is because i wanted to show you how sto works so if i miss this particular command where i'm just injecting istio here then all my applications will not have my site car deployed so this is right now just showing one slash one now if i show you here right still it is showing 1.1 so now how do i retrigger right one thing is to delete everything and recreate or i can do cube ctl delete for and i will delete let me show you by deleting one particular port so if i delete this particular port this part is going to be recreated when it gets recreated my istio is going to be added here so the data plane is injected here so notice that i deleted the details pod now it is up and running with two containers within the same pod so this is that on y container which we saw in this uh particular diagram so this is what it is right now i'm going to delete all these parts as well so that it can create in a full-fledged manner so let me do that so all my pods are deleted and i can see all my statuses running here so let me do clear so that's set so we have details uh v1 we have product page v1 we have ratings v1 we have reviews v1 we have reduced v2 and v3 so let me clear it going back to the documentation our deployment step is completed in order to verify if our application is working there is a step here using which you can hit the end point within the pod for the rating server so if you look at this uh this is the command for it so let me copy this command and then i will execute it and then i'll tell you what it does so we got the response a simple bookstore app which is what is expected that basically means our application is running so cube ctl getport label and then app equal to ratings what's happening here is we are retrieving the pod name and then we are logging into uh that particular pod using cube ctl exec so cube serial exec command logs into that particular port so we're getting the pod name by this using the metadata using json path and then we are passing that as a parameter to the cube ctr exec and then we are going specifically to the ratings container and doing a curl from that particular container on the products page and then we are grabbing only the title of that particular response so if i don't grab this it will display all the message here but i wanted to just get the title so that we know we are in the right path right so that's what this example explains so we are good here so we logged into a container we did a curl and then we are able to see what's happening now the next thing is how do i access this particular application from outside right we did not do anything fancy we just applied our application we don't have any ingress setup it's all just pods right i mean i have just deployed my application but how do i access this particular application from the external world that's where the gateways are helpful right so here the next command says apply the sample for the booking for gateway so let's apply this meanwhile what i will do is i will look at what's the what's the file like so let me open the book info not networking so if you look at it there is a new crd called gateway right so this is a custom crt so crds are basically custom resource definitions which are created by individual components or frameworks and things like that so here stu is a component new component right so they have created its their own custom resource definition which is called as gateway right and then the api version is configured based on this particular whatever version we provide here so the name of my gateway is called booking for gateway and it's allowing my incoming traffic so ingress gateway so increase gateway is nothing but the incoming traffic so my book iphone booking for hyphen gateway is going to allow my incoming traffic on port number 80 using http traffic and it's allowing every host to access my application so that's the full gateway piece right so the gateway is just the api gateway kind of a configuration where we just allow the incoming traffic from any host so you can restrict those in the host section here the next one which we are applying here is the virtual service virtual servers is another new customer resource definition from istio using which you can specifically match whatever gateways you are getting in right so you can match the http url and then you can add those with the corresponding gateway servers so this is similar to an api gateway the virtual service is like a gateway which can route traffic by matching it with a specific pattern and then it just redirects it to the gateway service and then specifically based on the host as well so that's what this does so see that all my url prefix which match they are getting redirected to my product page which is running on 9080p so this particular port number is my service port number when i did a cube ctl get service i could see that the product page has 9080 port so my product page has 9080 report and that's what we are defining here so we are creating two things one is the virtual service and also the booking for gateway now how do i uh look at those details right so i can do cube ctl get gateway so cube city get gateway will show me my booking for gateway i also can do cube ctl get virtual service i can do a vs which is a short form so it just shows that book info is the name of the virtual service it redirects to the gateway booking for gateway right and it allows all my hosts to go into that so we need virtual service and gateway in order to get our traffic into the kubernetes cluster via estio so these two are specific to istio so let me go back to the documentation the next command in the documentation is istio analyze so istio analyze is going to check if there is any issue in terms of accessing your application so let's apply that and then we can talk about it so that was quick so the issue analyst got completed with no validation issues so this identifies if there are any misconfigurations within the cluster which we can identify now itself that's what istioctl analyze does the next one is identifying the ingress ip address and the port number so in general how do we identify is you can directly use the service from the istio system so let me leverage this and then we can see let me do a clear so i can see that there is a url here which is coming from here right i mean from the external ip since i'm using uh eks this is going to be my elb which is elastic load balancer so let me go to the aws console uh earlier i think we did not even see that the cluster got created see that so i have my cluster already there so let me go to elb right so elv is elastic load balance so let me go to ec2 and then there is a load balancing option there so i can see two instance of my ec2 running and then i can go to load balancers in the load balancers tab there will be a new load balance so this is the load balancer which got created right now right which is getting used for my application here right coming back to the documentation i can see that um we need to set some variables so these are like good to have if i set these variables i can easily get my ingress hostname and port number whatever we just configured so let me get the port number from there because i was not able to identify so let's do all these so all my variables are set let me do an echo [Music] dollar so we do have our variable set i think we are good here so let me go back to the documentation so we have all these set so the next one is getting the gateway url because all these are these commands are specific to cloud platforms we are already set right i mean we have the ingress host we have all those uh things ready so the next thing is setting up the gateway url so gateway url is just a combination of the host name and the port number so let me set that i'll do a dollar gateway url just to validate what is the gateway url looks like the ingress host is not set now in order to get the uh ingress host ingress host is nothing but our elb url so previously we did a command to identify the uh elb url let me get that command this support yeah so using the get service of estio ingress gateway we got the external ip so this is nothing but the elb so this is going to be our ingress gateway so i am going to just set the variable which is ingress host as this particular hostname now i'm going to also set my gateway url with the ingress host and the ingress port that way i can now do a echo on my gateway url and then we are sorted so based on documentation the next command is accessing the application using that particular gateway url so we are going to do an echo like this and then get the output and then hit it in the browser so i'm going to copy this http url go to the browser hit it we should be able to see our product page awesome so we are able to see now the product page see that uh there is a there is a review rating here which is something if i refresh again so see that the color is different uh this is because these are different versions see that it's gone again so these are different versions of my micro servers if you remember there were like different reviews v1 v2 v3 so that's what this denotes so i'm just accessing the application let me refresh it multiple times to see and create some artificial traffic awesome so looks like it's good so this is how you can leverage easter right now we didn't look at any of the configurations but we just deployed the product page now how do i understand what's happening underneath right that's where we can look at the dashboard uh so istio provides kiali add-ons so i'm going to install the same so that we can look at at a high level how my flows are going in right so we are going to look at uh how we can leverage kiali for that so i'm going to install the kiali plugin so there is a cube city will apply sample add-ons so i'm going to use the same and i'm going to apply it from there this folder so this is rolling out my kiali deployment so kelly is going to create grafana uh see that it's getting created and then graphene dashboards are also getting created it also did something it also integrated uh eager agar is a distributed tracing uh platform or a tool using which you can understand the logs which are traced across microservices so when i installed kiali i also had agar installed because i have all those add-ons under the samples here right so that's the whole deployment so everything got created um successfully right what's next so how do i access my kali dashboard right so this is how you can access your kle dashboard you can just do istio ctl dashboard kiali this will open the kiali dashboard in the browser right so see that it automatically open localhost and then it's just logging in so let me reduce the size so this is a ui using which you can understand what's happening within your cluster so see that i have my default namespace which has like one particular label which is easter injected there are four applications if i click on it i can see the application names uh if i want to look at the flow there is an awesome uh page where it just mentions graph all right so i can look at the graph of what's happening so right now i don't have any traffic so i'll just generate some traffic because i installed kylie just now so let me add some traffic see that it got refreshed quickly right i mean so this is the micro services deployment so we have one particular micro service called products page and which is hold on let me show you so this is the one the products page is the major ui and then there is details there is ratings and then there is reviews right so if you look at it products page connects to details right and that's v1 again products also connects to reviews reviews has t three different versions right v1 v2 and v3 v1 doesn't connect two ratings but v2 and v3 they connect to ratings right and then they are differentiated based on the color right if you had seen in the review rating there were some red and then there was some black right that's the different version which they have deployed so this is how you can identify um your flows right with chiali what if i kill something right i mean just for fun what i'm going to do is i'm going to just delete a pod and then access my application so what happens to my application so see that there was an error fetching the products it did not fail for the whole page but only that particular section failed right now if i refresh i got my book details right now in kiali notice that there is a red option here so this is because one of my flow failed and i'm able to see that now so i just artificially generated that failure but uh you can do it see now it's green because all my subsequent calls are successful right so this is how you can look at uh the flow of your circuit breakers which got triggered and then we could see at a high level with kiali all those flow like what he sticks dashboard used to provide this also shows the success rate the outgoing success rate total all those things can be viewed here we can also look at the workloads which we deployed and the services from here so we don't have to like type in cube ctl commands and we can see that from here directly specifically for istio you can look at what are the different configurations and what are the different crds which you have configured so see here we have configured two different crts one is the gateway and the other one is the virtual server so both these are getting displayed here um the one thing i liked about keali is the graph which helps us in identifying the flow right so that's the major advantage of using kiali let me refresh again i should be able to see minecraft yeah so i'll refresh again and again and then i can see that here and you can also see that the incoming traffic is coming via the istio ingress gateway which we had configured and that is all integrated with the elb within aws which can be seen in the ec2 instance and this is where the load balancer is present right this is specific to us let me go back to the documentation so what else networks right once scali is done we also had install aeger right so in order to look at the aeger dashboard i can use istioctl dashboard eager sorry so this will open the aeger dashboard so agar if you don't know what is aeger aeger is a distributed tracing platform using which you can trace request across microservices so let's say i select my product page as my service here and let me do a search you can look at or search by trace ids or you can look at request at an individual request level so if you see here if i select that particular request there was a request which came in from the istio ingress gateway from there it went to the product page microservice right from the product page it went to details and also it came back and then it also went to reviews and from reviews it went to ratings right so these are multiple micro services and you can see how much time individual requests took in each of these micro services and all these are like glued together right in the same ui we saw the similar kind of thing in kiyali right here in this uh graph but agar does at the log level right i mean these are like request level you can look at logs you can trace request based on the trace id right because based on the request it generates an unique identifier and using that unique identifier you can trace your request all right so that's how aeger does it uh i don't think i made any specific video on aker but it's a good topic to have let me know if you guys want to see any specific topics on eager this particular ui i can definitely try configuring it but this is a very useful tool similar to what we do with spring cloud sleuth this eager ui provides a ui as well and then it just stitches your request and then identifies your trace id and then we can get all these in one particular ui aeger is a product from uber and it was open source so yeah that's that so with that we have reached the end of the demo so i'll just summarize what we just discussed and what we just did initially we created the eks cluster using the eks create cluster command later we installed istio within that particular cluster once the hto was installed we injected our we deployed our application within the estio cluster later i applied my label so that the deployments can get triggered by istio so that we can have the data planes which can get installed the on voice right once they were installed we were able to see the request uh getting successful we configured or we understood the alb url and then we hit our product page directly using kiali we were able to look at the graph with end to end view on how your requests are going through and using aeger we were able to trace our request across microservices at the trace id level these are not the only features which istio provides istio provides more than these it also has capabilities for circuit breakers and stuff like that which i have not shown here or which is not there in this particular demo however if you guys are interested do give it a try and then there are different documentation and separate guides on how you can configure and try each of these individual features from east view so in the end you can also see the next steps in the next steps you can see the different features which istio provides in terms of fault injection traffic shifting query metrics visualization metrics etc right try each one of them and then let me know if you want me to try any specific topic within istio i hope you were able to understand how easter works and how it does magically so many things and it makes your life simple by deploying different micro services within your kubernetes cluster as always if you like the video go ahead and like it meet you again in the next video thank you very much

Info

Channel: Tech Primers

Views: 7,106

Rating: 4.9139786 out of 5

Keywords: zero to hero, istio service mesh, istio architecture, istio example, istio service mesh hands on, istio hands on, istio deployment, istio on eks, istio in 30minutes, istio, service mesh on eks, eks with istio, istio with eks, istio tutorial, istio from scratch, istio in 30m, eks tutorial, using istio with eks, istio service mesh on eks, istio for beginners, service mesh for beginners, service mesh example, kiali, jaeger, obersavility, kubernetes, Elastic Kubernetes Service

Id: wCJEfqKpUf4

Channel Id: undefined

Length: 31min 7sec (1867 seconds)

Published: Sat Apr 03 2021