Exposing services through Istio Ingress Gateway
The components deployed on the service mesh by default are not exposed outside the cluster. An Ingress Gateway is deployed as a Kubernetes service of type LoadBalancer (or NodePort). To make Bookinfo accessible external to the cluster, you have to create an Istio Gateway for the Bookinfo application and also define an Istio VirtualService with the routes we need.
Inspecting the Istio Ingress Gateway
The ingress gateway gets exposed as a normal Kubernetes service of type LoadBalancer (or NodePort):
Because the Istio Ingress Gateway is an Envoy Proxy you can inspect it using the admin routes. First find the name of the istio-ingressgateway:
Copy and paste your ingress gateway's pod name. Execute:
You can view the statistics, listeners, routes, clusters and server info for the Envoy proxy by forwarding the local port:
See the admin docs for more details.
Also it can be helpful to look at the log files of the Istio ingress controller to see what request is being routed.
Before we check the logs, let us get out of the container back on the host:
Now let us find the ingress pod and output the log:
View Istio Ingress Gateway for Bookinfo
View the Gateway and VirtualServices
Check the created Istio Gateway and Istio VirtualService to see the changes deployed:
Find the external port of the Istio Ingress Gateway by running:
To just get the first port of istio-ingressgateway service, we can run this:
Create a DNS entry:
Modify you local /etc/hosts file to add an entry for your sample application.
127.0.0.1. bookinfo.meshery.io
The HTTP port is usually 31380.
Or run these commands to retrieve the full URL:
Docker Desktop users please use http://localhost/productpage to access product page in your browser.
In case you are using a managed kubernetes cluster like AKS, EKS, or GCE please follow the procedure described below:
-
Get the external IP of the service istio-ingressgateway using the following command:
-
Using Meshery, navigate to the Custom yaml page, and apply the manifest given below to allow all hosts instead of allowing bookinfo.meshery.io only and you are good to access the page using the following url
http://<external-ip of istio-ingressgateway>/productpage.
Apply default destination rules
Before we start playing with Istio's traffic management capabilities we need to define the available versions of the deployed services. They are called subsets, in destination rules.
Using Meshery, navigate to the Custom yaml page, and apply the below to create the subsets for BookInfo:
This creates destination rules for each of the BookInfo services and defines version subsets
In a few seconds we should be able to verify the destination rules created by using the command below:
Browse to BookInfo
Browse to the website of the Bookinfo. To view the product page, you will have to append
/productpage to the url.
Reload Page
Now, reload the page multiple times and notice how it round robins between v1, v2 and v3 of the reviews service.
Inspect the Istio proxy of the productpage pod
To better understand the istio proxy, let's inspect the details. Let us exec into the productpage pod to find the proxy details. To do so we need to first find the full pod name and then exec into the istio-proxy container:
Once in the container look at some of the envoy proxy details by inspecting it's config file:
For more details on envoy proxy please check out their admin docs.
As a last step, lets exit the container:
Alternative: Manual installation
Follow this if the above steps did not work for youDefault destination rules
Run the following command to create default destination rules for the Bookinfo services:
Configure the Bookinfo route with the Istio Ingress gateway
We can create a virtualservice & gateway for bookinfo app in the ingress gateway by running the following:
