# Istio workshop

Istio (opens new window) is an open platform to connect, secure, control and observe microservices, also known as a service mesh, on cloud platforms such as Kubernetes.

Istio

With Istio, you can manage network traffic, load balance across microservices, enforce access policies, verify service identity, secure service communication, and observe what exactly is going on with your services.

Full asciinema screencast: https://asciinema.org/a/229605 (opens new window)
GitHub repository: https://github.com/ruzickap/k8s-istio-workshop (opens new window)

# Requirements

Docker (opens new window)
kubectl (opens new window)
Access to OpenStack environment to provision 3 VMs
Kubernetes knowledge

# Objectives

After you complete this course, you'll be able to:

Download and install Istio in your cluster
Deploy the Guestbook sample app
Use metrics, logging, and tracing to observe services
Set up the Istio Ingress Gateway
Perform simple traffic management, such as A/B tests and canary deployments
Secure your service mesh
Enforce policies for your microservices

Lab diagram

# Workshop

You will perform the following exercises in the lab:

TIP

In case you turned off the servers or restart your computer please verify you have the KUBECONFIG variable set and all kubectl port-forward up and running:

[ -f $PWD/kubeconfig.conf ] && export KUBECONFIG=${KUBECONFIG:-$PWD/kubeconfig.conf}
kubectl get nodes -o wide

# List of GUIs used in Workshop

Jaeger (opens new window) - https://istio.io/latest/docs/tasks/observability/distributed-tracing/ (opens new window)
- ```
kubectl port-forward -n istio-system $(kubectl get pod -n istio-system \
-l app=jaeger -o jsonpath="{.items[0].metadata.name}") 16686:16686 &
```
  - Link: http://localhost:16686 (opens new window)

Prometheus (opens new window) - https://istio.io/docs/tasks/telemetry/querying-metrics/ (opens new window)

kubectl -n istio-system port-forward $(kubectl -n istio-system get pod \
-l app=prometheus -o jsonpath="{.items[0].metadata.name}") 9090:9090 &

Link: http://localhost:9090/graph (opens new window)

Grafana (opens new window) - https://istio.io/docs/tasks/telemetry/using-istio-dashboard/ (opens new window)
- ```
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod \
-l app=grafana -o jsonpath="{.items[0].metadata.name}") 3000:3000 &
```
- Link: http://localhost:3000/dashboard/db/istio-mesh-dashboard (opens new window)
Kiali (opens new window) - https://istio.io/docs/tasks/telemetry/kiali/ (opens new window)
- ```
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod \
-l app=kiali -o jsonpath="{.items[0].metadata.name}") 20001:20001 &
```
- Login: admin
- Password: admin
- Link: http://localhost:20001 (opens new window)
Servicegraph - https://archive.istio.io/v1.0/docs/tasks/telemetry/servicegraph/ (opens new window)
- ```
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod \
-l app=servicegraph -o jsonpath="{.items[0].metadata.name}") 8088:8088 &
```
- Link: http://localhost:8088/force/forcegraph.html (opens new window), http://localhost:8088/dotviz (opens new window)

Kibana (opens new window)

kubectl -n logging port-forward $(kubectl -n logging get pod \
-l role=kibana -o jsonpath="{.items[0].metadata.name}") 5601:5601 &

Link: https://localhost:5601 (opens new window)

Cerebro (opens new window)

kubectl -n logging port-forward $(kubectl -n logging get pod \
-l role=cerebro -o jsonpath="{.items[0].metadata.name}") 9000:9000 &

Link: http://localhost:9000 (opens new window)

Ceph Dashboard (opens new window)

kubectl -n rook-ceph port-forward $(kubectl -n rook-ceph get pod \
-l app=rook-ceph-mgr -o jsonpath="{.items[0].metadata.name}") 8443:8443 &

Password:

kubectl -n rook-ceph get secret rook-ceph-dashboard-password -o yaml \
| grep "password:" | awk '{print $2}' | base64 --decode

Link: https://localhost:8443 (opens new window)

# Links

Create VMs in OpenStack →