This project demonstrates how to use an Istio service mesh in a single Kubernetes Engine cluster alongside Prometheus, Jaeger, and Grafana, to monitor cluster and workload performance metrics. You will first deploy the Istio control plane, data plane, and additional visibility tools using the provided scripts, then explore the collected metrics and trace data in Grafana.
APACHE-2.0 License
Istio is part of a new category of products known as "service mesh" software designed to manage the complexity of service resilience in a microservice infrastructure. It defines itself as a service management framework built to keep business logic separate from the logic to keep your services up and running. In other words, it provides a layer on top of the network that will automatically route traffic to the appropriate services, handle circuit breaker logic, enforce access and load balancing policies, and generate telemetry data to gain insight into the network and allow for quick diagnosis of issues.
For more information on Istio, please refer to the Istio documentation. Some familiarity with Istio is assumed.
This repository contains demonstration code to create an Istio service mesh in a single GKE cluster and use Prometheus, Jaeger, and Grafana to collect metrics and tracing data and then visualize that data.
Istio has two main pieces that create the service mesh: the control plane and the data plane.
The control plane is made up of the following set of components that act together to serve as the hub for the infrastructure's service management:
Mixer: a platform-independent component responsible for enforcing access control and usage policies across the service mesh and collecting telemetry data from the Envoy proxy and other services
Pilot: provides service discovery for the Envoy sidecars, traffic management capabilities for intelligent routing, (A/B tests, canary deployments, etc.), and resiliency (timeouts, retries, circuit breakers, etc.)
Citadel: provides strong service-to-service and end-user authentication using mutual TLS, with built-in identity and credential management.
The data plane comprises all the individual service proxies that are distributed throughout the infrastructure. Istio uses Envoy with some Istio-specific extensions as its service proxy. It mediates all inbound and outbound traffic for all services in the service mesh. Istio leverages Envoy’s many built-in features such as dynamic service discovery, load balancing, TLS termination, HTTP/2 & gRPC proxying, circuit breakers, health checks, staged roll-outs with percentage-based traffic splits, fault injection, and rich metrics.
The sample BookInfo application displays information about a book, similar to a single catalog entry of an online book store. Displayed on the page is a description of the book, book details (ISBN, number of pages, and so on), and a few book reviews.
The BookInfo application is broken into four separate microservices and calls on various language environments for its implementation:
There are 3 versions of the reviews microservice:
To learn more about Istio, please refer to the project's documentation.
The pods and services that make up the Istio control plane are the first components of the architecture that will be installed into Kubernetes Engine. An Istio service proxy is installed along with each microservice during the installation of the BookInfo application, as are our telemetry add-ons. At this point, in addition to the application microservices there are two tiers that make up the Istio architecture: the Control Plane and the Data Plane.
In the diagram, note:
gcloud init
NOTE: The following instructions are applicable for deployments performed both with and without Cloud Shell.
Copy the properties
file to properties.env
and set the following variables in the properties.env
file:
YOUR_PROJECT
- the name of the project you want to useYOUR_REGION
- the region in which to locate all the infrastructureYOUR_ZONE
- the zone in which to locate all the infrastructuremake create
The script should deploy all of the necessary infrastructure and install Istio. The script will end with a line like this, though the IP address will likely be different:
Update istio service proxy environment file
104.196.243.210/productpage
You can open this URL in your browser and see the simple web application provided by the demo.
echo "http://$(kubectl get -n istio-system service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}'):$(kubectl get -n istio-system service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http")].port}')/productpage"
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=prometheus -o jsonpath='{.items[0].metadata.name}') 9090:9090
Press CTRL-C
to quit forwarding the port.
For more information on how to use Prometheus with Istio, please refer to the Istio documentation
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=grafana -o jsonpath='{.items[0].metadata.name}') 3000:3000
Press CTRL-C
to quit forwarding the port.
For more information on how to use Grafana with Istio, please refer to the Istio documentation
kubectl port-forward -n istio-system $(kubectl get pod -n istio-system -l app=jaeger -o jsonpath='{.items[0].metadata.name}') 16686:16686
Press CTRL-C
to quit forwarding the port.
For more information on how to generate sample traces, please refer to the Istio documentation.
To tear down the resources created by this demonstration, run:
make teardown
This demo was created with help from the following links:
This is not an officially supported Google product