Enabling Istio for an existing application

To enable Istio for an existing application, we will use istioctl to generate additional artifacts in bookinfo.yaml, so the sidecar proxy is added to every pod:

  1. First, generate modified YAML with a sidecar proxy for the Bookinfo application:
$ cd ~/servicemesh
$ istioctl kube-inject -f bookinfo.yaml > bookinfo_proxy.yaml

$ cat bookinfo_proxy.yaml
...
  template:
    metadata:
      annotations:
        sidecar.istio.io/interceptionMode: REDIRECT
...
        traffic.sidecar.istio.io/excludeInboundPorts: "15020"
        traffic.sidecar.istio.io/includeInboundPorts: "9080"
        traffic.sidecar.istio.io/includeOutboundIPRanges: '*'
...
istioctl in the preceding example cannot be substituted by the kubectl command. Notice the sidecar proxy code injected into the original YAML file.
  1. Do diff on the original and modified file to see the additions to the YAML file by the istioctl command:
$ diff -y bookinfo.yaml bookinfo_proxy.yaml
...
  volumeMounts: volumeMounts:
  - name: tmp                      | - mountPath: /etc/istio/proxy
    mountPath: /tmp                | name: istio-envoy
  - name: wlp-output               | - mountPath: /etc/certs/
    mountPath: /opt/ibm/wlp/output | name: istio-certs
                                     > readOnly: true
...
  1. The new definition of the sidecar proxy will be added to the YAML file.
  2. Deploy the modified bookinfo_proxy.yaml file to inject a sidecar proxy into the existing bookinfo microservice:
$ kubectl -n istio-lab apply -f bookinfo_proxy.yaml
  1. Wait a few minutes for the existing pods to terminate and for the new pods to be ready. The output should look similar to the following:
$ kubectl -n istio-lab get pods
NAME                              READY   STATUS    RESTARTS  AGE
details-v1-68955b8bdc-crg2s       2/2     Running   0         96s
productpage-v1-74dfdd8b47-4d2gw   2/2     Running   0         96s
ratings-v1-79b6d99979-f8mgl       2/2     Running   0         96s
reviews-v1-69b9dddccf-x8r6d       2/2     Running   0         96s
reviews-v2-84c46bf56d-q7pmr       2/2     Running   0         96s
reviews-v3-64ff5788c7-nx4jx       2/2     Running   0         96s

Notice that each pod has two running containers since a sidecar proxy was added through the modified YAML

It is possible to select microservices to not have a sidecar by editing the generated YAML through the istioctl command. 

With Istio 1.3.5, the istioctl add-to-mesh service command has been added, which can be used to restart a pod to add a sidecar. For example, istioctl experimental add-to-mesh service productpage -n istio-lab will add a sidecar to the productpage service. The keyword experimental will be removed from future releases. 
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.17.68.14