Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. Istio is the result of a joint collaboration between IBM, Google and Lyft as a means to support traffic flow management, access policy enforcement and the telemetry data aggregation between microservices, all without requiring changes to the code
First, follow the Kubernetes Cluster Tutorial to create your own cluster on Bluemix.
Then, install the container registry plugin for Bluemix CLI.
bx plugin install container-registry -r BluemixNext, build your own docker images and push them to your own bluemix container registry.
You may skip these steps through deploying the secrets if you performed the Flightassist microservices deployment on Kubernetes scenario
Replace
<namespace>with your own namespace, you can view your namespace by runningbx cr namespacesIf you have an unauthorized error, run
bx cr loginto authorized your container-registry.
docker build -f main_application/Dockerfile.local -t registry.ng.bluemix.net/<namespace>/flightassist main_application
docker build -f flightassist-weather/Dockerfile.alpine -t registry.ng.bluemix.net/<namespace>/weather-service flightassist-weather
docker push registry.ng.bluemix.net/<namespace>/flightassist
docker push registry.ng.bluemix.net/<namespace>/weather-serviceThen, you need to run the following commands to bind your Cloudant and Weather Insights services to your clusters.
bx cs cluster-service-bind {your-cluster-name} default mycloudant
bx cs cluster-service-bind {your-cluster-name} default myweatherinsightsNext, create secret to give FlightStats and TripIt API credentials for Flightassist. Modify the secret.yaml file with flightstats-app-id, flightstats-app-key, tripit-api-key, and tripit-api-secret.
Now, run the following commands to deploy the secret
kubectl create -f secret.yaml- Download the latest Istio release for your OS: Istio releases
- Extract and go to the root directory.
- Copy the
istioctlbin to your local bin
$ cp bin/istioctl /usr/local/bin
## example for macOS- Run the following command to check if your cluster has RBAC
$ kubectl api-versions | grep rbac-
Grant permissions based on the version of your RBAC
* If you have an alpha version, run:$ kubectl apply -f install/kubernetes/istio-rbac-alpha.yaml
* If you have a **beta** version, run:
```bash
$ kubectl apply -f install/kubernetes/istio-rbac-beta.yaml
```
* If **your cluster has no RBAC** enabled, proceed to installing the **Control Plane**.
Install the Istio Control Plane in your cluster
kubectl apply -f install/kubernetes/istio.yaml
cd ..You should now have the Istio Control Plane running in Pods of your Cluster.
$ kubectl get pods
NAME READY STATUS RESTARTS
istio-egress-3850639395-30d1v 1/1 Running 0
istio-ingress-4068702052-2st6r 1/1 Running 0
istio-manager-251184572-x9dd4 2/2 Running 0
istio-mixer-2499357295-kn4vq 1/1 Running 0 Note : if you performed the Flightassist microservices deployment on Kubernetes scenario you need to delete the previous services and deployments.
kubectl delete -f flightassist.yaml
First, grab your isito-ingress IP:Port.
echo $(kubectl get po -l istio=ingress -o jsonpath={.items[0].status.hostIP}):$(kubectl get svc istio-ingress -o jsonpath={.spec.ports[0].nodePort})Then, edit the flightassist.yaml and replace the <namespace> with your own namespace. You can obtain your namespace by running bx cr namespace. Also replace <your-app-end-point-url> with http://<isito-ingress IP:Port>
You also can remove
type:NodePorton flightassist-service because we will access our application via isito-ingress.
Next, deploy ingress to connect the microservices and inject Istio envoys on Flightassist and Weather Microservice.
kubectl create -f ingress.yaml
kubectl create -f <(istioctl kube-inject -f flightassist.yaml --includeIPRanges=172.30.0.0/16,172.20.0.0/16)Congratulations, now your Flightassist application should be running on http://<isito-ingress IP:Port>. You can go to How to Use Flightassist and start testing your application.
One feature provided by Istio is rate limits. Rate limits can limit the number of accesses from users and prevent your website from getting abused.
To enable this, run
istioctl mixer rule create global flightassist-service.default.svc.cluster.local -f ratelimit.yamlNow, your rate limit is 50 requests per 10 seconds. Since the flightassist website will use 15-20 requests per visit, you should see your Mixer returns a RESOURCE_EXHAUSTED after you refresh your site 3 to 4 times.
You can learn about other additional features on Istio by clicking here.
Istio is a service-mesh for microservices deployment and managing your application traffic. Istio provides an easy way to create this service mesh by deploying a control plane and injecting sidecars, an extended version of the Envoy proxy, in the same Pod as your microservice. In addition to the proxy feature we tested in the example, it also provides rich layer-7 routing, circuit breakers, policy enforcement and telemetry recording/reporting functions. This gives end users much better control over canary deployments, and not worrying about issues like service discovery etc. In addition, there is a focus from monitoring and trace collection from an application and microservices perspective, which a native container orchestration experience would not provide. However, Istio on its own is not sufficient, and it has to reside on a platform.
| File | Description |
|---|---|
| flightassist.js | Main application, start the express web server and calling the major AJAX functions |
| All JavaScript files (main_application/*.js) | The implementation of the flightstats and tripIt information, shared by all deployment options |
| app.py | Weather Microservice, query and sent weather information to the main application |
| package.json | List the packages required by the application |
| Dockerfile.local and Dockerfile.alpine | Description of the Docker image |
| flightassist.yaml and secret.yaml | Specification file for the deployment of the service and secret in Kubernetes |
| ingress.yaml | Specification file for adding flightassist's endpoint to istio-ingress |
| ratelimit.yaml | Specification file for creating rate limits with Istio Mixer |