- Try out the sentences application
- Add the applications traffic to the istio service mesh
- Familiarize yourself with the Kiali management console
This exercise introduces the sentences application which you will be using during the course. It also introduces you to the Kiali management console for the Istio service mesh.
In the beginning of the exercise you will deploy the sentences application and generate traffic between the services. But there will be no Envoy sidecars injected and Kiali will not be able to observe the traffic.
Afterwards you will use a couple of different methods to enable sidecars. This will allow Kiali to observe the traffic.
💡 More Info on the micro service application and Kiali
This application implements a simple 'sentences' builder, which can build sentences from the following simple algorithm:
age = random(0,100)
name = random(['Peter','Ray','Egon'])
return name + ' is ' + age + ' years'
The application is made up of three services, one which can be queried for the random age, one which can be queried for a random name and a frontend sentence service, which calls the two other through HTTP requests and formats the final sentences.
The source code for the application can be seen in the sentences-app/ folder.
Kiali provides dashboards and observability by showing you the structure and health of your service mesh. It provides detailed metrics, Grafana access and integrates with Jaeger for distributed tracing.
One of it's most powerful features are it's graphs. They provide a powerful way to visualize the topology of your service mesh.
It provides four main graph renderings of the mesh telemetry.
-
The workload graph provides a detailed view of communication between workloads.
-
The app graph aggregates the workloads with the same
applabeling, which provides a more logical view. -
The versioned app graph aggregates by app, but breaks out the different versions providing traffic breakdowns that are version-specific.
-
The service graph provides a high-level view, which aggregates all traffic for defined services.
We are using Kiali to visualize the work done in this Istio course.
In this exercise, we are first deploying our application with vanilla Kubernetes. We then visit the Kiali website to see that without a sidecar our service will not be included in istio.
Then you will be using a few different techniques to enable Istio sidecars and see the traffic flowing in Kiali.
A general overview of what you will be doing in the Step By Step section.
-
Deploy the sentences application services with kubectl
-
Producing traffic to the sentences application
-
Investigating Kiali
-
Enabling sidecars with automatic sidecar injection
-
Enabling sidecars with annotations
-
Manually force injection of sidecars
Expand the Tasks section below to do the exercise.
Tasks
You will need to know your namespace for later exercises. It is provided for
you in the environment variable STUDENT_NS. Check it with the following
command.
echo $STUDENT_NSExecute the following command and make sure it matches the value of the
environment variable STUDENT_NS.
kubectl config view --output 'jsonpath={..namespace}'; echoOpen a terminal in the root of the git repository (istio-katas) and use kubectl to deploy v1 of the application.
kubectl apply -f 00-setup-introduction/kubectl get pod,svcOnce all the pods are running you should see something like. It may take a few seconds.
NAME READY STATUS RESTARTS AGE
pod/age-7976688957-mbvzz 1/1 Running 0 2s
pod/name-v1-587b56cdf4-rwcwt 1/1 Running 0 2s
pod/sentences-6dffccb8c6-7fd57 1/1 Running 0 2s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/age ClusterIP 172.20.123.133 <none> 5000/TCP 2s
service/name ClusterIP 172.20.108.51 <none> 5000/TCP 2s
service/sentences NodePort 172.20.168.218 <none> 5000:30326/TCP 2s
Run the following to continuously query the sentence service and observe the output.
Do this is a new terminal.
./scripts/loop-query.shYou should see output from the shell that looks like this.
Using 10.0.36.130:30459, header ''
Egon is 40 years.
Ray is 16 years.
Peter is 38 years.
Peter is 19 years.
Ray is 66 years.
Traffic is now flowing between the services. But that doesn't mean it is part of the service mesh yet...
Browse to Applications on the left hand menu. Click Namespace drop-down at the top left and enter your namespace.
Finally, select your sentences application from the center-part of the UI.
You will see the application, workloads and services are discovered by Kiali. But not much else.
The red icons beside the workloads mean we have no istio sidecars deployed. Browse the different tabs to see that there is no traffic nor metrics being captured. As there are no sidecars the traffic is not part of the istio service mesh.
kubectl delete -f 00-setup-introduction/kubectl label namespace $STUDENT_NS istio-injection=enabledkubectl apply -f 00-setup-introduction/Observe the number of services and pods running.
kubectl get pod,svcYou should see two containers per POD in ready state.
NAME READY STATUS RESTARTS AGE
pod/age-v1-6fccc84ff-kkdgn 2/2 Running 0 4m4s
pod/name-v1-6644f45d6f-lndkm 2/2 Running 0 4m4s
pod/sentences-v1-5bbf7bcfcb-fphpp 2/2 Running 0 4m4s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/age ClusterIP 172.20.228.238 <none> 5000/TCP 4m5s
service/name ClusterIP 172.20.213.23 <none> 5000/TCP 4m4s
service/sentences NodePort 172.20.106.197 <none> 5000:32092/TCP 4m4s
Run the following command to observe that an envoy proxy container has been injected into the application.
kubectl get pods -o=custom-columns=NAME:.metadata.name,CONTAINERS:.spec.containers[*].nameThis should show an istio proxy sidecar for each service.
NAME CONTAINERS
age-v1-676bf56bdd-m6bcj age,istio-proxy
name-v1-587b56cdf4-6tnhs name,istio-proxy
sentences-v1-6ccc9fdcc5-fzt2g sentences,istio-proxy
./scripts/loop-query.shBrowse to Applications on the left hand menu and select sentences.
Remember to filter by your namespace.
Now you can see there are sidecars and the traffic is part of the mesh.
- Browse the different tabs to see the traffic and metrics being captured.
💡 It may take a minute before Kiali starts showing the traffic and metrics. You can change the refresh rate in the top right hand corner.
Edit the file 00-setup-introduction/age.yaml and add the annotation
sidecar.istio.io/inject: 'false'.
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: sentences
mode: age
version: v1
name: age-v1
spec:
replicas: 1
selector:
matchLabels:
app: sentences
mode: age
version: v1
template:
metadata:
labels:
app: sentences
mode: age
version: v1
annotations: # Annotations block
sidecar.istio.io/inject: 'false' # True to enable or false to disable
spec:
containers:
- image: praqma/istio-sentences:v1
name: age
ports:
- containerPort: 5000
env:
- name: "SENTENCE_MODE"
value: "age"Apply the changes to the age.yaml file.
kubectl apply -f 00-setup-introduction/age.yamlUse kubectl to see the number of pods running.
kubectl get podsYou should, eventually, see that the age service has only one pod.
E.g. it no longer has a sidecar and is not part of the service mesh.
NAME READY STATUS RESTARTS AGE
age-v1-574bfbb6b4-qb6rv 1/1 Running 0 3m50s
name-v1-795cf79f69-clrw4 2/2 Running 0 8m41s
sentences-v1-7cfbb658b6-rthxn 2/2 Running 0 8m41s
If you re-inspect the application graph in Kiali, you will also
notice, that the age service is no longer being shown.
Automatic sidecar injection provides a pervasive and homogenous approach to ensuring the features istio provides. For example telemetry like metrics and traces for observability. If you do not want a sidecar for a service, use an opt out approach.
To update the age deployment to again include a sidecar, w can use
the following command:
cat 00-setup-introduction/age.yaml |grep -v inject | kubectl apply -f -Use kubectl to see the number of pods running.
kubectl get podsYou should now see that the age service again has two pods. E.g. it has
a sidecar and is again part of the service mesh.
NAME READY STATUS RESTARTS AGE
age-v1-7b9f67b7dc-qxlxx 2/2 Running 0 76s
name-v1-795cf79f69-clrw4 2/2 Running 0 16m
sentences-v1-7cfbb658b6-rthxn 2/2 Running 0 16m
If you inspect the application graph in Kiali, you will see that the
age service again is being shown.
You didn't modify the static yaml with the above command. You simply took the output of the cat command, piped it into grep which stripped out the annotation and applied the output with kubectl.
Browse to the graphs and investigate the service, workload, app and versioned app graphs from the drop down at the top.
💡 Use the display options to modify what is shown in the different graphs. Showing request distribution is something we will be using often. Also ensure you are running the
loop-query.shscript to generate traffic.
💡 Use the
Legendbutton to explain the different objects being shown.
In this exercise you injected sidecars with automatic sidecar injection, disabled sidecars with an annotation and manually injected a sidecar from the command line. Manually injecting sidecars or using annotations is not a cohesive approach.
You were also introduced to the sentences application and Kiali. There is not enough time in the course to go into much more details around Kiali. But it has more features like the Istio Wizards feature which lets you create and delete istio configuration on the fly. It can do validation on the most common Istio objects and more.
See the documentation for a more complete overview.
Main takeaways are:
-
Annotations can be used to control sidecar injection.
-
Automatic sidecar injections is recommended. Automatic sidecar injection ensures a more pervasive and homogenous approach for traffic management and observability. It is less intrusive as it happens at the pod level and you won't see any changes to the yaml itself.
You can find more information about the different methods here.
And you can find more details about sidecar configuration here.
kubectl delete -f 00-setup-introduction/