|
| 1 | +--- |
| 2 | +title: A guide to enabling a managed Istio service mesh in a Kubernetes cluster |
| 3 | + on HPE GreenLake for Private Cloud Enterprise |
| 4 | +date: 2023-02-16T13:36:32.997Z |
| 5 | +author: Akash Patel, Guoping Jia, Sonu Sudhakaran |
| 6 | +authorimage: /img/Avatar1.svg |
| 7 | +disable: false |
| 8 | +tags: |
| 9 | + - HPE GreenLake for Containers |
| 10 | + - hpe-greenlake |
| 11 | + - developer |
| 12 | + - istio-service-mesh |
| 13 | + - add-on |
| 14 | + - hpe-greenlake-for-private-cloud-enterprise |
| 15 | + - containers-service |
| 16 | + - devops |
| 17 | + - sre |
| 18 | + - site-reliability-engineer |
| 19 | + - hpe-greenlake-for-private-cloud-enterprise-containers |
| 20 | +--- |
| 21 | +## **Introduction** |
| 22 | + |
| 23 | +In this blog post, we demonstrate how an end user can deploy a containerized application or a managed service on a Kubernetes-based container stack using the cluster add-on feature provided by **HPE GreenLake for Private Cloud Enterprise: Containers** and then access it over an external network or internet. The containers service evaluates the user’s environment and makes add-ons available to the user so that they can add the containerized application or managed service to the cluster as required. |
| 24 | + |
| 25 | +For those of you who may be unfamiliar with the term, a **Service mesh** is a network of microservices that consist of distributed applications and communications between those applications. It is a dedicated infrastructure layer that facilitates service-to-service communications routed through the proxy, ensuring secure communication. |
| 26 | + |
| 27 | +**Istio** is an open-source service mesh that provides a platform for distributed applications that includes API integrations with logging, telemetry, or policy systems. It provides a uniform and more efficient way to secure, connect, and monitor services. Istio automatically manages load balancing for HTTP, gRPC, WebSocket, and TCP traffic. For details, see **[The Istio service mesh](https://istio.io/latest/about/service-mesh/)**. |
| 28 | + |
| 29 | +## **Enabling Istio service mesh add-on from a cluster** |
| 30 | + |
| 31 | +### **Step-1: Create a Kubernetes cluster from the containers page** |
| 32 | + |
| 33 | +To create a cluster, you must have been assigned the roles of **Private Cloud Cluster Owner** and **Private Cloud Widget Viewer**. |
| 34 | + |
| 35 | +* From the **Containers** main page, under the **Clusters** tab, click **Create Cluster**. |
| 36 | +* In the **Create Cluster** form, provide the cluster name '**hpe**', and select the standard cluster blueprint. The new cluster appears in the list of clusters. |
| 37 | + |
| 38 | + |
| 39 | + |
| 40 | +As indicated above, there are multiple clusters deployed in parallel for multiple purposes. For the **Istio** service mesh add-on enablement/deployment in our example, we are using a cluster created with the name "**hpe**". |
| 41 | + |
| 42 | + |
| 43 | + |
| 44 | +### **Step-2: Enabling an add-on from a cluster** |
| 45 | + |
| 46 | +* On the **Containers** main page, click a cluster row to open the cluster details screen. |
| 47 | +* On the cluster details screen, click the **Add-ons** tab. |
| 48 | +* Click **Enable add-on** if no add-ons are enabled or click **Enable another add-on**. |
| 49 | + |
| 50 | + |
| 51 | + |
| 52 | +* In the **Enable Addon** wizard, select the **Istio-service-mesh** add-on and click **Next**. |
| 53 | + |
| 54 | + |
| 55 | + |
| 56 | +* Provide the values for the fields that appear for the selected add-on, read and accept the license agreement, and click **Enable**. |
| 57 | + |
| 58 | + |
| 59 | + |
| 60 | +* After successful add-on enablement, add-on status will get updated to '**succeeded**'. |
| 61 | + |
| 62 | + |
| 63 | + |
| 64 | +* View the details of the add-on that you just enabled. |
| 65 | + |
| 66 | + |
| 67 | + |
| 68 | +### **Step-3: Launching the Kiali dashboard - the console for Istio service mesh** |
| 69 | + |
| 70 | +**Kiali** is an open-source project that provides observability for the Istio service mesh. |
| 71 | + |
| 72 | +From the **Overview** tab, click the **KialiURL** link and use the **Kiali token**. |
| 73 | + |
| 74 | +The **Kiali dashboard** launches in a new web page. |
| 75 | + |
| 76 | +**Note**: The URL for the Kiali console might be different in your environment. |
| 77 | + |
| 78 | + |
| 79 | + |
| 80 | +**Note**: To take advantage of the Istio features, pods in the mesh must be running an Istio sidecar proxy. Injection of the proxy can be done either on a per-pod basis or at namespace level. To enable side car injection, refer to the [setup instructions](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/). For information about using Kiali, see the **[Kiali documentation](https://kiali.io/docs/)**. |
| 81 | + |
| 82 | +### **Step-4: Download scoped kubeconfig from the container platform page** |
| 83 | + |
| 84 | +* From the **Clusters** tab, select the '**hpe**' Kubernetes cluster and click **Launch Service Console**. This will direct you to the container platform page. |
| 85 | +* Click on Download **kubeconfig**. |
| 86 | + |
| 87 | +**Note**: Launching the service console from HPE GreenLake Central is configured through SAML SSO and adds a session token to the kubeconfig file. You will need to download the kubeconfig file again if you want to continue to access the cluster when the session token expires after an hour. |
| 88 | + |
| 89 | +### **Step-5: Deploying a sample Istio application: Bookinfo** |
| 90 | + |
| 91 | +This procedure follows the standard Istio documentation to deploy a sample application. To know more about Bookinfo Application, see the **[Istio documentation](https://istio.io/latest/docs/examples/bookinfo/)**. |
| 92 | + |
| 93 | +#### **Use the following commands to create the namespace and label for Istio sidecar proxy injection to deploy the application in the bookinfo namespace**. |
| 94 | + |
| 95 | +```shellsession |
| 96 | +$ kubectl create namespace bookinfo |
| 97 | +namespace/bookinfo created |
| 98 | + |
| 99 | +$ kubectl label namespace bookinfo istio-injection=enabled |
| 100 | +namespace/bookinfo labeled |
| 101 | + |
| 102 | +$ kubectl get namespace bookinfo --show-labels |
| 103 | +NAME STATUS AGE LABELS |
| 104 | +bookinfo Active 105s gl.hpe.com/namespaceid=10d70074-0c2b-4221-804e-1437ed1842ca,hpe.com/cluster=stub,hpe.com/namespacetype=Tenant,hpe.com/tenant=bookinfo,hpe.com/version=6.2.0,hpecp.hpe.com/hpecptenant=hpecp-tenant-106,istio-injection=enabled,kubernetes.io/metadata.name=bookinfo,serving.kubeflow.org/inferenceservice=enabled |
| 105 | +``` |
| 106 | + |
| 107 | +#### **Deploy** the **Bookinfo** application using the YAML manifest file i.e. **services/istio/release-1.16/samples/bookinfo/bookinfo.yaml** from the [](https://github)**[Github repository](https://github.com/cxteamtrials/caas-trials-content)**. |
| 108 | + |
| 109 | +```shellsession |
| 110 | +$ kubectl apply -f bookinfo.yaml -n bookinfo |
| 111 | +service/details created |
| 112 | +serviceaccount/bookinfo-details created |
| 113 | +deployment.apps/details-v1 created |
| 114 | +service/ratings created |
| 115 | +serviceaccount/bookinfo-ratings created |
| 116 | +deployment.apps/ratings-v1 created |
| 117 | +service/reviews created |
| 118 | +serviceaccount/bookinfo-reviews created |
| 119 | +deployment.apps/reviews-v1 created |
| 120 | +deployment.apps/reviews-v2 created |
| 121 | +deployment.apps/reviews-v3 created |
| 122 | +service/productpage created |
| 123 | +serviceaccount/bookinfo-productpage created |
| 124 | +deployment.apps/productpage-v1 created |
| 125 | +``` |
| 126 | + |
| 127 | +#### **Confirm all pods and services are deployed successfully**. |
| 128 | + |
| 129 | +```shellsession |
| 130 | +$ kubectl get pods,services -n bookinfo |
| 131 | +NAME READY STATUS RESTARTS AGE |
| 132 | +details-v1-698b5d8c98-qglhw 2/2 Running 0 6m17s |
| 133 | +productpage-v1-bf4b489d8-bkpdm 2/2 Running 0 6m17s |
| 134 | +ratings-v1-5967f59c58-28kc5 2/2 Running 0 6m17s |
| 135 | +reviews-v1-9c6bb6658-mw2df 2/2 Running 0 6m17s |
| 136 | +reviews-v2-8454bb78d8-p4h9d 2/2 Running 0 6m17s |
| 137 | +reviews-v3-6dc9897554-g7xqh 2/2 Running 0 6m17s |
| 138 | + |
| 139 | +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE |
| 140 | +details ClusterIP 10.98.141.15 <none> 9080/TCP 14m |
| 141 | +productpage ClusterIP 10.104.123.90 <none> 9080/TCP 6m45s |
| 142 | +ratings ClusterIP 10.108.60.57 <none> 9080/TCP 6m46s |
| 143 | +reviews ClusterIP 10.106.208.181 <none> 9080/TCP 14m |
| 144 | +``` |
| 145 | + |
| 146 | +#### **Configure the service to access the application outside of the cluster**. |
| 147 | + |
| 148 | +* Edit the deployed service **productpage**. |
| 149 | +* Change service type from ClusterIP to **NodePort**. |
| 150 | +* Add the label **hpecp.hpe.com/hpecp-internal-gateway=true**. The service will be automatically mapped/exposed to a **Container platform gateway host** with an assigned port. |
| 151 | + |
| 152 | +```shellsession |
| 153 | +$ kubectl describe svc productpage -n bookinfo |
| 154 | +Name: productpage |
| 155 | +Namespace: bookinfo |
| 156 | +Labels: app=productpage |
| 157 | + hpecp.hpe.com/hpecp-internal-gateway=true |
| 158 | + service=productpage |
| 159 | +Annotations: hpecp-internal-gateway/9080: epicgw.customer.hpe.net:10072 |
| 160 | +Selector: app=productpage |
| 161 | +Type: NodePort |
| 162 | +IP Family Policy: SingleStack |
| 163 | +IP Families: IPv4 |
| 164 | +IP: 10.104.123.90 |
| 165 | +IPs: 10.104.123.90 |
| 166 | +Port: http 9080/TCP |
| 167 | +TargetPort: 9080/TCP |
| 168 | +NodePort: http 31766/TCP |
| 169 | +Endpoints: 10.192.3.181:9080 |
| 170 | +Session Affinity: None |
| 171 | +External Traffic Policy: Cluster |
| 172 | +Events: |
| 173 | + Type Reason Age From Message |
| 174 | + ---- ------ ---- ---- ------- |
| 175 | + Normal HpeCp 21s hpecp-agent Created HPECP K8S service |
| 176 | +``` |
| 177 | + |
| 178 | +#### **Confirm the application is accessible from outside the cluster**. |
| 179 | + |
| 180 | +The Bookinfo application **productpage** can be accessed in the browser by typing the URL **http://epicgw.customer.hpe.net:10072** |
| 181 | + |
| 182 | +Note : The above URL might be different in your environment. You can form the URL by referencing annotations from the **productpage** service. |
| 183 | + |
| 184 | + |
| 185 | + |
| 186 | + |
| 187 | + |
| 188 | +## **Monitor the sample application using the Kiali dashboard** |
| 189 | + |
| 190 | +Enter **bookinfo** into the field Filter by Namespace. The Kiali overview screen displays the details about the namespace bookinfo. It shows that 4 applications are running in the **namespace bookinfo** with no inbound traffic. |
| 191 | + |
| 192 | + |
| 193 | + |
| 194 | +In the **Graph** tab from the left navigation menu, after selecting the **namespace bookinfo**, the screen shows an overview topology of the Bookinfo application. |
| 195 | + |
| 196 | + |
| 197 | + |
| 198 | +In the **Applications** tab from the left navigation menu, after selecting the **namespace bookinfo**, the screen shows application details of the Bookinfo application. |
| 199 | + |
| 200 | + |
| 201 | + |
| 202 | +In the **Workloads** tab from the left navigation menu, after selecting the **namespace bookinfo**, the screen shows deployment details of the Bookinfo application. |
| 203 | + |
| 204 | + |
| 205 | + |
| 206 | +In the **Services** tab from the left navigation menu, after selecting the **namespace bookinfo**, you can check all the services details of the Bookinfo application. |
| 207 | + |
| 208 | + |
| 209 | + |
| 210 | +## **Summary** |
| 211 | + |
| 212 | +You can find the GitHub repository that hosts demo code **[here](https://github.com/cxteamtrials/caas-trials-content)**. |
| 213 | + |
| 214 | +We hope that this blog post has provided you with enough information for you to get started deploying containerized application or a managed service **i.e. Istio service mesh** on a Kubernetes-based container stack using the cluster add-on feature provided by **HPE GreenLake for Private Cloud Enterprise: Containers**, refer to the **[HPE Developer Community blog](https://developer.hpe.com/)**. |
0 commit comments