You can reproduce the DevNet workshop by reserving the Sandbox here: Istio 1.2
The Sandbox contains an up and running Kubernetes cluster with Istio enabled that you can use to play with Istio!

Session Code: DEVWKS-2814
WebEX Room: http://cs.co/eventsbot#DEVWKS-2814
AnyConnect link: devnetsandbox-us-sjc.cisco.com:XXXXX (Port is on your desk)
AnyConnect UserName: EventUser
AnyConnect Password: XXXXX (Password is on your desk)

SSH to Kubernetes Master: ssh developer@10.10.20.21
SSH password: C1sco12345

Title: DevNet Workshop: Let's Play with Istio: service meshes for high-scale container environments

Abstract:
Istio is an open source service mesh which is also packaged and supported in the Cisco Container Platform (CCP). With Istio, you can securely connect, control, and observe microservices on large scale deployments. The goal of this workshop is to give you the opportunity to use an Istio-enabled Kubernetes cluster which can be created with CCP and get familiar with some use cases like service routing, traffic shifting and service tracing. This will be done by using both manifest files manipulation and REST API calls.

Agenda:

1. Introduction
2. Cisco Container Platform
3. Istio Control Plane
4. BookInfo Application
5. Istio usage example
1. Route based on application version
2. Route based on user identity
3. Traffic shifting with/without API
6. Conclusion

Bookinfo Application is a virtual library for books description and ratings. It is a webpage that shows the book details, reviews, and ratings from readers.

It consists of 4 four separate microservices (product page, detail, review, rating) written in different program languages. This is the value of microservice being each microservice completely independent from each other.

Each box in the picture is a Kubernetes deployment with a Kubernetes service attached to it. Each deployment has one pod with one container inside.

The review is divided into three deployments each one with a different version. Version 1 does not have a connection to the rating service, version 2 shows the ratings stars in black and verions 3 in red.

By default, without Istio the product page accesses to the review versions in a round-robin fashion.

When we add Istio to our application service mesh, we add one sidecar container to our pods that intercepts the requests coming in and out the pod.

In this way, all traffic that the mesh services send and receive (data plane traffic) is proxied through Envoy, making it easy to direct and control traffic around the service mesh without making any changes to your services.

Each pod in the review service has a Kubernetes label that defines the version of the app. This is important for Istio to route traffic based on that version.

kubectl get nodes -o wide

NAME        STATUS   ROLES    AGE    VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION               CONTAINER-RUNTIME
netmaster   Ready    master   163m   v1.15.0   10.10.20.21           CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://1.13.1
worker1     Ready       162m   v1.15.0   10.10.20.22           CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://1.13.1
worker2     Ready       162m   v1.15.0   10.10.20.23           CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://1.13.1
worker3     Ready       162m   v1.15.0   10.10.20.24           CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://1.13.1

kubectl get pods -n istio-system

NAME                                      READY   STATUS      RESTARTS   AGE
grafana-6575997f54-vsfmx                  1/1     Running     0          3h42m
istio-citadel-894d98c85-bk6jk             1/1     Running     0          3h42m
istio-cleanup-secrets-1.2.2-trgwh         0/1     Completed   0          3h42m
istio-egressgateway-9b7866bf5-2lr6k       1/1     Running     0          3h42m
istio-galley-5b984f89b-5czkx              1/1     Running     0          3h42m
istio-grafana-post-install-1.2.2-t8n4b    0/1     Completed   0          3h42m
istio-ingressgateway-75ddf64567-n6949     1/1     Running     0          3h42m
istio-pilot-5d77c559d4-9rnsk              2/2     Running     0          3h42m
istio-policy-86478df5d4-p8c2s             2/2     Running     1          3h42m
istio-security-post-install-1.2.2-5x2cb   0/1     Completed   0          3h42m
istio-sidecar-injector-7b98dd6bcc-mjpnj   1/1     Running     0          3h42m
istio-telemetry-786747687f-8tkgs          2/2     Running     1          3h42m
istio-tracing-555cf644d-sb2hc             1/1     Running     0          3h42m
kiali-6cd6f9dfb5-84qhd                    1/1     Running     0          3h42m
prometheus-7d7b9f7844-l6ngg               1/1     Running     0          3h42m

cd /home/developer/istio-1.2.2/samples/bookinfo/platform/kube 

cat bookinfo.yaml 

istioctl kube-inject -f bookinfo.yaml > bookinfo_with_istio.yaml 

cat bookinfo_with_istio.yaml 

kubectl apply -f bookinfo_with_istio.yaml  

kubectl get pods -o wide 

NAME                             READY   STATUS    RESTARTS   AGE     IP           NODE      NOMINATED NODE   READINESS GATES
details-v1-677976f7dc-2zhzw      2/2     Running   0          2m34s   10.40.0.6    worker2   none           none
productpage-v1-f76db69c5-lsd9h   2/2     Running   0          2m33s   10.46.0.9    worker3   none           none
ratings-v1-7f66cd4c87-8vnbq      2/2     Running   0          2m34s   10.46.0.4    worker3   none           none
reviews-v1-77bcd5d4f5-zcfm4      2/2     Running   0          2m34s   10.38.0.6    worker1   none           none
reviews-v2-7cdb7475fb-wjqrl      2/2     Running   0          2m34s   10.46.0.10   worker3   none           none
reviews-v3-8496dbbbbf-4ftsq      2/2     Running   0          2m34s   10.38.0.5    worker1   none           none

cd /home/developer/istio-1.2.2/samples/bookinfo/networking/ 

kubectl apply -f bookinfo-gateway.yaml 

Retrive external IP:

kubectl get svc -n istio-system | grep ingress 

istio-ingressgateway     LoadBalancer   10.107.63.250    10.10.20.30   15020:30392/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:30194/TCP,15030:30191/TCP,15031:31372/TCP,15032:32031/TCP,15443:31403/TCP   3h46m

http://10.10.20.30/productpage

We need to create a Destination Rule to define service subset which for example we group pods by their version.
Then we can use these service subsets in the routing rules of Istio virtual services to control the traffic to different instances of mesh services.
In this example, we create 3 subsets named “v1”, “v2” and “v3” that match respectively pods with labels “version: v1”, “version: v2” and “version: v3”. The labels are defined in the Kubernetes pods in the booking manifest file.

cd /home/developer/istio-1.2.2/samples/bookinfo/networking/ 

kubectl apply -f destination-rule-all.yaml 

kubectl  get destinationrule
NAME          HOST          AGE
details       details       13s
productpage   productpage   13s
ratings       ratings       13s
reviews       reviews       13s

cd /home/developer/istio-1.2.2/samples/bookinfo/networking/ 

kubectl apply -f virtual-service-all-v1.yaml 

kubectl describe virtualservice review
Name:         reviews
....
  Hosts:
    reviews
  Http:
    Route:
      Destination:
        Host:    reviews
        Subset:  v1

Modify virtual-service-all-v1.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
  - reviews
  http:
  - route:
    - destination:
        host: reviews
        subset: v2

Then deploy it:

kubectl apply -f virtual-service-all-v1.yaml 

kubectl describe virtualservice review
Name:         reviews
....
  Hosts:
    reviews
  Http:
    Route:
      Destination:
        Host:    reviews
        Subset:  v2

cd /home/developer/istio-1.2.2/samples/bookinfo/networking/ 

Modify virtual-service-reviews-jason-v2-v3.yaml by inserting your name and apply it.

kubectl apply -f virtual-service-reviews-jason-v2-v3.yaml 

Verify that the virtual service has been implemented as expected:

kubectl describe virtualservice review
Name:         reviews
...
Spec:
  Hosts:
    reviews
  Http:
    Match:
      Headers:
        End - User:
          Exact:  gaetano
    Route:
      Destination:
        Host:    reviews
        Subset:  v2
    Route:
      Destination:
        Host:    reviews
        Subset:  v3

cd /home/developer/istio-1.2.2/samples/bookinfo/networking/ 

kubectl apply -f virtual-service-reviews-80-20.yaml 

Verify that the virtual service has been implemented as expected:

kubectl describe virtualservice review
Name:         reviews
...
Spec:
  Hosts:
    reviews
  Http:
    Route:
      Destination:
        Host:    reviews
        Subset:  v1
      Weight:    80
      Destination:
        Host:    reviews
        Subset:  v2
      Weight:    20

curl -H "Accept: application/json" -H "Content-Type: application/merge-patch+json" -X PATCH http://localhost:8001/apis/networking.istio.io/v1alpha3/namespaces/default/virtualservices/reviews -d '{"metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"networking.istio.io/v1alpha3\",\"kind\":\"VirtualService\",\"metadata\":{\"annotations\":{},\"name\":\"reviews\",\"namespace\":\"default\"},\"spec\":{\"hosts\":[\"reviews\"],\"http\":[{\"route\":[{\"destination\":{\"host\":\"reviews\",\"subset\":\"v1\"},\"weight\":20},{\"destination\":{\"host\":\"reviews\",\"subset\":\"v2\"},\"weight\":80}]}]}}\n"}},"spec":{"http":[{"route":[{"destination":{"host":"reviews","subset":"v1"},"weight":20},{"destination":{"host":"reviews","subset":"v2"},"weight":80}]}]}}'

Verify that the virtual service has been implemented as expected:

kubectl describe virtualservice review
Name:         reviews
...
Spec:
  Hosts:
    reviews
  Http:
    Route:
      Destination:
        Host:    reviews
        Subset:  v1
      Weight:    20
      Destination:
        Host:    reviews
        Subset:  v2
      Weight:    80