Giters

lucdew / istio-examples

Istio example configurations

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

istio examples

Overview

The repository contains example configurations of istio service mesh

Prerequisites

  • Install:

  • Install k3d to run Kubernetes in docker containers.

  • Create an image registry that will be visible from inside the Kubernetes cluster:

k3d registry create registry.localhost --port 5000
  • Create a cluster and use the registry:
k3d cluster create mycluster --registry-use k3d-registry.localhost:5000

  • Install istio with istioctl istioctl.

  • Install the istio operator using the provided file.

istioctl install -f istiocfg.yml

The file is the same as demo profile (istioctl profile dump demo) with the following exceptions:

* The egress gateway service listens on additional port 50051
  • Get the IP of the host
myip=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
echo $myip
  • Add the following hostnames in coreDNS configmap
currentNodeHosts=$(kubectl -n kube-system get cm coredns -o=jsonpath='{.data.NodeHosts}' )
kubectl patch configmap/coredns \
  -n kube-system \
  --type merge \
  -p '{"data":{"NodeHosts":"'$currentNodeHosts'\n'$myip' www.greeter.com"}}'
  • Restart coreDNS
kubectl -n kube-system rollout restart deployment coredns

Examples

Access a GRPC external service through an egress gateway originating TLS connection

The example runs a GRPC hello world server on port 50051 with TLS. The GRPC client and server directly comes from go-grpc. The client has been modified to loop on requests and the server to listen on a TLS port. A GRPC client inside the cluster connects to it in clear, istio side car container performs mTLS to the istio egressgateway and sTLS to the server

---
title: greeter GRPC
---
flowchart LR;
    gc["Greeter GRPC client"]
    gs["Greeter GRPC server (server TLS port 50051)"]
    isc["istio side car container"]
    iegw["istio egress gateway"]

    gc-->|grpc-50051|isc
    isc-->|mTLS with istio certificates-50051|iegw
    iegw-->|sTLS with custom server certificate |gs
  • Build a docker image for the cient and push it to the local registry
cd greeter-grpc/greeter_client
docker build -t localhost:5000/greeter_client:latest .
docker push localhost:5000/greeter_client:latest
  • Build and start the server
cd greeter-grpc/greeter_server
go build -v
./greeter_server
  • In another shell, deploy the client and istio configuration in a dedicated namespace called greeter
kubectl apply -f greeter-grpc-istio-egressgw-tls-originating.yml

After a few seconds the server should display message like the following:

2024/03/09 18:21:57 Received: world

About

Istio example configurations

Languages

Language:Go 92.2%Language:Dockerfile 7.8%