Skip to content

Setup

Begin by cloning a local copy of the Spring PetClinic Istio repository from GitHub.

Kubernetes

Select whether you wish to provision Kubernetes locally or remotely using a cloud provider.

On a Mac running Docker Desktop or Rancher Desktop, make sure to give your VM plenty of CPU and memory. 16GB of memory and 6 CPUs seems to work for me.

Deploy a local K3D Kubernetes cluster with a local registry:

k3d cluster create my-istio-cluster \
  --api-port 6443 \
  --k3s-arg "--disable=traefik@server:0" \
  --port 80:80@loadbalancer \
  --registry-create my-cluster-registry:0.0.0.0:5010

Above, we:

  • Disable the default traefik load balancer and configure local port 80 to instead forward to the "istio-ingressgateway" load balancer.
  • Create a registry we can push to locally on port 5010 that is accessible from the Kubernetes cluster at "my-cluster-registry:5000".

Provision a k8s cluster in the cloud of your choice. For example, on GCP:

gcloud container clusters create my-istio-cluster \
  --cluster-version latest \
  --machine-type "e2-standard-2" \
  --num-nodes "3" \
  --network "default"

Environment variables

Use envrc-template.sh as the basis for configuring environment variables.

Be sure to:

  1. Set the local variable local_setup to either "true" or "false", depending on your choice of a local or remote cluster.
  2. If using a remote setup, set the value of PUSH_IMAGE_REGISTRY to the value of your image registry URL.

I highly recommend using direnv, a convenient way of associating setting environment variables with a specific directory.

If you choose to use direnv, then the variables can be automatically set by renaming the file to .envrc and running the command direnv allow.

Istio

  1. Follow the Istio documentation's instructions to download Istio.

  2. After you have added the istioctl CLI to your PATH, run the following command to install Istio:

    istioctl install -f manifests/istio-install-manifest.yaml

The above-referenced configuration manifest configures certain facets of the mesh, namely:

  1. Setting trace sampling at 100%, for ease of obtaining distributed traces
  2. Deploying sidecars (envoy proxies) not only alongside workloads, but also in front of mysql databases.
istio-install-manifest.yaml 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
---
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  meshConfig:
    accessLogFile: /dev/stdout # (1)
    extensionProviders:
    - name: otel
      envoyOtelAls:
        service: opentelemetry-collector.istio-system.svc.cluster.local
        port: 4317
    - name: zipkin
      zipkin:
        service: zipkin.istio-system.svc.cluster.local
        port: 9411
    enableTracing: true
    defaultConfig:
      tracing:
        sampling: 100.0 # (2)
  components:
    pilot:
      k8s:
        resources:
          requests:
            cpu: 10m
            memory: 100Mi
  values:
    global:
      proxy:
        resources:
          requests:
            cpu: 10m
            memory: 40Mi
    pilot:
      autoscaleEnabled: false
      env:
        PILOT_ENABLE_MYSQL_FILTER: "true" # (3)
    gateways:
      istio-egressgateway:
        autoscaleEnabled: false
      istio-ingressgateway:
        autoscaleEnabled: false
  1. Turns on sidecar access logging to stdout
  2. Sets trace sampling to 100% to easily expose see distributed traces (for testing)
  3. Enables mysql filter, see protocol selection and env vars

Once Istio is installed, feel free to verify the installation with:

istioctl verify-install

In the next section, you will work on deploying the microservices to the default namespace.

As a final step, label the default namespace for sidecar injection with:

kubectl label ns default istio-injection=enabled