Istio is a service mesh that makes up for the disadvantages of the distributed microservice architecture in O&M, debugging, and security management. It also supports load balancing, service-to-service authentication, and monitoring. Alibaba Cloud Container Service for Kubernetes (ACK) allows you to manage services of an application by using Istio. For example, you can create multiple versions of an application service, manage the distribution of traffic to the versions, and implement a phased release for the service.
Prerequisites
- A Kubernetes cluster is created. For more information, see Create a managed Kubernetes cluster.
- Istio is deployed for the Kubernetes cluster. For more information, see Deploy Istio.
Procedure
- Enable automatic sidecar injection.
- Log on to the ACK console.
- In the left-side navigation pane, click Clusters.
- On the Clusters page, find the cluster where you want to deploy the service and click the cluster name or Details in the Actions column.
- In the left-side navigation pane, click Namespaces.
- On the page that appears, click Create to create a namespace.
- In the Create Namespace dialog box, set Name to demo and set Label. The following content shows how to set Label.
- Set Variable Key to istio-injection.
- Set Variable Value to enabled.
Note Click Add, and then click OK. - In the namespace list, view the created namespace.
- Create a virtual service
- Log on to the ACK console.
- In the left-side navigation pane, choose .
- In the upper-right corner of the page that appears, click Create.
- On the Create Application page, configure the parameters and click Next. The following content describes the parameters.
- Name: The name of the application.
- Version: The version of the application, which is used for multiple version management.
- Cluster:The cluster where you want to deploy the application.
- Namespace: The namespace where you want to deploy the application. You must select the demo namespace created in Step 1.
- Replicas: The number of pods that run the application.
- Configure the container. In this example, set Image Name to nginx and set Image Version to 1.14. For information about how to set other parameters, see the related description in Use an image to create a stateless application. After you configure the parameters, click Next.
- Configure the service.
- In the upper-left corner of the Service Configuration page, click Create and configure the parameters in the dialog box that appears. The following content
describes the parameters.
- Name: The name of the service, such as nginx. You can custom the name.
- Type: The type of the service. Valid value: Cluster IP. You must select Cluster IP to manage the service by using the Istio service mesh.
- Port Mapping: Set the service port name, service port number, container port number, and protocol. You must set the service port name. The format of a service port name is <Protocol>[-<Suffix>-]. The protocol can be gRPC, HTTP, HTTP/2, HTTPS, Mongo, Redis, TCP, TLS, or UDP. Istio supports the protocols to provide routing services.
- Annotations: Add an annotation to the service.
- Label: Add a label to the service.
- After you configure the parameters, click Create.
- In the upper-left corner of the Service Configuration page, click Create and configure the parameters in the dialog box that appears. The following content
describes the parameters.
- In the lower-right corner of the Create Application wizard, click Create. Then, the system displays all the created resources if no error occurs. You can click View Details to view the application details.
- Create a client application named sleep.
- Save the following content as the sleep.yaml file.
apiVersion: v1 kind: Service metadata: name: sleep labels: app: sleep spec: ports: - port: 80 name: http selector: app: sleep --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: sleep spec: replicas: 1 template: metadata: labels: app: sleep spec: containers: - name: sleep image: pstauffer/curl command: ["/bin/sleep", "3650d"] imagePullPolicy: IfNotPresent
- In the demo namespace, run the following command:
kubectl apply -f sleep.yaml -n demo
- Run the
kubectl exec -it -n demo <podName> bash
command to log on to the pod where the sleep application runs, and run the following command to call the Nginx service:
The following figure shows the response of a successful service call.for i in `seq 1000` do curl -I http://nginx.demo:8080; echo ''; sleep 1; done;
- Log on to the Kiali console to verify that the service is called. Before you perform
this step, ensure that you have enabled the Kiali visualized service mesh when you
deployed Istio for the Kubernetes cluster.
Run the
kubectl port-forward svc/kiali -n istio-system 20001:20001
command to open port 20001 in your local host. Open a browser and enter http://localhost:20001 in the address box.
- Save the following content as the sleep.yaml file.
- Create a version of the virtual service for a phased release.
- Log on to the ACK console.
- In the left-side navigation pane, choose .
- On the Virtual Services page, find the virtual service for which you want to create a version and click Manage.
- On the page that appears, click Add Canary Version.
- Set the application version and the number of pods. Click Next.
- Configure the container. In this example, set Image Name to nginx and Image Version to 1.15. For information about how to set other parameters, see the related description in Use an image to create a stateless application. After you configure the parameters, click Next.
- Configure a phased release policy. For example, you can set Type to Weight based Routing, v2Traffic Weight to 30%, and v1Traffic Weight to 70%.
- After you configure the parameters, click Create. Then, choose .
- On the Virtual Services page, find the virtual service for which you want to create a version and click Manage.
- Run the
kubectl exec -it -n demo <podName> bash
command to log on to the pod where the sleep application runs, and run the following command to call the Nginx service:The following figure shows the response of a successful service call.for i in `seq 1000` do curl -I http://nginx.demo:8080; echo ''; sleep 1; done;
- Log on to the Kiali console to verify that the traffic destined for the virtual service
is distributed to the two versions based on the specified phased release policy. Before
you perform this step, ensure that you have enabled the Kiali visualized service mesh
when you deployed Istio for the Kubernetes cluster.
Run the
kubectl port-forward svc/kiali -n istio-system 20001:20001
command to open port 20001 in your local host. Open a browser and enter http://localhost:20001 in the address bar.
- Modify the phased release policy.
- On the page that displays the details of the virtual service, click Edit Canary Release Policy.
- Modify the ratio of traffic distributed to the two versions of the virtual service. For example, set Version v1 to 20 and Version v2 to 80. Click OK.
- In the upper-right corner, click Refresh
- Run the
kubectl exec -it -n demo <podName> bash
command to log on to the pod where the sleep application runs, and run the following command to call the Nginx service:The following figure shows the response of a successful service call.for i in `seq 1000` do curl -I http://nginx.demo:8080; echo ''; sleep 1; done;
- Open a browser and enter http://localhost:20001 in the address box to log on to the Kiali console. The following figure shows the
traffic distribution of the service.
- Use the latest version of the virtual service to manage all the traffic that is destined
for the earlier version.
- Log on to the ACK console.
- In the left-side navigation pane, choose .
- On the Virtual Services page, find the virtual service and click Manage.
- In the Version Management section, find v2 and click Handle All Traffic.
- After you confirm the operation, the traffic weight of v2 changes to 100% on the page.
- Run the
kubectl exec -it -n demo <podName> bash
command to log on to the pod where the sleep application runs, and run the following command to call the Nginx service:The following figure shows the response of a successful service call.for i in `seq 1000` do curl -I http://nginx.demo:8080; echo ''; sleep 1; done;
- Open a browser and enter http://localhost:20001 in the address box to log on to the Kiali console. The following figure shows the
traffic distribution of the service.
- Delete the earlier version of the service.
- Log on to the ACK console.
- In the left-side navigation pane, choose .
- On the right of the service, click Manage.
- In the Version Management section, find v1 and click Delete.
- After you delete the earlier version, only v2 of the service is running. If you want to release one more version of the service by using the phased release method, repeat the preceding steps.