Introduction
Modern applications rely on microservices, making service-to-service communication complex. Managing traffic routing, security, and observability becomes crucial.
Istio is a powerful service mesh that provides:
Traffic Management – Fine-grained control over requests. Security – Mutual TLS (mTLS) for encrypted communication. Observability – Insights into service interactions and performance.
This step-by-step guide covers:
- Installing Istio on a Kubernetes cluster.
- Deploying microservices with Istio sidecars.
- Configuring traffic routing and security.
- Enabling monitoring with Grafana, Kiali, and Jaeger.
Step 1: Install Istio in Kubernetes
1.1 Download and Install Istio CLI
curl -L https://istio.io/downloadIstio | sh -
cd istio-*
export PATH=$PWD/bin:$PATH
1.2 Install Istio with the Default Profile
istioctl install --set profile=demo -y
1.3 Enable Istio Injection
Enable automatic sidecar injection in the default namespace:
kubectl label namespace default istio-injection=enabled
Step 2: Deploy Microservices with Istio
We will deploy two microservices:
web – Calls the api service.
api – Responds with “Hello from API”.
2.1 Deploy web Service
Create web-deployment.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: web
spec:
replicas: 2
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
spec:
containers:
- name: web
image: nginx
ports:
- containerPort: 80
Create web-service.yaml:
apiVersion: v1
kind: Service
metadata:
name: web
spec:
selector:
app: web
ports:
- protocol: TCP
port: 80
targetPort: 80
Apply the deployment:
kubectl apply -f web-deployment.yaml
kubectl apply -f web-service.yaml
2.2 Deploy api Service
Create api-deployment.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: api
spec:
replicas: 2
selector:
matchLabels:
app: api
template:
metadata:
labels:
app: api
spec:
containers:
- name: api
image: hashicorp/http-echo
args: ["-text=Hello from API"]
ports:
- containerPort: 5678
Create api-service.yaml:
apiVersion: v1
kind: Service
metadata:
name: api
spec:
selector:
app: api
ports:
- protocol: TCP
port: 80
targetPort: 5678
Apply the deployment:
kubectl apply -f api-deployment.yaml
kubectl apply -f api-service.yaml
Step 3: Configure Istio Traffic Routing
3.1 Create a VirtualService for Traffic Control
Create api-virtualservice.yaml:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: api
spec:
hosts:
- api
http:
- route:
- destination:
host: api
subset: v1
Apply the rule:
kubectl apply -f api-virtualservice.yaml
Step 4: Enable Observability & Monitoring
4.1 Install Kiali, Jaeger, Prometheus, and Grafana
kubectl apply -f samples/addons
4.2 Access the Monitoring Dashboards
kubectl port-forward svc/kiali 20001 -n istio-system
Open http://localhost:20001 to view the Kiali dashboard.
Step 5: Secure Service-to-Service Communication
5.1 Enable mTLS Between Services
Create peerauthentication.yaml:
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: default
spec:
mtls:
mode: STRICT
Apply the policy:
kubectl apply -f peerauthentication.yaml
Conclusion
We have successfully: Installed Istio and enabled sidecar injection. Deployed microservices inside the service mesh. Configured traffic routing using VirtualServices. Enabled observability tools like Grafana, Jaeger, and Kiali. Secured communication using mTLS encryption.
Istio simplifies microservices networking while enhancing security and visibility. Start using it today!
Are you using Istio in production? Share your experiences below!
