Hands-on project of ISTIO/JAEGER/K8/EKS/KIALI for Cloud and DevOps Engineers

Hands-on project of ISTIO/JAEGER/K8/EKS/KIALI for Cloud and DevOps Engineers

Kubernetes hands-on project from the Free SRE/DevOps 30 days Bootcamp3

📝Introduction

In this post, we will cover a K8S project for Monitoring using tools like Kiali and Jaeger for distributed tracing as part of FREE DevOps/SRE BootCamp guided by praveen sigampalli.

📝What is ISTIO?

It is an open-source service mesh that layers transparently onto existing distributed applications. Istio’s powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring – with few or no service code changes. For more details, go through this link.

📝Hands-on (Step-by-step)

1 - Log in to the AWS Console with an IAM user(for secure access) and attach an Administrator Access role to it.

2 - Create a T2 Medium instance with the Amazon Linux AMI OS version at an AZ as your preference. In this hands-on, we choose eu-west-3.

The use of this type of instance will charge you at least 2€ (I was charged in 2.06€), depending on how long you use it, so you do not forget to delete all resources at the end of this hands-on.

3 - Install kubectl (To access the PODs and resources of K8s]

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256"
echo "$(cat kubectl.sha256) kubectl" | sha256sum --check
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

4 - Install eksctl ( To create the cluster)

curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl
_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/bin
eksctl version

5 - Create the cluster

eksctl create cluster --name=eksistiodemo --region=eu-west-3 --zones=eu-west-3b,eu-west-3a --without-nodegroup

6 - Add OIDC(Open-ID connect)

eksctl utils associate-iam-oidc-provider --region eu-west-3 --cluster eksistiodemo --approve

7 - Add nodes

eksctl create nodegroup --cluster=eksistiodemo --region=us-west-1 --name=eksistiodemo-ng-public --node-type=t2.medium --nodes=2 --nodes-min=2 --nodes-max=4 --node-volume-size=10 --ssh-access --ssh-public-key=key-test --managed --asg-access --external-dns-access --full-ecr-access --appmesh-access --alb-ingress-access

Check the pods that are running.

8 - Install ISTIO

curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.18.1 TARGET_ARCH=x86_64 sh -

Go into the ISTIO directory and check the installation directory contains:

cd istio-1.18.1

The installation directory contains:

  • Sample applications in samples/

  • The istioctl client binary in the bin/ directory

10 - Set the PATH and install the ISTIO with demo profile

export PATH=$PWD/bin:$PATH

11 - Deploy nodes

kubectl apply -f ttps://raw.githubusercontent.com/istio/istio/release-1.18/samples/bookinfo/platform/kube/bookinfo.yaml

12 - Check kubectl services

kubectl get svc

13 - Check pods

kubectl get pods

14 - Use the below command to get some info from an specific POD

kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"

15 - To inject ISTIO as init container which will force to run 2 containers per POD. Run ISTIO analyze and delete all pods to force to run 2 containers per POD.

kubectl label namespace default istio-injection=enabled
istioctl analyze
kubectl delete pod <pod_name>

16 - Go into samples/bookinfo/networking/ on istio-1.18.1 directory and deploy the gateway.

cd samples/bookinfo/networking/
kubectl apply -f bookinfo-gateway.yaml
kubectl get vs
kubectl get gateway

17 - Ingress the ISTIO gateway, set the ingress IP/ports and check the secure port in use.

kubectl get svc istio-ingressgateway -n istio-system
export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}') export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}') export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
echo $SECURE_INGRESS_PORT

18 - Export Ingress host using your Load Balancer DNS name

export INGRESS_HOST=aa2bf1a8d9bae4152a7c9bacdb730375-2012932597.eu-west-3.elb.amazonaws.com
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
echo $GATEWAY_URL

19 - Open the below URL to check the app running

echo "http://$GATEWAY_URL/productpage"
i.e. 
http://aa2bf1a8d9bae4152a7c9bacdb730375-2012932597.eu-west-3.elb.amazonaws.com:80/productpage

20 - Check the Kiali tool dashboard console for monitor ISTIO service mesh. First, go into the /addons directory and deploy the addons for Kiali.

cd istio-1.18.1/samples/addons
kubectl apply -f .

21 - Port Forward to access Kiali Dashboard. Make sure to allow port 9008 on your EC2 SG.

kubectl port-forward --address 0.0.0.0 svc/kiali 9008:20001 -n istio-system
i.e.
http://<your_EC2_IP>:9008/kiali/console/overview?duration=60&refresh=60000

22 - Check the Jaeger tool used to monitor and troubleshoot transactions in complex distributed systems. First, perform a port forward to access it and make sure to allow port 8008 on your EC2 SG.

kubectl port-forward --address 0.0.0.0 svc/tracing 8008:80 -n istio-system
i.e.
http://<your_EC2_IP>:8008/jaeger

23 - After completing the hands-on, please, do not forget to delete all the resources created on AWS to avoid being charged more than you have used.

eksctl delete nodegroup --cluster=eksistiodemo --region=eu-west-3 --name=eksistiodemo-ng-public
eksctl delete cluster --name=eksdemo --region=eu-west-3

Thank you for reading. I hope you were able to understand and learn something helpful from my blog.

Please follow me on Hashnode and on LinkedIn franciscojblsouza