One of the recent open source initiatives that has caught our interest at Rancher Labs is Istio, the micro-services development framework. It’s a great technology, combining some of the latest ideas in distributed services architecture in an easy-to-use abstraction. Istio does several things for you. Sometimes referred to as a “service mesh”, it has facilities for API authentication/authorization, service routing, service discovery, request monitoring, request rate-limiting, and more. It’s made up of a few modular components that can be consumed separately or as a whole.
Some of the concepts such as “circuit breakers” are so sensible I wonder how we ever got by without them. Circuit breakers are a solution to the problem where a service fails and incoming requests cannot be handled. This causes the dependent services making those calls to exhaust all their connections/resources, either waiting for connections to timeout or allocating memory/threads to create new ones. The circuit breaker protects the dependent services by “tripping” when there are too many failures in a some interval of time, and then only after some cool-down period, allowing some connections to retry (effectively testing the waters to see if the upstream service is ready to handle normal traffic again).
Istio is built with Kubernetes in mind. Kubernetes is a great foundation as it’s one of the fastest growing platforms for running container systems, and has extensive community support as well as a wide variety of tools. Kubernetes is also built for scale, giving you a foundation that can grow with your application.
Deploying Istio with Helm
Rancher includes and enterprise Kubernetes distribution makes it easy to run Istio. First, fire up a Kubernetes environment on Rancher (watch this demo or see our quickstart guide for help). Next, use the helm chart from the Kubernetes Incubator for deploying Istio to start the framework’s components. You’ll need to install helm, which you can do by following this guide. Once you have helm installed, you can add the helm chart repo from Google to your helm client:
A view in kube dash of the microservices that makeup Istio
This will deploy a few micro-services that provide the functionality of Istio. Istio gives you a framework for exchanging messages between services. The advantage of using it over building your own is you don’t have to implement as much “boiler-plate” code before actually writing the business logic of your application. For instance, do you need to implement auth or ACLs between services? It’s quite possible that your needs are the same as most other developers trying to do the same, and Istio offers a well-written solution that just works. Its also has a community of developers whose focus is to make this one thing work really well, and as you build your application around this framework, it will continue to benefit from this innovation with minimal effort on your part.
Deploying an Istio Application
OK, so lets try this thing out. So far all we have is plumbing. To actually see it do something you’ll want to deploy an Istio application. The Istio team have put together a nice sample application they call “BookInfo” to demonstrate how it works. To work with Istio applications we’ll need two things: the Istio command line client, istioctl, and the Istio application templates. The istioctl client works in conjunction with kubectl to deploy Istio applications. In this basic example, istioctl serves as a preprocessor for kubectl, so we can dynamically inject information that is particular to our Istio deployment. Therefore, in many ways, you are working with normal Kubernetes resource YAML files, just with some hooks where special Istio stuff can be injected.
To make it easier to get started, you can get both istioctl and the needed application templates from this repo: https://github.com/wjimenez5271/rancher-istio. Just clone it on your local machine. This also assumes you have kubectl installed and configured. If you need help installing that see our docs.
Now that you’ve cloned the above repo, “cd” into the directory and run:
This deploys the kubernetes resources using kubectl while injecting some istio specific values. It will deploy new services to K8 that will serve the “BookInfo” application, but it will leverage the Istio services we’ve already deployed.
Once the BookInfo services finish deploying we should be able to view the UI of the web app. We’ll need to get the address first, we can do that by running
kubectl get services istio-ingress -o wide
This should show you the IP address of the istio ingress (under the EXTERNAL-IP column). We’ll use this IP address to construct the URL to access the application. For example, my output with my local Rancher install looks like:
Example output of kubectl get services istio-ingress -o wide
The istio ingress is shared amongst your applications, and routes to the correct service based on a URI pattern. Our application route is at /productpage so our request URL would be:
Try loading that in your browser. If everything worked you should see a page like this:
Sample application “BookInfo”, built on Istio
Built-in metrics system
Now that we’ve got our application working we can check out the built in metrics system to see how its behaving. As you can see, Istio has instrumented our transactions automatically just by using their framework. Its using the Prometheus metrics collection engine, but they set it up for you out of the box. We can visualize the metrics using Grafana. Using the helm chart in this article, accessing the endpoint of the Grafana pod will require setting up a local kubectl port forward rule:
The Grafana Dashboard with the included Istio template that highlights useful metrics
Have you developed something cool with Istio on Rancher? If so, we’d love to hear about it. Feel free to drop us a line on twitter @Rancher_Labs, or on our user slack.
William Jimenez (@wjimenez5271) is a curious systems engineer who enjoys solving problems with computers, software and just about any complex system he can get his hands on. He enjoys helping others make sense of difficult problems. In his free-time he likes to tinker with amateur radio, cycle on the open road, and spend time with his family (so they don’t think he forgot about them).