Open3

Istio Ambient Meshを試す

yashirookyashirook

Istio Ambient Meshについてキャッチアップしたく、Getting Startしてみる

検証環境

  • OS: MacOS 13.5.1(22G90)
  • CPU: Apple M2 Pro (12 core)
  • RAM: 32 GB
  • ミドルウェア
    • Docker: Docker Desktop 4.25.0 (126437)
    • Kubernetes: v1.28.2 (Docker Desktop)
    • Istio: 1.19.3
yashirookyashirook

Istioのインストール

こちらを参考に進めていく。

istioctlのダウンロード

Ambient Meshに対応した最新のistioctlをダウンロード。今回は asdf を使った

❯ asdf install istioctl latest
❯ asdf global istioctl 1.19.3

❯ istioctl version
no ready Istio pods in "istio-system"
1.19.3

istioのインストール

今回は、Istio APIでインストールする。

❯ istioctl install --set profile=ambient --set "components.ingressGateways[0].enabled=true" --set "components.ingressGateways[0].name=istio-ingressgateway" --skip-confirmation

✔ Istio core installed
✔ Istiod installed
✔ Ztunnel installed
✔ CNI installed
✔ Ingress gateways installed
✔ Installation complete
Made this installation the default for injection and validation.

istio-system namespace にコンポーネントがインストールされていることを確認。

❯  kubectl get pods -n istio-system
NAME                                  READY   STATUS    RESTARTS   AGE
istio-cni-node-862vv                  1/1     Running   0          17s
istio-ingressgateway-969f5465-hkj92   1/1     Running   0          17s
istiod-7f96598f-797gl                 1/1     Running   0          19s
ztunnel-wncxx                         1/1     Running   0          19s

❯ kubectl get daemonset -n istio-system
NAME             DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
istio-cni-node   1         1         1       1            1           kubernetes.io/os=linux   62s
ztunnel          1         1         1       1            1           kubernetes.io/os=linux   85s
yashirookyashirook

サンプルアプリケーションの準備

サンプルマニフェストの取得

❯ curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.19.3 TARGET_ARCH=x86_64 sh -cd
❯ cd istio-1.19.3

デプロイ

❯ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details unchanged
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings unchanged
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews unchanged
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage unchanged
deployment.apps/productpage-v1 created

❯ kubectl apply -f samples/sleep/sleep.yaml
serviceaccount/sleep created
service/sleep created
deployment.apps/sleep created

❯ kubectl apply -f samples/sleep/notsleep.yaml
serviceaccount/notsleep created
service/notsleep created
deployment.apps/notsleep created

注意点としては、 istio-injection=enabled のlabelがnamespaceに付与されていないようにする。

podの状態を確認

❯ kubectl get pods
NAME                             READY   STATUS    RESTARTS   AGE
details-v1-5f4d584748-8wqfj      1/1     Running   0          11m
notsleep-5ccf57569-h5452         1/1     Running   0          11m
productpage-v1-564d4686f-ntmb8   1/1     Running   0          11m
ratings-v1-686ccfb5d8-vf8ph      1/1     Running   0          11m
reviews-v1-86896b7648-grzl2      1/1     Running   0          11m
reviews-v2-b7dcd98fb-pxgwm       1/1     Running   0          11m
reviews-v3-5c5cc7b6d-gx45k       1/1     Running   0          11m
sleep-9454cc476-mql4n            1/1     Running   0          11m

Ingress gatewayへの疎通設定

Gateway, HTTPRouteリソースを作成。

❯ sed -e 's/from: Same/from: All/'\
      -e '/^  name: bookinfo-gateway/a\
  namespace: istio-system\
'     -e '/^  - name: bookinfo-gateway/a\
    namespace: istio-system\
' samples/bookinfo/gateway-api/bookinfo-gateway.yaml | kubectl apply -f -

gateway.gateway.networking.k8s.io/bookinfo-gateway created
httproute.gateway.networking.k8s.io/bookinfo created