Deploying Microservices on Azure Kubernetes Engine with Istio as a Sidecar Container
Before deployment, we should ask ourselves what is the role of a service mesh and why we need it.
Service meshes are an infrastructure that is situated between an application’s network and its applications, offering an array of services that are used by all the microservices of an application. The function of a service mesh is to offer a common method for managing and protecting the communications between microservices within the context of a distributed application.
In a typical microservices architecture, each microservice interacts with other microservices via APIs on the network. When the number of microservices increases the task of managing and protecting the security of this communication becomes more difficult. This is where a mesh service is required.
A service mesh comes with various features like traffic management, load balancers, service discovery, security, fault tolerance, and observability, which help to control and secure communications between microservices. With a mesh for service, developers can concentrate on creating business processes for their microservices instead of worrying about the nitty-gritty details of network communications.
A few popular service meshes are Istio, Linkerd, and Consul. These meshes are created as a set of sidecar containers running with each microservice, providing the required functionality to control and secure communications between microservices.
Overview
Before we move on to every step I’ll provide the essential information about the tools:
- Azure Kubernetes Service (AKS) is a fully-managed Kubernetes cloud orchestration solution that is provided through Microsoft Azure. It helps simplify the deployment, management, and scaling of containers on the cloud.
- Istio is an open-source service mesh that offers security, traffic management, and observability functions for microservices. It simplifies the process of managing microservices, by offering a uniform method of connecting to, securing, and monitoring services.
- Terraform is an Open-Source Infrastructure as Code (IaC) software that allows users to define, manage and manage infrastructure resources by using an ad-hoc language. It aids in automating infrastructure management and deployment and makes it simpler to manage complicated environments.
To deploy a microservice application on Azure Kubernetes Engine with (Istio) through Terraform, follow the steps below:
First clone the GitHub repository of this project.
Step 1: Install Terraform on your local machine depending upon your machine by following the instructions provided on the Terraform website.
Step 2: Configure Azure credentials: Set up Azure credentials to allow Terraform to authenticate with Azure.
Install Azure CLI on your local machine. Check the documentation link.
Open the Azure CLI command prompt and log in to your Azure account using the following cmd:
az login
Step 3: Create a Terraform project
Create a new directory for your Terraform project and initialize it with the following cmd:
terraform init
Step 4: Create an AKS Cluster
Now deploy the file “main.tf “ which is given in the Github repository in which we have configured an AKS cluster with three nodes, Linux-based VMs, and a service principal to authenticate with Azure. (Replace the credentials where mentioned).
Run this cmd in the same directory.
terraform apply main.tf
Step 5: Check that nodes are provisioned as stated in the terraform configuration by following the cmd
kubectl get nodes
Step 6: Check that nodes are available by following the cmd
kubectl get nodes
Step 7: Install Istio After creating the AKS cluster, install Istio using the Terraform Kubernetes provider by using istio.tf file which is in the repo.
terraform apply istio.tf
Step 8: Check Istio is running by following the cmd
kubectl get pods -n istio-system
Step 9: Before deploying the microservices, it is better to configure Istio for automatic envoy proxy injection by running this cmd
Kubectl label namespace default istio-injection=enabled
Step 10: Now, deploy a demo microservice application to the AKS cluster( manifest file present in the repo with the named “kubernetes-manifests”) by applying the following cmd.
kubectl apply -f kubernetes-manifests.yaml
Note: Wait for more than 10 minutes so that all the microservices are in a running state.
Step 11: Check all the microservices are running by following cmd
kubectl get pods
Important Note: Now you should see each service has two pods running, one as an application and another as a sidecar container running service mesh(Istio).
To set up Grafana and Prometheus in Istio to monitor and visualize the microservices, you need to follow these steps:
Step 12:Install the Prometheus add-on for Istio by running the following cmd:
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.11/samples/addons/prometheus.yaml
Step 13:Install Grafana by running the following cmd:
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.11/samples/addons/grafana.yaml
Step 14:Create a Gateway and VirtualService to expose the Grafana service outside the cluster. You can use the YAML manifest file named “grafana.yaml”:
kubectl apply -f grafana.yaml
This will create a Gateway and VirtualService that exposes Grafana on port 80 of the Istio ingress gateway.
Step 15:Access Grafana by opening a web browser and navigating to the URL of the Istio ingress gateway.
This URL should be in the format http://<istio-ingress-gateway-ip>/.
Step 16:You can find the IP address of the Istio ingress gateway using the following command:
kubectl get svc istio-ingressgateway -n istio-system
Once you access Grafana, you can create dashboards to visualize the metrics collected by Prometheus from Istio. You can use Istio’s built-in dashboards or create your own custom dashboards.
Step 17: To delete all the resources, you can use the following cmds
kubectl delete -f kubernetes-manifests.yaml
terraform destroy -target module.istio
terraform destroy -target module.aks
az group delete --name my-aks-rg --yes --no-wait
In conclusion, the process of deploying an application as a microservice using Azure Kubernetes Engine and Istio via Terraform requires a series of steps that have to be taken care of.
