This blog post provides some needed background concerning the recent Tetrate and Arm Neoverse announcement. It then shows you how to deploy Tetrate Istio Distribution on an AWS Graviton2-based Amazon EKS cluster.
The core idea behind a service mesh is to interconnect various services of an application and provide an infrastructure and management layer. Each service is assigned an identical proxy that handles communication tasks for the service it is assigned to. The sidecar proxy helps to address the need for security, observability, upgradability, and so forth. The service mesh allows the application to focus only on the business logic needed for the application.
The Istio open-source project is the leading implementation of the service mesh approach. It offers features like service discovery, load balancing, security, mTLS encryption, and authentication. Istio uses the Envoy proxy, a CNCF open-source project, which acts as a sidecar to each service instance. In a typical cloud native or microservices-based application, a sidecar container attaches itself to each service or a Kubernetes pod of the application. This sidecar provides monitoring and security to the services. It intercepts all services traffic, and this traffic and the proxy instances comprise the data plane of the service mesh. Istio is the control plane, managing proxies to route traffic, implementing policies, gathering metrics, and configuring the data plane.
Tetrate is a service mesh company that is a top contributor to the open-source Istio project. It helps organizations in adopting Istio/Envoy via with three offerings:
Tetrate is launching support for Arm Neoverse technology, including Neoverse-based Kubernetes clusters in AWS. AWS Graviton2 processors are built using 64-bit Arm Neoverse cores to deliver the best price/performance for cloud workloads running in Amazon EC2. These optimized instances provide up to 40% better price/performance over comparable, current-generation x86-based instances for a wide variety of workloads. The instances include Amazon EC2 general purpose instances (M6g, M6gd, T4g), compute-optimized instances (C6g, C6gd, C6gn), and memory-optimized instances (R6g, R6gd, X2gd).
In the steps below, we demonstrate how seamless it is to deploy Tetrate Istio Distribution on an AWS Graviton2-based Amazon EKS cluster. Following are the main components covered in this section:
Pre-requisites:
Provision an Amazon EKS cluster with a managed node groups consisting of 3 nodes based on M6g EC2 instance. Once the cluster is up and running, we can verify all the nodes are up using kubectl as shown in Figure 1.
kubectl get nodes -o wide
Figure 1. EKS worker nodes based on AWS Graviton2 EC2 instances
Download the Tetrate Istio Distribution binary from this location and unzip it as shown in Figure 2.
Figure 2. Tetrate Istio Distribution installation
Add the istioctl binary to your PATH and install Istio with the demo profile. This command installs Istio with all the default features including – Istio core, Istiod, Istio ingress and egress gateways.
Figure 3. Istioctl installation on Arm-based EKS cluster
Note: If you do not have access to an Arm-based client, you can simply create a t4g instance in AWS and use that for installing TID and interacting with the cluster.
Once the installation is completed successfully, we see the Istio namespace and pods created in our cluster.
Figure 4. Istio namespace created in the cluster
Figure 5. Kubernetes pods related to Istio
To visualize the service-to-service (also sidecar proxy-to-sidecar proxy) communications of an application, we install an open-source dashboard call Kiali. It also helps us in debugging any issues with the application.
To install Kiali, add the following helm repo: https://kiali.org/helm-charts.
Install the Kiali operator using the following command:
helm install \ > --set cr.create=true \ > --set cr.namespace=istio-system \ > --namespace kiali-operator \ > --create-namespace \ > kiali-operator \ > kiali/kiali-operator
Figure 6. Kiali dashboard installation
Once the installation is successful, verify all the components of Kiali with the following command:
kubectl get all -n kiali-operator
Before we install a demo application on our cluster, we must enable sidecar injection with the following command:
kubectl label namespace default istio-injection=enabled
Install the Bookinfo application using this yaml file on the kubernetes cluster. Once the application is running execute the following command to verify its working.
kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"
We see the following response:
We can access the application remotely via several methods – by creating a NodePort, ClusterIP or can create ingress gateway. In this blog, we are using the existing Istio infrastructure and gateway. Use the following command to deploy the Bookinfo application gateway:
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.13/samples/bookinfo/networking/bookinfo-gateway.yaml
For Kiali to display metrics of the Bookinfo application, we need to deploy Prometheus on the kubernetes cluster. It will gather all the metrics from the application and send them to Kiali. To install prometheus on the cluster, use the following command:
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.13/samples/addons/prometheus.yaml
Now let’s take a look at the Kiali dashboard below. In this dashboard we see the different components of Bookinfo application and how they communicate with each other.
Figure 7. Kiali dashboard showing different components of Bookinfo application
In Figure 8, we can also see the different services and the namespace each service belongs to.
Figure 8. Multiple services in the Kubernetes cluster
The following section shows the different versions of the application managed by Istio service mesh.
Figure 9. Different versions of Bookinfo application in the cluster
As shown in this blog, Tetrate Istio Distribution service mesh can be installed seamlessly on an AWS Graviton2-based Amazon EKS cluster. If you have any questions, comments, or concerns please feel free to reach out to us at Tetrate and Arm.
[CTAToken URL = "https://developer.arm.com/solutions/infrastructure" target="_blank" text="Explore Developer Resources" class ="green"]