I’ve been recently looking into Istio, an open platform to connect and manage microservices. After Containers and Kubernetes, I believe that Istio is the next step in our microservices journey where we standardize on tools and methods on how to manage and secure microservices. Naturally, I was very excited to get my hands on Istio.
While setting up Istio on Google Kubernetes Engine (GKE) is pretty straightforward, it’s always useful to have a local setup for debugging and testing. I specifically wanted to setup Istio on my local Minikube Kubernetes cluster on my Windows machine. I ran into a few minor issues that I want to outline here in case it is useful to someone out there.
I assume you have a Minikube cluster setup already and running. If not, you can check out my previous post on how to setup and run a Minikube cluster on your Windows machine. Istio has a Quickstart tutorial for Kubernetes. I’ll follow that but it’s Linux-centric and some of the commands have to be adopted for Windows.
Here is the command to download Istio from Quickstart:
curl -L https://git.io/getLatestIstio | sh -
This is a Linux shell command and it won’t work on Windows cmd or PowerShell. Thankfully, someone already wrote an equivalent PowerShell script here. I used the script as is, only changed the IstioVersion to 0.5.1, the latest Istio version as of today:
param( [string] $IstioVersion = "0.5.1" )
The script downloads Istio and sets an ISTIO_HOME as environment variable.
PS C:\dev\local\istio> .\getLatestIstio.ps1 Downloading Istio from https://github.com/istio/istio/releases/download/ 0.5.1/istio_0.5.1_win.zip to path C:\dev\local\istio
Then, I added %ISTIO_HOME%\bin to PATH to make sure I can run istoctl commands.
Install and Verify Istio
To install Istio and enable mutual TLS authentication between sidecars, I ran the same command in the quickstart:
PS C:\istio-0.5.1> kubectl apply -f install/kubernetes/istio-auth.yaml namespace "istio-system" created clusterrole "istio-pilot-istio-system" created clusterrole "istio-sidecar-injector-istio-system" created clusterrole "istio-mixer-istio-system" created clusterrole "istio-ca-istio-system" created clusterrole "istio-sidecar-istio-system" created
And verify that all the Istio pods are running:
PS C:\istio-0.5.1> kubectl get pods -n istio-system NAME READY STATUS RESTARTS AGE istio-ca-797dfb66c5-x4bzs 1/1 Running 0 2m istio-ingress-84f75844c4-dc4f9 1/1 Running 0 2m istio-mixer-9bf85fc68-z57nq 3/3 Running 0 2m istio-pilot-575679c565-wpcrf /2 Running 0 2m
Deploy the sample app
Deploying an app is a little different on Windows as well. To deploy the BookSample app with Envoy container injection, this is the command you would normally run on Linux:
kubectl create -f <(istioctl kube-inject -f samples/bookinfo/kube/bookinfo.yaml)
The redirection causes problems on PowerShell. Instead, you can first run the istioctl command and save it to an intermediate yaml:
istioctl kube-inject -f .\samples\bookinfo\kube\bookinfo.yaml > bookinfo_inject.yaml
Then, you can apply the intermediate yaml:
PS C:\istio-0.5.1> kubectl create -f .\bookinfo_inject.yaml service "details" created deployment "details-v1" created service "ratings" created deployment "ratings-v1" created service "reviews" created deployment "reviews-v1" created deployment "reviews-v2" created deployment "reviews-v3" created service "productpage" created deployment "productpage-v1" created ingress "gateway" created
With that, you will have BookInfo app deployed and managed by Istio. Hope this was useful to get Istio + Kubernetes running in Minikube on Windows.