The objective of this scenario is to demonstrate how to use Istio ingress and egress rules to control access into a Kuberenetes cluster and outside of a Kubernetes cluster to an external URL.
Please be advised ...
This scenario preloads a multi-node Kubernetes cluster and Load Balancer that are created using Kubernetes in Docker (
KinD). There will be one control plane node and two worker nodes. You might see the cluster spinning up when you view the teminal pane in Lesson 1. Be patient. It might take a few minutes for the cluster to spin up and load.
What you need to know to start
In order to get full benefit from taking this scenario, you need to have basic understanding of following Kubernetetes concepts:
This video describes the basics of Kubernetes you need to know:) This video describes the basics of Kubernetes you need to know:
Whatg you'll be doing
The application has two subordinate services,
frontend delegates to
business to call
worldclockapi.com to get the current time. However, because the microservice will be running under a Kubernetes cluster controlled by an Istio service mesh, users cannot access the
frontend service by default. An ingress rule is needed to allow access. Part of this scenario is to apply a pre-installed ingress rule to Istio.
However, even if users could access the microservice, the microservice would not be fully operational because the subordinate service,
business will still try to access,
worldclockapi.com. Istio will not permit this unless an egress rule is set to allow calls to the external site. The final part of this scenario is to apply a pre-installed egress rule to Istio to allow access to
This scenarios is divided into the following steps.
- Step 1 - Confirm that Kubernetes and the Load Balancer are Installed
- Step 2 - Install Istio
- Step 3 - Implement an Ingress rule under Istio
- Step 4 - Implement an Egress rule under Istio
- Step 5 - Exposing the Istio Add-Ons to the outside world
- Step 6 - Viewing the Istio Add-Ons in a web browser
Executing command line instructions
This scenario is completely interactive. The instructions you'll be given will be executed directly in the terminal window that is embedded directly in the Katacoda interactive learning environment. In the steps to come, when you see a command line instruction with a black background and check mark at the end, like so:
just click on it and the command will execute in the interative terminal window.
Congratulations! You've completed the scenario, Running Kubernetes in Docker (KinD) with Istio.
In this scenario you did the following:
- Step 1 - Confirmed that Kubernetes and the Load Balancer are Installed
- Step 2 - Installed Istio
- Step 3 - Implemented an Ingress rule under Istio
- Step 4 - Implemented an Egress rule under Istio
- Step 5 - Exposed the Istio Add-Ons to the outside world
- Step 6 - Viewed the Istio Add-Ons in a web browser
For more information about Istio, visit the website, here.
Running Kubernetes in Docker with Istio
Confirming that Kubernetes and the Load Balancer are Installed
The objective of this lesson is to confirm that Kubernetes is up and running that the automatically installed Load Balancer is operational
What to expect
This scenario preloads a multi-node Kubernetes cluster that is created using Kubernetes in Docker (
KinD). There will be on control plane node and two worker nodes. When you start out you might see the cluster spinning up in the teminal pane like so:
Creating cluster "kind" ... ✓ Ensuring node image (kindest/node:v1.19.1) 🖼 ✓ Preparing nodes 📦 📦 📦 ✓ Writing configuration 📜 ✓ Starting control-plane 🕹️ ✓ Installing CNI 🔌 ✓ Installing StorageClass 💾 ✓ Joining worker nodes 🚜 Set kubectl context to "kind-kind" You can now use your cluster with: kubectl cluster-info --context kind-kind Have a nice day! 👋
The setup also loads a Load Balancer that will provide an IP address that allows external access to the Kubernetes cluster. You can verify that the Load Balancer is working by executing the following command:
kubectl get services
You might get output as follows that says the assignment of an IP address to the Load Balancer is
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 44s nginx LoadBalancer 10.96.126.61 <pending> 80:30675/TCP 0s
Give it a few minutes, then execute:
kubectl get services
You'll get the output similar to thge following means the Load Balancer is operational:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3m14s nginx LoadBalancer 10.96.126.61 172.19.255.1 80:30675/TCP 2m30s
AGAIN: Be patient! It takes time for the Kubernetes cluster and Load Balancer to install. This can take two or three minutes.
Next: Installing Istio