[1] Install Istio and upgrade Kiali

[1.0] Check pre-requisites

  1. google-cloud-sdk correctly installed
  2. kubectl client installed
  3. helm correctly installed
  4. Istio 1.3.4 downloaded
  5. ISTIO_HOME variable defined
  6. Update/validate PATH

Save time

All steps are predefined in a script that you can download and personalize


curl -L https://git.io/fjojh > $HOME/install-gke-istio-kiali.sh
chmod +x $HOME/install-gke-istio-kiali.sh

Note: Script is tested on Linux.

Other platforms may need some changes.

[1.1] Set your project ID

Set Google Cloud Project ID from qwiklab 

              
                gcloud config set project $PROJECT_ID
                gcloud config set compute/zone europe-west2-a

                # Output

                Updated property [core/project].
                Updated property [compute/zone].

[1.1] Create a Kubernetes cluster

Choose a cluster name i.e. xavi-cluster 


gcloud container clusters create xavi-cluster \
  --cluster-version latest \
  --num-nodes 6

# Output

Creating cluster xavi-cluster... Cluster is being health-checked (master is healthy)...done.
Created [https://container.googleapis.com/v1/projects/kubernetes-istio-kiali/zones/europe-west2-a/clusters/xavi-cluster].
kubeconfig entry generated for xavi-cluster.
NAME           LOCATION        MASTER_VERSION  MASTER_IP       MACHINE_TYPE   NODE_VERSION  NUM_NODES  STATUS
xavi-cluster  europe-west2-a  1.13.7-gke.8    35.242.145.183  n1-standard-1  1.13.7-gke.8  4          RUNNING

[1.2] Retrieve your credentials


gcloud container clusters get-credentials xavi-cluster

# Output

Fetching cluster endpoint and auth data.
kubeconfig entry generated for xavi-cluster.

[1.3] Grant cluster administrator (admin) permissions

To create the necessary RBAC rules for Istio, the current user requires admin access


kubectl create clusterrolebinding cluster-admin-binding \
  --clusterrole=cluster-admin \
  --user=$(gcloud config get-value core/account)

# Output

clusterrolebinding.rbac.authorization.k8s.io/cluster-admin-binding created

[1.4] Install Istio definitions via helm


cd $ISTIO_HOME
kubectl create namespace istio-system
helm template install/kubernetes/helm/istio-init --name istio-init --namespace istio-system | kubectl apply -f -

# Output
configmap/istio-crd-10 created
configmap/istio-crd-11 created
configmap/istio-crd-12 created
serviceaccount/istio-init-service-account created
clusterrole.rbac.authorization.k8s.io/istio-init-istio-system created
clusterrolebinding.rbac.authorization.k8s.io/istio-init-admin-role-binding-istio-system created
job.batch/istio-init-crd-10-1.3.4 created
job.batch/istio-init-crd-11-1.3.4 created
job.batch/istio-init-crd-12-1.3.4 created

# Verify 23 CRDs are created.
kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l

[1.5] Install istio demo profile


helm template install/kubernetes/helm/istio --name istio --namespace istio-system \
  --values install/kubernetes/helm/istio/values-istio-demo.yaml | kubectl apply -f -

# Verify all Istio pods are up and running
kubectl get pods -n istio-system -w

[1.6.0] Expose the Telemetry add-ons

For demo purposes we will use HTTP instead HTTPS


curl -L https://git.io/Jeadb | kubectl apply -f -

# Define variables
export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')

export KIALI_URL="http://${INGRESS_HOST}:15029/kiali"
export PROMETHEUS_URL="http://${INGRESS_HOST}:15030/"
export GRAFANA_URL="http://${INGRESS_HOST}:15031/"
export JAEGER_URL="http://${INGRESS_HOST}:15032/jaeger"

[1.6.1] Open your URLs


# Showing all the URLS
# Click links on terminal to open a new tab

echo "Kiali: ${KIALI_URL}" && \
echo "Prometheus: ${PROMETHEUS_URL}" && \
echo "Grafana: ${GRAFANA_URL}" && \
echo "Jaeger: ${JAEGER_URL}"

[1.6.2] Check Telemetry add-ons

kiali grafana prometheus jaeger

[1.7.0] Install Bookinfo on default namespace


kubectl label namespace default istio-injection=enabled
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml

# Verify all Bookinfo pods are running
kubectl get pods -w

[1.7.1] Expose Bookinfo through Ingress


kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

# Verify user can access Bookinfo app
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
echo http://${INGRESS_HOST}:${INGRESS_PORT}/productpage

bookinfo

[1.7.2] Observe Bookinfo from Kiali

kiali dashboard kiali graph

[1.8.0] Upgrade Kiali

Istio ships a v1.4 version, let's upgrade to a newer one


curl -L https://git.io/Jea7m | envsubst > $HOME/update-kiali-cr.yaml
bash <(curl -L https://git.io/getLatestKialiOperator) --kiali-cr $HOME/update-kiali-cr.yaml

# Verify Kiali pod is restarted
kubectl get pods -n istio-system -w

[1.8.1] Refresh Kiali

Check Kiali has upgraded to 1.0 version

kiali 1.1

[1.8.2] Useful troubleshooting

Just if something went wrong 


# kiali-operator namespace is "Terminating" but hanged
kubectl patch kiali kiali -n kiali-operator -p '{"metadata":{"finalizers": []}}' --type=merge

# Delete a kubernetes cluster i.e. xavi-cluster
gcloud container clusters delete xavi-cluster

End of Workshop part [1]

Continue to [2] Kiali: Observability in Action

Back to Workshop Index