Service namespaces

Now that Istio is up and running, you can create service namespaces for your teams to run app workloads in. For any namespaces that you want to deploy apps to, be sure to follow these steps to include your services in the service mesh.

  1. Label the service namespace for Istio sidecar injection with the gloo revision label.

      kubectl label namespace istio.io/rev=gloo --overwrite <namespace>

  2. If you already deployed app pods to the namespace, restart the workloads so that sidecars are injected into the pods. For example, you might roll out a restart to each deployment by using a command similar to the following.

      kubectl rollout restart deployment -n <namespace> <deployment>

Bookinfo example

For testing purposes, you can deploy Bookinfo, the Istio sample app, and add it to your service mesh.

Single cluster

  1. Create the bookinfo namespace and label it so that the services become part of the service mesh.

      kubectl create ns bookinfo
kubectl label ns bookinfo istio-injection=enabled

  2. Deploy the Bookinfo app.

      # deploy bookinfo application components for all versions less than v3
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/istio/istio/1.24.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app,version notin (v3)'
# deploy an updated product page with extra container utilities such as 'curl' and 'netcat'
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/productpage-with-curl.yaml
# deploy all bookinfo service accounts
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/istio/istio/1.24.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account'

  3. Verify that the Bookinfo app deployed successfully.

      kubectl get pods,svc -n bookinfo

Multicluster

  1. Create the bookinfo namespace in each workload cluster, and label the namespaces for Istio injection so that the services become part of the service mesh.

      kubectl create ns bookinfo --context $REMOTE_CONTEXT1
kubectl label ns bookinfo istio-injection=enabled --context $REMOTE_CONTEXT1
kubectl create ns bookinfo --context $REMOTE_CONTEXT2
kubectl label ns bookinfo istio-injection=enabled --context $REMOTE_CONTEXT2

  2. Deploy Bookinfo with the details, productpage, ratings, reviews-v1, and reviews-v2 services in the first cluster.

      # deploy bookinfo application components for all versions less than v3
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/istio/istio/1.24.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app,version notin (v3)' --context $REMOTE_CONTEXT1
# deploy an updated product page with extra container utilities such as 'curl' and 'netcat'
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/productpage-with-curl.yaml
# deploy all bookinfo service accounts --context $REMOTE_CONTEXT1
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/istio/istio/1.24.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account' --context $REMOTE_CONTEXT1

  3. Deploy Bookinfo with the ratings and reviews-v3 services in the second cluster.

      # deploy reviews and ratings services
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/istio/istio/1.24.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'service in (reviews)' --context $REMOTE_CONTEXT2
# deploy reviews-v3
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/istio/istio/1.24.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app in (reviews),version in (v3)' --context $REMOTE_CONTEXT2
# deploy ratings
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/istio/istio/1.24.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app in (ratings)' --context $REMOTE_CONTEXT2
# deploy reviews and ratings service accounts
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/istio/istio/1.24.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account in (reviews, ratings)' --context $REMOTE_CONTEXT2

  4. Verify that the Bookinfo app deployed successfully.

      kubectl get pods,svc -n bookinfo --context $REMOTE_CONTEXT1
kubectl get pods,svc -n bookinfo --context $REMOTE_CONTEXT2

Next

  • Expose apps in your mesh with a gateway.
  • Launch the Gloo UI to review the Istio insights that were captured for your service mesh setup. Gloo Mesh Core comes with an insights engine that automatically analyzes your Istio setups for health issues. Then, Gloo shares these issues along with recommendations to harden your Istio setups. The insights give you a checklist to address issues that might otherwise be hard to detect across your environment. For more information, see Insights.
  • When it’s time to upgrade your service mesh, you can perform a safe in-place upgrade by using the Gloo operator or Helm.