Navigation :

Deploy sample apps

You can install two sample apps in your demo setup: Bookinfo and httpbin. You might also install additional tools such as Keycloak as an OpenID Connect provider. These sample apps are used throughout the documentation to help test connectivity, such as in the policy guides.

Deploy Bookinfo

To test out microservice traffic management in your service mesh, deploy the Bookinfo sample app.

  1. Save the Istio revision that your istiod control plane runs as an environment variable.

    export REVISION=$(kubectl get pod -L app=istiod -n istio-system -o jsonpath='{.items[0].metadata.labels.istio\.io/rev}')
echo $REVISION

  2. Create the bookinfo namespace and label it for Istio injection so that the services become part of the service mesh. 

    kubectl create ns bookinfo
kubectl label ns bookinfo istio.io/rev=$REVISION --overwrite=true

    For more information, see the Istio on OpenShift documentation.

    1. Create and label the bookinfo project. 
      kubectl create ns bookinfo
kubectl label ns bookinfo istio.io/rev=$REVISION --overwrite=true
    2. Create a NetworkAttachmentDefinition custom resource for the bookinfo project. 
      cat <<EOF | oc -n bookinfo create -f -
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: istio-cni
EOF
    3. Elevate the permissions of the bookinfo service account to allow the Istio sidecars to make use of a user ID that is normally restricted by OpenShift. 
      oc adm policy add-scc-to-group anyuid system:serviceaccounts:bookinfo

  3. Deploy the Bookinfo app.

    # deploy bookinfo application components for all versions less than v3
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/istio/istio/1.18.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app,version notin (v3)'
# deploy an updated product page with extra container utilities such as 'curl' and 'netcat'
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/productpage-with-curl.yaml
# deploy all bookinfo service accounts
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/istio/istio/1.18.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account'

  4. Verify that the Bookinfo app is deployed successfully.

    kubectl get pods -n bookinfo
kubectl get svc -n bookinfo

Deploy httpbin

The httpbin sample app is a simple tool to test HTTP requests and responses. Unlike curl, you can see not only the response headers, but also the request headers.

  1. Save the Istio revision that your istiod control plane runs as an environment variable.

    export REVISION=$(kubectl get pod -L app=istiod -n istio-system -o jsonpath='{.items[0].metadata.labels.istio\.io/rev}')
echo $REVISION

  2. Create an httpbin namespace and label the namespace for Istio injection so that the services in the namespace become part of the service mesh. 

    kubectl create ns httpbin
kubectl label ns httpbin istio.io/rev=$REVISION --overwrite=true
    1. Create and label the httpbin project. 
      kubectl create ns httpbin
kubectl label ns httpbin istio.io/rev=$REVISION --overwrite=true
    2. Create a NetworkAttachmentDefinition custom resource for the httpbin project. 
      cat <<EOF | oc -n httpbin create -f -
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: istio-cni
EOF
    3. Elevate the permissions of the httpbin service account to allow the Istio sidecars to make use of a user ID that is normally restricted by OpenShift. 
      oc adm policy add-scc-to-group anyuid system:serviceaccounts:httpbin

  3. Deploy the httpbin app.

    kubectl -n httpbin apply -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/httpbin.yaml

  4. Verify that the httpbin app is running.

    kubectl -n httpbin get pods

Deploy hello world

The hello world sample app is a simple way to test responses for different app versions. The following examples install four versions of hello world in your cluster.

  1. Save the Istio revision that your istiod control plane runs as an environment variable.

    export REVISION=$(kubectl get pod -L app=istiod -n istio-system -o jsonpath='{.items[0].metadata.labels.istio\.io/rev}')
echo $REVISION

  2. Create the helloworld namespace and label it for Istio injection so that the services become part of the service mesh. 

    kubectl create ns helloworld
kubectl label ns helloworld istio.io/rev=$REVISION --overwrite=true
    1. Create and label the helloworld project. 
      kubectl create ns helloworld
kubectl label ns helloworld istio.io/rev=$REVISION --overwrite=true
    2. Create a NetworkAttachmentDefinition custom resource for the helloworld project. 
      cat <<EOF | oc -n helloworld create -f -
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: istio-cni
EOF
    3. Elevate the permissions of the helloworld service account to allow the Istio sidecars to make use of a user ID that is normally restricted by OpenShift. 
      oc adm policy add-scc-to-group anyuid system:serviceaccounts:helloworld

  3. Deploy hello world v1, v2, v3, and v4 to your cluster.

    kubectl -n helloworld apply -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/helloworld.yaml

  4. Verify that the hello world apps are running.

    kubectl -n helloworld get pods

Other service namespaces

For any other namespaces that you want to deploy apps to, be sure to follow these steps to include your services in the service mesh.

  1. Label the namespace with the Istio revision so that Istio sidecars are deployed to your app pods.

    export REVISION=$(kubectl get pod -L app=istiod -n istio-system -o jsonpath='{.items[0].metadata.labels.istio\.io/rev}')
kubectl label ns <namespace> istio.io/rev=$REVISION --overwrite

    Note: If you deployed revisionless installations in testing environments, you can instead label your workload namespaces with kubectl label ns <namespace> istio-injection=enabled.

  2. OpenShift only: Follow these additional steps for each service project. For more information, see the Istio on OpenShift documentation.

    1. Create a NetworkAttachmentDefinition custom resource. 
      cat <<EOF | oc -n <project> create -f -
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: istio-cni
EOF
    2. Elevate the permissions of the service account to allow the gateway to make use of a user ID that is normally restricted by OpenShift. 
      oc adm policy add-scc-to-group anyuid system:serviceaccounts:<project>

Next

Verify routing to the sample apps and apply a fault injection policy to the reviews service to delay requests and simulate network issues or an overloaded service.