The Talend Community Knowledge Base (KB) article, Managing Talend microservices with Istio service mesh on Kubernetes, shows you how to connect, secure, control, and observe Talend microservices leveraging Istio.
This article describes the installation and platform-specific steps for managing Talend microservices using Istio service mesh on Amazon Elastic Kubernetes Service (EKS).
For more information on installing Talend microservices using Istio on other cloud providers, see the following Talend Community KB articles:
Amazon EKS cluster can be easily created in a single step using eksctl CLI commands and a YAML file with the cluster configuration.
For more information on creating an EKS cluster using AWS Management Console, see the Amazon EKS, Getting Started with the AWS Management Console guide.
Following the instructions in the Amazon EKS, Getting Started with eksctl documentation, complete the following sections:
Install the Latest AWS CLI
Configure Your AWS CLI Credentials
Log in to the command prompt as administrator.
#install eksctl and aws-iam-authenticator chocolatey install -y eksctl aws-iam-authenticator # verify eksctl version eksctl version
Login to the bash shell.
Download and extract the latest release of eksctl by using the following command:
curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/latest_release/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
Move the extracted binary to /usr/local/bin and verify the version.
sudo mv /tmp/eksctl /usr/local/bin # verify eksctl version eksctl version
Download the create_eks_cluster.yaml file (attached to this article) to a directory and execute the following command:
eksctl create cluster -f create_eks_cluster.yaml
Helm is a package manager for Kubernetes. Helm Charts help you define, install, and upgrade even the most complex Kubernetes application.
Istio provides customizable helm templates for installation on a Kubernetes cluster. For more information on other installation options, see the Istio Installation Guides.
Install Helm client on Linux / Windows OS, using one of the following options.
Helm client can be installed on Linux OS using shell commands.
Connect to the shell, then install Helm client:
curl -LO https://git.io/get_helm.sh chmod 700 get_helm.sh ./get_helm.sh
Helm package can be installed on Windows using Chocolatey.
Launch a command prompt, then execute the following command:
Note: If you get an error "'choco' is not recognized as an internal or external command, operable program or batch file", follow the Install Chocolatey on Windows instructions.
Install helm using the choco install command:
#Install helm client choco install kubernetes-helm
From the bash shell or command prompt:
Create an istio_install directory.
# create directory istio_install mkdir istio_install (Windows / Linux) # move into the istio_install cd istio_install
# Download the installation file using the curl command curl -Ls -O https://github.com/istio/istio/releases/download/1.3.4/istio-1.3.4-linux.tar.gz (Linux) curl -Ls -O https://github.com/istio/istio/releases/download/1.3.4/istio-1.3.4-win.zip (Windows) # gunzip and untar the file gunzip istio-1.3.4-linux.tar.gz tar -xvf istio-1.3.4-linux.tar # move into the directory istio-1.3.4 cd istio-1.3.4 # Configure the PATH environment variable export PATH=$PWD/bin:$PATH (Linux) set PATH=%CD%/bin;%PATH% (Windows) # Initialize helm helm init #Add Istio to the helm repository helm repo add istio.io https://storage.googleapis.com/istio-release/releases/1.3.4/charts/ #Create namespace istio-system kubectl create namespace istio-system #Install all the istio CRDs helm template install/kubernetes/helm/istio-init --name istio-init --namespace istio-system | kubectl apply -f -
Install Istio using one of the Installation Configuration Profiles.
Note: This article uses the demo_auth profile.
# Execute the helm template with the predefined settings in the demo_auth profile helm template install/kubernetes/helm/istio --name istio --namespace istio-system \ --values install/kubernetes/helm/istio/values-istio-demo-auth.yaml | kubectl apply -f -
Execute the following command, then verify that the status of all the Istio components in the demo-auth configuration profile is Running / Completed.
kubectl get pods -n istio-system
Verify an External IP is assigned to the istio-ingressgateway service.
kubectl get svc -n istio-system
Ingress traffic to application pods or microservices is only made possible using the External / Public IP assigned to the istio-ingressgateway service.
An external Load-balancer is launched on EKS automatically, and its IP is assigned to the istio-ingressgateway service.
With Istio demo-auth profile add-ons for dashboards such as Prometheus, Grafana, Kiali, and Jaeger are enabled by default.
Prometheus is a web-based graphical user interface for querying the Istio metric values.
Grafana is a web-based graphical user interface that provides a global view of the mesh along with services and their workloads.
Kiali is a web-based graphical user interface to view service graphs of the mesh and Istio configuration objects. Different graph types such as App, Versioned App, Workload, and Service are available to view the services in the mesh.
Open a Windows command prompt in Administrator mode, then execute the following commands and launch the dashboards using local port forwarding, as shown below:
# Execute the below port-forward command and access Prometheus using local port forwarding kubectl port-forward svc/prometheus 9090:9090 -n istio-system # Execute the below port-forward command and access Grafana using local port forwarding kubectl port-forward svc/grafana 3000:3000 -n istio-system # Execute the below port-forward command and access Kiali using local port forwarding kubectl port-forward svc/kiali 20001:20001 -n istio-system # Execute the below port-forward command and access Jaeger using local port forwarding kubectl port-forward svc/jaeger 16686:16686 -n istio-system
Log in to the AWS management console, search for the service ECR, then click Create repository.
Create two repositories in ECR, as shown in the following example:
Docker host: select Remote, then enter your Docker host information
Registry: enter your Amazon container Registry URI
Username: enter your access key ID
Password: enter your secret access key
Repeat Step 1 and publish the Customers microservice. Make a note of the URLs of the microservice images published to ECR.
Kubernetes has native support for the Amazon Elastic Container Registry (ECR) when nodes are AWS EC2 instances all pods in a cluster have read access to images in a container registry.
This article explains how to launch an Amazon Elastic Kubernetes Cluster using eksctl, install Istio manually using Helm, and how to publish Talend microservices on Amazon Elastic Container Registry.