Hello Istio, in JHipster — Part 2

Let us deploy the microservices with Istio.

Brief recap, in the last part, we have created the configuration files for Kubernetes and Istio for the microservices application generated by JHipster.

It is time 🕰to check what JHipster generated.

• app1 folder contains configuration files for Microservice application
• gate folder contains configuration files for Microservice gateway
• regsitry folder contains configuration files for JHipster Registry
• kubectl-apply.sh is a bash script to deploy all the services together

Inside the Registry folder,

The application-configmap.yml contains JHipster Registry’s configuration.

The jhipster-registry.yml contains the following.

### Registry password
apiVersion: v1
kind: Secret
......
---
### About the service the port in which it has to run
apiVersion: v1
kind: Service
metadata:
  name: jhipster-registry
.......
spec:
  ports:
  - port: 8761
    name: http
  clusterIP: None
  selector:
    app: jhipster-registry
---
### replicas & stating the Istio not to inject sidecar automatically
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: jhipster-registry
  namespace: default
spec:
  serviceName: jhipster-registry
  replicas: 2
     .........
  template:
    metadata:
      labels:
        app: jhipster-registry
        version: "v1"
      annotations:
        sidecar.istio.io/inject: "false"
    spec:
      .....

This disables sidecar injection in the JHipster Registry. Since we need the sidecar injection mainly for the Microservice Gateway.

Inside the Gate folder,

The gate-deployment.yaml contains the application configuration for the gateway application deployment.

The gate-destination-rule.yml contains the network definitions related to Load Balancing and connection timeouts.

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: gate-destinationrule
  namespace: default
spec:
  host: gate
  trafficPolicy:
    loadBalancer:
      simple: RANDOM #specifying a random rule for loadbalancing.
    connectionPool: # Timeouts and connections related information
      tcp:
        maxConnections: 30
        connectTimeout: 100ms
      http:
        http1MaxPendingRequests: 10
        http2MaxRequests: 100
        maxRequestsPerConnection: 10
        maxRetries: 5
    outlierDetection:
      consecutiveErrors: 5
      interval: 30s
      baseEjectionTime: 60s
  subsets:
  - name: v1
    labels:
      version: "v1"

In the spec, we mention the host as the gate application.

Then we define the traffic policy

Load Balancer can be either simple or consistent

Simple — pre-configured. By default it supports

• RoundRobin
• Least Conn
• Random
• Pass through

We have chosen Random here. It is better than the RoundRobin, if we donot have any health configuration. It checks for the services that is healthy and routes the request to it. For more information on this — Check here

The gate-gateway.yml contains configuration for Istio’s Ingress gateway. This will sit at the edge of the service mesh created by the Istio. It configures exposed ports and protocols and helps to connect to the underlying services.

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gate-gateway
  namespace: default
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - gate.sendilkumarn.com
  - port:
      number: 80
      name: http2
      protocol: HTTP2
    hosts:
    - gate.sendilkumarn.com
#  - port:
#      number: 443
#      name: https
#      protocol: HTTPS
#    hosts:
#    - gate.sendilkumarn.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: gate-gw-virtualservice
  namespace: default
spec:
  hosts:
  - gate.sendilkumarn.com
  gateways:
  - gate-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: gate

Note that the hosts in the configuration file are the based on the DNS name that we have provided. This makes the entire application easy to reach via the browser.

There is also a virtual service defined in the configuration file. Since Ingress Gateways in Istio doesn’t include any traffic routing configuration (which is quite the opposite to what Kubernetes does). The virtual service here helps to achieve the traffic routing.

The gate-service.yml contains the configuration for the microservice gateway service.

The gate-mysql.ymlcontains the configuration for the MySQL Database. (This file might vary based on the production database that you cho0se while generating the application.)

Thegate-virtual-service.yaml contains the configuration for the virtual service that helps to route the requests in the mesh.

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: gate-virtualservice
  namespace: default
spec:
  hosts:
  - gate
  http:
  - route:
    - destination:
        host: gate
        subset: "v1"
      weight: 100
    retries:
      attempts: 3
      perTryTimeout: 2

Wow, that's a lot of configuration files. But they make your work easier. JHipster FTW.

Kubernetes + Istio

Google Cloud Platform deployment.

Now the fun part to deploy the application in the GCP. Install Google Cloud SDK before starting.

After logging into the Google Cloud Console, you can either create a new project or use the existing one.

Once the project is created. Create a Kubernetes Cluster inside the project.

gcloud container clusters create hello-istio --region=us-central1-a --machine-type=n1-standard-2 --num-nodes=8  --cluster-version=1.10.7-gke.2

Here we are creating a cluster with the gcloud tool with a cluster name hello-istio. In the region us-central1- a, with machine type n1-standard-2 (choose this as you need) with a number of nodes 8. This will spin up 8 nodes, Kubernetes cluster. That will be more than enough for us to play with this simple microservices application.

Also, note the — cluster-version parameter, which sets the Kubernetes cluster to version 1.10.7-gke.2.

Note: If you want to change anything here, please feel free to change it as you might like. Check the Kubernetes version compatibility with the Istio version.

You can also use the UI to generate the cluster.

It will take a while for your cluster to get started. Let us go and grab a ☕️ and a 🍪.

Once it is up and running, let us connect to the cluster from your cloud shell (or) your terminal.

gcloud container clusters get-credentials hello-istio --zone us-central1-a --project amazing-istio

Next step, set the admin permissions for the cluster. Open your cloud shell(or) terminal and then use the following command to enable admin permissions.

kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)

Now it is the time to install Istio in the cluster.

The easiest way to install is to download the latest Istio

curl -L https://git.io/getLatestIstio | sh -

It fetches the latest Istio source. Then add Istio to the path.

export PATH="$PATH:/home/<username>/istio-x.x.x/bin"

Now apply the istio-demo.yaml file to create Istio related things in the cluster. This will create an istio-system namespace in the cluster and installs all the necessary components inside the cluster.

kubectl apply -f istio-x.x.x/install/kubernetes/istio-demo.yaml

You can check the usage and installation by running

kubectl get pods -n istio-system

This will show the list of pods that are running in the istio-system namespace.

Now lets head over to our generated K8s configuration file in local and start deploying them.

When the JHipster Kubernetes completed. It said it is missing some docker images. Now we have to create the Docker image and push it to the Docker repository. Then we can use Kubernetes cluster to fetch these images and deploy them in the GCP.

The first step is to build the image and then push it to Docker Repository. Let us run this file in both the Microservice Gateway and Application folder.

./mvnw verify -Pprod dockerfile:build

Then we have to tag the Docker image and push it into the Docker repository.

docker image tag gate <docker-repo-name>/gate
docker image push <docker-repo-name>/gate
docker image tag gate <docker-repo-name>/app
docker image push <docker-repo-name>/app

once done, let us head over to the k8s folder and run

Note: If you haven’t connected the cluster to the local terminal, please do the following command

gcloud container clusters get-credentials hello-istio --zone us-central1-a --project <your project name>

./kubectl-apply.sh

This will deploy all the services and databases into the Kubernetes cluster. Perfect that is it you have deployed your awesome microservices application with Istio into GKE running on GCP.

Head over to gate.sendilkumarn.com to check the application up and running.

Congrats 🎉🎉🎉🎉