Skip to content

Istio service deployment workflow

The Istio service deployment workflow describes the procedure for integrating a containerized application into the Istio Service mesh on Kubernetes. This process involves initializing the mesh, injecting sidecar proxies into the application pods, and verifying the service connectivity.

Prerequisites

Before deploying a specific service, the Istio control plane must be installed on the Kubernetes cluster^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__tcp-echo__README.md].

Deployment Process

The core workflow for deploying a service into the mesh involves two primary steps: modifying the Kubernetes configuration and applying the configuration^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__tcp-echo__README.md].

1. Sidecar Injection

To enable Istio features like traffic management and security, the application's Pod specification must include an Envoy proxy sidecar. This is achieved by injecting the Istio sidecar configuration into the deployment resource^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__tcp-echo__README.md].

The standard method to accomplish this during deployment is to pipe the Kubernetes manifest file through istioctl kube-inject before applying it to the cluster^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__tcp-echo__README.md].

$ [kubectl](<./kubectl.md>) apply -f <([istioctl](<./istioctl.md>) kube-inject -f tcp-echo.yaml)
service/tcp-echo created
deployment.extensions/tcp-echo created

2. Resource Creation

The kubectl apply command creates the necessary Kubernetes resources, such as Services and Deployments, based on the injected configuration^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__tcp-echo__README.md]. Once created, the service is running within the mesh and managed by the Istio control plane.

Verification and Testing

After deployment, the service functionality should be verified by sending traffic from within the cluster^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__tcp-echo__README.md]. This typically involves running a temporary Pod (e.g., using kubectl run with a tool like busybox or netcat) to execute requests against the deployed service's cluster IP or DNS name^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__tcp-echo__README.md].

Cleanup

To remove the service from the mesh and cluster, the standard Kubernetes deletion command is used on the original manifest file^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__tcp-echo__README.md].

$ [kubectl](<./kubectl.md>) delete -f tcp-echo.yaml

Sources

^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__tcp-echo__README.md]