istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/content/en/docs/setup/install/multicluster/verify/index.md

7.2 KiB
Raw Blame History

title description weight keywords test owner
Verify the installation Verify that Istio has been installed properly on multiple clusters. 50
kubernetes
multicluster
yes istio/wg-environments-maintainers

Follow this guide to verify that your multicluster Istio installation is working properly.

Before proceeding, be sure to complete the steps under before you begin as well as choosing and following one of the multicluster installation guides.

In this guide, we will verify multicluster is functional, deploy the HelloWorld application V1 to cluster1 and V2 to cluster2. Upon receiving a request, HelloWorld will include its version in its response.

We will also deploy the curl container to both clusters. We will use these pods as the source of requests to the HelloWorld service, simulating in-mesh traffic. Finally, after generating traffic, we will observe which cluster received the requests.

Verify Multicluster

To confirm that Istiod is now able to communicate with the Kubernetes control plane of the remote cluster.

{{< text bash >}} istioctl remote-clusters --context="{CTX_CLUSTER1}" NAME SECRET STATUS ISTIOD cluster1 synced istiod-7b74b769db-kb4kj cluster2 istio-system/istio-remote-secret-cluster2 synced istiod-7b74b769db-kb4kj {{< /text >}}

All clusters should indicate their status as synced. If a cluster is listed with a STATUS of timeout that means that Istiod in the primary cluster is unable to communicate with the remote cluster. See the Istiod logs for detailed error messages.

Note: if you do see timeout issues and there is an intermediary host (such as the Rancher auth proxy) sitting between Istiod in the primary cluster and the Kubernetes control plane in the remote cluster, you may need to update the certificate-authority-data field of the kubeconfig that istioctl create-remote-secret generates in order to match the certificate being used by the intermediate host.

Deploy the HelloWorld Service

In order to make the HelloWorld service callable from any cluster, the DNS lookup must succeed in each cluster (see deployment models for details). We will address this by deploying the HelloWorld Service to each cluster in the mesh.

To begin, create the sample namespace in each cluster:

{{< text bash >}} kubectl create --context="{CTX_CLUSTER1}" namespace sample kubectl create --context="{CTX_CLUSTER2}" namespace sample {{< /text >}}

Enable automatic sidecar injection for the sample namespace:

{{< text bash >}} kubectl label --context="{CTX_CLUSTER1}" namespace sample
istio-injection=enabled kubectl label --context="{CTX_CLUSTER2}" namespace sample
istio-injection=enabled {{< /text >}}

Create the HelloWorld service in both clusters:

{{< text bash >}} kubectl apply --context="{CTX_CLUSTER1}"
-f @samples/helloworld/helloworld.yaml@
-l service=helloworld -n sample kubectl apply --context="{CTX_CLUSTER2}"
-f @samples/helloworld/helloworld.yaml@
-l service=helloworld -n sample {{< /text >}}

Deploy HelloWorld V1

Deploy the helloworld-v1 application to cluster1:

{{< text bash >}} kubectl apply --context="{CTX_CLUSTER1}"
-f @samples/helloworld/helloworld.yaml@
-l version=v1 -n sample {{< /text >}}

Confirm the helloworld-v1 pod status:

{{< text bash >}} kubectl get pod --context="{CTX_CLUSTER1}" -n sample -l app=helloworld NAME READY STATUS RESTARTS AGE helloworld-v1-86f77cd7bd-cpxhv 2/2 Running 0 40s {{< /text >}}

Wait until the status of helloworld-v1 is Running.

Deploy HelloWorld V2

Deploy the helloworld-v2 application to cluster2:

{{< text bash >}} kubectl apply --context="{CTX_CLUSTER2}"
-f @samples/helloworld/helloworld.yaml@
-l version=v2 -n sample {{< /text >}}

Confirm the status the helloworld-v2 pod status:

{{< text bash >}} kubectl get pod --context="{CTX_CLUSTER2}" -n sample -l app=helloworld NAME READY STATUS RESTARTS AGE helloworld-v2-758dd55874-6x4t8 2/2 Running 0 40s {{< /text >}}

Wait until the status of helloworld-v2 is Running.

Deploy curl

Deploy the curl application to both clusters:

{{< text bash >}} kubectl apply --context="{CTX_CLUSTER1}"
-f @samples/curl/curl.yaml@ -n sample kubectl apply --context="{CTX_CLUSTER2}"
-f @samples/curl/curl.yaml@ -n sample {{< /text >}}

Confirm the status curl pod on cluster1:

{{< text bash >}} kubectl get pod --context="{CTX_CLUSTER1}" -n sample -l app=curl NAME READY STATUS RESTARTS AGE curl-754684654f-n6bzf 2/2 Running 0 5s {{< /text >}}

Wait until the status of the curl pod is Running.

Confirm the status of the curl pod on cluster2:

{{< text bash >}} kubectl get pod --context="{CTX_CLUSTER2}" -n sample -l app=curl NAME READY STATUS RESTARTS AGE curl-754684654f-dzl9j 2/2 Running 0 5s {{< /text >}}

Wait until the status of the curl pod is Running.

Verifying Cross-Cluster Traffic

To verify that cross-cluster load balancing works as expected, call the HelloWorld service several times using the curl pod. To ensure load balancing is working properly, call the HelloWorld service from all clusters in your deployment.

Send one request from the curl pod on cluster1 to the HelloWorld service:

{{< text bash >}} kubectl exec --context="{CTX_CLUSTER1}" -n sample -c curl
"(kubectl get pod --context="{CTX_CLUSTER1}" -n sample -l
app=curl -o jsonpath='{.items[0].metadata.name}')"
-- curl -sS helloworld.sample:5000/hello {{< /text >}}

Repeat this request several times and verify that the HelloWorld version should toggle between v1 and v2:

{{< text plain >}} Hello version: v2, instance: helloworld-v2-758dd55874-6x4t8 Hello version: v1, instance: helloworld-v1-86f77cd7bd-cpxhv ... {{< /text >}}

Now repeat this process from the curl pod on cluster2:

{{< text bash >}} kubectl exec --context="{CTX_CLUSTER2}" -n sample -c curl
"(kubectl get pod --context="{CTX_CLUSTER2}" -n sample -l
app=curl -o jsonpath='{.items[0].metadata.name}')"
-- curl -sS helloworld.sample:5000/hello {{< /text >}}

Repeat this request several times and verify that the HelloWorld version should toggle between v1 and v2:

{{< text plain >}} Hello version: v2, instance: helloworld-v2-758dd55874-6x4t8 Hello version: v1, instance: helloworld-v1-86f77cd7bd-cpxhv ... {{< /text >}}

Congratulations! You successfully installed and verified Istio on multiple clusters!

Next Steps

Check out the locality load balancing tasks to learn how to control the traffic across a multicluster mesh.