5 steps to bring CoolStore’s Service Mesh to Azure Kubernetes Service (AKS)

Step 1: Install Docker for Windows and enable Kubernetes, Ubuntu WSL, kubectl, istioctl, helm and az

Step 2: Create coolstore AKS, enabled RBAC. Minimum should have 3 nodes (istio pilot needs it)

And make sure checking to enable RBAC as following

Follow up with next steps to finish creating the cluster. It normally takes around 20 to 30 minutes.

After it finished, we should be able to access to the Dashboard with following steps

> az aks get-credentials --resource-group coolstore --name coolstore
> kubectl proxy

But now, you will not be able to access to Kubernetes Dashboard. Then we need to add several steps then

> kubectl create clusterrolebinding kubernetes-dashboard -n kube-system --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard

Get the token subsequently

> kubectl get secret $(kubectl get serviceaccount kubernetes-dashboard -n kube-system -o jsonpath="{.secrets[0].name}") -n kube-system -o jsonpath="{.data.token}" | base64 --decode

Paste the token to login page as http://localhost:8001/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy/#!/login

Step 3: Install Istio on AKS

Due to some of the timeout issues for helm at now so that I couldn’t use helm to install, but export it to yaml file, then using kubectl to create it on AKS. Download istio 1.0.0, then upzip to somewhere on the machine. Following command to export and deploy it to AKS

> helm template install/kubernetes/helm/istio --namespace istio-system > istio-dump.yaml
kubectl create -f istio-dump.yaml
> kubectl create -f istio-dump.yaml

Step 4: Install Coolstore on AKS

Get the internal istio-ingress IP by using

> kubectl get services istio-ingressgateway -n istio-system -o=jsonpath={.spec.clusterIP}

Create the values.aks.yaml with content like

gateway:
  ip: 10.0.106.82

Then run helm command

> helm template deploys/charts/coolstore -f deploys/charts/coolstore/values.aks.yaml > deploys/k8s/dev-all-in-one.aks.yaml

Finally, we inject sidecar with this command

> istioctl kube-inject -f deploys/k8s/dev-all-in-one.aks.yaml | kubectl apply -f -

Step 5: Put mapping for hosts file

Get external IP on istio ingress by using

> kubectl get svc -n istio-system

It should print out something like

...
istio-ingressgateway LoadBalancer 10.106.52.19 localhost 80:31380/TCP,443:31390/TCP,31400:31400/TCP,15011:32131/TCP,8060:30958/TCP,15030:31983/TCP,15031:30365/TCP 8d
...

Then, we only need to copy 10.106.52.19 to C:WindowsSystem32driversetchosts file as following

10.106.52.19 id.coolstore.aks
10.106.52.19 api.coolstore.aks
10.106.52.19 coolstore.aks

From now on, we can access website at http://coolstore.aks, identity provider at http://id.coolstore.aks, and api gateway at http://api.coolstore.aks

Let say we access to http://api.coolstore.aks/cart/swagger, then we should see

And the website at http://coolstore.aks

Hola! We done. Lets explore and enjoy the world of Service Mesh.

read original article here