Kubernetes Introduction: Istio

  • February 9, 2022

As discussed in this article, Istio is simply an implementation of the service mesh paradigm or pattern as may be called. Recall what a service mesh is: it is simply a means of managing network traffic between services in an application.

An Istio Service Mesh is logically split into two components as explained earlier in this article:

  • Data plane : This plane contains the Envoy proxies or sidecars that are deployed side by side with each service instance.
  • Control plane : This plane contains “istiod” which manages and configures the proxies to route traffic to different service instances.


The diagram below shows the Istio Service Mesh architecture:

Istio Architecture


To understand more of these Istio core components you can read all of that through this link.

In order to proceed in this article/hands-on demo, below are the requirements:

  • Docker installed (Here’s a link to a tutorial)
  • Minikube and kubectl installed (Here’s a link to a tutorial)


Before we go any further let’s get to understand what each of these tools are:


What is Docker?

“Docker is basically an open-source platform used to containerize applications.”


What is Minikube?

“This is a tool that let’s users run kubernetes on their local machines. Minikube runs a single-node kubernetes cluster on your personal computer, in order to perform development related work.

This creates a VM on your local machine and runs docker containers inside of that virtual machine. Those docker containers are contained inside of the smallest execution unit in kubernetes called “pods”.


What is kubectl?

This is the kubernetes command-line tool which allows users to run commands such as deploying applications, inspecting and managing kubernetes clusters and their resources etc.

You must have the above requirements set up in your local machine in order to follow along properly. Links to tutorials to set up the requirements above have been dropped. Do kindly follow them if you don’t have any of the requirements installed.

Now that you have gotten the above set up, let’s get started! A Linux machine will be used for this hands-on demo.

  • First off we need to install istio on our local machines in order to proceed. We will be using the latest version of istio. Input the following command into your terminal to download istio:


curl -L https://istio.io/downloadIstio | sh –

As of the time of writing this article, the version of istio is 1.11.3.


Once your download is completed, the following should be displayed on your terminal:

Istio Download Complete!


Now that you have Istio downloaded on your local machine, let’s go ahead and “CD” into the downloaded package directory and add the Istioctl (Istio command utility) client to our OS path. In order to do all of the above mentioned, we perform the following commands below:

cd istio-1.11.3

export PATH=$PWD/bin:$PATH


Alright, we have successfully added the Istio command utility (istioctl) into our OS path. Let’s go ahead and install Istio on our local machine.


Let’s go ahead and start up minikube with specific resources and also install Istio with the following commands:

minikube start — cpus 4 — memory 4096

istioctl install

Istio successfully installed!


Finally, Istio has been installed on our local machine. Let’s go ahead and add a namespace label (Away or scope of organizing pods, services, and deployments in clusters) to instruct Istio to automatically inject Envoy sidecar proxies to each service that will be deployed shortly. In order to add the namespace label we can perform the following command:

kubectl label namespace default istio-injection=enabled


The output would be:

namespace/default labeled


That is to indicate that the namespace label has been added and an envoy proxy will be added to each service in deployment.

  • Let’s go ahead and deploy an application using Istio. This application has a microservice architecture. Recall what a service mesh is; it manages network traffic between services in applications, hence the reason for using this application with this architecture.


The application provided by Istio, is a demo or sample application for testing or getting to grips with Istio services. Let’s go ahead and use that.

  • Before the application gets deployed, let’s go ahead and “apply” (i.e to create kubernetes resources defined in the manifest file) the file that defines the services, service accounts, and deployments for this “bookinfo” sample application. (This application simply displays information about books, reviews and ratings).


This application’s manifest file is located inside of the istio folder “istio-1.11.3” we downloaded earlier. Without further-ado let’s “cd” into the “istio-1.11.3” folder and perform the following commands below:

kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml

Once the command above has been performed, this should be the desired output:

bookinfo.yaml successfully applied.


The application’s manifest file “bookinfo.yaml” has been applied and corresponding services defined in the manifest file, have been pulled from docker, then created and deployed. As each kubernetes pod gets ready, each service instance is deployed with an Envoy proxy or Istio sidecar.

  • In order to view the current running pods containing the different services with their individual proxies, we perform the following command:

kubectl get pods

pods up and running!


Run the above command from time to time in order to check if the pods are up an running.

 Immediately after the “bookinfo.yaml” file has been applied, the images and settings configured inside of the manifest file were pulled and deployed respectively.

  • To view your cluster in a GUI format, you can simply perform the following command below:

minikube dashboard

Kubernetes pods shown in full details 


Shortly after the above command has been implemented, a browser tab opens displaying the Kubernetes dashboard with all details and functions pertaining to Kubernetes. 

Finally our pods containing different services with envoy proxies have been deployed, but unfortunately we cannot access the application from the outside. Let’s go ahead and configure Istio to allow the application to be accessible from the outside by creating an Istio Ingress Gateway. (Ingress meaning “Entrance”).

In order to link up an Istio gateway to our application we need to apply the manifest file containing configurations for this gateway. We do that by changing directories or “cd” into the “istio-1.11.3” folder on our terminal, and performing the following command:


kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

Istio gateway manifest file applied!


The image above displays the configurations for the Istio gateway that have been created and deployed into the cluster. 

  • Let us confirm that the gateway has started by performing the following command:

kubectl get gateway

Gateway up and running


Before we get to linking up our application with the gateway, let’s get the IP address of the minikube instance currently running. We do that by performing the following command:

minikube ip

The output would be:


Above is the IP address of my minikube instance. The address is needed so we can link up the application with the gateway by way of setting up the “ingress IP” and “ingress ports”. 

Let’s now go ahead and link up our gateway with the application that is currently running so we can access it from the outside.

  • Let’s setup our ingress host and set it as an environment variable by performing the following command:

export INGRESS_HOST=$(minikube ip)

  • Let’s also setup our ingress ports (ingress port and secure ingress port) and set it as an environment variable, and then inspect the service json file and filtering through to get the ports. We do that by performing the following commands:


export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath=’{.spec.ports[?(@.name==”http2″)].nodePort}’)

export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath=’{.spec.ports[?(@.name==”https”)].nodePort}’)


  • Let’s setup the ingress gateway URL to be the ingress host (minikube IP) and the ingress port (ingress port not ingress secure port). We run the following command:



  • Let’s view our already setup gateway URL with the following command:

printenv GATEWAY_URL

The output would be:


  • Let’s input the above URL with the “productpage” route into our browser and check out our application! Run the following command:


Simple Bookstore App up and running!


Finally the application is up and running! and can be accessible via the browser. Now you have made your first Istio deployment. 

If you wish to stop the minikube instance you can run the following command:

minikube stop


Otherwise if you wish to delete the sample application and its configurations, we perform the following commands:

istioctl manifest generate — set profile=demo | kubectl delete — ignore-not-found=true -f –

kubectl delete namespace istio-system

kubectl label namespace default istio-injection-


You have successfully implemented Istio in a microservice application, you now understand basically how a service mesh works in a practical sense. Now the rest is up to you to study more and practice more. Cheers on your learning journey!


Written by: Diego Woitasen