Kubernetes Fury Istio add-on module for the Kubernetes Fury Distribution (KFD) allows to transparently add Istio Mesh capabilities to your KFD cluster.
If you are new to KFD please refer to the official documentation on how to get started with KFD.
Kubernetes Fury Istio add-on module deploys Istio service mesh into a Kubernetes cluster. A service mesh, such as Istio, allows to transparently add capabilities like observability, traffic management, and security to applications, without modifying their source code. These capabilities are of great value when running microservices at scale or under strict security requirements.
This module features the Istio Project. Istio provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications.
Read more on Istio's documentation site.
Kubernetes Fury Service Mesh provides the following packages:
| Package | Version | Description |
|---|---|---|
| Istio Operator | v1.22.2 |
Istio Service Mesh Operator package. Including the Istio Operator itself, the Jeager Operator, and Kiali. Includes 3 different profiles: minimal, tracing and full. |
| Kubernetes Version | Compatibility | Notes |
|---|---|---|
1.27.x |
✅ | No known issues |
1.28.x |
✅ | No known issues |
1.29.x |
✅ | No known issues |
Check the compatibility matrix for additional information about previous releases of the modules.
| Tool | Version | Description |
|---|---|---|
| furyctl | >=0.6.0 |
The recommended tool to download and manage KFD modules and their packages. To learn more about furyctl read the official documentation. |
| kustomize | >=3.9.1 |
Packages are customized using kustomize. To learn how to create your customization layer with kustomize, please refer to the repository. |
| KFD Monitoring Module | >=1.11.1 |
To have functioning metrics, dashboards and alerts. Prometheus Operator is also required by Kiali. |
| KFD Logging Module | >=1.7.1 |
When using tracing, ElasticSearch / OpenSearch is used as storage. |
- To start using Kubernetes Fury Service Mesh, add to your
Furyfile.ymlthe module as a base, you can also specify the single package:
bases:
- name: istio/istio-operator
version: v3.1.0See
furyctldocumentation for additional details aboutFuryfile.ymlformat.
- Execute the following command to download the packages to your machine:
furyctl vendor -H-
Inspect the downloaded packages under
./vendor/katalog/istioto get familiar with the content. -
Define a
kustomization.yamlwith that includes the./vendor/katalog/istiodirectory as a resource:
resources:
- ./vendor/katalog/istio/istio-operator/profiles/minimalYou can point to one of the predefined profiles (
minimal,tracingorfull) here.
- Finally, to deploy the selected profile to your cluster, execute:
kustomize build . | kubectl apply -f -For further details please refer to each package's directory in this repository.
The Service Mesh Module not only provides you with Kiali to visualize the status of the service mesh from a UI, but also includes metrics, dashboards and alerts for Istio's components out-of-the-box.
You can monitor the status of Istio, the service-mesh itself and its components from the provided Grafana Dashboards. Here are some screenshots:
click on each screenshot for the full screen version
The following set of alerts is included:
| Alert Name | Summary | Description |
|---|---|---|
| IstioMetricsMissing | Istio Metrics missing | [Critical]: Check prometheus deployment or whether the prometheus filters are applied correctly |
| HTTP5xxRateHigh | 5xx rate too high | The HTTP 5xx errors rate higher than 0.05 in 5 mins |
| WorkloadLatencyP99High | - | The workload request latency P99 > 160ms |
| IngressLatencyP99High | - | The ingress latency P99 > 250ms |
| ProxyContainerCPUUsageHigh | Proxy Container CPU usage (namespace {{ $labels.namespace }}) (pod {{ $labels.pod }}) (container {{ $labels.container }}) VALUE = {{ $value }}. | Proxy Container CPU usage is above 80% |
| ProxyContainerMemoryUsageHigh | Proxy Container Memory usage (namespace {{ $labels.namespace }}) (pod {{ $labels.pod }}) (container {{ $labels.container }}) VALUE = {{ $value }}. | Proxy Container Memory usage is above 80% |
| IngressMemoryUsageIncreaseRateHigh | Ingress proxy Memory change rate, VALUE = {{ $value }}. | Ingress proxy Memory Usage increases more than 200 Bytes/sec |
| IstiodContainerCPUUsageHigh | Istiod Container CPU usage (namespace {{ $labels.namespace }}) (pod {{ $labels.pod }}) (container {{ $labels.container }}) VALUE = {{ $value }}. | Isitod Container CPU usage is above 80% |
| IstiodMemoryUsageHigh | Istiod Container Memory usage (namespace {{ $labels.namespace }}) (pod {{ $labels.pod }}) (container {{ $labels.container }}) VALUE = {{ $value }}. | Istiod Container Memory usage is above 80% |
| IstiodMemoryUsageIncreaseRateHigh | Istiod Container Memory usage increase rate high, VALUE = {{ $value }}. | Istiod Container Memory usage increases more than 1k Bytes/sec |
| IstiodxdsPushErrorsHigh | istiod push errors is too high | istiod push error rate is higher than 0.05 |
| IstiodxdsRejectHigh | istiod rejects rate is too high | istiod rejects rate is higher than 0.05 |
| IstiodContainerNotReady | istiod container not ready | container: discovery not running |
| IstiodUnavailableReplica | Istiod unavailable pod | Istiod unavailable replica > 0 |
| Ingress200RateLow | ingress gateway 200 rate drops | The expected rate is 100 per ns, the limit is set based on 15ns |
Before contributing, please read first the Contributing Guidelines.
In case you experience any problems with the module, please open a new issue.
This module is open-source and it's released under the following LICENSE