Awesome

<h1> <img src="https://github.com/sighupio/fury-distribution/blob/main/docs/assets/fury-epta-white.png?raw=true" align="left" width="90" style="margin-right: 15px"/> Kubernetes Fury Service Mesh </h1>

License

Kubernetes Fury Istio add-on module for the Kubernetes Fury Distribution (KFD) allows to transparently add Istio Mesh capabilities to your KFD cluster.

If you are new to KFD please refer to the official documentation on how to get started with KFD.

Overview

Kubernetes Fury Istio add-on module deploys Istio service mesh into a Kubernetes cluster. A service mesh, such as Istio, allows to transparently add capabilities like observability, traffic management, and security to applications, without modifying their source code. These capabilities are of great value when running microservices at scale or under strict security requirements.

Istio

This module features the Istio Project. Istio provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications.

Read more on Istio's documentation site.

Packages

Kubernetes Fury Service Mesh provides the following packages:

Package	Version	Description
Istio Operator	`v1.22.2`	Istio Service Mesh Operator package. Including the Istio Operator itself, the Jeager Operator, and Kiali. Includes 3 different profiles: `minimal`, `tracing` and `full`.

Compatibility

Kubernetes Version	Compatibility	Notes
`1.27.x`	:white_check_mark:	No known issues
`1.28.x`	:white_check_mark:	No known issues
`1.29.x`	:white_check_mark:	No known issues

Check the compatibility matrix for additional information about previous releases of the modules.

Usage

Prerequisites

Tool	Version	Description
furyctl	`>=0.6.0`	The recommended tool to download and manage KFD modules and their packages. To learn more about `furyctl` read the official documentation.
kustomize	`>=3.9.1`	Packages are customized using `kustomize`. To learn how to create your customization layer with `kustomize`, please refer to the repository.
KFD Monitoring Module	`>=1.11.1`	To have functioning metrics, dashboards and alerts. Prometheus Operator is also required by Kiali.
KFD Logging Module	`>=1.7.1`	When using tracing, ElasticSearch / OpenSearch is used as storage.

Istio deployment

To start using Kubernetes Fury Service Mesh, add to your Furyfile.yml the module as a base, you can also specify the single package:

bases:
    - name: istio/istio-operator
      version: v3.1.0

See furyctl documentation for additional details about Furyfile.yml format.

Execute the following command to download the packages to your machine:

furyctl vendor -H

Inspect the downloaded packages under ./vendor/katalog/istio to get familiar with the content.
Define a kustomization.yaml with that includes the ./vendor/katalog/istio directory as a resource:

resources:
    - ./vendor/katalog/istio/istio-operator/profiles/minimal

You can point to one of the predefined profiles (minimal, tracing or full) here.

Finally, to deploy the selected profile to your cluster, execute:

kustomize build . | kubectl apply -f -

For further details please refer to each package's directory in this repository.

Istio Monitoring

The Service Mesh Module not only provides you with Kiali to visualize the status of the service mesh from a UI, but also includes metrics, dashboards and alerts for Istio's components out-of-the-box.

You can monitor the status of Istio, the service-mesh itself and its components from the provided Grafana Dashboards. Here are some screenshots:

click on each screenshot for the full screen version

The following set of alerts is included:

Alert Name	Summary	Description
IstioMetricsMissing	Istio Metrics missing	[Critical]: Check prometheus deployment or whether the prometheus filters are applied correctly
HTTP5xxRateHigh	5xx rate too high	The HTTP 5xx errors rate higher than 0.05 in 5 mins
WorkloadLatencyP99High	-	The workload request latency P99 > 160ms
IngressLatencyP99High	-	The ingress latency P99 > 250ms
ProxyContainerCPUUsageHigh	Proxy Container CPU usage (namespace {{ $labels.namespace }}) (pod {{ $labels.pod }}) (container {{ $labels.container }}) VALUE = {{ $value }}.	Proxy Container CPU usage is above 80%
ProxyContainerMemoryUsageHigh	Proxy Container Memory usage (namespace {{ $labels.namespace }}) (pod {{ $labels.pod }}) (container {{ $labels.container }}) VALUE = {{ $value }}.	Proxy Container Memory usage is above 80%
IngressMemoryUsageIncreaseRateHigh	Ingress proxy Memory change rate, VALUE = {{ $value }}.	Ingress proxy Memory Usage increases more than 200 Bytes/sec
IstiodContainerCPUUsageHigh	Istiod Container CPU usage (namespace {{ $labels.namespace }}) (pod {{ $labels.pod }}) (container {{ $labels.container }}) VALUE = {{ $value }}.	Isitod Container CPU usage is above 80%
IstiodMemoryUsageHigh	Istiod Container Memory usage (namespace {{ $labels.namespace }}) (pod {{ $labels.pod }}) (container {{ $labels.container }}) VALUE = {{ $value }}.	Istiod Container Memory usage is above 80%
IstiodMemoryUsageIncreaseRateHigh	Istiod Container Memory usage increase rate high, VALUE = {{ $value }}.	Istiod Container Memory usage increases more than 1k Bytes/sec
IstiodxdsPushErrorsHigh	istiod push errors is too high	istiod push error rate is higher than 0.05
IstiodxdsRejectHigh	istiod rejects rate is too high	istiod rejects rate is higher than 0.05
IstiodContainerNotReady	istiod container not ready	container: discovery not running
IstiodUnavailableReplica	Istiod unavailable pod	Istiod unavailable replica > 0
Ingress200RateLow	ingress gateway 200 rate drops	The expected rate is 100 per ns, the limit is set based on 15ns

Contributing

Before contributing, please read first the Contributing Guidelines.

Reporting Issues

In case you experience any problems with the module, please open a new issue.

License

This module is open-source and it's released under the following LICENSE