Lab 4: Service Mesh with Istio on AKS (Optional)

Note

This lab is optional. It accompanies the optional Module 5 on service mesh concepts. If service mesh is not relevant to your scenario, you can skip this lab and move straight on to Lab 5: Clean Up .

In this lab, you will enable the AKS Istio add-on, deploy a sample application into the mesh, expose it through an Istio ingress gateway, use Istio routing rules to shift traffic between two versions of the application, verify and enforce mutual TLS between workloads, and visualise the mesh with Kiali.

This lab is designed to take around 50 minutes.

Learning Objectives

Remove the Application Routing Gateway API add-on so the Istio service mesh add-on can be enabled
Enable the Istio add-on on an existing AKS cluster
Confirm the Istio control plane and ingress gateway are running
Add a namespace to the mesh using sidecar injection
Deploy two versions of a demo application
Expose the application through an Istio gateway
Use VirtualService and DestinationRule resources for traffic splitting
Verify and enforce mutual TLS (mTLS) between meshed workloads
Install Kiali and visualise mesh traffic