Aman kant Mahto's Blog
End-to-End GitOps and Service Mesh Implementation for Microservices on AWS EKS with ArgoCD and Istio

End-to-End GitOps and Service Mesh Implementation for Microservices on AWS EKS with ArgoCD and Istio

Aman kant Mahto's photo
Aman kant Mahto
·

7 min read

Project Overview

This project demonstrates the implementation of a Kubernetes cluster using EKS (Elastic Kubernetes Service) and employs GitOps principles with ArgoCD for continuous deployment. Additionally, Istio is integrated as a service mesh to facilitate canary deployments and traffic management. The application used in this project is a microservices-based website consisting of multiple services developed in Python, Ruby, Java, and Node.js. Supporting technologies include AWS, eksctl, kubectl, GitHub, ArgoCD, Istio, Prometheus, Grafana, Kiali, and SonarQube. These technologies are interconnected to deliver a seamless DevOps workflow, ensuring efficient deployments, monitoring, and scaling of the application.

1. Prerequisites

To successfully deploy this project, ensure the following prerequisites are met:

  • AWS CLI: Used for managing AWS services and configuring EKS clusters.

  • eksctl: A CLI tool specifically for creating and managing EKS clusters easily.

  • kubectl: The Kubernetes CLI for interacting with the cluster.

  • ArgoCD CLI: Enables interaction with the ArgoCD server to manage GitOps workflows.

  • Istio CLI (istioctl): Required for managing and installing Istio service mesh.

  • Git: For version control and collaboration.

  • GitHub: To host the application code and configuration files.

  • Basic Understanding: Familiarity with Kubernetes, ArgoCD, and Istio concepts is highly recommended.

2. Cluster Creation

  1. Use eksctl to create a Kubernetes cluster on AWS:

     eksctl create cluster --name devopsproject

    The cluster will serve as the foundation for deploying and managing containerized applications.

  2. Verify the cluster's status and ensure all nodes are active and ready.

3. Set Up GitHub Repository

  1. Initialize a Local Repository: Start a new GitHub repository to store application configurations:

     echo "# devops_project_5__jan" >> README.md
 git init
 git add README.md
 git commit -m "first commit"
 git branch -M main
 git remote add origin https://github.com/aravrider/devops_project_5__jan.git
 git push -u origin main

    The repository acts as the single source of truth for the cluster's desired state.

  2. Add Application Configuration Files: Fetch the Bookinfo application YAML file and add it to the repository:

     curl https://raw.githubusercontent.com/vimallinuxworld13/eks_istio_bookinfo_app/refs/heads/master/bookinfo.yaml -o bookinfo.yaml
 git add .
 git commit -m "Add Bookinfo application"
 git push

    Changes to this repository trigger automatic redeployments via ArgoCD.

4. Install and Configure ArgoCD

  1. Namespace Creation: Create a dedicated namespace for ArgoCD:

     kubectl create namespace argocd

    Namespaces isolate resources, improving organization and security.

  2. Install ArgoCD: Deploy ArgoCD into the Kubernetes cluster:

     kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

    ArgoCD monitors the GitHub repository for changes and ensures the cluster state matches the repository state.

  3. Set ArgoCD Context: Switch kubectl to use the ArgoCD namespace:

     kubectl config set-context --current --namespace=argocd

  4. Login to ArgoCD:

     argocd login --core

    This ensures you can interact with the ArgoCD server for managing applications.

  5. Access ArgoCD UI: Forward the ArgoCD server port to your local machine:

     kubectl port-forward svc/argocd-server -n argocd 8080:443

    Access the ArgoCD dashboard at http://localhost:8080 to visualize and manage deployments.

5. Deploy Application

  1. Verify Pods: Check the status of the deployed pods:

     kubectl get pods -n default

  2. Access the Application: Forward the productpage service port to your local machine:

     kubectl port-forward svc/productpage -n default 80:9080

    Visit http://127.0.0.1/productpage to view the application.

  3. Automatic Redeployment: Push changes to the GitHub repository, and ArgoCD will redeploy the updated version automatically.

6. Install Istio

  1. Install Istio: Use istioctl to install Istio with a demo profile:

     istioctl install --set profile=demo

    Istio provides advanced traffic management, monitoring, and security features.

  2. Verify Installation:

     kubectl get pods -n istio-system
 kubectl get svc -n istio-system

  3. Enable Istio Injection: Label the default namespace for Istio injection:

     kubectl label namespace default istio-injection=enabled
 kubectl delete pods --all -n default

    Deleting pods ensures new pods are launched with Istio sidecar containers, enabling traffic monitoring and control.

  4. Configure Gateway: Apply the Bookinfo gateway configuration:

     curl https://raw.githubusercontent.com/vimallinuxworld13/devops_project_based_learning_2025_batch1/refs/heads/master/bookinfo-gateway.yaml -o bookinfo-gateway.yaml
 kubectl apply -f bookinfo-gateway.yaml

    The gateway enables external traffic to access the microservices.

  5. This load balancer is created through aws so we will get a link from aws load balancer when we will paste it in browser it will show our wesite

     http://a4664a0fbb5a246deb0683aab17ee2f6-1035207323.ap-south-1.elb.amazonaws.com/productpage

    The gateway enables external traffic to access the microservices.

7. Traffic Management and Monitoring

  1. Install Istio Addons: Navigate to the Istio addons directory and apply configurations:

     cd "C:\Users\DELL\Downloads\istio-1.24.2-win-amd64\istio-1.24.2\samples"
 kubectl apply -f addons/

  2. Verify Monitoring Tools:

     kubectl get pods -n istio-system

    Example output includes tools like Prometheus, Grafana, Kiali, and Jaeger.

  3. Access Kiali Dashboard:

     istioctl dashboard kiali

    Kiali provides a detailed visualization of the service mesh, highlighting traffic flow and any issues.

  4. Traffic Shifting: Use Kiali or CLI to configure traffic shifting between versions. Create destination rules and virtual services (e.g., vs.yml, dr.yml) to manage traffic split percentages.

  5. Monitor with Prometheus:

     kubectl port-forward -n istio-system deployment/prometheus 9090:9090

    Prometheus collects and stores metrics from the cluster.

  6. Visualize Metrics with Grafana:

     kubectl port-forward -n istio-system deployment/grafana 3000:3000

    Grafana displays metrics in user-friendly dashboards for real-time insights.

8. Integration with SonarQube

SonarQube can be integrated to perform static code analysis, detecting code quality issues and vulnerabilities. This ensures that the code adheres to best practices before deployment.

9. Application Architecture

The website uses a modular microservices architecture, with each service independently deployable and scalable.

Microservices

  • Productpage: Written in Python, it acts as the entry point for users.

  • Details: Written in Ruby, it provides product details.

  • Reviews: Written in Java, this service has three versions to demonstrate canary deployments.

  • Ratings: Written in Node.js, it fetches ratings for products.

Communication Flow

  1. Istio Gateway: All external traffic enters through the Istio Gateway.

  2. Private Load Balancers: Kubernetes load balancers manage communication between services.

  3. Service Interactions:

    • Productpage communicates with Details and Reviews.

    • Reviews fetches ratings from the Ratings service.

10. Key Features

  • GitOps: Continuous Deployment with ArgoCD ensures the cluster state matches the GitHub repository.

  • Service Mesh: Istio enables traffic management, monitoring, and security.

  • Monitoring Tools: Prometheus and Grafana provide detailed metrics and visualizations.

  • Visualization: Kiali offers insights into the service mesh structure and traffic flow.

  • Microservices Architecture: Enables independent scaling and development of services.

11. Future Enhancements

  • CI Pipeline: Add automated build and test processes.

  • SonarQube: Integrate for static code analysis.

  • End-to-End Tests: Implement testing for reliability and robustness.

Technology Dependencies in the DevOps Workflow

  1. AWS & eksctl:
    AWS provides the infrastructure to host the Kubernetes cluster, while eksctl simplifies cluster creation and management. All other components—ArgoCD, Istio, and the application—are deployed within this Kubernetes cluster, making AWS and eksctl the foundational layer.

  2. Kubernetes & kubectl:
    Kubernetes orchestrates the deployment, scaling, and management of containerized applications. The kubectl CLI acts as the primary interface to interact with the cluster, enabling configuration and monitoring of all resources. Without Kubernetes, there would be no platform for hosting microservices or integrating other tools like ArgoCD and Istio.

  3. GitHub & ArgoCD:

    • GitHub serves as the source of truth for application code and configurations.

    • ArgoCD continuously monitors the GitHub repository to ensure the cluster's actual state matches the desired state defined in the repository. Changes pushed to GitHub trigger redeployments, creating a seamless GitOps workflow.
      ArgoCD’s dependency on GitHub ensures that updates are version-controlled and auditable.

  4. Istio & Kubernetes:

    • Istio relies on Kubernetes to inject sidecar containers (Envoy proxies) into pods. These proxies enable traffic management, monitoring, and security.

    • Istio’s gateways, virtual services, and destination rules operate on Kubernetes resources, making the two tightly coupled.
      Kubernetes ensures pods are running, while Istio adds advanced networking features.

  5. Monitoring Tools (Prometheus, Grafana, Kiali, Jaeger):

    • Prometheus integrates with Kubernetes and Istio to collect metrics about application performance, cluster health, and traffic flow.

    • Grafana uses Prometheus as a data source to display metrics in dashboards.

    • Kiali provides a visualization of the Istio service mesh, using metrics and logs collected by Prometheus and Istio.

Together, these tools rely on Kubernetes and Istio to gather, process, and display telemetry data.

Workflow Example

  • A developer pushes updated code to GitHub.

  • ArgoCD detects the changes and deploys the updated application to the Kubernetes cluster.

  • Istio manages traffic routing for the updated service, enabling canary deployments to test the new version.

  • Prometheus monitors application performance, and Grafana visualizes these metrics. If issues arise, Kiali and Jaeger provide insights into the service mesh and request flow to identify the root cause.

  • Developers can iterate on code quality based on SonarQube analysis to ensure a robust application before redeployment.

This interconnected system ensures that changes propagate smoothly from code to deployment, with visibility and control at every step.

Conclusion

This project integrates multiple DevOps tools and practices, showcasing an end-to-end deployment and monitoring solution for a microservices-based application. The combination of EKS, ArgoCD, Istio, and monitoring tools ensures robust, scalable, and reliable deployments.