Istio within GKE

istio namespace

Let’s take a look at Istio’s namespace to see what has been deployed by GKE.


The following command should return the Istio services that were created during the deployment:

Λ\: $ kubectl get services --namespace istio-system
NAME                     TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                                                                                                                                      AGE
istio-citadel            ClusterIP    <none>          8060/TCP,15014/TCP                                                                                                                           3m44s
istio-galley             ClusterIP     <none>          443/TCP,15014/TCP,9901/TCP                                                                                                                   3m44s
istio-ingressgateway     LoadBalancer (1)
      15020:31451/TCP,80:30014/TCP,443:31704/TCP,31400:32549/TCP,15029:32055/TCP,15030:31472/TCP,15031:31783/TCP,15032:31047/TCP,15443:31788/TCP                                                                     3m44s
istio-pilot              ClusterIP   <none>          15010/TCP,15011/TCP,8080/TCP,15014/TCP                                                                                                       3m43s
istio-policy             ClusterIP    <none>          9091/TCP,15004/TCP,15014/TCP                                                                                                                 3m43s
istio-sidecar-injector   ClusterIP     <none>          443/TCP                                                                                                                                      3m43s
istio-telemetry          ClusterIP    <none>          9091/TCP,15004/TCP,15014/TCP,42422/TCP                                                                                                       3m43s
promsd                   ClusterIP    <none>          9090/TCP                                                                                                                                     3m43s
1 Here, you see the external IP of your cluster

Save the ingress gateway external IP to CLUSTER_INGRESS_IP environment variable, you will need it afterwards to reach the cluster:

Λ\: $ export CLUSTER_INGRESS_IP=$(kubectl -n istio-system get service/istio-ingressgateway -o json | jq '.status.loadBalancer.ingress[0].ip' -r)


Moreover, we can take a look at the pods used inside this namespace with the following command:

Λ\: $ kubectl get pods --namespace istio-system
NAME                                      READY   STATUS      RESTARTS   AGE
istio-citadel-554b499885-xpfnb                   1/1     Running     0          16m
istio-galley-7954555f7b-2w6fl                    1/1     Running     0          16m
istio-ingressgateway-6d8f9d87f8-vh52w            1/1     Running     0          16m
istio-pilot-78d6847769-z97dc                     2/2     Running     0          16m
istio-policy-6b799c557-mgbsw                     2/2     Running     0          16m
istio-sidecar-injector-8cd757776-2h78g           1/1     Running     0          16m
istio-telemetry-799668466f-jph6d                 2/2     Running     0          16m
promsd-76f8d4cff8-wl97r                          2/2     Running     0          16m

We can see the system has only one instance of each component. GKE provides configurable features to allow scaling up some of the core components.

To get an idea of which component can be modified in GKE, please refer to

Cloud Operations

Cloud Operations is Google Cloud’s managed logging and monitoring service. It has many features we will be using to watch our cluster and visualize what is actually happening.

Trace 🚩

You can access the Trace list through the cloud console by clicking on the Trace list menu button.

To activate trace exports to Cloud Operations, you need to run following command:

Λ\: $ kubectl -n istio-system patch rule stackdriver-tracing-rule --type merge --patch '{"spec": { "match": "context.protocol == \"http\" || context.protocol == \"grpc\"" } }'

Cloud Operations Trace overview

There, you will find a screen which shows the distributed traces inside your cluster. For now, of course, the system is empty 😅

Cloud Operations Trace

This view will be used later in the workshop, so keep a link to it !


You can access the Logs section through the console, with the Logging button in the side bar.

Cloud Operations Logging button

Here, you may see logs from all the components in the project, and in our case, those from the containers and the cluster.

Cloud Operations Logging

This view will be used later in the formation, so keep a link to it !


You can access the Cloud Operations monitoring dashboard with the Monitoring menu button.

Cloud Operations console access

You should end up in a custom interface (outside of the Google Cloud Console) dedicated to the monitoring operation.

Cloud Operations dashboard

Open the monitoring interface by clicking on Metrics explorer.

Open metrics explorer

This view will be used later on to build metrics for our cluster, so keep a link to it !