Thang Chung

Software Developer and Architect

5 steps to bring CoolStore’s Service Mesh to Azure Kubernetes Service (AKS)

The first words

Service Mesh is a cutting-edge terminology in these days. I have seen that a lot of people starting to talk about this topic all over the world. The first time around 4 months ago, I started to have a look at it and really surprise a lot. How beautiful can it do to help us build a complex microservices stack actually makes me keep focusing on it?

As far as we know, in order to build the system with microservices approach comes with a lot of headache problems, and the main things are we need to pay attention to many concepts of the distributed computing. Everyone knows that distributed computing. In my personally, the distributed system is quite hard and not easy to adopt for a long time after it is coined many years ago. Many big companies like Twitter, Netflix, Google, Amazon, Microsoft… spent a lot of money and efforts to find and build the neat solutions on that. A ton of libraries and tools came in since then. You can search a lot of topics to discuss how can we build and use those solutions and tooling to avoid the trap in the microservices approach. Just googling a microservices keyword and you will believe in me.

The complex problems are communication, traffic control (route), security, and observe services quite hard to adopt, even if you are know everything about how to implement it. “Don’t optimize layers, remove them” is a term that we heard a lot nowadays. But what the heck if we don’t need to optimize, instead of removing it. This sentence is quite buzzwords, but actually, it is real if you follow up to the end of this article, and find out by yourself how easy it can. Believe me!

In 2017, there are coming with a lot of tooling and orchestrator which helps us a lot in managing the dynamic and flexible of changes in software development (infrastructure as software). Some of those are Docker, Kubernetes, Istio… And just last couple of days, Istio released to 1.0.0 version and promise that they will become the big tooling in the service mesh world that helps us build up the microservice stack with a small effort.

To start with the big thing, we need to set up and run the small thing first, I chose CoolStore project from JBoss Demo Center and Redhat Demo Center to demonstrate what I said. This project is implemented totally in Java Stack. I borrow the ideas and build up from scratch with .NET Core 2.x and NodeJS because of the popularity of .NET in my company and generally in my country as well.

In remain of this article, we will deploy the following Coolstore project as following to AKS


  • Windows 10
  • Windows Subsystem Linux (WSL — Ubuntu OS)
  • Docker for Windows (Kubernetes enabled)
  • Azure Account with a valid subscription
  • kubectl
  • helm
  • istioctl
  • Azure CLI 2.0 (az)

Step 1: Install Docker for Windows and enable Kubernetes, Ubuntu WSL, kubectl, istioctl, helm and az

Step 2: Create coolstore AKS, enabled RBAC. Minimum should have 3 nodes (istio pilot needs it)

And make sure checking to enable RBAC as following

Follow up with next steps to finish creating the cluster. It normally takes around 20 to 30 minutes.

After it finished, we should be able to access to the Dashboard with following steps

> az aks get-credentials --resource-group coolstore --name coolstore
> kubectl proxy

But now, you will not be able to access to Kubernetes Dashboard. Then we need to add several steps then

> kubectl create clusterrolebinding kubernetes-dashboard -n kube-system --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard

Get the token subsequently

> kubectl get secret $(kubectl get serviceaccount kubernetes-dashboard -n kube-system -o jsonpath="{.secrets[0].name}") -n kube-system -o jsonpath="{.data.token}" | base64 --decode

Paste the token to login page as http://localhost:8001/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy/#!/login

Step 3: Install Istio on AKS

Due to some of the timeout issues for helm at now so that I couldn’t use helm to install, but export it to yaml file, then using kubectl to create it on AKS. Download istio 1.0.0, then upzip to somewhere on the machine. Following command to export and deploy it to AKS

> helm template install/kubernetes/helm/istio --namespace istio-system > istio-dump.yaml
kubectl create -f istio-dump.yaml
> kubectl create -f istio-dump.yaml

Step 4: Install Coolstore on AKS

Get the internal istio-ingress IP by using

> kubectl get services istio-ingressgateway -n istio-system -o=jsonpath={.spec.clusterIP}

Create the values.aks.yaml with content like


Then run helm command

> helm template deploys/charts/coolstore -f deploys/charts/coolstore/values.aks.yaml > deploys/k8s/dev-all-in-one.aks.yaml

Finally, we inject sidecar with this command

> istioctl kube-inject -f deploys/k8s/dev-all-in-one.aks.yaml | kubectl apply -f -

Step 5: Put mapping for hosts file

Get external IP on istio ingress by using

> kubectl get svc -n istio-system

It should print out something like

istio-ingressgateway LoadBalancer localhost 80:31380/TCP,443:31390/TCP,31400:31400/TCP,15011:32131/TCP,8060:30958/TCP,15030:31983/TCP,15031:30365/TCP 8d

Then, we only need to copy to C:\Windows\System32\drivers\etc\hosts file as following id.coolstore.aks api.coolstore.aks coolstore.aks

From now on, we can access website at http://coolstore.aks, identity provider at http://id.coolstore.aks, and api gateway at http://api.coolstore.aks

Let say we access to http://api.coolstore.aks/cart/swagger, then we should see

And the website at http://coolstore.aks

Hola! We done. Lets explore and enjoy the world of Service Mesh.

Final Thoughts

In 2018, we have enough of tooling to make our dream comes to. We have Docker to package your piece of the application, then we don’t worry about which programming language that we used to implement the application. That means we have portability attribute in software development. From now on, we can bring this image and start to run it anytime, anywhere on any platforms (cloud-native apps). But then we need some tool for control and orchestrate your containers in Cloud Native platforms. That where Kubernetes come in to play its role. We have the tool just to control and help us to orchestrate our container to play the correct way on the correct role, and on the correct policy that we allow by define in manifest files. What makes it different finally? Service Mesh will help you to control your traffic, secure communication, define the way services connecting together, and essentially observation your activities.

We will see the emerge of Service Mesh in next couple of years. And also the next couple of articles from me in this year about this topic.

The source code for this article can be found at

Thanks for reading! If you enjoyed this article, be sure to click 👏 symbol below so others will see it.

More by Thang Chung

Topics of interest

More Related Stories