// Steps for Google Cloud are missing
// Prerequisite. Update later.
Install VirtualBox
https://virtualbox.org/wiki/Downloads
Get Kubectl
https://virtualbox.org/wiki/Downloads
Get Mini
https://github.com/kubernetes/minikube/releases
//
Start minikube
minikube start --memory=8192
// or
minikube start --memory 6144
Check minikube running
minikube ip # 192.168.99.101
kubectl get nodes
Install Istio 1.1.7
ref: https://istio.io/docs/setup/kubernetes/download/
curl -L https://git.io/getLatestIstio | ISTIO_VERSION=1.1.7 sh -
cd ./istio-*
export PATH=$PWD/bin:$PATH
// check whether PATH is correct or duplicated
// when you repeat Istio installation multiple time,
// the PATH can be duplicated locations. then remove them
echo $PATH.
ref: https://istio.io/docs/setup/kubernetes/install/kubernetes/#verifying-the-installation
for i in install/kubernetes/helm/istio-init/files/crd*yaml; do kubectl apply -f $i; done
option 1: permissive mutual TLS mode
kubectl apply -f install/kubernetes/istio-demo.yaml
option 2: static mutual TLS mode (enforce to use mutial TLS)
kubectl apply -f install/kubernetes/istio-demo-auth.yaml
kubectl get svc -n istio-system
// wait until all pods are running. It takes time.
kubectl get pods -n istio-system
kubectl get pods -n istio-system
Install BookInfo App
ref: https://istio.io/docs/examples/bookinfo/#confirm-the-app-is-accessible-from-outside-the-cluster
kubectl label namespace default istio-injection=enabled
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
kubectl get services
kubectl get pods
kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
Determining the ingress IP and port
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
kubectl get gateway
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
export INGRESS_HOST=$(minikube ip)
export GATEWAY_URL=$(minikube ip):$(kubectl get svc istio-ingressgateway -n istio-system -o 'jsonpath={.spec.ports[0].nodePort}')
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
Apply default destination rules
ref: https://istio.io/docs/examples/bookinfo/#confirm-the-app-is-accessible-from-outside-the-cluster// if you selected option 1: not mutual TLS
kubectl apply -f samples/bookinfo/networking/destination-rule-all.yaml
// if yu selected option 2: mutual TLS
kubectl apply -f samples/bookinfo/networking/destination-rule-all-mtls.yaml
kubectl get destinationrules -o yaml
curl -o /dev/null -s -w "%{http_code}\n" http://${GATEWAY_URL}/productpage
Output should be
200
# If you get 000 or 503, check pods or running.
check solution here:
https://haanmo.blogspot.com/2019/05/productpage-cannot-be-accessed-and_22.html
View BookInfo App
echo "Site page for your browser: http://${GATEWAY_URL}/productpage"
Output should be like,
Site page for your browser: http://192.168.99.100:31380/productpage
Static Routing
istioctl get destinationrules
kubectl create -f samples/bookinfo/networking/virtual-service-all-v1.yaml
less samples/bookinfo/networking/virtual-service-all-v1.yaml
kubectl get virtualservice -o yaml
check BookInfo App
http://$GATEWAY_URL/productpage
Dynamic Routing
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
less samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
kubectl get virtualservice reviews -o yaml
Check BookInfo App again
http://$GATEWAY_URL/productpage
Before Traffic Management
ref: https://istio.io/docs/tasks/traffic-management/fault-injection/
kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml
kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
Injecting an HTTP delay fault
kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml
kubectl get virtualservice ratings -o yaml
Test
login BookInfo with jason.
jason does not have password. leave blank.
if you see
Sorry, product reviews are currently unavailable for this book.
then injecting fault is woking.
Injecting an HTTP abort fault
kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-abort.yaml
kubectl get virtualservice ratings -o yaml
Test
login BookInfo with jason.
jason does not have password. leave blank.
if you see ratings without starts, then injecting fault is woking.
Collect Metrics
https://istio.io/docs/tasks/telemetry/metrics/collecting-metrics/
kubectl apply -f samples/bookinfo/telemetry/metrics.yaml
curl http://$GATEWAY_URL/productpage
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=prometheus -o jsonpath='{.items[0].metadata.name}') 9090:9090 &
// check Prometheus UI
http://localhost:9090/graph?g0.range_input=1h&g0.expr=istio_double_request_count&g0.tab=1
http://localhost:9090/graph?g0.range_input=1h&g0.expr=istio_double_request_count&g0.tab=1
Collect Logs
kubectl apply -f samples/bookinfo/telemetry/log-entry.yaml
curl http://$GATEWAY_URL/productpage
// get logs
kubectl logs -n istio-system -l istio-mixer-type=telemetry -c mixer | grep "newlog" | grep -v '"destination":"telemetry"' | grep -v '"destination":"pilot"' | grep -v '"destination":"policy"' | grep -v '"destination":"unknown"'
kubectl logs -n istio-system -l istio-mixer-type=telemetry -c mixer
Visualiza
Install Kiali
bash <(curl -L https://git.io/getLatestKialiOperator)
Setup Port
kubectl port-forward svc/kiali 20001:20001 -n istio-system
Access to Kiali
https://localhost:20001/kiali
For Chrome. If the access is denied due to security reasons,
chrome://flags/#allow-insecure-localhost
then enable "Allow invalid certificates for resources loaded from localhost".
Cleanup Environment
# Uninstall Minikube
minikube delete
댓글 없음:
댓글 쓰기