From 65e0afc0be237544c74af3c80c8e594c21900b10 Mon Sep 17 00:00:00 2001 From: savagebidoof Date: Mon, 1 May 2023 01:39:56 +0200 Subject: [PATCH] 04-hello_world_1_service_2_deployments_managed_version_foo_namespace docummented --- .../README.md | 2 +- .../01-namespace.yaml | 8 - .../README.md | 123 ------ .../gateway.yaml | 61 --- .../01-namespace.yaml | 4 + .../Deployment.yaml} | 30 +- .../DestinationRule.yaml | 14 + .../Gateway.yaml | 15 + .../README.md | 374 ++++++++++++++++++ .../Service.yaml | 14 + .../VirtualService.yaml | 29 ++ NEW/01-Getting_Started/README.md | 9 +- 12 files changed, 454 insertions(+), 229 deletions(-) delete mode 100755 NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/01-namespace.yaml delete mode 100755 NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/README.md delete mode 100755 NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/gateway.yaml create mode 100755 NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/01-namespace.yaml rename NEW/01-Getting_Started/{04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/deployment.yaml => 04-hello_world_1_service_2_deployments_managed_version_foo_namespace/Deployment.yaml} (68%) create mode 100644 NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/DestinationRule.yaml create mode 100755 NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/Gateway.yaml create mode 100755 NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/README.md create mode 100644 NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/Service.yaml create mode 100644 NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/VirtualService.yaml diff --git a/NEW/01-Getting_Started/03-hello_world_1_service_2_deployments_managed_version/README.md b/NEW/01-Getting_Started/03-hello_world_1_service_2_deployments_managed_version/README.md index 3799a0e..a81902e 100755 --- a/NEW/01-Getting_Started/03-hello_world_1_service_2_deployments_managed_version/README.md +++ b/NEW/01-Getting_Started/03-hello_world_1_service_2_deployments_managed_version/README.md @@ -215,7 +215,7 @@ spec: uri: "/" ``` -## Destination rule +## DestinationRule This `DestinationRule` interferes with the traffic with destination `helloworld.default.svc.cluster.local`. diff --git a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/01-namespace.yaml b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/01-namespace.yaml deleted file mode 100755 index 775855d..0000000 --- a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/01-namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: defaultnt - labels: - istio-injection: "false" -# istio-injection: "enabled" ---- \ No newline at end of file diff --git a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/README.md b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/README.md deleted file mode 100755 index 2bba7e8..0000000 --- a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/README.md +++ /dev/null @@ -1,123 +0,0 @@ -##### https://github.com/istio/istio/tree/master/samples/helloworld - -https://istio.io/latest/blog/2017/0.1-canary/ - - -# Simple Hello World - -- 1 Service -- 2 Versions - -Iterates between the versions without any specific policy. (actually doesn't use the version for anything) - -I think that by default uses `RANDOM`. - -https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy - -https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings - - -Manually allows the sidecar injection through the label in the pod - - -https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy - -## Files - -- deployment.yaml -- gateway.yaml - -## deployment.yaml - -### Creates - -#### Service - -- helloworld - -#### Deployments - -- helloworld-v1 (Nginx) -- helloworld-v2 (Apache) - -## gateway.yaml - -### Creates - -#### Gateway - -##### helloworld-gateway - -###### Configuration - -```yml -port: 80 -istio-ingress: ingressgateway -hosts: "*" -``` - -#### VirtualService - -##### helloworld-vs - -###### Configuration - -```yaml -hosts: "*" -uri: "/helloworld" -versions: - v1: - weight: "50%" - v2: - weight: "50%" -``` - -#### Destination Rule - -###### Configuration - -```yaml -host: helloworld.defaultnt.svc.cluster.local # Full destination service, lil better for consistency -subsets: -- name: v1 - labels: - version: v1 -- name: v2 - labels: - version: v2 -``` - - -# Run example - -## Deploy resources - -```shell -$ -``` - -## Wait for the pods to be ready - -(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment) - -```shell - -``` - -## Test the service - -### Get LB IP - -```shell -$ kubectl get svc istio-ingressgateway -n istio-system -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h -``` - -### Curl - - -```shell -$ curl 192.168.1.50/helloworld -s | grep "

.*

" -

It works!

-``` \ No newline at end of file diff --git a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/gateway.yaml b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/gateway.yaml deleted file mode 100755 index 6f61149..0000000 --- a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/gateway.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: helloworld-gateway - namespace: default -spec: - selector: - istio: istio-ingress # use istio default controller - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - "*" ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: helloworld-vs - namespace: default -spec: - hosts: - - "*" - gateways: - - helloworld-gateway - http: - - match: - - uri: - exact: /helloworld - route: - - destination: - host: helloworld.defaultnt.svc.cluster.local - port: - number: 80 - subset: v1 - weight: 50 - - destination: - host: helloworld.defaultnt.svc.cluster.local - port: - number: 80 - subset: v2 - weight: 50 - rewrite: - uri: "/" ---- -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: helloworld - namespace: defaultnt -spec: - host: helloworld.defaultnt.svc.cluster.local # Full destination service, lil better for consistency - subsets: - - name: v1 - labels: - version: v1 - - name: v2 - labels: - version: v2 diff --git a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/01-namespace.yaml b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/01-namespace.yaml new file mode 100755 index 0000000..8e80824 --- /dev/null +++ b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/01-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: foo \ No newline at end of file diff --git a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/deployment.yaml b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/Deployment.yaml similarity index 68% rename from NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/deployment.yaml rename to NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/Deployment.yaml index beb308d..8b5ba41 100755 --- a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/deployment.yaml +++ b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/Deployment.yaml @@ -1,34 +1,8 @@ -# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml - ---- -apiVersion: v1 -kind: Service -metadata: - name: helloworld - namespace: defaultnt - labels: - app: helloworldll - service: helloworld - sidecar.istio.io/inject: "false" -spec: - ports: - - port: 80 - name: http - selector: - app: helloworld ---- -#apiVersion: v1 -#kind: ServiceAccount -#metadata: -# name: istio-helloworld -# labels: -# account: ---- apiVersion: apps/v1 kind: Deployment metadata: name: helloworld-v1 - namespace: defaultnt + namespace: foo labels: app: helloworld version: v1 @@ -58,7 +32,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: helloworld-v2 - namespace: defaultnt + namespace: foo labels: app: helloworld version: v2 diff --git a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/DestinationRule.yaml b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/DestinationRule.yaml new file mode 100644 index 0000000..8fa839d --- /dev/null +++ b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/DestinationRule.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: helloworld + namespace: foo +spec: + host: helloworld.foo.svc.cluster.local # Full destination service, lil better for consistency + subsets: + - name: v1 + labels: + version: v1 + - name: v2 + labels: + version: v2 diff --git a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/Gateway.yaml b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/Gateway.yaml new file mode 100755 index 0000000..236a606 --- /dev/null +++ b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/Gateway.yaml @@ -0,0 +1,15 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: helloworld-gateway + namespace: default +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" \ No newline at end of file diff --git a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/README.md b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/README.md new file mode 100755 index 0000000..3791737 --- /dev/null +++ b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/README.md @@ -0,0 +1,374 @@ +--- +gitea: none +include_toc: true +--- + +# Description + +Based on the [previous example](../03-hello_world_1_service_2_deployments_managed_version), we create the previous deployments in a different namespace than the Istio VirtualService object, in this case we create them in the namespace `foo`. + +This is example is based on the following post regarding [canary deployments on Istio](https://istio.io/latest/blog/2017/0.1-canary/). + +This example configures: + + Generic Kubernetes resources: + - 1 Namespace + - 1 Service + - 2 Deployments + + Istio resources: + - 1 Gateway + - 1 Virtual Service + - 1 Destination rule + +Additionally, for consistency, now the resources are being created in the `default` namespace. + +On this example, the `service`, the `deployment`, and the Istio `DestinationRule` are being created in the namespace `foo`. + +As well, on the [VirtualService section](#virtualservice), we are targeting the service `helloworld` by the full URL, where on previous examples it was targeted by `helloworld`, now it's targeted by `helloworld.default.svc.cluster.local`. + +# Based on + +- [03-hello_world_1_service_2_deployments_managed_version](../03-hello_world_1_service_2_deployments_managed_version) + +# Configuration + +## Namespace + +Creates a namespace named `foo`. + +```yaml +apiVersion: v1 +kind: Namespace +metadata: + name: foo +``` + +## Service + +Creates a service named `helloworld`. + +This service listens for the port `80` expecting `HTTP` traffic and will forward the incoming traffic towards the port `80` from the destination pod. + +The service is created in the namespace `foo`. + +```yaml +apiVersion: v1 +kind: Service +metadata: + name: helloworld + namespace: foo + labels: + app: helloworld + service: helloworld +spec: + ports: + - port: 80 + name: http + selector: + app: helloworld +``` + +## Deployment + +### helloworld-v1 + +Deploys a Nginx server that listens for the port `80`. + +On this deployment, we attributed the label `version` set to `v1`, this will be used by the [DestinationRule](#destinationrule) resource to target this deployment. + +The deployment is created in the namespace `foo`. + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helloworld-v1 + namespace: foo + labels: + app: helloworld + version: v1 +spec: + replicas: 1 + selector: + matchLabels: + app: helloworld + version: v1 + template: + metadata: + labels: + app: helloworld + version: v1 + spec: + containers: + - name: helloworld + image: nginx + resources: + requests: + cpu: "100m" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 80 +``` + +### helloworld-v2 + +Deploys an Apache server that listens for the port `80`. + +On this deployment, we attributed the label `version` set to `v2`, this will be used by the [DestinationRule](#destinationrule) resource to target this deployment. + +The deployment is created in the namespace `foo`. + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helloworld-v2 + namespace: foo + labels: + app: helloworld + version: v2 +spec: + replicas: 1 + selector: + matchLabels: + app: helloworld + version: v2 + template: + metadata: + labels: + app: helloworld + version: v2 + spec: + containers: + - name: helloworld + image: httpd + resources: + requests: + cpu: "100m" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 80 +``` + +## Gateway + +Deploys an Istio gateway that's listening to the port `80` for `HTTP` traffic. + +It doesn't filter for any specific host. + +The `selector` field is used to "choose" which Istio Load Balancers will have this gateway assigned to. + +The Istio `default` profile creates a Load Balancer in the namespace `istio-system` that has the label `istio: ingressgateway` set, allowing us to target that specific Load Balancer and assign this gateway resource to it. + + +```yaml +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: helloworld-gateway + namespace: default +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" +``` + +## VirtualService + +The Virtual Service resources are used to route and filter the received traffic from the gateway resources, and route it towards the desired destination. + +On this example we select the gateway `helloworld-gateway`, which is the [gateway that 's described in the `Gateway` section](#gateway). + +On this resource, we are also not limiting the incoming traffic to any specific host, allowing for all the incoming traffic to go through the rules set. + +Here we created a rule that will be applied on `HTTP` related traffic (including `HTTPS` and `HTTP2`) when the destination path is exactly `/helloworld`. + +This traffic will be forwarded to the port `80` of the destination service `helloworld` located in the namespace `foo`. + +There will be an internal URL rewrite set, as if the URL is not modified, it would attempt to reach to the `/helloworld` path from the Nginx deployment, which currently has no content and would result in an error code `404` (Not found). + +Also, there's been configured 2 destinations under the same rule, each one with a `subset` set, which will be used by the [DestinationRule](#destinationrule) object to manage the traffic from each destination. + +As well, where each one of the destinations mentioned, has a `weight` set, this value will be used to distribute the incoming requests towards the specified subsets. + +> **Note:** +> A 20% of the traffic will be sent to the `subset` v1, meanwhile 80% will be sent to the `subset` v2. + +```yaml +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: helloworld-vs + namespace: default +spec: + hosts: + - "*" + gateways: + - helloworld-gateway + http: + - match: + - uri: + exact: /helloworld + route: + - destination: + host: helloworld.foo.svc.cluster.local + port: + number: 80 + subset: v1 + weight: 20 + - destination: + host: helloworld.foo.svc.cluster.local + port: + number: 80 + subset: v2 + weight: 80 + rewrite: + uri: "/" +``` +## DestinationRule + +This `DestinationRule` interferes with the traffic with destination `helloworld.foo.svc.cluster.local`. + +Contains 2 subsets defined, where each one will target a different backend. + +A reminder that the `version: v1` was given to the Nginx backend, meanwhile the Apache backend had set `version: v2`. + +This resource is created in the namespace `foo`. + +```yaml +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: helloworld + namespace: foo +spec: + host: helloworld.foo.svc.cluster.local # Full destination service, lil better for consistency + subsets: + - name: v1 + labels: + version: v1 + - name: v2 + labels: + version: v2 +``` + + +## Deploy resources + +Deploy the resources. + +```shell +kubectl apply -f ./ +``` +```text +deployment.apps/helloworld-v1 created +deployment.apps/helloworld-v2 created +destinationrule.networking.istio.io/helloworld.default.svc.cluster.local created +gateway.networking.istio.io/helloworld-gateway created +service/helloworld created +virtualservice.networking.istio.io/helloworld-vs created +``` + +## Wait for the pods to be ready + +Wait for the Apache and Nginx deployments to be up and ready. + +```shell +watch -n 2 kubectl get deployment helloworld-v{1..2} +``` +```text +NAME READY UP-TO-DATE AVAILABLE AGE +helloworld-v1 1/1 1 1 58s +helloworld-v2 1/1 1 1 58s +``` + +## Test the service + +### Get LB IP + +To perform the desired tests, we will need to obtain the IP Istio Load Balancer that we selected in the [Gateway section](#gateway). + +On my environment, the IP is the `192.168.1.50`. + +```shell +kubectl get svc -l istio=ingressgateway -A +``` +```text +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h +``` + +### Curl + +As we can see, we can reach out to the service, now located in the namespace `foo`. + +As well, if we check the ration on which we reached the backends, we can still see how the [VirtualService](#virtualservice) weight configured to the subsets is still being applied. + +> Nginx: 3\ +> Apache: 9 + +```text +curl 192.168.1.50/helloworld -s | grep "

.*

" +

It works!

+ +$ 192.168.1.50/helloworld -s | grep "

.*

" +

It works!

+ +$ 192.168.1.50/helloworld -s | grep "

.*

" +

It works!

+ +$ 192.168.1.50/helloworld -s | grep "

.*

" +

It works!

+ +$ 192.168.1.50/helloworld -s | grep "

.*

" +

Welcome to nginx!

+ +$ 192.168.1.50/helloworld -s | grep "

.*

" +

It works!

+ +$ 192.168.1.50/helloworld -s | grep "

.*

" +

It works!

+ +$ 192.168.1.50/helloworld -s | grep "

.*

" +

Welcome to nginx!

+ +$ 192.168.1.50/helloworld -s | grep "

.*

" +

It works!

+ +$ 192.168.1.50/helloworld -s | grep "

.*

" +

It works!

+ +$ 192.168.1.50/helloworld -s | grep "

.*

" +

Welcome to nginx!

+ +$ 192.168.1.50/helloworld -s | grep "

.*

" +

It works!

+ +$ 192.168.1.50/helloworld -s | grep "

.*

" +

It works!

+``` + + +## Cleanup + +Finally, a cleanup from the resources deployed. + +```shell +kubectl delete -f ./ +``` +```text +namespace "foo" deleted +deployment.apps "helloworld-v1" deleted +deployment.apps "helloworld-v2" deleted +destinationrule.networking.istio.io "helloworld" deleted +gateway.networking.istio.io "helloworld-gateway" deleted +service "helloworld" deleted +virtualservice.networking.istio.io "helloworld-vs" deleted +``` \ No newline at end of file diff --git a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/Service.yaml b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/Service.yaml new file mode 100644 index 0000000..069641d --- /dev/null +++ b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/Service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: helloworld + namespace: foo + labels: + app: helloworld + service: helloworld +spec: + ports: + - port: 80 + name: http + selector: + app: helloworld \ No newline at end of file diff --git a/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/VirtualService.yaml b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/VirtualService.yaml new file mode 100644 index 0000000..13b9b33 --- /dev/null +++ b/NEW/01-Getting_Started/04-hello_world_1_service_2_deployments_managed_version_foo_namespace/VirtualService.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: helloworld-vs + namespace: default +spec: + hosts: + - "*" + gateways: + - helloworld-gateway + http: + - match: + - uri: + exact: /helloworld + route: + - destination: + host: helloworld.foo.svc.cluster.local + port: + number: 80 + subset: v1 + weight: 20 + - destination: + host: helloworld.foo.svc.cluster.local + port: + number: 80 + subset: v2 + weight: 80 + rewrite: + uri: "/" \ No newline at end of file diff --git a/NEW/01-Getting_Started/README.md b/NEW/01-Getting_Started/README.md index a8a66e5..643e3ae 100755 --- a/NEW/01-Getting_Started/README.md +++ b/NEW/01-Getting_Started/README.md @@ -14,16 +14,9 @@ On these examples you will find the following Istio resources: - 02-hello_world_1_service_2_deployments_unmanaged -- ALL NEEDS DOCUMENTATION - - 03-hello_world_1_service_2_deployments_managed_version -- 04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace - -- 05-hello_world_1_Service_Entry - - - +- 04-hello_world_1_service_2_deployments_managed_version_foo_namespace # How to get started?