ofilter/Istio_Examples
1
0
Fork 0
Code Issues 26 Pull Requests Packages Projects 1 Releases Wiki Activity

idk i brought Istio and some other things

Browse Source
This commit is contained in:
Oriol 2023-04-08 18:41:41 +01:00
parent 4e9641201d
commit a924d8ba91
37 changed files with 2002 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Istio/NetworkPolicies/README.md Normal file
View File

@ -0,0 +1 @@
https://istio.io/latest/blog/2017/0.1-using-network-policy/#examples

1
Istio/bookshelf/README.md Normal file
View File

@ -0,0 +1 @@
# Example from istio, using it for testing purposes

52
Istio/bookshelf/bookinfo-gateway.yaml Normal file
View File

@ -0,0 +1,52 @@
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
- match:
- uri:
exact: /helloworld
route:
- destination:
host: productpage
port:
number: 9080
rewrite:
uri: "/productpage"

343
Istio/bookshelf/bookinfo.yaml Normal file
View File

@ -0,0 +1,343 @@
# Copyright Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##################################################################################################
# This file defines the services, service accounts, and deployments for the Bookinfo sample.
#
# To apply all 4 Bookinfo services, their corresponding service accounts, and deployments:
#
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
#
# Alternatively, you can deploy any resource separately:
#
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l service=reviews # reviews Service
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l account=reviews # reviews ServiceAccount
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l app=reviews,version=v3 # reviews-v3 Deployment
##################################################################################################
##################################################################################################
# Details service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: details
labels:
app: details
service: details
spec:
ports:
- port: 9080
name: http
selector:
app: details
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-details
labels:
account: details
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: details-v1
labels:
app: details
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: details
version: v1
template:
metadata:
labels:
app: details
version: v1
spec:
serviceAccountName: bookinfo-details
containers:
- name: details
image: docker.io/istio/examples-bookinfo-details-v1:1.17.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
securityContext:
runAsUser: 1000
---
##################################################################################################
# Ratings service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: ratings
labels:
app: ratings
service: ratings
spec:
ports:
- port: 9080
name: http
selector:
app: ratings
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-ratings
labels:
account: ratings
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ratings-v1
labels:
app: ratings
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: ratings
version: v1
template:
metadata:
labels:
app: ratings
version: v1
spec:
serviceAccountName: bookinfo-ratings
containers:
- name: ratings
image: docker.io/istio/examples-bookinfo-ratings-v1:1.17.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
securityContext:
runAsUser: 1000
---
##################################################################################################
# Reviews service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: reviews
labels:
app: reviews
service: reviews
spec:
ports:
- port: 9080
name: http
selector:
app: reviews
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-reviews
labels:
account: reviews
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v1
labels:
app: reviews
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v1
template:
metadata:
labels:
app: reviews
version: v1
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v1:1.17.0
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
securityContext:
runAsUser: 1000
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v2
labels:
app: reviews
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v2
template:
metadata:
labels:
app: reviews
version: v2
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v2:1.17.0
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
securityContext:
runAsUser: 1000
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v3
labels:
app: reviews
version: v3
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v3
template:
metadata:
labels:
app: reviews
version: v3
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v3:1.17.0
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
securityContext:
runAsUser: 1000
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
##################################################################################################
# Productpage services
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: productpage
labels:
app: productpage
service: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-productpage
labels:
account: productpage
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: productpage-v1
labels:
app: productpage
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: productpage
version: v1
template:
metadata:
labels:
app: productpage
version: v1
spec:
serviceAccountName: bookinfo-productpage
containers:
- name: productpage
image: docker.io/istio/examples-bookinfo-productpage-v1:1.17.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
securityContext:
runAsUser: 1000
volumes:
- name: tmp
emptyDir: {}
---

15
Istio/ingress.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: istio-ingress
labels:
istio: ingress
spec:
type: LoadBalancer
ports:
- port: 80
name: http
- port: 443
name: https
selector:
istio: ingress

6
Istio/simple/README.md Normal file
View File

@ -0,0 +1,6 @@
# Simple examples
# Traffic path
## Istio Ingress Controller ---> Gateway -> Virtual Service (-> Destination Route) -> Ingress -> Deployment

102
Istio/simple/hello_world_1_service_1_deployment/README.md Normal file
View File

@ -0,0 +1,102 @@
##### https://github.com/istio/istio/tree/master/samples/helloworld
# Simple Hello World
- 1 Service
- 1 Deployment
I think that by default uses `RANDOM`.
https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy
https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings
Relies in automatic sidecar injection.
> Contains service account configurations, yet they are commented as not "necessary".
## Files
- deployment.yaml
- gateway.yaml
## deployment.yaml
### Creates
#### Service
- helloworld
#### Deployments
- helloworld-nginx (Nginx container)
## gateway.yaml
### Creates
#### Gateway
##### helloworld-gateway
###### Configuration
```yml
port: 80
istio-ingress: ingressgateway
hosts: "*"
```
#### VirtualService
##### helloworld-vs
###### Configuration
```yaml
hosts: "*"
uri: "/helloworld"
```
# Run example
## Deploy resources
```shell
$ kubectl apply -f ./
service/helloworld created
deployment.apps/helloworld-nginx created
gateway.networking.istio.io/helloworld-gateway created
virtualservice.networking.istio.io/helloworld-vs created
```
## Wait for the pods to be ready
(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment)
```shell
$ kubectl get deployment helloworld-nginx -w
NAME READY UP-TO-DATE AVAILABLE AGE
helloworld-nginx 1/1 1 1 44s
```
## Test the service
### Get LB IP
```shell
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h
```
### Curl
```shell
$ curl 192.168.1.50/helloworld -s | grep "<title>.*</title>"  ✔
<title>Welcome to nginx!</title>
```

48
Istio/simple/hello_world_1_service_1_deployment/deployment.yaml Normal file
View File

@ -0,0 +1,48 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
ports:
- port: 80
name: http
selector:
app: helloworld
---
#apiVersion: v1
#kind: ServiceAccount
#metadata:
# name: istio-helloworld
# labels:
# account:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-nginx
labels:
app: helloworld
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
template:
metadata:
labels:
app: helloworld
spec:
# serviceAccountName: istio-helloworld
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent #Always
ports:
- containerPort: 80

36
Istio/simple/hello_world_1_service_1_deployment/gateway.yaml Normal file
View File

@ -0,0 +1,36 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld
port:
number: 80
rewrite:
uri: "/"

182
Istio/simple/hello_world_1_service_2_deployments_managed_version/README.md Normal file
View File

@ -0,0 +1,182 @@
##### https://github.com/istio/istio/tree/master/samples/helloworld
https://istio.io/latest/blog/2017/0.1-canary/
# Simple Hello World
- 1 Service
- 2 Versions
Iterates between the versions without any specific policy. (actually doesn't use the version for anything)
I think that by default uses `RANDOM`.
https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy
https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings
Relies in automatic sidecar injection.
> Contains service account configurations, yet they are commented as not "necessary".
## Quick note
On this version I have "started" to use the full service name instead of the shorten version, aka:
```yaml
route:
- destination:
host: helloworld
```
Will be:
```yaml
route:
- destination:
host: helloworld.default.svc.cluster.local
```
It's overall a good practice to have, so not much of a reason to not do it.
https://istio.io/latest/docs/reference/config/networking/destination-rule/#DestinationRule
## Files
- deployment.yaml
- gateway.yaml
## deployment.yaml
### Creates
#### Service
- helloworld
#### Deployments
- helloworld-v1 (Nginx)
- helloworld-v2 (Apache)
## gateway.yaml
### Creates
#### Gateway
##### helloworld-gateway
###### Configuration
```yml
port: 80
istio-ingress: ingressgateway
hosts: "*"
```
#### VirtualService
##### helloworld-vs
###### Configuration
```yaml
hosts: "*"
uri: "/helloworld"
versions:
v1:
weight: "25%"
v2:
weight: "75%"
```
#### Destination Rule
###### Configuration
```yaml
```
# Run example
## Deploy resources
```shell
$ kubectl apply -f ./
service/helloworld created
deployment.apps/helloworld-v1 created
deployment.apps/helloworld-v2 created
gateway.networking.istio.io/helloworld-gateway created
virtualservice.networking.istio.io/helloworld-vs created
destinationrule.networking.istio.io/helloworld-destinationrule created
```
## Wait for the pods to be ready
(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment)
```shell
$ kubectl get deployment helloworld-v{1..2} -w  ✔  kubernetes-admin@kubernetes
NAME READY UP-TO-DATE AVAILABLE AGE
helloworld-v1 1/1 1 1 4m1s
helloworld-v2 1/1 1 1 4m1s
```
## Test the service
### Get LB IP
```shell
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h
```
### Curl
Iterates between Nginx and Apache. Somwhat close to the ratio configured.
> Nginx instances (v1): 2 \
> Apache instances (v2): 9
```shell
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<h1>Welcome to nginx!</h1>
```

82
Istio/simple/hello_world_1_service_2_deployments_managed_version/deployment.yaml Normal file
View File

@ -0,0 +1,82 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
ports:
- port: 80
name: http
selector:
app: helloworld
---
#apiVersion: v1
#kind: ServiceAccount
#metadata:
# name: istio-helloworld
# labels:
# account:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v1
labels:
app: helloworld
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
version: v1
template:
metadata:
labels:
app: helloworld
version: v1
spec:
# serviceAccountName: istio-helloworld
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v2
labels:
app: helloworld
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
version: v2
template:
metadata:
labels:
app: helloworld
version: v2
spec:
# serviceAccountName: istio-helloworld
containers:
- name: helloworld
image: httpd
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---

61
Istio/simple/hello_world_1_service_2_deployments_managed_version/gateway.yaml Normal file
View File

@ -0,0 +1,61 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld.default.svc.cluster.local
# host: helloworld
port:
number: 80
subset: v1
weight: 20
- destination:
# host: helloworld
host: helloworld.default.svc.cluster.local
port:
number: 80
subset: v2
weight: 80
rewrite:
uri: "/"
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: helloworld
spec:
# host: helloworld # destination service
host: helloworld.default.svc.cluster.local # Full destination service, lil better for consistency
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2

139
Istio/simple/hello_world_1_service_2_deployments_unmanaged/README.md Normal file
View File

@ -0,0 +1,139 @@
##### https://github.com/istio/istio/tree/master/samples/helloworld
# Simple Hello World
- 1 Service
- 2 Versions
Iterates between the versions without any specific policy. (actually doesn't use the version for anything)
I think that by default uses `RANDOM`.
https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy
https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings
Relies in automatic sidecar injection.
> Contains service account configurations, yet they are commented as not "necessary".
## Files
- deployment.yaml
- gateway.yaml
## deployment.yaml
### Creates
#### Service
- helloworld
#### Deployments
- helloworld-v1 (Nginx)
- helloworld-v2 (Apache)
## gateway.yaml
### Creates
#### Gateway
##### helloworld-gateway
###### Configuration
```yml
port: 80
istio-ingress: ingressgateway
hosts: "*"
```
#### VirtualService
##### helloworld-vs
###### Configuration
```yaml
hosts: "*"
uri: "/helloworld"
```
# Run example
## Deploy resources
```shell
$ kubectl apply -f ./
service/helloworld created
deployment.apps/helloworld-v1 created
deployment.apps/helloworld-v2 created
deployment.apps/helloworld-v2 unchanged
gateway.networking.istio.io/helloworld-gateway created
virtualservice.networking.istio.io/helloworld-vs created
```
## Wait for the pods to be ready
(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment)
```shell
$ kubectl get deployment helloworld-v{1..2} -w  ✔  kubernetes-admin@kubernetes
NAME READY UP-TO-DATE AVAILABLE AGE
helloworld-v1 1/1 1 1 4m1s
helloworld-v2 1/1 1 1 4m1s
```
## Test the service
### Get LB IP
```shell
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h
```
### Curl
Iterates randomly between Nginx and Apache
```shell
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
```

76
Istio/simple/hello_world_1_service_2_deployments_unmanaged/deployment.yaml Normal file
View File

@ -0,0 +1,76 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
ports:
- port: 80
name: http
selector:
app: helloworld
---
#apiVersion: v1
#kind: ServiceAccount
#metadata:
# name: istio-helloworld
# labels:
# account:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v1
labels:
app: helloworld
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
template:
metadata:
labels:
app: helloworld
spec:
# serviceAccountName: istio-helloworld
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v2
labels:
app: helloworld
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
template:
metadata:
labels:
app: helloworld
spec:
# serviceAccountName: istio-helloworld
containers:
- name: helloworld
image: httpd
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---

36
Istio/simple/hello_world_1_service_2_deployments_unmanaged/gateway.yaml Normal file
View File

@ -0,0 +1,36 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld
port:
number: 80
rewrite:
uri: "/"

63
Istio/tmp/ingress.yaml Normal file
View File

@ -0,0 +1,63 @@
## https://istio.io/latest/docs/setup/additional-setup/gateway/#deploying-a-gateway
#apiVersion: v1
#kind: Service
#metadata:
# name: istio-ingressgateway2
# namespace: istio-ingress
#spec:
# type: LoadBalancer
# selector:
# istio: ingressgateway
# ports:
# - port: 80
# name: http
# - port: 443
# name: https
#---
#apiVersion: apps/v1
#kind: Deployment
#metadata:
# name: istio-ingressgateway2
# namespace: istio-ingress
#spec:
# selector:
# matchLabels:
# istio: ingressgateway
# template:
# metadata:
# annotations:
# # Select the gateway injection template (rather than the default sidecar template)
# inject.istio.io/templates: gateway
# labels:
# # Set a unique label for the gateway. This is required to ensure Gateways can select this workload
# istio: ingressgateway
# # Enable gateway injection. If connecting to a revisioned control plane, replace with "istio.io/rev: revision-name"
# sidecar.istio.io/inject: "true"
# spec:
# containers:
# - name: istio-proxy
# image: auto # The image will automatically update each time the pod starts.
#---
## Set up roles to allow reading credentials for TLS
#apiVersion: rbac.authorization.k8s.io/v1
#kind: Role
#metadata:
# name: istio-ingressgateway2-sds
# namespace: istio-ingress
#rules:
# - apiGroups: [""]
# resources: ["secrets"]
# verbs: ["get", "watch", "list"]
#---
#apiVersion: rbac.authorization.k8s.io/v1
#kind: RoleBinding
#metadata:
# name: istio-ingressgateway2-sds
# namespace: istio-ingress
#roleRef:
# apiGroup: rbac.authorization.k8s.io
# kind: Role
# name: istio-ingressgateway2-sds
#subjects:
# - kind: ServiceAccount
# name: default

29
Istio/tmp/tmp.txt Normal file
View File

@ -0,0 +1,29 @@
https://medium.com/@dinup24/expose-apps-on-private-network-through-istio-ingress-gateway-7dcb8a16d5bc
cat << EOF > istio-operator.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: istio-operator
spec:
profile: default
components:
ingressGateways:
- name: istio-ingressgateway
enabled: true
- namespace: istio-system
name: istio-ingressgateway-private
enabled: true
k8s:
serviceAnnotations:
service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: "private"
values:
gateways:
istio-ingressgateway:
sds:
enabled: true
EOF
istioctl manifest apply -f istio-operator.yaml

118
LB/lb.yaml
View File

@ -1,38 +1,98 @@
#
#---
#apiVersion: apps/v1
#kind: Deployment
#metadata:
# name: nginx-deployment
#spec:
# selector:
# matchLabels:
# app: nginx-backend
# replicas: 2 # tells deployment to run 2 pods matching the template
# template:
# metadata:
# labels:
# app: nginx
# spec:
# containers:
# - name: nginx
# image: nginx:1.14.2
# ports:
# - containerPort: 80
#---
# Example of a Ingress "LB" that itterates between 3 instances
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginxo-deploayment
labels:
environment: testin-lb1s
spec:
selector:
matchLabels:
applicasao: webpaggo
replicas: 1
template:
metadata:
labels:
applicasao: webpaggo
spec:
containers:
- name: nginxo
image: nginx
ports:
- containerPort: 80
name: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoami-traefik
labels:
environment: testin-lb1
spec:
selector:
matchLabels:
applicasao: webpaggo
replicas: 2
template:
metadata:
labels:
applicasao: webpaggo
spec:
containers:
- name: whoami
image: traefik/whoami
ports:
- containerPort: 80
name: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpago-deployment
labels:
environment: testin-lb1
spec:
selector:
matchLabels:
applicasao: webpaggo
replicas: 1
template:
metadata:
labels:
applicasao: webpaggo
spec:
containers:
- name: apache
image: httpd
ports:
- containerPort: 80
name: http
---
apiVersion: v1
kind: Service
metadata:
name: nginx-lb
name: ingressito
labels:
environment: testin-lb1
spec:
selector:
app: whoami-service
applicasao: webpaggo
ports:
- port: 80 # Published port
targetPort: 80 # Container port
# - port: 443 # Published port
# targetPort: 443 # Container port
- port: 80
targetPort: http
externalTrafficPolicy: Local
type: LoadBalancer
#---

3
README.md Normal file
View File

@ -0,0 +1,3 @@
# Surely only the following folders work / have any meaningful information
- [Istio](/Istio)

7
dashboard/README.md Normal file
View File

@ -0,0 +1,7 @@
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
```
eyJhbGciOiJSUzI1NiIsImtpZCI6IlZJbF9YZWlzNGVybkRTMUVjZ0hFbVJkZ0tVaEFYVTNSUjhVWXlJWWJuUkEifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjc5MDExNTUwLCJpYXQiOjE2NzkwMDc5NTAsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiZDhmOWU3YTgtYmZiMy00Zjc0LWE3Y2MtZjZjODkzMmEzOWYzIn19LCJuYmYiOjE2NzkwMDc5NTAsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbi11c2VyIn0.HAmpLXAz8GZpEDqvpsQNnS3HOvP13UnytbVLzmfCMEKpA_HrVtq48fqeRbWICjNit7qeT8eGEB22fTsBhFzGLoKM7REC7hisq8jiMMvKOtZ-wbCQk5SiK4njr0ovhxKfhUvumK6D7oPVdSXGX3j8LC_T6nLjfMqoU3vRMam08yUJ88WWVQLKUOKlqVbsQaLrWvjg8M8Sme0gawxRFo21DFHfk8afP6kEC7n6MnBna6bjd2He74GeJZ9QwwdllTjIX9GdVxXpjj8e1VnvkTZKDWzV9F5mLHmuuE8lgQT02kZRUv0P3vPGckIgUS-kzvBIrmBwIjvStiOK6L93zzJHTg
```

33
dashboard/dashboard.yaml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-pub
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard-pub
type: LoadBalancer
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard

80
ingress/test.yaml Normal file
View File

@ -0,0 +1,80 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-ingress-test
labels:
example: ingress
spec:
selector:
matchLabels:
app: nginx-test
replicas: 1 # Not much meaningful to have 2 pods if the content will be the same ...
template:
metadata:
labels:
example: ingress
app: nginx-test
spec:
containers:
- name: nginx-cont
image: nginx
ports:
- containerPort: 80
name: http
---
apiVersion: v1
kind: Service
metadata:
name: ingress-service
labels:
example: ingress
spec:
selector:
app: nginx-test
ports:
- port: 80
targetPort: http
externalTrafficPolicy: Local
type: NodePort
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-test
# annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
labels:
example: ingress
spec:
ingressClassName: ingress-example
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ingress-service
port:
number: 80
#---
#apiVersion: networking.k8s.io/v1
#kind: Ingress
#metadata:
# annotations:
# kubernetes.io/ingress.class: istio
# name: istio-ingress
#spec:
# rules:
# #- host: *
# - http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: ingress-service
# port:
# number: 80
# type: LoadBalancer

1
istio_2/README.md Normal file
View File

@ -0,0 +1 @@
https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/

43
istio_2/file.yaml Normal file
View File

@ -0,0 +1,43 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: httpbin
---
apiVersion: v1
kind: Service
metadata:
name: httpbin
labels:
app: httpbin
service: httpbin
spec:
ports:
- name: http
port: 8000
targetPort: 80
selector:
app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
version: v1
template:
metadata:
labels:
app: httpbin
version: v1
spec:
serviceAccountName: httpbin
containers:
- image: docker.io/kennethreitz/httpbin
imagePullPolicy: IfNotPresent
name: httpbin
ports:
- containerPort: 80

37
istio_2/file2.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: httpbin-gateway
spec:
# The selector matches the ingress gateway pod labels.
# If you installed Istio using Helm following the standard documentation, this would be "istio=ingress"
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "httpbin.example.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin
spec:
hosts:
- "httpbin.example.com"
gateways:
- httpbin-gateway
http:
- match:
- uri:
prefix: /status
- uri:
prefix: /delay
route:
- destination:
port:
number: 8000
host: httpbin

35
istio_2/tmp2.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http
namespace: default
spec:
parentRefs:
- name: gateway
namespace: istio-ingress
hostnames: ["httpbin.example.com"]
rules:
- matches:
- path:
type: PathPrefix
value: /get
- path:
type: PathPrefix
value: /headers
filters:
- type: URLRewrite
urlRewrite:
# hostname: "*"
hostname: elsewhere.example
path:
type: ReplacePrefixMatch
# replacePrefixMatch: /
replacePrefixMatch: /fennel
# - type: RequestHeaderModifier
# requestHeaderModifier:
# add:
# - name: my-added-header
# value: added-value
backendRefs:
- name: httpbin
port: 8000

48
istio_3/README.md Normal file
View File

@ -0,0 +1,48 @@
## https://istio.io/latest/docs/examples/microservices-istio/setup-kubernetes-cluster/
### Create namespaces
```shell
export NAMESPACE=tutorial
kubectl create namespace $NAMESPACE
```
### Install istio demo
```shell
istioctl install --set profile=demo
```
### Install telemetry addons
#### Grafana
```shell
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/grafana.yaml
```
#### Prometheus
```shell
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/prometheus.yaml
```
#### Kiali
```shell
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/kiali.yaml
```
#### Jaeger
```shell
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/jaeger.yaml
```
### Create ingress resources
```shell
kubectl apply ./gateway.yaml
```

49
istio_3/ingress.yaml Normal file
View File

@ -0,0 +1,49 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: istio-system
namespace: istio-system
annotations:
kubernetes.io/ingress.class: istio
spec:
rules:
- host: my-istio-dashboard.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grafana
port:
number: 3000
- host: my-istio-tracing.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tracing
port:
number: 9411
- host: my-istio-logs-database.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prometheus
port:
number: 9090
- host: my-kiali.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kiali
port:
number: 20001

9
istio_3/read_role.yaml Normal file
View File

@ -0,0 +1,9 @@
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: istio-system-access
namespace: istio-system
rules:
- apiGroups: ["", "extensions", "apps"]
resources: ["*"]
verbs: ["get", "list"]

34
istio_a/README.md Normal file
View File

@ -0,0 +1,34 @@
# https://istio.io/latest/docs/setup/getting-started/
### https://istio.io/latest/docs/setup/additional-setup/config-profiles/
```shell
istioctl install --set profile=default -y
```
### https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/
### ?
https://istio.io/latest/docs/examples/microservices-istio/istio-ingress-gateway/
```sh
NAMESPACE=istio-test
```
### Wildcard hosts
https://istio.io/latest/docs/tasks/traffic-management/egress/wildcard-egress-hosts/
### ingress gateway
https://istio.io/latest/docs/setup/additional-setup/gateway/
## Documentation
https://istio.io/latest/docs/reference/config/networking/virtual-service/#VirtualService
## Dashboard
### Kiali
https://istio.io/latest/docs/ops/integrations/kiali/#installation

45
istio_a/default.yaml Normal file
View File

@ -0,0 +1,45 @@
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
# The selector matches the ingress gateway pod labels.
# If you installed Istio using Helm following the standard documentation, this would be "istio=ingress"
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
# - uri:
# exact: /logout
# - uri:
# prefix: /api/v1/products
rewrite:
uri: /
route:
- destination:
host: productpage
port:
number: 80

53
istio_a/default2.yaml Normal file
View File

@ -0,0 +1,53 @@
apiVersion: v1
kind: Service
metadata:
name: productpage
labels:
app: productpage
service: productpage
spec:
ports:
- port: 80
name: http
selector:
app: productpage
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-productpage
labels:
account: productpage
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: productpage-v1
labels:
app: productpage
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: productpage
version: v1
template:
metadata:
# annotations:
# prometheus.io/scrape: "true"
# prometheus.io/port: "9080"
# prometheus.io/path: "/metrics"
labels:
app: productpage
version: v1
spec:
serviceAccountName: bookinfo-productpage
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
volumes:
- name: tmp
emptyDir: {}

83
metallib/README.md
View File

@ -1,34 +1,89 @@
[//]: # ()
[//]: # (# https://levelup.gitconnected.com/step-by-step-slow-guide-kubernetes-cluster-on-raspberry-pi-4b-part-3-899fc270600e)
# https://levelup.gitconnected.com/step-by-step-slow-guide-kubernetes-cluster-on-raspberry-pi-4b-part-3-899fc270600e
[//]: # ()
[//]: # ()
[//]: # (kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml)
[//]: # (kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml)
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml
[//]: # ()
kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
https://metallb.universe.tf/installation/
https://metallb.universe.tf/configuration/_advanced_l2_configuration/
https://mvallim.github.io/kubernetes-under-the-hood/documentation/kube-metallb.html
cat << EOF > metalLB-config.yaml
```sh
kubectl apply -f - << EOF
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 192.168.1.30-192.168.1.130
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 192.168.1.50-192.168.1.130
EOF
```
```sh
kubectl delete -f - << EOF
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 192.168.1.50-192.168.1.130
EOF
```
kubectl apply -f metalLB-config.yaml
```sh
kubectl apply -f - << EOF
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
- 192.168.1.50-192.168.1.130
EOF
```
```sh
kubectl delete -f - << EOF
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
- 192.168.1.50-192.168.1.130
EOF
```
# https://github.com/metallb/metallb/blob/main/design/pool-configuration.md

9
metallib/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
#kubectl create deployment demo --image=httpd --port=80
#kubectl expose deployment demo
#
#kubectl create ingress demo-localhost --class=nginx \
#--rule="demo.localdev.me/*=demo:80"
#
#
#
## kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller 8080:80

25
nginx_ingress/README.md Normal file
View File

@ -0,0 +1,25 @@
##### https://github.com/istio/istio/tree/master/samples
```shell
$ kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
demo-localhost nginx demo.localdev.me 192.168.1.31 80 21h
$ curl 192.168.1.31
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
$ curl 192.168.1.31 -HHOST:demo.localdev.me
<html><body><h1>It works!</h1></body></html>
```
https://kubernetes.github.io/ingress-nginx/user-guide/basic-usage/
ingress-nginx
https://docs.nginx.com/nginx-ingress-controller/

61
nginx_ingress/example.yaml Normal file
View File

@ -0,0 +1,61 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
#namespace: nginx-ingress-testing
labels:
environment: nginx-deployment
spec:
selector:
matchLabels:
name: nginx-service
replicas: 1
template:
metadata:
labels:
name: nginx-service
spec:
containers:
- name: nginxo
image: nginx
ports:
- containerPort: 80
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-myservicea
#namespace: nginx-ingress-testing
spec:
rules:
#- host: *
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-deployment
port:
number: 80
ingressClassName: nginx
#---
#apiVersion: networking.k8s.io/v1
#kind: Ingress
#metadata:
# name: ingress-myserviceb
# namespace: nginx-ingress-testing
#spec:
# rules:
# - host: myserviceb.foo.org
# http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: myserviceb
# port:
# number: 80
# ingressClassName: nginx

1
simple_nginx/ingress.yaml
View File

@ -11,7 +11,6 @@
# ports:
# - containerPort: 80
# name: http-web-svc
---
apiVersion: v1
kind: Service