From a924d8ba916dbd0be6b7bd11dd5b7721ec30c464 Mon Sep 17 00:00:00 2001 From: Oriol Date: Sat, 8 Apr 2023 18:41:41 +0100 Subject: [PATCH] idk i brought Istio and some other things --- Istio/NetworkPolicies/README.md | 1 + Istio/bookshelf/README.md | 1 + Istio/bookshelf/bookinfo-gateway.yaml | 52 +++ Istio/bookshelf/bookinfo.yaml | 343 ++++++++++++++++++ Istio/ingress.yaml | 15 + Istio/simple/README.md | 6 + .../README.md | 102 ++++++ .../deployment.yaml | 48 +++ .../gateway.yaml | 36 ++ .../README.md | 182 ++++++++++ .../deployment.yaml | 82 +++++ .../gateway.yaml | 61 ++++ .../README.md | 139 +++++++ .../deployment.yaml | 76 ++++ .../gateway.yaml | 36 ++ Istio/tmp/ingress.yaml | 63 ++++ Istio/tmp/tmp.txt | 29 ++ LB/lb.yaml | 118 ++++-- README.md | 3 + dashboard/README.md | 7 + dashboard/dashboard.yaml | 33 ++ ingress/test.yaml | 80 ++++ istio_2/README.md | 1 + istio_2/file.yaml | 43 +++ istio_2/file2.yaml | 37 ++ istio_2/tmp2.yaml | 35 ++ istio_3/README.md | 48 +++ istio_3/ingress.yaml | 49 +++ istio_3/read_role.yaml | 9 + istio_a/README.md | 34 ++ istio_a/default.yaml | 45 +++ istio_a/default2.yaml | 53 +++ metallib/README.md | 83 ++++- metallib/deployment.yaml | 9 + nginx_ingress/README.md | 25 ++ nginx_ingress/example.yaml | 61 ++++ simple_nginx/ingress.yaml | 1 - 37 files changed, 2002 insertions(+), 44 deletions(-) create mode 100644 Istio/NetworkPolicies/README.md create mode 100644 Istio/bookshelf/README.md create mode 100644 Istio/bookshelf/bookinfo-gateway.yaml create mode 100644 Istio/bookshelf/bookinfo.yaml create mode 100644 Istio/ingress.yaml create mode 100644 Istio/simple/README.md create mode 100644 Istio/simple/hello_world_1_service_1_deployment/README.md create mode 100644 Istio/simple/hello_world_1_service_1_deployment/deployment.yaml create mode 100644 Istio/simple/hello_world_1_service_1_deployment/gateway.yaml create mode 100644 Istio/simple/hello_world_1_service_2_deployments_managed_version/README.md create mode 100644 Istio/simple/hello_world_1_service_2_deployments_managed_version/deployment.yaml create mode 100644 Istio/simple/hello_world_1_service_2_deployments_managed_version/gateway.yaml create mode 100644 Istio/simple/hello_world_1_service_2_deployments_unmanaged/README.md create mode 100644 Istio/simple/hello_world_1_service_2_deployments_unmanaged/deployment.yaml create mode 100644 Istio/simple/hello_world_1_service_2_deployments_unmanaged/gateway.yaml create mode 100644 Istio/tmp/ingress.yaml create mode 100644 Istio/tmp/tmp.txt create mode 100644 README.md create mode 100644 dashboard/README.md create mode 100644 dashboard/dashboard.yaml create mode 100644 ingress/test.yaml create mode 100644 istio_2/README.md create mode 100644 istio_2/file.yaml create mode 100644 istio_2/file2.yaml create mode 100644 istio_2/tmp2.yaml create mode 100644 istio_3/README.md create mode 100644 istio_3/ingress.yaml create mode 100644 istio_3/read_role.yaml create mode 100644 istio_a/README.md create mode 100644 istio_a/default.yaml create mode 100644 istio_a/default2.yaml create mode 100644 metallib/deployment.yaml create mode 100644 nginx_ingress/README.md create mode 100644 nginx_ingress/example.yaml diff --git a/Istio/NetworkPolicies/README.md b/Istio/NetworkPolicies/README.md new file mode 100644 index 0000000..bdf2713 --- /dev/null +++ b/Istio/NetworkPolicies/README.md @@ -0,0 +1 @@ +https://istio.io/latest/blog/2017/0.1-using-network-policy/#examples \ No newline at end of file diff --git a/Istio/bookshelf/README.md b/Istio/bookshelf/README.md new file mode 100644 index 0000000..e3c033b --- /dev/null +++ b/Istio/bookshelf/README.md @@ -0,0 +1 @@ +# Example from istio, using it for testing purposes \ No newline at end of file diff --git a/Istio/bookshelf/bookinfo-gateway.yaml b/Istio/bookshelf/bookinfo-gateway.yaml new file mode 100644 index 0000000..57fb37b --- /dev/null +++ b/Istio/bookshelf/bookinfo-gateway.yaml @@ -0,0 +1,52 @@ + +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: bookinfo-gateway +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: bookinfo +spec: + hosts: + - "*" + gateways: + - bookinfo-gateway + http: + - match: + - uri: + exact: /productpage + - uri: + prefix: /static + - uri: + exact: /login + - uri: + exact: /logout + - uri: + prefix: /api/v1/products + route: + - destination: + host: productpage + port: + number: 9080 + - match: + - uri: + exact: /helloworld + route: + - destination: + host: productpage + port: + number: 9080 + rewrite: + uri: "/productpage" diff --git a/Istio/bookshelf/bookinfo.yaml b/Istio/bookshelf/bookinfo.yaml new file mode 100644 index 0000000..4de3a21 --- /dev/null +++ b/Istio/bookshelf/bookinfo.yaml @@ -0,0 +1,343 @@ +# Copyright Istio Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################################################## +# This file defines the services, service accounts, and deployments for the Bookinfo sample. +# +# To apply all 4 Bookinfo services, their corresponding service accounts, and deployments: +# +# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml +# +# Alternatively, you can deploy any resource separately: +# +# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l service=reviews # reviews Service +# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l account=reviews # reviews ServiceAccount +# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l app=reviews,version=v3 # reviews-v3 Deployment +################################################################################################## + +################################################################################################## +# Details service +################################################################################################## +apiVersion: v1 +kind: Service +metadata: + name: details + labels: + app: details + service: details +spec: + ports: + - port: 9080 + name: http + selector: + app: details +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: bookinfo-details + labels: + account: details +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: details-v1 + labels: + app: details + version: v1 +spec: + replicas: 1 + selector: + matchLabels: + app: details + version: v1 + template: + metadata: + labels: + app: details + version: v1 + spec: + serviceAccountName: bookinfo-details + containers: + - name: details + image: docker.io/istio/examples-bookinfo-details-v1:1.17.0 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9080 + securityContext: + runAsUser: 1000 +--- +################################################################################################## +# Ratings service +################################################################################################## +apiVersion: v1 +kind: Service +metadata: + name: ratings + labels: + app: ratings + service: ratings +spec: + ports: + - port: 9080 + name: http + selector: + app: ratings +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: bookinfo-ratings + labels: + account: ratings +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ratings-v1 + labels: + app: ratings + version: v1 +spec: + replicas: 1 + selector: + matchLabels: + app: ratings + version: v1 + template: + metadata: + labels: + app: ratings + version: v1 + spec: + serviceAccountName: bookinfo-ratings + containers: + - name: ratings + image: docker.io/istio/examples-bookinfo-ratings-v1:1.17.0 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9080 + securityContext: + runAsUser: 1000 +--- +################################################################################################## +# Reviews service +################################################################################################## +apiVersion: v1 +kind: Service +metadata: + name: reviews + labels: + app: reviews + service: reviews +spec: + ports: + - port: 9080 + name: http + selector: + app: reviews +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: bookinfo-reviews + labels: + account: reviews +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: reviews-v1 + labels: + app: reviews + version: v1 +spec: + replicas: 1 + selector: + matchLabels: + app: reviews + version: v1 + template: + metadata: + labels: + app: reviews + version: v1 + spec: + serviceAccountName: bookinfo-reviews + containers: + - name: reviews + image: docker.io/istio/examples-bookinfo-reviews-v1:1.17.0 + imagePullPolicy: IfNotPresent + env: + - name: LOG_DIR + value: "/tmp/logs" + ports: + - containerPort: 9080 + volumeMounts: + - name: tmp + mountPath: /tmp + - name: wlp-output + mountPath: /opt/ibm/wlp/output + securityContext: + runAsUser: 1000 + volumes: + - name: wlp-output + emptyDir: {} + - name: tmp + emptyDir: {} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: reviews-v2 + labels: + app: reviews + version: v2 +spec: + replicas: 1 + selector: + matchLabels: + app: reviews + version: v2 + template: + metadata: + labels: + app: reviews + version: v2 + spec: + serviceAccountName: bookinfo-reviews + containers: + - name: reviews + image: docker.io/istio/examples-bookinfo-reviews-v2:1.17.0 + imagePullPolicy: IfNotPresent + env: + - name: LOG_DIR + value: "/tmp/logs" + ports: + - containerPort: 9080 + volumeMounts: + - name: tmp + mountPath: /tmp + - name: wlp-output + mountPath: /opt/ibm/wlp/output + securityContext: + runAsUser: 1000 + volumes: + - name: wlp-output + emptyDir: {} + - name: tmp + emptyDir: {} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: reviews-v3 + labels: + app: reviews + version: v3 +spec: + replicas: 1 + selector: + matchLabels: + app: reviews + version: v3 + template: + metadata: + labels: + app: reviews + version: v3 + spec: + serviceAccountName: bookinfo-reviews + containers: + - name: reviews + image: docker.io/istio/examples-bookinfo-reviews-v3:1.17.0 + imagePullPolicy: IfNotPresent + env: + - name: LOG_DIR + value: "/tmp/logs" + ports: + - containerPort: 9080 + volumeMounts: + - name: tmp + mountPath: /tmp + - name: wlp-output + mountPath: /opt/ibm/wlp/output + securityContext: + runAsUser: 1000 + volumes: + - name: wlp-output + emptyDir: {} + - name: tmp + emptyDir: {} +--- +################################################################################################## +# Productpage services +################################################################################################## +apiVersion: v1 +kind: Service +metadata: + name: productpage + labels: + app: productpage + service: productpage +spec: + ports: + - port: 9080 + name: http + selector: + app: productpage +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: bookinfo-productpage + labels: + account: productpage +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: productpage-v1 + labels: + app: productpage + version: v1 +spec: + replicas: 1 + selector: + matchLabels: + app: productpage + version: v1 + template: + metadata: + labels: + app: productpage + version: v1 + spec: + serviceAccountName: bookinfo-productpage + containers: + - name: productpage + image: docker.io/istio/examples-bookinfo-productpage-v1:1.17.0 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9080 + volumeMounts: + - name: tmp + mountPath: /tmp + securityContext: + runAsUser: 1000 + volumes: + - name: tmp + emptyDir: {} +--- diff --git a/Istio/ingress.yaml b/Istio/ingress.yaml new file mode 100644 index 0000000..bbc6e81 --- /dev/null +++ b/Istio/ingress.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: istio-ingress + labels: + istio: ingress +spec: + type: LoadBalancer + ports: + - port: 80 + name: http + - port: 443 + name: https + selector: + istio: ingress diff --git a/Istio/simple/README.md b/Istio/simple/README.md new file mode 100644 index 0000000..624debe --- /dev/null +++ b/Istio/simple/README.md @@ -0,0 +1,6 @@ +# Simple examples + + +# Traffic path + +## Istio Ingress Controller ---> Gateway -> Virtual Service (-> Destination Route) -> Ingress -> Deployment \ No newline at end of file diff --git a/Istio/simple/hello_world_1_service_1_deployment/README.md b/Istio/simple/hello_world_1_service_1_deployment/README.md new file mode 100644 index 0000000..b76f3a2 --- /dev/null +++ b/Istio/simple/hello_world_1_service_1_deployment/README.md @@ -0,0 +1,102 @@ +##### https://github.com/istio/istio/tree/master/samples/helloworld + +# Simple Hello World + +- 1 Service +- 1 Deployment + +I think that by default uses `RANDOM`. + +https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy + +https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings + + +Relies in automatic sidecar injection. + + +> Contains service account configurations, yet they are commented as not "necessary". + + +## Files + +- deployment.yaml +- gateway.yaml + +## deployment.yaml + +### Creates + +#### Service + +- helloworld + +#### Deployments + +- helloworld-nginx (Nginx container) + +## gateway.yaml + +### Creates + +#### Gateway + +##### helloworld-gateway + +###### Configuration + +```yml +port: 80 +istio-ingress: ingressgateway +hosts: "*" +``` + +#### VirtualService + +##### helloworld-vs + +###### Configuration + +```yaml +hosts: "*" +uri: "/helloworld" +``` + +# Run example + +## Deploy resources + +```shell +$ kubectl apply -f ./ +service/helloworld created +deployment.apps/helloworld-nginx created +gateway.networking.istio.io/helloworld-gateway created +virtualservice.networking.istio.io/helloworld-vs created +``` + +## Wait for the pods to be ready + +(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment) + +```shell +$ kubectl get deployment helloworld-nginx -w +NAME READY UP-TO-DATE AVAILABLE AGE +helloworld-nginx 1/1 1 1 44s +``` + +## Test the service + +### Get LB IP + +```shell +$ kubectl get svc istio-ingressgateway -n istio-system +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h +``` + +### Curl + +```shell +$ curl 192.168.1.50/helloworld -s | grep ".*"  ✔ +Welcome to nginx! +``` \ No newline at end of file diff --git a/Istio/simple/hello_world_1_service_1_deployment/deployment.yaml b/Istio/simple/hello_world_1_service_1_deployment/deployment.yaml new file mode 100644 index 0000000..36e6b76 --- /dev/null +++ b/Istio/simple/hello_world_1_service_1_deployment/deployment.yaml @@ -0,0 +1,48 @@ +# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml +apiVersion: v1 +kind: Service +metadata: + name: helloworld + labels: + app: helloworld + service: helloworld +spec: + ports: + - port: 80 + name: http + selector: + app: helloworld +--- +#apiVersion: v1 +#kind: ServiceAccount +#metadata: +# name: istio-helloworld +# labels: +# account: +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helloworld-nginx + labels: + app: helloworld +spec: + replicas: 1 + selector: + matchLabels: + app: helloworld + template: + metadata: + labels: + app: helloworld + spec: +# serviceAccountName: istio-helloworld + containers: + - name: helloworld + image: nginx + resources: + requests: + cpu: "100m" + imagePullPolicy: IfNotPresent #Always + ports: + - containerPort: 80 diff --git a/Istio/simple/hello_world_1_service_1_deployment/gateway.yaml b/Istio/simple/hello_world_1_service_1_deployment/gateway.yaml new file mode 100644 index 0000000..8ba8a20 --- /dev/null +++ b/Istio/simple/hello_world_1_service_1_deployment/gateway.yaml @@ -0,0 +1,36 @@ +# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: helloworld-gateway +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: helloworld-vs +spec: + hosts: + - "*" + gateways: + - helloworld-gateway + http: + - match: + - uri: + exact: /helloworld + route: + - destination: + host: helloworld + port: + number: 80 + rewrite: + uri: "/" \ No newline at end of file diff --git a/Istio/simple/hello_world_1_service_2_deployments_managed_version/README.md b/Istio/simple/hello_world_1_service_2_deployments_managed_version/README.md new file mode 100644 index 0000000..f18184c --- /dev/null +++ b/Istio/simple/hello_world_1_service_2_deployments_managed_version/README.md @@ -0,0 +1,182 @@ +##### https://github.com/istio/istio/tree/master/samples/helloworld + +https://istio.io/latest/blog/2017/0.1-canary/ + + +# Simple Hello World + +- 1 Service +- 2 Versions + +Iterates between the versions without any specific policy. (actually doesn't use the version for anything) + +I think that by default uses `RANDOM`. + +https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy + +https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings + + +Relies in automatic sidecar injection. + + +> Contains service account configurations, yet they are commented as not "necessary". + +## Quick note + +On this version I have "started" to use the full service name instead of the shorten version, aka: + +```yaml + route: + - destination: + host: helloworld +``` + +Will be: + +```yaml + route: + - destination: + host: helloworld.default.svc.cluster.local +``` + +It's overall a good practice to have, so not much of a reason to not do it. + +https://istio.io/latest/docs/reference/config/networking/destination-rule/#DestinationRule + + +## Files + +- deployment.yaml +- gateway.yaml + +## deployment.yaml + +### Creates + +#### Service + +- helloworld + +#### Deployments + +- helloworld-v1 (Nginx) +- helloworld-v2 (Apache) + +## gateway.yaml + +### Creates + +#### Gateway + +##### helloworld-gateway + +###### Configuration + +```yml +port: 80 +istio-ingress: ingressgateway +hosts: "*" +``` + +#### VirtualService + +##### helloworld-vs + +###### Configuration + +```yaml +hosts: "*" +uri: "/helloworld" +versions: + v1: + weight: "25%" + v2: + weight: "75%" +``` + +#### Destination Rule + +###### Configuration + +```yaml + +``` + + +# Run example + +## Deploy resources + +```shell +$ kubectl apply -f ./ +service/helloworld created +deployment.apps/helloworld-v1 created +deployment.apps/helloworld-v2 created +gateway.networking.istio.io/helloworld-gateway created +virtualservice.networking.istio.io/helloworld-vs created +destinationrule.networking.istio.io/helloworld-destinationrule created +``` + +## Wait for the pods to be ready + +(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment) + +```shell +$ kubectl get deployment helloworld-v{1..2} -w  ✔  kubernetes-admin@kubernetes ⎈ +NAME READY UP-TO-DATE AVAILABLE AGE +helloworld-v1 1/1 1 1 4m1s +helloworld-v2 1/1 1 1 4m1s +``` + +## Test the service + +### Get LB IP + +```shell +$ kubectl get svc istio-ingressgateway -n istio-system +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h +``` + +### Curl + +Iterates between Nginx and Apache. Somwhat close to the ratio configured. + +> Nginx instances (v1): 2 \ +> Apache instances (v2): 9 + +```shell +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

It works!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

It works!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

It works!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

It works!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

It works!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

It works!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

It works!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

It works!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

Welcome to nginx!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

It works!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

" +

Welcome to nginx!

+``` diff --git a/Istio/simple/hello_world_1_service_2_deployments_managed_version/deployment.yaml b/Istio/simple/hello_world_1_service_2_deployments_managed_version/deployment.yaml new file mode 100644 index 0000000..0745bb1 --- /dev/null +++ b/Istio/simple/hello_world_1_service_2_deployments_managed_version/deployment.yaml @@ -0,0 +1,82 @@ +# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml +apiVersion: v1 +kind: Service +metadata: + name: helloworld + labels: + app: helloworld + service: helloworld +spec: + ports: + - port: 80 + name: http + selector: + app: helloworld +--- +#apiVersion: v1 +#kind: ServiceAccount +#metadata: +# name: istio-helloworld +# labels: +# account: +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helloworld-v1 + labels: + app: helloworld + version: v1 +spec: + replicas: 1 + selector: + matchLabels: + app: helloworld + version: v1 + template: + metadata: + labels: + app: helloworld + version: v1 + spec: +# serviceAccountName: istio-helloworld + containers: + - name: helloworld + image: nginx + resources: + requests: + cpu: "100m" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 80 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helloworld-v2 + labels: + app: helloworld + version: v2 +spec: + replicas: 1 + selector: + matchLabels: + app: helloworld + version: v2 + template: + metadata: + labels: + app: helloworld + version: v2 + spec: +# serviceAccountName: istio-helloworld + containers: + - name: helloworld + image: httpd + resources: + requests: + cpu: "100m" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 80 +--- \ No newline at end of file diff --git a/Istio/simple/hello_world_1_service_2_deployments_managed_version/gateway.yaml b/Istio/simple/hello_world_1_service_2_deployments_managed_version/gateway.yaml new file mode 100644 index 0000000..fbdc82d --- /dev/null +++ b/Istio/simple/hello_world_1_service_2_deployments_managed_version/gateway.yaml @@ -0,0 +1,61 @@ +# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: helloworld-gateway +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: helloworld-vs +spec: + hosts: + - "*" + gateways: + - helloworld-gateway + http: + - match: + - uri: + exact: /helloworld + route: + - destination: + host: helloworld.default.svc.cluster.local +# host: helloworld + port: + number: 80 + subset: v1 + weight: 20 + - destination: +# host: helloworld + host: helloworld.default.svc.cluster.local + port: + number: 80 + subset: v2 + weight: 80 + rewrite: + uri: "/" +--- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: helloworld +spec: +# host: helloworld # destination service + host: helloworld.default.svc.cluster.local # Full destination service, lil better for consistency + subsets: + - name: v1 + labels: + version: v1 + - name: v2 + labels: + version: v2 diff --git a/Istio/simple/hello_world_1_service_2_deployments_unmanaged/README.md b/Istio/simple/hello_world_1_service_2_deployments_unmanaged/README.md new file mode 100644 index 0000000..e38829c --- /dev/null +++ b/Istio/simple/hello_world_1_service_2_deployments_unmanaged/README.md @@ -0,0 +1,139 @@ +##### https://github.com/istio/istio/tree/master/samples/helloworld + +# Simple Hello World + +- 1 Service +- 2 Versions + +Iterates between the versions without any specific policy. (actually doesn't use the version for anything) + +I think that by default uses `RANDOM`. + +https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy + +https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings + + +Relies in automatic sidecar injection. + + +> Contains service account configurations, yet they are commented as not "necessary". + + +## Files + +- deployment.yaml +- gateway.yaml + +## deployment.yaml + +### Creates + +#### Service + +- helloworld + +#### Deployments + +- helloworld-v1 (Nginx) +- helloworld-v2 (Apache) + +## gateway.yaml + +### Creates + +#### Gateway + +##### helloworld-gateway + +###### Configuration + +```yml +port: 80 +istio-ingress: ingressgateway +hosts: "*" +``` + +#### VirtualService + +##### helloworld-vs + +###### Configuration + +```yaml +hosts: "*" +uri: "/helloworld" +``` + + + + + + +# Run example + +## Deploy resources + +```shell +$ kubectl apply -f ./ +service/helloworld created +deployment.apps/helloworld-v1 created +deployment.apps/helloworld-v2 created +deployment.apps/helloworld-v2 unchanged +gateway.networking.istio.io/helloworld-gateway created +virtualservice.networking.istio.io/helloworld-vs created +``` + +## Wait for the pods to be ready + +(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment) + +```shell +$ kubectl get deployment helloworld-v{1..2} -w  ✔  kubernetes-admin@kubernetes ⎈ +NAME READY UP-TO-DATE AVAILABLE AGE +helloworld-v1 1/1 1 1 4m1s +helloworld-v2 1/1 1 1 4m1s +``` + +## Test the service + +### Get LB IP + +```shell +$ kubectl get svc istio-ingressgateway -n istio-system +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h +``` + +### Curl + +Iterates randomly between Nginx and Apache + +```shell +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

Welcome to nginx!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

It works!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

Welcome to nginx!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

It works!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

Welcome to nginx!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

It works!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

Welcome to nginx!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

Welcome to nginx!

+ +$ curl 192.168.1.50/helloworld -s | grep "

.*

"  ✔ +

It works!

+``` diff --git a/Istio/simple/hello_world_1_service_2_deployments_unmanaged/deployment.yaml b/Istio/simple/hello_world_1_service_2_deployments_unmanaged/deployment.yaml new file mode 100644 index 0000000..761def5 --- /dev/null +++ b/Istio/simple/hello_world_1_service_2_deployments_unmanaged/deployment.yaml @@ -0,0 +1,76 @@ +# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml +apiVersion: v1 +kind: Service +metadata: + name: helloworld + labels: + app: helloworld + service: helloworld +spec: + ports: + - port: 80 + name: http + selector: + app: helloworld +--- +#apiVersion: v1 +#kind: ServiceAccount +#metadata: +# name: istio-helloworld +# labels: +# account: +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helloworld-v1 + labels: + app: helloworld +spec: + replicas: 1 + selector: + matchLabels: + app: helloworld + template: + metadata: + labels: + app: helloworld + spec: +# serviceAccountName: istio-helloworld + containers: + - name: helloworld + image: nginx + resources: + requests: + cpu: "100m" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 80 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helloworld-v2 + labels: + app: helloworld +spec: + replicas: 1 + selector: + matchLabels: + app: helloworld + template: + metadata: + labels: + app: helloworld + spec: +# serviceAccountName: istio-helloworld + containers: + - name: helloworld + image: httpd + resources: + requests: + cpu: "100m" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 80 +--- \ No newline at end of file diff --git a/Istio/simple/hello_world_1_service_2_deployments_unmanaged/gateway.yaml b/Istio/simple/hello_world_1_service_2_deployments_unmanaged/gateway.yaml new file mode 100644 index 0000000..8ba8a20 --- /dev/null +++ b/Istio/simple/hello_world_1_service_2_deployments_unmanaged/gateway.yaml @@ -0,0 +1,36 @@ +# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: helloworld-gateway +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: helloworld-vs +spec: + hosts: + - "*" + gateways: + - helloworld-gateway + http: + - match: + - uri: + exact: /helloworld + route: + - destination: + host: helloworld + port: + number: 80 + rewrite: + uri: "/" \ No newline at end of file diff --git a/Istio/tmp/ingress.yaml b/Istio/tmp/ingress.yaml new file mode 100644 index 0000000..8743294 --- /dev/null +++ b/Istio/tmp/ingress.yaml @@ -0,0 +1,63 @@ +## https://istio.io/latest/docs/setup/additional-setup/gateway/#deploying-a-gateway +#apiVersion: v1 +#kind: Service +#metadata: +# name: istio-ingressgateway2 +# namespace: istio-ingress +#spec: +# type: LoadBalancer +# selector: +# istio: ingressgateway +# ports: +# - port: 80 +# name: http +# - port: 443 +# name: https +#--- +#apiVersion: apps/v1 +#kind: Deployment +#metadata: +# name: istio-ingressgateway2 +# namespace: istio-ingress +#spec: +# selector: +# matchLabels: +# istio: ingressgateway +# template: +# metadata: +# annotations: +# # Select the gateway injection template (rather than the default sidecar template) +# inject.istio.io/templates: gateway +# labels: +# # Set a unique label for the gateway. This is required to ensure Gateways can select this workload +# istio: ingressgateway +# # Enable gateway injection. If connecting to a revisioned control plane, replace with "istio.io/rev: revision-name" +# sidecar.istio.io/inject: "true" +# spec: +# containers: +# - name: istio-proxy +# image: auto # The image will automatically update each time the pod starts. +#--- +## Set up roles to allow reading credentials for TLS +#apiVersion: rbac.authorization.k8s.io/v1 +#kind: Role +#metadata: +# name: istio-ingressgateway2-sds +# namespace: istio-ingress +#rules: +# - apiGroups: [""] +# resources: ["secrets"] +# verbs: ["get", "watch", "list"] +#--- +#apiVersion: rbac.authorization.k8s.io/v1 +#kind: RoleBinding +#metadata: +# name: istio-ingressgateway2-sds +# namespace: istio-ingress +#roleRef: +# apiGroup: rbac.authorization.k8s.io +# kind: Role +# name: istio-ingressgateway2-sds +#subjects: +# - kind: ServiceAccount +# name: default \ No newline at end of file diff --git a/Istio/tmp/tmp.txt b/Istio/tmp/tmp.txt new file mode 100644 index 0000000..bc35189 --- /dev/null +++ b/Istio/tmp/tmp.txt @@ -0,0 +1,29 @@ +https://medium.com/@dinup24/expose-apps-on-private-network-through-istio-ingress-gateway-7dcb8a16d5bc + + +cat << EOF > istio-operator.yaml +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +metadata: + namespace: istio-system + name: istio-operator +spec: + profile: default + components: + ingressGateways: + - name: istio-ingressgateway + enabled: true + - namespace: istio-system + name: istio-ingressgateway-private + enabled: true + k8s: + serviceAnnotations: + service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: "private" + values: + gateways: + istio-ingressgateway: + sds: + enabled: true +EOF + +istioctl manifest apply -f istio-operator.yaml \ No newline at end of file diff --git a/LB/lb.yaml b/LB/lb.yaml index 0536b24..ca32151 100644 --- a/LB/lb.yaml +++ b/LB/lb.yaml @@ -1,38 +1,98 @@ -# -#--- -#apiVersion: apps/v1 -#kind: Deployment -#metadata: -# name: nginx-deployment -#spec: -# selector: -# matchLabels: -# app: nginx-backend -# replicas: 2 # tells deployment to run 2 pods matching the template -# template: -# metadata: -# labels: -# app: nginx -# spec: -# containers: -# - name: nginx -# image: nginx:1.14.2 -# ports: -# - containerPort: 80 -#--- +# Example of a Ingress "LB" that itterates between 3 instances +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginxo-deploayment + labels: + environment: testin-lb1s +spec: + selector: + matchLabels: + applicasao: webpaggo + replicas: 1 + template: + metadata: + labels: + applicasao: webpaggo + spec: + containers: + - name: nginxo + image: nginx + ports: + - containerPort: 80 + name: http +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: whoami-traefik + labels: + environment: testin-lb1 +spec: + selector: + matchLabels: + applicasao: webpaggo + replicas: 2 + template: + metadata: + labels: + applicasao: webpaggo + spec: + containers: + - name: whoami + image: traefik/whoami + ports: + - containerPort: 80 + name: http +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: httpago-deployment + labels: + environment: testin-lb1 +spec: + selector: + matchLabels: + applicasao: webpaggo + replicas: 1 + template: + metadata: + labels: + applicasao: webpaggo + spec: + containers: + - name: apache + image: httpd + ports: + - containerPort: 80 + name: http +--- apiVersion: v1 kind: Service metadata: - name: nginx-lb + name: ingressito + labels: + environment: testin-lb1 spec: selector: - app: whoami-service + applicasao: webpaggo ports: - - port: 80 # Published port - targetPort: 80 # Container port -# - port: 443 # Published port -# targetPort: 443 # Container port + - port: 80 + targetPort: http externalTrafficPolicy: Local type: LoadBalancer -#--- + + + + + + + + + + + + + diff --git a/README.md b/README.md new file mode 100644 index 0000000..2af018d --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# Surely only the following folders work / have any meaningful information + +- [Istio](/Istio) \ No newline at end of file diff --git a/dashboard/README.md b/dashboard/README.md new file mode 100644 index 0000000..9305ed9 --- /dev/null +++ b/dashboard/README.md @@ -0,0 +1,7 @@ +https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md + + + +``` +eyJhbGciOiJSUzI1NiIsImtpZCI6IlZJbF9YZWlzNGVybkRTMUVjZ0hFbVJkZ0tVaEFYVTNSUjhVWXlJWWJuUkEifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjc5MDExNTUwLCJpYXQiOjE2NzkwMDc5NTAsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiZDhmOWU3YTgtYmZiMy00Zjc0LWE3Y2MtZjZjODkzMmEzOWYzIn19LCJuYmYiOjE2NzkwMDc5NTAsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbi11c2VyIn0.HAmpLXAz8GZpEDqvpsQNnS3HOvP13UnytbVLzmfCMEKpA_HrVtq48fqeRbWICjNit7qeT8eGEB22fTsBhFzGLoKM7REC7hisq8jiMMvKOtZ-wbCQk5SiK4njr0ovhxKfhUvumK6D7oPVdSXGX3j8LC_T6nLjfMqoU3vRMam08yUJ88WWVQLKUOKlqVbsQaLrWvjg8M8Sme0gawxRFo21DFHfk8afP6kEC7n6MnBna6bjd2He74GeJZ9QwwdllTjIX9GdVxXpjj8e1VnvkTZKDWzV9F5mLHmuuE8lgQT02kZRUv0P3vPGckIgUS-kzvBIrmBwIjvStiOK6L93zzJHTg +``` \ No newline at end of file diff --git a/dashboard/dashboard.yaml b/dashboard/dashboard.yaml new file mode 100644 index 0000000..fd3253b --- /dev/null +++ b/dashboard/dashboard.yaml @@ -0,0 +1,33 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-pub + namespace: kubernetes-dashboard +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + k8s-app: kubernetes-dashboard-pub + type: LoadBalancer +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: admin-user + namespace: kubernetes-dashboard +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: admin-user +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: admin-user + namespace: kubernetes-dashboard \ No newline at end of file diff --git a/ingress/test.yaml b/ingress/test.yaml new file mode 100644 index 0000000..4b2e5e5 --- /dev/null +++ b/ingress/test.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-ingress-test + labels: + example: ingress +spec: + selector: + matchLabels: + app: nginx-test + replicas: 1 # Not much meaningful to have 2 pods if the content will be the same ... + template: + metadata: + labels: + example: ingress + app: nginx-test + spec: + containers: + - name: nginx-cont + image: nginx + ports: + - containerPort: 80 + name: http +--- +apiVersion: v1 +kind: Service +metadata: + name: ingress-service + labels: + example: ingress +spec: + selector: + app: nginx-test + ports: + - port: 80 + targetPort: http + externalTrafficPolicy: Local + type: NodePort + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-test +# annotations: +# nginx.ingress.kubernetes.io/rewrite-target: / + labels: + example: ingress +spec: + ingressClassName: ingress-example + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ingress-service + port: + number: 80 +#--- +#apiVersion: networking.k8s.io/v1 +#kind: Ingress +#metadata: +# annotations: +# kubernetes.io/ingress.class: istio +# name: istio-ingress +#spec: +# rules: +# #- host: * +# - http: +# paths: +# - path: / +# pathType: Prefix +# backend: +# service: +# name: ingress-service +# port: +# number: 80 +# type: LoadBalancer \ No newline at end of file diff --git a/istio_2/README.md b/istio_2/README.md new file mode 100644 index 0000000..095ba2e --- /dev/null +++ b/istio_2/README.md @@ -0,0 +1 @@ +https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ \ No newline at end of file diff --git a/istio_2/file.yaml b/istio_2/file.yaml new file mode 100644 index 0000000..b46d444 --- /dev/null +++ b/istio_2/file.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: httpbin +--- +apiVersion: v1 +kind: Service +metadata: + name: httpbin + labels: + app: httpbin + service: httpbin +spec: + ports: + - name: http + port: 8000 + targetPort: 80 + selector: + app: httpbin +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: httpbin +spec: + replicas: 1 + selector: + matchLabels: + app: httpbin + version: v1 + template: + metadata: + labels: + app: httpbin + version: v1 + spec: + serviceAccountName: httpbin + containers: + - image: docker.io/kennethreitz/httpbin + imagePullPolicy: IfNotPresent + name: httpbin + ports: + - containerPort: 80 \ No newline at end of file diff --git a/istio_2/file2.yaml b/istio_2/file2.yaml new file mode 100644 index 0000000..d4ec00a --- /dev/null +++ b/istio_2/file2.yaml @@ -0,0 +1,37 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: httpbin-gateway +spec: + # The selector matches the ingress gateway pod labels. + # If you installed Istio using Helm following the standard documentation, this would be "istio=ingress" + selector: + istio: ingressgateway + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "httpbin.example.com" +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: httpbin +spec: + hosts: + - "httpbin.example.com" + gateways: + - httpbin-gateway + http: + - match: + - uri: + prefix: /status + - uri: + prefix: /delay + route: + - destination: + port: + number: 8000 + host: httpbin \ No newline at end of file diff --git a/istio_2/tmp2.yaml b/istio_2/tmp2.yaml new file mode 100644 index 0000000..5e49e02 --- /dev/null +++ b/istio_2/tmp2.yaml @@ -0,0 +1,35 @@ +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: http + namespace: default +spec: + parentRefs: + - name: gateway + namespace: istio-ingress + hostnames: ["httpbin.example.com"] + rules: + - matches: + - path: + type: PathPrefix + value: /get + - path: + type: PathPrefix + value: /headers + filters: + - type: URLRewrite + urlRewrite: +# hostname: "*" + hostname: elsewhere.example + path: + type: ReplacePrefixMatch +# replacePrefixMatch: / + replacePrefixMatch: /fennel +# - type: RequestHeaderModifier +# requestHeaderModifier: +# add: +# - name: my-added-header +# value: added-value + backendRefs: + - name: httpbin + port: 8000 diff --git a/istio_3/README.md b/istio_3/README.md new file mode 100644 index 0000000..6dde793 --- /dev/null +++ b/istio_3/README.md @@ -0,0 +1,48 @@ +## https://istio.io/latest/docs/examples/microservices-istio/setup-kubernetes-cluster/ + +### Create namespaces + +```shell +export NAMESPACE=tutorial +kubectl create namespace $NAMESPACE +``` + +### Install istio demo + + +```shell +istioctl install --set profile=demo +``` + + +### Install telemetry addons + +#### Grafana + +```shell +kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/grafana.yaml +``` + +#### Prometheus + +```shell +kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/prometheus.yaml +``` + +#### Kiali + +```shell +kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/kiali.yaml +``` + +#### Jaeger + +```shell +kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/jaeger.yaml +``` + +### Create ingress resources + +```shell +kubectl apply ./gateway.yaml +``` \ No newline at end of file diff --git a/istio_3/ingress.yaml b/istio_3/ingress.yaml new file mode 100644 index 0000000..e2bea4f --- /dev/null +++ b/istio_3/ingress.yaml @@ -0,0 +1,49 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: istio-system + namespace: istio-system + annotations: + kubernetes.io/ingress.class: istio +spec: + rules: + - host: my-istio-dashboard.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: grafana + port: + number: 3000 + - host: my-istio-tracing.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: tracing + port: + number: 9411 + - host: my-istio-logs-database.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prometheus + port: + number: 9090 + - host: my-kiali.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kiali + port: + number: 20001 diff --git a/istio_3/read_role.yaml b/istio_3/read_role.yaml new file mode 100644 index 0000000..6b30d66 --- /dev/null +++ b/istio_3/read_role.yaml @@ -0,0 +1,9 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-system-access + namespace: istio-system +rules: + - apiGroups: ["", "extensions", "apps"] + resources: ["*"] + verbs: ["get", "list"] \ No newline at end of file diff --git a/istio_a/README.md b/istio_a/README.md new file mode 100644 index 0000000..14dd914 --- /dev/null +++ b/istio_a/README.md @@ -0,0 +1,34 @@ +# https://istio.io/latest/docs/setup/getting-started/ +### https://istio.io/latest/docs/setup/additional-setup/config-profiles/ + + +```shell +istioctl install --set profile=default -y +``` +### https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/ + + +### ? + +https://istio.io/latest/docs/examples/microservices-istio/istio-ingress-gateway/ + +```sh +NAMESPACE=istio-test +``` + +### Wildcard hosts +https://istio.io/latest/docs/tasks/traffic-management/egress/wildcard-egress-hosts/ + + +### ingress gateway + +https://istio.io/latest/docs/setup/additional-setup/gateway/ + +## Documentation + +https://istio.io/latest/docs/reference/config/networking/virtual-service/#VirtualService + + +## Dashboard +### Kiali +https://istio.io/latest/docs/ops/integrations/kiali/#installation \ No newline at end of file diff --git a/istio_a/default.yaml b/istio_a/default.yaml new file mode 100644 index 0000000..aff1be3 --- /dev/null +++ b/istio_a/default.yaml @@ -0,0 +1,45 @@ +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: bookinfo-gateway +spec: + # The selector matches the ingress gateway pod labels. + # If you installed Istio using Helm following the standard documentation, this would be "istio=ingress" + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" +--- +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: bookinfo +spec: + hosts: + - "*" + gateways: + - bookinfo-gateway + http: + - match: + - uri: + exact: /productpage + - uri: + prefix: /static + - uri: + exact: /login +# - uri: +# exact: /logout +# - uri: +# prefix: /api/v1/products + rewrite: + uri: / + route: + - destination: + host: productpage + port: + number: 80 \ No newline at end of file diff --git a/istio_a/default2.yaml b/istio_a/default2.yaml new file mode 100644 index 0000000..209fac9 --- /dev/null +++ b/istio_a/default2.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: Service +metadata: + name: productpage + labels: + app: productpage + service: productpage +spec: + ports: + - port: 80 + name: http + selector: + app: productpage +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: bookinfo-productpage + labels: + account: productpage +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: productpage-v1 + labels: + app: productpage + version: v1 +spec: + replicas: 1 + selector: + matchLabels: + app: productpage + version: v1 + template: + metadata: +# annotations: +# prometheus.io/scrape: "true" +# prometheus.io/port: "9080" +# prometheus.io/path: "/metrics" + labels: + app: productpage + version: v1 + spec: + serviceAccountName: bookinfo-productpage + containers: + - name: nginx + image: nginx:1.14.2 + ports: + - containerPort: 80 + volumes: + - name: tmp + emptyDir: {} \ No newline at end of file diff --git a/metallib/README.md b/metallib/README.md index e9e2e41..88b238a 100644 --- a/metallib/README.md +++ b/metallib/README.md @@ -1,34 +1,89 @@ +[//]: # () +[//]: # (# https://levelup.gitconnected.com/step-by-step-slow-guide-kubernetes-cluster-on-raspberry-pi-4b-part-3-899fc270600e) -# https://levelup.gitconnected.com/step-by-step-slow-guide-kubernetes-cluster-on-raspberry-pi-4b-part-3-899fc270600e +[//]: # () +[//]: # () +[//]: # (kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml) +[//]: # (kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml) -kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml -kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml - +[//]: # () kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" +https://metallb.universe.tf/installation/ + +https://metallb.universe.tf/configuration/_advanced_l2_configuration/ + +https://mvallim.github.io/kubernetes-under-the-hood/documentation/kube-metallb.html -cat << EOF > metalLB-config.yaml + +```sh +kubectl apply -f - << EOF apiVersion: v1 kind: ConfigMap metadata: -namespace: metallb-system -name: config + namespace: metallb-system + name: config data: -config: | -address-pools: -- name: default -protocol: layer2 -addresses: -- 192.168.1.30-192.168.1.130 + config: | + address-pools: + - name: default + protocol: layer2 + addresses: + - 192.168.1.50-192.168.1.130 EOF +``` + + +```sh +kubectl delete -f - << EOF +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: metallb-system + name: config +data: + config: | + address-pools: + - name: default + protocol: layer2 + addresses: + - 192.168.1.50-192.168.1.130 +EOF +``` -kubectl apply -f metalLB-config.yaml +```sh +kubectl apply -f - << EOF +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: first-pool + namespace: metallb-system +spec: + addresses: + - 192.168.1.50-192.168.1.130 +EOF +``` + +```sh +kubectl delete -f - << EOF +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: first-pool + namespace: metallb-system +spec: + addresses: + - 192.168.1.50-192.168.1.130 +EOF +``` + + # https://github.com/metallb/metallb/blob/main/design/pool-configuration.md \ No newline at end of file diff --git a/metallib/deployment.yaml b/metallib/deployment.yaml new file mode 100644 index 0000000..7f97379 --- /dev/null +++ b/metallib/deployment.yaml @@ -0,0 +1,9 @@ +#kubectl create deployment demo --image=httpd --port=80 +#kubectl expose deployment demo +# +#kubectl create ingress demo-localhost --class=nginx \ +#--rule="demo.localdev.me/*=demo:80" +# +# +# +## kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller 8080:80 diff --git a/nginx_ingress/README.md b/nginx_ingress/README.md new file mode 100644 index 0000000..953a7f8 --- /dev/null +++ b/nginx_ingress/README.md @@ -0,0 +1,25 @@ + +##### https://github.com/istio/istio/tree/master/samples + +```shell +$ kubectl get ingress +NAME CLASS HOSTS ADDRESS PORTS AGE +demo-localhost nginx demo.localdev.me 192.168.1.31 80 21h +$ curl 192.168.1.31 + +404 Not Found + +

404 Not Found

+
nginx
+ + +$ curl 192.168.1.31 -HHOST:demo.localdev.me +

It works!

+``` + + +https://kubernetes.github.io/ingress-nginx/user-guide/basic-usage/ + +ingress-nginx + +https://docs.nginx.com/nginx-ingress-controller/ \ No newline at end of file diff --git a/nginx_ingress/example.yaml b/nginx_ingress/example.yaml new file mode 100644 index 0000000..2fb62c4 --- /dev/null +++ b/nginx_ingress/example.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment + #namespace: nginx-ingress-testing + labels: + environment: nginx-deployment +spec: + selector: + matchLabels: + name: nginx-service + replicas: 1 + template: + metadata: + labels: + name: nginx-service + spec: + containers: + - name: nginxo + image: nginx + ports: + - containerPort: 80 + name: http +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-myservicea + #namespace: nginx-ingress-testing +spec: + rules: + #- host: * + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nginx-deployment + port: + number: 80 + ingressClassName: nginx +#--- +#apiVersion: networking.k8s.io/v1 +#kind: Ingress +#metadata: +# name: ingress-myserviceb +# namespace: nginx-ingress-testing +#spec: +# rules: +# - host: myserviceb.foo.org +# http: +# paths: +# - path: / +# pathType: Prefix +# backend: +# service: +# name: myserviceb +# port: +# number: 80 +# ingressClassName: nginx \ No newline at end of file diff --git a/simple_nginx/ingress.yaml b/simple_nginx/ingress.yaml index 149484b..c252270 100644 --- a/simple_nginx/ingress.yaml +++ b/simple_nginx/ingress.yaml @@ -11,7 +11,6 @@ # ports: # - containerPort: 80 # name: http-web-svc - --- apiVersion: v1 kind: Service