ofilter/ansible_kubernetes_cluster
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Wrote Post Installation thingies

Browse Source
This commit is contained in:
savagebidoof 2023-07-30 01:02:56 +02:00
parent f58c901017
commit ae6fa536f6
11 changed files with 210 additions and 350 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ksetup/K/IstioOperator_IstioConfig.yaml → PostInstall_Example_Config_Files/IstioOperator_Config.yaml
View File

@ -4,11 +4,11 @@ metadata:
namespace: istio-system
name: istio-config
labels:
last-update: 2023-07-16
last-update: 2023-07-30
spec:
profile: minimal
meshConfig:
accessLogFile: /dev/stdout
enableTracing: true
ingressService: istio-public-ingress
ingressSelector: public-ingress
ingressService: istio-ingressgateway
ingressSelector: ingressgateway

21
PostInstall_Example_Config_Files/IstioOperator_Ingress.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: ingress-gateway
labels:
last-update: 2023-07-30
spec:
profile: empty
components:
ingressGateways:
- namespace: istio-system
name: istio-ingressgateway
enabled: true
label:
istio: ingressgateway
app: istio-ingressgateway
k8s:
service:
type: LoadBalancer
# loadBalancerIP: 192.168.1.73

16
ksetup/K/ipRange.yaml → PostInstall_Example_Config_Files/MetalLB.yaml
View File

@ -2,11 +2,12 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: cheap
name: pool1-group
namespace: metallb-system
spec:
addresses:
- 192.168.1.0/24
- 192.168.1.72/30
# - 192.168.1.72-192.168.1.75
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
@ -15,13 +16,4 @@ metadata:
namespace: metallb-system
spec:
ipAddressPools:
- cheap
---
#apiVersion: metallb.io/v1beta1
#kind: IPAddressPool
#metadata:
# name: production
# namespace: metallb-system
#spec:
# addresses:
# - 192.168.1.30-192.168.1.50
- pool1-group

181
PostInstall_Example_Config_Files/README.md Normal file
View File

@ -0,0 +1,181 @@
# POST installation example services.
## Disclaimer
### This assumes all the pods have managed to run correctly.
```shell
kubectl get pods --kubeconfig ksetup/Exported/kubeconfig.conf -A
```
```text
NAMESPACE NAME READY STATUS RESTARTS AGE
default helloworld-nginx-76cbfb674f-xn9hj 1/1 Running 2 (4h53m ago) 7h58m
kube-system calico-kube-controllers-85578c44bf-gdpdm 1/1 Running 2 (4h53m ago) 9h
kube-system calico-node-fpjd2 1/1 Running 2 (4h53m ago) 9h
kube-system coredns-5d78c9869d-pjpmz 1/1 Running 2 (4h53m ago) 9h
kube-system coredns-5d78c9869d-sj9bh 1/1 Running 2 (4h53m ago) 9h
kube-system etcd-pi4.filter.home 1/1 Running 3 (4h53m ago) 9h
kube-system kube-apiserver-pi4.filter.home 1/1 Running 3 (4h53m ago) 9h
kube-system kube-controller-manager-pi4.filter.home 1/1 Running 3 (4h53m ago) 9h
kube-system kube-proxy-9md6w 1/1 Running 2 (4h53m ago) 9h
kube-system kube-scheduler-pi4.filter.home 1/1 Running 3 (4h53m ago) 9h
metallb-system controller-595f88d88f-vx6vx 1/1 Running 3 (4h53m ago) 7h27m
metallb-system speaker-qls8v 1/1 Running 4 (40m ago) 7h27m
```
## Deployment
### Istio
#### Config
```shell
istioctl install --kubeconfig ksetup/Exported/kubeconfig.conf -f PostInstall_Example_Config_Files/IstioOperator_Config.yaml
```
<pre>
This will install the Istio 1.18.2 minimal profile with [&quot;Istio core&quot; &quot;Istiod&quot;] components into the cluster. Proceed? (y/N) y
<span style="color:#7F3FBF"></span> Istio core installed
<span style="color:#7F3FBF"></span> Istiod installed
<span style="color:#7F3FBF"></span> Installation complete
Making this installation the default for injection and validation.
</pre>
#### Ingress
```shell
istioctl install --kubeconfig ksetup/Exported/kubeconfig.conf -f PostInstall_Example_Config_Files/IstioOperator_Ingress.yaml
```
<pre>
This will install the Istio 1.18.2 empty profile into the cluster. Proceed? (y/N) y
<span style="color:#7F3FBF"></span> Ingress gateways installed
<span style="color:#7F3FBF"></span> Installation complete
</pre>
#### Check status
We can see that the Load Balancer we deployed, the `External-IP` field is set to "pending". That's expected, since we have no service providing an IP for us.
```shell
kubectl get svc --kubeconfig ksetup/Exported/kubeconfig.conf -A
```
<pre>
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default helloworld ClusterIP 10.107.193.163 &lt;none&gt; 80/TCP 8h
default kubernetes ClusterIP 10.96.0.1 &lt;none&gt; 443/TCP 9h
istio-system istio-ingressgateway LoadBalancer 10.96.74.132 &lt;pending&gt; 15021:31543/TCP,80:31989/TCP,443:31913/TCP 64s
istio-system istiod ClusterIP 10.108.199.210 &lt;none&gt; 15010/TCP,15012/TCP,443/TCP,15014/TCP 79s
kube-system kube-dns ClusterIP 10.96.0.10 &lt;none&gt; 53/UDP,53/TCP,9153/TCP 9h
metallb-system webhook-service ClusterIP 10.100.237.6 &lt;none&gt; 443/TCP 7h42m
</pre>
## MetalLB
Let's work on our way to provide an IP for the that are on "pending" status.
### Deploy
```shell
kubectl create --kubeconfig ksetup/Exported/kubeconfig.conf -f PostInstall_Example_Config_Files/MetalLB.yaml
```
```text
ipaddresspool.metallb.io/pool1-group created
l2advertisement.metallb.io/pool1-advert created
```
### What did we deploy?
#### pool1-group
States a range/group of IP addresses to use for our services.
- `192.168.1.72/30`
#### pool1-advert
Advertises the desired IP ranges (in our scenario it's `pool1-group`) to the network, that way resources can reach out to such.
### Check status
Now ur services are allowed to have an IP within the "reserved"/configured range.
```shell
kubectl get svc --kubeconfig ksetup/Exported/kubeconfig.conf -n istio-system istio-ingressgateway
```
```text
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.96.74.132 192.168.1.72 15021:31543/TCP,80:31989/TCP,443:31913/TCP 9m21s
```
## Test ingress.
### HealthCheck
Healthcheck passes correctly.
```shell
curl 192.168.1.72:15021/healthz/ready -I
```
```text
HTTP/1.1 200 OK
date: Sat, 29 Jul 2023 22:59:49 GMT
x-envoy-upstream-service-time: 0
server: envoy
transfer-encoding: chunked
```
### Deploy mock resources
```shell
kubectl create --kubeconfig ksetup/Exported/kubeconfig.conf -f PostInstall_Example_Config_Files/Test_Services
```
```text
deployment.apps/helloworld-nginx created
gateway.networking.istio.io/helloworld-gateway created
service/helloworld created
virtualservice.networking.istio.io/helloworld-vs created
```
### Test mock resources
We are able to receive response from the Nginx Deployment.
```shell
curl 192.168.1.72/helloworld
```
```text
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
```

0
ksetup/K/testD/Deployment.yaml → PostInstall_Example_Config_Files/Test_Services/Deployment.yaml Executable file → Normal file
View File

2
ksetup/K/testD/Gateway.yaml → PostInstall_Example_Config_Files/Test_Services/Gateway.yaml
View File

@ -4,7 +4,7 @@ metadata:
name: helloworld-gateway
spec:
selector:
istio: public-ingress
istio: ingressgateway
servers:
- port:
number: 80

0
ksetup/K/testD/Service.yaml → PostInstall_Example_Config_Files/Test_Services/Service.yaml
View File

0
ksetup/K/testD/VirtualService.yaml → PostInstall_Example_Config_Files/Test_Services/VirtualService.yaml Executable file → Normal file
View File

33
ksetup/K/IstioOperator_PublicIngress.yaml
View File

@ -1,33 +0,0 @@
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: public-ingress
labels:
last-update: 2023-07-16
spec:
profile: empty
components:
ingressGateways:
- namespace: istio-system
name: istio-public-ingress
enabled: true
label:
istio: public-ingress
app: istio-public-ingress
k8s:
service:
type: LoadBalancer
loadBalancerIP: 192.168.1.98
# ports:
# - port: 80
# targetPort: 31242
# name: http
#
# - port: 443
# targetPort: 32271
# name: https
#
# - port: 15021
# targetPort: 31546
# name: tcp

236
ksetup/K/testD/README.md
View File

@ -1,236 +0,0 @@
---
gitea: none
include_toc: true
---
# Description
This is the most basic example, most of the examples spread through this [repository](../../) will be using variants of this.
This example configures:
Generic Kubernetes resources:
- 1 Service
- 1 Deployment
Istio resources:
- 1 Gateway
- 1 Virtual Service
> **Note:**\
> I don't intend to explain thing related to Kubernetes unless necessary.
# Configuration
## Service
Creates a service named `helloworld`.
This service listens for the port `80` expecting `HTTP` traffic and will forward the incoming traffic towards the port `80` from the destination pod.
```yaml
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
ports:
- port: 80
name: http
selector:
app: helloworld
```
## Deployment
Deploys a Nginx server that listens for the port `80`.
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-nginx
labels:
app: helloworld
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
template:
metadata:
labels:
app: helloworld
spec:
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent #Always
ports:
- containerPort: 80
```
## Gateway
Deploys an Istio gateway that's listening to the port `80` for `HTTP` traffic.
It doesn't filter for any specific host.
The `selector` field is used to "choose" which Istio Load Balancers will have this gateway assigned to.
The Istio `default` profile creates a Load Balancer in the namespace `istio-system` that has the label `istio: ingressgateway` set, allowing us to target that specific Load Balancer and assign this gateway resource to it.
```yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
```
## VirtualService
The Virtual Service resources are used to route and filter the received traffic from the gateway resources, and route it towards the desired destination.
On this example we select the gateway `helloworld-gateway`, which is the [gateway that 's described in the `Gateway` section](#gateway).
On this resource, we are also not limiting the incoming traffic to any specific host, allowing for all the incoming traffic to go through the rules set.
Here we created a rule that will be applied on `HTTP` related traffic (including `HTTPS` and `HTTP2`) when the destination path is exactly `/helloworld`.
This traffic will be forwarded to the port `80` of the destination service `helloworld` (the full path URL equivalent would be `helloworld.$NAMESPACE.svc.cluster.local`).
Additionally, there will be an internal URL rewrite set, as if the URL is not modified, it would attempt to reach to the `/helloworld` path from the Nginx deployment, which currently has no content and would result in an error code `404` (Not found).
```yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld
port:
number: 80
rewrite:
uri: "/"
```
# Walkthrough
## Deploy resources
Deploy the resources.
```shell
kubectl apply -f ./
```
```text
deployment.apps/helloworld-nginx created
gateway.networking.istio.io/helloworld-gateway created
service/helloworld created
virtualservice.networking.istio.io/helloworld-vs created
```
## Wait for the deployment to be ready
Wait for the Nginx deployment to be up and ready.
```shell
kubectl get deployment helloworld-nginx -w
```
```text
NAME READY UP-TO-DATE AVAILABLE AGE
helloworld-nginx 1/1 1 1 44s
```
## Test the service
### Get LB IP
To perform the desired tests, we will need to obtain the IP Istio Load Balancer that we selected in the [Gateway section](#gateway).
On my environment, the IP is the `192.168.1.50`.
```shell
kubectl get svc -l istio=ingressgateway -A
```
```text
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h
```
### Curl /helloworld
Due to accessing the path `/helloworld`, we are triggering the rule set on the [VirtualService configuration](#virtualservice), sending a request to the Nginx backend and returning us its contents.
```shell
curl 192.168.1.50/helloworld -s | grep "<title>.*</title>"
```
```text
<title>Welcome to nginx!</title>
```
### Curl /other
What happens if we access a path or URL that doesn't trigger any rule?
```shell
curl 192.168.1.50/other -s -I
```
```text
HTTP/1.1 404 Not Found
date: Sun, 30 Apr 2023 22:16:30 GMT
server: istio-envoy
transfer-encoding: chunked
```
We receive a status code `404`.
I would like to put emphasis on the following line returned:
```text
server: istio-envoy
```
This means that the contents returned was performed by the Istio service, therefore, the request was able to reach Istio and received a response from it.
## Cleanup
Finally, a cleanup from the resources deployed.
```shell
kubectl delete -f ./
```
```text
deployment.apps "helloworld-nginx" deleted
gateway.networking.istio.io "helloworld-gateway" deleted
service "helloworld" deleted
virtualservice.networking.istio.io "helloworld-vs" deleted
```

65
ksetup/Terraform/main.tf
View File

@ -1,65 +0,0 @@
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.0.3"
}
kubectl = {
source = "gavinbunney/kubectl"
version = ">= 1.14.0"
}
}
}
#
#module "deployment" {
# source = "terraform-iaac/deployment/kubernetes"
# version = "1.4.3"
# # insert the 2 required variables here
#}
provider "kubernetes" {
config_path = "../Exported/kubeconfig.conf"
}
#provider "kubectl" {
# config_path = "../Exported/kubeconfig.conf"
#}
data "http" "manifestfile" {
url = "https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml"
method = "GET"
}
# https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/annotations
# https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest
#resource "kubectl_manifest" "mymanifest" {
# yaml_body = data.http.manifestfile.response_body
#}
#resource "kubernetes_manifest" "calico" {
# manifest = yamldecode(data.http.manifestfile.response_body)
#}
#output "VMCount" {
# value = yamldecode(file("namespace.yaml"))
## value = file("namespace.yaml")
## value = yamldecode(data.http.manifestfile.response_body)
## value = data.http.manifestfile.response_body
#}
resource "kubectl_manifest" "my_service" {
yaml_body = file("namespace.yaml")
# yaml_body = data.http.manifestfile.response_body
}
#
#resource "kubernetes_deployment" "nginx" {
# source = "https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml"
#}
#
#resource "kubernetes_namespace" "example" {
# metadata {
# name = "testing"
# }
#}