ofilter/Istio_Examples
1
0
Fork 0
Code Issues 26 Pull Requests Packages Projects 1 Releases Wiki Activity

backup, need to fill READMEs

Browse Source
This commit is contained in:
Oriol 2023-04-11 17:12:43 +01:00
parent a924d8ba91
commit 233c855fc1
41 changed files with 1515 additions and 348 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Istio/cert-manager/README.md Normal file
View File

@ -0,0 +1,5 @@
https://istio.io/latest/docs/tasks/security/cert-management/
https://istio.io/latest/docs/ops/integrations/certmanager/
https://medium.com/@rd.petrusek/kubernetes-istio-cert-manager-and-lets-encrypt-c3e0822a3aaf

15
Istio/ingress.yaml
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: istio-ingress
labels:
istio: ingress
spec:
type: LoadBalancer
ports:
- port: 80
name: http
- port: 443
name: https
selector:
istio: ingress

11
Istio/istio-classic/README.md Normal file
View File

@ -0,0 +1,11 @@
Multiple Ingress
https://youtu.be/QIkryA8HnQ0
https://github.com/redkubes/otomi-core/blob/main/charts/team-ns/templates/istio-gateway.yaml
https://istio.io/latest/docs/ops/diagnostic-tools/proxy-cmd/

65
Istio/istio-classic/ingress.yaml Normal file
View File

@ -0,0 +1,65 @@
apiVersion: v1
kind: Service
metadata:
name: istio-lb
namespace: istio-system
labels:
istio: istio-ingress
spec:
type: LoadBalancer
ports:
- port: 80
name: http
- port: 443
name: https
selector:
istio: istio-ingress
---
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: my-istio-operator
spec:
# profile: default
profile: empty
components:
ingressGateways:
- name: istio-ingress
enabled: true
label:
istio: my-istio-ingress
---
#apiVersion: install.istio.io/v1alpha1
#kind: IstioOperator
#spec:
# components:
# ingressGateways:
# - name: istio-ingress
# enabled: true
## - name: istio-ingressgateway-staging
# namespace: staging
# enabled: true
---
#apiVersion: install.istio.io/v1alpha1
#kind: IstioOperator
#metadata:
# namespace: istio-system
# name: istio-operator
#spec:
# profile: default
# components:
# ingressGateways:
# - name: istio-ingress
# enabled: true
# - namespace: default
# name: istio-ingressgateway-private
# enabled: true
# k8s:
# serviceAnnotations:
# service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: "private"
# values:
# gateways:
# istio-ingressgateway:
# sds:
# enabled: true

4
Istio/istio-classic/monitoring/tmp.yaml Normal file
View File

@ -0,0 +1,4 @@
#kiali
#istio-system

15
Istio/simple/hello_world_1_service_1_deployment/README.md → Istio/istio-classic/simple/01-hello_world_1_service_1_deployment/README.md
View File

@ -1,5 +1,7 @@
##### https://github.com/istio/istio/tree/master/samples/helloworld
### Base simple template
# Simple Hello World
- 1 Service
@ -11,10 +13,6 @@ https://istio.io/latest/docs/reference/config/networking/destination-rule/#Traff
https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings
Relies in automatic sidecar injection.
> Contains service account configurations, yet they are commented as not "necessary".
@ -57,10 +55,19 @@ hosts: "*"
###### Configuration
```yaml
hosts: "*"
uri: "/helloworld"
rewrite:
uri: "/"
```
- Allows the traffic from that have any domain.
- Only allows traffic that has as a destination the directory/path `/helloworld`.
- `rewrite.uri` allows to redirect the traffic towards the root directory of the service, as the service(s) used don't have any directory named `helloworld` but are configured to work at the root base level.
# Run example

0
Istio/simple/hello_world_1_service_1_deployment/deployment.yaml → Istio/istio-classic/simple/01-hello_world_1_service_1_deployment/deployment.yaml
View File

0
Istio/simple/hello_world_1_service_1_deployment/gateway.yaml → Istio/istio-classic/simple/01-hello_world_1_service_1_deployment/gateway.yaml
View File

142
Istio/istio-classic/simple/02-hello_world_1_service_2_deployments_unmanaged/README.md Normal file
View File

@ -0,0 +1,142 @@
##### https://github.com/istio/istio/tree/master/samples/helloworld
# Simple Hello World
- 1 Service
- 2 Versions
Iterates between the versions without any specific policy. (actually doesn't use the version for anything)
By default uses `Round Robin`
https://istio.io/latest/docs/concepts/traffic-management/#load-balancing-options
> Contains service account configurations, yet they are commented as not "necessary".
# Changes
## File
- deployment.yaml
- gateway.yaml
> Files used maintains from the last version
## deployment.yaml
### Creates
#### Service
- helloworld
> Service used maintains from the last version
#### Deployments
- helloworld-v1 (Nginx)
- helloworld-v2 (Apache)
> Renamed the old deployment from `helloworld-nginx` to `helloworld-v1`.\
> Created a secondary deployment using apache named `helloworld-v2`.
## gateway.yaml
### Creates
#### Gateway
##### helloworld-gateway
###### Configuration
```yml
port: 80
istio-ingress: ingressgateway
hosts: "*"
```
#### VirtualService
##### helloworld-vs
###### Configuration
```yaml
hosts: "*"
uri: "/helloworld"
```
# Run example
## Deploy resources
```shell
$ kubectl apply -f ./
service/helloworld created
deployment.apps/helloworld-v1 created
deployment.apps/helloworld-v2 created
deployment.apps/helloworld-v2 unchanged
gateway.networking.istio.io/helloworld-gateway created
virtualservice.networking.istio.io/helloworld-vs created
```
## Wait for the pods to be ready
(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment)
```shell
$ kubectl get deployment helloworld-v{1..2} -w
NAME READY UP-TO-DATE AVAILABLE AGE
helloworld-v1 1/1 1 1 4m1s
helloworld-v2 1/1 1 1 4m1s
```
## Test the service
### Get LB IP
```shell
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h
```
### Curl
Iterates randomly between Nginx and Apache
```shell
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
```

0
Istio/simple/hello_world_1_service_2_deployments_unmanaged/deployment.yaml → Istio/istio-classic/simple/02-hello_world_1_service_2_deployments_unmanaged/deployment.yaml
View File

0
Istio/simple/hello_world_1_service_2_deployments_unmanaged/gateway.yaml → Istio/istio-classic/simple/02-hello_world_1_service_2_deployments_unmanaged/gateway.yaml
View File

261
Istio/istio-classic/simple/03-hello_world_1_service_2_deployments_managed_version/README.md Normal file
View File

@ -0,0 +1,261 @@
##### https://github.com/istio/istio/tree/master/samples/helloworld
https://istio.io/latest/blog/2017/0.1-canary/
# Continues from
- 01-hello_world_1_service_1_deployment
# Simple Hello World
- 1 Service
- 2 Versions
Iterates between the versions without any specific policy. (actually doesn't use the version for anything)
> Contains service account configurations, yet they are commented as not "necessary".
## Quick note
On this version I have "started" to use the full service name instead of the shorten version, aka:
```yaml
route:
- destination:
host: helloworld
```
Will be:
```yaml
route:
- destination:
host: helloworld.default.svc.cluster.local
```
It's overall a good practice to have, so not much of a reason to not do it.
https://istio.io/latest/docs/reference/config/networking/destination-rule/#DestinationRule
# Changes
## File
- deployment.yaml
- gateway.yaml
> Files used maintains from the last version
## deployment.yaml
### Creates
#### Service
- helloworld
> Service used maintains from the last version
#### Deployments
- helloworld-v1 (Nginx)
- helloworld-v2 (Apache)
> Renamed the old deployment from `helloworld-nginx` to `helloworld-v1`.\
> Created a secondary deployment using apache named `helloworld-v2`.
## gateway.yaml
#### VirtualService
##### helloworld-vs
###### Configuration
```yaml
...
http:
- match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld.default.svc.cluster.local
port:
number: 80
subset: v1
weight: 20
- destination:
host: helloworld.default.svc.cluster.local
port:
number: 80
subset: v2
weight: 80
...
```
> Distributed the traffic between 2 versions (`subsets`), setting a `25%` to the subset `v1` and a `75%` to the subset `v2`.
> As previously mentioned, the section `http.route.host` points to `helloworld.default.svc.cluster.local`, which is the service we created, on the `default` namespace.
#### Destination Rule
###### Declaration configuration
```yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: helloworld.default.svc.cluster.local # Destination that will "interject"
```
> Here we need to put the `path/destination/service` that we want this rule to interject and manage.
###### Traffic Configuration
```yaml
host: helloworld.default.svc.cluster.local
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
```
> On the `Destination Rule` declared the subsets. Each subset has different labels. This will be used to select the deployments within the destination service.
# Run example
## Deploy resources
```shell
$ kubectl apply -f ./
service/helloworld created
deployment.apps/helloworld-v1 created
deployment.apps/helloworld-v2 created
gateway.networking.istio.io/helloworld-gateway created
virtualservice.networking.istio.io/helloworld-vs created
destinationrule.networking.istio.io/helloworld-destinationrule created
```
## Wait for the pods to be ready
(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment)
```shell
$ kubectl get deployment helloworld-v{1..2} -w
NAME READY UP-TO-DATE AVAILABLE AGE
helloworld-v1 1/1 1 1 4m1s
helloworld-v2 1/1 1 1 4m1s
```
## Test the service
### Get LB IP
```shell
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h
```
### Curl
Iterates between Nginx and Apache. Somwhat close to the ratio configured.
> Nginx instances (v1): 2 \
> Apache instances (v2): 9
```shell
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<h1>Welcome to nginx!</h1>
```
## Check istio configs
```sh
$ istioctl x describe pod `kubectl get pod -l app=helloworld,version=v1 -o jsonpath='{.items[0].metadata.name}'`
Pod: helloworld-v1-7454b56b86-4cksf
Pod Revision: default
Pod Ports: 80 (helloworld), 15090 (istio-proxy)
--------------------
Service: helloworld
Port: http 80/HTTP targets pod port 80
DestinationRule: helloworld for "helloworld.default.svc.cluster.local"
Matching subsets: v1
(Non-matching subsets v2)
No Traffic Policy
--------------------
Effective PeerAuthentication:
Workload mTLS mode: PERMISSIVE
Exposed on Ingress Gateway http://192.168.1.50
VirtualService: helloworld-vs
Weight 20%
/helloworld
```
```shell
$ istioctl x describe pod `kubectl get pod -l app=helloworld,version=v2 -o jsonpath='{.items[0].metadata.name
Pod: helloworld-v2-64b5656d99-5bwgr
Pod Revision: default
Pod Ports: 80 (helloworld), 15090 (istio-proxy)
--------------------
Service: helloworld
Port: http 80/HTTP targets pod port 80
DestinationRule: helloworld for "helloworld.default.svc.cluster.local"
Matching subsets: v2
(Non-matching subsets v1)
No Traffic Policy
--------------------
Effective PeerAuthentication:
Workload mTLS mode: PERMISSIVE
Exposed on Ingress Gateway http://192.168.1.50
VirtualService: helloworld-vs
Weight 80%
/helloworld
```

0
Istio/simple/hello_world_1_service_2_deployments_managed_version/deployment.yaml → Istio/istio-classic/simple/03-hello_world_1_service_2_deployments_managed_version/deployment.yaml
View File

3
Istio/simple/hello_world_1_service_2_deployments_managed_version/gateway.yaml → Istio/istio-classic/simple/03-hello_world_1_service_2_deployments_managed_version/gateway.yaml
View File

@ -48,7 +48,8 @@ spec:
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: helloworld
# name: helloworld
name: helloworld.default.svc.cluster.local # Destination that will "interject"
spec:
# host: helloworld # destination service
host: helloworld.default.svc.cluster.local # Full destination service, lil better for consistency

8
Istio/istio-classic/simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/01-namespace.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: defaultnt
labels:
istio-injection: "false"
# istio-injection: "enabled"
---

123
Istio/istio-classic/simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/README.md Normal file
View File

@ -0,0 +1,123 @@
##### https://github.com/istio/istio/tree/master/samples/helloworld
https://istio.io/latest/blog/2017/0.1-canary/
# Simple Hello World
- 1 Service
- 2 Versions
Iterates between the versions without any specific policy. (actually doesn't use the version for anything)
I think that by default uses `RANDOM`.
https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy
https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings
Manually allows the sidecar injection through the label in the pod
https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy
## Files
- deployment.yaml
- gateway.yaml
## deployment.yaml
### Creates
#### Service
- helloworld
#### Deployments
- helloworld-v1 (Nginx)
- helloworld-v2 (Apache)
## gateway.yaml
### Creates
#### Gateway
##### helloworld-gateway
###### Configuration
```yml
port: 80
istio-ingress: ingressgateway
hosts: "*"
```
#### VirtualService
##### helloworld-vs
###### Configuration
```yaml
hosts: "*"
uri: "/helloworld"
versions:
v1:
weight: "50%"
v2:
weight: "50%"
```
#### Destination Rule
###### Configuration
```yaml
host: helloworld.defaultnt.svc.cluster.local # Full destination service, lil better for consistency
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
```
# Run example
## Deploy resources
```shell
$
```
## Wait for the pods to be ready
(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment)
```shell
```
## Test the service
### Get LB IP
```shell
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h
```
### Curl
```shell
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<html><body><h1>It works!</h1></body></html>
```

86
Istio/istio-classic/simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/deployment.yaml Normal file
View File

@ -0,0 +1,86 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
---
apiVersion: v1
kind: Service
metadata:
name: helloworld
namespace: defaultnt
labels:
app: helloworldll
service: helloworld
sidecar.istio.io/inject: "false"
spec:
ports:
- port: 80
name: http
selector:
app: helloworld
---
#apiVersion: v1
#kind: ServiceAccount
#metadata:
# name: istio-helloworld
# labels:
# account:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v1
namespace: defaultnt
labels:
app: helloworld
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
version: v1
template:
metadata:
labels:
app: helloworld
version: v1
spec:
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v2
namespace: defaultnt
labels:
app: helloworld
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
version: v2
template:
metadata:
labels:
app: helloworld
version: v2
spec:
containers:
- name: helloworld
image: httpd
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---

61
Istio/istio-classic/simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/gateway.yaml Normal file
View File

@ -0,0 +1,61 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
namespace: defaultnt
spec:
selector:
istio: istio-ingress # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld-vs
namespace: defaultnt
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld.defaultnt.svc.cluster.local
port:
number: 80
subset: v1
weight: 50
- destination:
host: helloworld.defaultnt.svc.cluster.local
port:
number: 80
subset: v2
weight: 50
rewrite:
uri: "/"
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: helloworld
namespace: defaultnt
spec:
host: helloworld.defaultnt.svc.cluster.local # Full destination service, lil better for consistency
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2

10
Istio/istio-classic/simple/05-hello_world_1_Service_Entry/README.md Normal file
View File

@ -0,0 +1,10 @@
# Continues from
- 01-hello_world_1_service_1_deployment
https://github.com/istio/istio/issues/29463
Funny example I guess.

57
Istio/istio-classic/simple/05-hello_world_1_Service_Entry/deployment.yaml Normal file
View File

@ -0,0 +1,57 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
ports:
- port: 80
name: http
selector:
app: helloworld
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-nginx
labels:
app: helloworld
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
template:
metadata:
labels:
app: helloworld
spec:
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent #Always
ports:
- containerPort: 80
---
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: external-svc
spec:
hosts:
- help.websiteos.com
# /websiteos/example_of_a_simple_html_page.htm
# - http://help.websiteos.com/websiteos/example_of_a_simple_html_page.htm
ports:
- number: 80
name: http
protocol: HTTP
resolution: DNS
location: MESH_EXTERNAL
---

52
Istio/istio-classic/simple/05-hello_world_1_Service_Entry/gateway.yaml Normal file
View File

@ -0,0 +1,52 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld
port:
number: 80
rewrite:
uri: "/"
- timeout: 3s
match:
- uri:
- exact: "/external"
route:
- destination:
host: help.websiteos.com
port:
number: 80
rewrite:
uri: "/websiteos/example_of_a_simple_html_page.htm"
headers:
request:
set:
HOST: "help.websiteos.com"

19
Istio/istio-classic/simple/README.md Normal file
View File

@ -0,0 +1,19 @@
# Simple examples
# Traffic path
## Istio Ingress Controller ---> Gateway -> Virtual Service (-> Destination Route) -> Ingress -> Deployment
# Examples
## 01-hello_world_1_service_1_deployment
## 02-hello_world_1_service_2_deployments_unmanaged
## 03-hello_world_1_service_2_deployments_managed_version
## 04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace

11
Istio/istio-classic/traffic_management/01-2_deployments_method/README.md Normal file
View File

@ -0,0 +1,11 @@
##### https://github.com/istio/istio/tree/master/samples/helloworld
https://istio.io/latest/blog/2017/0.1-canary/
# Note, VirtualService match rule order MATTERS
Leave the "default/wildcard" rule at the bottom
# Continues from
- 03-hello_world_1_service_1_deployment

102
Istio/istio-classic/traffic_management/01-2_deployments_method/deployment.yaml Normal file
View File

@ -0,0 +1,102 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
ports:
- port: 80
name: http
selector:
app: helloworld
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v0
labels:
app: helloworld
version: v0
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
version: v0
template:
metadata:
labels:
app: helloworld
version: v0
spec:
containers:
- name: helloworld
image: containous/whoami
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v1
labels:
app: helloworld
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
version: v1
template:
metadata:
labels:
app: helloworld
version: v1
spec:
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v2
labels:
app: helloworld
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
version: v2
template:
metadata:
labels:
app: helloworld
version: v2
spec:
containers:
- name: helloworld
image: httpd
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---

85
Istio/istio-classic/traffic_management/01-2_deployments_method/gateway.yaml Normal file
View File

@ -0,0 +1,85 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- name: firefox
match:
- uri:
exact: /helloworld
headers:
user-agent:
regex: '.*Firefox.*'
route:
- destination:
host: helloworld.default.svc.cluster.local
port:
number: 80
subset: nginx
rewrite:
uri: "/"
- name: curl
match:
- headers:
user-agent:
regex: '.*curl.*'
uri:
exact: /helloworld
route:
- destination:
host: helloworld.default.svc.cluster.local
port:
number: 80
subset: apache
rewrite:
uri: "/"
- name: default
match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld.default.svc.cluster.local
port:
number: 80
subset: default
rewrite:
uri: "/"
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: helloworld.default.svc.cluster.local # Destination that will "interject"
spec:
host: helloworld.default.svc.cluster.local # Full destination service, lil better for consistency
subsets:
- name: default
labels:
version: v0
- name: nginx
labels:
version: v1
- name: apache
labels:
version: v2

7
Istio/istio-classic/traffic_management/02-DirectResponse-HTTP-Body/README.md Normal file
View File

@ -0,0 +1,7 @@
https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPDirectResponse
https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPBody
# Continues from
- 01-hello_world_1_service_1_deployment

40
Istio/istio-classic/traffic_management/02-DirectResponse-HTTP-Body/deployment.yaml Normal file
View File

@ -0,0 +1,40 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
ports:
- port: 80
name: http
selector:
app: helloworld
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-nginx
labels:
app: helloworld
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
template:
metadata:
labels:
app: helloworld
spec:
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent #Always
ports:
- containerPort: 80

46
Istio/istio-classic/traffic_management/02-DirectResponse-HTTP-Body/gateway.yaml Normal file
View File

@ -0,0 +1,46 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- name: helloworld
match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld
port:
number: 80
rewrite:
uri: "/"
- name: default
directResponse:
status: 404
body:
string: "Page Not Found"
headers:
response:
set:
content-type: "text/plain"

50
Istio/istio-classic/traffic_management/03-HTTPRewrite/README.md Normal file
View File

@ -0,0 +1,50 @@
# Continues from
- 01-hello_world_1_service_1_deployment
# There were no changes respective to that version
Through rewriting the URI we can point to the root directory from nginx.
```yaml
rewrite:
uri: "/"
```
## Practical usages:
If we refactor our application, and for example we previously where hosting an API to the URL `/apiV1` and now it's being hosted in `/api/V1`, we can do the following rule:
```yaml
- match:
- uri:
exact: /apiV1
route:
- destination:
host: mynewapi # the service destination/target
port:
number: 80 # whatever port it is
rewrite:
uri: "/api/V1"
```
Or if we "upgraded" the API, and the new API (v2) is retro-compatible with the old API (v1), we could do the following to force all the usages from the old API to be handled by the newer version:
```yaml
- match:
- uri:
exact: /api/V1
route:
- destination:
host: mynewapi # the service destination/target
port:
number: 80 # whatever port it is
rewrite:
uri: "/api/V2"
```

40
Istio/istio-classic/traffic_management/03-HTTPRewrite/deployment.yaml Normal file
View File

@ -0,0 +1,40 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
ports:
- port: 80
name: http
selector:
app: helloworld
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-nginx
labels:
app: helloworld
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
template:
metadata:
labels:
app: helloworld
spec:
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent #Always
ports:
- containerPort: 80

36
Istio/istio-classic/traffic_management/03-HTTPRewrite/gateway.yaml Normal file
View File

@ -0,0 +1,36 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld.default.svc.cluster.local
port:
number: 80
rewrite:
uri: "/"

7
Istio/istio-classic/traffic_management/05a-FaultInjection-delay/README.md Normal file
View File

@ -0,0 +1,7 @@
# Continues from
- 01-hello_world_1_service_1_deployment
https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPFaultInjection-Delay

40
Istio/istio-classic/traffic_management/05a-FaultInjection-delay/deployment.yaml Normal file
View File

@ -0,0 +1,40 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
ports:
- port: 80
name: http
selector:
app: helloworld
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-nginx
labels:
app: helloworld
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
template:
metadata:
labels:
app: helloworld
spec:
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent #Always
ports:
- containerPort: 80

41
Istio/istio-classic/traffic_management/05a-FaultInjection-delay/gateway.yaml Normal file
View File

@ -0,0 +1,41 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld
port:
number: 80
rewrite:
uri: "/"
fault:
delay:
percentage:
value: 90
fixedDelay: 10s

11
Istio/istio-classic/traffic_management/05b-FaultInjection-abort/README.md Normal file
View File

@ -0,0 +1,11 @@
# Continues from
- 05a-FaultInjection-delay
https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPFaultInjection-Abort
curl 192.168.1.50/helloworld -I

40
Istio/istio-classic/traffic_management/05b-FaultInjection-abort/deployment.yaml Normal file
View File

@ -0,0 +1,40 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
ports:
- port: 80
name: http
selector:
app: helloworld
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-nginx
labels:
app: helloworld
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
template:
metadata:
labels:
app: helloworld
spec:
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent #Always
ports:
- containerPort: 80

41
Istio/istio-classic/traffic_management/05b-FaultInjection-abort/gateway.yaml Normal file
View File

@ -0,0 +1,41 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld
port:
number: 80
rewrite:
uri: "/"
fault:
abort:
percentage:
value: 90
httpStatus: 503

6
Istio/simple/README.md
View File

@ -1,6 +0,0 @@
# Simple examples
# Traffic path
## Istio Ingress Controller ---> Gateway -> Virtual Service (-> Destination Route) -> Ingress -> Deployment

182
Istio/simple/hello_world_1_service_2_deployments_managed_version/README.md
View File

@ -1,182 +0,0 @@
##### https://github.com/istio/istio/tree/master/samples/helloworld
https://istio.io/latest/blog/2017/0.1-canary/
# Simple Hello World
- 1 Service
- 2 Versions
Iterates between the versions without any specific policy. (actually doesn't use the version for anything)
I think that by default uses `RANDOM`.
https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy
https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings
Relies in automatic sidecar injection.
> Contains service account configurations, yet they are commented as not "necessary".
## Quick note
On this version I have "started" to use the full service name instead of the shorten version, aka:
```yaml
route:
- destination:
host: helloworld
```
Will be:
```yaml
route:
- destination:
host: helloworld.default.svc.cluster.local
```
It's overall a good practice to have, so not much of a reason to not do it.
https://istio.io/latest/docs/reference/config/networking/destination-rule/#DestinationRule
## Files
- deployment.yaml
- gateway.yaml
## deployment.yaml
### Creates
#### Service
- helloworld
#### Deployments
- helloworld-v1 (Nginx)
- helloworld-v2 (Apache)
## gateway.yaml
### Creates
#### Gateway
##### helloworld-gateway
###### Configuration
```yml
port: 80
istio-ingress: ingressgateway
hosts: "*"
```
#### VirtualService
##### helloworld-vs
###### Configuration
```yaml
hosts: "*"
uri: "/helloworld"
versions:
v1:
weight: "25%"
v2:
weight: "75%"
```
#### Destination Rule
###### Configuration
```yaml
```
# Run example
## Deploy resources
```shell
$ kubectl apply -f ./
service/helloworld created
deployment.apps/helloworld-v1 created
deployment.apps/helloworld-v2 created
gateway.networking.istio.io/helloworld-gateway created
virtualservice.networking.istio.io/helloworld-vs created
destinationrule.networking.istio.io/helloworld-destinationrule created
```
## Wait for the pods to be ready
(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment)
```shell
$ kubectl get deployment helloworld-v{1..2} -w  ✔  kubernetes-admin@kubernetes
NAME READY UP-TO-DATE AVAILABLE AGE
helloworld-v1 1/1 1 1 4m1s
helloworld-v2 1/1 1 1 4m1s
```
## Test the service
### Get LB IP
```shell
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h
```
### Curl
Iterates between Nginx and Apache. Somwhat close to the ratio configured.
> Nginx instances (v1): 2 \
> Apache instances (v2): 9
```shell
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
<h1>Welcome to nginx!</h1>
```

139
Istio/simple/hello_world_1_service_2_deployments_unmanaged/README.md
View File

@ -1,139 +0,0 @@
##### https://github.com/istio/istio/tree/master/samples/helloworld
# Simple Hello World
- 1 Service
- 2 Versions
Iterates between the versions without any specific policy. (actually doesn't use the version for anything)
I think that by default uses `RANDOM`.
https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy
https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings
Relies in automatic sidecar injection.
> Contains service account configurations, yet they are commented as not "necessary".
## Files
- deployment.yaml
- gateway.yaml
## deployment.yaml
### Creates
#### Service
- helloworld
#### Deployments
- helloworld-v1 (Nginx)
- helloworld-v2 (Apache)
## gateway.yaml
### Creates
#### Gateway
##### helloworld-gateway
###### Configuration
```yml
port: 80
istio-ingress: ingressgateway
hosts: "*"
```
#### VirtualService
##### helloworld-vs
###### Configuration
```yaml
hosts: "*"
uri: "/helloworld"
```
# Run example
## Deploy resources
```shell
$ kubectl apply -f ./
service/helloworld created
deployment.apps/helloworld-v1 created
deployment.apps/helloworld-v2 created
deployment.apps/helloworld-v2 unchanged
gateway.networking.istio.io/helloworld-gateway created
virtualservice.networking.istio.io/helloworld-vs created
```
## Wait for the pods to be ready
(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment)
```shell
$ kubectl get deployment helloworld-v{1..2} -w  ✔  kubernetes-admin@kubernetes
NAME READY UP-TO-DATE AVAILABLE AGE
helloworld-v1 1/1 1 1 4m1s
helloworld-v2 1/1 1 1 4m1s
```
## Test the service
### Get LB IP
```shell
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h
```
### Curl
Iterates randomly between Nginx and Apache
```shell
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<h1>Welcome to nginx!</h1>
$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"  ✔
<html><body><h1>It works!</h1></body></html>
```

2
README.md
View File

@ -1,3 +1,3 @@
# Surely only the following folders work / have any meaningful information
- [Istio](/Istio)
- [Istio](./Istio)