diff --git a/ksetup/K/IstioOperator_IstioConfig.yaml b/PostInstall_Example_Config_Files/IstioOperator_Config.yaml similarity index 67% rename from ksetup/K/IstioOperator_IstioConfig.yaml rename to PostInstall_Example_Config_Files/IstioOperator_Config.yaml index efff6dc..976cd10 100644 --- a/ksetup/K/IstioOperator_IstioConfig.yaml +++ b/PostInstall_Example_Config_Files/IstioOperator_Config.yaml @@ -4,11 +4,11 @@ metadata: namespace: istio-system name: istio-config labels: - last-update: 2023-07-16 + last-update: 2023-07-30 spec: profile: minimal meshConfig: accessLogFile: /dev/stdout enableTracing: true - ingressService: istio-public-ingress - ingressSelector: public-ingress \ No newline at end of file + ingressService: istio-ingressgateway + ingressSelector: ingressgateway \ No newline at end of file diff --git a/PostInstall_Example_Config_Files/IstioOperator_Ingress.yaml b/PostInstall_Example_Config_Files/IstioOperator_Ingress.yaml new file mode 100644 index 0000000..4409bb4 --- /dev/null +++ b/PostInstall_Example_Config_Files/IstioOperator_Ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +metadata: + namespace: istio-system + name: ingress-gateway + labels: + last-update: 2023-07-30 +spec: + profile: empty + components: + ingressGateways: + - namespace: istio-system + name: istio-ingressgateway + enabled: true + label: + istio: ingressgateway + app: istio-ingressgateway + k8s: + service: + type: LoadBalancer +# loadBalancerIP: 192.168.1.73 \ No newline at end of file diff --git a/ksetup/K/ipRange.yaml b/PostInstall_Example_Config_Files/MetalLB.yaml similarity index 59% rename from ksetup/K/ipRange.yaml rename to PostInstall_Example_Config_Files/MetalLB.yaml index 7a510b2..190fc2d 100644 --- a/ksetup/K/ipRange.yaml +++ b/PostInstall_Example_Config_Files/MetalLB.yaml @@ -2,11 +2,12 @@ apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: - name: cheap + name: pool1-group namespace: metallb-system spec: addresses: - - 192.168.1.0/24 + - 192.168.1.72/30 +# - 192.168.1.72-192.168.1.75 --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement @@ -15,13 +16,4 @@ metadata: namespace: metallb-system spec: ipAddressPools: - - cheap ---- -#apiVersion: metallb.io/v1beta1 -#kind: IPAddressPool -#metadata: -# name: production -# namespace: metallb-system -#spec: -# addresses: -# - 192.168.1.30-192.168.1.50 + - pool1-group diff --git a/PostInstall_Example_Config_Files/README.md b/PostInstall_Example_Config_Files/README.md new file mode 100644 index 0000000..bcf6489 --- /dev/null +++ b/PostInstall_Example_Config_Files/README.md @@ -0,0 +1,181 @@ +# POST installation example services. + +## Disclaimer + +### This assumes all the pods have managed to run correctly. + +```shell +kubectl get pods --kubeconfig ksetup/Exported/kubeconfig.conf -A +``` + +```text +NAMESPACE NAME READY STATUS RESTARTS AGE +default helloworld-nginx-76cbfb674f-xn9hj 1/1 Running 2 (4h53m ago) 7h58m +kube-system calico-kube-controllers-85578c44bf-gdpdm 1/1 Running 2 (4h53m ago) 9h +kube-system calico-node-fpjd2 1/1 Running 2 (4h53m ago) 9h +kube-system coredns-5d78c9869d-pjpmz 1/1 Running 2 (4h53m ago) 9h +kube-system coredns-5d78c9869d-sj9bh 1/1 Running 2 (4h53m ago) 9h +kube-system etcd-pi4.filter.home 1/1 Running 3 (4h53m ago) 9h +kube-system kube-apiserver-pi4.filter.home 1/1 Running 3 (4h53m ago) 9h +kube-system kube-controller-manager-pi4.filter.home 1/1 Running 3 (4h53m ago) 9h +kube-system kube-proxy-9md6w 1/1 Running 2 (4h53m ago) 9h +kube-system kube-scheduler-pi4.filter.home 1/1 Running 3 (4h53m ago) 9h +metallb-system controller-595f88d88f-vx6vx 1/1 Running 3 (4h53m ago) 7h27m +metallb-system speaker-qls8v 1/1 Running 4 (40m ago) 7h27m +``` + + +## Deployment + +### Istio + +#### Config + +```shell +istioctl install --kubeconfig ksetup/Exported/kubeconfig.conf -f PostInstall_Example_Config_Files/IstioOperator_Config.yaml +``` + +
+This will install the Istio 1.18.2 minimal profile with ["Istio core" "Istiod"] components into the cluster. Proceed? (y/N) y
+ Istio core installed                                                                                                                                                                                                                    
+ Istiod installed                                                                                                                                                                                                                        
+ Installation complete
+Making this installation the default for injection and validation.
+
+ +#### Ingress + +```shell +istioctl install --kubeconfig ksetup/Exported/kubeconfig.conf -f PostInstall_Example_Config_Files/IstioOperator_Ingress.yaml +``` + +
+This will install the Istio 1.18.2 empty profile into the cluster. Proceed? (y/N) y
+ Ingress gateways installed                                                                                                                                                                                                              
+ Installation complete
+
+ +#### Check status + +We can see that the Load Balancer we deployed, the `External-IP` field is set to "pending". That's expected, since we have no service providing an IP for us. + +```shell +kubectl get svc --kubeconfig ksetup/Exported/kubeconfig.conf -A +``` + +
+NAMESPACE        NAME                   TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                                      AGE
+default          helloworld             ClusterIP      10.107.193.163   <none>        80/TCP                                       8h
+default          kubernetes             ClusterIP      10.96.0.1        <none>        443/TCP                                      9h
+istio-system     istio-ingressgateway   LoadBalancer   10.96.74.132     <pending>     15021:31543/TCP,80:31989/TCP,443:31913/TCP   64s
+istio-system     istiod                 ClusterIP      10.108.199.210   <none>        15010/TCP,15012/TCP,443/TCP,15014/TCP        79s
+kube-system      kube-dns               ClusterIP      10.96.0.10       <none>        53/UDP,53/TCP,9153/TCP                       9h
+metallb-system   webhook-service        ClusterIP      10.100.237.6     <none>        443/TCP                                      7h42m
+
+ + + +## MetalLB + +Let's work on our way to provide an IP for the that are on "pending" status. + +### Deploy + +```shell +kubectl create --kubeconfig ksetup/Exported/kubeconfig.conf -f PostInstall_Example_Config_Files/MetalLB.yaml +``` + +```text +ipaddresspool.metallb.io/pool1-group created +l2advertisement.metallb.io/pool1-advert created +``` + +### What did we deploy? + +#### pool1-group + +States a range/group of IP addresses to use for our services. + +- `192.168.1.72/30` + +#### pool1-advert + +Advertises the desired IP ranges (in our scenario it's `pool1-group`) to the network, that way resources can reach out to such. + +### Check status + +Now ur services are allowed to have an IP within the "reserved"/configured range. + +```shell +kubectl get svc --kubeconfig ksetup/Exported/kubeconfig.conf -n istio-system istio-ingressgateway +``` + +```text +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +istio-ingressgateway LoadBalancer 10.96.74.132 192.168.1.72 15021:31543/TCP,80:31989/TCP,443:31913/TCP 9m21s +``` + +## Test ingress. + +### HealthCheck + +Healthcheck passes correctly. + +```shell +curl 192.168.1.72:15021/healthz/ready -I +``` + +```text +HTTP/1.1 200 OK +date: Sat, 29 Jul 2023 22:59:49 GMT +x-envoy-upstream-service-time: 0 +server: envoy +transfer-encoding: chunked +``` + +### Deploy mock resources + +```shell +kubectl create --kubeconfig ksetup/Exported/kubeconfig.conf -f PostInstall_Example_Config_Files/Test_Services +``` + +```text +deployment.apps/helloworld-nginx created +gateway.networking.istio.io/helloworld-gateway created +service/helloworld created +virtualservice.networking.istio.io/helloworld-vs created +``` + +### Test mock resources + +We are able to receive response from the Nginx Deployment. + +```shell +curl 192.168.1.72/helloworld +``` + +```text + + + +Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.

+ +

For online documentation and support please refer to +nginx.org.
+Commercial support is available at +nginx.com.

+ +

Thank you for using nginx.

+ + +``` \ No newline at end of file diff --git a/ksetup/K/testD/Deployment.yaml b/PostInstall_Example_Config_Files/Test_Services/Deployment.yaml old mode 100755 new mode 100644 similarity index 100% rename from ksetup/K/testD/Deployment.yaml rename to PostInstall_Example_Config_Files/Test_Services/Deployment.yaml diff --git a/ksetup/K/testD/Gateway.yaml b/PostInstall_Example_Config_Files/Test_Services/Gateway.yaml similarity index 89% rename from ksetup/K/testD/Gateway.yaml rename to PostInstall_Example_Config_Files/Test_Services/Gateway.yaml index 8e13616..7a88507 100644 --- a/ksetup/K/testD/Gateway.yaml +++ b/PostInstall_Example_Config_Files/Test_Services/Gateway.yaml @@ -4,7 +4,7 @@ metadata: name: helloworld-gateway spec: selector: - istio: public-ingress + istio: ingressgateway servers: - port: number: 80 diff --git a/ksetup/K/testD/Service.yaml b/PostInstall_Example_Config_Files/Test_Services/Service.yaml similarity index 100% rename from ksetup/K/testD/Service.yaml rename to PostInstall_Example_Config_Files/Test_Services/Service.yaml diff --git a/ksetup/K/testD/VirtualService.yaml b/PostInstall_Example_Config_Files/Test_Services/VirtualService.yaml old mode 100755 new mode 100644 similarity index 100% rename from ksetup/K/testD/VirtualService.yaml rename to PostInstall_Example_Config_Files/Test_Services/VirtualService.yaml diff --git a/ksetup/K/IstioOperator_PublicIngress.yaml b/ksetup/K/IstioOperator_PublicIngress.yaml deleted file mode 100644 index aa01cb0..0000000 --- a/ksetup/K/IstioOperator_PublicIngress.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -metadata: - namespace: istio-system - name: public-ingress - labels: - last-update: 2023-07-16 -spec: - profile: empty - components: - ingressGateways: - - namespace: istio-system - name: istio-public-ingress - enabled: true - label: - istio: public-ingress - app: istio-public-ingress - k8s: - service: - type: LoadBalancer - loadBalancerIP: 192.168.1.98 -# ports: -# - port: 80 -# targetPort: 31242 -# name: http -# -# - port: 443 -# targetPort: 32271 -# name: https -# -# - port: 15021 -# targetPort: 31546 -# name: tcp \ No newline at end of file diff --git a/ksetup/K/testD/README.md b/ksetup/K/testD/README.md deleted file mode 100755 index 0641ada..0000000 --- a/ksetup/K/testD/README.md +++ /dev/null @@ -1,236 +0,0 @@ ---- -gitea: none -include_toc: true ---- - - -# Description - -This is the most basic example, most of the examples spread through this [repository](../../) will be using variants of this. - -This example configures: - - Generic Kubernetes resources: - - 1 Service - - 1 Deployment - - Istio resources: - - 1 Gateway - - 1 Virtual Service - -> **Note:**\ -> I don't intend to explain thing related to Kubernetes unless necessary. - -# Configuration - -## Service - -Creates a service named `helloworld`. - -This service listens for the port `80` expecting `HTTP` traffic and will forward the incoming traffic towards the port `80` from the destination pod. - -```yaml -apiVersion: v1 -kind: Service -metadata: - name: helloworld - labels: - app: helloworld - service: helloworld -spec: - ports: - - port: 80 - name: http - selector: - app: helloworld -``` - -## Deployment - -Deploys a Nginx server that listens for the port `80`. - -```yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: helloworld-nginx - labels: - app: helloworld -spec: - replicas: 1 - selector: - matchLabels: - app: helloworld - template: - metadata: - labels: - app: helloworld - spec: - containers: - - name: helloworld - image: nginx - resources: - requests: - cpu: "100m" - imagePullPolicy: IfNotPresent #Always - ports: - - containerPort: 80 -``` - -## Gateway - -Deploys an Istio gateway that's listening to the port `80` for `HTTP` traffic. - -It doesn't filter for any specific host. - -The `selector` field is used to "choose" which Istio Load Balancers will have this gateway assigned to. - -The Istio `default` profile creates a Load Balancer in the namespace `istio-system` that has the label `istio: ingressgateway` set, allowing us to target that specific Load Balancer and assign this gateway resource to it. - -```yaml -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: helloworld-gateway -spec: - selector: - istio: ingressgateway - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - "*" -``` - -## VirtualService - -The Virtual Service resources are used to route and filter the received traffic from the gateway resources, and route it towards the desired destination. - -On this example we select the gateway `helloworld-gateway`, which is the [gateway that 's described in the `Gateway` section](#gateway). - -On this resource, we are also not limiting the incoming traffic to any specific host, allowing for all the incoming traffic to go through the rules set. - -Here we created a rule that will be applied on `HTTP` related traffic (including `HTTPS` and `HTTP2`) when the destination path is exactly `/helloworld`. - -This traffic will be forwarded to the port `80` of the destination service `helloworld` (the full path URL equivalent would be `helloworld.$NAMESPACE.svc.cluster.local`). - -Additionally, there will be an internal URL rewrite set, as if the URL is not modified, it would attempt to reach to the `/helloworld` path from the Nginx deployment, which currently has no content and would result in an error code `404` (Not found). - -```yaml -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: helloworld-vs -spec: - hosts: - - "*" - gateways: - - helloworld-gateway - http: - - match: - - uri: - exact: /helloworld - route: - - destination: - host: helloworld - port: - number: 80 - rewrite: - uri: "/" -``` - -# Walkthrough - -## Deploy resources - -Deploy the resources. - -```shell -kubectl apply -f ./ -``` -```text -deployment.apps/helloworld-nginx created -gateway.networking.istio.io/helloworld-gateway created -service/helloworld created -virtualservice.networking.istio.io/helloworld-vs created -``` - -## Wait for the deployment to be ready - -Wait for the Nginx deployment to be up and ready. - -```shell -kubectl get deployment helloworld-nginx -w -``` -```text -NAME READY UP-TO-DATE AVAILABLE AGE -helloworld-nginx 1/1 1 1 44s -``` - -## Test the service - -### Get LB IP - -To perform the desired tests, we will need to obtain the IP Istio Load Balancer that we selected in the [Gateway section](#gateway). - -On my environment, the IP is the `192.168.1.50`. - -```shell -kubectl get svc -l istio=ingressgateway -A -``` -```text -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h -``` - -### Curl /helloworld - -Due to accessing the path `/helloworld`, we are triggering the rule set on the [VirtualService configuration](#virtualservice), sending a request to the Nginx backend and returning us its contents. - -```shell -curl 192.168.1.50/helloworld -s | grep ".*" -``` -```text -Welcome to nginx! -``` - -### Curl /other - -What happens if we access a path or URL that doesn't trigger any rule? - - -```shell -curl 192.168.1.50/other -s -I -``` -```text -HTTP/1.1 404 Not Found -date: Sun, 30 Apr 2023 22:16:30 GMT -server: istio-envoy -transfer-encoding: chunked -``` - -We receive a status code `404`. - -I would like to put emphasis on the following line returned: - -```text -server: istio-envoy -``` - -This means that the contents returned was performed by the Istio service, therefore, the request was able to reach Istio and received a response from it. - -## Cleanup - -Finally, a cleanup from the resources deployed. - -```shell -kubectl delete -f ./ -``` -```text -deployment.apps "helloworld-nginx" deleted -gateway.networking.istio.io "helloworld-gateway" deleted -service "helloworld" deleted -virtualservice.networking.istio.io "helloworld-vs" deleted -``` \ No newline at end of file diff --git a/ksetup/Terraform/main.tf b/ksetup/Terraform/main.tf deleted file mode 100644 index 2627c37..0000000 --- a/ksetup/Terraform/main.tf +++ /dev/null @@ -1,65 +0,0 @@ -terraform { - required_providers { - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.0.3" - } - kubectl = { - source = "gavinbunney/kubectl" - version = ">= 1.14.0" - } - } -} -# -#module "deployment" { -# source = "terraform-iaac/deployment/kubernetes" -# version = "1.4.3" -# # insert the 2 required variables here -#} - -provider "kubernetes" { - config_path = "../Exported/kubeconfig.conf" -} - -#provider "kubectl" { -# config_path = "../Exported/kubeconfig.conf" -#} - -data "http" "manifestfile" { - url = "https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml" - - method = "GET" -} -# https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/annotations -# https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest -#resource "kubectl_manifest" "mymanifest" { -# yaml_body = data.http.manifestfile.response_body -#} - -#resource "kubernetes_manifest" "calico" { -# manifest = yamldecode(data.http.manifestfile.response_body) -#} - -#output "VMCount" { -# value = yamldecode(file("namespace.yaml")) -## value = file("namespace.yaml") -## value = yamldecode(data.http.manifestfile.response_body) -## value = data.http.manifestfile.response_body -#} - -resource "kubectl_manifest" "my_service" { - yaml_body = file("namespace.yaml") -# yaml_body = data.http.manifestfile.response_body -} - -# -#resource "kubernetes_deployment" "nginx" { -# source = "https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml" -#} -# - -#resource "kubernetes_namespace" "example" { -# metadata { -# name = "testing" -# } -#} \ No newline at end of file