ofilter/ansible_kubernetes_cluster
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Wrote Post Installation thingies

Browse Source
This commit is contained in:
savagebidoof
2023-07-30 01:02:56 +02:00
parent f58c901017
commit ae6fa536f6
11 changed files with 210 additions and 350 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ksetup/K/IstioOperator_IstioConfig.yaml
View File

@ -1,14 +0,0 @@
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: istio-config
labels:
last-update: 2023-07-16
spec:
profile: minimal
meshConfig:
accessLogFile: /dev/stdout
enableTracing: true
ingressService: istio-public-ingress
ingressSelector: public-ingress

33
ksetup/K/IstioOperator_PublicIngress.yaml
View File

@ -1,33 +0,0 @@
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: public-ingress
labels:
last-update: 2023-07-16
spec:
profile: empty
components:
ingressGateways:
- namespace: istio-system
name: istio-public-ingress
enabled: true
label:
istio: public-ingress
app: istio-public-ingress
k8s:
service:
type: LoadBalancer
loadBalancerIP: 192.168.1.98
# ports:
# - port: 80
# targetPort: 31242
# name: http
#
# - port: 443
# targetPort: 32271
# name: https
#
# - port: 15021
# targetPort: 31546
# name: tcp

27
ksetup/K/ipRange.yaml
View File

@ -1,27 +0,0 @@
## https://computingforgeeks.com/deploy-metallb-load-balancer-on-kubernetes/
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: cheap
namespace: metallb-system
spec:
addresses:
- 192.168.1.0/24
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: pool1-advert
namespace: metallb-system
spec:
ipAddressPools:
- cheap
---
#apiVersion: metallb.io/v1beta1
#kind: IPAddressPool
#metadata:
# name: production
# namespace: metallb-system
#spec:
# addresses:
# - 192.168.1.30-192.168.1.50

25
ksetup/K/testD/Deployment.yaml
View File

@ -1,25 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-nginx
labels:
app: helloworld
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
template:
metadata:
labels:
app: helloworld
spec:
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent #Always
ports:
- containerPort: 80

14
ksetup/K/testD/Gateway.yaml
View File

@ -1,14 +0,0 @@
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
spec:
selector:
istio: public-ingress
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"

236
ksetup/K/testD/README.md
View File

@ -1,236 +0,0 @@
---
gitea: none
include_toc: true
---
# Description
This is the most basic example, most of the examples spread through this [repository](../../) will be using variants of this.
This example configures:
Generic Kubernetes resources:
- 1 Service
- 1 Deployment
Istio resources:
- 1 Gateway
- 1 Virtual Service
> **Note:**\
> I don't intend to explain thing related to Kubernetes unless necessary.
# Configuration
## Service
Creates a service named `helloworld`.
This service listens for the port `80` expecting `HTTP` traffic and will forward the incoming traffic towards the port `80` from the destination pod.
```yaml
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
ports:
- port: 80
name: http
selector:
app: helloworld
```
## Deployment
Deploys a Nginx server that listens for the port `80`.
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-nginx
labels:
app: helloworld
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
template:
metadata:
labels:
app: helloworld
spec:
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent #Always
ports:
- containerPort: 80
```
## Gateway
Deploys an Istio gateway that's listening to the port `80` for `HTTP` traffic.
It doesn't filter for any specific host.
The `selector` field is used to "choose" which Istio Load Balancers will have this gateway assigned to.
The Istio `default` profile creates a Load Balancer in the namespace `istio-system` that has the label `istio: ingressgateway` set, allowing us to target that specific Load Balancer and assign this gateway resource to it.
```yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
```
## VirtualService
The Virtual Service resources are used to route and filter the received traffic from the gateway resources, and route it towards the desired destination.
On this example we select the gateway `helloworld-gateway`, which is the [gateway that 's described in the `Gateway` section](#gateway).
On this resource, we are also not limiting the incoming traffic to any specific host, allowing for all the incoming traffic to go through the rules set.
Here we created a rule that will be applied on `HTTP` related traffic (including `HTTPS` and `HTTP2`) when the destination path is exactly `/helloworld`.
This traffic will be forwarded to the port `80` of the destination service `helloworld` (the full path URL equivalent would be `helloworld.$NAMESPACE.svc.cluster.local`).
Additionally, there will be an internal URL rewrite set, as if the URL is not modified, it would attempt to reach to the `/helloworld` path from the Nginx deployment, which currently has no content and would result in an error code `404` (Not found).
```yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld
port:
number: 80
rewrite:
uri: "/"
```
# Walkthrough
## Deploy resources
Deploy the resources.
```shell
kubectl apply -f ./
```
```text
deployment.apps/helloworld-nginx created
gateway.networking.istio.io/helloworld-gateway created
service/helloworld created
virtualservice.networking.istio.io/helloworld-vs created
```
## Wait for the deployment to be ready
Wait for the Nginx deployment to be up and ready.
```shell
kubectl get deployment helloworld-nginx -w
```
```text
NAME READY UP-TO-DATE AVAILABLE AGE
helloworld-nginx 1/1 1 1 44s
```
## Test the service
### Get LB IP
To perform the desired tests, we will need to obtain the IP Istio Load Balancer that we selected in the [Gateway section](#gateway).
On my environment, the IP is the `192.168.1.50`.
```shell
kubectl get svc -l istio=ingressgateway -A
```
```text
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h
```
### Curl /helloworld
Due to accessing the path `/helloworld`, we are triggering the rule set on the [VirtualService configuration](#virtualservice), sending a request to the Nginx backend and returning us its contents.
```shell
curl 192.168.1.50/helloworld -s | grep "<title>.*</title>"
```
```text
<title>Welcome to nginx!</title>
```
### Curl /other
What happens if we access a path or URL that doesn't trigger any rule?
```shell
curl 192.168.1.50/other -s -I
```
```text
HTTP/1.1 404 Not Found
date: Sun, 30 Apr 2023 22:16:30 GMT
server: istio-envoy
transfer-encoding: chunked
```
We receive a status code `404`.
I would like to put emphasis on the following line returned:
```text
server: istio-envoy
```
This means that the contents returned was performed by the Istio service, therefore, the request was able to reach Istio and received a response from it.
## Cleanup
Finally, a cleanup from the resources deployed.
```shell
kubectl delete -f ./
```
```text
deployment.apps "helloworld-nginx" deleted
gateway.networking.istio.io "helloworld-gateway" deleted
service "helloworld" deleted
virtualservice.networking.istio.io "helloworld-vs" deleted
```

13
ksetup/K/testD/Service.yaml
View File

@ -1,13 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
ports:
- port: 80
name: http
selector:
app: helloworld

20
ksetup/K/testD/VirtualService.yaml
View File

@ -1,20 +0,0 @@
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld
port:
number: 80
rewrite:
uri: "/"

65
ksetup/Terraform/main.tf
View File

@ -1,65 +0,0 @@
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.0.3"
}
kubectl = {
source = "gavinbunney/kubectl"
version = ">= 1.14.0"
}
}
}
#
#module "deployment" {
# source = "terraform-iaac/deployment/kubernetes"
# version = "1.4.3"
# # insert the 2 required variables here
#}
provider "kubernetes" {
config_path = "../Exported/kubeconfig.conf"
}
#provider "kubectl" {
# config_path = "../Exported/kubeconfig.conf"
#}
data "http" "manifestfile" {
url = "https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml"
method = "GET"
}
# https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/annotations
# https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest
#resource "kubectl_manifest" "mymanifest" {
# yaml_body = data.http.manifestfile.response_body
#}
#resource "kubernetes_manifest" "calico" {
# manifest = yamldecode(data.http.manifestfile.response_body)
#}
#output "VMCount" {
# value = yamldecode(file("namespace.yaml"))
## value = file("namespace.yaml")
## value = yamldecode(data.http.manifestfile.response_body)
## value = data.http.manifestfile.response_body
#}
resource "kubectl_manifest" "my_service" {
yaml_body = file("namespace.yaml")
# yaml_body = data.http.manifestfile.response_body
}
#
#resource "kubernetes_deployment" "nginx" {
# source = "https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml"
#}
#
#resource "kubernetes_namespace" "example" {
# metadata {
# name = "testing"
# }
#}