Last active
April 5, 2021 15:53
-
-
Save jonnung/d12b5cb4dac6f5909589735fa564db58 to your computer and use it in GitHub Desktop.
MacOS 환경에서 Kind로 설치한 Kubernetes 클러스터에 Istio 설치 및 BookInfo 애플리케이션 실습
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Metallb 설치 후 Loadbalancer 타입의 Service 접근이 가능한 지 테스트하기 위한 샘플 POD와 Service | |
kind: Pod | |
apiVersion: v1 | |
metadata: | |
name: bar-app | |
labels: | |
app: http-echo | |
spec: | |
containers: | |
- name: bar-app | |
image: hashicorp/http-echo:0.2.3 | |
args: | |
- "-text=bar" | |
--- | |
kind: Service | |
apiVersion: v1 | |
metadata: | |
name: foo-service | |
spec: | |
type: LoadBalancer | |
selector: | |
app: http-echo | |
ports: | |
- port: 5678 | |
targetPort: 5678 | |
nodePort: 30003 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: install.istio.io/v1alpha1 | |
kind: IstioOperator | |
meta: | |
name: demo-istio-operator | |
namespace: istio-system | |
spec: | |
meshConfig: | |
accessLogFile: /dev/stdout | |
components: | |
egressGateways: | |
- name: istio-egressgateway | |
enabled: true | |
k8s: | |
resources: | |
requests: | |
cpu: 10m | |
memory: 40Mi | |
ingressGateways: | |
- name: istio-ingressgateway | |
enabled: true | |
k8s: | |
resources: | |
requests: | |
cpu: 10m | |
memory: 40Mi | |
service: | |
ports: | |
## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. | |
# Note that AWS ELB will by default perform health checks on the first port | |
# on this list. Setting this to the health check port will ensure that health | |
# checks always work. https://github.com/istio/istio/issues/12503 | |
- port: 15021 | |
targetPort: 15021 | |
name: status-port | |
nodePort: 30002 | |
- port: 80 | |
targetPort: 8080 | |
name: http2 | |
nodePort: 30000 | |
- port: 443 | |
targetPort: 8443 | |
name: https | |
nodePort: 30001 | |
- port: 31400 | |
targetPort: 31400 | |
name: tcp | |
# This is the port where sni routing happens | |
- port: 15443 | |
targetPort: 15443 | |
name: tls | |
pilot: | |
k8s: | |
env: | |
- name: PILOT_TRACE_SAMPLING | |
value: "100" | |
resources: | |
requests: | |
cpu: 10m | |
memory: 100Mi | |
values: | |
global: | |
proxy: | |
resources: | |
requests: | |
cpu: 10m | |
memory: 40Mi | |
pilot: | |
autoscaleEnabled: false | |
gateways: | |
istio-egressgateway: | |
autoscaleEnabled: false | |
istio-ingressgateway: | |
autoscaleEnabled: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/master/manifests/namespace.yaml | |
kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" | |
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/master/manifests/metallb.yaml | |
sleep 60 | |
kubectl apply -f ./metallb-configmap.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
nodes: | |
- role: control-plane | |
kubeadmConfigPatches: | |
- | | |
kind: InitConfiguration | |
nodeRegistration: | |
kubeletExtraArgs: | |
node-labels: "ingress-ready=true" | |
# Istio `demo` 프로필의 IngressGateway의 포트에 맞춰서 변경한 Extra Port Mapping | |
extraPortMappings: | |
- containerPort: 30000 | |
hostPort: 80 | |
listenAddress: "127.0.0.1" | |
protocol: TCP | |
- containerPort: 30001 | |
hostPort: 443 | |
listenAddress: "127.0.0.1" | |
protocol: TCP | |
- containerPort: 30002 | |
hostPort: 15021 | |
listenAddress: "127.0.0.1" | |
protocol: TCP | |
# 임시 노드포트 | |
- containerPort: 30003 | |
hostPort: 30003 | |
listenAddress: "127.0.0.1" | |
protocol: TCP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
namespace: metallb-system | |
name: config | |
data: | |
config: | | |
address-pools: | |
- name: default | |
protocol: layer2 | |
addresses: | |
- 172.18.255.200-172.18.255.250 | |
# 위 `addresses` 범위는 Docker Network CIDR 값을 확인한 후 결정하면 됨 | |
# `docker network inspect -f '{{.IPAM.Config}}' kind` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment