Skip to content

Instantly share code, notes, and snippets.

@alexellis

alexellis/README.md

Last active October 8, 2019 17:18
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save alexellis/a35d8611a5dc4559b9d98225bfff38b1 to your computer and use it in GitHub Desktop.
Save alexellis/a35d8611a5dc4559b9d98225bfff38b1 to your computer and use it in GitHub Desktop.
Download ZIP
Getting started with Istio + OpenFaaS
Raw
README.md

Deploy Istio on GKE

Set up 1-3 GKE nodes with Kubernetes 1.10.5

Turn off Calico/NetworkPolicy

Install the Istio CLI

Use helm to install Istio into your cluster using the "webhook admission controller"

https://istio.io

Deploy OpenFaaS

Edit namespaces.yml and add labels:

    istio-injection: enabled

Use helm to deploy and optionally set operator.create=true

Run kubectl edit deploy -n openfaas gateway - remove the security context from the operator Pod/container. This is because Istio needs to elevate privileges to inject its iptables rules. If you skip this then you'll get stuck at 0/1 replicas.

Deploy VirtualService / GW

Now deploy the VirtualService and GW

cat <<EOF | istioctl create -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: openfaas-gateway
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
EOF


cat <<EOF | istioctl create -f -
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: openfaasgw
spec:
  hosts:
  - "*"
  gateways:
  - openfaas-gateway
  http:
    - route:
      - destination:
          port:
            number: 8080
          host: gateway.openfaas.svc.cluster.local
EOF

Find the IP of the Istio LoadBalancer and try the gateway UI / CLI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment