Skip to content

Instantly share code, notes, and snippets.

@lucasponce

lucasponce/[1.A] Steps for GKE

Last active August 24, 2022 22:01
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save lucasponce/1c9fd67c9f7849d452138f56dd7f8ef3 to your computer and use it in GitHub Desktop.
Save lucasponce/1c9fd67c9f7849d452138f56dd7f8ef3 to your computer and use it in GitHub Desktop.
Download ZIP
Istio Cookbook: Kiali Recipe
Raw
[1.A] Steps for GKE
[1] Open https://console.cloud.google.com/ with your gmail account
[2] Create a Project / Choose a Project you have access to.
[3] Activate "Cloud Shell"
[4] Prepare a GKE cluster using
https://istio.io/latest/docs/setup/platform-setup/gke/
export PROJECT_ID=`gcloud config get-value project` && \
export M_TYPE=n1-standard-2 && \
export ZONE=us-west2-a && \
export CLUSTER_NAME=${PROJECT_ID}-${RANDOM} && \
gcloud services enable container.googleapis.com && \
gcloud container clusters create $CLUSTER_NAME \
--cluster-version latest \
--machine-type=$M_TYPE \
--num-nodes 4 \
--zone $ZONE \
--project $PROJECT_ID
# Optional, if you are using gcloud from a different shell. Using "Cloud Shell" should have the credentials configured.
gcloud container clusters get-credentials $CLUSTER_NAME \
--zone $ZONE \
--project $PROJECT_ID
[5] Take Cluster details
NAME LOCATION MASTER_VERSION MASTER_IP MACHINE_TYPE NODE_VERSION NUM_NODES STATUS
kiali-recipe-mark-01-29341 us-west2-a 1.18.15-gke.1500 35.235.77.110 n1-standard-2 1.18.15-gke.1500 4 RUNNING
[6] Basic cluster test
kubectl get nodes
NAME STATUS ROLES AGE VERSION
gke-kiali-recipe-mark-01-default-pool-247fe88a-3167 Ready <none> 5m4s v1.18.15-gke.1500
gke-kiali-recipe-mark-01-default-pool-247fe88a-j8tt Ready <none> 5m4s v1.18.15-gke.1500
gke-kiali-recipe-mark-01-default-pool-247fe88a-w5qz Ready <none> 5m4s v1.18.15-gke.1500
gke-kiali-recipe-mark-01-default-pool-247fe88a-xf7c Ready <none> 5m5s v1.18.15-gke.1500
Raw
[1.B] Steps for Minikube
[1] Open a X session to a linux box where you have a minikube installed
ssh -X neorecopolis
lponce@neorecopolis:~$ minikube version
minikube version: v1.17.1
commit: 043bdca07e54ab6e4fc0457e3064048f34133d7e
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.2", GitCommit:"faecb196815e248d3ecfb03c680a4507229c2a56", GitTreeState:"clean", BuildDate:"2021-01-13T13:28:09Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}
[2] Create a Minikube cluster, adjust your memory/cpu
# Platform Setup
minikube config set vm-driver kvm2
minikube start --memory=16384 --cpus=4 --kubernetes-version=v1.20.2
[3] Start minikube tunnel
minikube tunnel
[4] Open a new X session to your linux box, test the cluster accesss
ssh -X neorecopolis
kubectl get nodes
NAME STATUS ROLES AGE VERSION
minikube Ready control-plane,master 4m23s v1.20.2
Raw
[2] Install Istio
[1] Follow https://istio.io/latest/docs/setup/getting-started/
[2] Steps
curl -L https://istio.io/downloadIstio | sh -
cd istio-1.9.0
export PATH=$PWD/bin:$PATH
[3] Important, check the PATH (GCP ships an old Istio 1.8 by default)
istioctl version
no running Istio pods in "istio-system"
1.9.0
[4] Install the demo profile
istioctl install --set profile=demo -y
[5] Demo App
kubectl label namespace default istio-injection=enabled
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
[6] Test Demo App (Check/Wait until your Pods are up and running)
kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"
Raw
[3] Open Demo App to outside traffic
[1] Install Gateway for Demo App
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
[2] Get the external IP https://istio.io/latest/docs/setup/getting-started/#determining-the-ingress-ip-and-ports
kubectl get svc istio-ingressgateway -n istio-system
[3] Update a local DNS name for bookinfo with the istio-ingressgateway public IP
Note, the /etc/hosts should be used where you will open your browser
Linux
sudo vi /etc/hosts
35.236.100.43 bookinfo.istio-cluster.org
[4] Verify your local DNS http://bookinfo.istio-cluster.org/productpage
[5] Note, you can use a public DNS and register the ingress IP with your domain, just take the time to refresh the DNS caches
Raw
[4] Install Istio addons
[1] Install https://istio.io/latest/docs/setup/getting-started/#dashboard
kubectl apply -f samples/addons
[2] Update a local DNS name for kiali, grafana and tracing with the istio-ingressgateway public IP
35.236.100.43 kiali.istio-cluster.org
35.236.100.43 grafana.istio-cluster.org
35.236.100.43 tracing.istio-cluster.org
Note that for my cluster INGRESS_DOMAIN="istio-cluster.org" but you can adjust this with your name
[3] Expose Kiali, Grafana and Tracing through the Ingress
We are in a demo environment, we will use the Option 2: Plain HTTP
https://istio.io/latest/docs/tasks/observability/gateways/#option-2-insecure-access-http
Adjust the INGRESS_DOMAIN to your local DNS entry, that's important
export INGRESS_DOMAIN="istio-cluster.org"
cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kiali-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http-kiali
protocol: HTTP
hosts:
- "kiali.${INGRESS_DOMAIN}"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: kiali-vs
namespace: istio-system
spec:
hosts:
- "kiali.${INGRESS_DOMAIN}"
gateways:
- kiali-gateway
http:
- route:
- destination:
host: kiali
port:
number: 20001
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: kiali
namespace: istio-system
spec:
host: kiali
trafficPolicy:
tls:
mode: DISABLE
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grafana-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http-grafana
protocol: HTTP
hosts:
- "grafana.${INGRESS_DOMAIN}"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana-vs
namespace: istio-system
spec:
hosts:
- "grafana.${INGRESS_DOMAIN}"
gateways:
- grafana-gateway
http:
- route:
- destination:
host: grafana
port:
number: 3000
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: grafana
namespace: istio-system
spec:
host: grafana
trafficPolicy:
tls:
mode: DISABLE
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: tracing-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http-tracing
protocol: HTTP
hosts:
- "tracing.${INGRESS_DOMAIN}"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tracing-vs
namespace: istio-system
spec:
hosts:
- "tracing.${INGRESS_DOMAIN}"
gateways:
- tracing-gateway
http:
- route:
- destination:
host: tracing
port:
number: 80
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: tracing
namespace: istio-system
spec:
host: tracing
trafficPolicy:
tls:
mode: DISABLE
---
EOF
[4] Verify that you can resolve from your browser:
- http://kiali.istio-cluster.org
- http://grafana.istio-cluster.org
- http://tracing.istio-cluster.org
Note, this method only works in your local machine as your are updating a local host name, but you could update a public DNS entry instead.
Raw
[5] Kiali Hello World
[1] Check Overview page, istio-system and default namespaces have a warning on Istio Config
[2] Navigate to bookinfo-gateway Istio Config on default namespace
[3] Update the wildcard in the gateway to resolve the ambiguity
* -> bookinfo.istio-cluster.org
[4] VirtualService is linked with a Gateway but it's a good practice to resolve the ambiguity on this case too
* -> bookinfo.istio-cluster.org
[5] Save Gateway and VirtualHost on default and check the overview page
Congratulations, you have resolved a warning using Kiali
This is just the first step, you are ready to start the Kiali Tutorial
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment