mandibuswell/ServiceMesh Workshop Steps

## ServiceMesh Workshop Steps
#setting up
PROJECT = "user10"
oc project $PROJECT
git clone https://github.com/RedHatGov/service-mesh-workshop-code.git
cd service-mesh-workshop-code && git checkout workshop-stable
oc get pods -n $PROJECT-istio

#LAB 1 - deploying the microservice application Version1
oc new-app -f ./config/app/boards-fromsource.yaml \
  -p APPLICATION_NAME=boards \
  -p NODEJS_VERSION_TAG=10 \
  -p GIT_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \
  -p GIT_BRANCH=workshop-stable \
  -p DATABASE_SERVICE_NAME=boards-mongodb \
  -p MONGODB_DATABASE=boardsDevelopment
oc new-app -f ./config/app/context-scraper-fromsource.yaml \
  -p APPLICATION_NAME=context-scraper \
  -p NODEJS_VERSION_TAG=10 \
  -p GIT_BRANCH=workshop-stable \
  -p GIT_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git
oc new-app -f ./config/app/app-ui-fromsource.yaml \
  -p APPLICATION_NAME=app-ui \
  -p NODEJS_VERSION_TAG=10 \
  -p GIT_BRANCH=workshop-stable \
  -p GIT_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \
  -e FAKE_USER=true
oc get pods --watch

#wait till pods are running
oc get pods -l app=app-ui -o jsonpath='{.items[*].spec.containers[*].name}{"\n"}'
#creating the istio gateway
oc create -f ./config/istio/gateway.yaml
GATEWAY_URL=$(oc get route istio-ingressgateway -n $PROJECT-istio --template='http://{{.spec.host}}')
echo $GATEWAY_URL
#Testing the application

#LAB 2 deploy the java user profile application using a build config.
oc new-app -f ./config/app/userprofile-build.yaml \
  -p APPLICATION_NAME=userprofile \
  -p APPLICATION_CODE_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \
  -p APPLICATION_CODE_BRANCH=workshop-stable \
  -p APP_VERSION_TAG=1.0
oc start-build userprofile-1.0 -F
#wait till build complete
oc get is userprofile
USER_PROFILE_IMAGE_URI=$(oc get is userprofile --template='{{.status.dockerImageRepository}}')
echo $USER_PROFILE_IMAGE_URI
sed "s|%USER_PROFILE_IMAGE_URI%|$USER_PROFILE_IMAGE_URI|" ./config/app/userprofile-deploy-all.yaml | oc create -f -
oc get pods -l deploymentconfig=userprofile -o jsonpath='{.items[*].spec.containers[*].name}{"\n"}'
#test the application
echo $GATEWAY_URL

#sending Load
for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL; done
for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL/profile; done
#exploring KIALI
echo $(oc get route kiali -n $PROJECT-istio --template='https://{{.spec.host}}')
while true; do curl -s -o /dev/null $GATEWAY_URL; done
for ((i=1;i<=5;i++)); do curl -s -o /dev/null $GATEWAY_URL/profile; done

#LAB 3
oc new-app -f ./config/app/userprofile-build.yaml \
  -p APPLICATION_NAME=userprofile \
  -p APPLICATION_CODE_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \
  -p APPLICATION_CODE_BRANCH=workshop-feature-update \
  -p APP_VERSION_TAG=2.0
oc start-build userprofile-2.0 -F
USER_PROFILE_IMAGE_URI=$(oc get is userprofile --template='{{.status.dockerImageRepository}}')
echo $USER_PROFILE_IMAGE_URI
sed "s|%USER_PROFILE_IMAGE_URI%|$USER_PROFILE_IMAGE_URI|" ./config/app/userprofile-deploy-v2.yaml | oc create -f -
oc get pods -l deploymentconfig=userprofile --watch
#WAIT FOR PODS TO START
#send load explore Grafana
while true; do curl -s -o /dev/null $GATEWAY_URL; done
#send load to profile service in another tab
GATEWAY_URL=$(oc get route istio-ingressgateway -n $PROJECT-istio --template='http://{{.spec.host}}')
while true; do curl -s -o /dev/null $GATEWAY_URL/profile; done
#explore Jaeger
#confirm the podip of applications
oc get pods -l deploymentconfig=app-ui -o jsonpath='{.items[*].status.podIP}{"\n"}'
oc get pods -l deploymentconfig=boards -o jsonpath='{.items[*].status.podIP}{"\n"}'
#send load to profile service and debug the slowness
oc get pods -l deploymentconfig=userprofile,version=1.0 -o jsonpath='{.items[*].status.podIP}{"\n"}'
oc get pods -l deploymentconfig=userprofile,version=2.0 -o jsonpath='{.items[*].status.podIP}{"\n"}'
oc get pods -l deploymentconfig=userprofile,version=3.0 -o jsonpath='{.items[*].status.podIP}{"\n"}'

##LAB 4
oc apply -f ./config/istio/virtual-service-userprofile-v1.yaml
for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL/profile; done
#deploy version 3 of service
oc new-app -f ./config/app/userprofile-build.yaml \
  -p APPLICATION_NAME=userprofile \
  -p APPLICATION_CODE_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \
  -p APPLICATION_CODE_BRANCH=workshop-feature-fix \
  -p APP_VERSION_TAG=3.0
oc start-build userprofile-3.0 -F
USER_PROFILE_IMAGE_URI=$(oc get is userprofile --template='{{.status.dockerImageRepository}}')
echo $USER_PROFILE_IMAGE_URI
sed "s|%USER_PROFILE_IMAGE_URI%|$USER_PROFILE_IMAGE_URI|" ./config/app/userprofile-deploy-v3.yaml | oc create -f -
oc get pods -l deploymentconfig=userprofile --watch
#wait till pods are up

#traffic routing
oc apply -f ./config/istio/virtual-service-userprofile-90-10.yaml
oc apply -f ./config/istio/virtual-service-userprofile-50-50.yaml
oc apply -f ./config/istio/virtual-service-userprofile-v3.yaml
#fault injection
oc apply -f ./config/istio/virtual-service-userprofile-503.yaml
oc apply -f ./config/istio/virtual-service-userprofile-delay.yaml
#revert all traffic changes
oc apply -f ./config/istio/virtual-service-userprofile-v3.yaml
#circuit breaking
oc apply -f ./config/istio/destinationrule-circuitbreaking.yaml
oc apply -f ./config/istio/virtual-service-userprofile-50-50.yaml
#kill pod in another terminal
USERPROFILE_POD=$(oc get pod -l deploymentconfig=userprofile,version=3.0 -o jsonpath='{.items[0].metadata.name}')
oc exec $USERPROFILE_POD -- kill 1
#Clean up
oc apply -f ./config/istio/destinationrules-all.yaml
oc apply -f ./config/istio/virtual-services-default.yaml

#LAB 5
curl boards.user10:8080/shareditems | jq
oc create -f ./config/istio/peer-authentication-mtls.yaml
oc delete dr --all
oc create -f ./config/istio/destinationrule-mtls.yaml
curl boards.user10:8080/shareditems | jq
oc delete peerauthentication/default
oc delete dr --all

#SSO
oc apply -f ./config/sso/sso-keycloak.yaml
oc wait --for=condition=Ready pod/keycloak-0 --timeout=300s
oc label pod keycloak-0 maistra.io/expose-route=true
sed "s|%APP_URL%|$GATEWAY_URL|" ./config/sso/sso-realm.yaml | oc create -f -
oc apply -f ./config/sso/sso-user1.yaml
oc apply -f ./config/sso/sso-user2.yaml
echo $(oc get route keycloak --template='https://{{.spec.host}}')
echo $(oc get secret/credential-workshop-keycloak -o jsonpath="{.data.ADMIN_PASSWORD}") | base64 --decode && echo
#go to the SSO console, set passwords demo and illbeback, create cool-kids role add to terminator
SSO_SVC=$(oc get route keycloak --template='{{.spec.host}}')
oc set env dc/app-ui FAKE_USER=false SSO_SVC_HOST=$SSO_SVC
sed "s|%SSO_SVC%|$SSO_SVC|" ./config/istio/request-authentication-boards-jwt.yaml | oc apply -f -
sed "s|%SSO_SVC%|$SSO_SVC|" ./config/istio/serviceentry-keycloak.yaml | oc apply -f -
#lockdown for only the cool-kids
oc create -f ./config/istio/authorization-boards-shared-lockdown.yaml
#cleanup
oc delete authorizationpolicy/boards-shared-lockdown
oc delete requestauthentication/boards-jwt
oc delete serviceentry/keycloak-egress
#lockdown ingress and egress
oc describe cm/istio-workshop-install -n $PROJECT-istio | grep outboundTrafficPolicy -A 1
curl context-scraper.$PROJECT:8080/scrape/custom_search?term==skynet | jq
#allow access to google
oc apply -f ./config/istio/serviceentry-googleapis.yaml
curl context-scraper.$PROJECT:8080/scrape/custom_search?term==skynet | jq

oc get dr
oc get vs


###COMMON COMMANDS
#setting the gateway URL when required (will work only after lab1 is complete but used throughout)
echo $GATEWAY_URL
GATEWAY_URL=$(oc get route istio-ingressgateway -n $PROJECT-istio --template='http://{{.spec.host}}')
#sending load
for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL; done
for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL/profile; done
while true; do curl -s -o /dev/null $GATEWAY_URL; done
while true; do curl -s -o /dev/null $GATEWAY_URL/profile; done
	#setting up
	PROJECT = "user10"
	oc project $PROJECT
	git clone https://github.com/RedHatGov/service-mesh-workshop-code.git
	cd service-mesh-workshop-code && git checkout workshop-stable
	oc get pods -n $PROJECT-istio

	#LAB 1 - deploying the microservice application Version1
	oc new-app -f ./config/app/boards-fromsource.yaml \
	-p APPLICATION_NAME=boards \
	-p NODEJS_VERSION_TAG=10 \
	-p GIT_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \
	-p GIT_BRANCH=workshop-stable \
	-p DATABASE_SERVICE_NAME=boards-mongodb \
	-p MONGODB_DATABASE=boardsDevelopment
	oc new-app -f ./config/app/context-scraper-fromsource.yaml \
	-p APPLICATION_NAME=context-scraper \
	-p NODEJS_VERSION_TAG=10 \
	-p GIT_BRANCH=workshop-stable \
	-p GIT_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git
	oc new-app -f ./config/app/app-ui-fromsource.yaml \
	-p APPLICATION_NAME=app-ui \
	-p NODEJS_VERSION_TAG=10 \
	-p GIT_BRANCH=workshop-stable \
	-p GIT_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \
	-e FAKE_USER=true
	oc get pods --watch

	#wait till pods are running
	oc get pods -l app=app-ui -o jsonpath='{.items[].spec.containers[].name}{"\n"}'
	#creating the istio gateway
	oc create -f ./config/istio/gateway.yaml
	GATEWAY_URL=$(oc get route istio-ingressgateway -n $PROJECT-istio --template='http://{{.spec.host}}')
	echo $GATEWAY_URL
	#Testing the application

	#LAB 2 deploy the java user profile application using a build config.
	oc new-app -f ./config/app/userprofile-build.yaml \
	-p APPLICATION_NAME=userprofile \
	-p APPLICATION_CODE_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \
	-p APPLICATION_CODE_BRANCH=workshop-stable \
	-p APP_VERSION_TAG=1.0
	oc start-build userprofile-1.0 -F
	#wait till build complete
	oc get is userprofile
	USER_PROFILE_IMAGE_URI=$(oc get is userprofile --template='{{.status.dockerImageRepository}}')
	echo $USER_PROFILE_IMAGE_URI
	sed "s\|%USER_PROFILE_IMAGE_URI%\|$USER_PROFILE_IMAGE_URI\|" ./config/app/userprofile-deploy-all.yaml \| oc create -f -
	oc get pods -l deploymentconfig=userprofile -o jsonpath='{.items[].spec.containers[].name}{"\n"}'
	#test the application
	echo $GATEWAY_URL

	#sending Load
	for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL; done
	for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL/profile; done
	#exploring KIALI
	echo $(oc get route kiali -n $PROJECT-istio --template='https://{{.spec.host}}')
	while true; do curl -s -o /dev/null $GATEWAY_URL; done
	for ((i=1;i<=5;i++)); do curl -s -o /dev/null $GATEWAY_URL/profile; done

	#LAB 3
	oc new-app -f ./config/app/userprofile-build.yaml \
	-p APPLICATION_NAME=userprofile \
	-p APPLICATION_CODE_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \
	-p APPLICATION_CODE_BRANCH=workshop-feature-update \
	-p APP_VERSION_TAG=2.0
	oc start-build userprofile-2.0 -F
	USER_PROFILE_IMAGE_URI=$(oc get is userprofile --template='{{.status.dockerImageRepository}}')
	echo $USER_PROFILE_IMAGE_URI
	sed "s\|%USER_PROFILE_IMAGE_URI%\|$USER_PROFILE_IMAGE_URI\|" ./config/app/userprofile-deploy-v2.yaml \| oc create -f -
	oc get pods -l deploymentconfig=userprofile --watch
	#WAIT FOR PODS TO START
	#send load explore Grafana
	while true; do curl -s -o /dev/null $GATEWAY_URL; done
	#send load to profile service in another tab
	GATEWAY_URL=$(oc get route istio-ingressgateway -n $PROJECT-istio --template='http://{{.spec.host}}')
	while true; do curl -s -o /dev/null $GATEWAY_URL/profile; done
	#explore Jaeger
	#confirm the podip of applications
	oc get pods -l deploymentconfig=app-ui -o jsonpath='{.items[*].status.podIP}{"\n"}'
	oc get pods -l deploymentconfig=boards -o jsonpath='{.items[*].status.podIP}{"\n"}'
	#send load to profile service and debug the slowness
	oc get pods -l deploymentconfig=userprofile,version=1.0 -o jsonpath='{.items[*].status.podIP}{"\n"}'
	oc get pods -l deploymentconfig=userprofile,version=2.0 -o jsonpath='{.items[*].status.podIP}{"\n"}'
	oc get pods -l deploymentconfig=userprofile,version=3.0 -o jsonpath='{.items[*].status.podIP}{"\n"}'

	##LAB 4
	oc apply -f ./config/istio/virtual-service-userprofile-v1.yaml
	for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL/profile; done
	#deploy version 3 of service
	oc new-app -f ./config/app/userprofile-build.yaml \
	-p APPLICATION_NAME=userprofile \
	-p APPLICATION_CODE_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \
	-p APPLICATION_CODE_BRANCH=workshop-feature-fix \
	-p APP_VERSION_TAG=3.0
	oc start-build userprofile-3.0 -F
	USER_PROFILE_IMAGE_URI=$(oc get is userprofile --template='{{.status.dockerImageRepository}}')
	echo $USER_PROFILE_IMAGE_URI
	sed "s\|%USER_PROFILE_IMAGE_URI%\|$USER_PROFILE_IMAGE_URI\|" ./config/app/userprofile-deploy-v3.yaml \| oc create -f -
	oc get pods -l deploymentconfig=userprofile --watch
	#wait till pods are up

	#traffic routing
	oc apply -f ./config/istio/virtual-service-userprofile-90-10.yaml
	oc apply -f ./config/istio/virtual-service-userprofile-50-50.yaml
	oc apply -f ./config/istio/virtual-service-userprofile-v3.yaml
	#fault injection
	oc apply -f ./config/istio/virtual-service-userprofile-503.yaml
	oc apply -f ./config/istio/virtual-service-userprofile-delay.yaml
	#revert all traffic changes
	oc apply -f ./config/istio/virtual-service-userprofile-v3.yaml
	#circuit breaking
	oc apply -f ./config/istio/destinationrule-circuitbreaking.yaml
	oc apply -f ./config/istio/virtual-service-userprofile-50-50.yaml
	#kill pod in another terminal
	USERPROFILE_POD=$(oc get pod -l deploymentconfig=userprofile,version=3.0 -o jsonpath='{.items[0].metadata.name}')
	oc exec $USERPROFILE_POD -- kill 1
	#Clean up
	oc apply -f ./config/istio/destinationrules-all.yaml
	oc apply -f ./config/istio/virtual-services-default.yaml

	#LAB 5
	curl boards.user10:8080/shareditems \| jq
	oc create -f ./config/istio/peer-authentication-mtls.yaml
	oc delete dr --all
	oc create -f ./config/istio/destinationrule-mtls.yaml
	curl boards.user10:8080/shareditems \| jq
	oc delete peerauthentication/default
	oc delete dr --all

	#SSO
	oc apply -f ./config/sso/sso-keycloak.yaml
	oc wait --for=condition=Ready pod/keycloak-0 --timeout=300s
	oc label pod keycloak-0 maistra.io/expose-route=true
	sed "s\|%APP_URL%\|$GATEWAY_URL\|" ./config/sso/sso-realm.yaml \| oc create -f -
	oc apply -f ./config/sso/sso-user1.yaml
	oc apply -f ./config/sso/sso-user2.yaml
	echo $(oc get route keycloak --template='https://{{.spec.host}}')
	echo $(oc get secret/credential-workshop-keycloak -o jsonpath="{.data.ADMIN_PASSWORD}") \| base64 --decode && echo
	#go to the SSO console, set passwords demo and illbeback, create cool-kids role add to terminator
	SSO_SVC=$(oc get route keycloak --template='{{.spec.host}}')
	oc set env dc/app-ui FAKE_USER=false SSO_SVC_HOST=$SSO_SVC
	sed "s\|%SSO_SVC%\|$SSO_SVC\|" ./config/istio/request-authentication-boards-jwt.yaml \| oc apply -f -
	sed "s\|%SSO_SVC%\|$SSO_SVC\|" ./config/istio/serviceentry-keycloak.yaml \| oc apply -f -
	#lockdown for only the cool-kids
	oc create -f ./config/istio/authorization-boards-shared-lockdown.yaml
	#cleanup
	oc delete authorizationpolicy/boards-shared-lockdown
	oc delete requestauthentication/boards-jwt
	oc delete serviceentry/keycloak-egress
	#lockdown ingress and egress
	oc describe cm/istio-workshop-install -n $PROJECT-istio \| grep outboundTrafficPolicy -A 1
	curl context-scraper.$PROJECT:8080/scrape/custom_search?term==skynet \| jq
	#allow access to google
	oc apply -f ./config/istio/serviceentry-googleapis.yaml
	curl context-scraper.$PROJECT:8080/scrape/custom_search?term==skynet \| jq

	oc get dr
	oc get vs




	###COMMON COMMANDS
	#setting the gateway URL when required (will work only after lab1 is complete but used throughout)
	echo $GATEWAY_URL
	GATEWAY_URL=$(oc get route istio-ingressgateway -n $PROJECT-istio --template='http://{{.spec.host}}')
	#sending load
	for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL; done
	for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL/profile; done
	while true; do curl -s -o /dev/null $GATEWAY_URL; done
	while true; do curl -s -o /dev/null $GATEWAY_URL/profile; done