Skip to content

Instantly share code, notes, and snippets.

@mikesparr
Last active March 20, 2023 15:55
Show Gist options
  • Save mikesparr/12e7629835fa6c4e9a85689ad2b47a32 to your computer and use it in GitHub Desktop.
Save mikesparr/12e7629835fa6c4e9a85689ad2b47a32 to your computer and use it in GitHub Desktop.
Install Anthos Service Mesh and Hipster shop
#!/usr/bin/env bash
export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_USER=$(gcloud config get-value core/account) # set current user
export CLUSTER_NAME="central"
export CLUSTER_LOCATION="us-central1"
export MACHINE_TYPE="n1-standard-4"
export NODE_POOL_NAME="default-pool"
export NETWORK_NAME="anthos-demo"
export SUBNET_K8S_NODES="k8s-nodes"
export SUBNET_K8S_NODES_RANGE="10.12.0.0/22"
export SUBNET_K8S_PODS="k8s-pods"
export SUBNET_K8S_PODS_RANGE="10.82.0.0/18"
export SUBNET_K8S_SVCS="k8s-svcs"
export SUBNET_K8S_SVCS_RANGE="10.82.64.0/22"
export ENVIRON_PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)")
export IDNS=${PROJECT_ID}.svc.id.goog
export MESH_ID="proj-${ENVIRON_PROJECT_NUMBER}"
# enable apis
gcloud services enable \
container.googleapis.com \
compute.googleapis.com \
monitoring.googleapis.com \
logging.googleapis.com \
cloudtrace.googleapis.com \
meshca.googleapis.com \
meshtelemetry.googleapis.com \
meshconfig.googleapis.com \
iamcredentials.googleapis.com \
anthos.googleapis.com \
gkeconnect.googleapis.com \
gkehub.googleapis.com \
cloudresourcemanager.googleapis.com
# create VPC network
gcloud compute networks create $NETWORK_NAME \
--subnet-mode="custom"
# create GKE subnet
gcloud compute networks subnets create $SUBNET_K8S_NODES \
--network=$NETWORK_NAME \
--region=$CLUSTER_LOCATION \
--range=$SUBNET_K8S_NODES_RANGE \
--enable-private-ip-google-access \
--secondary-range=${SUBNET_K8S_PODS}=${SUBNET_K8S_PODS_RANGE} \
--secondary-range=${SUBNET_K8S_SVCS}=${SUBNET_K8S_SVCS_RANGE}
############################################################
# TASK 1: Install cluster, Anthos Service Mesh, Hipster Shop
# region: us-central1
# nodes/zone: 1
# machine: n1-standard-4
# zones: 1a, 1b, 1c, 1f
# Istio on GKE = Enabled
# scope: cloud-platform
# Istio injection on 'default' ns
# labels: mesh_id=proj-${ENVIRON_PROJECT_NUMBER}
# https://cloud.google.com/istio/docs/istio-on-gke/installing
# https://cloud.google.com/kubernetes-engine/docs/how-to/creating-managing-labels
############################################################
gcloud beta container --project ${PROJECT_ID} clusters create ${CLUSTER_NAME} \
--region ${CLUSTER_LOCATION} --no-enable-basic-auth \
--node-locations "us-central1-a","us-central1-b","us-central1-c","us-central1-f" \
--network "projects/${PROJECT_ID}/global/networks/${NETWORK_NAME}" \
--subnetwork "projects/${PROJECT_ID}/regions/${CLUSTER_LOCATION}/subnetworks/${SUBNET_K8S_NODES}" \
--cluster-secondary-range-name "${SUBNET_K8S_PODS}" \
--services-secondary-range-name "${SUBNET_K8S_SVCS}" \
--release-channel "regular" \
--machine-type ${MACHINE_TYPE} \
--image-type "UBUNTU" \
--disk-type "pd-standard" \
--disk-size "100" \
--metadata disable-legacy-endpoints=true \
--scopes "https://www.googleapis.com/auth/cloud-platform" \
--num-nodes "1" \
--enable-stackdriver-kubernetes \
--enable-ip-alias \
--default-max-pods-per-node "110" \
--no-enable-master-authorized-networks \
--addons HorizontalPodAutoscaling,HttpLoadBalancing,Istio \
--istio-config auth=MTLS_PERMISSIVE \
--enable-autoupgrade --enable-autorepair \
--max-surge-upgrade 1 --max-unavailable-upgrade 0 \
--labels mesh_id=${MESH_ID} \
--workload-pool ${IDNS}
# register cluster
gcloud iam service-accounts create connect-sa
gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member="serviceAccount:connect-sa@${PROJECT_ID}.iam.gserviceaccount.com" \
--role="roles/gkehub.connect"
gcloud iam service-accounts keys create connect-sa-key.json \
--iam-account=connect-sa@${PROJECT_ID}.iam.gserviceaccount.com
gcloud container hub memberships register ${CLUSTER_NAME}-connect \
--gke-cluster=${CLUSTER_LOCATION}/${CLUSTER_NAME} \
--service-account-key-file=./connect-sa-key.json
# initialize mesh
curl --request POST \
--header "Authorization: Bearer $(gcloud auth print-access-token)" \
--data '' \
"https://meshconfig.googleapis.com/v1alpha1/projects/${PROJECT_ID}:initialize"
# auto-inject sidecar
kubectl label namespace default istio-injection=enabled
# install hipster shop
# prereq: https://googlecontainertools.github.io/kpt/installation/
kpt pkg get \
https://github.com/GoogleCloudPlatform/microservices-demo.git/release \
hipster-demo
kubectl apply -f hipster-demo # default namespace
############################################################
# TASK 2: Create SLO for 'checkoutservice'
# manually create in GCP Console ( Anthos > Service Mesh > Create SLO )
# <500ms latency over rolling period of 1 day
# cluster: central
# namespace: default
# service: checkoutservice
# SLI type: Latency
# Compliance Target: 99%
# https://cloud.google.com/service-mesh/docs/observability/design-slo
# https://cloud.google.com/service-mesh/docs/observability/create-slo
############################################################
# create monitoring channel (email alerts)
gcloud beta monitoring channels create --display-name="DevOps Team" \
--description="Primary contact method for the DevOps team lead" \
--type=email \
--user-labels=team=devops,role=lead,ord=1 \
--channel-labels=email_address="${PROJECT_USER}"
# use console for creating SLO
# use console for creating Alert policy (to above monitoring channel)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment