Last active
March 20, 2023 15:55
-
-
Save mikesparr/12e7629835fa6c4e9a85689ad2b47a32 to your computer and use it in GitHub Desktop.
Install Anthos Service Mesh and Hipster shop
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
export PROJECT_ID=$(gcloud config get-value project) | |
export PROJECT_USER=$(gcloud config get-value core/account) # set current user | |
export CLUSTER_NAME="central" | |
export CLUSTER_LOCATION="us-central1" | |
export MACHINE_TYPE="n1-standard-4" | |
export NODE_POOL_NAME="default-pool" | |
export NETWORK_NAME="anthos-demo" | |
export SUBNET_K8S_NODES="k8s-nodes" | |
export SUBNET_K8S_NODES_RANGE="10.12.0.0/22" | |
export SUBNET_K8S_PODS="k8s-pods" | |
export SUBNET_K8S_PODS_RANGE="10.82.0.0/18" | |
export SUBNET_K8S_SVCS="k8s-svcs" | |
export SUBNET_K8S_SVCS_RANGE="10.82.64.0/22" | |
export ENVIRON_PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)") | |
export IDNS=${PROJECT_ID}.svc.id.goog | |
export MESH_ID="proj-${ENVIRON_PROJECT_NUMBER}" | |
# enable apis | |
gcloud services enable \ | |
container.googleapis.com \ | |
compute.googleapis.com \ | |
monitoring.googleapis.com \ | |
logging.googleapis.com \ | |
cloudtrace.googleapis.com \ | |
meshca.googleapis.com \ | |
meshtelemetry.googleapis.com \ | |
meshconfig.googleapis.com \ | |
iamcredentials.googleapis.com \ | |
anthos.googleapis.com \ | |
gkeconnect.googleapis.com \ | |
gkehub.googleapis.com \ | |
cloudresourcemanager.googleapis.com | |
# create VPC network | |
gcloud compute networks create $NETWORK_NAME \ | |
--subnet-mode="custom" | |
# create GKE subnet | |
gcloud compute networks subnets create $SUBNET_K8S_NODES \ | |
--network=$NETWORK_NAME \ | |
--region=$CLUSTER_LOCATION \ | |
--range=$SUBNET_K8S_NODES_RANGE \ | |
--enable-private-ip-google-access \ | |
--secondary-range=${SUBNET_K8S_PODS}=${SUBNET_K8S_PODS_RANGE} \ | |
--secondary-range=${SUBNET_K8S_SVCS}=${SUBNET_K8S_SVCS_RANGE} | |
############################################################ | |
# TASK 1: Install cluster, Anthos Service Mesh, Hipster Shop | |
# region: us-central1 | |
# nodes/zone: 1 | |
# machine: n1-standard-4 | |
# zones: 1a, 1b, 1c, 1f | |
# Istio on GKE = Enabled | |
# scope: cloud-platform | |
# Istio injection on 'default' ns | |
# labels: mesh_id=proj-${ENVIRON_PROJECT_NUMBER} | |
# https://cloud.google.com/istio/docs/istio-on-gke/installing | |
# https://cloud.google.com/kubernetes-engine/docs/how-to/creating-managing-labels | |
############################################################ | |
gcloud beta container --project ${PROJECT_ID} clusters create ${CLUSTER_NAME} \ | |
--region ${CLUSTER_LOCATION} --no-enable-basic-auth \ | |
--node-locations "us-central1-a","us-central1-b","us-central1-c","us-central1-f" \ | |
--network "projects/${PROJECT_ID}/global/networks/${NETWORK_NAME}" \ | |
--subnetwork "projects/${PROJECT_ID}/regions/${CLUSTER_LOCATION}/subnetworks/${SUBNET_K8S_NODES}" \ | |
--cluster-secondary-range-name "${SUBNET_K8S_PODS}" \ | |
--services-secondary-range-name "${SUBNET_K8S_SVCS}" \ | |
--release-channel "regular" \ | |
--machine-type ${MACHINE_TYPE} \ | |
--image-type "UBUNTU" \ | |
--disk-type "pd-standard" \ | |
--disk-size "100" \ | |
--metadata disable-legacy-endpoints=true \ | |
--scopes "https://www.googleapis.com/auth/cloud-platform" \ | |
--num-nodes "1" \ | |
--enable-stackdriver-kubernetes \ | |
--enable-ip-alias \ | |
--default-max-pods-per-node "110" \ | |
--no-enable-master-authorized-networks \ | |
--addons HorizontalPodAutoscaling,HttpLoadBalancing,Istio \ | |
--istio-config auth=MTLS_PERMISSIVE \ | |
--enable-autoupgrade --enable-autorepair \ | |
--max-surge-upgrade 1 --max-unavailable-upgrade 0 \ | |
--labels mesh_id=${MESH_ID} \ | |
--workload-pool ${IDNS} | |
# register cluster | |
gcloud iam service-accounts create connect-sa | |
gcloud projects add-iam-policy-binding ${PROJECT_ID} \ | |
--member="serviceAccount:connect-sa@${PROJECT_ID}.iam.gserviceaccount.com" \ | |
--role="roles/gkehub.connect" | |
gcloud iam service-accounts keys create connect-sa-key.json \ | |
--iam-account=connect-sa@${PROJECT_ID}.iam.gserviceaccount.com | |
gcloud container hub memberships register ${CLUSTER_NAME}-connect \ | |
--gke-cluster=${CLUSTER_LOCATION}/${CLUSTER_NAME} \ | |
--service-account-key-file=./connect-sa-key.json | |
# initialize mesh | |
curl --request POST \ | |
--header "Authorization: Bearer $(gcloud auth print-access-token)" \ | |
--data '' \ | |
"https://meshconfig.googleapis.com/v1alpha1/projects/${PROJECT_ID}:initialize" | |
# auto-inject sidecar | |
kubectl label namespace default istio-injection=enabled | |
# install hipster shop | |
# prereq: https://googlecontainertools.github.io/kpt/installation/ | |
kpt pkg get \ | |
https://github.com/GoogleCloudPlatform/microservices-demo.git/release \ | |
hipster-demo | |
kubectl apply -f hipster-demo # default namespace | |
############################################################ | |
# TASK 2: Create SLO for 'checkoutservice' | |
# manually create in GCP Console ( Anthos > Service Mesh > Create SLO ) | |
# <500ms latency over rolling period of 1 day | |
# cluster: central | |
# namespace: default | |
# service: checkoutservice | |
# SLI type: Latency | |
# Compliance Target: 99% | |
# https://cloud.google.com/service-mesh/docs/observability/design-slo | |
# https://cloud.google.com/service-mesh/docs/observability/create-slo | |
############################################################ | |
# create monitoring channel (email alerts) | |
gcloud beta monitoring channels create --display-name="DevOps Team" \ | |
--description="Primary contact method for the DevOps team lead" \ | |
--type=email \ | |
--user-labels=team=devops,role=lead,ord=1 \ | |
--channel-labels=email_address="${PROJECT_USER}" | |
# use console for creating SLO | |
# use console for creating Alert policy (to above monitoring channel) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment