From 6926bbe54b3f2e355014e545c7154ac787f152d7 Mon Sep 17 00:00:00 2001 From: jmanuelcorral Date: Wed, 6 Mar 2019 16:14:58 +0100 Subject: [PATCH] Enabling istio on local kubernetes and first pod configuration, needs more work, unstable --- k8s/istio/JourneyToIstio.md | 73 +++++++++++++++++++++++ k8s/istio/deploy-istio-helm.ps1 | 3 + k8s/istio/install-istio-local.ps1 | 16 +++++ k8s/istio/kiali/secrets.yml | 11 ++++ k8s/istio/kiali/set-kiali-credentials.ps1 | 36 +++++++++++ 5 files changed, 139 insertions(+) create mode 100644 k8s/istio/JourneyToIstio.md create mode 100644 k8s/istio/deploy-istio-helm.ps1 create mode 100644 k8s/istio/install-istio-local.ps1 create mode 100644 k8s/istio/kiali/secrets.yml create mode 100644 k8s/istio/kiali/set-kiali-credentials.ps1 diff --git a/k8s/istio/JourneyToIstio.md b/k8s/istio/JourneyToIstio.md new file mode 100644 index 000000000..6e44cf526 --- /dev/null +++ b/k8s/istio/JourneyToIstio.md @@ -0,0 +1,73 @@ +# ISTIO on Local +## Prerequisites on local +You need the eshopsOnContainers configured on your local, with this +in a powershell console, we need to enter in /k8s/istio and execute +``` +>kubectl get pods +NAME READY STATUS RESTARTS AGE +eshop-apigwmm-54ccc6c589-557fn 0/1 Running 26 3h +eshop-apigwms-7d5f86cf7c-2j2zp 0/1 CrashLoopBackOff 30 3h +eshop-apigwwm-7794b6d879-7j4mt 0/1 CrashLoopBackOff 39 3h +eshop-apigwws-8585f6899f-7kkg2 0/1 Running 11 3h +eshop-basket-api-8bfc5c5f6-8xxcv 0/1 Running 41 3h +eshop-basket-data-66fbc788cc-dmkgb 1/1 Running 0 3h +eshop-catalog-api-c77747b76-4gp6c 0/1 CrashLoopBackOff 40 3h +eshop-identity-api-7574f6b458-4rbp6 0/1 CrashLoopBackOff 44 3h +eshop-keystore-data-5c9c85cb99-s5qz7 1/1 Running 0 3h +eshop-locations-api-64847646d-5wv52 0/1 CrashLoopBackOff 36 3h +eshop-marketing-api-745f9546b8-krjqq 0/1 Running 33 3h +eshop-mobileshoppingagg-7d467f86bd-bw9c7 0/1 Running 22 3h +eshop-nosql-data-579c9d89f8-x4z2k 1/1 Running 0 3h +eshop-ordering-api-5c55bd5464-7hnjx 0/1 CrashLoopBackOff 38 3h +eshop-ordering-backgroundtasks-f6dcb7db4-xq7gr 1/1 Running 22 3h +eshop-ordering-signalrhub-6664868779-dphxm 1/1 Running 0 3h +eshop-payment-api-7988db5f76-z76tc 1/1 Running 17 3h +eshop-rabbitmq-6b68647bc4-qjjrb 1/1 Running 0 3h +eshop-sql-data-5c4fdcccf4-2z5dm 1/1 Running 0 3h +eshop-webhooks-api-588b58bb66-lmx5c 1/1 Running 0 3h +eshop-webhooks-web-565c68b59c-dk8hp 1/1 Running 0 3h +eshop-webmvc-55c596544b-9fqsj 1/1 Running 0 3h +eshop-webshoppingagg-f8547f45b-4mjvp 0/1 CrashLoopBackOff 16 3h +eshop-webspa-84fd54466d-hzrlb 1/1 Running 0 3h +eshop-webstatus-775b487d4d-tbfbn 1/1 Running 0 3h +``` + +```ps1 +> ./install-istio-local.ps1 + +``` +This will install the cli utility and register to the path, you can test this phase launching + +```ps1 +> istioctl +``` + +Afterthat you can install Istio on your cluster executing +```ps1 +> ./deploy-istio-helm.ps1 +``` + +the result should be like: +``` +NAME READY STATUS RESTARTS AGE +grafana-774bf8cb47-clqkp 1/1 Running 0 2h +istio-citadel-548f4cdd9-dbrbn 1/1 Running 0 2h +istio-egressgateway-5f77f6c979-8922g 1/1 Running 0 2h +istio-galley-8f6585898-7c7wq 1/1 Running 0 2h +istio-ingressgateway-8484579cdb-7tw8n 1/1 Running 0 2h +istio-pilot-7c5c5778fb-r987v 2/2 Running 0 2h +istio-policy-7d67d47c65-rdqwj 2/2 Running 15 2h +istio-sidecar-injector-6fb6845cdd-nnhks 1/1 Running 0 2h +istio-telemetry-8b9fc7769-pwx5m 2/2 Running 24 2h +istio-tracing-ff94688bb-xnhnd 1/1 Running 4 2h +kiali-8644dbcdbc-pb627 0/1 CrashLoopBackOff 7 2h +prometheus-f556886b8-mr6wb 1/1 Running 13 2h +``` + +Is a common error that kiali-pod have errors, because it needs a credentials for working. +enter in k8s/istio/kiali and execute: +``` +> ./set-kiali-credentials.ps1 +``` +this script will prompt for a valid account/password and setups the secret in kubernetes +(at the moment account/password will be admin/admin we need to modify the yml) diff --git a/k8s/istio/deploy-istio-helm.ps1 b/k8s/istio/deploy-istio-helm.ps1 new file mode 100644 index 000000000..704813121 --- /dev/null +++ b/k8s/istio/deploy-istio-helm.ps1 @@ -0,0 +1,3 @@ +$ISTIO_VERSION="1.0.6" +cd istio-$ISTIO_VERSION +helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set global.controlPlaneSecurityEnabled=true --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true \ No newline at end of file diff --git a/k8s/istio/install-istio-local.ps1 b/k8s/istio/install-istio-local.ps1 new file mode 100644 index 000000000..fcf0a6d34 --- /dev/null +++ b/k8s/istio/install-istio-local.ps1 @@ -0,0 +1,16 @@ +# Specify the Istio version that will be leveraged throughout these instructions +$ISTIO_VERSION="1.0.6" + +# Windows + +$ProgressPreference = 'SilentlyContinue'; +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +Invoke-WebRequest -URI "https://github.com/istio/istio/releases/download/$ISTIO_VERSION/istio-$ISTIO_VERSION-win.zip" -OutFile "istio-$ISTIO_VERSION.zip" +Expand-Archive -Path "istio-$ISTIO_VERSION.zip" -DestinationPath . + +cd istio-$ISTIO_VERSION +New-Item -ItemType Directory -Force -Path "C:\Program Files\Istio" +mv ./bin/istioctl.exe "C:\Program Files/Istio/" +$PATH = [environment]::GetEnvironmentVariable("PATH", "User") +[environment]::SetEnvironmentVariable("PATH", $PATH + "; C:\Program Files\Istio", "User") + diff --git a/k8s/istio/kiali/secrets.yml b/k8s/istio/kiali/secrets.yml new file mode 100644 index 000000000..7185f1383 --- /dev/null +++ b/k8s/istio/kiali/secrets.yml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: kiali + namespace: istio-system + labels: + app: kiali +type: Opaque +data: + username: YQBkAG0AaQBuAA== + passphrase: YQBkAG0AaQBuAA== \ No newline at end of file diff --git a/k8s/istio/kiali/set-kiali-credentials.ps1 b/k8s/istio/kiali/set-kiali-credentials.ps1 new file mode 100644 index 000000000..bd778b647 --- /dev/null +++ b/k8s/istio/kiali/set-kiali-credentials.ps1 @@ -0,0 +1,36 @@ +Param([parameter(Mandatory,HelpMessage="Enter a valid username for Kiali Administration")][string]$username, + [parameter(Mandatory,HelpMessage="Enter your super secret password")][securestring]$password, + [parameter(Mandatory=$false)][string]$NAMESPACE="istio-system" +) + +function Get-PlainText() +{ + [CmdletBinding()] + param + ( + [parameter(Mandatory = $true)] + [securestring]$SecureString + ) + BEGIN { } + PROCESS + { + $bstr = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecureString); + + try + { + return [Runtime.InteropServices.Marshal]::PtrToStringBSTR($bstr); + } + finally + { + [Runtime.InteropServices.Marshal]::FreeBSTR($bstr); + } + } + END { } +} + +$KIALIUSERNAME = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($username)) +$plainpassword = Get-PlainText $password; +$KIALIPASSWORD = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($plainpassword)) + +Write-Host "setting username [$KIALIUSERNAME] and password [$KIALIPASSWORD]" -ForegroundColor Blue +kubectl apply -f secrets.yml \ No newline at end of file