Add istio exa,ple

nvtienanh · Aug 31, 2021 · 5d39fbc · 5d39fbc
1 parent ef15853
commit 5d39fbc
Show file tree

Hide file tree

Showing 5 changed files with 183 additions and 4 deletions.
diff --git a/k8s/istio/README.md b/k8s/istio/README.md
@@ -8,9 +8,13 @@ Remove-Item 'C:\istio.zip'
 # Add to PATH
 ```powershell 
 $oldPath = (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).Path
-$newPath = "$oldPath;C:\istio-1.11.1\bin"    
+$newPath = "$oldPath;C:\istio-1.11.1\bin"  
 Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH -Value $newPath
 $env:Path = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path", "User")
+
+istioctl install --set profile=demo -y
+kubectl label namespace default istio-injection=enabled
+kubectl get svc istio-ingressgateway -n istio-system
 ```
 
 # Determining the ingress IP and ports
@@ -34,5 +38,26 @@ kubectl apply -f https://raw.githubusercontent.com/nvtienanh/hyperv-k8s/main/k8s
 # NetNatStaticMapping
 
 ```powershell
-Add-NetNatStaticMapping -ExternalIPAddress "0.0.0.0/24" -ExternalPort 30002 -Protocol TCP -InternalIPAddress "10.10.0.10" -InternalPort 32493,32494,32495,32496 -NatName KubeNatNet
-```
+Add-NetNatStaticMapping -ExternalIPAddress "0.0.0.0/24" -ExternalPort 32493 -Protocol TCP -InternalIPAddress "10.10.0.10" -InternalPort 32493 -NatName KubeNatNet
+Add-NetNatStaticMapping -ExternalIPAddress "0.0.0.0/24" -ExternalPort 32494 -Protocol TCP -InternalIPAddress "10.10.0.10" -InternalPort 32494 -NatName KubeNatNet
+Add-NetNatStaticMapping -ExternalIPAddress "0.0.0.0/24" -ExternalPort 32495 -Protocol TCP -InternalIPAddress "10.10.0.10" -InternalPort 32495 -NatName KubeNatNet
+Add-NetNatStaticMapping -ExternalIPAddress "0.0.0.0/24" -ExternalPort 32496 -Protocol TCP -InternalIPAddress "10.10.0.10" -InternalPort 32496 -NatName KubeNatNet
+Add-NetNatStaticMapping -ExternalIPAddress "0.0.0.0/24" -ExternalPort 80 -Protocol TCP -InternalIPAddress "10.10.0.200" -InternalPort 80 -NatName KubeNatNet
+```
+
+# Enable Firewall
+
+```powershell
+New-NetFirewallRule -DisplayName "Allow HTTP and HTTPs over Nginx" -Group "NGINX Reverse Proxy" -Direction Inbound -Action Allow -EdgeTraversalPolicy Allow -Protocol TCP -LocalPort 80,443 -Program "C:\nginx\nginx.exe"
+Remove-NetFirewallRule -DisplayName "Allow HTTP and HTTPs over Nginx"
+```
+
+# Traffic Splitting Example
+
+```powershell
+kubectl create namespace example
+kubectl label namespace example istio-injection=enabled --overwrite
+kubectl -n example apply -f https://raw.githubusercontent.com/nvtienanh/hyperv-k8s/main/k8s/istio/example/apple.yaml
+kubectl -n example apply -f https://raw.githubusercontent.com/nvtienanh/hyperv-k8s/main/k8s/istio/example/banana.yaml
+kubectl -n example apply -f https://raw.githubusercontent.com/nvtienanh/hyperv-k8s/main/k8s/istio/example/istio.yaml
+```
diff --git a/k8s/istio/example/apple.yaml b/k8s/istio/example/apple.yaml
@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: apple-app
+  labels:
+    app: fruit
+    name: apple
+spec:
+  selector:
+    matchLabels:
+      app: fruit
+      name: apple
+  template:
+    metadata:
+      labels:
+        app: fruit
+        name: apple
+    spec:
+      containers:
+        - name: apple-app
+          image: hashicorp/http-echo
+          args:
+            - "-text=apple"
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 5678
+
diff --git a/k8s/istio/example/banana.yaml b/k8s/istio/example/banana.yaml
@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: banana-app
+  labels:
+    app: fruit
+    name: banana
+spec:
+  selector:
+    matchLabels:
+      app: fruit
+      name: banana
+  template:
+    metadata:
+      labels:
+        app: fruit
+        name: banana
+    spec:
+      containers:
+        - name: banana-app
+          image: hashicorp/http-echo
+          args:
+            - "-text=banana"
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 5678
+
diff --git a/k8s/istio/example/istio.yaml b/k8s/istio/example/istio.yaml
@@ -0,0 +1,98 @@
+--- # ---
+# apiVersion: networking.istio.io/v1alpha3
+# kind: Gateway
+# metadata:
+#   name: apple-gateway
+# spec:
+#   selector:
+#     istio: ingressgateway # use Istio default gateway implementation
+#   servers:
+#     - port:
+#         number: 80
+#         name: http
+#         protocol: HTTP
+#       hosts:
+#         - "apple.adtsolutions.com.vn"
+# ---
+# apiVersion: networking.istio.io/v1alpha3
+# kind: VirtualService
+# metadata:
+#   name: apple-app
+# spec:
+#   hosts:
+#     - "apple.adtsolutions.com.vn"
+#   gateways:
+#     - apple-gateway
+#   http:
+#     - match:
+#         - uri:
+#             prefix: /
+#       route:
+#         - destination:
+#             port:
+#               number: 5678
+#             host: apple-service
+
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: fruit-gateway
+spec:
+  selector:
+    istio: ingressgateway # use istio default controller
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "fruits.adtsolutions.com.vn"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: fruit-service
+  labels:
+    app: fruit
+spec:
+  ports:
+    - port: 5678
+  selector:
+    app: fruit
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: fruit-rule
+spec:
+  host: fruit-service
+  subsets:
+    - name: fruit-apple
+      labels:
+        name: apple
+    - name: fruit-banana
+      labels:
+        name: banana
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: fruit-virtualservice
+spec:
+  hosts:
+    - "fruits.adtsolutions.com.vn"
+  gateways:
+    - fruit-gateway
+  http:
+    - match:
+        - uri:
+            prefix: /
+      route:
+        - destination:
+            host: fruit-service #Name of the service
+            subset: fruit-apple
+          weight: 50
+        - destination:
+            host: fruit-service #Name of the service
+            subset: fruit-banana
+          weight: 50
diff --git a/k8s/kubernetes-dashboard/README.md b/k8s/kubernetes-dashboard/README.md
@@ -19,5 +19,7 @@ Add-NetNatStaticMapping -ExternalIPAddress "0.0.0.0/24" -ExternalPort 30002 -Pro
 # Get token to access dashboard
 
 ```powershell
-kubectl -n kubernetes-dashboard describe secret ((kubectl -n kubernetes-dashboard get secret | Select-String admin-user ) -split" ")[0]
+$account = ((kubectl -n kubernetes-dashboard get secret -o json | ConvertFrom-Json).items.metadata | where {
+ $_.annotations.'kubernetes.io/service-account.name' -eq "admin-user" }).name
+kubectl -n kubernetes-dashboard describe secret $account
 ```