vbatts/microservices-demo
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Added runbook and updated makefile

Browse source
This commit is contained in:
Tony Hallworth 2020-03-19 08:54:20 +11:00
parent 7a251df629
commit 308014711f
7 changed files with 287 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

32
Makefile
View file

@ -13,6 +13,16 @@ ZONE=australia-southeast1-a
ISTIO_VERSION=1.5.0 ISTIO_VERSION=1.5.0
a: help a: help
all: all.cluster all.istio default.app
all.cluster: cluster.create get.creds
all.istio: ns.create.istio-system istio.init crd.wait ns.istio.enabled istio.template istio.deploy
default.app: crd.wait skaffold.run.gcp.istio hipster.istio.rules
crd.wait:
@kubectl -n istio-system wait --for=condition=complete job --all
## Use Istio Version 1.5.0 ## Use Istio Version 1.5.0
istio150: istio150:
@ -25,7 +35,7 @@ istio135:
## Create GKE Cluster with istio enabled ## Create GKE Cluster with istio enabled
cluster.create.istio: cluster.create.istio:
@gcloud container clusters create ${CLUSTER_NAME} --enable-autoupgrade \ @gcloud container clusters create ${CLUSTER_NAME} --enable-autoupgrade \
--enable-autoscaling --min-nodes=1 --max-nodes=10 --num-nodes=4 --zone=${ZONE} \ --enable-autoscaling --min-nodes=1 --max-nodes=10 --num-nodes=6 --zone=${ZONE} \
--addons=Istio --istio-config=auth=MTLS_PERMISSIVE \ --addons=Istio --istio-config=auth=MTLS_PERMISSIVE \
--machine-type=n1-standard-2 --machine-type=n1-standard-2
@ -43,7 +53,7 @@ cluster.resize:
## Create GKE Cluster ## Create GKE Cluster
cluster.create: cluster.create:
@gcloud container clusters create ${CLUSTER_NAME} --enable-autoupgrade \ @gcloud container clusters create ${CLUSTER_NAME} --enable-autoupgrade \
--enable-autoscaling --min-nodes=1 --max-nodes=10 --num-nodes=4 --zone=${ZONE} \ --enable-autoscaling --min-nodes=1 --max-nodes=10 --num-nodes=6 --zone=${ZONE} \
--machine-type=n1-standard-2 --machine-type=n1-standard-2
## Get Cluster Creds ## Get Cluster Creds
@ -67,9 +77,6 @@ ns.istio.disabled:
istio.init: istio.init:
@helm template istio-${ISTIO_VERSION}/install/kubernetes/helm/istio-init --name istio-init --namespace istio-system | kubectl apply -f - @helm template istio-${ISTIO_VERSION}/install/kubernetes/helm/istio-init --name istio-init --namespace istio-system | kubectl apply -f -
istio.init.delete:
@helm template istio-${ISTIO_VERSION}/install/kubernetes/helm/istio-init --name istio-init --namespace istio-system | kubectl delete -f -
## Generate Istio Template ## Generate Istio Template
istio.template: istio.template:
@ -77,9 +84,13 @@ istio.template:
--values istio-${ISTIO_VERSION}/install/kubernetes/helm/istio/values-istio-demo.yaml > istio-manifests/istio-demo.yaml --values istio-${ISTIO_VERSION}/install/kubernetes/helm/istio/values-istio-demo.yaml > istio-manifests/istio-demo.yaml
## Deploy Istio Config ## Deploy Istio Config
istio.deploy: istio.template istio.deploy:
@kubectl apply -f istio-manifests/istio-demo.yaml @kubectl apply -f istio-manifests/istio-demo.yaml
## Check if prometheus-stackdriver-sidecar has been deployed
prom.sidecar.exist:
@kubectl -n istio-system get deployment prometheus -o=go-template='{{$output := "stackdriver-prometheus-sidecar does not exists."}}{{range .spec.template.spec.containers}}{{if eq .name "sidecar"}}{{$output = (print "stackdriver-prometheus-sidecar exists. Image: " .image)}}{{end}}{{end}}{{printf $output}}{{"\n"}}'
## Delete Istio Config ## Delete Istio Config
istio.delete: istio.delete:
@kubectl delete -f istio-manifests/istio-demo.yaml @kubectl delete -f istio-manifests/istio-demo.yaml
@ -122,6 +133,15 @@ skaffold.build.gcp:
cluster.delete: cluster.delete:
@gcloud container clusters delete ${CLUSTER_NAME} --zone ${ZONE} @gcloud container clusters delete ${CLUSTER_NAME} --zone ${ZONE}
## Application Istio Rules
hipster.istio.rules:
@kubectl apply -f istio-manifests/frontend.yaml
@kubectl apply -f istio-manifests/frontend-gateway.yaml
@kubectl apply -f istio-manifests/whitelist-egress-googleapis.yaml
istio.init.delete:
@helm template istio-${ISTIO_VERSION}/install/kubernetes/helm/istio-init --name istio-init --namespace istio-system | kubectl delete -f -
help: help:
@echo '' @echo ''
@echo 'Usage:' @echo 'Usage:'

12
README.md
View file

@ -289,3 +289,15 @@ resources.
--- ---
This is not an official Google project. This is not an official Google project.
============
### Tony's notes
## ref links
[Cloud Monitoring metric export](https://cloud.google.com/solutions/stackdriver-monitoring-metric-export)
[External metrics list](https://cloud.google.com/monitoring/api/metrics_other)
[Metirc descriptors list](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors/list)

2
istio-1.3.5/install/kubernetes/helm/istio/values-istio-demo.yaml
View file

@ -21,7 +21,7 @@ sidecarInjectorWebhook:
pilot: pilot:
autoscaleEnabled: false autoscaleEnabled: false
traceSampling: 100.0 traceSampling: 10.0
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

117
istio-manifests/istio-demo-prom-sidecar.yaml Normal file
View file

@ -0,0 +1,117 @@
---
# Source: istio/charts/prometheus/templates/deployment.yaml
# TODO: the original template has service account, roles, etc
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus
namespace: istio-system
labels:
app: prometheus
chart: prometheus
heritage: Tiller
release: istio
spec:
replicas: 1
selector:
matchLabels:
app: prometheus
template:
metadata:
labels:
app: prometheus
chart: prometheus
heritage: Tiller
release: istio
annotations:
sidecar.istio.io/inject: "false"
spec:
serviceAccountName: prometheus
containers:
- name: sidecar
image: gcr.io/stackdriver-prometheus/stackdriver-prometheus-sidecar:0.7.3
args:
- "--stackdriver.project-id=tonyh-gke-o11y-anz-openbanking"
- "--prometheus.wal-directory=/data/wal"
- "--prometheus.api-address=http://127.0.0.1:9090"
- "--stackdriver.kubernetes.location=australia-southeast1"
- "--stackdriver.kubernetes.cluster-name=o11y-ob"
ports:
- name: sidecar
containerPort: 9091
volumeMounts:
- name: data-volume
mountPath: /data
- name: prometheus
image: "docker.io/prom/prometheus:v2.12.0"
imagePullPolicy: IfNotPresent
args:
- '--storage.tsdb.retention=6h'
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/data'
ports:
- containerPort: 9090
name: http
livenessProbe:
httpGet:
path: /-/healthy
port: 9090
readinessProbe:
httpGet:
path: /-/ready
port: 9090
resources:
requests:
cpu: 10m
volumeMounts:
- name: data-volume
mountPath: /data
- name: config-volume
mountPath: /etc/prometheus
- mountPath: /etc/istio-certs
name: istio-certs
volumes:
- name: data-volume
emptyDir: {}
- name: config-volume
configMap:
name: prometheus
- name: istio-certs
secret:
defaultMode: 420
secretName: istio.default
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- "amd64"
- "ppc64le"
- "s390x"
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 2
preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- "amd64"
- weight: 2
preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- "ppc64le"
- weight: 2
preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- "s390x"

23
istio-manifests/istio-demo.yaml
View file

@ -15138,7 +15138,7 @@ data:
accessLogFormat: "" accessLogFormat: ""
# Set accessLogEncoding to JSON or TEXT to configure sidecar access log # Set accessLogEncoding to JSON or TEXT to configure sidecar access log
accessLogEncoding: 'JSON' accessLogEncoding: 'TEXT'
enableEnvoyAccessLogService: false enableEnvoyAccessLogService: false
mixerCheckServer: istio-policy.istio-system.svc.cluster.local:9091 mixerCheckServer: istio-policy.istio-system.svc.cluster.local:9091
@ -18239,7 +18239,7 @@ spec:
- name: PILOT_PUSH_THROTTLE - name: PILOT_PUSH_THROTTLE
value: "100" value: "100"
- name: PILOT_TRACE_SAMPLING - name: PILOT_TRACE_SAMPLING
value: "10" value: "100"
- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND
value: "true" value: "true"
- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND
@ -18376,27 +18376,12 @@ spec:
spec: spec:
serviceAccountName: prometheus serviceAccountName: prometheus
containers: containers:
- name: sidecar
image: gcr.io/stackdriver-prometheus/stackdriver-prometheus-sidecar:0.7.3
args:
- "--stackdriver.project-id=tonyh-gke-o11y-anz-openbanking"
- "--prometheus.wal-directory=/data/wal"
- "--prometheus.api-address=http://127.0.0.1:9090"
- "--stackdriver.kubernetes.location=australia-southeast1"
- "--stackdriver.kubernetes.cluster-name=o11y-ob"
ports:
- name: sidecar
containerPort: 9091
volumeMounts:
- name: data-volume
mountPath: /data
- name: prometheus - name: prometheus
image: "docker.io/prom/prometheus:v2.12.0" image: "docker.io/prom/prometheus:v2.12.0"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
args: args:
- '--storage.tsdb.retention=6h' - '--storage.tsdb.retention=6h'
- '--config.file=/etc/prometheus/prometheus.yml' - '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/data'
ports: ports:
- containerPort: 9090 - containerPort: 9090
name: http name: http
@ -18413,15 +18398,11 @@ spec:
cpu: 10m cpu: 10m
volumeMounts: volumeMounts:
- name: data-volume
mountPath: /data
- name: config-volume - name: config-volume
mountPath: /etc/prometheus mountPath: /etc/prometheus
- mountPath: /etc/istio-certs - mountPath: /etc/istio-certs
name: istio-certs name: istio-certs
volumes: volumes:
- name: data-volume
emptyDir: {}
- name: config-volume - name: config-volume
configMap: configMap:
name: prometheus name: prometheus

49
runbook.md Normal file
View file

@ -0,0 +1,49 @@
# Runbook get demo up and running
1. Update Variables in Makefile
## GKE Cluster
2. Create a cluster that isn't using Istio enabled.
`make cluster.create`
> Takes a few minutes
3. Get Cluster creds and set kubeconfig
`make get.creds`
4. Confirm connection to the cluster
`kubectl get nodes`
### Istio Setup
5. Create istio-system namespace
`make ns.create.istio-system`
6. Initliase Istio
`make istio.init`
7. Enable istio sidecar injection to default namesapce
`make ns.istio.enabled`
8. Create Istio template (if no istio-demo.yaml)
`make istio.template`
9. Deploy Istio
`make istio.deploy`
> Wait for containers for istio to be deployed.
`kubectl get pods -n istio-system`
## Application
10. Deploy Istio configured app with tracing turned on
`make skaffold.run.gcp.istio`

2
skaffold.yaml
View file

@ -86,3 +86,5 @@ profiles:
kubectl: kubectl:
manifests: manifests:
- ./kubernetes-manifests-tracing/**.yaml - ./kubernetes-manifests-tracing/**.yaml
- ./istio-manifests/frontend**.yaml
- ./istio-manifests/whitelist-egress-googleapis.yaml