search

ByeongHunKim / Cloudclub-istio-skyline

☁️ Cloud Club's collaborative journey exploring Istio and service mesh technologies 🚀
https://www.cloudclub.kr/
2 stars 0 forks source link

week3 #8

Closed ByeongHunKim closed 1 month ago

ByeongHunKim commented 1 month ago
ByeongHunKim commented 1 month ago

Issue 추천

image

image

  1. istio-system ns

    istio-ingressgateway-9cc99c9db-jlpvl   1/1     Running
istiod-77d7cbcfdb-467hh                1/1     Running

  2. istio-system ns - ingress

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations: 
... 생략
spec:
rules:
- http:
  paths:
  - backend:
      service:
        name: istio-ingressgateway
        port:
          number: 80
    path: /*
    pathType: ImplementationSpecific
- http:
  paths:
  - backend:
      service:
        name: istio-ingressgateway
        port:
          number: 443
    path: /*
    pathType: ImplementationSpecific
status:
loadBalancer:
ingress:
- hostname: eks-cluster-alb-xxxxxxxxxxx

  3. 이때 어떻게 다음 목적지를 찾아서 트래픽이 전달되는가?

ByeongHunKim commented 1 month ago

공유 링크

AWS Summit 2024

70DaysOfServiceMesh

서비스메시마스터책

ByeongHunKim commented 1 month ago

Week3 진행 순서

image

ByeongHunKim commented 1 month ago

Safe Harbor deployment

동작 흐름

image

MR pipeline

image

MR Merge 후 main branch pipeline

image

파이프라인 커스텀 (1차)


review_production:
  extends: .auto-deploy
  stage: review-production
  script:
    - auto-deploy check_kube_domain
    - auto-deploy download_chart
    - auto-deploy use_kube_context || true
    - auto-deploy ensure_namespace
    - |
      if kubectl get namespace ${KUBE_NAMESPACE} -o jsonpath='{.metadata.labels.istio-injection}' | grep -q "enabled"; then
        echo "istio-injection label already exists and is set to enabled. Skipping..."
      else
        echo "Setting istio-injection label..."
        kubectl label namespace "${KUBE_NAMESPACE}" istio-injection=enabled
      fi
    - auto-deploy initialize_tiller
    - auto-deploy create_secret
    - auto-deploy deploy
    - auto-deploy persist_environment_url
  environment:
    name: review-production/$CI_COMMIT_REF_NAME
    url: http://$CI_PROJECT_PATH_SLUG-review-prod.$KUBE_INGRESS_BASE_DOMAIN
    on_stop: stop_review_production
  artifacts:
    paths: [environment_url.txt, tiller.log]
    when: always
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main" && $REVIEW_PRODUCTION_ENABLED == "true" && $PRODUCTION_ADDITIONAL_HOSTS != null'
      when: manual

stop_review_production:
  extends: .auto-deploy
  stage: cleanup
  variables:
    GIT_STRATEGY: none
  script:
    - auto-deploy use_kube_context || true
    - auto-deploy initialize_tiller
    - auto-deploy delete
  environment:
    name: review-production/$CI_COMMIT_REF_NAME
    action: stop
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main" && $REVIEW_PRODUCTION_ENABLED == "true" && $PRODUCTION_ADDITIONAL_HOSTS != null'
      when: manual

route_to_production_only:
  extends: .auto-deploy
  stage: cleanup
  variables:
    GIT_STRATEGY: none
  script:
    - auto-deploy use_kube_context || true
    - |
      cat <<EOF > virtualService.yaml
      apiVersion: networking.istio.io/v1alpha3
      kind: VirtualService
      metadata:
        name: review-prod-virtual-service
        namespace: "${KUBE_NAMESPACE}"
      spec:
        gateways:
        - review-prod-gateway
        hosts:
        - "${PRODUCTION_ADDITIONAL_HOSTS}"
        http:
        - route:
          - destination:
              host: production-auto-deploy
              subset: production
      EOF
    - kubectl apply -f virtualService.yaml
  environment:
    name: review-production/$CI_COMMIT_REF_NAME
    action: stop
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main" && $REVIEW_PRODUCTION_ENABLED == "true" && $PRODUCTION_ADDITIONAL_HOSTS != null'
      when: manual

apply_istio_custom_resources:
  extends: .auto-deploy
  stage: review-production
  image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v2.17.0"
  script:
    - auto-deploy use_kube_context || true
    - |
      echo "Creating Istio Custom Resources"
      echo "${KUBE_CONTEXT}"
    - |
      cat <<EOF > gateway.yaml
      apiVersion: networking.istio.io/v1alpha3
      kind: Gateway
      metadata:
        name: review-prod-gateway
        namespace: "${KUBE_NAMESPACE}"
      spec:
        selector:
          istio: ingressgateway
        servers:
        - port:
            number: 80
            name: http
            protocol: HTTP
          hosts:
          - "${PRODUCTION_ADDITIONAL_HOSTS}"
      EOF
    - |
      cat <<EOF > virtualService.yaml
      apiVersion: networking.istio.io/v1alpha3
      kind: VirtualService
      metadata:
        name: review-prod-virtual-service
        namespace: "${KUBE_NAMESPACE}"
      spec:
        gateways:
        - review-prod-gateway
        hosts:
        - "${PRODUCTION_ADDITIONAL_HOSTS}"
        http:
        - match:
          - headers:
              x-forwarded-for:
                prefix: "${REVIEW_PRODUCTION_ALLOWED_IP}"
          route:
          - destination:
              host: review-production-orddqb-auto-deploy
              subset: review
        - route:
          - destination:
              host: production-auto-deploy
              subset: production
      EOF
    - |
      cat <<EOF > destinationRule.yaml
      apiVersion: networking.istio.io/v1alpha3
      kind: DestinationRule
      metadata:
        name: review-prod-destination-rule
        namespace: "${KUBE_NAMESPACE}"
      spec:
        host: review-production-orddqb-auto-deploy
        subsets:
        - name: review
          labels:
            app.kubernetes.io/name: review-production-orddqb
      ---
      apiVersion: networking.istio.io/v1alpha3
      kind: DestinationRule
      metadata:
        name: production-destination-rule
        namespace: "${KUBE_NAMESPACE}"
      spec:
        host: production-auto-deploy
        subsets:
        - name: production
          labels:
            app.kubernetes.io/name: production
      EOF
    - kubectl apply -f gateway.yaml
    - kubectl apply -f virtualService.yaml
    - kubectl apply -f destinationRule.yaml
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main" && $REVIEW_PRODUCTION_ENABLED == "true" && $PRODUCTION_ADDITIONAL_HOSTS != null'
      when: manual
ByeongHunKim commented 1 month ago

kubectl -n istio-system get configmap istio -o=jsonpath='{.data.mesh}' > mesh-config.yaml

ByeongHunKim commented 1 month ago

kubectl -n istio-system get configmap istio -o=jsonpath='{.data.mesh}' > mesh-config.yaml

@opp-13 저는 이 명령어를 실행했을 때 아래와 같이 나오네요

defaultConfig:
  discoveryAddress: istiod.istio-system.svc:15012
defaultProviders:
  metrics:
  - prometheus
enablePrometheusMerge: true
rootNamespace: istio-system
trustDomain: cluster.loca