Closed danistrebel closed 1 year ago
For the istio webhook error, isn't allowing port 15017 from master to worker nodes is part of the istio setup in the cluster. This validation call is not unique to apigee-envoy setup (I guess).
So should we include in the requirements section about private cluster and the need for the master pool to worker pool port opening for 15017? Instead of we automating the port openings between the nodes.
Thoughts.
Agreed with the Istio port 15017 comment. Fine with me.
Really nice tool @ganadurai. Some observations and suggestions from a recent install:
https://github.com/apigee/devrel/tree/main/tools/apigee-envoy-quickstart#envoy-with-apigee-adapter-as-containers-within-kubernetes-platform Instead of "3. Download the Apigee Envoy PoC Toolkit binary." Can we assume people already have the DevRel repo cloned or at least make it optional i.e. not have aekitctl depend on a path outside of the solution folder?
Better error handling: If the folders in https://github.com/apigee/devrel/blob/main/tools/apigee-envoy-quickstart/aekitctl.sh#L60 already exist. Would a
-p
work here?Hint in the README that the APIGEE_REMOTE_SRVC_CLI_VERSION version shouldn't contain the
v
-Prefix (the version tag in GH includes it so I naturally did when I set the variable) or provide an example.(Maybe this is an edge case but a good start for a troubleshooting section).
Error Message:
Solution: If you're using a private cluster you have to allow ingress for the istio health check port 15017 ingress for the k8s Master to the worker nodes.
Final Output
kubectl --context="gke_strebel-pr-gana_us-central1-c_cluster-1" -n "apigee" run -it --rm --image=curlimages/curl --restart=Never curl --overrides='{"apiVersion":"v1", "metadata":{"annotations": { "sidecar.istio.io/inject":"false" } } }' -- curl -i httpbin.apigee.svc.cluster.local/headers -H 'x-api-key: KEY'
Try with and without sending the x-api-key header: this proves the httpbin service is intercepted by the Envoy sidecar which has the Envoy filter configured to connect to Apigee adapter running as container that executes the key verification with the Apigee runtime If you don't see a command prompt, try pressing enter. Error attaching, falling back to logs: unable to upgrade connection: container curl not found in pod curlapigee HTTP/1.1 200 OK Validation of the apigee envoy quickstart engine successfuladmin@cloudshell