Added support to istio with nginx-ingress

Author: jmanuelcorral

k8s/istio/JourneyToIstio.md

@@ -4,32 +4,32 @@ You need the eshopsOnContainers configured on your local, with this
 in a powershell console, we need to enter in /k8s/istio and execute
 ```
 >kubectl get pods
-NAME                                             READY     STATUS             RESTARTS   AGE
-eshop-apigwmm-54ccc6c589-557fn                   0/1       Running            26         3h
-eshop-apigwms-7d5f86cf7c-2j2zp                   0/1       CrashLoopBackOff   30         3h
-eshop-apigwwm-7794b6d879-7j4mt                   0/1       CrashLoopBackOff   39         3h
-eshop-apigwws-8585f6899f-7kkg2                   0/1       Running            11         3h
-eshop-basket-api-8bfc5c5f6-8xxcv                 0/1       Running            41         3h
-eshop-basket-data-66fbc788cc-dmkgb               1/1       Running            0          3h
-eshop-catalog-api-c77747b76-4gp6c                0/1       CrashLoopBackOff   40         3h
-eshop-identity-api-7574f6b458-4rbp6              0/1       CrashLoopBackOff   44         3h
-eshop-keystore-data-5c9c85cb99-s5qz7             1/1       Running            0          3h
-eshop-locations-api-64847646d-5wv52              0/1       CrashLoopBackOff   36         3h
-eshop-marketing-api-745f9546b8-krjqq             0/1       Running            33         3h
-eshop-mobileshoppingagg-7d467f86bd-bw9c7         0/1       Running            22         3h
-eshop-nosql-data-579c9d89f8-x4z2k                1/1       Running            0          3h
-eshop-ordering-api-5c55bd5464-7hnjx              0/1       CrashLoopBackOff   38         3h
-eshop-ordering-backgroundtasks-f6dcb7db4-xq7gr   1/1       Running            22         3h
-eshop-ordering-signalrhub-6664868779-dphxm       1/1       Running            0          3h
-eshop-payment-api-7988db5f76-z76tc               1/1       Running            17         3h
-eshop-rabbitmq-6b68647bc4-qjjrb                  1/1       Running            0          3h
-eshop-sql-data-5c4fdcccf4-2z5dm                  1/1       Running            0          3h
-eshop-webhooks-api-588b58bb66-lmx5c              1/1       Running            0          3h
-eshop-webhooks-web-565c68b59c-dk8hp              1/1       Running            0          3h
-eshop-webmvc-55c596544b-9fqsj                    1/1       Running            0          3h
-eshop-webshoppingagg-f8547f45b-4mjvp             0/1       CrashLoopBackOff   16         3h
-eshop-webspa-84fd54466d-hzrlb                    1/1       Running            0          3h
-eshop-webstatus-775b487d4d-tbfbn                 1/1       Running            0          3h
+NAME                                             READY     STATUS    RESTARTS   AGE
+eshop-apigwmm-54ccc6c589-557fn                   0/1       Running   31         4h
+eshop-apigwms-7d5f86cf7c-2j2zp                   0/1       Running   32         4h
+eshop-apigwwm-7794b6d879-7j4mt                   0/1       Running   44         4h
+eshop-apigwws-8585f6899f-7kkg2                   0/1       Running   13         4h
+eshop-basket-api-8bfc5c5f6-8xxcv                 1/1       Running   47         4h
+eshop-basket-data-66fbc788cc-dmkgb               1/1       Running   1          4h
+eshop-catalog-api-c77747b76-4gp6c                0/1       Running   48         4h
+eshop-identity-api-7574f6b458-4rbp6              0/1       Running   55         4h
+eshop-keystore-data-5c9c85cb99-s5qz7             1/1       Running   1          4h
+eshop-locations-api-64847646d-5wv52              1/1       Running   42         4h
+eshop-marketing-api-745f9546b8-krjqq             1/1       Running   40         4h
+eshop-mobileshoppingagg-7d467f86bd-bw9c7         0/1       Running   24         4h
+eshop-nosql-data-579c9d89f8-x4z2k                1/1       Running   1          4h
+eshop-ordering-api-5c55bd5464-7hnjx              0/1       Running   46         4h
+eshop-ordering-backgroundtasks-f6dcb7db4-xq7gr   0/1       Running   24         4h
+eshop-ordering-signalrhub-6664868779-dphxm       1/1       Running   1          4h
+eshop-payment-api-7988db5f76-z76tc               0/1       Running   19         4h
+eshop-rabbitmq-6b68647bc4-qjjrb                  1/1       Running   1          4h
+eshop-sql-data-5c4fdcccf4-2z5dm                  1/1       Running   1          4h
+eshop-webhooks-api-588b58bb66-lmx5c              1/1       Running   2          4h
+eshop-webhooks-web-565c68b59c-dk8hp              1/1       Running   1          4h
+eshop-webmvc-55c596544b-9fqsj                    1/1       Running   2          4h
+eshop-webshoppingagg-f8547f45b-4mjvp             0/1       Running   21         4h
+eshop-webspa-84fd54466d-hzrlb                    1/1       Running   2          4h
+eshop-webstatus-775b487d4d-tbfbn                 1/1       Running   1          4h
 ```
 
 ```ps1
@@ -71,3 +71,15 @@ enter in k8s/istio/kiali and execute:
 ```
 this script will prompt for a valid account/password and setups the secret in kubernetes
 (at the moment account/password will be admin/admin we need to modify the yml)
+
+After enter in /k8s/istio/nginx-ingress that execute, we need to apply the istio integration with nginx-ingress for service-upstream.
+
+```
+> ./update-nginx-ingress.ps1
+```
+
+And After that, we only need to activate the sidecar injection in the default namespace for the eshops deployments, for doing that you must go the folder /k8s/istio
+and run:
+```
+> ./apply-injection.ps1
+````

k8s/istio/apply-injection.ps1

@@ -0,0 +1,2 @@
+kubectl label namespace default istio-injection=enabled
+kubectl get namespace -L istio-injection

k8s/istio/delete-istio.ps1

@@ -0,0 +1,2 @@
+helm delete --purge istio
+kubectl delete -f install/kubernetes/helm/istio/templates/crds.yaml -n istio-system

k8s/istio/deploy-istio-helm.ps1

@@ -1,3 +1,4 @@
 $ISTIO_VERSION="1.0.6"
 cd istio-$ISTIO_VERSION
-helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set global.controlPlaneSecurityEnabled=true --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true
+helm install install/kubernetes/helm/istio --wait --name istio --namespace istio-system --set global.controlPlaneSecurityEnabled=true --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true --set ingress.enabled=false --set gateways.istio-ingressgateway.enabled=false
+cd ..

k8s/istio/kiali/secrets.yml

@@ -7,5 +7,5 @@ metadata:
     app: kiali
 type: Opaque
 data:
-  username: YQBkAG0AaQBuAA==
-  passphrase: YQBkAG0AaQBuAA==
+  username: YWRtaW4=
+  passphrase: MWYyZDFlMmU2N2Rm

k8s/istio/kiali/set-kiali-credentials.ps1

@@ -32,5 +32,5 @@ $KIALIUSERNAME = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($us
 $plainpassword = Get-PlainText $password;
 $KIALIPASSWORD = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($plainpassword))
 
-Write-Host "setting username [$KIALIUSERNAME] and password [$KIALIPASSWORD]" -ForegroundColor Blue
-kubectl apply -f secrets.yml
+Write-Host "Creating Kiali Secret in namespace [$NAMESPACE]" -ForegroundColor Blue
+kubectl -n $NAMESPACE create secret generic kiali --from-literal=username=$KIALIUSERNAME --from-literal=passphrase=$KIALIPASSWORD

k8s/istio/nginx-ingress/cloud-generic.yaml

@@ -0,0 +1,21 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: ingress-nginx
+  namespace: ingress-nginx
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+spec:
+  externalTrafficPolicy: Local
+  type: LoadBalancer
+  selector:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+    - name: https
+      port: 443
+      targetPort: https

k8s/istio/nginx-ingress/cm.yaml

@@ -0,0 +1,3 @@
+data:
+  mvc_e: http://10.0.75.1/webmvc
+  

k8s/istio/nginx-ingress/local-dockerk8s/identityapi-cm-fix.yaml

@@ -0,0 +1,3 @@
+data:
+  urls__IdentityUrl: http://10.0.75.1/identity
+  urls__mvc: http://10.0.75.1/webmvc