Enabling istio on local kubernetes and first pod configuration, needs more work, unstable

José Corral · José Corral · commit abb108e03dd0 · 2019-03-06T16:11:40.000+01:00
diff --git a/k8s/istio/JourneyToIstio.md b/k8s/istio/JourneyToIstio.md
@@ -0,0 +1,73 @@
+# ISTIO on Local
+## Prerequisites on local
+You need the eshopsOnContainers configured on your local, with this  
+in a powershell console, we need to enter in /k8s/istio and execute
+```
+>kubectl get pods
+NAME                                             READY     STATUS             RESTARTS   AGE
+eshop-apigwmm-54ccc6c589-557fn                   0/1       Running            26         3h
+eshop-apigwms-7d5f86cf7c-2j2zp                   0/1       CrashLoopBackOff   30         3h
+eshop-apigwwm-7794b6d879-7j4mt                   0/1       CrashLoopBackOff   39         3h
+eshop-apigwws-8585f6899f-7kkg2                   0/1       Running            11         3h
+eshop-basket-api-8bfc5c5f6-8xxcv                 0/1       Running            41         3h
+eshop-basket-data-66fbc788cc-dmkgb               1/1       Running            0          3h
+eshop-catalog-api-c77747b76-4gp6c                0/1       CrashLoopBackOff   40         3h
+eshop-identity-api-7574f6b458-4rbp6              0/1       CrashLoopBackOff   44         3h
+eshop-keystore-data-5c9c85cb99-s5qz7             1/1       Running            0          3h
+eshop-locations-api-64847646d-5wv52              0/1       CrashLoopBackOff   36         3h
+eshop-marketing-api-745f9546b8-krjqq             0/1       Running            33         3h
+eshop-mobileshoppingagg-7d467f86bd-bw9c7         0/1       Running            22         3h
+eshop-nosql-data-579c9d89f8-x4z2k                1/1       Running            0          3h
+eshop-ordering-api-5c55bd5464-7hnjx              0/1       CrashLoopBackOff   38         3h
+eshop-ordering-backgroundtasks-f6dcb7db4-xq7gr   1/1       Running            22         3h
+eshop-ordering-signalrhub-6664868779-dphxm       1/1       Running            0          3h
+eshop-payment-api-7988db5f76-z76tc               1/1       Running            17         3h
+eshop-rabbitmq-6b68647bc4-qjjrb                  1/1       Running            0          3h
+eshop-sql-data-5c4fdcccf4-2z5dm                  1/1       Running            0          3h
+eshop-webhooks-api-588b58bb66-lmx5c              1/1       Running            0          3h
+eshop-webhooks-web-565c68b59c-dk8hp              1/1       Running            0          3h
+eshop-webmvc-55c596544b-9fqsj                    1/1       Running            0          3h
+eshop-webshoppingagg-f8547f45b-4mjvp             0/1       CrashLoopBackOff   16         3h
+eshop-webspa-84fd54466d-hzrlb                    1/1       Running            0          3h
+eshop-webstatus-775b487d4d-tbfbn                 1/1       Running            0          3h
+```
+
+```ps1
+> ./install-istio-local.ps1
+
+```
+This will install the cli utility and register to the path, you can test this phase launching
+
+```ps1
+> istioctl
+```
+
+Afterthat you can install Istio on your cluster executing
+```ps1
+> ./deploy-istio-helm.ps1
+```
+
+the result should be like:
+```
+NAME                                      READY     STATUS             RESTARTS   AGE
+grafana-774bf8cb47-clqkp                  1/1       Running            0          2h
+istio-citadel-548f4cdd9-dbrbn             1/1       Running            0          2h
+istio-egressgateway-5f77f6c979-8922g      1/1       Running            0          2h
+istio-galley-8f6585898-7c7wq              1/1       Running            0          2h
+istio-ingressgateway-8484579cdb-7tw8n     1/1       Running            0          2h
+istio-pilot-7c5c5778fb-r987v              2/2       Running            0          2h
+istio-policy-7d67d47c65-rdqwj             2/2       Running            15         2h
+istio-sidecar-injector-6fb6845cdd-nnhks   1/1       Running            0          2h
+istio-telemetry-8b9fc7769-pwx5m           2/2       Running            24         2h
+istio-tracing-ff94688bb-xnhnd             1/1       Running            4          2h
+kiali-8644dbcdbc-pb627                    0/1       CrashLoopBackOff   7          2h
+prometheus-f556886b8-mr6wb                1/1       Running            13         2h
+```
+
+Is a common error that kiali-pod have errors, because it needs a credentials for working.
+enter in k8s/istio/kiali and execute:
+```
+> ./set-kiali-credentials.ps1
+```
+this script will prompt for a valid account/password and setups the secret in kubernetes
+(at the moment account/password will be admin/admin we need to modify the yml)
diff --git a/k8s/istio/deploy-istio-helm.ps1 b/k8s/istio/deploy-istio-helm.ps1
@@ -0,0 +1,3 @@
+$ISTIO_VERSION="1.0.6"
+cd istio-$ISTIO_VERSION
+helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set global.controlPlaneSecurityEnabled=true --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true
diff --git a/k8s/istio/install-istio-local.ps1 b/k8s/istio/install-istio-local.ps1
@@ -0,0 +1,16 @@
+# Specify the Istio version that will be leveraged throughout these instructions
+$ISTIO_VERSION="1.0.6"
+
+# Windows
+
+$ProgressPreference = 'SilentlyContinue'; 
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+Invoke-WebRequest -URI "https://github.com/istio/istio/releases/download/$ISTIO_VERSION/istio-$ISTIO_VERSION-win.zip" -OutFile "istio-$ISTIO_VERSION.zip"
+Expand-Archive -Path "istio-$ISTIO_VERSION.zip" -DestinationPath .
+
+cd istio-$ISTIO_VERSION
+New-Item -ItemType Directory -Force -Path "C:\Program Files\Istio"
+mv ./bin/istioctl.exe "C:\Program Files/Istio/"
+$PATH = [environment]::GetEnvironmentVariable("PATH", "User")
+[environment]::SetEnvironmentVariable("PATH", $PATH + "; C:\Program Files\Istio", "User")
+
diff --git a/k8s/istio/kiali/secrets.yml b/k8s/istio/kiali/secrets.yml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kiali
+  namespace: istio-system
+  labels:
+    app: kiali
+type: Opaque
+data:
+  username: YQBkAG0AaQBuAA==
+  passphrase: YQBkAG0AaQBuAA==
diff --git a/k8s/istio/kiali/set-kiali-credentials.ps1 b/k8s/istio/kiali/set-kiali-credentials.ps1
@@ -0,0 +1,36 @@
+Param([parameter(Mandatory,HelpMessage="Enter a valid username for Kiali Administration")][string]$username,
+      [parameter(Mandatory,HelpMessage="Enter your super secret password")][securestring]$password,
+      [parameter(Mandatory=$false)][string]$NAMESPACE="istio-system"
+)
+
+function Get-PlainText()
+{
+	[CmdletBinding()]
+	param
+	(
+		[parameter(Mandatory = $true)]
+		[securestring]$SecureString
+	)
+	BEGIN { }
+	PROCESS
+	{
+		$bstr = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecureString);
+ 
+		try
+		{
+			return [Runtime.InteropServices.Marshal]::PtrToStringBSTR($bstr);
+		}
+		finally
+		{
+			[Runtime.InteropServices.Marshal]::FreeBSTR($bstr);
+		}
+	}
+	END { }
+}
+
+$KIALIUSERNAME = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($username))
+$plainpassword = Get-PlainText $password;
+$KIALIPASSWORD = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($plainpassword))
+
+Write-Host "setting username [$KIALIUSERNAME] and password [$KIALIPASSWORD]" -ForegroundColor Blue
+kubectl apply -f secrets.yml

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+$ISTIO_VERSION="1.0.6"`
	`2`	`+cd istio-$ISTIO_VERSION`
	`3`	`+helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set global.controlPlaneSecurityEnabled=true --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true`