diff --git a/content-learn/mastering-meshery-istio/advance-concepts-of-service-mesh/index.mdx b/content-learn/mastering-meshery-istio/advance-concepts-of-service-mesh/index.mdx index c951b0c25dc4..cf8622d805d9 100644 --- a/content-learn/mastering-meshery-istio/advance-concepts-of-service-mesh/index.mdx +++ b/content-learn/mastering-meshery-istio/advance-concepts-of-service-mesh/index.mdx @@ -31,6 +31,8 @@ meshesYouLearn: toc: [ 'getting-started', + 'expose-services', + ] --- diff --git a/content-learn/mastering-meshery-istio/advance-concepts-of-service-mesh/istio/expose-services.mdx b/content-learn/mastering-meshery-istio/advance-concepts-of-service-mesh/istio/expose-services.mdx new file mode 100644 index 000000000000..6fa2727d5f7e --- /dev/null +++ b/content-learn/mastering-meshery-istio/advance-concepts-of-service-mesh/istio/expose-services.mdx @@ -0,0 +1,252 @@ +--- +docType: "Chapter" +chapterTitle: "Exposing services through Istio Ingress Gateway" +description: "Meshery is the service mesh management plane which offers lifecycle, configuration, and performance management of service meshes and their workloads." +videos: 4 +lectures: 12 +--- + +import { ChapterStyle } from "../../../../src/components/Learn-Components/Chapters-Style/chapters.style.js"; + + +The components deployed on the service mesh by default are not exposed outside the cluster. An Ingress Gateway is deployed as a Kubernetes service of type LoadBalancer (or NodePort). To make Bookinfo accessible external to the cluster, you have to create an `Istio Gateway` for the Bookinfo application and also define an `Istio VirtualService` with the routes we need. + +
+
+ +

Inspecting the Istio Ingress Gateway

+ +
+The ingress gateway gets exposed as a normal Kubernetes service of type LoadBalancer +(or NodePort): + +```sh +kubectl get svc istio-ingressgateway -n istio-system -o yaml +``` + +Because the Istio Ingress Gateway is an Envoy Proxy you can inspect it using the admin routes. First find the name of the istio-ingressgateway: + +```sh +kubectl get pods -n istio-system +``` + +Copy and paste your ingress gateway's pod name. Execute: + +```sh +kubectl -n istio-system exec -it bash +``` + +You can view the statistics, listeners, routes, clusters and server info for the Envoy proxy by forwarding the local port: + +```sh +curl localhost:15000/help +curl localhost:15000/stats +curl localhost:15000/listeners +curl localhost:15000/clusters +curl localhost:15000/server_info +``` + +See the [admin docs](https://www.envoyproxy.io/docs/envoy/latest/operations/admin) for more details. + +Also it can be helpful to look at the log files of the Istio ingress controller to see what request is being routed. + +Before we check the logs, let us get out of the container back on the host: + +```sh +exit +``` + +Now let us find the ingress pod and output the log: + +```sh +kubectl logs istio-ingressgateway-... -n istio-system +``` + +

View Istio Ingress Gateway for Bookinfo

+
+ +

View the Gateway and VirtualServices

+ +Check the created `Istio Gateway` and `Istio VirtualService` to see the changes deployed: + +```sh +kubectl get gateway +kubectl get gateway -o yaml + +kubectl get virtualservices +kubectl get virtualservices -o yaml +``` + +

+ Find the external port of the Istio Ingress Gateway by running: +

+ +```sh +kubectl get service istio-ingressgateway -n istio-system -o wide +``` + +To just get the first port of istio-ingressgateway service, we can run this: + +```sh +kubectl get service istio-ingressgateway -n istio-system --template='{{(index .spec.ports 1).nodePort}}' +``` + +

Create a DNS entry:

+ +Modify your local `/etc/hosts` file to add an entry for your sample application. + +`127.0.0.1. bookinfo.meshery.io` + +The HTTP port is usually 31380. + +Or run these commands to retrieve the full URL: + +```sh +echo "http://$(kubectl get nodes --selector=kubernetes.io/role!=master -o jsonpath={.items[0].status.addresses[?\(@.type==\"InternalIP\"\)].address}):$(kubectl get svc istio-ingressgateway -n istio-system -o jsonpath='{.spec.ports[1].nodePort}')/productpage" +``` + +Docker Desktop users please use `http://localhost/productpage` to access product page in your browser. + +

Apply default destination rules

+ +Before we start playing with Istio's traffic management capabilities we need to define the available versions of the deployed services. They are called subsets, in destination rules. + +Using Meshery, navigate to the Custom yaml page, and apply the below to create the subsets for BookInfo: + +```sh +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: productpage +spec: + host: productpage + subsets: + - name: v1 + labels: + version: v1 +--- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: reviews +spec: + host: reviews + subsets: + - name: v1 + labels: + version: v1 + - name: v2 + labels: + version: v2 + - name: v3 + labels: + version: v3 +--- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: ratings +spec: + host: ratings + subsets: + - name: v1 + labels: + version: v1 + - name: v2 + labels: + version: v2 + - name: v2-mysql + labels: + version: v2-mysql + - name: v2-mysql-vm + labels: + version: v2-mysql-vm +--- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: details +spec: + host: details + subsets: + - name: v1 + labels: + version: v1 + - name: v2 + labels: + version: v2 +``` + +This creates destination rules for each of the BookInfo services and defines version subsets + +In a few seconds we should be able to verify the destination rules created by using the command below: + +```sh +kubectl get destinationrules + + +kubectl get destinationrules -o yaml +``` + +

Browse to BookInfo

+ +Browse to the website of the Bookinfo. To view the product page, you will have to append +`/productpage` to the url. + +

Reload Page

+ +Now, reload the page multiple times and notice how it round robins between v1, v2 and v3 of the reviews service. + +

+ Inspect the Istio proxy of the productpage pod +

+ +To better understand the istio proxy, let's inspect the details. Let us `exec` into the productpage pod to find the proxy details. To do so we need to first find the full pod name and then `exec` into the istio-proxy container: + +```sh +kubectl get pods +kubectl exec -it productpage-v1-... -c istio-proxy sh +``` + +Once in the container look at some of the envoy proxy details by inspecting it's config file: + +```sh +ps aux +ls -l /etc/istio/proxy +cat /etc/istio/proxy/envoy-rev0.json +``` + +For more details on envoy proxy please check out their [admin docs](https://www.envoyproxy.io/docs/envoy/v1.5.0/operations/admin). + +As a last step, lets exit the container: + +```sh +exit +``` + +
+

Alternative: Manual installation

+Follow this if the above steps did not work for you + +
+
+ +

Default destination rules

+ +Run the following command to create default destination rules for the Bookinfo services: + +```sh +kubectl apply -f samples/bookinfo/networking/destination-rule-all-mtls.yaml +``` + +

+ Configure the Bookinfo route with the Istio Ingress gateway +

+ +We can create a virtualservice & gateway for bookinfo app in the ingress gateway by running the following: + +```sh +kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml +``` + + diff --git a/content-learn/mastering-meshery-istio/advance-concepts-of-service-mesh/istio/getting-started.mdx b/content-learn/mastering-meshery-istio/advance-concepts-of-service-mesh/istio/getting-started.mdx index 4d3901bb6a9b..185a60ac6bfd 100644 --- a/content-learn/mastering-meshery-istio/advance-concepts-of-service-mesh/istio/getting-started.mdx +++ b/content-learn/mastering-meshery-istio/advance-concepts-of-service-mesh/istio/getting-started.mdx @@ -1,7 +1,7 @@ --- docType: "Chapter" chapterTitle: "Getting Started" -description: "Meshery is the service mesh managemen plane which offers lifecycle, configuration, and performance management of service meshes and their workloads." +description: "Meshery is the service mesh management plane which offers lifecycle, configuration, and performance management of service meshes and their workloads." videos: 4 lectures: 12 --- diff --git a/package-lock.json b/package-lock.json index 067b61cac219..02549d94bee9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -103,7 +103,6 @@ "integrity": "sha512-zmEFV8WBRsW+mPQumO1/4b34QNALBVReaiHJOkxhUsdo/AvYM62c+SKSuLi2aZ42t3ocK6OI0uwUXRvrIbREZw==", "dev": true, "dependencies": { - "@nicolo-ribaudo/chokidar-2": "2.1.8-no-fsevents", "chokidar": "^3.4.0", "commander": "^4.0.1", "convert-source-map": "^1.1.0", @@ -5191,7 +5190,6 @@ "dependencies": { "anymatch": "~3.1.1", "braces": "~3.0.2", - "fsevents": "~2.3.1", "glob-parent": "~5.1.0", "is-binary-path": "~2.1.0", "is-glob": "~4.0.1", @@ -6176,7 +6174,6 @@ "dependencies": { "anymatch": "^1.3.0", "async-each": "^1.0.0", - "fsevents": "^1.0.0", "glob-parent": "^2.0.0", "inherits": "^2.0.1", "is-binary-path": "^1.0.0", @@ -9427,7 +9424,6 @@ "resolved": "https://registry.npmjs.org/extract-zip/-/extract-zip-2.0.1.tgz", "integrity": "sha512-GDhU9ntwuKyGXdZBUgTIe+vXnWj0fppUEtMDL0+idd5Sta8TGpHssn/eusA9mrPr9qNDym6SxAYZjNvCn/9RBg==", "dependencies": { - "@types/yauzl": "^2.9.1", "debug": "^4.1.1", "get-stream": "^5.1.0", "yauzl": "^2.10.0" @@ -25621,7 +25617,6 @@ "anymatch": "^2.0.0", "async-each": "^1.0.1", "braces": "^2.3.2", - "fsevents": "^1.2.7", "glob-parent": "^3.1.0", "inherits": "^2.0.3", "is-binary-path": "^1.0.0", @@ -48844,4 +48839,4 @@ "integrity": "sha512-V50KMwwzqJV0NpZIZFwfOD5/lyny3WlSzRiXgA0G7VUnRlqttta1L6UQIHzd6EuBY/cHGfwTIck7w1yH6Q5zUw==" } } -} \ No newline at end of file +}