From 2e338d2a527b38f73bffd2314efc5b6e95c984c5 Mon Sep 17 00:00:00 2001 From: asubedy Date: Thu, 6 Jul 2023 16:47:40 +0545 Subject: [PATCH 1/9] added istioCrypto Deoploy Script Signed-off-by: asubedy --- .github/workflows/scripts/istioCrypto.sh | 71 ++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 .github/workflows/scripts/istioCrypto.sh diff --git a/.github/workflows/scripts/istioCrypto.sh b/.github/workflows/scripts/istioCrypto.sh new file mode 100644 index 0000000..fb4c208 --- /dev/null +++ b/.github/workflows/scripts/istioCrypto.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash + + +# Istio, crypto deployment + +export MESH_NAME='Istio' +export SERVICE_MESH='ISTIO' + +# Check if mesheryctl is present, else install it +if ! [ -x "$(command -v mesheryctl)" ]; then + echo 'mesheryctl is not installed. Installing mesheryctl client... Standby... (Starting Meshery as well...)' >&2 + curl -L https://meshery.io/install | ADAPTERS=istio PLATFORM=kubernetes bash - +fi + +sleep 200 +kubectl get pods -n meshery + +echo "Meshery has been installed." +# mesheryctl system login --provider None + +# mesheryctl mesh deploy istio --watch + +sleep 200 + +kubectl get all -n istio-system + +# so that istio operator gets initialized +mesheryctl system stop + +sleep 400 + +mesheryctl system start + +# Applying/deploying crpyto pattern +mesheryctl pattern apply -f ./AadiCrypto.yaml + +sleep 200 + + +kubectl get all -n istio-operator + +# deplyoing httbin application +mesheryctl app onboard -f ./httbin.yaml -s "Kubernetes Manifest" + +sleep 100 + +export INGRESS_NAME=istio-ingressgateway +export INGRESS_NS=istio-system + +kubectl get svc "$INGRESS_NAME" -n "$INGRESS_NS" + + +export INGRESS_HOST=$(kubectl -n "$INGRESS_NS" get service "$INGRESS_NAME" -o jsonpath='{.status.loadBalancer.ingress[0].ip}') +export INGRESS_PORT=$(kubectl -n "$INGRESS_NS" get service "$INGRESS_NAME" -o jsonpath='{.spec.ports[?(@.name=="http2")].port}') +export SECURE_INGRESS_PORT=$(kubectl -n "$INGRESS_NS" get service "$INGRESS_NAME" -o jsonpath='{.spec.ports[?(@.name=="https")].port}') +export TCP_INGRESS_PORT=$(kubectl -n "$INGRESS_NS" get service "$INGRESS_NAME" -o jsonpath='{.spec.ports[?(@.name=="tcp")].port}') + + +export GATEWAY_URL=http://$INGRESS_HOST:$INGRESS_PORT/headers + +# mesheryctl perf apply --file $GITHUB_WORKSPACE/.github/$perf_filename -t ~/auth.json --url "$endpoint_url" --mesh "$service_mesh" --name "$test_name" --load-generator "$load_generator" $perf_profile_name -y + +echo "Service Mesh: $MESH_NAME - $SERVICE_MESH" +echo "Gateway URL: $GATEWAY_URL" +echo "ENDPOINT_URL=$GATEWAY_URL/productpage" >> $GITHUB_ENV +echo "SERVICE_MESH=$SERVICE_MESH" >> $GITHUB_ENV + + + + + From 43791af4f3a02ff42605e4fb0d8dcd20172e8fe0 Mon Sep 17 00:00:00 2001 From: asubedy Date: Thu, 6 Jul 2023 16:58:48 +0545 Subject: [PATCH 2/9] added scheduled workflow for istioCrypto Signed-off-by: asubedy --- .../scheduled-istioCrypto-benchmark.yml | 153 ++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 .github/workflows/scheduled-istioCrypto-benchmark.yml diff --git a/.github/workflows/scheduled-istioCrypto-benchmark.yml b/.github/workflows/scheduled-istioCrypto-benchmark.yml new file mode 100644 index 0000000..77019d5 --- /dev/null +++ b/.github/workflows/scheduled-istioCrypto-benchmark.yml @@ -0,0 +1,153 @@ +name: Scheduled Benchmark Tests on Self-hosted Runner +on: + # for triggering manually, provide a test configuration file name or a performance profile name + workflow_dispatch: + inputs: + profile_name: + description: "performance profile to use" + required: false + profile_filename: + description: "test configuration file" + required: false + # scheduled to run on everyhour + schedule: + - cron: '0 * * * *' + +jobs: +# Scheduled Benchmark Test + start-runners-scheduled: + name: Start self-hosted CNCF CIL runners for scheduled test + timeout-minutes: 60 + runs-on: ubuntu-latest + if: ${{ github.event_name == 'schedule' }} + # strategy: + # fail-fast: false + # matrix: + # service-mesh: ['istio', 'linkerd', 'osm'] + # load-generator: ['fortio', 'wrk2'] + # test-configuration: ['load-test','soak-test'] + outputs: + github_run_id: ${{ env.GITHUB_RUN_ID }} # use this github_run_id as a suffix for CIL machines and runners + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Configure CNCF CIL credentials + run: | + chmod +x .github/workflows/scripts/self-hosted-credentails.sh + .github/workflows/scripts/self-hosted-credentails.sh ${{ secrets.CNCF_CIL_TOKEN }} + shell: bash + + - name: Create registration token for CNCF CIL runner + id: getRegToken + run: | + reg_token=$(curl -s -X POST -H "Accept: application/vnd.github.v3+json" \ + -H 'Authorization: token ${{ secrets.GH_ACCESS_TOKEN }}' \ + https://api.github.com/repos/${{github.repository}}/actions/runners/registration-token | jq -r .token) + echo REG_TOKEN=$reg_token >> $GITHUB_ENV + echo REPOSITORY=${{github.repository}} >> $GITHUB_ENV + shell: bash + + # The hostname will be like istioCrypto-fortio-load-1997512481 + - name: Start CNCF CIL runner + id: start-cil-runner + run: | + echo GITHUB_RUN_ID=${{ github.run_id }} >> $GITHUB_ENV + chmod +x .github/workflows/scripts/start-cil-runner.sh + .github/workflows/scripts/start-cil-runner.sh ${{ secrets.cncf_cil_token }} istioCrypto-fortio-load + shell: bash + + scheduled-test: + name: Scheduled Istio-Crypto Benchmark Test + timeout-minutes: 60 + needs: + - start-runners-scheduled + runs-on: istioCrpto-fortio-load-${{ github.run_id }} + if: ${{ github.event_name == 'schedule' }} + strategy: + # fail-fast: false + # matrix: + # service-mesh: ['istio', 'linkerd', 'osm'] + # load-generator: ['fortio', 'wrk2'] + # test-configuration: ['load-test','soak-test'] + steps: + - name: Install dependencies + run: | + echo "Current user: $(whoami)" + echo "Installing kubectl..." + curl -LO https://dl.k8s.io/release/v1.23.2/bin/linux/amd64/kubectl + sudo install -o smp -g smp -m 0755 kubectl /usr/local/bin/kubectl + echo "Installing docker..." + sudo apt update -y + sudo apt install -y jq unzip apt-transport-https ca-certificates software-properties-common + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" + sudo apt-cache policy docker-ce + sudo apt install -y docker-ce + sudo systemctl status docker + sudo mkdir -p ~/.kube + sudo chmod 777 ~/.kube + curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 + sudo install minikube-linux-amd64 /usr/local/bin/minikube + + + - name: Start minikube + run: | + minikube start --memory 5000 + kubectl get po -A + + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Deploy Istio Crypto design and deploy httpbin application + run: | + chmod +x .github/workflows/scripts/istioCrypto.sh + .github/workflows/scripts/istioCrypto.sh + shell: bash + + - name: Get Date + id: date + run: echo "::set-output name=date::$(date +'%Y-%m-%d-%H.%M.%S')" + + - name: Run Benchmark Tests + uses: layer5io/meshery-smp-action@master + with: + provider_token: ${{ secrets.MESHERY_TOKEN }} + platform: docker + profile_filename: ${{ matrix.test-configuration }}.yaml + endpoint_url: ${{env.ENDPOINT_URL}} + service_mesh: ${{env.SERVICE_MESH}} + load_generator: ${{ matrix.load-generator }} + profile_name: 'istioCrypto-${{ matrix.test-configuration }}' + test_name: '${{ steps.date.outputs.date }}' + + stop-runner-scheduled: + name: Stop self-hosted runner + timeout-minutes: 60 + needs: + - start-runners-scheduled # required to get output from the start-runner job + - scheduled-test # required to wait when the main job is done + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + service-mesh: ['istio', 'linkerd', 'osm'] + load-generator: ['fortio', 'wrk2'] + test-configuration: ['load-test','soak-test'] + if: ${{ always() && github.event_name == 'schedule' }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Stop CNCF CIL runner + run: | + chmod +x .github/workflows/scripts/stop-cil-runner.sh + .github/workflows/scripts/stop-cil-runner.sh ${{ secrets.cncf_cil_token }} ${{ matrix.service-mesh }}-${{ matrix.load-generator }}-${{ matrix.test-configuration }}-${{ needs.start-runners-scheduled.outputs.github_run_id }} + shell: bash + + - name: Remove CNCF CIL runner from github repository + if: always() + run: | + runner_id=$(curl -s -H 'Authorization: token ${{ secrets.GH_ACCESS_TOKEN }}' -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{github.repository}}/actions/runners | jq '.runners[] | select(.name == "${{ matrix.service-mesh }}-${{ matrix.load-generator }}-${{ matrix.test-configuration }}-${{ needs.start-runners-scheduled.outputs.github_run_id }}") | {id}' | jq -r .id) + curl -X DELETE -H 'Authorization: token ${{ secrets.GH_ACCESS_TOKEN }}' -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{github.repository}}/actions/runners/$runner_id + shell: bash From 1311093892073b402eca15769c37a772c6b2a37a Mon Sep 17 00:00:00 2001 From: asubedy Date: Fri, 7 Jul 2023 00:14:25 +0545 Subject: [PATCH 3/9] added cryptoDesign and and httpbin Signed-off-by: asubedy --- .github/workflows/CryptoMB-design.yml | 375 ++++++++++++++++++ .github/workflows/httpbin.yaml | 96 +++++ .../scheduled-istioCrypto-benchmark.yml | 18 +- .github/workflows/scripts/istioCrypto.sh | 4 +- 4 files changed, 482 insertions(+), 11 deletions(-) create mode 100644 .github/workflows/CryptoMB-design.yml create mode 100644 .github/workflows/httpbin.yaml diff --git a/.github/workflows/CryptoMB-design.yml b/.github/workflows/CryptoMB-design.yml new file mode 100644 index 0000000..4d08fe0 --- /dev/null +++ b/.github/workflows/CryptoMB-design.yml @@ -0,0 +1,375 @@ +name: CryptoMB-TLS-handshake-acceleration-for-istio(test1) +services: + example-istiocontrolplane: + name: example-istiocontrolplane + type: IstioOperator + apiVersion: install.istio.io/v1alpha1 + namespace: istio-system + model: kubernetes + dependsOn: + - istio-operator-eunco + settings: + spec: + components: + egress Gateways: + - enabled: true + name: istio-egressgateway + ingress Gateways: + - enabled: true + k8s: + pod Annotations: + proxy.istio.io/config: | + privateKeyProvider: + cryptomb: + pollDelay: 10ms + name: istio-ingressgateway + profile: demo + traits: + meshmap: + edges: [] + id: 0a9190c6-3b94-4497-9b5e-0e26e26a3f4a + label: example-istiocontrolplane + meshmodel-metadata: + isCustomResource: true + isNamespaced: true + primaryColor: '#326CE5' + secondaryColor: '#7aa1f0' + shape: circle + svgColor: ui/public/static/img/meshmodels/kubernetes/color/apiservice-color.svg + svgWhite: ui/public/static/img/meshmodels/kubernetes/white/apiservice-white.svg + position: + posX: 448.11615449152737 + posY: 115.57287677378196 + istio-operator-bdbuj: + name: istio-operator + type: ServiceAccount + apiVersion: v1 + namespace: istio-operator + model: kubernetes + traits: + meshmap: + edges: [] + id: 9240267f-d393-4c5d-bdf9-596bacf0ebf0 + label: istio-operator + meshmodel-metadata: + genealogy: "" + isCustomResource: false + isNamespaced: true + logoURL: https://github.com/cncf/artwork/blob/master/projects/kubernetes/icon/white/kubernetes-icon-white.svg + model: kubernetes + modelDisplayName: Kubernetes + primaryColor: '#326CE5' + published: true + secondaryColor: '#7aa1f0' + shape: round-rectangle + styleOverrides: "" + subCategory: Scheduling & Orchestration + svgColor: ui/public/static/img/meshmodels/kubernetes/color/serviceaccount-color.svg + svgComplete: "" + svgWhite: ui/public/static/img/meshmodels/kubernetes/color/serviceaccount-color.svg + position: + posX: 561.5 + posY: 194.5 + istio-operator-eunco: + name: istio-operator + type: Deployment + apiVersion: apps/v1 + model: kubernetes + namespace: istio-operator + settings: + spec: + replicas: 1 + revision History Limit: 10 + selector: + match Labels: + name: istio-operator + template: + metadata: + annotations: + prometheus.io/port: "15014" + prometheus.io/scrape: "true" + labels: + name: istio-operator + spec: + containers: + - command: + - operator + - server + - --monitoring-host=127.0.0.1 + - --monitoring-port=15014 + env: + - name: WATCH_NAMESPACE + value: istio-system + - name: LEADER_ELECTION_NAMESPACE + value: istio-operator + - name: POD_NAME + value From: + field Ref: + field Path: metadata.name + - name: OPERATOR_NAME + value: istio-operator + - name: WAIT_FOR_RESOURCES_TIMEOUT + value: 300s + - name: REVISION + value: "" + image: docker.io/istio/operator:1.18.0 + name: istio-operator + resources: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi + security Context: + allow Privilege Escalation: false + capabilities: + drop: + - ALL + privileged: false + read Only Root Filesystem: true + run As Group: 1337 + run As Non Root: true + run As User: 1337 + service Account Name: istio-operator + traits: + meshmap: + edges: [] + id: 8e79be8c-da6a-49fe-8bc2-6decf12fd7c1 + label: istio-operator + meshmodel-metadata: + genealogy: parent + isCustomResource: false + isNamespaced: true + logoURL: Created by Lee + model: kubernetes + modelDisplayName: Kubernetes + primaryColor: '#326CE5' + published: true + secondaryColor: '#7aa1f0' + shape: round-pentagon + styleOverrides: '{"background-image":"none","border-width":2,"background-opacity":0.5}' + subCategory: Scheduling & Orchestration + svgColor: ui/public/static/img/meshmodels/kubernetes/color/deployment-color.svg + svgComplete: ui/public/static/img/meshmodels/kubernetes/complete/deployment-complete.svg + svgWhite: ui/public/static/img/meshmodels/kubernetes/color/deployment-color.svg + position: + posX: 492.1229787505797 + posY: 234.6048777043293 + istio-operator-hynzf: + name: istio-operator + type: Service + apiVersion: v1 + model: kubernetes + namespace: istio-operator + settings: + spec: + ports: + - name: http-metrics + port: 80 + protocol: TCP + target Port: 8383 + selector: + name: istio-operator + traits: + meshmap: + edges: [] + id: d24ca3fc-fb37-40d6-86b7-a2665b24f120 + label: istio-operator + meshmodel-metadata: + genealogy: "" + isCustomResource: false + isNamespaced: true + logoURL: https://github.com/cncf/artwork/blob/master/projects/kubernetes/icon/white/kubernetes-icon-white.svg + model: kubernetes + modelDisplayName: Kubernetes + primaryColor: '#326CE5' + published: true + secondaryColor: '#7aa1f0' + shape: round-triangle + styleOverrides: '{"height":16,"width":17,"padding":12,"background-fit":"none","background-position-y":4.5}' + subCategory: Scheduling & Orchestration + svgColor: ui/public/static/img/meshmodels/kubernetes/color/apiservice-color.svg + svgComplete: "" + svgWhite: ui/public/static/img/meshmodels/kubernetes/white/apiservice-white.svg + position: + posX: 484.9355395872588 + posY: 168.2587641981373 + istio-operator-nijef: + name: istio-operator + type: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + model: kubernetes + namespace: istio-operator + settings: + role Ref: + api Group: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-operator + subjects: + - kind: ServiceAccount + name: istio-operator + namespace: istio-operator + traits: + meshmap: + edges: [] + id: c3ad3045-b7a5-4b15-bafc-55ad9cc2bce6 + label: istio-operator + meshmodel-metadata: + genealogy: "" + isCustomResource: false + isNamespaced: false + logoURL: Created by Lee + model: kubernetes + modelDisplayName: Kubernetes + primaryColor: '#326CE5' + published: true + secondaryColor: '#7aa1f0' + shape: round-rectangle + styleOverrides: '{"height":"22px","width":"16px","padding":"6px", "z-index":9999}' + subCategory: Scheduling & Orchestration + svgColor: ui/public/static/img/meshmodels/kubernetes/color/clusterrolebinding-color.svg + svgComplete: "" + svgWhite: ui/public/static/img/meshmodels/kubernetes/white/clusterrolebinding-white.svg + position: + posX: 583.5433705937176 + posY: 276.8033383692807 + istio-operator-rympr: + name: istio-operator + type: ClusterRole + apiVersion: rbac.authorization.k8s.io/v1 + model: kubernetes + settings: + rules: + - api Groups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' + - api Groups: + - config.istio.io + resources: + - '*' + verbs: + - '*' + - api Groups: + - install.istio.io + resources: + - '*' + verbs: + - '*' + - api Groups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' + - api Groups: + - security.istio.io + resources: + - '*' + verbs: + - '*' + - api Groups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' + - api Groups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' + - api Groups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - replicasets + verbs: + - '*' + - api Groups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' + - api Groups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - update + - api Groups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' + - api Groups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' + - api Groups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + - api Groups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/proxy + - pods/portforward + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + - resourcequotas + verbs: + - '*' + traits: + meshmap: + edges: [] + id: f9e95f4b-ffef-4523-917c-1442bb59b53b + label: istio-operator + meshmodel-metadata: + genealogy: "" + isCustomResource: false + isNamespaced: false + logoURL: Created by Lee + model: kubernetes + modelDisplayName: Kubernetes + primaryColor: '#326CE5' + published: true + secondaryColor: '#7aa1f0' + shape: round-rectangle + styleOverrides: '{"height":"22px","width":"16px","padding":"6px"}' + subCategory: Scheduling & Orchestration + svgColor: ui/public/static/img/meshmodels/kubernetes/color/clusterrole-color.svg + svgComplete: "" + svgWhite: ui/public/static/img/meshmodels/kubernetes/white/clusterrole-white.svg + position: + posX: 671.5732114890026 + posY: 194.95822565413835 diff --git a/.github/workflows/httpbin.yaml b/.github/workflows/httpbin.yaml new file mode 100644 index 0000000..5357d4d --- /dev/null +++ b/.github/workflows/httpbin.yaml @@ -0,0 +1,96 @@ +# Copyright Istio Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################################################## +# httpbin service +################################################################################################## +apiVersion: v1 +kind: ServiceAccount +metadata: + name: httpbin +--- +apiVersion: v1 +kind: Service +metadata: + name: httpbin + labels: + app: httpbin + service: httpbin +spec: + ports: + - name: http + port: 8000 + targetPort: 80 + selector: + app: httpbin +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: httpbin +spec: + replicas: 1 + selector: + matchLabels: + app: httpbin + version: v1 + template: + metadata: + labels: + app: httpbin + version: v1 + spec: + serviceAccountName: httpbin + containers: + - image: docker.io/kong/httpbin + imagePullPolicy: IfNotPresent + name: httpbin + ports: + - containerPort: 80 +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: httpbin-gateway +spec: + # The selector matches the ingress gateway pod labels. + # If you installed Istio using Helm following the standard documentation, this would be "istio=ingress" + selector: + istio: ingressgateway + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: httpbin +spec: + hosts: + - "*" + gateways: + - httpbin-gateway + http: + - match: + - uri: + prefix: /headers + route: + - destination: + port: + number: 8000 + host: httpbin \ No newline at end of file diff --git a/.github/workflows/scheduled-istioCrypto-benchmark.yml b/.github/workflows/scheduled-istioCrypto-benchmark.yml index 77019d5..db27a79 100644 --- a/.github/workflows/scheduled-istioCrypto-benchmark.yml +++ b/.github/workflows/scheduled-istioCrypto-benchmark.yml @@ -62,7 +62,7 @@ jobs: timeout-minutes: 60 needs: - start-runners-scheduled - runs-on: istioCrpto-fortio-load-${{ github.run_id }} + runs-on: istioCrypto-fortio-load-${{ github.run_id }} if: ${{ github.event_name == 'schedule' }} strategy: # fail-fast: false @@ -128,12 +128,12 @@ jobs: - start-runners-scheduled # required to get output from the start-runner job - scheduled-test # required to wait when the main job is done runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - service-mesh: ['istio', 'linkerd', 'osm'] - load-generator: ['fortio', 'wrk2'] - test-configuration: ['load-test','soak-test'] + # strategy: + # fail-fast: false + # matrix: + # service-mesh: ['istio', 'linkerd', 'osm'] + # load-generator: ['fortio', 'wrk2'] + # test-configuration: ['load-test','soak-test'] if: ${{ always() && github.event_name == 'schedule' }} # required to stop the runner even if the error happened in the previous jobs steps: - name: Checkout Code @@ -142,12 +142,12 @@ jobs: - name: Stop CNCF CIL runner run: | chmod +x .github/workflows/scripts/stop-cil-runner.sh - .github/workflows/scripts/stop-cil-runner.sh ${{ secrets.cncf_cil_token }} ${{ matrix.service-mesh }}-${{ matrix.load-generator }}-${{ matrix.test-configuration }}-${{ needs.start-runners-scheduled.outputs.github_run_id }} + .github/workflows/scripts/stop-cil-runner.sh ${{ secrets.cncf_cil_token }} istioCrypto-fortio-load-${{ needs.start-runners-scheduled.outputs.github_run_id }} shell: bash - name: Remove CNCF CIL runner from github repository if: always() run: | - runner_id=$(curl -s -H 'Authorization: token ${{ secrets.GH_ACCESS_TOKEN }}' -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{github.repository}}/actions/runners | jq '.runners[] | select(.name == "${{ matrix.service-mesh }}-${{ matrix.load-generator }}-${{ matrix.test-configuration }}-${{ needs.start-runners-scheduled.outputs.github_run_id }}") | {id}' | jq -r .id) + runner_id=$(curl -s -H 'Authorization: token ${{ secrets.GH_ACCESS_TOKEN }}' -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{github.repository}}/actions/runners | jq '.runners[] | select(.name == "istioCrypto-fortio-load-${{ needs.start-runners-scheduled.outputs.github_run_id }}") | {id}' | jq -r .id) curl -X DELETE -H 'Authorization: token ${{ secrets.GH_ACCESS_TOKEN }}' -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{github.repository}}/actions/runners/$runner_id shell: bash diff --git a/.github/workflows/scripts/istioCrypto.sh b/.github/workflows/scripts/istioCrypto.sh index fb4c208..5a86610 100644 --- a/.github/workflows/scripts/istioCrypto.sh +++ b/.github/workflows/scripts/istioCrypto.sh @@ -32,7 +32,7 @@ sleep 400 mesheryctl system start # Applying/deploying crpyto pattern -mesheryctl pattern apply -f ./AadiCrypto.yaml +mesheryctl pattern apply -f ../CryptoMB-design.yaml sleep 200 @@ -40,7 +40,7 @@ sleep 200 kubectl get all -n istio-operator # deplyoing httbin application -mesheryctl app onboard -f ./httbin.yaml -s "Kubernetes Manifest" +mesheryctl app onboard -f ../httbin.yaml -s "Kubernetes Manifest" sleep 100 From 2df0a0fa1ff691f53dbc0546c7d3b601552b8545 Mon Sep 17 00:00:00 2001 From: asubedy Date: Fri, 7 Jul 2023 00:16:03 +0545 Subject: [PATCH 4/9] fixed httpbin spelling Signed-off-by: asubedy --- .github/workflows/scripts/istioCrypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scripts/istioCrypto.sh b/.github/workflows/scripts/istioCrypto.sh index 5a86610..472f003 100644 --- a/.github/workflows/scripts/istioCrypto.sh +++ b/.github/workflows/scripts/istioCrypto.sh @@ -40,7 +40,7 @@ sleep 200 kubectl get all -n istio-operator # deplyoing httbin application -mesheryctl app onboard -f ../httbin.yaml -s "Kubernetes Manifest" +mesheryctl app onboard -f ../httpbin.yaml -s "Kubernetes Manifest" sleep 100 From 79fbbe9a3f5c4e551fb9cf0a24cf1fb2fc6953f7 Mon Sep 17 00:00:00 2001 From: asubedy Date: Fri, 7 Jul 2023 16:17:29 +0545 Subject: [PATCH 5/9] removed unnecessary space Signed-off-by: asubedy --- .github/workflows/scripts/istioCrypto.sh | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/scripts/istioCrypto.sh b/.github/workflows/scripts/istioCrypto.sh index 472f003..9c1583f 100644 --- a/.github/workflows/scripts/istioCrypto.sh +++ b/.github/workflows/scripts/istioCrypto.sh @@ -63,9 +63,4 @@ export GATEWAY_URL=http://$INGRESS_HOST:$INGRESS_PORT/headers echo "Service Mesh: $MESH_NAME - $SERVICE_MESH" echo "Gateway URL: $GATEWAY_URL" echo "ENDPOINT_URL=$GATEWAY_URL/productpage" >> $GITHUB_ENV -echo "SERVICE_MESH=$SERVICE_MESH" >> $GITHUB_ENV - - - - - +echo "SERVICE_MESH=$SERVICE_MESH" >> $GITHUB_ENV \ No newline at end of file From 69f382fc00ec5fe0946a3d36baff7d8e1186c650 Mon Sep 17 00:00:00 2001 From: asubedy Date: Mon, 17 Jul 2023 20:24:09 +0545 Subject: [PATCH 6/9] components register check added Signed-off-by: asubedy --- .../scheduled-istioCrypto-benchmark.yml | 79 ++++++++++++++----- .github/workflows/scripts/istioCrypto.sh | 22 ++---- 2 files changed, 63 insertions(+), 38 deletions(-) diff --git a/.github/workflows/scheduled-istioCrypto-benchmark.yml b/.github/workflows/scheduled-istioCrypto-benchmark.yml index db27a79..3095685 100644 --- a/.github/workflows/scheduled-istioCrypto-benchmark.yml +++ b/.github/workflows/scheduled-istioCrypto-benchmark.yml @@ -20,12 +20,6 @@ jobs: timeout-minutes: 60 runs-on: ubuntu-latest if: ${{ github.event_name == 'schedule' }} - # strategy: - # fail-fast: false - # matrix: - # service-mesh: ['istio', 'linkerd', 'osm'] - # load-generator: ['fortio', 'wrk2'] - # test-configuration: ['load-test','soak-test'] outputs: github_run_id: ${{ env.GITHUB_RUN_ID }} # use this github_run_id as a suffix for CIL machines and runners steps: @@ -64,12 +58,6 @@ jobs: - start-runners-scheduled runs-on: istioCrypto-fortio-load-${{ github.run_id }} if: ${{ github.event_name == 'schedule' }} - strategy: - # fail-fast: false - # matrix: - # service-mesh: ['istio', 'linkerd', 'osm'] - # load-generator: ['fortio', 'wrk2'] - # test-configuration: ['load-test','soak-test'] steps: - name: Install dependencies run: | @@ -99,6 +87,60 @@ jobs: - name: Checkout Code uses: actions/checkout@v2 + - name: Install Istio Operator and Gateway CRD + run: | + cat /proc/cpuinfo | grep avx + curl -L https://istio.io/downloadIstio | sh - + cd istio-1.18.0 + export PATH=$PWD/bin:$PATH + istioctl operator init + pwd + + kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v0.6.2" | kubectl apply -f -; + + - name: MeshModel Component Register Check + run: | + kubectl config view --minify --flatten > ~/minified_config + mv ~/minified_config ~/.kube/config + echo 'mesheryctl is not installed. Installing mesheryctl client... Standby... (Starting Meshery as well...)' >&2 + curl -L https://meshery.io/install | ADAPTERS=istio PLATFORM=kubernetes bash - + + #forces meshery to register components and checks + curl --location 'localhost:9081/api/system/sync' \ + --header 'meshery-token:${{ secrets.MESHERY_TOKEN }} \ + --header 'Cookie: meshery-provider=Meshery; meshery.layer5.io_ref=/;token=${{ secrets.MESHERY_TOKEN }} + + curl --location 'localhost:9081/api/system/sync' \ + --header 'meshery-token:${{ secrets.MESHERY_TOKEN }} \ + --header 'Cookie: meshery-provider=Meshery; meshery.layer5.io_ref=/;token=${{ secrets.MESHERY_TOKEN }} + + check_endpoint() { + response=$(curl -s http://localhost:9081/api/meshmodels/models/kubernetes/components/IstioOperator \ + -H 'Cookie: meshery-provider=Meshery;token=${{ secrets.MESHERY_TOKEN }} + ) + total_count=$(echo "$response" | grep -oP '(?<="total_count":)\d+') + + if [[ $total_count -ne 0 ]]; then + echo "Components Registered" + exit 0 + fi + } + + # Set the duration for script execution (in seconds) + duration=$((5 * 60)) + + # Calculate the end time + end_time=$((SECONDS + duration)) + + # Loop until the end time is reached + while [[ $SECONDS -lt $end_time ]]; do + check_endpoint + echo "Checked, Components not registered" + sleep 60 + done + + echo "Waited for 5 minutes components not registered" + - name: Deploy Istio Crypto design and deploy httpbin application run: | chmod +x .github/workflows/scripts/istioCrypto.sh @@ -114,11 +156,11 @@ jobs: with: provider_token: ${{ secrets.MESHERY_TOKEN }} platform: docker - profile_filename: ${{ matrix.test-configuration }}.yaml + profile_filename: load-test.yaml endpoint_url: ${{env.ENDPOINT_URL}} service_mesh: ${{env.SERVICE_MESH}} - load_generator: ${{ matrix.load-generator }} - profile_name: 'istioCrypto-${{ matrix.test-configuration }}' + load_generator: fortio + profile_name: 'istioCrypto-load-test.yaml' test_name: '${{ steps.date.outputs.date }}' stop-runner-scheduled: @@ -128,17 +170,12 @@ jobs: - start-runners-scheduled # required to get output from the start-runner job - scheduled-test # required to wait when the main job is done runs-on: ubuntu-latest - # strategy: - # fail-fast: false - # matrix: - # service-mesh: ['istio', 'linkerd', 'osm'] - # load-generator: ['fortio', 'wrk2'] - # test-configuration: ['load-test','soak-test'] if: ${{ always() && github.event_name == 'schedule' }} # required to stop the runner even if the error happened in the previous jobs steps: - name: Checkout Code uses: actions/checkout@v2 + - name: Stop CNCF CIL runner run: | chmod +x .github/workflows/scripts/stop-cil-runner.sh diff --git a/.github/workflows/scripts/istioCrypto.sh b/.github/workflows/scripts/istioCrypto.sh index 9c1583f..a571175 100644 --- a/.github/workflows/scripts/istioCrypto.sh +++ b/.github/workflows/scripts/istioCrypto.sh @@ -6,13 +6,6 @@ export MESH_NAME='Istio' export SERVICE_MESH='ISTIO' -# Check if mesheryctl is present, else install it -if ! [ -x "$(command -v mesheryctl)" ]; then - echo 'mesheryctl is not installed. Installing mesheryctl client... Standby... (Starting Meshery as well...)' >&2 - curl -L https://meshery.io/install | ADAPTERS=istio PLATFORM=kubernetes bash - -fi - -sleep 200 kubectl get pods -n meshery echo "Meshery has been installed." @@ -22,25 +15,20 @@ echo "Meshery has been installed." sleep 200 -kubectl get all -n istio-system # so that istio operator gets initialized -mesheryctl system stop - -sleep 400 - -mesheryctl system start # Applying/deploying crpyto pattern -mesheryctl pattern apply -f ../CryptoMB-design.yaml +echo "Applying IstioCrypto Design" +mesheryctl pattern apply -f ../CryptoMB-design.yaml --token "./.github/workflows/auth.json" sleep 200 - kubectl get all -n istio-operator # deplyoing httbin application -mesheryctl app onboard -f ../httpbin.yaml -s "Kubernetes Manifest" +echo "OnBoarding IstioCrypto Design" +mesheryctl app onboard -f ../httpbin.yaml -s "Kubernetes Manifest" --token "./.github/workflows/auth.json" sleep 100 @@ -62,5 +50,5 @@ export GATEWAY_URL=http://$INGRESS_HOST:$INGRESS_PORT/headers echo "Service Mesh: $MESH_NAME - $SERVICE_MESH" echo "Gateway URL: $GATEWAY_URL" -echo "ENDPOINT_URL=$GATEWAY_URL/productpage" >> $GITHUB_ENV +echo "ENDPOINT_URL=$GATEWAY_URL >> $GITHUB_ENV echo "SERVICE_MESH=$SERVICE_MESH" >> $GITHUB_ENV \ No newline at end of file From ddc266a4c00817b2d6705a6220ca5af801eb2183 Mon Sep 17 00:00:00 2001 From: asubedy Date: Mon, 17 Jul 2023 21:52:01 +0545 Subject: [PATCH 7/9] proper url for checking registration Signed-off-by: asubedy --- .../scheduled-istioCrypto-benchmark.yml | 25 +++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/.github/workflows/scheduled-istioCrypto-benchmark.yml b/.github/workflows/scheduled-istioCrypto-benchmark.yml index 3095685..2463adb 100644 --- a/.github/workflows/scheduled-istioCrypto-benchmark.yml +++ b/.github/workflows/scheduled-istioCrypto-benchmark.yml @@ -96,27 +96,32 @@ jobs: istioctl operator init pwd - kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v0.6.2" | kubectl apply -f -; + - name: MeshModel Component Register Check run: | kubectl config view --minify --flatten > ~/minified_config mv ~/minified_config ~/.kube/config echo 'mesheryctl is not installed. Installing mesheryctl client... Standby... (Starting Meshery as well...)' >&2 - curl -L https://meshery.io/install | ADAPTERS=istio PLATFORM=kubernetes bash - + # curl -L https://meshery.io/install | ADAPTERS=istio PLATFORM=kubernetes bash - + + output=$(curl -L https://meshery.io/install | PLATFORM=kubernetes bash - 2>&1) + echo $output + url=$(echo "$output" | grep -oP 'http://\S+' | tail -1) + echo "Generated URL: $url" #forces meshery to register components and checks - curl --location 'localhost:9081/api/system/sync' \ - --header 'meshery-token:${{ secrets.MESHERY_TOKEN }} \ - --header 'Cookie: meshery-provider=Meshery; meshery.layer5.io_ref=/;token=${{ secrets.MESHERY_TOKEN }} + curl --location "${url}/api/system/sync" \ + --header 'meshery-token:${{ secrets.MESHERY_TOKEN }}' \ + --header 'Cookie: meshery-provider=Meshery; meshery.layer5.io_ref=/;token=${{ secrets.MESHERY_TOKEN }}' - curl --location 'localhost:9081/api/system/sync' \ - --header 'meshery-token:${{ secrets.MESHERY_TOKEN }} \ - --header 'Cookie: meshery-provider=Meshery; meshery.layer5.io_ref=/;token=${{ secrets.MESHERY_TOKEN }} + curl --location "${url}/api/system/sync" \ + --header 'meshery-token:${{ secrets.MESHERY_TOKEN }}' \ + --header 'Cookie: meshery-provider=Meshery; meshery.layer5.io_ref=/;token=${{ secrets.MESHERY_TOKEN }}' check_endpoint() { - response=$(curl -s http://localhost:9081/api/meshmodels/models/kubernetes/components/IstioOperator \ - -H 'Cookie: meshery-provider=Meshery;token=${{ secrets.MESHERY_TOKEN }} + response=$(curl -s "${url}/api/meshmodels/models/kubernetes/components/IstioOperator" \ + -H 'Cookie: meshery-provider=Meshery;token=${{ secrets.MESHERY_TOKEN }}' ) total_count=$(echo "$response" | grep -oP '(?<="total_count":)\d+') From 9f67fc4290f8e9890fbd0b216c23bc944b81f641 Mon Sep 17 00:00:00 2001 From: asubedy Date: Thu, 20 Jul 2023 21:59:48 +0545 Subject: [PATCH 8/9] added csr sript Signed-off-by: asubedy --- .github/workflows/scripts/generate_csr.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/workflows/scripts/generate_csr.sh diff --git a/.github/workflows/scripts/generate_csr.sh b/.github/workflows/scripts/generate_csr.sh new file mode 100644 index 0000000..4904516 --- /dev/null +++ b/.github/workflows/scripts/generate_csr.sh @@ -0,0 +1,11 @@ + +# generate CA cerficate +openssl genrsa -out fortio.com.key 2048 +openssl req -new -x509 -days 365 -key fortio.com.key -subj "/C=CN/ST=GD/L=SZ/O=fortio.com, Inc./CN=fortio.com Root CA" -out fortio.com.crt + +# generate CSR +openssl req -newkey rsa:2048 -nodes -keyout httpbin.fortio.com.key -subj "/C=CN/ST=GD/L=SZ/O=fortio.com, Inc./CN=*.fortio.com" -out httpbin.fortio.com.csr +openssl x509 -req -extfile <(printf "subjectAltName=IP:10.239.241.168,DNS:fortio.com,DNS:www.fortio.com") -days 365 -in httpbin.fortio.com.csr -CA fortio.com.crt -CAkey fortio.com.key -CAcreateserial -out httpbin.fortio.com.crt + +# upload key and crt as a secret +kubectl create -n istio-system secret tls httpbin-fortio-credential --key=httpbin.fortio.com.key --cert=httpbin.fortio.com.crt \ No newline at end of file From 355fa957a58da8523de0d41729f55bfcf0a5c6b2 Mon Sep 17 00:00:00 2001 From: asubedy Date: Wed, 9 Aug 2023 20:13:40 +0545 Subject: [PATCH 9/9] added correctly deployable crypto Design Signed-off-by: asubedy --- .github/workflows/CryptoMB-design.yml | 353 +++++++++++------------ .github/workflows/scripts/istioCrypto.sh | 4 +- 2 files changed, 178 insertions(+), 179 deletions(-) diff --git a/.github/workflows/CryptoMB-design.yml b/.github/workflows/CryptoMB-design.yml index 4d08fe0..49cb1a8 100644 --- a/.github/workflows/CryptoMB-design.yml +++ b/.github/workflows/CryptoMB-design.yml @@ -1,13 +1,12 @@ -name: CryptoMB-TLS-handshake-acceleration-for-istio(test1) +name: CryptoMB-TLS-handshake-acceleration-for-Istio services: example-istiocontrolplane: name: example-istiocontrolplane type: IstioOperator apiVersion: install.istio.io/v1alpha1 namespace: istio-system - model: kubernetes - dependsOn: - - istio-operator-eunco + model: istio-base + version: 1.16.0 settings: spec: components: @@ -40,16 +39,164 @@ services: position: posX: 448.11615449152737 posY: 115.57287677378196 - istio-operator-bdbuj: + istio-operator-btexb: name: istio-operator - type: ServiceAccount + type: ClusterRole + apiVersion: rbac.authorization.k8s.io/v1 + model: kubernetes + settings: + rules: + - api Groups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' + - api Groups: + - config.istio.io + resources: + - '*' + verbs: + - '*' + - api Groups: + - install.istio.io + resources: + - '*' + verbs: + - '*' + - api Groups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' + - api Groups: + - security.istio.io + resources: + - '*' + verbs: + - '*' + - api Groups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' + - api Groups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' + - api Groups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - replicasets + verbs: + - '*' + - api Groups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' + - api Groups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - update + - api Groups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' + - api Groups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' + - api Groups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + - api Groups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/proxy + - pods/portforward + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + - resourcequotas + verbs: + - '*' + traits: + meshmap: + edges: [] + id: f9e95f4b-ffef-4523-917c-1442bb59b53b + label: istio-operator + meshmodel-metadata: + genealogy: "" + isCustomResource: false + isNamespaced: false + logoURL: Created by Lee + model: kubernetes + modelDisplayName: Kubernetes + primaryColor: '#326CE5' + published: true + secondaryColor: '#7aa1f0' + shape: round-rectangle + styleOverrides: '{"height":"22px","width":"16px","padding":"6px"}' + subCategory: Scheduling & Orchestration + svgColor: ui/public/static/img/meshmodels/kubernetes/color/clusterrole-color.svg + svgComplete: "" + svgWhite: ui/public/static/img/meshmodels/kubernetes/white/clusterrole-white.svg + position: + posX: 671.5732114890026 + posY: 194.95822565413835 + istio-operator-danjd: + name: istio-operator + type: Service apiVersion: v1 namespace: istio-operator model: kubernetes + settings: + spec: + ports: + - name: http-metrics + port: 80 + protocol: TCP + target Port: 8383 + selector: + name: istio-operator traits: meshmap: edges: [] - id: 9240267f-d393-4c5d-bdf9-596bacf0ebf0 + id: d24ca3fc-fb37-40d6-86b7-a2665b24f120 label: istio-operator meshmodel-metadata: genealogy: "" @@ -61,21 +208,21 @@ services: primaryColor: '#326CE5' published: true secondaryColor: '#7aa1f0' - shape: round-rectangle - styleOverrides: "" + shape: round-triangle + styleOverrides: '{"height":16,"width":17,"padding":12,"background-fit":"none","background-position-y":4.5}' subCategory: Scheduling & Orchestration - svgColor: ui/public/static/img/meshmodels/kubernetes/color/serviceaccount-color.svg + svgColor: ui/public/static/img/meshmodels/kubernetes/color/apiservice-color.svg svgComplete: "" - svgWhite: ui/public/static/img/meshmodels/kubernetes/color/serviceaccount-color.svg + svgWhite: ui/public/static/img/meshmodels/kubernetes/white/apiservice-white.svg position: - posX: 561.5 - posY: 194.5 - istio-operator-eunco: + posX: 484.9355395872588 + posY: 168.2587641981373 + istio-operator-gblro: name: istio-operator type: Deployment apiVersion: apps/v1 - model: kubernetes namespace: istio-operator + model: kubernetes settings: spec: replicas: 1 @@ -156,51 +303,12 @@ services: position: posX: 492.1229787505797 posY: 234.6048777043293 - istio-operator-hynzf: - name: istio-operator - type: Service - apiVersion: v1 - model: kubernetes - namespace: istio-operator - settings: - spec: - ports: - - name: http-metrics - port: 80 - protocol: TCP - target Port: 8383 - selector: - name: istio-operator - traits: - meshmap: - edges: [] - id: d24ca3fc-fb37-40d6-86b7-a2665b24f120 - label: istio-operator - meshmodel-metadata: - genealogy: "" - isCustomResource: false - isNamespaced: true - logoURL: https://github.com/cncf/artwork/blob/master/projects/kubernetes/icon/white/kubernetes-icon-white.svg - model: kubernetes - modelDisplayName: Kubernetes - primaryColor: '#326CE5' - published: true - secondaryColor: '#7aa1f0' - shape: round-triangle - styleOverrides: '{"height":16,"width":17,"padding":12,"background-fit":"none","background-position-y":4.5}' - subCategory: Scheduling & Orchestration - svgColor: ui/public/static/img/meshmodels/kubernetes/color/apiservice-color.svg - svgComplete: "" - svgWhite: ui/public/static/img/meshmodels/kubernetes/white/apiservice-white.svg - position: - posX: 484.9355395872588 - posY: 168.2587641981373 - istio-operator-nijef: + istio-operator-ioxyg: name: istio-operator type: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 - model: kubernetes namespace: istio-operator + model: kubernetes settings: role Ref: api Group: rbac.authorization.k8s.io @@ -234,142 +342,33 @@ services: position: posX: 583.5433705937176 posY: 276.8033383692807 - istio-operator-rympr: + istio-operator-kgmgw: name: istio-operator - type: ClusterRole - apiVersion: rbac.authorization.k8s.io/v1 + type: ServiceAccount + apiVersion: v1 + namespace: istio-operator model: kubernetes - settings: - rules: - - api Groups: - - authentication.istio.io - resources: - - '*' - verbs: - - '*' - - api Groups: - - config.istio.io - resources: - - '*' - verbs: - - '*' - - api Groups: - - install.istio.io - resources: - - '*' - verbs: - - '*' - - api Groups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' - - api Groups: - - security.istio.io - resources: - - '*' - verbs: - - '*' - - api Groups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - '*' - - api Groups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions.apiextensions.k8s.io - - customresourcedefinitions - verbs: - - '*' - - api Groups: - - apps - - extensions - resources: - - daemonsets - - deployments - - deployments/finalizers - - replicasets - verbs: - - '*' - - api Groups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - '*' - - api Groups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - update - - api Groups: - - policy - resources: - - poddisruptionbudgets - verbs: - - '*' - - api Groups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - roles - - rolebindings - verbs: - - '*' - - api Groups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - create - - update - - api Groups: - - "" - resources: - - configmaps - - endpoints - - events - - namespaces - - pods - - pods/proxy - - pods/portforward - - persistentvolumeclaims - - secrets - - services - - serviceaccounts - - resourcequotas - verbs: - - '*' traits: meshmap: edges: [] - id: f9e95f4b-ffef-4523-917c-1442bb59b53b + id: 9240267f-d393-4c5d-bdf9-596bacf0ebf0 label: istio-operator meshmodel-metadata: genealogy: "" isCustomResource: false - isNamespaced: false - logoURL: Created by Lee + isNamespaced: true + logoURL: https://github.com/cncf/artwork/blob/master/projects/kubernetes/icon/white/kubernetes-icon-white.svg model: kubernetes modelDisplayName: Kubernetes primaryColor: '#326CE5' published: true secondaryColor: '#7aa1f0' shape: round-rectangle - styleOverrides: '{"height":"22px","width":"16px","padding":"6px"}' + styleOverrides: "" subCategory: Scheduling & Orchestration - svgColor: ui/public/static/img/meshmodels/kubernetes/color/clusterrole-color.svg + svgColor: ui/public/static/img/meshmodels/kubernetes/color/serviceaccount-color.svg svgComplete: "" - svgWhite: ui/public/static/img/meshmodels/kubernetes/white/clusterrole-white.svg + svgWhite: ui/public/static/img/meshmodels/kubernetes/color/serviceaccount-color.svg position: - posX: 671.5732114890026 - posY: 194.95822565413835 + posX: 561.5 + posY: 194.5 \ No newline at end of file diff --git a/.github/workflows/scripts/istioCrypto.sh b/.github/workflows/scripts/istioCrypto.sh index a571175..d1b5dd5 100644 --- a/.github/workflows/scripts/istioCrypto.sh +++ b/.github/workflows/scripts/istioCrypto.sh @@ -20,14 +20,14 @@ sleep 200 # Applying/deploying crpyto pattern echo "Applying IstioCrypto Design" -mesheryctl pattern apply -f ../CryptoMB-design.yaml --token "./.github/workflows/auth.json" +mesheryctl pattern apply -f ./.github/workflows/CryptoMB-design.yaml --token "./.github/workflows/auth.json" sleep 200 kubectl get all -n istio-operator # deplyoing httbin application -echo "OnBoarding IstioCrypto Design" +echo "OnBoarding HTTP Design" mesheryctl app onboard -f ../httpbin.yaml -s "Kubernetes Manifest" --token "./.github/workflows/auth.json" sleep 100