Lab Environment#
Here is a list of the implementation environments used in this book and the related important configurations.
Istio: 1.14 , Envoy version: 1.22 patch 3
Kubernetes: 1.20
OS: Ubuntu 22.04.1 LTS
shell: Oh My ZSH
shell environment configuration:
alias k=kubectl
Basic environment installation#
Default namespace#
cat <<"EOF" | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
labels:
istio-injection: enabled
name: mark
EOF
Or, Create a new context with namespace defined:
kubectl config set-context mark --user=kubernetes-admin --namespace=mark --cluster=kubernetes
kubectl config use-context mark
Install istio#
curl -L https://istio.io/downloadIstio | sh -
cd istio-1.14.3/bin
./istioctl x precheck
./istioctl x uninstall --purge
./istioctl install
export ISTIO_HOME=$HOME/istio/istio-1.14.3
export PATH=$ISTIO_HOME/bin:$PATH
Install tools#
netshoot#
cat <<"EOF" | kubectl -n mark apply -f -
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: netshoot
labels:
app: netshoot
spec:
replicas: 2
selector:
matchLabels:
app: netshoot
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
labels:
app: netshoot
spec:
containers:
- name: netshoot
image: docker.io/nicolaka/netshoot:latest
command: ["/bin/sleep"]
args: ["100d"]
ports:
- containerPort: 9999
name: tcp
protocol: TCP
- containerPort: 80
name: http-80
protocol: TCP
securityContext:
privileged: true
EOF
httpbin#
Ref. https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/
cat <<"EOF" | kubectl -n mark apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: httpbin
---
apiVersion: v1
kind: Service
metadata:
name: httpbin
labels:
app: httpbin
service: httpbin
spec:
ports:
- name: http
port: 80
targetPort: 8080
selector:
app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
version: v1
template:
metadata:
labels:
app: httpbin
version: v1
spec:
serviceAccountName: httpbin
imagePullSecrets:
- name: docker-registry-key
containers:
- image: docker.io/kennethreitz/httpbin
imagePullPolicy: IfNotPresent
name: httpbin
ports:
- containerPort: 8080
EOF
Setup shell#
istio gateway & node port#
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')