From 896ae57a881dd7961bfc7d9a4e73c6e83cd83b30 Mon Sep 17 00:00:00 2001 From: Beppe Vanrolleghem Date: Thu, 27 Feb 2020 19:17:44 +0100 Subject: [PATCH] changes --- deploy.istio.yaml | 275 ++++++++++++++++++++++++++++++- deploy.yaml | 160 ++++++++++++++---- manifests/pipeline/pipeline.yaml | 4 + serverA/app.py | 3 + 4 files changed, 404 insertions(+), 38 deletions(-) diff --git a/deploy.istio.yaml b/deploy.istio.yaml index e145132..b2ef13e 100644 --- a/deploy.istio.yaml +++ b/deploy.istio.yaml @@ -199,8 +199,10 @@ metadata: sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}' creationTimestamp: null labels: + app: ja security.istio.io/tlsMode: istio server: http + version: v1 name: server-b spec: containers: @@ -219,7 +221,7 @@ spec: - --binaryPath - /usr/local/bin/envoy - --serviceCluster - - server-b.default + - ja.$(POD_NAMESPACE) - --drainDuration - 45s - --parentShutdownDuration @@ -289,7 +291,7 @@ spec: value: "6000" - name: ISTIO_METAJSON_LABELS value: | - {"server":"http"} + {"app":"ja","server":"http","version":"v1"} - name: ISTIO_META_WORKLOAD_NAME value: server-b - name: ISTIO_META_OWNER @@ -385,13 +387,208 @@ spec: secretName: istio.default status: {} --- -kind: Service apiVersion: v1 +kind: Pod metadata: - name: server-check + annotations: + sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}' + creationTimestamp: null + labels: + app: ja + security.istio.io/tlsMode: istio + server: http + version: v2 + name: server-c +spec: + containers: + - image: beppev/server-c:latest + name: front-end + ports: + - containerPort: 6000 + resources: {} + - args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --configPath + - /etc/istio/proxy + - --binaryPath + - /usr/local/bin/envoy + - --serviceCluster + - ja.$(POD_NAMESPACE) + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --discoveryAddress + - istio-pilot.istio-system:15010 + - --zipkinAddress + - zipkin.istio-system:9411 + - --proxyLogLevel=warning + - --proxyComponentLogLevel=misc:error + - --connectTimeout + - 10s + - --proxyAdminPort + - "15000" + - --concurrency + - "2" + - --controlPlaneAuthPolicy + - NONE + - --dnsRefreshRate + - 300s + - --statusPort + - "15020" + - --applicationPorts + - "6000" + - --trust-domain=cluster.local + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_META_POD_PORTS + value: |- + [ + {"containerPort":6000} + ] + - name: ISTIO_META_CLUSTER_ID + value: Kubernetes + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SDS_ENABLED + value: "false" + - name: ISTIO_META_INTERCEPTION_MODE + value: REDIRECT + - name: ISTIO_META_INCLUDE_INBOUND_PORTS + value: "6000" + - name: ISTIO_METAJSON_LABELS + value: | + {"app":"ja","server":"http","version":"v2"} + - name: ISTIO_META_WORKLOAD_NAME + value: server-c + - name: ISTIO_META_OWNER + value: kubernetes://apis/v1/namespaces/default/pods/server-c + - name: ISTIO_META_MESH_ID + value: cluster.local + image: docker.io/istio/proxyv2:1.4.5 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15020 + initialDelaySeconds: 1 + periodSeconds: 2 + resources: + limits: + cpu: "2" + memory: 1Gi + requests: + cpu: 10m + memory: 40Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1337 + runAsNonRoot: true + runAsUser: 1337 + volumeMounts: + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + initContainers: + - command: + - istio-iptables + - -p + - "15001" + - -z + - "15006" + - -u + - "1337" + - -m + - REDIRECT + - -i + - '*' + - -x + - "" + - -b + - '*' + - -d + - "15020" + image: docker.io/istio/proxyv2:1.4.5 + imagePullPolicy: IfNotPresent + name: istio-init + resources: + limits: + cpu: 100m + memory: 50Mi + requests: + cpu: 10m + memory: 10Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumes: + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-certs + secret: + optional: true + secretName: istio.default +status: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: server-b-c-service spec: selector: - server: "http" + app: "ja" ports: - name: http protocol: TCP @@ -426,3 +623,71 @@ spec: port: 80 type: LoadBalancer --- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: server-check-destination +spec: + host: server-check + subsets: + - name: v1 + labels: + version: v1 + - name: v2 + labels: + version: v2 +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: server-check-gateway +spec: + selector: + expose: "true" + servers: + - port: + number: 6000 + name: tcp + protocol: TCP + hosts: + - "*" +--- +apiVersion: v1 +kind: Service +metadata: + name: server-check +spec: + selector: + expose: "true" + ports: + - name: http + protocol: TCP + targetPort: 6000 + port: 6000 +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: server-check-service +spec: + hosts: + - "*" + gateways: + - server-check-gateway + tcp: + - match: + - port: 6000 + route: + - destination: + host: server-b-c-service + port: + number: 6000 + subset: v1 + weight: 50 + - destination: + host: server-b-c-service + port: + number: 6000 + subset: v2 + weight: 50 +--- diff --git a/deploy.yaml b/deploy.yaml index 3fcf705..07fe6fd 100644 --- a/deploy.yaml +++ b/deploy.yaml @@ -1,51 +1,77 @@ --- -apiVersion: v1 -kind: Pod +apiVersion: apps/v1 +kind: Deployment metadata: name: server-a - labels: - server: "http" - expose: "true" spec: - containers: - - name: front-end - image: beppev/server-a:latest - ports: - - containerPort: 5000 + replicas: 1 + selector: + matchLabels: + server: "http" + expose: "true" + template: + metadata: + labels: + server: "http" + expose: "true" + spec: + containers: + - name: front-end + image: beppev/server-a:latest + ports: + - containerPort: 5000 --- -apiVersion: v1 -kind: Pod +apiVersion: apps/v1 +kind: Deployment metadata: name: server-b - labels: - server: "http" - app: "ja" - version: v1 spec: - containers: - - name: front-end - image: beppev/server-b:latest - ports: - - containerPort: 6000 + replicas: 1 + selector: + matchLabels: + server: "http" + app: "ja" + version: v1 + template: + metadata: + labels: + server: "http" + app: "ja" + version: v1 + spec: + containers: + - name: front-end + image: beppev/server-b:latest + ports: + - containerPort: 6000 --- -apiVersion: v1 -kind: Pod +apiVersion: apps/v1 +kind: Deployment metadata: name: server-c - labels: - server: "http" - app: "ja" - version: v2 spec: - containers: - - name: front-end - image: beppev/server-c:latest - ports: - - containerPort: 6000 + replicas: 1 + selector: + matchLabels: + server: "http" + app: "ja" + version: v2 + template: + metadata: + labels: + server: "http" + app: "ja" + version: v2 + spec: + containers: + - name: front-end + image: beppev/server-c:latest + ports: + - containerPort: 6000 --- apiVersion: v1 kind: Service -metedata: +metadata: name: server-b-c-service spec: selector: @@ -83,3 +109,71 @@ spec: targetPort: 5000 port: 80 type: LoadBalancer +--- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: server-check-destination +spec: + host: server-check + subsets: + - name: v1 + labels: + version: v1 + - name: v2 + labels: + version: v2 +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: server-check-gateway +spec: + selector: + expose: "true" + servers: + - port: + number: 6000 + name: tcp + protocol: TCP + hosts: + - "*" +--- +apiVersion: v1 +kind: Service +metadata: + name: server-check +spec: + selector: + expose: "true" + ports: + - name: http + protocol: TCP + targetPort: 6000 + port: 6000 +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: server-check-service +spec: + hosts: + - "*" + gateways: + - server-check-gateway + tcp: + - match: + - port: 6000 + route: + - destination: + host: server-b-c-service + port: + number: 6000 + subset: v1 + weight: 50 + - destination: + host: server-b-c-service + port: + number: 6000 + subset: v2 + weight: 50 \ No newline at end of file diff --git a/manifests/pipeline/pipeline.yaml b/manifests/pipeline/pipeline.yaml index 742c58d..b0560f9 100644 --- a/manifests/pipeline/pipeline.yaml +++ b/manifests/pipeline/pipeline.yaml @@ -84,6 +84,10 @@ spec: value: "$(params.imageUrl-c)" - name: imageTag value: "$(params.imageTag-c)" + resources: + inputs: + - name: git-source + resource: git-source - name: deploy-application taskRef: name: deploy-application diff --git a/serverA/app.py b/serverA/app.py index aa7bbbb..fd6f1fc 100644 --- a/serverA/app.py +++ b/serverA/app.py @@ -14,6 +14,9 @@ def doRequest(): def itWorks(): return requests.get(URL).json() +@app.route('/find//') +def findServer(name, port): + return requests.get("http://"+name+":"+port) if __name__ == '__main__': app.run(debug=True, host="0.0.0.0", port=5000)