Google Cloud Platform Istio bootstrap for GKE
- Practical Istio - Introduction
- A brief introduction into Istio and its role in modern production Kubernetes. We prepare for the future instalments of Practical Istio.
- Practical Istio - Private Kubernetes Deployment
- Deployment of Kubernetes onto GKE making use of GCP Deployment Manager. The process insures we end up with a robust private cluster to work with moving forward.
- Practical Istio - Init & Install
- Initialising the Istio Custom Definitions and installing Istio onto our fresh Kubernetes cluster.
- Practical Istio - Ingress Gateway
- Configure a number of different Istio Ingress Gateways allowing traffic in for our various services.
- Practical Istio - Virtual Services
- Configure Istio VirtualService components to route Kiali, Jaeger, Prometheus and Grafana endpoints to the correct services.
| Service | Endpoint |
|---|---|
| kiali | http://gke.devopstar.com:15029/kiali/console |
| prometheus | http://gke.devopstar.com:15030 |
| grafana | http://gke.devopstar.com:15031 |
| tracing | http://gke.devopstar.com:15032 |
| Service | Endpoint |
|---|---|
| prometheus | http://gke.devopstar.com/prometheus |
| grafana | http://gke.devopstar.com/grafana/login |
./deploy.sh <project_id> <resource> <action>Resources must be deployed and removed in the following order
| create | delete |
|---|---|
| iam | dns |
| network | bastion |
| cloud-router | gke |
| gke | cloud-router |
| bastion | network |
| dns | iam |
Or simply run the following to bring it all up
./deploy.sh <project_id> all createConnect to the bastion host and manage the kubernetes cluster from there using the steps below
gcloud compute scp \
--recurse ./k8s* <project_id>-bastion:~/ \
--zone australia-southeast1-agcloud compute ssh <project_id>-bastion \
--project <project_id> \
--zone australia-southeast1-agcloud container clusters get-credentials <project_id>-gke \
--project <project_id> \
--region australia-southeast1Note: If you have a domain name you will be using, make sure to replace DNS_NAME with that entry. If you aren't going to use one, you'll need to patch out references to gke.devopstar.com replacing it with the ingres IP you are assigned later.
# Initialize Istio
./k8s/istio/istio.sh <project_id> init
# Install Istio Services
./k8s/istio/istio.sh <project_id> installkubectl apply -f k8s/istio/gatewayskubectl apply -f k8s/istio/virtual-serviceskubectl apply -f k8s/istio/destination-ruleskubectl apply -f k8s/istio/whitelistsWe'll deploy an RBAC configuration that is used by helm. Perform the following actions from the Bastion server
# Create tiller service account & cluster role binding
kubectl create -f k8s/rbac-config.yaml
# init helm with the service account
helm init --service-account tiller --history-max 200helm install \
--name external-dns stable/external-dns \
-f k8s/external-dns.yaml --waithelm install \
--name prometheus stable/prometheus \
-f k8s/prometheus/values.yaml --wait
kubectl apply \
-f k8s/grafana/configmap.yaml
helm install \
--name grafana stable/grafana \
-f k8s/grafana/values.yaml --waithelm delete --purge external-dns grafana prometheus
./k8s/istio/istio.sh <project_id> remove- RBAC Configuration Example - https://github.com/helm/helm/blob/master/docs/rbac.md
- Deployment Manager samples - https://github.com/GoogleCloudPlatform/deploymentmanager-samples
- cloud_router
- firewall
- gke - with modifications from Praveen Chamarthi
- iam_member
- network