Setup
Prerequisite CLI tools
You will need in this tutorial:
-
openshift
-
Mac:
brew install openshift-cli
-
-
minishift
-
docker
-
Fedora:
dnf install docker
-
kubectl
-
Fedora:
dnf install kubernetes-client
-
oc (eval $(minishift oc-env))
-
Apache Maven
-
Fedora:
dnf install maven
-
-
Mac OS:
brew install stern
-
Fedora:
sudo curl --output /usr/local/bin/stern -L https://github.com/wercker/stern/releases/download/1.6.0/stern_linux_amd64 && sudo chmod +x /usr/local/bin/stern
-
-
istioctl (will be installed via the steps below)
-
curl
,gunzip
,tar
-
Mac OS: built-in or part of your bash shell
-
Fedora: should also be installed already, but just in case…
dnf install curl gzip tar
-
-
git
-
dnf install git
-
-
siege
-
MAC OS:
brew install siege
-
Fedora:
dnf install siege
-
If you want to validate if everything is installed at once, just open a terminal and run:
The output should be something like:
You can check quickly if you are missing any tool and decide if you want to install or not. |
Setup minishift
In case of using Minishift you need at least minishift v1.24.0.
#!/bin/bash
# add the location of minishift executable to PATH
# I also keep other handy tools like kubectl and kubetail.sh
# in that directory
minishift profile set istio-tutorial
minishift config set memory 8GB
minishift config set cpus 3
minishift config set image-caching true
minishift config set openshift-version v3.11.0
minishift addon enable admin-user
#cdk 3.7 bug - docker url check
minishift config set skip-startup-checks true
minishift start
#This needs to be executed again if you restart minishift.
minishift ssh -- sudo setenforce 0
# Openshift console bug. anyuid needs to be applied after startup
minishift addon apply anyuid
Setup environment
eval $(minishift oc-env)
oc login $(minishift ip):8443 -u admin -p admin
In this tutorial, you will often be polling the customer endpoint with curl , while simultaneously viewing logs via stern or kubetail.sh and issuing commands via oc and istioctl . Consider using three terminal windows.
|
Upstream Istio installation
#!/bin/bash
# Mac OS:
curl -L https://github.com/istio/istio/releases/download/1.1.9/istio-1.1.9-osx.tar.gz | tar xz
# Fedora/RHEL:
curl -L https://github.com/istio/istio/releases/download/1.1.9/istio-1.1.9-linux.tar.gz | tar xz
# Both:
cd istio-1.1.9
export ISTIO_HOME=`pwd`
export PATH=$ISTIO_HOME/bin:$PATH
oc apply -f install/kubernetes/helm/istio-init/files/crd-11.yaml
or
kubectl apply -f install/kubernetes/helm/istio-init/files/crd-11.yaml
oc apply -f install/kubernetes/istio-demo.yaml
or
kubectl apply -f install/kubernetes/istio-demo.yaml
oc project istio-system
or
kubectl config set-context $(kubectl config current-context) --namespace=istio-system
oc expose svc istio-ingressgateway --port=80
oc expose svc grafana
oc expose svc prometheus
oc expose svc tracing
oc expose service kiali --path=/kiali
oc adm policy add-cluster-role-to-user admin system:serviceaccount:istio-system:kiali-service-account -z default
Wait for Istio’s components to be ready
$ oc get pods -w
or
$ kubectl get pods -w
NAME READY STATUS RESTARTS AGE
grafana-55cd86b44c-2vndc 1/1 Running 0 88m
istio-citadel-f9fbdd9df-xzzr7 1/1 Running 0 88m
istio-cleanup-secrets-1.1.6-d5css 0/1 Completed 0 88m
istio-egressgateway-895fb885d-bdqkv 1/1 Running 0 89m
istio-galley-5797db85b8-4866m 1/1 Running 0 89m
istio-grafana-post-install-1.1.6-6dk5h 0/1 Completed 0 89m
istio-ingressgateway-58f959476f-82zsf 1/1 Running 0 89m
istio-pilot-57d4bb58ff-tt8r4 2/2 Running 0 88m
istio-policy-79b88bcdf9-qqp4r 2/2 Running 6 88m
istio-security-post-install-1.1.6-8mmxj 0/1 Completed 0 88m
istio-sidecar-injector-7698fc57fb-dlnx4 1/1 Running 0 88m
istio-telemetry-b9799c89-d94hj 2/2 Running 6 88m
istio-tracing-7454db9d79-9qwqr 1/1 Running 0 88m
kiali-66d74fc6cc-zdzzt 1/1 Running 0 88m
prometheus-7d9fb4b69c-ww5w7 1/1 Running 0 88m
And if you need quick access to the OpenShift console
minishift console
On your first launch of the OpenShift console via minishift , you will receive a warning like "Your connection is not private". For our demo, simply select "Proceed to 192.168.xx.xx (unsafe)" to bypass the warning. Both the username and the password are set to admin , thanks to the admin-user add-on.
|