/
install_istio_separate_network.sh
188 lines (150 loc) · 5.75 KB
/
install_istio_separate_network.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
#!/bin/bash
set -eux
# define here or provide the cluster names externally
export CTX_CLUSTER1=${CTX_CLUSTER1}
export CTX_CLUSTER2=${CTX_CLUSTER2}
export CTX_CLUSTER3=${CTX_CLUSTER3}
export ISTIO_VERSION=${ISTIO_VERSION}
# download Istio under the path
curl -L https://istio.io/downloadIstio | sh -
# checks if external IP has been assigned to a service object, in our case we are interested in east-west gateway
function_check_external_ip_assigned() {
while : ; do
ip=$(kubectl --context="$1" get svc istio-eastwestgateway -n istio-system --output jsonpath='{.status.loadBalancer.ingress[0].ip}')
if [ -n "$ip" ]
then
echo "external ip assigned $ip"
break
else
echo "waiting for external ip to be assigned"
fi
done
}
cd istio-${ISTIO_VERSION}
mkdir -p certs
pushd certs
# create root trust for the clusters
make -f ../tools/certs/Makefile.selfsigned.mk root-ca
make -f ../tools/certs/Makefile.selfsigned.mk ${CTX_CLUSTER1}-cacerts
make -f ../tools/certs/Makefile.selfsigned.mk ${CTX_CLUSTER2}-cacerts
make -f ../tools/certs/Makefile.selfsigned.mk ${CTX_CLUSTER3}-cacerts
kubectl --context="${CTX_CLUSTER1}" create ns istio-system
kubectl --context="${CTX_CLUSTER1}" create secret generic cacerts -n istio-system \
--from-file=${CTX_CLUSTER1}/ca-cert.pem \
--from-file=${CTX_CLUSTER1}/ca-key.pem \
--from-file=${CTX_CLUSTER1}/root-cert.pem \
--from-file=${CTX_CLUSTER1}/cert-chain.pem
kubectl --context="${CTX_CLUSTER2}" create ns istio-system
kubectl --context="${CTX_CLUSTER2}" create secret generic cacerts -n istio-system \
--from-file=${CTX_CLUSTER2}/ca-cert.pem \
--from-file=${CTX_CLUSTER2}/ca-key.pem \
--from-file=${CTX_CLUSTER2}/root-cert.pem \
--from-file=${CTX_CLUSTER2}/cert-chain.pem
kubectl --context="${CTX_CLUSTER3}" create ns istio-system
kubectl --context="${CTX_CLUSTER3}" create secret generic cacerts -n istio-system \
--from-file=${CTX_CLUSTER3}/ca-cert.pem \
--from-file=${CTX_CLUSTER3}/ca-key.pem \
--from-file=${CTX_CLUSTER3}/root-cert.pem \
--from-file=${CTX_CLUSTER3}/cert-chain.pem
popd
# label namespace in cluster1
kubectl --context="${CTX_CLUSTER1}" get namespace istio-system && \
kubectl --context="${CTX_CLUSTER1}" label namespace istio-system topology.istio.io/network=network1
cat <<EOF > cluster1.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
values:
global:
meshID: mesh1
multiCluster:
clusterName: cluster1
network: network1
EOF
bin/istioctl install --context="${CTX_CLUSTER1}" -f cluster1.yaml
samples/multicluster/gen-eastwest-gateway.sh \
--mesh mesh1 --cluster cluster1 --network network1 | \
bin/istioctl --context="${CTX_CLUSTER1}" install -y -f -
# check if external IP is assigned to east-west gateway in cluster1
function_check_external_ip_assigned "${CTX_CLUSTER1}"
# expose services in cluster1
kubectl --context="${CTX_CLUSTER1}" apply -n istio-system -f \
samples/multicluster/expose-services.yaml
kubectl --context="${CTX_CLUSTER2}" get namespace istio-system && \
kubectl --context="${CTX_CLUSTER2}" label namespace istio-system topology.istio.io/network=network2
cat <<EOF > cluster2.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
values:
global:
meshID: mesh1
multiCluster:
clusterName: cluster2
network: network2
EOF
bin/istioctl install --context="${CTX_CLUSTER2}" -f cluster2.yaml
samples/multicluster/gen-eastwest-gateway.sh \
--mesh mesh1 --cluster cluster2 --network network2 | \
bin/istioctl --context="${CTX_CLUSTER2}" install -y -f -
# check if external IP is assigned to east-west gateway in cluster2
function_check_external_ip_assigned "${CTX_CLUSTER2}"
kubectl --context="${CTX_CLUSTER2}" apply -n istio-system -f \
samples/multicluster/expose-services.yaml
# cluster3
kubectl --context="${CTX_CLUSTER3}" get namespace istio-system && \
kubectl --context="${CTX_CLUSTER3}" label namespace istio-system topology.istio.io/network=network3
cat <<EOF > cluster3.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
values:
global:
meshID: mesh1
multiCluster:
clusterName: cluster3
network: network3
EOF
bin/istioctl install --context="${CTX_CLUSTER3}" -f cluster3.yaml
samples/multicluster/gen-eastwest-gateway.sh \
--mesh mesh1 --cluster cluster3 --network network3 | \
bin/istioctl --context="${CTX_CLUSTER3}" install -y -f -
# check if external IP is assigned to east-west gateway in cluster3
function_check_external_ip_assigned "${CTX_CLUSTER3}"
kubectl --context="${CTX_CLUSTER3}" apply -n istio-system -f \
samples/multicluster/expose-services.yaml
# enable endpoint discovery
bin/istioctl x create-remote-secret \
--context="${CTX_CLUSTER1}" \
-n istio-system \
--name=cluster1 | \
kubectl apply -f - --context="${CTX_CLUSTER2}"
bin/istioctl x create-remote-secret \
--context="${CTX_CLUSTER1}" \
-n istio-system \
--name=cluster1 | \
kubectl apply -f - --context="${CTX_CLUSTER3}"
bin/istioctl x create-remote-secret \
--context="${CTX_CLUSTER2}" \
-n istio-system \
--name=cluster2 | \
kubectl apply -f - --context="${CTX_CLUSTER1}"
bin/istioctl x create-remote-secret \
--context="${CTX_CLUSTER2}" \
-n istio-system \
--name=cluster2 | \
kubectl apply -f - --context="${CTX_CLUSTER3}"
bin/istioctl x create-remote-secret \
--context="${CTX_CLUSTER3}" \
-n istio-system \
--name=cluster3 | \
kubectl apply -f - --context="${CTX_CLUSTER1}"
bin/istioctl x create-remote-secret \
--context="${CTX_CLUSTER3}" \
-n istio-system \
--name=cluster3 | \
kubectl apply -f - --context="${CTX_CLUSTER2}"
# cleanup: delete the istio repo at the end
cd ..
rm -r istio-${ISTIO_VERSION}
rm -f cluster1.yaml cluster2.yaml cluster3.yaml