- Setup
- Service Mesh
- Istio
- Database
- MariaDB
- Persistent storage
- Backend
- app: node.js
- reverse proxy: nginx
- Ingress
- ingress controller
- istio gateway
- ingress-nginx
- secret: certificates
- deploy ingress
- (option) mutual authentication
- ingress controller
- Test
- Horizontal Pod Autoscaler
- Destroy k8s applications
- Tip
Docker Desktop for Mac Edge release notes
- Docker 19+
- Docker Compose 1.26+
- Kubernetes 1.18+ (for Kubernetes Metrics Server)
Settings:
- Resources (for Istio)
- CPUs: 4
- Memory: 8GB
- Enable Kubernetes
127.0.0.1 example.localhost
kubectl label namespace default istio-injection=enabled
curl -L https://istio.io/downloadIstio | sh -
cd istio-1.6.3
export PATH=$PWD/bin:$PATH
istioctl install --set profile=demo
kubectl apply -f db/mariadb/configmap.yml;
kubectl apply -f db/mariadb/volume.yml;
kubectl apply -f db/mariadb/deploy.yml;
kubectl exec -i $(kubectl get pod --selector=app=mariadb --template '{{range .items}}{{.metadata.name}}{{end}}') -c db \
-- sh -c 'exec mysql -umaster -pmypw' < db/mariadb/data/dump.sql
Read Setup MariaDB
docker build -t node-app backend/app
kubectl apply -f backend/proxy/configmap.yml;
kubectl apply -f backend/deploy.yml;
- Set IP and Port
- Create certificates
- Create a gateway and a virtual service:
kubectl apply -f ingress/istio/gateway.yml;
Check ingress settings:
istioctl analyze;
✔ No validation issues found when analyzing namespace: default.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud/deploy.yaml
Using other platforms:
- minikube
- Helm 2
kubectl get pods -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx --watch
Once the ingress controller pods are running, you can cancel the command typing Ctrl+C
.
Read Ingress Secret
Create the Secret:
kubectl apply -f ingress/ingress-nginx/basic/secret.yml
kubectl apply -f ingress/ingress-nginx/basic/ingress.yml
Read Client Certificate Authentication: Mutual Authentication
curl -v -HHost:example.localhost --resolve "example.localhost:443:127.0.0.1" \
--cacert ingress/istio/certs/example.localhost.crt "https://example.localhost:443"
HTTP/2 200
It is automatically redirected to HTTPS.
Read Init Containers
- Open http://example.localhost/wiki/bauhaus.html.
- Compare with Wikipedia: Bauhaus.
- Username: admin
- Password: admin
istioctl dashboard kiali
- Left menu: Graph
- Namespace: default
Read Horizontal Pod Autoscaler
kubectl delete -n istio-system secret gateway-secret;
kubectl delete -f ingress/istio/gateway.yml;
istioctl manifest generate --set profile=demo | kubectl delete -f -
kubectl delete -f ingress/basic/ingress.yml;
kubectl delete -f ingress/basic/secret.yml;
Docker for Mac
kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud/deploy.yaml
kubectl delete -f backend/deploy.yml;
kubectl delete -f backend/proxy/configmap.yml;
kubectl delete -f db/mariadb/deploy.yml;
kubectl delete -f db/mariadb/volume.yml;
kubectl delete -f db/mariadb/configmap.yml;
kubectl get deploy # deployments, deployment
kubectl get svc # services, service
kubectl get ep # endpoints,
kubectl get rs # replicasets, replicaset
kubectl get po # pods
kubectl get ing # ingress
curl -X GET backend-service:80;
curl -X GET backend-service.default:80;
curl -X GET backend-service.default.svc:80;
curl -X GET backend-service.default.svc.cluster.local:80;
For standard usage:
minikube addons enable ingress
For development:
# Disable the ingress addon:
minikube addons disable ingress
make dev-env
kubectl get pods -n ingress-nginx
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx/
helm install --name ingress-nginx ingress-nginx/ingress-nginx