No description, website, or topics provided.
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
istio-config Move Istio Gateway config to separate file Jul 12, 2018

Istio Routing Mission for Thorntail


Showcase Routing in Istio with a Thorntail application


  • Docker installed and running
  • OpenShift and Istio environment up and running with mTLS enabled.

See for details about the Launcher workflows and setting up the docker insecure registry required to run the istiooc.

Here is the sequence showing how to get up and running with the latest OpenShift 3.11 based istiooc release.

  • Download the latest istiooc release, for example:
mkdir istiooc && cd istiooc
wget -O oc
chmod +x oc
export PATH=/path/to/istiooc:$PATH

Note in this case it is based on Maistra 0.7.0 openshift-ansible release:

  • Start the cluster:
oc cluster up

Note this will apply the the istio-operator described here:

  • Login as system:admin, create an admin user and relogin as admin:admin
oc create user admin
oc adm policy add-cluster-role-to-user cluster-admin admin
oc login
  • Apply anyuid and privileged permissions to the service account of the project you are going to use to test the booster services, by default it will be a default account in the project MyProject:
oc adm policy add-scc-to-user anyuid system:serviceaccount:myproject:default
oc adm policy add-scc-to-user privileged system:serviceaccount:myproject:default
  • Deploy the Istio control plane and the Fabric8 launcher:
oc create -f cr-full.yaml

where cr-full.yaml should look like this:

apiVersion: ""
kind: "Installation"
  name: "istio-installation"
  namespace: istio-operator
  deployment_type: openshift
    authentication: true
    community: false
    version: 0.7.0
    version: 1.9.0
    elasticsearch_memory: 1Gi
      user: admin
      password: admin
      username: YOUR_GIT_ACCOUNT_ID

where the GIT token should have public_repo, read:org, and admin:repo_hook permissions.

The more complete version may look like this:

but the one above is sufficient for testing the boosters. Note, setting istio.authentication to true enables MTLS.

  • Verify the Istio Control Plane and Launcher deployments:

Now proceed to testing the booster.

Launcher Flow Setup

If the Booster is installed through the Launcher and the Continuous Delivery flow, no additional steps are necessary.

Skip to the Use Cases section.

Local Source to Image Build (S2I)

Prepare the Namespace

Create a new namespace/project:

oc new-project <whatever valid project name you want>

Build and Deploy the Application

With Source to Image build (S2I)

Run the following commands to apply and execute the OpenShift templates that will configure and deploy the applications:

find . | grep openshiftio | grep application | xargs -n 1 oc apply -f

oc new-app --template=thorntail-istio-routing-client-service -p SOURCE_REPOSITORY_URL= -p SOURCE_REPOSITORY_REF=master -p SOURCE_REPOSITORY_DIR=routing-client
oc new-app --template=thorntail-istio-routing-service-a-service -p SOURCE_REPOSITORY_URL= -p SOURCE_REPOSITORY_REF=master -p SOURCE_REPOSITORY_DIR=routing-service-a
oc new-app --template=thorntail-istio-routing-service-b-service -p SOURCE_REPOSITORY_URL= -p SOURCE_REPOSITORY_REF=master -p SOURCE_REPOSITORY_DIR=routing-service-b

Use Cases

Any steps issuing oc commands require the user to have run oc login first and switched to the appropriate project with oc project <project name>.

Default Service load balancing

  1. Create a Gateway and Virtual Service in Istio so that we can access the service within the Mesh:
    oc apply -f istio-config/gateway.yaml
  2. Retrieve the URL for the Istio Ingress Gateway route, with the below command, and open it in a web browser.
    echo http://$(oc get route istio-ingressgateway -o jsonpath='{}{"\n"}' -n istio-system)/thorntail-istio-routing
  3. The user will be presented with the web page of the Booster
  4. Click the "Invoke" button. You should see a message in the result box indicating which service instance was called.
  5. Click "Invoke" several more times. Notice that there is an even 50% split between service a and b.

Transfer load between services

  1. Modify the load balancing such that all requests go to service a:
    oc apply -f istio-config/load-balancing-rule.yaml
  2. Clicking on "Invoke" in the UI you will see that more requests are now being sent to service b.