Kubernetes Lab

A simple microservices setup to help you learn and manage a local Kubernetes cluster

A combination of simple mock microservices to help you kick start your local Kubernetes cluster locally. This project does not require you to setup a cloud based cluster. The microservices make simple calls to each other to simulate traffic.

Installation

Minikube Setup

# We use kubernetes v1.16.x to guarantee istio support
minikube start --memory='8000mb' --cpus=4 --kubernetes-version=v1.16.9

# Check status of the local cluster
minikube status

# Get list of active addons
minikube addons list

# Enable necessary addons
minikube addons enable ingress
minikube addons enable registry
minikube addons enable registry-creds

# Minikube dashboard
minikube dashboard

Istio setup

# Download istio's latest stable release
cd ./k8s
curl -L https://istio.io/downloadIstio | sh -
export PATH="$PATH:/Users/bdghaidi/Projects/k8s_lab/k8s/istio-1.6.0/bin"
istioctl verify-install

# Install istio demo profile
cd ./istio-1.6.0
istioctl manifest apply --set profile=demo

# Monitor progress
kubectl get pods -n istio-system

Install watch

brew install watch

Setup AWS ECR

Create awscli user

• Go to: AWS Console -> Profile -> My Security Credentials
• In the left menu go to: Users
• Add user
• After you create the user, click on it and go to: Security Credentials
• Create Access Key
• Keep the modal open you will use it in the next step

Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html

Setup AWS Cli

# Install awscli
brew install awscli

# Configure credentials
# You will use the Access Key you created in the previous step
aws configure

Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html

Create Repositories in ECR

• Go to AWS console -> ECR
• Create 3 repositories named as per the below:
  • service-auth
  • service-customer
  • service-payments

Reference: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html

Login to AWS ECR with Docker

We need to do this step so that we can push the images of the services to ECR before Kubernetes can pull them.

# Fetch credentials with awscli and login to the registry
docker login -u AWS -p (aws ecr get-login-password --profile <aws_profile> --region eu-west-1) https://<account_id>.dkr.ecr.eu-west-1.amazonaws.com

Build microservice images and push them to ECR

# Install gulp we will use it to build the images
npm install -g gulp

# Update the Gulpfile.js in each microservice to map to your defined ECR URL
const CONTAINER_REGISTRY = '<account_id>.dkr.ecr.eu-west-1.amazonaws.com';

# Build and push the images of all the microservices
gulp --f ./service-auth_v1/src/Gulpfile.js
gulp --f ./service-auth_v2/src/Gulpfile.js
gulp --f ./service-customer/src/Gulpfile.js
gulp --f ./service-payments/src/Gulpfile.js

Store AWS ECR credentials in minikube (Kubernetes secrets)

# Register AWS ECR credentials with minikube to be used by Kubernetes
minikube addons configure registry-creds

Istio

# Enable istio sidecar injection in the default namespace
kubectl label namespace default istio-injection=enabled

Deploy the microservices

cd ./k8s/deployments/

# Update the deployments to point to the proper URL of the docker image
image: <account_id>.dkr.ecr.eu-west-1.amazonaws.com/service-auth:v1

# Apply the deployments
kubectl apply -f service-auth-deployment_v1.yml
kubectl apply -f service-auth-deployment_v2.yml
kubectl apply -f service-customer-deployment.yml
kubectl apply -f service-payments-deployment.yml

# Watch the pods
watch -n 3 get pods -n default

Add testing domain to /etc/hosts

# Get the cluster IP and map it to a domain
echo (minikube ip)" fintech.demo.local"

# Add the output from the above to your /etc/hosts file

Test the setup

# Test the setup
curl -G fintech.demo.local/auth/v1/authenticate

> Output:
    {"method":"GET","path":"/authenticate","POD":"service-auth-v1-754c7754c6-9n58b","body":{"code":200,"key":"authentication","value":"User authenticated"}}

Extras

# Install jq to have a clearer / cleaner JSON output
brew install jq

# Use jq while simulating continuous traffic
watch -n 3 'curl -G fintech.demo.local/auth/v1/authenticate | jq'

# Get logs from a single pod
kubectl -n default logs -f deployment/service-payments-deployment --all-containers=true --since=10m

Istio Dashboards

istioctl dashboard kiali
istioctl dashboard grafana
istioctl dashboard prometheus
istioctl dashboard jaeger

Istio test samples

# Navigate to ./tests
# Apply the destination rules first
kubectl apply -f ./destination_rules_all.yml

# Then pick and choose which virtual service you'd like to test
kubectl apply -f ./chaos_delay_7s.yml

---

Caveats

• In all the examples above I've been using the fish shell which varies slightly from bash
• The above setup has only been tested on macOS
• Multiple configurations can be automated and some are hardcoded like the ECR URL in the deployments and gulp files

---

Release History

• 0.1.0
  • Work in progress

---

Meta

Copyright [2020] Bassem Dghaidi

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

See LICENSE for more information.