├── .gitignore ├── CONTRIBUTING.md ├── Jenkinsfile ├── LICENSE ├── Makefile ├── OWNERS ├── README.md ├── create-istio-cluster.sh ├── create-istio-mesh-exp-files-1.0.x.sh ├── create-istio-mesh-exp-files.sh ├── create-istio-mesh-exp-gce.sh ├── download-istio.sh ├── install-bookinfo-1.0.4.sh ├── install-bookinfo-1.0.x.sh ├── install-bookinfo.sh ├── install-istio-mesh-exp.sh ├── install-istio.sh ├── integrate-service-into-istio-1.0.x.sh ├── integrate-service-into-istio.sh ├── setup-istio-grafana.sh ├── setup-istio-mesh-exp-gce-1.0.x.sh ├── setup-istio-mesh-exp-gce.sh ├── setup-remote-gce-service.sh ├── setup-remote-gce-sidecar.sh ├── test ├── boilerplate │ ├── boilerplate.BUILD.txt │ ├── boilerplate.Dockerfile.txt │ ├── boilerplate.Makefile.txt │ ├── boilerplate.WORKSPACE.txt │ ├── boilerplate.bazel.txt │ ├── boilerplate.bzl.txt │ ├── boilerplate.css.txt │ ├── boilerplate.go.preamble │ ├── boilerplate.go.txt │ ├── boilerplate.html.preamble │ ├── boilerplate.html.txt │ ├── boilerplate.java.txt │ ├── boilerplate.js.txt │ ├── boilerplate.py.preamble │ ├── boilerplate.py.txt │ ├── boilerplate.scss.txt │ ├── boilerplate.sh.preamble │ ├── boilerplate.sh.txt │ ├── boilerplate.tf.txt │ ├── boilerplate.ts.txt │ ├── boilerplate.xml.preamble │ ├── boilerplate.xml.txt │ └── boilerplate.yaml.txt ├── make.sh └── verify_boilerplate.py ├── verify-bookinfo-setup.sh ├── verify-db-ratings.sh └── verify-functions.sh /.gitignore: -------------------------------------------------------------------------------- 1 | # OSX leaves these everywhere on SMB shares 2 | ._* 3 | 4 | # OSX trash 5 | .DS_Store 6 | 7 | # Emacs save files 8 | *~ 9 | \#*\# 10 | .\#* 11 | 12 | # Vim-related files 13 | [._]*.s[a-w][a-z] 14 | [._]s[a-w][a-z] 15 | *.un~ 16 | Session.vim 17 | .netrwhist 18 | 19 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | We'd love to accept your patches and contributions to this project. There are 4 | just a few small guidelines you need to follow. 5 | 6 | ## Contributor License Agreement 7 | Contributions to this project must be accompanied by a Contributor License 8 | Agreement. You (or your employer) retain the copyright to your contribution; 9 | this simply gives us permission to use and redistribute your contributions as 10 | part of the project. Head over to https://cla.developers.google.com/ to see your 11 | current agreements on file or to sign a new one. 12 | 13 | You generally only need to submit a CLA once, so if you've already submitted one 14 | (even if it was for a different project), you probably don't need to do it again. 15 | 16 | ## Code reviews 17 | All submissions, including submissions by project members, require review. We 18 | use GitHub pull requests for this purpose. Consult GitHub Help for more 19 | information on using pull requests. 20 | 21 | ## Community Guidelines 22 | This project follows 23 | [Google's Open Source Community Guidelines](CODE-OF-CONDUCT.md). 24 | -------------------------------------------------------------------------------- /Jenkinsfile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env groovy 2 | /* 3 | Copyright 2018 Google LLC 4 | 5 | Licensed under the Apache License, Version 2.0 (the "License"); 6 | you may not use this file except in compliance with the License. 7 | You may obtain a copy of the License at 8 | 9 | https://www.apache.org/licenses/LICENSE-2.0 10 | 11 | Unless required by applicable law or agreed to in writing, software 12 | distributed under the License is distributed on an "AS IS" BASIS, 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | See the License for the specific language governing permissions and 15 | limitations under the License. 16 | 17 | */ 18 | 19 | // The declarative agent is defined in yaml. It was previously possible to 20 | // define containerTemplate but that has been deprecated in favor of the yaml 21 | // format 22 | // Reference: https://github.com/jenkinsci/kubernetes-plugin 23 | 24 | // set up pod label and GOOGLE_APPLICATION_CREDENTIALS (for Terraform) 25 | def label = "k8s-infra" 26 | def containerName = "k8s-node" 27 | def GOOGLE_APPLICATION_CREDENTIALS = '/home/jenkins/dev/jenkins-deploy-dev-infra.json' 28 | 29 | podTemplate(label: label, yaml: """ 30 | apiVersion: v1 31 | kind: Pod 32 | metadata: 33 | labels: 34 | jenkins: build-node 35 | spec: 36 | containers: 37 | - name: ${containerName} 38 | image: gcr.io/pso-helmsman-cicd/jenkins-k8s-node:${env.CONTAINER_VERSION} 39 | command: ['cat'] 40 | tty: true 41 | volumeMounts: 42 | # Mount the dev service account key 43 | - name: dev-key 44 | mountPath: /home/jenkins/dev 45 | volumes: 46 | # Create a volume that contains the dev json key that was saved as a secret 47 | - name: dev-key 48 | secret: 49 | secretName: jenkins-deploy-dev-infra 50 | """ 51 | ) { 52 | node(label) { 53 | try { 54 | // Options covers all other job properties or wrapper functions that apply to entire Pipeline. 55 | properties([disableConcurrentBuilds()]) 56 | // set env variable GOOGLE_APPLICATION_CREDENTIALS for Terraform 57 | env.GOOGLE_APPLICATION_CREDENTIALS=GOOGLE_APPLICATION_CREDENTIALS 58 | 59 | stage('Setup') { 60 | container(containerName) { 61 | // checkout code from scm i.e. commits related to the PR 62 | checkout scm 63 | } 64 | } 65 | stage('Lint') { 66 | container(containerName) { 67 | sh "make lint" 68 | } 69 | } 70 | } 71 | catch (err) { 72 | // if any exception occurs, mark the build as failed 73 | // and display a detailed message on the Jenkins console output 74 | currentBuild.result = 'FAILURE' 75 | echo "FAILURE caught echo ${err}" 76 | throw err 77 | } 78 | } 79 | } 80 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Make will use bash instead of sh 16 | SHELL := /usr/bin/env bash 17 | 18 | # All is the first target in the file so it will get picked up when you just run 'make' on its own 19 | lint: check_shell check_python check_golang check_terraform check_docker check_base_files check_headers check_trailing_whitespace 20 | 21 | # The .PHONY directive tells make that this isn't a real target and so 22 | # the presence of a file named 'check_shell' won't cause this target to stop 23 | # working 24 | .PHONY: check_shell 25 | check_shell: 26 | @source test/make.sh && check_shell 27 | 28 | .PHONY: check_python 29 | check_python: 30 | @source test/make.sh && check_python 31 | 32 | .PHONY: check_golang 33 | check_golang: 34 | @source test/make.sh && golang 35 | 36 | .PHONY: check_terraform 37 | check_terraform: 38 | @source test/make.sh && check_terraform 39 | 40 | .PHONY: check_docker 41 | check_docker: 42 | @source test/make.sh && docker 43 | 44 | .PHONY: check_base_files 45 | check_base_files: 46 | @source test/make.sh && basefiles 47 | 48 | .PHONY: check_shebangs 49 | check_shebangs: 50 | @source test/make.sh && check_bash 51 | 52 | .PHONY: check_trailing_whitespace 53 | check_trailing_whitespace: 54 | @source test/make.sh && check_trailing_whitespace 55 | 56 | .PHONY: check_headers 57 | check_headers: 58 | @echo "Checking file headers" 59 | @python3.7 test/verify_boilerplate.py 60 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - chrislovecnm 3 | - robinpercy 4 | - geojaz 5 | - techgnosis 6 | - erkolson 7 | labels: 8 | - gke-helmsman 9 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Files shared by the Istio demos 2 | 3 | This repository contains files shared by several Istio demos for Kubernetes 4 | Engine. 5 | 6 | ## Istio Demos 7 | 8 | ### Telemetry Demo 9 | 10 | This project demonstrates how to use an Istio service mesh in a single 11 | Kubernetes Engine cluster alongside Prometheus, Jaeger, and Grafana, to monitor 12 | cluster and workload performance metrics. You will first deploy the Istio 13 | control plane, data plane, and additional visibility tools using the provided 14 | scripts, then explore the collected metrics and trace data in Grafana. 15 | 16 | You can find the project here: https://github.com/GoogleCloudPlatform/gke-istio-telemetry-demo 17 | 18 | ### GCE Demo 19 | 20 | In this project, you will leverage Kubernetes Engine and Google Compute Engine 21 | to explore how Istio can manage services that reside outside of the Kubernetes 22 | Engine environment. You will deploy a typical Istio service mesh in Kubernetes 23 | Engine, then configure an externally deployed microservice to join the mesh. 24 | 25 | You can find the project here: https://github.com/GoogleCloudPlatform/gke-istio-gce-demo 26 | 27 | **This is not an officially supported Google product** 28 | -------------------------------------------------------------------------------- /create-istio-cluster.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | PROJECT="${1}" 20 | CLUSTER_NAME="${2}" 21 | ZONE="${3}" 22 | ISTIO_NETWORK_NAME="${4}" 23 | 24 | # Get the latest available cluster version 25 | MASTER_VERSION=$(gcloud container get-server-config --zone="${ZONE}" \ 26 | --format "value(validMasterVersions[0])" 2>/dev/null) 27 | 28 | gcloud container clusters create "${CLUSTER_NAME}" \ 29 | --enable-autorepair \ 30 | --machine-type=n1-standard-2 \ 31 | --num-nodes=4 \ 32 | --network="${ISTIO_NETWORK_NAME}" \ 33 | --project "${PROJECT}" \ 34 | --cluster-version="${MASTER_VERSION}" \ 35 | --zone "${ZONE}" 36 | 37 | # Get the credentials to access the cluster 38 | gcloud container clusters get-credentials "${CLUSTER_NAME}" --project "${PROJECT}" \ 39 | --zone "${ZONE}" 40 | 41 | # Bind cluster-admin role to the current user to grant sufficient privileges to 42 | # deploy the rest of the infrastructure and print the current context 43 | kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin \ 44 | --user="$(gcloud config get-value core/account)" 45 | kubectl config current-context 46 | -------------------------------------------------------------------------------- /create-istio-mesh-exp-files-1.0.x.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | PROJECT="${1}" 20 | ZONE="${2}" 21 | CLUSTER_NAME="${3}" 22 | ISTIO_AUTH_POLICY="${4}" 23 | EXP_SRVC_NAMESPACE="${5}" 24 | ISTIO_DIR="${6}" 25 | 26 | # Navigate to the Istio directory so that the generated .env files are in the 27 | # correct directory for the setupVmEx.sh script. 28 | pushd "${ISTIO_DIR}" 29 | # Export GCP_OPTS, and CONTROL_PLANE_AUTH_POLICY as they are required by the 30 | # setupMeshEx.sh script 31 | export GCP_OPTS="--zone ${ZONE} --project ${PROJECT}" 32 | export CONTROL_PLANE_AUTH_POLICY="${ISTIO_AUTH_POLICY}" 33 | ./install/tools/setupMeshEx.sh generateClusterEnv "${CLUSTER_NAME}" 34 | 35 | # Create the DNS config file for the VM. This is necessary to allow the VM to 36 | # resolve cluster service names. 37 | echo "Creating DNS configuration file for the Istio-integrated VM" 38 | ./install/tools/setupMeshEx.sh generateDnsmasq 39 | 40 | # Verify kubedns file created 41 | KUBE_DNS_CREATED=$(ls kubedns) 42 | if [ "${KUBE_DNS_CREATED}" == "kubedns" ] ; then 43 | echo "DNS configuration created successfully" 44 | else 45 | echo "DNS configuration not created successfully" 46 | exit 1 47 | fi 48 | 49 | # Create expansion service namespace to locate the VM's service if not already 50 | # created 51 | NS="$(kubectl get namespace --field-selector=metadata.name="${EXP_SRVC_NAMESPACE}" \ 52 | --output jsonpath="{.items[*].metadata.name}")" 53 | if [ "${NS}" == "" ] ; then 54 | echo "Creating namespace for VM services" 55 | kubectl create namespace "${EXP_SRVC_NAMESPACE}" 56 | fi 57 | popd 58 | -------------------------------------------------------------------------------- /create-istio-mesh-exp-files.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | PROJECT="${1}" 20 | ZONE="${2}" 21 | CLUSTER_NAME="${3}" 22 | ISTIO_AUTH_POLICY="${4}" 23 | EXP_SRVC_NAMESPACE="${5}" 24 | ISTIO_DIR="${6}" 25 | 26 | # Export GCP_OPTS as they are required by the setupMeshEx.sh script 27 | # Navigate to the Istio directory so that the generated .env files are in the 28 | # correct directory for the setupVmEx.sh script. 29 | pushd "${ISTIO_DIR}" 30 | export GCP_OPTS="--zone ${ZONE} --project ${PROJECT}" 31 | ./install/tools/setupMeshEx.sh generateClusterEnv "${CLUSTER_NAME}" 32 | 33 | # Update the cluster.env file if not doing TLS (mesh expansion does not support TLS) 34 | if [[ "${ISTIO_AUTH_POLICY}" == "NONE" ]] ; then 35 | # Be careful when editing this sed command as Mac and Linux do not use the 36 | # same version of sed 37 | sed -i'' -e "s/CONTROL_PLANE_AUTH_POLICY=MUTUAL_TLS/CONTROL_PLANE_AUTH_POLICY=${ISTIO_AUTH_POLICY}/g" cluster.env 38 | fi 39 | 40 | # Verify cluster.env file has correct auth setting 41 | TLS="$(grep CONTROL_PLANE_AUTH_POLICY="${ISTIO_AUTH_POLICY}" < cluster.env)" 42 | if [ "${TLS}" == "CONTROL_PLANE_AUTH_POLICY=${ISTIO_AUTH_POLICY}" ] ; then 43 | echo "cluster.env authentication policy parameter set correctly with 44 | CONTROL_PLANE_AUTH_POLICY=${ISTIO_AUTH_POLICY}" 45 | else 46 | echo "cluster.env authentication policy parameter does not match required 47 | setting of ${ISTIO_AUTH_POLICY}" 48 | exit 1 49 | fi 50 | 51 | # Create the DNS config file for the VM. This is necessary to allow the VM to 52 | # resolve cluster service names. 53 | echo "Creating DNS configuration file for the Istio-integrated VM" 54 | ./install/tools/setupMeshEx.sh generateDnsmasq 55 | 56 | # Verify kubedns file created 57 | KUBE_DNS_CREATED=$(ls kubedns) 58 | if [ "${KUBE_DNS_CREATED}" == "kubedns" ] ; then 59 | echo "DNS configuration created successfully" 60 | else 61 | echo "DNS configuration not created successfully" 62 | exit 1 63 | fi 64 | 65 | # Create expansion service namespace to locate the VM's service if not already 66 | # created 67 | NS="$(kubectl get namespace --field-selector=metadata.name="${EXP_SRVC_NAMESPACE}" \ 68 | --output jsonpath="{.items[*].metadata.name}")" 69 | if [ "${NS}" == "" ] ; then 70 | echo "Creating namespace for VM services" 71 | kubectl create namespace "${EXP_SRVC_NAMESPACE}" 72 | fi 73 | popd -------------------------------------------------------------------------------- /create-istio-mesh-exp-gce.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | VM="${1}" 20 | PROJECT="${2}" 21 | NETWORK="${3}" 22 | ZONE="${4}" 23 | 24 | # Create gce instance for istio mesh expansion if it doesn't exist 25 | if [[ ! $(gcloud compute instances list --project "${PROJECT}" \ 26 | --filter "name=${VM}" \ 27 | --format "value(name)") ]]; then 28 | gcloud compute instances create "${VM}" --project "${PROJECT}" \ 29 | --network "${NETWORK}" \ 30 | --tags "mysql" \ 31 | --zone "${ZONE}" 32 | fi 33 | 34 | # Ensure that the GKE cluster can access the MySQL DB port on the VM 35 | if [[ ! $(gcloud compute firewall-rules list --project "${PROJECT}" \ 36 | --filter "name=allow-mysql" \ 37 | --format 'value(name)') ]]; then 38 | gcloud compute firewall-rules create allow-mysql --project "${PROJECT}" \ 39 | --network "${NETWORK}" \ 40 | --target-tags "mysql" \ 41 | --source-ranges "10.0.0.0/9" \ 42 | --allow "tcp:3306" 43 | fi 44 | 45 | # Ensure that one can SSH to the cluster from anywhere 46 | if [[ ! $(gcloud compute firewall-rules list --project "${PROJECT}" \ 47 | --filter "name=allow-ssh-${VM}" \ 48 | --format 'value(name)') ]]; then 49 | gcloud compute firewall-rules create allow-ssh-"${VM}" --project "${PROJECT}" \ 50 | --network "${NETWORK}" \ 51 | --target-tags "mysql" \ 52 | --source-ranges "0.0.0.0/0" \ 53 | --allow "tcp:22" 54 | fi 55 | -------------------------------------------------------------------------------- /download-istio.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Download the Istio components from GitHub and extract them to disk 18 | 19 | ISTIO_VERSION="${1}" 20 | TARGET_DIR="${2}" 21 | 22 | echo "Istio version: ${ISTIO_VERSION}" 23 | 24 | # The istioctl binary is precompiled so we must determine which Istio version 25 | # we need to download. 26 | if [[ "$(uname -s)" == "Linux" ]]; then 27 | export OS_TYPE="linux" 28 | elif [[ "$(uname -s)" == "Darwin" ]]; then 29 | export OS_TYPE="osx" 30 | fi 31 | 32 | curl -s -L --remote-name "https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-${OS_TYPE}.tar.gz" 33 | 34 | # extract istio 35 | echo "Extracting Istio tarball to ${TARGET_DIR}" 36 | tar xzf "istio-${ISTIO_VERSION}-${OS_TYPE}.tar.gz" --directory "${TARGET_DIR}" 37 | 38 | # remove istio zip 39 | rm "istio-${ISTIO_VERSION}-${OS_TYPE}.tar.gz" 40 | -------------------------------------------------------------------------------- /install-bookinfo-1.0.4.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=../gke-istio-shared/verify-functions.sh 18 | 19 | ISTIO_DIR="${1}" 20 | NAMESPACE="${2}" 21 | SHARED_DIR="${3}" 22 | ISTIO_AUTH_POLICY="${4}" 23 | 24 | source "${SHARED_DIR}/verify-functions.sh" 25 | 26 | # Install the istio bookinfo applicaton 27 | kubectl apply -f <("${ISTIO_DIR}"/bin/istioctl kube-inject -f \ 28 | "${ISTIO_DIR}"/samples/bookinfo/platform/kube/bookinfo.yaml) 29 | 30 | # Label the default namespace with 31 | kubectl label namespace default istio-injection=enabled 32 | 33 | kubectl apply -f "${ISTIO_DIR}"/samples/bookinfo/platform/kube/bookinfo.yaml 34 | 35 | kubectl apply -f "${ISTIO_DIR}"/samples/bookinfo/networking/bookinfo-gateway.yaml 36 | 37 | if [[ ${ISTIO_AUTH_POLICY} == "MUTUAL_TLS" ]]; then 38 | kubectl apply -f "${ISTIO_DIR}"/samples/bookinfo/networking/destination-rule-all-mtls.yaml 39 | else 40 | kubectl apply -f "${ISTIO_DIR}"/samples/bookinfo/networking/destination-rule-all.yaml 41 | fi 42 | 43 | kubectl apply -f "${ISTIO_DIR}"/samples/bookinfo/networking/virtual-service-reviews-v3.yaml 44 | 45 | echo "Check that BookInfo services are installed" 46 | 47 | for SERVICE_LABEL in "details" "productpage" "ratings" "reviews"; do 48 | # Poll 3 times on a 5 second interval 49 | if ! service_is_installed "${SERVICE_LABEL}" 3 5 "${NAMESPACE}" ; then 50 | echo "Service ${SERVICE_LABEL} in Istio deployment is not created. Aborting..." 51 | exit 1 52 | fi 53 | done 54 | 55 | # verify bookinfo pods 56 | for POD_LABEL in "app=details" "app=productpage" "app=ratings" "app=reviews"; do 57 | if ! pod_is_running "${POD_LABEL}" 10 15 "${NAMESPACE}" ; then 58 | echo "Pod ${POD_LABEL} in BookInfo is not running. Aborting..." 59 | exit 1 60 | fi 61 | done 62 | -------------------------------------------------------------------------------- /install-bookinfo-1.0.x.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | ISTIO_DIR="${1}" 20 | NAMESPACE="${2}" 21 | SHARED_DIR="${3}" 22 | ISTIO_AUTH_POLICY="${4}" 23 | 24 | source "${SHARED_DIR}/verify-functions.sh" 25 | 26 | # Install the istio bookinfo applicaton 27 | kubectl apply -f <("${ISTIO_DIR}"/bin/istioctl kube-inject -f \ 28 | "${ISTIO_DIR}"/samples/bookinfo/platform/kube/bookinfo.yaml) 29 | 30 | # The following loops are used to clean up any configuration left over from a 31 | # failed deployment before attempting to redeploy. This prevents errors from 32 | # istioctl. 33 | 34 | # Clean up any VirtualService left configured in Istio. 35 | for SERVICE in "productpage" "reviews" "ratings" "details" "bookinfo"; do 36 | if ! "${ISTIO_DIR}"/bin/istioctl get virtualservice "${SERVICE}" \ 37 | | grep -q 'No resources found'; then 38 | "${ISTIO_DIR}"/bin/istioctl delete virtualservice "${SERVICE}" 39 | fi 40 | done 41 | 42 | # Clean up any DestinationRule left configured in Istio 43 | for DEST_RULE in "productpage" "reviews" "ratings" "details"; do 44 | if ! "${ISTIO_DIR}"/bin/istioctl get destinationrule "${DEST_RULE}" \ 45 | | grep -q 'No resources found'; then 46 | "${ISTIO_DIR}"/bin/istioctl delete destinationrule "${DEST_RULE}" 47 | fi 48 | done 49 | 50 | # Clean up any Gateway left configured in Istio 51 | if ! "${ISTIO_DIR}"/bin/istioctl get gateways bookinfo-gateway \ 52 | | grep -q 'No resources found'; then 53 | "${ISTIO_DIR}"/bin/istioctl delete gateway bookinfo-gateway 54 | fi 55 | 56 | # Create all necessary Istio Gateway, VirtualService, and DestinationRule 57 | # configurations 58 | "${ISTIO_DIR}"/bin/istioctl create -f \ 59 | "${ISTIO_DIR}"/samples/bookinfo/networking/bookinfo-gateway.yaml 60 | 61 | "${ISTIO_DIR}"/bin/istioctl create -f \ 62 | "${ISTIO_DIR}"/samples/bookinfo/networking/virtual-service-all-v1.yaml 63 | 64 | if [[ ${ISTIO_AUTH_POLICY} == "MUTUAL_TLS" ]]; then 65 | "${ISTIO_DIR}"/bin/istioctl create -f \ 66 | "${ISTIO_DIR}"/samples/bookinfo/networking/destination-rule-all-mtls.yaml 67 | else 68 | "${ISTIO_DIR}"/bin/istioctl create -f \ 69 | "${ISTIO_DIR}"/samples/bookinfo/networking/destination-rule-all.yaml 70 | fi 71 | 72 | "${ISTIO_DIR}"/bin/istioctl replace -f \ 73 | "${ISTIO_DIR}"/samples/bookinfo/networking/virtual-service-reviews-v3.yaml 74 | 75 | echo "Check that BookInfo services are installed" 76 | 77 | for SERVICE_LABEL in "details" "productpage" "ratings" "reviews"; do 78 | # Poll 3 times on a 5 second interval 79 | if ! service_is_installed "${SERVICE_LABEL}" 3 5 "${NAMESPACE}" ; then 80 | echo "Service ${SERVICE_LABEL} in Istio deployment is not created. Aborting..." 81 | exit 1 82 | fi 83 | done 84 | 85 | # verify bookinfo pods 86 | for POD_LABEL in "app=details" "app=productpage" "app=ratings" "app=reviews"; do 87 | if ! pod_is_running "${POD_LABEL}" 10 15 "${NAMESPACE}" ; then 88 | echo "Pod ${POD_LABEL} in BookInfo is not running. Aborting..." 89 | exit 1 90 | fi 91 | done 92 | -------------------------------------------------------------------------------- /install-bookinfo.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | ISTIO_DIR="${1}" 20 | NAMESPACE="${2}" 21 | SHARED_DIR="${3}" 22 | ISTIO_AUTH_POLICY="${4}" 23 | 24 | source "${SHARED_DIR}/verify-functions.sh" 25 | 26 | # Install the istio bookinfo applicaton 27 | kubectl apply -f <("${ISTIO_DIR}"/bin/istioctl kube-inject -f \ 28 | "${ISTIO_DIR}"/samples/bookinfo/kube/bookinfo.yaml) 29 | 30 | # The following loops are used to clean up any configuration left over from a 31 | # failed deployment before attempting to redeploy. This prevents errors from 32 | # istioctl. 33 | 34 | # Clean up any VirtualService left configured in Istio. 35 | for SERVICE in "productpage" "reviews" "ratings" "details" "bookinfo"; do 36 | if ! "${ISTIO_DIR}"/bin/istioctl get virtualservice "${SERVICE}" \ 37 | | grep -q 'No resources found'; then 38 | "${ISTIO_DIR}"/bin/istioctl delete virtualservice "${SERVICE}" 39 | fi 40 | done 41 | 42 | # Clean up any DestinationRule left configured in Istio 43 | for DEST_RULE in "productpage" "reviews" "ratings" "details" "bookinfo"; do 44 | if ! "${ISTIO_DIR}"/bin/istioctl get destinationrule "${DEST_RULE}" \ 45 | | grep -q 'No resources found'; then 46 | "${ISTIO_DIR}"/bin/istioctl delete destinationrule "${DEST_RULE}" 47 | fi 48 | done 49 | 50 | # Clean up any Gateway left configured in Istio 51 | if ! "${ISTIO_DIR}"/bin/istioctl get gateways bookinfo-gateway \ 52 | | grep -q 'No resources found'; then 53 | "${ISTIO_DIR}"/bin/istioctl delete gateway bookinfo-gateway 54 | fi 55 | 56 | # Create all necessary Istio Gateway, VirtualService, and DestinationRule 57 | # configurations 58 | "${ISTIO_DIR}"/bin/istioctl create -f \ 59 | "${ISTIO_DIR}"/samples/bookinfo/routing/bookinfo-gateway.yaml 60 | 61 | if [[ ${ISTIO_AUTH_POLICY} == "MUTUAL_TLS" ]]; then 62 | "${ISTIO_DIR}"/bin/istioctl create -f \ 63 | "${ISTIO_DIR}"/samples/bookinfo/routing/route-rule-all-v1-mtls.yaml 64 | else 65 | "${ISTIO_DIR}"/bin/istioctl create -f \ 66 | "${ISTIO_DIR}"/samples/bookinfo/routing/route-rule-all-v1.yaml 67 | fi 68 | 69 | "${ISTIO_DIR}"/bin/istioctl replace -f \ 70 | "${ISTIO_DIR}"/samples/bookinfo/routing/route-rule-reviews-v3.yaml 71 | 72 | echo "Check that BookInfo services are installed" 73 | 74 | for SERVICE_LABEL in "details" "productpage" "ratings" "reviews"; do 75 | # Poll 3 times on a 5 second interval 76 | if ! service_is_installed "${SERVICE_LABEL}" 3 5 "${NAMESPACE}" ; then 77 | echo "Service ${SERVICE_LABEL} in Istio deployment is not created. Aborting..." 78 | exit 1 79 | fi 80 | done 81 | 82 | # verify bookinfo pods 83 | for POD_LABEL in "app=details" "app=productpage" "app=ratings" "app=reviews"; do 84 | if ! pod_is_running "${POD_LABEL}" 10 15 "${NAMESPACE}" ; then 85 | echo "Pod ${POD_LABEL} in BookInfo is not running. Aborting..." 86 | exit 1 87 | fi 88 | done 89 | -------------------------------------------------------------------------------- /install-istio-mesh-exp.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | # This script creates the Kubernetes resources necessary to expand Istio 20 | # outside the GKE cluster. 21 | 22 | ISTIO_DIR="${1}" 23 | ISTIO_NAMESPACE="${2}" 24 | SHARED_DIR="${3}" 25 | 26 | source "${SHARED_DIR}/verify-functions.sh" 27 | 28 | echo "Install Istio components necessary for mesh expansion" 29 | kubectl apply -f "$ISTIO_DIR/install/kubernetes/mesh-expansion.yaml" 30 | 31 | echo "Verify Istio mesh expansion services have IP addresses" 32 | 33 | # Verify the Istio mesh expansion ILB's have IP addresses allocated 34 | for ISTIO_SERVICE in "istio-pilot-ilb" "mixer-ilb" "istio-ingressgateway"; do 35 | if ! service_ip_is_allocated "${ISTIO_SERVICE}" "10" "30" \ 36 | "${ISTIO_NAMESPACE}" ; then 37 | echo "Timed out waiting for Istio mesh expansion services to be allocated" 38 | echo "IP addresses" 39 | exit 1 40 | fi 41 | done 42 | -------------------------------------------------------------------------------- /install-istio.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | # This script creates all of the Istio deployments and services necessary for 20 | # Istio to function. 21 | 22 | ISTIO_DIR="${1}" 23 | ISTIO_YAML="${2}" 24 | ISTIO_NAMESPACE="${3}" 25 | SHARED_DIR="${4}" 26 | 27 | source "${SHARED_DIR}/verify-functions.sh" 28 | 29 | # install istio on the cluster 30 | kubectl apply -f "${ISTIO_DIR}/install/kubernetes/${ISTIO_YAML}" 31 | 32 | # Verify the Istio services are installed 33 | for SERVICE_LABEL in "grafana" "istio-citadel" "istio-egressgateway" \ 34 | "istio-ingressgateway" "istio-pilot" "istio-policy" "istio-sidecar-injector" \ 35 | "istio-statsd-prom-bridge" "istio-telemetry" "prometheus" "servicegraph" \ 36 | "tracing" "zipkin"; do 37 | # Poll 3 times on a 5 second interval 38 | if ! service_is_installed "${SERVICE_LABEL}" 3 5 "${ISTIO_NAMESPACE}" ; then 39 | echo "Service ${SERVICE_LABEL} in Istio deployment is not created. Aborting..." 40 | exit 1 41 | fi 42 | done 43 | 44 | # Verify the Istio pods are up and running 45 | for POD_LABEL in "istio=pilot" "istio=mixer"; do 46 | if ! pod_is_running "${POD_LABEL}" 30 10 "${ISTIO_NAMESPACE}" ; then 47 | echo "Pod ${POD_LABEL} in Istio deployment is not running. Aborting..." 48 | exit 1 49 | fi 50 | done 51 | 52 | -------------------------------------------------------------------------------- /integrate-service-into-istio-1.0.x.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | # This script integrates the GCE expansion VM into the Istio mesh and 20 | # updates the routing rules to point to the expansion VM. 21 | 22 | PROJECT="${1}" 23 | ZONE="${2}" 24 | VM="${3}" 25 | ISTIO_DIR="${4}" 26 | SHARED_DIR="${5}" 27 | 28 | # Variables used later in the script 29 | SETUP_SIDECAR_COMMAND='./setup-remote-gce-sidecar.sh ' 30 | 31 | # Register service on GCE instance with the Istio infrastructure 32 | echo "Register GCE service with Istio" 33 | "${ISTIO_DIR}/bin/istioctl" register -n vm mysqldb "$(gcloud compute instances \ 34 | describe "${VM}" --format='value(networkInterfaces[].networkIP)' \ 35 | --project "${PROJECT}" \ 36 | --zone "${ZONE}")" 3306 37 | 38 | # Update bookinfo rating service to use the GCE MySQL service 39 | echo "Update bookinfo ratings service to use GCE service" 40 | kubectl apply -f <("${ISTIO_DIR}"/bin/istioctl kube-inject -f \ 41 | "${ISTIO_DIR}/samples/bookinfo/platform/kube/bookinfo-ratings-v2-mysql-vm.yaml") 42 | "${ISTIO_DIR}/bin/istioctl" replace -f \ 43 | "${ISTIO_DIR}/samples/bookinfo/networking/virtual-service-ratings-mysql-vm.yaml" 44 | 45 | # Copy mesh expansion sidecar setup script to GCE 46 | echo "Copy mesh expansion GCE service setup script to instance" 47 | gcloud compute scp "${SHARED_DIR}/setup-remote-gce-sidecar.sh" "${VM}":~/ \ 48 | --project "${PROJECT}" \ 49 | --zone "${ZONE}" 50 | 51 | # Run mesh expansion sidecar setup script 52 | echo "Run service setup script on GCE" 53 | gcloud compute ssh "${VM}" --command "${SETUP_SIDECAR_COMMAND}" \ 54 | --project "${PROJECT}" \ 55 | --zone "${ZONE}" 56 | -------------------------------------------------------------------------------- /integrate-service-into-istio.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | # This script integrates the GCE expansion VM into the Istio mesh and 20 | # updates the routing rules to point to the expansion VM. 21 | 22 | PROJECT="${1}" 23 | ZONE="${2}" 24 | VM="${3}" 25 | ISTIO_DIR="${4}" 26 | SHARED_DIR="${5}" 27 | 28 | # Variables used later in the script 29 | SETUP_SIDECAR_COMMAND='./setup-remote-gce-sidecar.sh ' 30 | 31 | # Register service on GCE instance with the Istio infrastructure 32 | echo "Register GCE service with Istio" 33 | "${ISTIO_DIR}/bin/istioctl" register -n vm mysqldb "$(gcloud compute instances \ 34 | describe "${VM}" --format='value(networkInterfaces[].networkIP)' \ 35 | --project "${PROJECT}" \ 36 | --zone "${ZONE}")" 3306 37 | 38 | # Update bookinfo rating service to use the GCE MySQL service 39 | echo "Update bookinfo ratings service to use GCE service" 40 | kubectl apply -f <("${ISTIO_DIR}"/bin/istioctl kube-inject -f \ 41 | "${ISTIO_DIR}/samples/bookinfo/kube/bookinfo-ratings-v2-mysql-vm.yaml") 42 | "${ISTIO_DIR}/bin/istioctl" replace -f \ 43 | "${ISTIO_DIR}/samples/bookinfo/routing/route-rule-ratings-mysql-vm.yaml" 44 | 45 | # Copy mesh expansion sidecar setup script to GCE 46 | echo "Copy mesh expansion GCE service setup script to instance" 47 | gcloud compute scp "${SHARED_DIR}/setup-remote-gce-sidecar.sh" "${VM}":~/ \ 48 | --project "${PROJECT}" \ 49 | --zone "${ZONE}" 50 | 51 | # Run mesh expansion sidecar setup script 52 | echo "Run service setup script on GCE" 53 | gcloud compute ssh "${VM}" --command "${SETUP_SIDECAR_COMMAND}" \ 54 | --project "${PROJECT}" \ 55 | --zone "${ZONE}" 56 | -------------------------------------------------------------------------------- /setup-istio-grafana.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | # This script deploys Grafana to the GKE cluster 20 | 21 | ISTIO_DIR="${1}" 22 | NAMESPACE="${2}" 23 | SHARED_DIR="${3}" 24 | 25 | #### functions to check existence of resources 26 | source "$SHARED_DIR/verify-functions.sh" 27 | 28 | # Install the Grafana add-on so the user can view Istio metrics in a graphical 29 | # dashboard 30 | echo "Installing Grafana addon" 31 | kubectl apply -f "${ISTIO_DIR}"/install/kubernetes/addons/grafana.yaml 32 | 33 | # Verify the install 34 | echo "Verifying Grafana is installed" 35 | 36 | # Verify grafana services 37 | for SERVICE_LABEL in "grafana" 38 | do 39 | # Poll 12 times on a 5 second interval 40 | if ! service_is_installed "${SERVICE_LABEL}" 12 5 "${NAMESPACE}" ; then 41 | echo "Timed out waiting for grafana to come online" 42 | exit 1 43 | fi 44 | done 45 | 46 | echo "Grafana was installed" 47 | -------------------------------------------------------------------------------- /setup-istio-mesh-exp-gce-1.0.x.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | # This script takes an untouched GCE VM and adds the necessary configuration to 20 | # it to allow it to join the Istio mesh. 21 | 22 | PROJECT="${1}" 23 | VM="${2}" 24 | ISTIO_DIR="${3}" 25 | SHARED_DIR="${4}" 26 | ZONE="${5}" 27 | 28 | # Variables to be used later in the script 29 | RETRY_COUNT=0 30 | MESH_TEST_COMMAND='curl -s --fail -w "\n" http://productpage.default.svc.cluster.local:9080/api/v1/products/0/ratings' 31 | SLEEP=5 32 | SETUP_SERVICE_COMMAND='./setup-remote-gce-service.sh' 33 | 34 | source "${SHARED_DIR}"/verify-functions.sh 35 | 36 | # Must export these options for the setupMeshEx.sh script 37 | export GCP_OPTS="--zone ${ZONE} --project ${PROJECT}" 38 | 39 | # Setup Envoy on the created GCE instance 40 | # Navigate to the Istio directory because that is what this script expects 41 | pushd "${ISTIO_DIR}" 42 | ./install/tools/setupMeshEx.sh gceMachineSetup "${VM}" 43 | popd 44 | 45 | # Copy mesh expansion service setup script to gce 46 | echo "Copy mesh expansion GCE service setup script to GCE" 47 | gcloud compute scp "${SHARED_DIR}/setup-remote-gce-service.sh" "${VM}":~/ \ 48 | --project "${PROJECT}" --zone "${ZONE}" 49 | 50 | # run mesh expansion service setup script on remote gce 51 | echo "Run service setup script on GCE" 52 | gcloud compute ssh "${VM}" --command "${SETUP_SERVICE_COMMAND}" \ 53 | --project "${PROJECT}" --zone "${ZONE}" 54 | -------------------------------------------------------------------------------- /setup-istio-mesh-exp-gce.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | # This script takes an untouched GCE VM and adds the necessary configuration to 20 | # it to allow it to join the Istio mesh. 21 | 22 | PROJECT="${1}" 23 | VM="${2}" 24 | ISTIO_DIR="${3}" 25 | SHARED_DIR="${4}" 26 | ZONE="${5}" 27 | 28 | # Variables to be used later in the script 29 | RETRY_COUNT=0 30 | MESH_TEST_COMMAND='curl -s --fail -w "\n" http://productpage.default.svc.cluster.local:9080/api/v1/products/0/ratings' 31 | SLEEP=5 32 | SETUP_SERVICE_COMMAND='./setup-remote-gce-service.sh' 33 | 34 | source "${SHARED_DIR}"/verify-functions.sh 35 | 36 | # Must export these options for the setupMeshEx.sh script 37 | export GCP_OPTS="--zone ${ZONE} --project ${PROJECT}" 38 | 39 | # Setup Envoy on the created GCE instance 40 | # Navigate to the Istio directory because that is what this script expects 41 | pushd "${ISTIO_DIR}" 42 | ./install/tools/setupMeshEx.sh gceMachineSetup "${VM}" 43 | popd 44 | 45 | # Test that the mesh expansion instance can connect to another istio service 46 | until [[ $(gcloud compute ssh "$VM" --command "$MESH_TEST_COMMAND" \ 47 | --project "${PROJECT}" \ 48 | --zone "$ZONE") || "${RETRY_COUNT}" -ge 12 ]]; do 49 | NUM_SECONDS=$(( "${RETRY_COUNT}" * "${SLEEP}" )) 50 | echo "Ratings API not returning HTTP 200 response to MySQL instance after" 51 | echo "${NUM_SECONDS} seconds" 52 | sleep "${SLEEP}" 53 | RETRY_COUNT=$(( "${RETRY_COUNT}" + 1 )) 54 | done 55 | 56 | # If the call to the ratings API does not return a 2xx status code in the until 57 | # loop before the RETRY_COUNT reaches 12, we should exit with an error message. 58 | if [[ "${RETRY_COUNT}" -ge 12 ]]; then 59 | cat < 16 | -------------------------------------------------------------------------------- /test/boilerplate/boilerplate.java.txt: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | -------------------------------------------------------------------------------- /test/boilerplate/boilerplate.js.txt: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | -------------------------------------------------------------------------------- /test/boilerplate/boilerplate.py.preamble: -------------------------------------------------------------------------------- 1 | #! 2 | -------------------------------------------------------------------------------- /test/boilerplate/boilerplate.py.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /test/boilerplate/boilerplate.scss.txt: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | -------------------------------------------------------------------------------- /test/boilerplate/boilerplate.sh.preamble: -------------------------------------------------------------------------------- 1 | #! 2 | -------------------------------------------------------------------------------- /test/boilerplate/boilerplate.sh.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /test/boilerplate/boilerplate.tf.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 Google LLC 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | https://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | -------------------------------------------------------------------------------- /test/boilerplate/boilerplate.ts.txt: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | -------------------------------------------------------------------------------- /test/boilerplate/boilerplate.xml.preamble: -------------------------------------------------------------------------------- 1 | 16 | -------------------------------------------------------------------------------- /test/boilerplate/boilerplate.yaml.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /test/make.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # This function checks to make sure that every 18 | # shebang has a '- e' flag, which causes it 19 | # to exit on error 20 | function check_bash() { 21 | find . -name "*.sh" | while IFS= read -d '' -r file; 22 | do 23 | if [[ "$file" != *"bash -e"* ]]; 24 | then 25 | echo "$file is missing shebang with -e"; 26 | exit 1; 27 | fi; 28 | done; 29 | } 30 | 31 | # This function makes sure that the required files for 32 | # releasing to OSS are present 33 | function basefiles() { 34 | echo "Checking for required files" 35 | test -f CONTRIBUTING.md || echo "Missing CONTRIBUTING.md" 36 | test -f LICENSE || echo "Missing LICENSE" 37 | test -f README.md || echo "Missing README.md" 38 | } 39 | 40 | # This function runs the hadolint linter on 41 | # every file named 'Dockerfile' 42 | function docker() { 43 | echo "Running hadolint on Dockerfiles" 44 | find . -name "Dockerfile" -exec hadolint {} \; 45 | } 46 | 47 | # This function runs 'terraform validate' against all 48 | # files ending in '.tf' 49 | function check_terraform() { 50 | echo "Running terraform validate" 51 | #shellcheck disable=SC2156 52 | find . -name "*.tf" -exec bash -c 'terraform validate --check-variables=false $(dirname "{}")' \; 53 | } 54 | 55 | # This function runs 'go fmt' and 'go vet' on eery file 56 | # that ends in '.go' 57 | function golang() { 58 | echo "Running go fmt and go vet" 59 | find . -name "*.go" -exec go fmt {} \; 60 | find . -name "*.go" -exec go vet {} \; 61 | } 62 | 63 | # This function runs the flake8 linter on every file 64 | # ending in '.py' 65 | function check_python() { 66 | echo "Running flake8" 67 | find . -name "*.py" -exec flake8 {} \; 68 | } 69 | 70 | # This function runs the shellcheck linter on every 71 | # file ending in '.sh' 72 | function check_shell() { 73 | echo "Running shellcheck" 74 | find . -name "*.sh" -exec shellcheck -x {} \; 75 | } 76 | 77 | # This function makes sure that there is no trailing whitespace 78 | # in any files in the project. 79 | # There are some exclusions 80 | function check_trailing_whitespace() { 81 | echo "The following lines have trailing whitespace" 82 | grep -r '[[:blank:]]$' --exclude-dir=".terraform" --exclude="*.png" --exclude-dir=".git" --exclude="*.pyc" . 83 | rc=$? 84 | if [ $rc = 0 ]; then 85 | exit 1 86 | fi 87 | } 88 | -------------------------------------------------------------------------------- /test/verify_boilerplate.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3.7 2 | # Copyright 2018 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # https://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # Verifies that all source files contain the necessary copyright boilerplate 16 | # snippet. 17 | 18 | # This code is based on existing work 19 | # https://partner-code.googlesource.com/helmsman-cardinal/+/refs/heads/master/helmsman-template-project/test/verify_boilerplate.py 20 | 21 | 22 | """ 23 | A runnable module to test the presence of boilerplate 24 | text in files within a repo. 25 | """ 26 | 27 | from __future__ import print_function 28 | from subprocess import run, CalledProcessError 29 | import argparse 30 | import glob 31 | import os 32 | import re 33 | import sys 34 | 35 | 36 | # These directories will be omitted from header checks 37 | SKIPPED_PATHS = [ 38 | 'Godeps', 'third_party', '_gopath', '_output', 39 | '.git', 'vendor', '__init__.py', 'node_modules', 40 | 'bazel-out', 'external', '3rdparty' 41 | ] 42 | 43 | # A map of regular expressions used in boilerplate validation. 44 | # The date regex is used in validating the date referenced 45 | # is the boilerplate, by ensuring it is an acceptable year. 46 | REGEXES = { 47 | # beware the Y2100 problem 48 | "date": re.compile(r'(20\d\d)') 49 | } 50 | 51 | 52 | def get_args(): 53 | """Parses command line arguments. 54 | Configures and runs argparse.ArgumentParser to extract command line 55 | arguments. 56 | Returns: 57 | An argparse.Namespace containing the arguments parsed from the 58 | command line 59 | """ 60 | parser = argparse.ArgumentParser() 61 | 62 | parser.add_argument("filenames", 63 | help="""A list of files to check, all in repo are 64 | checked if this is unspecified.""", 65 | nargs='*') 66 | 67 | parser.add_argument("-f", "--force-extension", 68 | default="", 69 | help="""Force an extension to compare against. Useful 70 | for files without extensions, such as runnable shell 71 | scripts .""") 72 | 73 | parser.add_argument( 74 | "-r", "--rootdir", 75 | default=None, 76 | help="""Root directory of repository. If not specified, the script will 77 | attempt to draw this value from git.""") 78 | 79 | parser.add_argument("-b", "--boilerplate-dir", 80 | default=None, 81 | help="""Directory with boilerplate files. Defaults to 82 | [root]/test/boilerplate.""") 83 | 84 | args = parser.parse_args() 85 | 86 | if not args.rootdir: 87 | ask_git = run( 88 | ["git", "rev-parse", "--show-toplevel"], 89 | capture_output=True, text=True) 90 | try: 91 | ask_git.check_returncode() 92 | except CalledProcessError: 93 | print("""No root specfied and directory does not seem to be a git 94 | repository, or git is not installed.""", file=sys.stderr) 95 | sys.exit(1) 96 | args.rootdir = ask_git.stdout.strip() 97 | 98 | if not args.boilerplate_dir: 99 | args.boilerplate_dir = os.path.join(args.rootdir, "test/boilerplate") 100 | 101 | return args 102 | 103 | 104 | def get_references(args): 105 | """Reads each reference boilerplate file's contents into an array, then 106 | adds that array to a dictionary keyed by the file extension. 107 | 108 | Returns: 109 | A dictionary of boilerplate lines, keyed by file extension. 110 | For example, boilerplate.py.txt would result in the 111 | k,v pair {".py": py_lines} where py_lines is an array 112 | containing each line of the file. 113 | """ 114 | references = {} 115 | 116 | # Find all paths for boilerplate references 117 | boilerplate_paths = glob.glob( 118 | os.path.join(args.boilerplate_dir, "boilerplate.*.txt")) 119 | 120 | # Read all boilerplate references into dictionary 121 | for path in boilerplate_paths: 122 | with open(path, 'r') as ref_file: 123 | extension = os.path.basename(path).split(".")[1] 124 | ref = ref_file.read().splitlines() 125 | references[extension] = ref 126 | 127 | return references 128 | 129 | 130 | # Improvement: combine this function with `get_references` 131 | def get_preambles(args): 132 | """Reads each preamble boilerplate file's contents into an array, then 133 | adds that array to a dictionary keyed by the file extension. 134 | 135 | Returns: 136 | A dictionary of boilerplate lines, keyed by file extension. 137 | For example, boilerplate.py.preamble would result 138 | in the k,v pair {".py": py_lines} where py_lines is 139 | an array containing each line of the file 140 | (ex: "#!/usr/bin/env python3.7") 141 | """ 142 | preambles = {} 143 | 144 | # Find all paths for boilerplate preambles 145 | boilerplate_paths = glob.glob( 146 | os.path.join(args.boilerplate_dir, "boilerplate.*.preamble")) 147 | 148 | # Read all boilerplate preambles into dictionary 149 | for path in boilerplate_paths: 150 | with open(path, 'r') as ref_file: 151 | extension = os.path.basename(path).split(".")[1] 152 | ref = ref_file.read().splitlines() 153 | preambles[extension] = ref 154 | 155 | return preambles 156 | 157 | 158 | def has_valid_header(filename, references, preambles, regexs, args): 159 | """Test whether a file has the correct boilerplate header. 160 | Tests each file against the boilerplate stored in refs for that file type 161 | (based on extension), or by the entire filename (eg Dockerfile, Makefile). 162 | Some heuristics are applied to remove build tags and shebangs, but little 163 | variance in header formatting is tolerated. 164 | Args: 165 | filename: A string containing the name of the file to test 166 | references: A map of reference boilerplate text, 167 | keyed by file extension 168 | preambles: A map of preamble boilerplate text, keyed by file extension 169 | regexs: a map of compiled regex objects used in verifying boilerplate 170 | Returns: 171 | True if the file has the correct boilerplate header, otherwise returns 172 | False. 173 | """ 174 | # Read the entire file. 175 | with open(filename, 'r') as test_file: 176 | data = test_file.read() 177 | 178 | # Select the appropriate reference based on the extension, 179 | # or if none, the file name. 180 | basename, extension = get_file_parts(filename) 181 | if args.force_extension: 182 | extension = args.force_extension 183 | elif extension: 184 | extension = extension 185 | else: 186 | extension = basename 187 | ref = references[extension] 188 | print("Verifying boilerplate in file: %s as %s" % ( 189 | os.path.relpath(filename, args.rootdir), 190 | extension)) 191 | 192 | preamble = preambles.get(extension) 193 | if preamble: 194 | preamble = re.escape("\n".join(preamble)) 195 | regflags = re.MULTILINE | re.IGNORECASE 196 | regex = re.compile(r"^(%s.*\n)\n*" % preamble, regflags) 197 | (data, _) = regex.subn("", data, 1) 198 | 199 | data = data.splitlines() 200 | 201 | # if our test file is smaller than the reference it surely fails! 202 | if len(ref) > len(data): 203 | return False 204 | # truncate our file to the same number of lines as the reference file 205 | data = data[:len(ref)] 206 | 207 | # if we don't match the reference at this point, fail 208 | if ref != data: 209 | return False 210 | 211 | return True 212 | 213 | 214 | def get_file_parts(filename): 215 | """Extracts the basename and extension parts of a filename. 216 | Identifies the extension as everything after the last period in filename. 217 | Args: 218 | filename: string containing the filename 219 | Returns: 220 | A tuple of: 221 | A string containing the basename 222 | A string containing the extension in lowercase 223 | """ 224 | extension = os.path.splitext(filename)[1].split(".")[-1].lower() 225 | basename = os.path.basename(filename) 226 | return basename, extension 227 | 228 | 229 | def normalize_files(files, args): 230 | """Extracts the files that require boilerplate checking from the files 231 | argument. 232 | A new list will be built. Each path from the original files argument will 233 | be added unless it is within one of SKIPPED_DIRS. All relative paths will 234 | be converted to absolute paths by prepending the root_dir path parsed from 235 | the command line, or its default value. 236 | Args: 237 | files: a list of file path strings 238 | Returns: 239 | A modified copy of the files list where any any path in a skipped 240 | directory is removed, and all paths have been made absolute. 241 | """ 242 | newfiles = [f for f in files if not any(s in f for s in SKIPPED_PATHS)] 243 | 244 | for idx, pathname in enumerate(newfiles): 245 | if not os.path.isabs(pathname): 246 | newfiles[idx] = os.path.join(args.rootdir, pathname) 247 | return newfiles 248 | 249 | 250 | def get_files(extensions, args): 251 | """Generates a list of paths whose boilerplate should be verified. 252 | If a list of file names has been provided on the command line, it will be 253 | treated as the initial set to search. Otherwise, all paths within rootdir 254 | will be discovered and used as the initial set. 255 | Once the initial set of files is identified, it is normalized via 256 | normalize_files() and further stripped of any file name whose extension is 257 | not in extensions. 258 | Args: 259 | extensions: a list of file extensions indicating which file types 260 | should have their boilerplate verified 261 | Returns: 262 | A list of absolute file paths 263 | """ 264 | files = [] 265 | if args.filenames: 266 | files = args.filenames 267 | else: 268 | for root, dirs, walkfiles in os.walk(args.rootdir): 269 | # don't visit certain dirs. This is just a performance improvement 270 | # as we would prune these later in normalize_files(). But doing it 271 | # cuts down the amount of filesystem walking we do and cuts down 272 | # the size of the file list 273 | for dpath in SKIPPED_PATHS: 274 | if dpath in dirs: 275 | dirs.remove(dpath) 276 | for name in walkfiles: 277 | pathname = os.path.join(root, name) 278 | files.append(pathname) 279 | files = normalize_files(files, args) 280 | outfiles = [] 281 | for pathname in files: 282 | basename, extension = get_file_parts(pathname) 283 | extension_present = extension in extensions or basename in extensions 284 | if args.force_extension or extension_present: 285 | outfiles.append(pathname) 286 | return outfiles 287 | 288 | 289 | def main(args): 290 | """Identifies and verifies files that should have the desired boilerplate. 291 | Retrieves the lists of files to be validated and tests each one in turn. 292 | If all files contain correct boilerplate, this function terminates 293 | normally. Otherwise it prints the name of each non-conforming file and 294 | exists with a non-zero status code. 295 | """ 296 | refs = get_references(args) 297 | preambles = get_preambles(args) 298 | filenames = get_files(refs.keys(), args) 299 | nonconforming_files = [] 300 | for filename in filenames: 301 | if not has_valid_header(filename, refs, preambles, REGEXES, args): 302 | nonconforming_files.append(filename) 303 | if nonconforming_files: 304 | print('%d files have incorrect boilerplate headers:' % len( 305 | nonconforming_files)) 306 | for filename in sorted(nonconforming_files): 307 | print(os.path.relpath(filename, args.rootdir)) 308 | sys.exit(1) 309 | else: 310 | print('All files examined have correct boilerplate.') 311 | 312 | 313 | if __name__ == "__main__": 314 | ARGS = get_args() 315 | main(ARGS) 316 | -------------------------------------------------------------------------------- /verify-bookinfo-setup.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck source=verify-functions.sh 18 | 19 | # This script verifies that the sample application is responding to HTTP 20 | # requests 21 | 22 | ISTIO_NAMESPACE="${1}" 23 | SHARED_DIR="${2}" 24 | MAX_COUNT=48 25 | RETRY_COUNT=0 26 | SLEEP=10 27 | 28 | source "${SHARED_DIR}/verify-functions.sh" 29 | 30 | # verify bookinfo application is running 31 | echo "Verify /productpage returns a 200 response code" 32 | 33 | # get gateway info 34 | INGRESS_HOST=$(kubectl get -n "$ISTIO_NAMESPACE" service istio-ingressgateway -o \ 35 | jsonpath='{.status.loadBalancer.ingress[0].ip}') 36 | INGRESS_PORT=$(kubectl get -n "$ISTIO_NAMESPACE" service istio-ingressgateway -o \ 37 | jsonpath='{.spec.ports[?(@.name=="http")].port}') 38 | 39 | # Curl for /productpage with retries 40 | until [[ $(curl -s -o /dev/null --fail -w "%{http_code}\n"\ 41 | http://"${INGRESS_HOST}":"${INGRESS_PORT}"/productpage) -eq 200 ]]; do 42 | if [[ "${RETRY_COUNT}" -gt "${MAX_COUNT}" ]]; then 43 | echo "Retry count exceeded. Exiting..." 44 | exit 1 45 | fi 46 | NUM_SECONDS="$(( RETRY_COUNT * SLEEP ))" 47 | echo "/productpage did not return an HTTP 200 response code after" 48 | echo "${NUM_SECONDS} seconds" 49 | sleep "${SLEEP}" 50 | RETRY_COUNT="$(( RETRY_COUNT + 1 ))" 51 | done 52 | 53 | echo "/productpage returns an HTTP 200 response code" 54 | -------------------------------------------------------------------------------- /verify-db-ratings.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -e 18 | 19 | # Handle different project namings 20 | if [ -z "$GCE_PROJECT" ]; then 21 | GCE_PROJECT="$PROJECT" 22 | fi 23 | 24 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 25 | 26 | if [ -f "$ROOT/scripts/istio.env" ]; then 27 | # shellcheck source=scripts/istio.env 28 | source "$ROOT/scripts/istio.env" 29 | fi 30 | 31 | # Set number of stars for review 32 | # Globals: 33 | # GCE_VM - Name used for GCE VM 34 | # GCE_PROJECT - Project hosting GCE VM 35 | # ZONE - Zone of GCE VM 36 | # Arguments: 37 | # NUM_STARS - The variable to check 38 | # Returns: 39 | # None 40 | set_ratings() { 41 | if [[ $1 =~ ^[1-5]$ ]]; then 42 | COMMAND="mysql -u root --password=password test -e \"update ratings set rating=${1} where reviewid=1\"" 43 | gcloud compute ssh "${GCE_VM}" --project "${GCE_PROJECT}" --zone "${ZONE}" --command "${COMMAND}" 44 | return 0 45 | fi 46 | 47 | echo "Passed an invalid value to update the database. Aborting..." 48 | return 1 49 | } 50 | 51 | # Test that changes to db are reflected in web ui 52 | # Globals: 53 | # None 54 | # Arguments: 55 | # URL - application URL to test 56 | # Returns: 57 | # None 58 | test_integration() { 59 | # Get and store the currently served webpage 60 | BEFORE="$(curl -s "$1")" 61 | # Update the MySQL database rating with a two star review to generate a diff 62 | # proving the MySQL on GCE database is being used by the application 63 | set_ratings "$2" 64 | 65 | # Get the updated webpage with the updated ratings 66 | AFTER="$(curl -s "$1")" 67 | # Check to make sure that changing the rating in the DB generated a diff in the 68 | # webpage 69 | if ! diff --suppress-common-lines <(echo "${AFTER}") <(echo "${BEFORE}") \ 70 | > /dev/null 71 | then 72 | echo "SUCCESS: Web UI reflects DB change" 73 | return 0 74 | else 75 | if [[ $(echo "${AFTER}" | grep "glyphicon-star" | grep -cv "glyphicon-star-empty") == $((4 + "${2}")) ]]; then 76 | echo "SUCCESS: No changes made to database as new value is same as old value" 77 | return 0 78 | fi 79 | echo "ERROR: DB change wasn't reflected in web UI:" 80 | diff --suppress-common-lines <(echo "${AFTER}") <(echo "${BEFORE}") 81 | return 1 82 | fi 83 | } 84 | 85 | # set to jenkins if there is no $USER 86 | USER=$(whoami) 87 | [[ "${USER}" == "root" ]] && export USER=jenkins 88 | echo "user is: $USER" 89 | 90 | # Get the IP address and port of the cluster's gateway to run tests against 91 | INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway \ 92 | -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 93 | INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway \ 94 | -o jsonpath='{.spec.ports[?(@.name=="http")].port}') 95 | 96 | ## Check if port is set or not. 97 | if [ -z "$INGRESS_PORT" ]; then 98 | GATEWAY_URL="${INGRESS_HOST}" 99 | else 100 | GATEWAY_URL="${INGRESS_HOST}:${INGRESS_PORT}" 101 | fi 102 | 103 | APP_URL="http://${GATEWAY_URL}/productpage" 104 | 105 | for x in {1..30} 106 | do 107 | if [ $x == 30 ]; then 108 | echo "We have exceeded attempts to validate service..." 109 | exit 1 110 | fi 111 | 112 | if test_integration "$APP_URL" "${1}"; then 113 | exit 0 114 | fi 115 | sleep 10 116 | done 117 | -------------------------------------------------------------------------------- /verify-functions.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Library of functions used by the deployment/teardown scripts 18 | 19 | # Check if a cluster's firewalls exist 20 | # Globals: 21 | # None 22 | # Arguments: 23 | # PROJECT 24 | # CLUSTER 25 | # Returns: 26 | # 1 27 | function firewall_exists() { 28 | local PROJECT="$1" 29 | local CLUSTER="$2" 30 | local EXISTS 31 | EXISTS=$(gcloud compute firewall-rules list --project "$PROJECT" --filter "name=$CLUSTER" --format "value(name)") 32 | if [[ "${EXISTS}" != "" ]]; then 33 | echo "" 34 | echo "the $CLUSTER_NAME firewalls exist" 35 | echo "" 36 | return 0 37 | fi 38 | return 1 39 | } 40 | 41 | # Check if a GCP project with the provided ID exists 42 | # Globals: 43 | # None 44 | # Arguments: 45 | # PROJECT 46 | # Returns: 47 | # None 48 | function project_exists() { 49 | local PROJECT="${1}" 50 | local EXISTS 51 | EXISTS=$(gcloud projects list --filter "projectId=${PROJECT}" --format "value(projectId)") 52 | if [[ "${EXISTS}" != "" ]]; then 53 | echo "The project ${PROJECT} exists" 54 | return 0 55 | fi 56 | return 1 57 | } 58 | 59 | # Check if a given network exists 60 | # Globals: 61 | # None 62 | # Arguments: 63 | # PROJECT 64 | # NETWORK 65 | # Returns: 66 | # None 67 | function network_exists() { 68 | local PROJECT="${1}" 69 | local NETWORK="${2}" 70 | local EXISTS 71 | EXISTS=$(gcloud compute networks list --project "${PROJECT}" --filter "name=${NETWORK}" --format "value(name)") 72 | if [[ "${EXISTS}" != "" ]]; then 73 | echo "The ${NETWORK} network exists" 74 | return 0 75 | fi 76 | return 1 77 | } 78 | 79 | # Check if a given network is not the last in the project 80 | # Globals: 81 | # None 82 | # Arguments: 83 | # PROJECT 84 | # NETWORK 85 | # Returns: 86 | # None 87 | function network_is_not_last() { 88 | local PROJECT="${1}" 89 | local NETWORK="${2}" 90 | local EXISTS 91 | EXISTS=$(gcloud compute networks list --project "${PROJECT}" --filter "NOT name=${NETWORK}" --format "value(name)") 92 | if [[ "${EXISTS}" != "" ]]; then 93 | echo "The ${NETWORK} network is not the last one in the project" 94 | return 0 95 | fi 96 | return 1 97 | } 98 | 99 | # Check if a cluster's firewalls exist 100 | # Globals: 101 | # None 102 | # Arguments: 103 | # PROJECT 104 | # INSTANCE 105 | # Returns: 106 | # None 107 | function instance_exists() { 108 | local PROJECT="${1}" 109 | local INSTANCE="${2}" 110 | local EXISTS 111 | EXISTS=$(gcloud compute instances list --project "${PROJECT}" --filter "name=${INSTANCE}" --format "value(name)") 112 | if [[ "${EXISTS}" == "${INSTANCE}" ]]; then 113 | echo "The instance ${INSTANCE} exists" 114 | return 0 115 | fi 116 | return 1 117 | } 118 | 119 | # Check if a cluster exists 120 | # Globals: 121 | # None 122 | # Arguments: 123 | # PROJECT 124 | # CLUSTER 125 | # Returns: 126 | # None 127 | function cluster_exists() { 128 | local PROJECT="${1}" 129 | local CLUSTER="${2}" 130 | local EXISTS 131 | EXISTS=$(gcloud container clusters list --project "${PROJECT}" --filter "name=${CLUSTER}" --format "value(name)") 132 | if [[ "${EXISTS}" == "${CLUSTER}" ]]; then 133 | echo "The cluster ${CLUSTER} exists" 134 | return 0 135 | fi 136 | return 1 137 | } 138 | 139 | 140 | # Check if a directory exists 141 | # Globals: 142 | # None 143 | # Arguments: 144 | # DIR 145 | # Returns: 146 | # None 147 | function directory_exists() { 148 | local DIR="${1}" 149 | if [[ -d "${DIR}" ]]; then 150 | echo "The directory ${DIR} exists" 151 | return 0 152 | fi 153 | return 1 154 | } 155 | 156 | # Check if a file exists 157 | # Globals: 158 | # None 159 | # Arguments: 160 | # FILE 161 | # Returns: 162 | # None 163 | function file_exists() { 164 | local FILE="${1}" 165 | if [[ -e "${FILE}" ]]; then 166 | echo "The file ${FILE} exists" 167 | return 0 168 | fi 169 | return 1 170 | } 171 | 172 | # Check if required binaries exist 173 | # Globals: 174 | # None 175 | # Arguments: 176 | # None 177 | # Returns: 178 | # None 179 | function dependency_installed () { 180 | command -v "${1}" >/dev/null 2>&1 || exit 1 181 | } 182 | 183 | # Enable required API's that are not already enabled 184 | # Globals: 185 | # None 186 | # Arguments: 187 | # PROJECT 188 | # API 189 | # Returns: 190 | # None 191 | function enable_project_api() { 192 | # Check if the API is already enabled for the sake of speed 193 | if [[ $(gcloud services list --project="${1}" \ 194 | --format="value(serviceConfig.name)" \ 195 | --filter="serviceConfig.name:${2}" 2>&1) != \ 196 | "${2}" ]]; then 197 | echo "Enabling the API ${2}" 198 | gcloud services enable "${2}" --project="${1}" 199 | else 200 | echo "The API ${2} is already enabled for project ${1}" 201 | fi 202 | } 203 | 204 | # Check if a service with a given name is installed 205 | # Globals: 206 | # None 207 | # Arguments: 208 | # SERVICE_NAME - Name of service to check 209 | # RETRY_COUNT - Number of times to retry 210 | # INTERVAL - Amount of time to sleep between retries 211 | # NAMESPACE - k8s namespace the service lives in 212 | # Returns: 213 | # None 214 | function service_is_installed () { 215 | # local SERVICE_NAME="${1}" 216 | # local RETRY_COUNT="${2}" 217 | # local SLEEP_INTERVAL="${3}" 218 | # local NAMESPACE="${4}" 219 | 220 | for ((i=0; i<${2}; i++)); do 221 | SERVICE=$(kubectl get -n "${4}" service "${1}" -o=name) 222 | if [ "${1}" == "" ] ; then 223 | echo "Attempt $((i + 1)): Service ${1} was not yet found in namespace ${4}" >&1 224 | sleep "${3}" 225 | else 226 | echo "Attempt $((i + 1)): Service ${1} has been created" >&1 227 | return 0 228 | fi 229 | done 230 | return 1 231 | } 232 | 233 | # Check if a service with the given label is running 234 | # Globals: 235 | # None 236 | # Arguments: 237 | # SERVICE_NAME - Name of service to check 238 | # RETRY_COUNT - Number of times to retry 239 | # INTERVAL - Amount of time to sleep between retries 240 | # NAMESPACE - k8s namespace the service lives in 241 | # Returns: 242 | # None 243 | function service_ip_is_allocated () { 244 | local SERVICE="${1}" 245 | local RETRY_COUNT="${2}" 246 | local SLEEP="${3}" 247 | local NAMESPACE="${4}" 248 | 249 | for ((i=0; i<"${RETRY_COUNT}"; i++)); do 250 | IP=$(kubectl get -n "${NAMESPACE}" service "${SERVICE}" \ 251 | -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 252 | if [ "${IP}" == "" ] ; then 253 | echo "Attempt $((i + 1)): IP not yet allocated for service ${SERVICE}" >&1 254 | else 255 | echo "Attempt $((i + 1)): IP has been allocated for service ${SERVICE}" >&1 256 | return 0 257 | fi 258 | sleep "${SLEEP}" 259 | done 260 | echo "Timed out waiting for service ${SERVICE} to be allocated an IP address." >&1 261 | return 1 262 | } 263 | 264 | # Check if a pod with the given label is running 265 | # Globals: 266 | # None 267 | # Arguments: 268 | # POD_LABEL - label applied to pod to check 269 | # RETRY_COUNT - Number of times to retry 270 | # INTERVAL - Amount of time to sleep between retries 271 | # NAMESPACE - k8s namespace the pod lives in 272 | # Returns: 273 | # None 274 | function pod_is_running () { 275 | local POD_LABEL="${1}" 276 | local RETRY_COUNT="${2}" 277 | local SLEEP="${3}" 278 | local NAMESPACE="${4}" 279 | for ((i=0; i<"${RETRY_COUNT}"; i++)); do 280 | POD=$(kubectl get -n "${NAMESPACE}" pod --selector="${POD_LABEL}" \ 281 | --output=jsonpath="{.items[*].metadata.name}" \ 282 | --field-selector=status.phase=Running) 283 | if [ "${POD}" == "" ] ; then 284 | echo "Attempt $((i + 1)): Waiting for pod ${POD_LABEL} in namespace ${NAMESPACE}..." >&1 285 | sleep "${SLEEP}" 286 | else 287 | echo "Attempt $((i + 1)): Pod ${POD_LABEL} is up and running" >&1 288 | return 0 289 | fi 290 | done 291 | echo "Timed out waiting for pod ${POD_LABEL} to start. Exiting..." >&1 292 | return 1 293 | } 294 | --------------------------------------------------------------------------------