├── 101 ├── README.md ├── demo-magic.sh ├── podinfo │ ├── canary.yaml │ ├── frontend.yaml │ ├── generator.yaml │ ├── ingress.yaml │ ├── kustomization.yaml │ ├── mapping.yaml │ ├── ns.yaml │ └── patch.yaml ├── service_profiles │ └── source │ │ └── booksapp.yaml ├── steps.sh └── welcome-script.sh ├── .wego ├── apps │ ├── linkerd-demos │ │ └── app.yaml │ └── platform │ │ └── app.yaml └── targets │ ├── gitops │ └── platform │ │ ├── platform-gitops-deploy.yaml │ │ └── platform-gitops-source.yaml │ └── k3d-gitops │ ├── linkerd-demos │ ├── linkerd-demos-gitops-deploy.yaml │ └── linkerd-demos-gitops-source.yaml │ └── platform │ ├── platform-gitops-deploy.yaml │ └── platform-gitops-source.yaml ├── README.md ├── civo-meetup └── steps.sh ├── demo-magic.sh ├── emissary ├── README.md ├── cleanup.sh ├── emojivote.yaml ├── init.sh ├── kubecon.sh ├── linkerd-module.yaml ├── linkerd-viz.yaml ├── manifests │ ├── crds.yaml │ ├── hosts.yaml │ ├── listener.yaml │ ├── mappings.yaml │ ├── notes.md │ └── podinfo │ │ ├── all-in-one.yaml │ │ ├── mapping.yaml │ │ └── rollout.yaml ├── qotm.yaml ├── quote-backend.yaml └── steps.sh ├── failover ├── cleanup.sh ├── manifests │ ├── emoji-ts.yaml │ ├── vote-ts.yaml │ └── web-ts.yaml ├── script.sh ├── setup.sh ├── tab1.sh └── tab2.sh ├── gitops ├── argo-rollouts │ ├── demo-magic.sh │ ├── init.sh │ ├── manifests │ │ ├── argo-rollouts.yaml │ │ ├── gs-rollout-smi.yaml │ │ ├── gs-rollout.yaml │ │ ├── gs-service-smi.yaml │ │ ├── gs-service.yaml │ │ ├── ingress.yaml │ │ └── podinfo.yaml │ └── steps.md ├── argo │ ├── apps │ │ └── podinfo │ │ │ ├── host.yaml │ │ │ ├── mapping.yaml │ │ │ └── podinfo.yaml │ ├── manifests │ │ ├── platform.yaml │ │ └── values.yaml │ ├── platform │ │ ├── Chart.yaml │ │ ├── ambassador-edge-stack │ │ │ ├── ambassador-listener.yaml │ │ │ ├── edge-stack.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace_patch.json │ │ ├── argo-rollouts │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── argocd │ │ │ ├── kustomization.yaml │ │ │ ├── ns.yaml │ │ │ └── patch.yaml │ │ ├── finalizers │ │ │ ├── hosts.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── listeners.yaml │ │ │ ├── mappings.yaml │ │ │ └── namespace.yaml │ │ └── values.yaml │ ├── rollouts │ │ ├── rollout.yaml │ │ └── service.yaml │ └── steps.sh ├── flux │ ├── apps │ │ ├── manifests │ │ │ ├── apps.yaml │ │ │ └── kustomization.yaml │ │ └── source │ │ │ ├── booksapp │ │ │ ├── booksapp.yaml │ │ │ ├── host.yaml │ │ │ ├── ingress.yaml │ │ │ ├── kustomization.yaml │ │ │ └── mapping.yaml │ │ │ ├── emojivoto │ │ │ ├── emojivoto.yaml │ │ │ ├── host.yaml │ │ │ ├── ingress.yaml │ │ │ ├── kustomization.yaml │ │ │ └── mapping.yaml │ │ │ └── podinfo │ │ │ ├── canary.yaml │ │ │ ├── frontend.yaml │ │ │ ├── generator.yaml │ │ │ ├── host.yaml │ │ │ ├── ingress.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── mapping.yaml │ │ │ ├── nginx-canary.yaml │ │ │ ├── ns.yaml │ │ │ ├── patch.yaml │ │ │ └── smi-canary.yaml │ ├── cleanup.sh │ ├── flux.sh │ ├── launch.sh │ ├── migrate.sh │ ├── refresh.sh │ └── runtime │ │ ├── manifests │ │ ├── cluster.dev.yaml │ │ ├── cluster.prod.yaml │ │ ├── cluster.test.yaml │ │ ├── cluster.yaml │ │ ├── kustomization.yaml │ │ └── repo.yaml │ │ └── source │ │ ├── ambassador │ │ ├── ambassador-helm-release.yaml │ │ ├── ambassador-listener.yaml │ │ ├── ambassador-repo.yaml │ │ ├── ambassador.yaml │ │ └── kustomization.yaml │ │ ├── buoyant │ │ ├── helm-repository.yaml │ │ ├── kustomization.yaml │ │ ├── linkerd-buoyant.yaml │ │ └── namespace.yaml │ │ ├── cert-manager │ │ ├── cert-manager-ns.yaml │ │ ├── cert-manager-repo.yaml │ │ ├── cert-manager.yaml │ │ └── kustomization.yaml │ │ ├── emissary │ │ └── kustomization.yaml │ │ ├── finalizers │ │ ├── acme-solver.yaml │ │ ├── allow-bcloud.yaml │ │ ├── cert-request.yaml │ │ ├── hosts.yaml │ │ ├── ingress.yaml │ │ ├── issuer.yaml │ │ ├── kustomization.yaml │ │ ├── mappings.yaml │ │ └── namespace.yaml │ │ ├── flagger │ │ ├── flagger-repo.yaml │ │ ├── flagger.yaml │ │ └── kustomization.yaml │ │ ├── linkerd-multicluster │ │ ├── kustomization.yaml │ │ └── linkerd-multicluster.yaml │ │ ├── linkerd-viz │ │ ├── kustomization.yaml │ │ └── linkerd-viz.yaml │ │ ├── linkerd │ │ ├── certs.yaml │ │ ├── controlplane-test.yaml │ │ ├── kustomization.yaml │ │ ├── linkerd-control-plane.yaml │ │ ├── linkerd-crds.yaml │ │ └── linkerd-repo.yaml │ │ ├── nginx-ingress │ │ ├── kustomization.yaml │ │ └── nginx-ingress.yaml │ │ └── platform │ │ └── platform-mappings.yaml └── weave_gitops_core │ └── steps.sh ├── helm ├── README.md └── takeover.sh ├── init.sh ├── mc-emoji ├── emoji.yaml ├── voting.yaml └── web.yaml ├── multicluster ├── cleanup.sh ├── manifests │ ├── backend.yaml │ └── frontend.yaml ├── steps.sh ├── tab1.sh └── tab2.sh ├── policy ├── manifests │ ├── booksapp │ │ ├── admin_server.yaml │ │ ├── allow_namespace.yaml │ │ ├── allow_viz.yaml │ │ ├── authors_get_policy.yaml │ │ ├── authors_get_route.yaml │ │ ├── authors_modify_policy.yaml │ │ ├── authors_modify_route.yaml │ │ ├── authors_probe.yaml │ │ ├── authors_server.yaml │ │ ├── books_server.yaml │ │ └── webapp_server.yaml │ ├── emojivoto-allow-health.yaml │ ├── emojivoto-allow-prom.yaml │ ├── emojivoto-policy.yaml │ ├── voting_authorization_policy.yaml │ └── voting_server.yaml └── steps.sh ├── service_profiles ├── source │ ├── emojivoto.yaml │ └── podinfo.yaml └── steps.sh ├── tap-tap └── steps.sh ├── telepresence ├── README.md └── steps.sh └── upgrading ├── 2.11 └── steps.sh ├── 9to10.sh └── artifacts └── books.yaml /.wego/apps/linkerd-demos/app.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: wego.weave.works/v1alpha1 3 | kind: Application 4 | metadata: 5 | labels: 6 | wego.weave.works/app-identifier: wego-07b821affa8dbc027a394dfcbd3962a4 7 | name: linkerd-demos 8 | namespace: wego-system 9 | spec: 10 | branch: main 11 | deployment_type: kustomize 12 | path: ./gitops/flux/runtime/manifests/ 13 | source_type: git 14 | url: ssh://git@github.com/JasonMorgan/linkerd-demos.git 15 | -------------------------------------------------------------------------------- /.wego/apps/platform/app.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: wego.weave.works/v1alpha1 3 | kind: Application 4 | metadata: 5 | labels: 6 | wego.weave.works/app-identifier: wego-07b821affa8dbc027a394dfcbd3962a4 7 | name: platform 8 | namespace: wego-system 9 | spec: 10 | branch: main 11 | deployment_type: kustomize 12 | path: ./gitops/flux/runtime/manifests/ 13 | source_type: git 14 | url: ssh://git@github.com/JasonMorgan/linkerd-demos.git 15 | -------------------------------------------------------------------------------- /.wego/targets/gitops/platform/platform-gitops-deploy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | kind: Kustomization 4 | metadata: 5 | name: platform 6 | namespace: wego-system 7 | spec: 8 | interval: 1m0s 9 | path: ./gitops/flux/runtime/manifests 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: platform 14 | 15 | -------------------------------------------------------------------------------- /.wego/targets/gitops/platform/platform-gitops-source.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta1 3 | kind: GitRepository 4 | metadata: 5 | name: platform 6 | namespace: wego-system 7 | spec: 8 | interval: 30s 9 | ref: 10 | branch: main 11 | url: https://github.com/JasonMorgan/linkerd-demos.git 12 | 13 | -------------------------------------------------------------------------------- /.wego/targets/k3d-gitops/linkerd-demos/linkerd-demos-gitops-deploy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | kind: Kustomization 4 | metadata: 5 | name: linkerd-demos 6 | namespace: wego-system 7 | spec: 8 | interval: 1m0s 9 | path: ./gitops/flux/runtime/manifests 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: linkerd-demos 14 | 15 | -------------------------------------------------------------------------------- /.wego/targets/k3d-gitops/linkerd-demos/linkerd-demos-gitops-source.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta1 3 | kind: GitRepository 4 | metadata: 5 | name: linkerd-demos 6 | namespace: wego-system 7 | spec: 8 | interval: 30s 9 | ref: 10 | branch: main 11 | url: https://github.com/JasonMorgan/linkerd-demos.git 12 | 13 | -------------------------------------------------------------------------------- /.wego/targets/k3d-gitops/platform/platform-gitops-deploy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | kind: Kustomization 4 | metadata: 5 | name: platform 6 | namespace: wego-system 7 | spec: 8 | interval: 1m0s 9 | path: ./gitops/flux/runtime/manifests 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: platform 14 | 15 | -------------------------------------------------------------------------------- /.wego/targets/k3d-gitops/platform/platform-gitops-source.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta1 3 | kind: GitRepository 4 | metadata: 5 | name: platform 6 | namespace: wego-system 7 | spec: 8 | interval: 30s 9 | ref: 10 | branch: main 11 | url: https://github.com/JasonMorgan/linkerd-demos.git 12 | 13 | -------------------------------------------------------------------------------- /101/README.md: -------------------------------------------------------------------------------- 1 | # Linkerd Walkthrough 2 | 3 | ## Points to Hit 4 | 5 | ### It's easy 6 | 7 | * Rapid Deploy 8 | * Small Size 9 | * Secure Defaults 10 | * No need for CRDs to get 90% of the benefits 11 | 12 | ### Under the Hood 13 | 14 | * Linkerd2-proxy 15 | * Viz 16 | * Tap 17 | * Edges 18 | * Arm 19 | * Top 20 | * Request Level Load Balancing 21 | * EWMA 22 | * Multi cluster 23 | * Cert Manager 24 | 25 | ### Helm 26 | 27 | * Parity on Templates 28 | * No delta in releases 29 | * Handling certificates 30 | * Certificate Rotation 31 | 32 | ### Runbooks 33 | 34 | * Planning Certificates 35 | * Prometheus 36 | * Multicluster Certs 37 | * Upgrades 38 | 39 | ### 2.10 40 | 41 | * Opaque Ports 42 | * mTLS on TCP ports 43 | * Extensions 44 | -------------------------------------------------------------------------------- /101/demo-magic.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ############################################################################### 4 | # 5 | # demo-magic.sh 6 | # 7 | # Copyright (c) 2015 Paxton Hare 8 | # 9 | # This script lets you script demos in bash. It runs through your demo script when you press 10 | # ENTER. It simulates typing and runs commands. 11 | # 12 | ############################################################################### 13 | 14 | # the speed to "type" the text 15 | TYPE_SPEED=20 16 | 17 | # no wait after "p" or "pe" 18 | NO_WAIT=false 19 | 20 | # if > 0, will pause for this amount of seconds before automatically proceeding with any p or pe 21 | PROMPT_TIMEOUT=0 22 | 23 | # don't show command number unless user specifies it 24 | SHOW_CMD_NUMS=false 25 | 26 | 27 | # handy color vars for pretty prompts 28 | BLACK="\033[0;30m" 29 | BLUE="\033[0;34m" 30 | GREEN="\033[0;32m" 31 | GREY="\033[0;90m" 32 | CYAN="\033[0;36m" 33 | RED="\033[0;31m" 34 | PURPLE="\033[0;35m" 35 | BROWN="\033[0;33m" 36 | WHITE="\033[1;37m" 37 | COLOR_RESET="\033[0m" 38 | 39 | C_NUM=0 40 | 41 | # prompt and command color which can be overriden 42 | DEMO_PROMPT="$ " 43 | DEMO_CMD_COLOR=$WHITE 44 | DEMO_COMMENT_COLOR=$GREY 45 | 46 | ## 47 | # prints the script usage 48 | ## 49 | function usage() { 50 | echo -e "" 51 | echo -e "Usage: $0 [options]" 52 | echo -e "" 53 | echo -e "\tWhere options is one or more of:" 54 | echo -e "\t-h\tPrints Help text" 55 | echo -e "\t-d\tDebug mode. Disables simulated typing" 56 | echo -e "\t-n\tNo wait" 57 | echo -e "\t-w\tWaits max the given amount of seconds before proceeding with demo (e.g. '-w5')" 58 | echo -e "" 59 | } 60 | 61 | ## 62 | # wait for user to press ENTER 63 | # if $PROMPT_TIMEOUT > 0 this will be used as the max time for proceeding automatically 64 | ## 65 | function wait() { 66 | if [[ "$PROMPT_TIMEOUT" == "0" ]]; then 67 | read -rs 68 | else 69 | read -rst "$PROMPT_TIMEOUT" 70 | fi 71 | } 72 | 73 | ## 74 | # print command only. Useful for when you want to pretend to run a command 75 | # 76 | # takes 1 param - the string command to print 77 | # 78 | # usage: p "ls -l" 79 | # 80 | ## 81 | function p() { 82 | if [[ ${1:0:1} == "#" ]]; then 83 | cmd=$DEMO_COMMENT_COLOR$1$COLOR_RESET 84 | else 85 | cmd=$DEMO_CMD_COLOR$1$COLOR_RESET 86 | fi 87 | 88 | # render the prompt 89 | x=$(PS1="$DEMO_PROMPT" "$BASH" --norc -i &1 | sed -n '${s/^\(.*\)exit$/\1/p;}') 90 | 91 | # show command number is selected 92 | if $SHOW_CMD_NUMS; then 93 | printf "[$((++C_NUM))] $x" 94 | else 95 | printf "$x" 96 | fi 97 | 98 | # wait for the user to press a key before typing the command 99 | if !($NO_WAIT); then 100 | wait 101 | fi 102 | 103 | if [[ -z $TYPE_SPEED ]]; then 104 | echo -en "$cmd" 105 | else 106 | echo -en "$cmd" | pv -qL $[$TYPE_SPEED+(-2 + RANDOM%5)]; 107 | fi 108 | 109 | # wait for the user to press a key before moving on 110 | if !($NO_WAIT); then 111 | wait 112 | fi 113 | echo "" 114 | } 115 | 116 | ## 117 | # Prints and executes a command 118 | # 119 | # takes 1 parameter - the string command to run 120 | # 121 | # usage: pe "ls -l" 122 | # 123 | ## 124 | function pe() { 125 | # print the command 126 | p "$@" 127 | 128 | # execute the command 129 | eval "$@" 130 | } 131 | 132 | ## 133 | # Enters script into interactive mode 134 | # 135 | # and allows newly typed commands to be executed within the script 136 | # 137 | # usage : cmd 138 | # 139 | ## 140 | function cmd() { 141 | # render the prompt 142 | x=$(PS1="$DEMO_PROMPT" "$BASH" --norc -i &1 | sed -n '${s/^\(.*\)exit$/\1/p;}') 143 | printf "$x\033[0m" 144 | read command 145 | eval "${command}" 146 | } 147 | 148 | 149 | function check_pv() { 150 | command -v pv >/dev/null 2>&1 || { 151 | 152 | echo "" 153 | echo -e "${RED}##############################################################" 154 | echo "# HOLD IT!! I require pv but it's not installed. Aborting." >&2; 155 | echo -e "${RED}##############################################################" 156 | echo "" 157 | echo -e "${COLOR_RESET}Installing pv:" 158 | echo "" 159 | echo -e "${BLUE}Mac:${COLOR_RESET} $ brew install pv" 160 | echo "" 161 | echo -e "${BLUE}Other:${COLOR_RESET} http://www.ivarch.com/programs/pv.shtml" 162 | echo -e "${COLOR_RESET}" 163 | exit 1; 164 | } 165 | } 166 | 167 | check_pv 168 | # 169 | # handle some default params 170 | # -h for help 171 | # -d for disabling simulated typing 172 | # 173 | while getopts ":dhncw:" opt; do 174 | case $opt in 175 | h) 176 | usage 177 | exit 1 178 | ;; 179 | d) 180 | unset TYPE_SPEED 181 | ;; 182 | n) 183 | NO_WAIT=true 184 | ;; 185 | c) 186 | SHOW_CMD_NUMS=true 187 | ;; 188 | w) 189 | PROMPT_TIMEOUT=$OPTARG 190 | ;; 191 | esac 192 | done 193 | -------------------------------------------------------------------------------- /101/podinfo/canary.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: flagger.app/v1beta1 2 | kind: Canary 3 | metadata: 4 | name: podinfo 5 | namespace: podinfo 6 | spec: 7 | # deployment reference 8 | targetRef: 9 | apiVersion: apps/v1 10 | kind: Deployment 11 | name: podinfo 12 | # HPA reference (optional) 13 | autoscalerRef: 14 | apiVersion: autoscaling/v2beta2 15 | kind: HorizontalPodAutoscaler 16 | name: podinfo 17 | # the maximum time in seconds for the canary deployment 18 | # to make progress before it is rollback (default 600s) 19 | progressDeadlineSeconds: 60 20 | service: 21 | # ClusterIP port number 22 | port: 9898 23 | # container port number or name (optional) 24 | targetPort: 9898 25 | analysis: 26 | # schedule interval (default 60s) 27 | interval: 5s 28 | # max number of failed metric checks before rollback 29 | threshold: 5 30 | # max traffic percentage routed to canary 31 | # percentage (0-100) 32 | maxWeight: 95 33 | # canary increment step 34 | # percentage (0-100) 35 | stepWeight: 5 36 | # Linkerd Prometheus checks 37 | metrics: 38 | - name: request-success-rate 39 | # minimum req success rate (non 5xx responses) 40 | # percentage (0-100) 41 | thresholdRange: 42 | min: 99 43 | interval: 1m 44 | - name: request-duration 45 | # maximum req duration P99 46 | # milliseconds 47 | thresholdRange: 48 | max: 500 49 | interval: 30s 50 | 51 | -------------------------------------------------------------------------------- /101/podinfo/frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: frontend 5 | namespace: podinfo 6 | data: 7 | nginx.conf: |- 8 | pid /tmp/pid; 9 | error_log stderr; 10 | events {} 11 | http { 12 | client_body_temp_path /tmp/client_temp; 13 | proxy_temp_path /tmp/proxy_temp_path; 14 | fastcgi_temp_path /tmp/fastcgi_temp; 15 | uwsgi_temp_path /tmp/uwsgi_temp; 16 | scgi_temp_path /tmp/scgi_temp; 17 | server { 18 | listen 8080; 19 | set $east "east"; 20 | set $west "west"; 21 | location / { 22 | proxy_pass http://podinfo:9898; 23 | proxy_http_version 1.1; 24 | } 25 | } 26 | } 27 | --- 28 | apiVersion: apps/v1 29 | kind: Deployment 30 | metadata: 31 | name: frontend 32 | namespace: podinfo 33 | labels: 34 | app: frontend 35 | spec: 36 | selector: 37 | matchLabels: 38 | app: frontend 39 | replicas: 1 40 | template: 41 | metadata: 42 | annotations: 43 | labels: 44 | app: frontend 45 | spec: 46 | containers: 47 | - name: nginx 48 | image: nginx:alpine 49 | volumeMounts: 50 | - name: cfg 51 | mountPath: /etc/nginx/nginx.conf 52 | subPath: nginx.conf 53 | - name: nginx-conf-d 54 | mountPath: /etc/nginx/conf.d 55 | - name: nginx-tmp 56 | mountPath: /tmp 57 | resources: 58 | requests: 59 | cpu: 10m 60 | memory: 10Mi 61 | securityContext: 62 | runAsUser: 1337 63 | volumes: 64 | - name: cfg 65 | configMap: 66 | name: frontend 67 | - name: nginx-conf-d 68 | emptyDir: {} 69 | - name: nginx-tmp 70 | emptyDir: {} 71 | --- 72 | apiVersion: v1 73 | kind: Service 74 | metadata: 75 | labels: 76 | mirror.linkerd.io/exported: "true" 77 | name: frontend 78 | namespace: podinfo 79 | spec: 80 | ports: 81 | - name: service 82 | port: 8080 83 | selector: 84 | app: frontend -------------------------------------------------------------------------------- /101/podinfo/generator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: generator 6 | labels: 7 | app: generator 8 | spec: 9 | selector: 10 | matchLabels: 11 | app: generator 12 | replicas: 1 13 | template: 14 | metadata: 15 | labels: 16 | app: generator 17 | spec: 18 | containers: 19 | - image: buoyantio/slow_cooker:1.2.0 20 | name: default 21 | env: 22 | - name: QPS 23 | value: "5" 24 | - name: CONCURRENCY 25 | value: "10" 26 | - name: SERVICE 27 | value: frontend 28 | - name: PORT 29 | value: "8080" 30 | command: ["/bin/sh", "-c"] 31 | args: 32 | - |- 33 | sed -e "s/\${SERVICE}/$SERVICE/" -e "s/\${PORT}/$PORT/" /tmp/urls | slow_cooker -qps ${QPS} -concurrency ${CONCURRENCY} @- 34 | resources: 35 | requests: 36 | cpu: 10m 37 | memory: 10Mi 38 | securityContext: 39 | runAsUser: 1337 40 | volumeMounts: 41 | - name: cfg 42 | mountPath: /tmp/ 43 | volumes: 44 | - name: cfg 45 | configMap: 46 | name: generator 47 | --- 48 | apiVersion: v1 49 | kind: ConfigMap 50 | metadata: 51 | name: generator 52 | data: 53 | urls: |- 54 | http://${SERVICE}:${PORT} 55 | http://${SERVICE}:${PORT}/healthz 56 | http://${SERVICE}:${PORT}/readyz 57 | http://${SERVICE}:${PORT}/configs 58 | http://${SERVICE}:${PORT}/env 59 | http://${SERVICE}:${PORT}/headers -------------------------------------------------------------------------------- /101/podinfo/ingress.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: networking.k8s.io/v1beta1 # for k3s < v1.19 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: podinfo 6 | annotations: 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | spec: 9 | rules: 10 | - http: 11 | paths: 12 | - path: / 13 | pathType: Prefix 14 | backend: 15 | service: 16 | name: frontend 17 | port: 18 | number: 8080 19 | -------------------------------------------------------------------------------- /101/podinfo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: podinfo 2 | bases: 3 | - github.com/stefanprodan/podinfo/kustomize/?ref=5.1.3 4 | 5 | resources: 6 | - frontend.yaml 7 | - ns.yaml 8 | # - ingress.yaml 9 | - generator.yaml 10 | # - canary.yaml 11 | - mapping.yaml 12 | 13 | patchesStrategicMerge: 14 | - patch.yaml -------------------------------------------------------------------------------- /101/podinfo/mapping.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Mapping 4 | metadata: 5 | name: podinfo 6 | spec: 7 | prefix: / 8 | service: podinfo.podinfo:9898 9 | hostname: "*" 10 | rewrite: "" -------------------------------------------------------------------------------- /101/podinfo/ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: podinfo 5 | annotations: 6 | linkerd.io/inject: enabled -------------------------------------------------------------------------------- /101/podinfo/patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: podinfo 5 | spec: 6 | replicas: 3 7 | template: 8 | spec: 9 | containers: 10 | - name: podinfod 11 | securityContext: 12 | runAsUser: 1337 13 | env: 14 | - name: PODINFO_UI_COLOR 15 | value: '#008000' # #008000 #1919FF 16 | # - name: PODINFO_UI_MESSAGE 17 | # value: 'Hello from Version 2!' 18 | --- 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: podinfo 23 | labels: 24 | # mirror.linkerd.io/exported: "true" 25 | 26 | 27 | -------------------------------------------------------------------------------- /101/service_profiles/source/booksapp.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: linkerd.io/v1alpha2 3 | kind: ServiceProfile 4 | metadata: 5 | creationTimestamp: null 6 | name: webapp.booksapp.svc.cluster.local 7 | namespace: booksapp 8 | spec: 9 | routes: 10 | - condition: 11 | method: GET 12 | pathRegex: / 13 | name: GET / 14 | - condition: 15 | method: POST 16 | pathRegex: /authors 17 | name: POST /authors 18 | - condition: 19 | method: GET 20 | pathRegex: /authors/[^/]* 21 | name: GET /authors/{id} 22 | - condition: 23 | method: POST 24 | pathRegex: /authors/[^/]*/delete 25 | name: POST /authors/{id}/delete 26 | - condition: 27 | method: POST 28 | pathRegex: /authors/[^/]*/edit 29 | name: POST /authors/{id}/edit 30 | - condition: 31 | method: POST 32 | pathRegex: /books 33 | name: POST /books 34 | - condition: 35 | method: GET 36 | pathRegex: /books/[^/]* 37 | name: GET /books/{id} 38 | - condition: 39 | method: POST 40 | pathRegex: /books/[^/]*/delete 41 | name: POST /books/{id}/delete 42 | - condition: 43 | method: POST 44 | pathRegex: /books/[^/]*/edit 45 | name: POST /books/{id}/edit 46 | --- 47 | apiVersion: linkerd.io/v1alpha2 48 | kind: ServiceProfile 49 | metadata: 50 | creationTimestamp: null 51 | name: authors.booksapp.svc.cluster.local 52 | namespace: booksapp 53 | spec: 54 | routes: 55 | - condition: 56 | method: GET 57 | pathRegex: /authors\.json 58 | name: GET /authors.json 59 | - condition: 60 | method: POST 61 | pathRegex: /authors\.json 62 | name: POST /authors.json 63 | - condition: 64 | method: DELETE 65 | pathRegex: /authors/[^/]*\.json 66 | name: DELETE /authors/{id}.json 67 | - condition: 68 | method: GET 69 | pathRegex: /authors/[^/]*\.json 70 | name: GET /authors/{id}.json 71 | - condition: 72 | method: HEAD 73 | pathRegex: /authors/[^/]*\.json 74 | name: HEAD /authors/{id}.json 75 | --- 76 | apiVersion: linkerd.io/v1alpha2 77 | kind: ServiceProfile 78 | metadata: 79 | creationTimestamp: null 80 | name: books.booksapp.svc.cluster.local 81 | namespace: booksapp 82 | spec: 83 | routes: 84 | - condition: 85 | method: GET 86 | pathRegex: /books\.json 87 | name: GET /books.json 88 | - condition: 89 | method: POST 90 | pathRegex: /books\.json 91 | name: POST /books.json 92 | - condition: 93 | method: DELETE 94 | pathRegex: /books/[^/]*\.json 95 | name: DELETE /books/{id}.json 96 | - condition: 97 | method: GET 98 | pathRegex: /books/[^/]*\.json 99 | name: GET /books/{id}.json 100 | - condition: 101 | method: PUT 102 | pathRegex: /books/[^/]*\.json 103 | name: PUT /books/{id}.json 104 | -------------------------------------------------------------------------------- /101/steps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/env bash 2 | # shellcheck source=demo-magic.sh 3 | source demo-magic.sh 4 | k3d cluster delete 101 > /dev/null 2>&1 || true 5 | k3d cluster create 101 > /dev/null 2>&1 6 | curl -sL https://run.linkerd.io/emojivoto.yml | kubectl apply -f - 7 | clear 8 | 9 | pe "curl -sL https://run.linkerd.io/install | sh" 10 | wait 11 | clear 12 | 13 | pe "export PATH=\$PATH:\$HOME/.linkerd2/bin" 14 | clear 15 | 16 | pe "linkerd version" 17 | wait 18 | clear 19 | 20 | pe "linkerd check --pre" 21 | wait 22 | clear 23 | 24 | pe "linkerd install" 25 | wait 26 | clear 27 | 28 | pe "linkerd install | kubectl apply -f -" 29 | wait 30 | clear 31 | 32 | # pe "watch kubectl get pods -n linkerd" 33 | # wait 34 | # clear 35 | 36 | pe "linkerd check" 37 | wait 38 | clear 39 | 40 | pe "kubectl get pods -n linkerd" 41 | wait 42 | clear 43 | 44 | pe "linkerd viz install | kubectl apply -f -" 45 | wait 46 | clear 47 | 48 | pe "linkerd viz check" 49 | wait 50 | clear 51 | 52 | pe "kubectl get pods -n linkerd-viz" 53 | wait 54 | clear 55 | 56 | pe "linkerd viz dashboard" 57 | wait 58 | clear 59 | 60 | # pe "curl -sL https://run.linkerd.io/emojivoto.yml | kubectl apply -f -" 61 | # wait 62 | # clear 63 | 64 | # pe "kubectl -n emojivoto port-forward svc/web-svc 8080:80 &" 65 | # wait 66 | # clear 67 | 68 | pe "kubectl get -n emojivoto deploy -o yaml | linkerd inject - | kubectl apply -f -" 69 | wait 70 | clear 71 | 72 | pe "linkerd -n emojivoto check --proxy" 73 | wait 74 | clear 75 | 76 | pe "watch linkerd viz -n emojivoto stat deploy" 77 | wait 78 | clear 79 | 80 | pe "linkerd viz edges -n emojivoto deploy" 81 | wait 82 | clear 83 | 84 | pe "linkerd viz -n emojivoto tap deploy/web" 85 | wait 86 | clear 87 | 88 | # linkerd -n emojivoto stat deploy -o json 89 | 90 | # linkerd tap deploy/web -n emojivoto --to deploy/voting -o json 91 | -------------------------------------------------------------------------------- /101/welcome-script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/env bash 2 | # shellcheck source=demo-magic.sh 3 | source demo-magic.sh 4 | clear 5 | rm /home/jason/.linkerd2/bin/linkerd-stable-2.10.0 > /dev/null 2>&1 6 | 7 | # curl -sL https://run.linkerd.io/emojivoto.yml | kubectl apply -f - > /dev/null 2>&1 8 | 9 | pe "kubectl get pods -n emojivoto" 10 | wait 11 | clear 12 | 13 | pe "curl -sL https://run.linkerd.io/install | sh" 14 | wait 15 | clear 16 | 17 | pe "export PATH=\$PATH:\$HOME/.linkerd2/bin" 18 | clear 19 | 20 | pe "linkerd version" 21 | wait 22 | clear 23 | 24 | pe "linkerd check --pre" 25 | wait 26 | clear 27 | 28 | pe "linkerd install | kubectl apply -f -" 29 | wait 30 | clear 31 | 32 | pe "linkerd check" 33 | wait 34 | clear 35 | 36 | pe "linkerd viz install | kubectl apply -f -" 37 | wait 38 | clear 39 | 40 | pe "linkerd viz check" 41 | wait 42 | clear 43 | 44 | 45 | pe "kubectl get -n emojivoto deploy -o yaml | linkerd inject - | kubectl apply -f -" 46 | wait 47 | clear 48 | 49 | pe "linkerd -n emojivoto check --proxy" 50 | wait 51 | clear 52 | 53 | pe "linkerd viz dashboard" 54 | wait 55 | clear 56 | 57 | # linkerd -n emojivoto stat deploy -o json 58 | 59 | # linkerd tap deploy/web -n emojivoto --to deploy/voting -o json -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # linkerd-demos 2 | -------------------------------------------------------------------------------- /civo-meetup/steps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/env bash 2 | 3 | 4 | 5 | # civo cluster create 6 | 7 | civo kubernetes create linkerd-ingress -n 3 -s g3.k3s.small -w -y 8 | 9 | civo kubernetes config linkerd-ingress > ~/.clusters/civo 10 | 11 | kubectl ns default 12 | 13 | # Install Linkerd and flagger 14 | 15 | 16 | flux install 17 | 18 | kubectl apply -f ~/git_repos/buoyant/gitops_examples/flux/runtime/manifests/ 19 | 20 | ## new tab watch pods 21 | 22 | linkerd check 23 | 24 | # Create podinfo 25 | 26 | kubectl apply -k ~/git_repos/buoyant/gitops_examples/flux/apps/source/podinfo/ 27 | 28 | kubectl ns podinfo 29 | 30 | # launch dashboard - in another tab 31 | watch linkerd viz dashboard 32 | 33 | # Launch Traffic generator - in another tab 34 | 35 | while true; do curl http:///; done 36 | 37 | ## Look at dashboard and edges 38 | 39 | watch linkerd viz edges deploy 40 | 41 | ### No traefik data 42 | ### Explain what that means 43 | 44 | # inject traefik 45 | 46 | k get deploy -n kube-system traefik -o yaml | linkerd inject - | k apply -f - 47 | 48 | # Checkout dashboard 49 | 50 | # Talk through canary 51 | 52 | micro ~/git_repos/buoyant/gitops_examples/flux/apps/source/podinfo/kustomization.yaml 53 | 54 | kubectl apply -k ~/git_repos/buoyant/gitops_examples/flux/apps/source/podinfo/ 55 | 56 | k get canary 57 | 58 | k get svc 59 | 60 | k get deploy 61 | 62 | # Talk through traffic split 63 | 64 | k describe trafficsplit podinfo 65 | 66 | # update color 67 | 68 | micro ~/git_repos/buoyant/gitops_examples/flux/apps/source/podinfo/patch.yaml 69 | 70 | kubectl apply -k ~/git_repos/buoyant/gitops_examples/flux/apps/source/podinfo/ 71 | 72 | watch linkerd viz stat ts 73 | 74 | # Watch UI 75 | 76 | # Talk through what happened, or didn't happen 77 | 78 | # re inject traefik with ingress mode 79 | 80 | k get deploy -n kube-system traefik -o yaml | linkerd inject --ingress - | k apply -f - 81 | 82 | ## Talk through annotation and linkerd docs 83 | yat ~/git_repos/buoyant/gitops_examples/flux/apps/source/podinfo/ingress.yaml 84 | 85 | ## Show ingress docs 86 | 87 | # Bump deployment color 88 | 89 | micro ~/git_repos/buoyant/gitops_examples/flux/apps/source/podinfo/patch.yaml 90 | 91 | # redeploy 92 | 93 | k apply -k ~/git_repos/buoyant/gitops_examples/flux/apps/source/podinfo/ 94 | 95 | watch linkerd viz stat ts 96 | 97 | # watch UI 98 | 99 | # cleanup 100 | 101 | civo kubernetes delete linkerd-ingress -y 102 | # k ctx -d linkerd-ingress 103 | rm $KUBECONFIG 104 | 105 | # Update kustomization 106 | micro ~/git_repos/buoyant/gitops_examples/flux/apps/source/podinfo/kustomization.yaml -------------------------------------------------------------------------------- /demo-magic.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ############################################################################### 4 | # 5 | # demo-magic.sh 6 | # 7 | # Copyright (c) 2015 Paxton Hare 8 | # 9 | # This script lets you script demos in bash. It runs through your demo script when you press 10 | # ENTER. It simulates typing and runs commands. 11 | # 12 | ############################################################################### 13 | 14 | # the speed to "type" the text 15 | TYPE_SPEED=20 16 | 17 | # no wait after "p" or "pe" 18 | NO_WAIT=false 19 | 20 | # if > 0, will pause for this amount of seconds before automatically proceeding with any p or pe 21 | PROMPT_TIMEOUT=0 22 | 23 | # don't show command number unless user specifies it 24 | SHOW_CMD_NUMS=false 25 | 26 | 27 | # handy color vars for pretty prompts 28 | BLACK="\033[0;30m" 29 | BLUE="\033[0;34m" 30 | GREEN="\033[0;32m" 31 | GREY="\033[0;90m" 32 | CYAN="\033[0;36m" 33 | RED="\033[0;31m" 34 | PURPLE="\033[0;35m" 35 | BROWN="\033[0;33m" 36 | WHITE="\033[1;37m" 37 | COLOR_RESET="\033[0m" 38 | 39 | C_NUM=0 40 | 41 | # prompt and command color which can be overriden 42 | DEMO_PROMPT="$ " 43 | DEMO_CMD_COLOR=$WHITE 44 | DEMO_COMMENT_COLOR=$GREY 45 | 46 | ## 47 | # prints the script usage 48 | ## 49 | function usage() { 50 | echo -e "" 51 | echo -e "Usage: $0 [options]" 52 | echo -e "" 53 | echo -e "\tWhere options is one or more of:" 54 | echo -e "\t-h\tPrints Help text" 55 | echo -e "\t-d\tDebug mode. Disables simulated typing" 56 | echo -e "\t-n\tNo wait" 57 | echo -e "\t-w\tWaits max the given amount of seconds before proceeding with demo (e.g. '-w5')" 58 | echo -e "" 59 | } 60 | 61 | ## 62 | # wait for user to press ENTER 63 | # if $PROMPT_TIMEOUT > 0 this will be used as the max time for proceeding automatically 64 | ## 65 | function wait() { 66 | if [[ "$PROMPT_TIMEOUT" == "0" ]]; then 67 | read -rs 68 | else 69 | read -rst "$PROMPT_TIMEOUT" 70 | fi 71 | } 72 | 73 | ## 74 | # print command only. Useful for when you want to pretend to run a command 75 | # 76 | # takes 1 param - the string command to print 77 | # 78 | # usage: p "ls -l" 79 | # 80 | ## 81 | function p() { 82 | if [[ ${1:0:1} == "#" ]]; then 83 | cmd=$DEMO_COMMENT_COLOR$1$COLOR_RESET 84 | else 85 | cmd=$DEMO_CMD_COLOR$1$COLOR_RESET 86 | fi 87 | 88 | # render the prompt 89 | x=$(PS1="$DEMO_PROMPT" "$BASH" --norc -i &1 | sed -n '${s/^\(.*\)exit$/\1/p;}') 90 | 91 | # show command number is selected 92 | if $SHOW_CMD_NUMS; then 93 | printf "[$((++C_NUM))] $x" 94 | else 95 | printf "$x" 96 | fi 97 | 98 | # wait for the user to press a key before typing the command 99 | if !($NO_WAIT); then 100 | wait 101 | fi 102 | 103 | if [[ -z $TYPE_SPEED ]]; then 104 | echo -en "$cmd" 105 | else 106 | echo -en "$cmd" | pv -qL $[$TYPE_SPEED+(-2 + RANDOM%5)]; 107 | fi 108 | 109 | # wait for the user to press a key before moving on 110 | if !($NO_WAIT); then 111 | wait 112 | fi 113 | echo "" 114 | } 115 | 116 | ## 117 | # Prints and executes a command 118 | # 119 | # takes 1 parameter - the string command to run 120 | # 121 | # usage: pe "ls -l" 122 | # 123 | ## 124 | function pe() { 125 | # print the command 126 | p "$@" 127 | 128 | # execute the command 129 | eval "$@" 130 | } 131 | 132 | ## 133 | # Enters script into interactive mode 134 | # 135 | # and allows newly typed commands to be executed within the script 136 | # 137 | # usage : cmd 138 | # 139 | ## 140 | function cmd() { 141 | # render the prompt 142 | x=$(PS1="$DEMO_PROMPT" "$BASH" --norc -i &1 | sed -n '${s/^\(.*\)exit$/\1/p;}') 143 | printf "$x\033[0m" 144 | read command 145 | eval "${command}" 146 | } 147 | 148 | 149 | function check_pv() { 150 | command -v pv >/dev/null 2>&1 || { 151 | 152 | echo "" 153 | echo -e "${RED}##############################################################" 154 | echo "# HOLD IT!! I require pv but it's not installed. Aborting." >&2; 155 | echo -e "${RED}##############################################################" 156 | echo "" 157 | echo -e "${COLOR_RESET}Installing pv:" 158 | echo "" 159 | echo -e "${BLUE}Mac:${COLOR_RESET} $ brew install pv" 160 | echo "" 161 | echo -e "${BLUE}Other:${COLOR_RESET} http://www.ivarch.com/programs/pv.shtml" 162 | echo -e "${COLOR_RESET}" 163 | exit 1; 164 | } 165 | } 166 | 167 | check_pv 168 | # 169 | # handle some default params 170 | # -h for help 171 | # -d for disabling simulated typing 172 | # 173 | while getopts ":dhncw:" opt; do 174 | case $opt in 175 | h) 176 | usage 177 | exit 1 178 | ;; 179 | d) 180 | unset TYPE_SPEED 181 | ;; 182 | n) 183 | NO_WAIT=true 184 | ;; 185 | c) 186 | SHOW_CMD_NUMS=true 187 | ;; 188 | w) 189 | PROMPT_TIMEOUT=$OPTARG 190 | ;; 191 | esac 192 | done 193 | -------------------------------------------------------------------------------- /emissary/README.md: -------------------------------------------------------------------------------- 1 | # Step by Step - Using Linkerd and Emissary 2 | 3 | ## Intro 4 | 5 | Hey folks! Thanks a ton for reading! Today I'm going to go through a step by step tutorial of using Linkerd with Emissary, formerly known as the Ambassador API Gateway from the folks at Ambassador. Emissary is an extremely powerful ingress/API Gateway that relies on Custom Resource definitions to allow you to route and manage traffic to your applications. Linkerd is an open source service mesh that will manage the traffic to and between applications running in Kubernetes. 6 | 7 | By the end of this article you should feel comfortable setting up Linkerd and Emissary in Kubernetes. You should also know how to integrate them together and where to go to learn more. 8 | 9 | ## The Set Up 10 | 11 | What we're using: 12 | 13 | * Kubernetes 14 | * I'm using k3s but any distribution will work for you 15 | * Kubernetes version 1.19.7 16 | * kubectl 17 | * version 1.19.7 18 | * linkerd 19 | * version 2.10.1 20 | * Ambassador API Gateway 21 | * version 1.13.2 22 | * Soon to be Emissary but it's in the process of migrating 23 | * You can learn more about that [here](https://www.youtube.com/watch?v=QDQy-W72KmY&t) 24 | * Some Sample Apps 25 | * Going to use Linkerd's Emojivoto app 26 | * You can use anything you want 27 | 28 | ## Guide 29 | 30 | Tell em the thing. And what they should be learning 31 | 32 | ## Wrap Up 33 | 34 | Tell em what you told them. And what I wanted them to learn 35 | 36 | Thanks so much for reading and I'd love to hear any feedback you have, 37 | 38 | I'm: [twitter](https://twitter.com/RJasonMorgan) or [Linkedin](https://www.linkedin.com/in/jasonmorgan2/). 39 | 40 | Jason 41 | -------------------------------------------------------------------------------- /emissary/cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Cleanup 4 | kubectl get deploy -n emojivoto -o yaml | linkerd uninject - | kubectl apply -f - 5 | kubectl get deploy -n emissary -o yaml | linkerd uninject - | kubectl apply -f - 6 | sleep 15 7 | kubectl delete -f https://app.getambassador.io/yaml/emissary/2.2.2/emissary-crds.yaml 8 | kubectl delete secret wildcard 9 | linkerd viz uninstall | kubectl delete -f - 10 | linkerd uninstall | kubectl delete -f - 11 | helm delete -n emissary emissary-ingress -------------------------------------------------------------------------------- /emissary/emojivote.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v2 3 | kind: Mapping 4 | metadata: 5 | name: emoji 6 | spec: 7 | prefix: / 8 | service: web-svc.emojivoto 9 | rewrite: "" 10 | # --- 11 | # apiVersion: getambassador.io/v2 12 | # kind: Host 13 | # metadata: 14 | # name: localhost 15 | # spec: 16 | # hostname: localhost 17 | # acmeProvider: 18 | # authority: none 19 | # requestPolicy: 20 | # insecure: 21 | # action: Route -------------------------------------------------------------------------------- /emissary/init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | civo kubernetes delete infra -y 4 | civo kubernetes create infra -v 1.21.2+k3s1 -n 3 -w -y -r Traefik -s g3.k3s.small 5 | civo kubernetes config infra > ~/.kube/configs/infra 6 | export KUBECONFIG=~/.kube/configs/infra 7 | linkerd install | k apply -f - && linkerd check 8 | linkerd viz install | k apply -f - && linkerd check 9 | kubectl create namespace ambassador && helm install ambassador --namespace ambassador datawire/ambassador --set replicaCount=1 && kubectl -n ambassador wait --for condition=available --timeout=90s deploy -lproduct=aes 10 | k get deployments.apps -n ambassador ambassador -o yaml | linkerd inject --skip-inbound-ports "80,443" - | k apply -f - 11 | kubectl apply -f https://buoyant.cloud/agent/buoyant-cloud-k8s-infra-suFLPSa7Aeeex89Z-doqipOxEDtXxkcFNMdAhkLfxhQevCCNKAGWzQ0JTZzU=.yml 12 | curl -sL https://run.linkerd.io/emojivoto.yml | linkerd inject - | k apply -f - 13 | k create ns booksapp 14 | curl -sL https://run.linkerd.io/booksapp.yml | linkerd inject - | k apply -n booksapp -f - 15 | kubectl apply -f ~/git_repos/jasonmorgan/linkerd-demos/101/service_profiles/source/booksapp.yaml 16 | k create ns argo-rollouts 17 | kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml 18 | k apply -f manifests/podinfo/rollout.yaml 19 | k apply -f manifests/podinfo/mapping.yaml -------------------------------------------------------------------------------- /emissary/kubecon.sh: -------------------------------------------------------------------------------- 1 | #!/bin/env bash 2 | source ../demo-magic.sh 3 | # k3d cluster delete emissary > /dev/null 2>&1 || true 4 | k3d cluster create emissary -p "80:80@loadbalancer" -p "443:443@loadbalancer" --k3s-arg '--no-deploy=traefik@server:*;agents:*' > /dev/null 2>&1 || true 5 | kubectl ns default 6 | curl -sL https://run.linkerd.io/emojivoto.yml | kubectl apply -f - 7 | 8 | clear 9 | 10 | 11 | ## Install emissary 12 | pe "helm repo add datawire https://www.getambassador.io" 13 | wait 14 | clear 15 | 16 | pe "kubectl apply -f https://app.getambassador.io/yaml/emissary/2.2.2/emissary-crds.yaml" 17 | wait 18 | clear 19 | 20 | pe "kubectl wait --timeout=90s --for=condition=available deployment emissary-apiext -n emissary-system" 21 | wait 22 | clear 23 | 24 | pe "helm install -n emissary --create-namespace emissary-ingress datawire/emissary-ingress --set replicaCount=1 --wait" 25 | # helm install -n emissary --create-namespace emissary-ingress ./emissary/emissary-ingress-7.3.2.tgz --set replicaCount=1 --wait 26 | wait 27 | clear 28 | 29 | pe "kubectl create secret tls wildcard --cert ~/.certs/config/live/k8s.59s.io/cert.pem --key ~/.certs/config/live/k8s.59s.io/privkey.pem" 30 | wait 31 | clear 32 | 33 | pe "bat -l yaml manifests/podinfo/all-in-one.yaml" 34 | wait 35 | clear 36 | 37 | pe "kubectl apply -f manifests/podinfo/all-in-one.yaml" 38 | wait 39 | clear 40 | 41 | # pe "kubectl get ambassador-crds" 42 | # wait 43 | # clear 44 | 45 | ## Install Linkerd 46 | pe "curl -sL https://run.linkerd.io/install | sh" 47 | wait 48 | clear 49 | 50 | pe "export PATH=\$PATH:\$HOME/.linkerd2/bin" 51 | clear 52 | 53 | pe "linkerd version" 54 | wait 55 | clear 56 | 57 | pe "linkerd check --pre" 58 | wait 59 | clear 60 | 61 | pe "linkerd install | kubectl apply -f - && linkerd check" 62 | wait 63 | clear 64 | 65 | pe "linkerd viz install | kubectl apply -f - && linkerd viz check" 66 | wait 67 | clear 68 | 69 | ## Instegrate apps 70 | pe "kubectl get deploy -n emissary emissary-ingress -o yaml | linkerd inject - | kubectl apply -f -" 71 | wait 72 | clear 73 | 74 | pe "kubectl get deploy -n emojivoto -o yaml | linkerd inject - | kubectl apply -f -" 75 | wait 76 | clear 77 | 78 | pe "linkerd check -n emojivoto --proxy" 79 | wait 80 | clear 81 | 82 | pe "linkerd viz tap deployment/emissary-ingress --namespace emissary --to deployment/web --to-namespace emojivoto --path / -o json" 83 | wait 84 | clear 85 | 86 | p "fin" 87 | wait 88 | clear 89 | 90 | -------------------------------------------------------------------------------- /emissary/linkerd-module.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v2 3 | kind: Module 4 | metadata: 5 | name: ambassador 6 | namespace: ambassador 7 | spec: 8 | config: 9 | # add_linkerd_headers: true 10 | -------------------------------------------------------------------------------- /emissary/linkerd-viz.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v2 3 | kind: Mapping 4 | metadata: 5 | name: linkerd-viz 6 | spec: 7 | prefix: / 8 | host: "linkerd.k8s.59s.io" 9 | # host_regex: true 10 | host_rewrite: web.linkerd-viz.svc.cluster.local:8084 11 | service: web.linkerd-viz.svc.cluster.local:8084 12 | rewrite: "" 13 | allow_upgrade: 14 | - websocket 15 | remove_request_headers: 16 | - Origin 17 | -------------------------------------------------------------------------------- /emissary/manifests/hosts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v2 3 | kind: Host 4 | metadata: 5 | name: podinfo 6 | spec: 7 | hostname: "podinfo.k8s.59s.io" 8 | acmeProvider: 9 | email: jmorgan@f9vs.com 10 | --- 11 | apiVersion: getambassador.io/v2 12 | kind: Host 13 | metadata: 14 | name: booksapp 15 | spec: 16 | hostname: "booksapp.k8s.59s.io" 17 | acmeProvider: 18 | email: jmorgan@f9vs.com 19 | --- 20 | apiVersion: getambassador.io/v2 21 | kind: Host 22 | metadata: 23 | name: qotm 24 | spec: 25 | hostname: "qotm.k8s.59s.io" 26 | acmeProvider: 27 | email: jmorgan@f9vs.com 28 | --- 29 | apiVersion: getambassador.io/v2 30 | kind: Host 31 | metadata: 32 | name: emojivoto 33 | spec: 34 | hostname: "emojivoto.k8s.59s.io" 35 | acmeProvider: 36 | email: jmorgan@f9vs.com 37 | --- 38 | apiVersion: getambassador.io/v2 39 | kind: Host 40 | metadata: 41 | name: dashboard 42 | spec: 43 | hostname: "dashboard.k8s.59s.io" 44 | acmeProvider: 45 | email: jmorgan@f9vs.com -------------------------------------------------------------------------------- /emissary/manifests/listener.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Listener 4 | metadata: 5 | name: edge-stack-listener-8080 6 | namespace: ambassador 7 | spec: 8 | port: 8080 9 | protocol: HTTP 10 | securityModel: XFP 11 | hostBinding: 12 | namespace: 13 | from: ALL 14 | --- 15 | apiVersion: getambassador.io/v3alpha1 16 | kind: Listener 17 | metadata: 18 | name: edge-stack-listener-8443 19 | namespace: ambassador 20 | spec: 21 | port: 8443 22 | protocol: HTTPS 23 | securityModel: XFP 24 | hostBinding: 25 | namespace: 26 | from: ALL -------------------------------------------------------------------------------- /emissary/manifests/mappings.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Mapping 4 | metadata: 5 | name: emojivoto 6 | namespace: emojivoto 7 | spec: 8 | prefix: / 9 | service: web-svc.emojivoto:80 10 | rewrite: "" 11 | host: emojivoto.k8s.59s.io 12 | --- 13 | apiVersion: getambassador.io/v3alpha1 14 | kind: Mapping 15 | metadata: 16 | name: booksapp 17 | namespace: booksapp 18 | spec: 19 | prefix: / 20 | service: webapp.booksapp:7000 21 | rewrite: "" 22 | host: booksapp.k8s.59s.io 23 | --- 24 | apiVersion: getambassador.io/v3alpha1 25 | kind: Mapping 26 | metadata: 27 | name: dashboard 28 | namespace: linkerd-viz 29 | spec: 30 | prefix: / 31 | service: web.linkerd-viz:8084 32 | host_rewrite: web.linkerd-viz.svc.cluster.local:8084 33 | rewrite: "" 34 | host: dashboard.k8s.59s.io 35 | allow_upgrade: 36 | - websocket 37 | remove_request_headers: 38 | - Origin 39 | --- 40 | apiVersion: getambassador.io/v3alpha1 41 | kind: Mapping 42 | metadata: 43 | name: quote-backend 44 | spec: 45 | prefix: / 46 | service: quote 47 | host: qotm.k8s.59s.io 48 | -------------------------------------------------------------------------------- /emissary/manifests/notes.md: -------------------------------------------------------------------------------- 1 | * What it is 2 | * Emissary 3 | * Linkerd 4 | * Concepts 5 | * N/S 6 | * E/W 7 | * Integration 8 | * It just works 9 | * Quick start ( Daniel ) 10 | * Emissary 11 | * Linkerd 12 | * Integration (jason) 13 | * Add proxy to emissary 14 | * generate traffic (swithc clusters) 15 | * Linkerd viz -------------------------------------------------------------------------------- /emissary/manifests/podinfo/all-in-one.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Host 4 | metadata: 5 | name: emojivoto 6 | namespace: default 7 | spec: 8 | hostname: "emojivoto.k8s.59s.io" 9 | acmeProvider: 10 | email: jmorgan@f9vs.com 11 | tlsSecret: 12 | name: wildcard 13 | --- 14 | apiVersion: getambassador.io/v3alpha1 15 | kind: Mapping 16 | metadata: 17 | name: emojivoto 18 | namespace: default 19 | spec: 20 | prefix: / 21 | service: web-svc.emojivoto:80 22 | rewrite: "" 23 | host: emojivoto.k8s.59s.io 24 | --- 25 | apiVersion: getambassador.io/v3alpha1 26 | kind: Mapping 27 | metadata: 28 | name: dashboard 29 | namespace: default 30 | spec: 31 | prefix: / 32 | service: web.linkerd-viz:8084 33 | host_rewrite: web.linkerd-viz.svc.cluster.local:8084 34 | rewrite: "" 35 | host: dashboard.k8s.59s.io 36 | allow_upgrade: 37 | - websocket 38 | remove_request_headers: 39 | - Origin 40 | --- 41 | apiVersion: getambassador.io/v3alpha1 42 | kind: Host 43 | metadata: 44 | name: dashboard 45 | namespace: default 46 | spec: 47 | hostname: "dashboard.k8s.59s.io" 48 | acmeProvider: 49 | email: jmorgan@f9vs.com 50 | tlsSecret: 51 | name: wildcard 52 | --- 53 | apiVersion: getambassador.io/v3alpha1 54 | kind: Listener 55 | metadata: 56 | name: edge-stack-listener-8080 57 | namespace: default 58 | spec: 59 | port: 8080 60 | protocol: HTTP 61 | securityModel: XFP 62 | hostBinding: 63 | namespace: 64 | from: ALL 65 | --- 66 | apiVersion: getambassador.io/v3alpha1 67 | kind: Listener 68 | metadata: 69 | name: edge-stack-listener-8443 70 | namespace: default 71 | spec: 72 | port: 8443 73 | protocol: HTTPS 74 | securityModel: XFP 75 | hostBinding: 76 | namespace: 77 | from: ALL -------------------------------------------------------------------------------- /emissary/manifests/podinfo/mapping.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Mapping 4 | metadata: 5 | name: podinfo 6 | namespace: podinfo 7 | spec: 8 | prefix: / 9 | service: podinfo.podinfo:9898 10 | rewrite: "" 11 | host: podinfo.k8s.59s.io -------------------------------------------------------------------------------- /emissary/qotm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: qotm 5 | annotations: 6 | linkerd.io/inject: enabled 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: qotm 12 | namespace: qotm 13 | spec: 14 | replicas: 1 15 | selector: 16 | matchLabels: 17 | app: qotm 18 | template: 19 | metadata: 20 | labels: 21 | app: qotm 22 | spec: 23 | containers: 24 | - name: qotm 25 | image: docker.io/datawire/qotm:1.7 26 | ports: 27 | - name: http-api 28 | containerPort: 5000 29 | env: 30 | - name: POD_IP 31 | valueFrom: 32 | fieldRef: 33 | fieldPath: status.podIP 34 | readinessProbe: 35 | httpGet: 36 | path: /health 37 | port: 5000 38 | initialDelaySeconds: 60 39 | periodSeconds: 3 40 | resources: 41 | limits: 42 | cpu: "0.1" 43 | memory: 100Mi 44 | --- 45 | apiVersion: v1 46 | kind: Service 47 | metadata: 48 | name: qotm-linkerd2 49 | namespace: qotm 50 | spec: 51 | ports: 52 | - name: http 53 | port: 80 54 | targetPort: 5000 55 | selector: 56 | app: qotm 57 | --- 58 | -------------------------------------------------------------------------------- /emissary/quote-backend.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v2 3 | kind: Mapping 4 | metadata: 5 | name: linkerd2-qotm 6 | spec: 7 | prefix: /qotm-linkerd2/ 8 | service: qotm-linkerd2.qotm.svc.cluster.local 9 | -------------------------------------------------------------------------------- /emissary/steps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/env bash 2 | source ../demo-magic.sh 3 | k3d cluster delete emissary > /dev/null 2>&1 || true 4 | k3d cluster create emissary -p "8080:80@loadbalancer" -p "8443:443@loadbalancer" --k3s-arg '--no-deploy=traefik@server:*;agents:*' > /dev/null 2>&1 5 | k ns default 6 | 7 | clear 8 | 9 | pe "helm repo add datawire https://www.getambassador.io" 10 | wait 11 | clear 12 | 13 | pe "kubectl apply -f https://app.getambassador.io/yaml/edge-stack/2.2.0/aes-crds.yaml" 14 | wait 15 | clear 16 | 17 | pe "kubectl wait --timeout=90s --for=condition=available deployment emissary-apiext -n emissary-system" 18 | wait 19 | clear 20 | 21 | pe "kubectl create namespace ambassador" 22 | wait 23 | clear 24 | 25 | pe "helm install -n ambassador edge-stack datawire/edge-stack" 26 | wait 27 | clear 28 | 29 | pe "kubectl rollout status -n ambassador deployment/edge-stack -w" 30 | wait 31 | clear 32 | 33 | pe "bat -l yaml manifests/listener.yaml" 34 | wait 35 | clear 36 | 37 | pe "kubectl apply -f manifests/listener.yaml" 38 | wait 39 | clear 40 | 41 | pe "curl -sL https://run.linkerd.io/install | sh" 42 | wait 43 | clear 44 | 45 | pe "export PATH=\$PATH:\$HOME/.linkerd2/bin" 46 | clear 47 | 48 | pe "linkerd version" 49 | wait 50 | clear 51 | 52 | pe "linkerd check --pre" 53 | wait 54 | clear 55 | 56 | pe "linkerd install | kubectl apply -f - && linkerd check" 57 | wait 58 | clear 59 | 60 | pe "linkerd viz install | kubectl apply -f - && linkerd viz check" 61 | wait 62 | clear 63 | 64 | pe "kubectl get deploy -n ambassador edge-stack -o yaml | linkerd inject --skip-inbound-ports \"80,443\" - | kubectl apply -f -" 65 | wait 66 | clear 67 | 68 | pe "bat -l yaml ../101/podinfo/mapping.yaml" 69 | wait 70 | clear 71 | 72 | # pe "curl -sL https://run.linkerd.io/emojivoto.yml | linkerd inject - | kubectl apply -f -" 73 | # wait 74 | # clear 75 | 76 | pe "kubectl apply -k ../101/podinfo/" 77 | wait 78 | clear 79 | 80 | p 'fin' 81 | wait 82 | -------------------------------------------------------------------------------- /failover/cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | civo k8s delete east west -y -------------------------------------------------------------------------------- /failover/manifests/emoji-ts.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: split.smi-spec.io/v1alpha2 2 | kind: TrafficSplit 3 | metadata: 4 | name: emoji-svc 5 | namespace: emojivoto 6 | annotations: 7 | failover.linkerd.io/primary-service: emoji-svc 8 | labels: 9 | failover.linkerd.io/controlled-by: linkerd-failover 10 | spec: 11 | service: emoji-svc 12 | backends: 13 | - service: emoji-svc 14 | weight: 1 15 | - service: emoji-svc-prod2 16 | weight: 0 17 | -------------------------------------------------------------------------------- /failover/manifests/vote-ts.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: split.smi-spec.io/v1alpha2 2 | kind: TrafficSplit 3 | metadata: 4 | name: voting-svc 5 | namespace: emojivoto 6 | annotations: 7 | failover.linkerd.io/primary-service: voting-svc 8 | labels: 9 | failover.linkerd.io/controlled-by: linkerd-failover 10 | spec: 11 | service: voting-svc 12 | backends: 13 | - service: voting-svc 14 | weight: 1 15 | - service: voting-svc-prod2 16 | weight: 0 17 | -------------------------------------------------------------------------------- /failover/manifests/web-ts.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: split.smi-spec.io/v1alpha2 2 | kind: TrafficSplit 3 | metadata: 4 | name: web-svc 5 | namespace: emojivoto 6 | annotations: 7 | failover.linkerd.io/primary-service: web-svc 8 | labels: 9 | failover.linkerd.io/controlled-by: linkerd-failover 10 | spec: 11 | service: web-svc 12 | backends: 13 | - service: web-svc 14 | weight: 1 15 | - service: web-svc-prod2 16 | weight: 0 17 | -------------------------------------------------------------------------------- /failover/script.sh: -------------------------------------------------------------------------------- 1 | alias k=kubectl 2 | 3 | ######################## 4 | ## Multicluster Setup ## 5 | ######################## 6 | 7 | # In west 8 | ######### 9 | k config use-context west 10 | # Install emojivoto 11 | k apply -f https://run.linkerd.io/emojivoto.yml 12 | # Check it's working 13 | k -n emojivoto port-forward svc/web-svc 8080:80 14 | # Delete all but vote-bot 15 | k -n emojivoto delete deploy voting web emoji 16 | # Install linkerd and the viz and multicluster extensions 17 | linkerd install | k apply -f - 18 | linkerd viz install | k apply -f - 19 | linkerd mc install | k apply -f - 20 | # Get the trust-root 21 | k -n linkerd get cm linkerd-identity-trust-roots -oyaml > west-root.crt 22 | vim west-root.crt 23 | # Create certs for east 24 | step certificate create root.linkerd.cluster.local root.crt root.key --profile root-ca --no-password --insecure 25 | step certificate create identity.linkerd.cluster.local issuer.crt issuer.key --profile intermediate-ca --not-after 8760h --no-password --insecure --ca root.crt --ca-key root.key 26 | cat west-root.crt root.crt > bundle.crt 27 | # Upgrade linkerd with bundled root 28 | linkerd upgrade --identity-trust-anchors-file=./bundle.crt | k apply -f - 29 | 30 | # In east 31 | ######### 32 | k config use-context east 33 | # Install linkerd and the multicluster extension, inject emojivoto 34 | linkerd install \ 35 | --identity-trust-anchors-file bundle.crt \ 36 | --identity-issuer-certificate-file issuer.crt \ 37 | --identity-issuer-key-file issuer.key | \ 38 | k apply -f - 39 | linkerd mc install | k apply -f - 40 | linkerd inject https://run.linkerd.io/emojivoto.yml | k apply -f - 41 | # Check LB and the gateway auth 42 | k -n linkerd-multicluster get svc 43 | k -n linkerd-multicluster get serverauthorizations.policy.linkerd.io linkerd-gateway -oyaml 44 | # Delete vote-bot and export web 45 | k -n emojivoto delete deploy vote-bot 46 | k -n emojivoto label svc web-svc mirror.linkerd.io/exported=true 47 | # Create link 48 | linkerd mc link --cluster-name east > link.yml 49 | vim link.yml 50 | # Check the token used for connecting to east's kube-api service 51 | k -n linkerd-multicluster get secret 52 | # we can also use this to add more service accounts 53 | linkerd mc allow 54 | 55 | # In west 56 | ######### 57 | k config use-context west 58 | # Apply link and check multicluster connection, new service and endpoint 59 | k apply -f link.yml 60 | # Check the cluster-credentials-east secret 61 | k -n linkerd-multicluster get secret cluster-credentials-east -ojson | jq .data.kubeconfig | tr -d '"' | base64 -d 62 | # Check the connection between clusters was established 63 | linkerd mc gateways 64 | k -n emojivoto get svc 65 | k -n emojivoto get ep 66 | # Vote-bot can't yet reach east 67 | k -n emojivoto logs -f vote-bot-xxx vote-bot 68 | # Create curl deployment for tests 69 | k create deployment curl --image curlimages/curl 70 | # Add this for the pod to continue running: 71 | # command: [ "/bin/sh", "-c", "--" ] 72 | # args: [ "sleep infinity" ] 73 | k edit deploy curl 74 | # Attempt connecting to the gateway from outside the mesh 75 | k exec -ti curl-8468dbf5fd-tp4wj sh 76 | curl http://web-svc-east.emojivoto.svc.cluster.local 77 | # In a separate window, check the connection denial on east 78 | k --context east -n linkerd-multicluster logs -f linkerd-gateway-6c4658f9d8-5fjm8 linkerd-proxy 79 | # Inject curl and try again 80 | k get deploy curl -oyaml | linkerd inject - | k apply -f - 81 | k exec -ti curl-xxx -c curl sh 82 | curl http://web-svc-east.emojivoto.svc.cluster.local 83 | # Edit vote-bot to inject and change WEB_HOST, and then check logs again 84 | k -n emojivoto edit deploy vote-bot 85 | k -n emojivoto logs -f vote-bot-xxx vote-bot 86 | 87 | ############## 88 | ## Failover ## 89 | ############## 90 | 91 | # Reinstall emojivoto 92 | linkerd inject https://run.linkerd.io/emojivoto.yml | k apply -f - 93 | # Install the linkerd-smi extension (ONLY REQUIRED IF RUNNING 2.12!) 94 | helm repo add linkerd-smi https://linkerd.github.io/linkerd-smi 95 | helm repo up 96 | helm install linkerd-smi -n linkerd-smi --create-namespace linkerd-smi/linkerd-smi 97 | # Install traffic-split resource and tail the web-svc log in both clusters 98 | vim traffic-split.yml 99 | k apply -f traffic-split.yml 100 | k -n emojivoto logs -f voting-xxx voting-svc 101 | k --context east -n emojivoto logs -f voting-xxx voting-svc 102 | # Switch all traffic to east 103 | k -n emojivoto edit ts web-svc 104 | # Switch all traffic back to west 105 | k -n emojivoto edit ts web-svc 106 | # Install the linkerd-failover extension 107 | helm repo add linkerd-edge https://helm.linkerd.io/edge 108 | helm repo up 109 | helm install linkerd-failover -n linkerd-failover --create-namespace --devel linkerd-edge/linkerd-failover 110 | # Scale down web-svc on west 111 | k -n emojivoto scale --replicas 0 deploy web 112 | # Check changes on the traffic-split 113 | k -n emojivoto get ts web-svc -oyaml 114 | # Scale back web-svc on west 115 | k -n emojivoto scale --replicas 1 deploy web 116 | # Check changes on the traffic-split 117 | k -n emojivoto get ts web-svc -oyaml 118 | 119 | alias wts="watch kubectl get ts web-svc --output=custom-columns='NAME:.metadata.name,LOCAL_NAME:.spec.backends[0].service,LOCAL_WEIGHT:.spec.backends[0].weight,REMOTE_NAME:.spec.backends[1].service,REMOTE:.spec.backends[1].weight'" -------------------------------------------------------------------------------- /failover/setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | civo kubernetes create east -n 1 -s g4s.kube.large -w -y --region PHX1 4 | civo kubernetes create west -n 1 -s g4s.kube.large -w -y --region PHX1 5 | 6 | civo kubernetes config east > ~/.kube/configs/east 7 | civo kubernetes config west > ~/.kube/configs/west 8 | 9 | kubectl apply -f https://run.linkerd.io/emojivoto.yml --kubeconfig ~/.kube/configs/east 10 | kubectl apply -f https://run.linkerd.io/emojivoto.yml --kubeconfig ~/.kube/configs/west 11 | -------------------------------------------------------------------------------- /failover/tab1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source ../demo-magic.sh 4 | clear 5 | 6 | rm ~/tmp/ca/* 7 | 8 | pe "step certificate create root.linkerd.cluster.local ~/tmp/ca/root.crt ~/tmp/ca/root.key --profile root-ca --no-password --insecure" 9 | wait 10 | clear 11 | 12 | pe "step certificate create identity.linkerd.cluster.local ~/tmp/ca/issuer.west.crt ~/tmp/ca/issuer.west.key --profile intermediate-ca --not-after 8760h --no-password --insecure --ca root.crt --ca-key root.key" 13 | wait 14 | clear 15 | 16 | pe "step certificate create identity.linkerd.cluster.local issuer.east.crt issuer.east.key --profile intermediate-ca --not-after 8760h --no-password --insecure --ca root.crt --ca-key root.key" 17 | wait 18 | clear 19 | 20 | pe "export KUBECONFIG=~/.kube/configs/east" 21 | wait 22 | clear 23 | 24 | pe "linkerd install --crds | kubectl apply -f -" 25 | wait 26 | clear 27 | 28 | pe "linkerd install --identity-trust-anchors-file ~/tmp/ca/root.crt --identity-issuer-certificate-file ~/tmp/ca/issuer.east.crt --identity-issuer-key-file ~/tmp/ca/issuer.east.key | kubectl apply --kubeconfig ~/.kube/configs/east -f - && linkerd check" 29 | wait 30 | clear 31 | 32 | pe "linkerd smi install | kubectl apply -f - && linkerd check" 33 | wait 34 | clear 35 | 36 | pe "linkerd multicluster install | kubectl apply -f - && linkerd check" 37 | wait 38 | clear 39 | 40 | pe "linkerd viz install | kubectl apply -f - && linkerd check" 41 | wait 42 | clear 43 | 44 | pe "linkerd multicluster link --kubeconfig ~/.kube/configs/west --cluster-name west | kubectl apply --kubeconfig ~/.kube/configs/east -f -" 45 | wait 46 | clear 47 | 48 | pe "kubectl apply -f manifests/" 49 | wait 50 | clear 51 | 52 | pe "bat -lyaml web-ts.yaml" 53 | wait 54 | clear 55 | 56 | pe "kubectl scale deploy web --replicas 0 -n emojivoto" 57 | wait 58 | clear 59 | 60 | pe "linkerd viz stat deploy -n emojivoto" 61 | wait 62 | clear 63 | 64 | pe "kubectl scale deploy web --replicas 1 -n emojivoto" 65 | wait 66 | clear 67 | 68 | # Cleanup 69 | 70 | civo kubernetes delete east -y 71 | 72 | civo kubernetes delete west -y 73 | 74 | rm -rf ~/tmp/ca/* 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | -------------------------------------------------------------------------------- /failover/tab2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source ../demo-magic.sh 4 | clear 5 | 6 | pe "cd ~/tmp/ca" 7 | wait 8 | clear 9 | 10 | pe "civo kubernetes config west > ~/.kube/configs/west" 11 | wait 12 | clear 13 | 14 | pe "export KUBECONFIG=~/.kube/configs/west" 15 | wait 16 | clear 17 | 18 | pe "linkerd install --crds | kubectl apply -f -" 19 | wait 20 | clear 21 | 22 | pe "linkerd install --identity-trust-anchors-file ~/tmp/ca/root.crt --identity-issuer-certificate-file ~/tmp/ca/issuer.west.crt --identity-issuer-key-file ~/tmp/ca/issuer.west.key | kubectl apply --kubeconfig ~/.kube/configs/west -f - && linkerd check" 23 | wait 24 | clear 25 | 26 | pe "linkerd smi install | kubectl apply -f - && linkerd check" 27 | wait 28 | clear 29 | 30 | pe "linkerd multicluster install | kubectl apply -f - && linkerd check" 31 | wait 32 | clear 33 | 34 | pe "linkerd viz install | kubectl apply -f - && linkerd check" 35 | wait 36 | clear 37 | 38 | pe "kubectl label svc web-svc -n emojivoto mirror.linkerd.io/exported=true" 39 | wait 40 | clear 41 | 42 | 43 | 44 | pe "kubectl -n emojivoto get ts web-svc" 45 | wait 46 | clear 47 | 48 | pe "" 49 | wait 50 | clear 51 | 52 | pe "" 53 | wait 54 | clear 55 | 56 | 57 | -------------------------------------------------------------------------------- /gitops/argo-rollouts/demo-magic.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ############################################################################### 4 | # 5 | # demo-magic.sh 6 | # 7 | # Copyright (c) 2015 Paxton Hare 8 | # 9 | # This script lets you script demos in bash. It runs through your demo script when you press 10 | # ENTER. It simulates typing and runs commands. 11 | # 12 | ############################################################################### 13 | 14 | # the speed to "type" the text 15 | TYPE_SPEED=20 16 | 17 | # no wait after "p" or "pe" 18 | NO_WAIT=false 19 | 20 | # if > 0, will pause for this amount of seconds before automatically proceeding with any p or pe 21 | PROMPT_TIMEOUT=0 22 | 23 | # don't show command number unless user specifies it 24 | SHOW_CMD_NUMS=false 25 | 26 | 27 | # handy color vars for pretty prompts 28 | BLACK="\033[0;30m" 29 | BLUE="\033[0;34m" 30 | GREEN="\033[0;32m" 31 | GREY="\033[0;90m" 32 | CYAN="\033[0;36m" 33 | RED="\033[0;31m" 34 | PURPLE="\033[0;35m" 35 | BROWN="\033[0;33m" 36 | WHITE="\033[1;37m" 37 | COLOR_RESET="\033[0m" 38 | 39 | C_NUM=0 40 | 41 | # prompt and command color which can be overriden 42 | DEMO_PROMPT="$ " 43 | DEMO_CMD_COLOR=$WHITE 44 | DEMO_COMMENT_COLOR=$GREY 45 | 46 | ## 47 | # prints the script usage 48 | ## 49 | function usage() { 50 | echo -e "" 51 | echo -e "Usage: $0 [options]" 52 | echo -e "" 53 | echo -e "\tWhere options is one or more of:" 54 | echo -e "\t-h\tPrints Help text" 55 | echo -e "\t-d\tDebug mode. Disables simulated typing" 56 | echo -e "\t-n\tNo wait" 57 | echo -e "\t-w\tWaits max the given amount of seconds before proceeding with demo (e.g. '-w5')" 58 | echo -e "" 59 | } 60 | 61 | ## 62 | # wait for user to press ENTER 63 | # if $PROMPT_TIMEOUT > 0 this will be used as the max time for proceeding automatically 64 | ## 65 | function wait() { 66 | if [[ "$PROMPT_TIMEOUT" == "0" ]]; then 67 | read -rs 68 | else 69 | read -rst "$PROMPT_TIMEOUT" 70 | fi 71 | } 72 | 73 | ## 74 | # print command only. Useful for when you want to pretend to run a command 75 | # 76 | # takes 1 param - the string command to print 77 | # 78 | # usage: p "ls -l" 79 | # 80 | ## 81 | function p() { 82 | if [[ ${1:0:1} == "#" ]]; then 83 | cmd=$DEMO_COMMENT_COLOR$1$COLOR_RESET 84 | else 85 | cmd=$DEMO_CMD_COLOR$1$COLOR_RESET 86 | fi 87 | 88 | # render the prompt 89 | x=$(PS1="$DEMO_PROMPT" "$BASH" --norc -i &1 | sed -n '${s/^\(.*\)exit$/\1/p;}') 90 | 91 | # show command number is selected 92 | if $SHOW_CMD_NUMS; then 93 | printf "[$((++C_NUM))] $x" 94 | else 95 | printf "$x" 96 | fi 97 | 98 | # wait for the user to press a key before typing the command 99 | if !($NO_WAIT); then 100 | wait 101 | fi 102 | 103 | if [[ -z $TYPE_SPEED ]]; then 104 | echo -en "$cmd" 105 | else 106 | echo -en "$cmd" | pv -qL $[$TYPE_SPEED+(-2 + RANDOM%5)]; 107 | fi 108 | 109 | # wait for the user to press a key before moving on 110 | if !($NO_WAIT); then 111 | wait 112 | fi 113 | echo "" 114 | } 115 | 116 | ## 117 | # Prints and executes a command 118 | # 119 | # takes 1 parameter - the string command to run 120 | # 121 | # usage: pe "ls -l" 122 | # 123 | ## 124 | function pe() { 125 | # print the command 126 | p "$@" 127 | 128 | # execute the command 129 | eval "$@" 130 | } 131 | 132 | ## 133 | # Enters script into interactive mode 134 | # 135 | # and allows newly typed commands to be executed within the script 136 | # 137 | # usage : cmd 138 | # 139 | ## 140 | function cmd() { 141 | # render the prompt 142 | x=$(PS1="$DEMO_PROMPT" "$BASH" --norc -i &1 | sed -n '${s/^\(.*\)exit$/\1/p;}') 143 | printf "$x\033[0m" 144 | read command 145 | eval "${command}" 146 | } 147 | 148 | 149 | function check_pv() { 150 | command -v pv >/dev/null 2>&1 || { 151 | 152 | echo "" 153 | echo -e "${RED}##############################################################" 154 | echo "# HOLD IT!! I require pv but it's not installed. Aborting." >&2; 155 | echo -e "${RED}##############################################################" 156 | echo "" 157 | echo -e "${COLOR_RESET}Installing pv:" 158 | echo "" 159 | echo -e "${BLUE}Mac:${COLOR_RESET} $ brew install pv" 160 | echo "" 161 | echo -e "${BLUE}Other:${COLOR_RESET} http://www.ivarch.com/programs/pv.shtml" 162 | echo -e "${COLOR_RESET}" 163 | exit 1; 164 | } 165 | } 166 | 167 | check_pv 168 | # 169 | # handle some default params 170 | # -h for help 171 | # -d for disabling simulated typing 172 | # 173 | while getopts ":dhncw:" opt; do 174 | case $opt in 175 | h) 176 | usage 177 | exit 1 178 | ;; 179 | d) 180 | unset TYPE_SPEED 181 | ;; 182 | n) 183 | NO_WAIT=true 184 | ;; 185 | c) 186 | SHOW_CMD_NUMS=true 187 | ;; 188 | w) 189 | PROMPT_TIMEOUT=$OPTARG 190 | ;; 191 | esac 192 | done 193 | -------------------------------------------------------------------------------- /gitops/argo-rollouts/init.sh: -------------------------------------------------------------------------------- 1 | . ../demo-magic.sh 2 | clear 3 | 4 | k3d cluster delete rollouts &>/dev/null 5 | k3d cluster create rollouts -p "8000:80@loadbalancer" -s 3 &>/dev/null 6 | 7 | pe "linkerd install | k apply -f - && linkerd check" 8 | pe "linkerd viz install | k apply -f - && linkerd viz check" 9 | 10 | #curl -sL https://run.linkerd.io/emojivoto.yml | linkerd inject - | kubectl apply -f - 11 | 12 | pe "kubectl get deploy -n kube-system traefik -o yaml | linkerd inject --skip-inbound-ports --ingress - | kubectl apply -f -" 13 | 14 | 15 | pe "kubectl create namespace argo-rollouts" 16 | pe "kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml" 17 | 18 | pe "kubectl apply -f manifests/podinfo.yaml" 19 | -------------------------------------------------------------------------------- /gitops/argo-rollouts/manifests/gs-rollout-smi.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Rollout 3 | metadata: 4 | name: rollouts-demo 5 | spec: 6 | replicas: 1 7 | strategy: 8 | canary: 9 | canaryService: rollouts-demo-canary 10 | stableService: rollouts-demo-stable 11 | trafficRouting: 12 | smi: 13 | rootService: rollout-demo 14 | steps: 15 | - setWeight: 10 16 | - pause: {} 17 | - setWeight: 50 18 | - pause: {} 19 | - setWeight: 80 20 | - pause: {} 21 | revisionHistoryLimit: 5 22 | selector: 23 | matchLabels: 24 | app: rollouts-demo 25 | template: 26 | metadata: 27 | annotations: 28 | linkerd.io/inject: enabled 29 | labels: 30 | app: rollouts-demo 31 | spec: 32 | containers: 33 | - name: rollouts-demo 34 | image: argoproj/rollouts-demo:blue 35 | ports: 36 | - name: http 37 | containerPort: 8080 38 | protocol: TCP 39 | resources: 40 | requests: 41 | memory: 32Mi 42 | cpu: 5m 43 | -------------------------------------------------------------------------------- /gitops/argo-rollouts/manifests/gs-rollout.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Rollout 3 | metadata: 4 | name: rollouts-demo 5 | spec: 6 | replicas: 3 7 | strategy: 8 | canary: 9 | steps: 10 | - setWeight: 20 11 | - pause: {} 12 | - setWeight: 40 13 | - pause: {duration: 10} 14 | - setWeight: 60 15 | - pause: {duration: 10} 16 | - setWeight: 80 17 | - pause: {duration: 10} 18 | revisionHistoryLimit: 2 19 | selector: 20 | matchLabels: 21 | app: rollouts-demo 22 | template: 23 | metadata: 24 | annotations: 25 | linkerd.io/inject: enabled 26 | labels: 27 | app: rollouts-demo 28 | spec: 29 | containers: 30 | - name: rollouts-demo 31 | image: argoproj/rollouts-demo:green 32 | ports: 33 | - name: http 34 | containerPort: 8080 35 | protocol: TCP 36 | resources: 37 | requests: 38 | memory: 32Mi 39 | cpu: 5m 40 | -------------------------------------------------------------------------------- /gitops/argo-rollouts/manifests/gs-service-smi.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: rollouts-demo-canary 5 | spec: 6 | ports: 7 | - port: 80 8 | targetPort: http 9 | protocol: TCP 10 | name: http 11 | selector: 12 | app: rollouts-demo 13 | # This selector will be updated with the pod-template-hash of the canary ReplicaSet. e.g.: 14 | # rollouts-pod-template-hash: 7bf84f9696 15 | 16 | --- 17 | apiVersion: v1 18 | kind: Service 19 | metadata: 20 | name: rollouts-demo-stable 21 | spec: 22 | ports: 23 | - port: 80 24 | targetPort: http 25 | protocol: TCP 26 | name: http 27 | selector: 28 | app: rollouts-demo 29 | # This selector will be updated with the pod-template-hash of the stable ReplicaSet. e.g.: 30 | # rollouts-pod-template-hash: 789746c88d 31 | --- 32 | apiVersion: v1 33 | kind: Service 34 | metadata: 35 | name: rollouts-demo 36 | spec: 37 | ports: 38 | - port: 80 39 | targetPort: http 40 | protocol: TCP 41 | name: http 42 | selector: 43 | app: rollouts-demo 44 | -------------------------------------------------------------------------------- /gitops/argo-rollouts/manifests/gs-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: rollouts-demo 5 | spec: 6 | ports: 7 | - port: 80 8 | targetPort: http 9 | protocol: TCP 10 | name: http 11 | selector: 12 | app: rollouts-demo 13 | -------------------------------------------------------------------------------- /gitops/argo-rollouts/manifests/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: rollouts-demo-stable 5 | annotations: 6 | ingress.kubernetes.io/custom-request-headers: l5d-dst-override:rollouts-demo-stable.default.svc.cluster.local:80 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | kubernetes.io/ingress.class: traefik 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: rollouts-demo 18 | port: 19 | number: 80 20 | 21 | -------------------------------------------------------------------------------- /gitops/argo-rollouts/steps.md: -------------------------------------------------------------------------------- 1 | # Argo Rollouts 2 | 3 | We're going to go over progressive delivery and dive into Argo rollouts. 4 | 5 | ## What is it? 6 | 7 | It's an open source tool for doing progressive delivery. 8 | 9 | ## Getting Started 10 | 11 | * Checkout Docs 12 | 13 | ### Installing argo rollouts 14 | 15 | * Run the Install 16 | * Checkout CRDs 17 | 18 | ### CRDs 19 | 20 | * Rollouts 21 | * https://argoproj.github.io/argo-rollouts/features/specification.html 22 | * https://argoproj.github.io/argo-rollouts/features/analysis.html#custom-resource-definitions 23 | 24 | ### Demo 25 | 26 | * Simple Demo 27 | * Dashboard 28 | * CLI 29 | * More complex demo with traffic splits 30 | * What's next 31 | 32 | ### Callouts 33 | 34 | * SMI field in rollouts 35 | * Creating Objects 36 | * Services 37 | * Ingress 38 | * Metrics Integration 39 | * Differences with Flagger 40 | * Best Practices 41 | -------------------------------------------------------------------------------- /gitops/argo/apps/podinfo/host.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Host 4 | metadata: 5 | name: podinfo 6 | namespace: podinfo 7 | spec: 8 | hostname: podinfo.civo.59s.io 9 | acmeProvider: 10 | email: jmorgan@f9vs.com 11 | tlsSecret: 12 | name: podinfo -------------------------------------------------------------------------------- /gitops/argo/apps/podinfo/mapping.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Mapping 4 | metadata: 5 | name: podinfo 6 | namespace: default 7 | spec: 8 | prefix: / 9 | service: frontend.podinfo:8080 10 | rewrite: "" 11 | hostname: podinfo.civo.59s.io -------------------------------------------------------------------------------- /gitops/argo/manifests/values.yaml: -------------------------------------------------------------------------------- 1 | ## ArgoCD configuration 2 | ## Ref: https://github.com/argoproj/argo-cd 3 | 4 | ## Server 5 | server: 6 | extraArgs: 7 | - --insecure 8 | -------------------------------------------------------------------------------- /gitops/argo/platform/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: platform 3 | description: Applications 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | appVersion: "1.0" -------------------------------------------------------------------------------- /gitops/argo/platform/ambassador-edge-stack/ambassador-listener.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Listener 4 | metadata: 5 | name: edge-stack-listener-8080 6 | namespace: edge-stack 7 | spec: 8 | port: 8080 9 | protocol: HTTP 10 | --- 11 | apiVersion: getambassador.io/v3alpha1 12 | kind: Listener 13 | metadata: 14 | name: edge-stack-listener-8443 15 | namespace: edge-stack 16 | spec: 17 | port: 8443 18 | protocol: HTTPS -------------------------------------------------------------------------------- /gitops/argo/platform/ambassador-edge-stack/edge-stack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: Application 4 | metadata: 5 | name: edge-stack 6 | namespace: argocd 7 | spec: 8 | destination: 9 | namespace: edge-stack 10 | server: https://kubernetes.default.svc 11 | project: default 12 | source: 13 | chart: edge-stack 14 | repoURL: https://app.getambassador.io 15 | targetRevision: 8.0.0 16 | # helm: 17 | # parameters: 18 | # - name: replicaCount 19 | # value: 1 20 | syncPolicy: 21 | automated: 22 | prune: true 23 | selfHeal: true 24 | syncOptions: 25 | - CreateNamespace=true -------------------------------------------------------------------------------- /gitops/argo/platform/ambassador-edge-stack/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | # - ambassador-listener.yaml 5 | - https://app.getambassador.io/yaml/edge-stack/3.0.0/aes-crds.yaml 6 | - edge-stack.yaml 7 | 8 | patches: 9 | - path: namespace_patch.json 10 | target: 11 | version: v1 12 | kind: Namespace 13 | name: edge-stack 14 | -------------------------------------------------------------------------------- /gitops/argo/platform/ambassador-edge-stack/namespace_patch.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "op": "add", 4 | "path": "/metadata/annotations/linkerd.io~1inject", 5 | "value":"enabled" 6 | } 7 | ] 8 | -------------------------------------------------------------------------------- /gitops/argo/platform/argo-rollouts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml 5 | - namespace.yaml -------------------------------------------------------------------------------- /gitops/argo/platform/argo-rollouts/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Namespace 3 | apiVersion: v1 4 | metadata: 5 | name: argo-rollouts 6 | annotations: 7 | linkerd.io/inject: enabled 8 | -------------------------------------------------------------------------------- /gitops/argo/platform/argocd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: argocd 5 | resources: 6 | - https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml 7 | - ns.yaml 8 | 9 | patchesStrategicMerge: 10 | - patch.yaml -------------------------------------------------------------------------------- /gitops/argo/platform/argocd/ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: argocd -------------------------------------------------------------------------------- /gitops/argo/platform/argocd/patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: argocd-server 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - command: 10 | - argocd-server 11 | - --insecure 12 | name: argocd-server 13 | -------------------------------------------------------------------------------- /gitops/argo/platform/finalizers/hosts.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: getambassador.io/v3alpha1 2 | kind: Host 3 | metadata: 4 | name: dashboard 5 | namespace: linkerd-viz 6 | spec: 7 | hostname: dashboard.civo.59s.io 8 | acmeProvider: 9 | email: jmorgan@f9vs.com 10 | tlsSecret: 11 | name: dashboard 12 | --- 13 | apiVersion: getambassador.io/v3alpha1 14 | kind: Host 15 | metadata: 16 | name: argo 17 | namespace: argocd 18 | spec: 19 | hostname: argocd.civo.59s.io 20 | acmeProvider: 21 | email: jmorgan@f9vs.com 22 | tlsSecret: 23 | name: argo-dashboard 24 | --- 25 | apiVersion: getambassador.io/v3alpha1 26 | kind: Host 27 | metadata: 28 | name: wildcard 29 | namespace: default 30 | spec: 31 | hostname: "*" 32 | requestPolicy: 33 | insecure: 34 | action: Reject -------------------------------------------------------------------------------- /gitops/argo/platform/finalizers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - listeners.yaml 5 | - hosts.yaml 6 | - mappings.yaml 7 | - namespace.yaml -------------------------------------------------------------------------------- /gitops/argo/platform/finalizers/listeners.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Listener 4 | metadata: 5 | name: edge-stack-listener-8080 6 | namespace: edge-stack 7 | spec: 8 | port: 8080 9 | protocol: HTTP 10 | securityModel: XFP 11 | hostBinding: 12 | namespace: 13 | from: ALL 14 | --- 15 | apiVersion: getambassador.io/v3alpha1 16 | kind: Listener 17 | metadata: 18 | name: edge-stack-listener-8443 19 | namespace: edge-stack 20 | spec: 21 | port: 8443 22 | protocol: HTTPS 23 | securityModel: XFP 24 | hostBinding: 25 | namespace: 26 | from: ALL 27 | 28 | -------------------------------------------------------------------------------- /gitops/argo/platform/finalizers/mappings.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: getambassador.io/v3alpha1 2 | kind: Mapping 3 | metadata: 4 | name: dashboard 5 | namespace: default 6 | spec: 7 | prefix: / 8 | service: web.linkerd-viz:8084 9 | host_rewrite: web.linkerd-viz.svc.cluster.local:8084 10 | rewrite: "" 11 | hostname: dashboard.civo.59s.io 12 | allow_upgrade: 13 | - websocket 14 | remove_request_headers: 15 | - Origin 16 | --- 17 | apiVersion: getambassador.io/v3alpha1 18 | kind: Mapping 19 | metadata: 20 | name: argocd-server-ui 21 | namespace: argocd 22 | spec: 23 | hostname: argocd.civo.59s.io 24 | prefix: / 25 | service: argocd-server:443 26 | --- 27 | apiVersion: getambassador.io/v3alpha1 28 | kind: Mapping 29 | metadata: 30 | name: argocd-server-cli 31 | namespace: argocd 32 | spec: 33 | # NOTE: the port must be ignored if you have strip_matching_host_port enabled on envoy 34 | hostname: argocd.civo.59s.io:443 35 | prefix: / 36 | service: argocd-server:80 37 | regex_headers: 38 | Content-Type: "^application/grpc.*$" 39 | grpc: true -------------------------------------------------------------------------------- /gitops/argo/platform/finalizers/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: kube-system 5 | labels: 6 | config.linkerd.io/admission-webhooks: disabled 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /gitops/argo/platform/values.yaml: -------------------------------------------------------------------------------- 1 | spec: 2 | destination: 3 | server: https://kubernetes.default.svc 4 | source: 5 | repoURL: https://github.com/argoproj/argocd-example-apps 6 | targetRevision: HEAD -------------------------------------------------------------------------------- /gitops/argo/rollouts/rollout.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Rollout 3 | metadata: 4 | name: rollouts-demo 5 | spec: 6 | replicas: 5 7 | strategy: 8 | canary: 9 | steps: 10 | - setWeight: 20 11 | - pause: {} 12 | - setWeight: 40 13 | - pause: {duration: 10} 14 | - setWeight: 60 15 | - pause: {duration: 10} 16 | - setWeight: 80 17 | - pause: {duration: 10} 18 | revisionHistoryLimit: 2 19 | selector: 20 | matchLabels: 21 | app: rollouts-demo 22 | template: 23 | metadata: 24 | labels: 25 | app: rollouts-demo 26 | spec: 27 | containers: 28 | - name: rollouts-demo 29 | image: argoproj/rollouts-demo:blue 30 | ports: 31 | - name: http 32 | containerPort: 8080 33 | protocol: TCP 34 | resources: 35 | requests: 36 | memory: 32Mi 37 | cpu: 5m 38 | -------------------------------------------------------------------------------- /gitops/argo/rollouts/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: rollouts-demo 5 | spec: 6 | ports: 7 | - port: 80 8 | targetPort: http 9 | protocol: TCP 10 | name: http 11 | selector: 12 | app: rollouts-demo 13 | -------------------------------------------------------------------------------- /gitops/argo/steps.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JasonMorgan/linkerd-demos/e9ece91eff48e3171b729f4e85678d870d68b2e2/gitops/argo/steps.sh -------------------------------------------------------------------------------- /gitops/flux/apps/manifests/apps.yaml: -------------------------------------------------------------------------------- 1 | # --- 2 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 3 | # kind: Kustomization 4 | # metadata: 5 | # name: podinfo 6 | # namespace: flux-system 7 | # spec: 8 | # interval: 1m0s 9 | # path: ./gitops/flux/apps/source/podinfo 10 | # dependsOn: 11 | # - name: finalizers 12 | # prune: true 13 | # sourceRef: 14 | # kind: GitRepository 15 | # name: gitops 16 | # validation: client 17 | # healthChecks: 18 | # - apiVersion: apps/v1 19 | # kind: Deployment 20 | # name: podinfo 21 | # namespace: podinfo 22 | # - apiVersion: apps/v1 23 | # kind: Deployment 24 | # name: generator 25 | # namespace: podinfo 26 | --- 27 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 28 | kind: Kustomization 29 | metadata: 30 | name: emojivoto 31 | namespace: flux-system 32 | spec: 33 | interval: 1m0s 34 | path: ./gitops/flux/apps/source/emojivoto 35 | dependsOn: 36 | - name: finalizers 37 | prune: true 38 | sourceRef: 39 | kind: GitRepository 40 | name: gitops 41 | validation: client 42 | healthChecks: 43 | - apiVersion: apps/v1 44 | kind: Deployment 45 | name: emoji 46 | namespace: emojivoto 47 | - apiVersion: apps/v1 48 | kind: Deployment 49 | name: vote-bot 50 | namespace: emojivoto 51 | - apiVersion: apps/v1 52 | kind: Deployment 53 | name: web 54 | namespace: emojivoto 55 | - apiVersion: apps/v1 56 | kind: Deployment 57 | name: voting 58 | namespace: emojivoto 59 | --- 60 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 61 | kind: Kustomization 62 | metadata: 63 | name: booksapp 64 | namespace: flux-system 65 | spec: 66 | interval: 1m0s 67 | path: ./gitops/flux/apps/source/booksapp 68 | dependsOn: 69 | - name: finalizers 70 | prune: true 71 | sourceRef: 72 | kind: GitRepository 73 | name: gitops 74 | validation: client 75 | healthChecks: 76 | - apiVersion: apps/v1 77 | kind: Deployment 78 | name: traffic 79 | namespace: booksapp 80 | - apiVersion: apps/v1 81 | kind: Deployment 82 | name: webapp 83 | namespace: booksapp 84 | - apiVersion: apps/v1 85 | kind: Deployment 86 | name: authors 87 | namespace: booksapp 88 | - apiVersion: apps/v1 89 | kind: Deployment 90 | name: books 91 | namespace: booksapp 92 | -------------------------------------------------------------------------------- /gitops/flux/apps/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - apps.yaml 5 | namespace: default -------------------------------------------------------------------------------- /gitops/flux/apps/source/booksapp/booksapp.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: booksapp 5 | annotations: 6 | linkerd.io/inject: enabled 7 | --- 8 | apiVersion: v1 9 | kind: Service 10 | metadata: 11 | name: webapp 12 | namespace: booksapp 13 | labels: 14 | app: webapp 15 | project: booksapp 16 | spec: 17 | selector: 18 | app: webapp 19 | type: ClusterIP 20 | ports: 21 | - name: service 22 | port: 7000 23 | --- 24 | kind: Deployment 25 | apiVersion: apps/v1 26 | metadata: 27 | name: webapp 28 | namespace: booksapp 29 | labels: 30 | app: webapp 31 | project: booksapp 32 | app.kubernetes.io/part-of: booksapp 33 | spec: 34 | replicas: 3 35 | selector: 36 | matchLabels: 37 | app: webapp 38 | project: booksapp 39 | template: 40 | metadata: 41 | labels: 42 | app: webapp 43 | project: booksapp 44 | spec: 45 | dnsPolicy: ClusterFirst 46 | containers: 47 | - name: service 48 | image: buoyantio/booksapp:v0.0.5 49 | env: 50 | - name: DATABASE_URL 51 | value: sqlite3:db/db.sqlite3 52 | - name: AUTHORS_SITE 53 | value: http://authors:7001 54 | - name: BOOKS_SITE 55 | value: http://books:7002 56 | args: ["prod:webapp"] 57 | readinessProbe: 58 | httpGet: 59 | path: /ping 60 | port: 7000 61 | ports: 62 | - name: service 63 | containerPort: 7000 64 | --- 65 | apiVersion: v1 66 | kind: Service 67 | metadata: 68 | name: authors 69 | namespace: booksapp 70 | labels: 71 | app: authors 72 | project: booksapp 73 | spec: 74 | selector: 75 | app: authors 76 | ports: 77 | - name: service 78 | port: 7001 79 | --- 80 | kind: Deployment 81 | apiVersion: apps/v1 82 | metadata: 83 | name: authors 84 | namespace: booksapp 85 | labels: 86 | app: authors 87 | project: booksapp 88 | app.kubernetes.io/part-of: booksapp 89 | spec: 90 | replicas: 1 91 | selector: 92 | matchLabels: 93 | app: authors 94 | project: booksapp 95 | template: 96 | metadata: 97 | labels: 98 | app: authors 99 | project: booksapp 100 | spec: 101 | dnsPolicy: ClusterFirst 102 | containers: 103 | - name: service 104 | image: buoyantio/booksapp:v0.0.5 105 | env: 106 | - name: DATABASE_URL 107 | value: sqlite3:db/db.sqlite3 108 | - name: BOOKS_SITE 109 | value: http://books:7002 110 | - name: FAILURE_RATE 111 | value: "0.5" 112 | args: ["prod:authors"] 113 | readinessProbe: 114 | httpGet: 115 | path: /ping 116 | port: 7001 117 | ports: 118 | - name: service 119 | containerPort: 7001 120 | --- 121 | apiVersion: v1 122 | kind: Service 123 | metadata: 124 | name: books 125 | namespace: booksapp 126 | labels: 127 | app: books 128 | project: booksapp 129 | spec: 130 | selector: 131 | app: books 132 | ports: 133 | - name: service 134 | port: 7002 135 | --- 136 | kind: Deployment 137 | apiVersion: apps/v1 138 | metadata: 139 | name: books 140 | namespace: booksapp 141 | labels: 142 | app: books 143 | project: booksapp 144 | app.kubernetes.io/part-of: booksapp 145 | spec: 146 | replicas: 1 147 | selector: 148 | matchLabels: 149 | app: books 150 | project: booksapp 151 | template: 152 | metadata: 153 | labels: 154 | app: books 155 | project: booksapp 156 | spec: 157 | dnsPolicy: ClusterFirst 158 | containers: 159 | - name: service 160 | image: buoyantio/booksapp:v0.0.5 161 | env: 162 | - name: DATABASE_URL 163 | value: sqlite3:db/db.sqlite3 164 | - name: AUTHORS_SITE 165 | value: http://authors:7001 166 | args: ["prod:books"] 167 | readinessProbe: 168 | httpGet: 169 | path: /ping 170 | port: 7002 171 | ports: 172 | - name: service 173 | containerPort: 7002 174 | --- 175 | kind: Deployment 176 | apiVersion: apps/v1 177 | metadata: 178 | name: traffic 179 | namespace: booksapp 180 | labels: 181 | app: traffic 182 | project: booksapp 183 | app.kubernetes.io/part-of: booksapp 184 | spec: 185 | replicas: 1 186 | selector: 187 | matchLabels: 188 | app: traffic 189 | project: booksapp 190 | template: 191 | metadata: 192 | labels: 193 | app: traffic 194 | project: booksapp 195 | spec: 196 | dnsPolicy: ClusterFirst 197 | containers: 198 | - name: traffic 199 | image: buoyantio/booksapp-traffic:v0.0.3 200 | args: 201 | - "-initial-delay=30s" 202 | - "webapp:7000" 203 | -------------------------------------------------------------------------------- /gitops/flux/apps/source/booksapp/host.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Host 4 | metadata: 5 | name: booksapp 6 | namespace: default 7 | spec: 8 | hostname: booksapp.civo.59s.io 9 | acmeProvider: 10 | email: jmorgan@f9vs.com 11 | # tlsSecret: 12 | # name: wildcard -------------------------------------------------------------------------------- /gitops/flux/apps/source/booksapp/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: booksapp 5 | namespace: booksapp 6 | annotations: 7 | kubernetes.io/ingress.class: "nginx" 8 | nginx.ingress.kubernetes.io/service-upstream: "true" 9 | cert-manager.io/cluster-issuer: letsencrypt-prod 10 | spec: 11 | rules: 12 | - host: booksapp.civo.59s.io 13 | http: 14 | paths: 15 | - path: / 16 | pathType: Prefix 17 | backend: 18 | service: 19 | name: webapp 20 | port: 21 | number: 7000 22 | tls: 23 | - hosts: 24 | - booksapp.civo.59s.io 25 | secretName: booksapp-ingress -------------------------------------------------------------------------------- /gitops/flux/apps/source/booksapp/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - booksapp.yaml 5 | # - ingress.yaml -------------------------------------------------------------------------------- /gitops/flux/apps/source/booksapp/mapping.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Mapping 4 | metadata: 5 | name: booksapp 6 | namespace: default 7 | spec: 8 | prefix: / 9 | service: webapp.booksapp:7000 10 | rewrite: "" 11 | host: booksapp.k8s.59s.io -------------------------------------------------------------------------------- /gitops/flux/apps/source/emojivoto/emojivoto.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: emojivoto 5 | annotations: 6 | linkerd.io/inject: enabled 7 | --- 8 | apiVersion: v1 9 | kind: ServiceAccount 10 | metadata: 11 | name: emoji 12 | namespace: emojivoto 13 | --- 14 | apiVersion: v1 15 | kind: ServiceAccount 16 | metadata: 17 | name: voting 18 | namespace: emojivoto 19 | --- 20 | apiVersion: v1 21 | kind: ServiceAccount 22 | metadata: 23 | name: web 24 | namespace: emojivoto 25 | --- 26 | apiVersion: v1 27 | kind: Service 28 | metadata: 29 | name: emoji-svc 30 | namespace: emojivoto 31 | spec: 32 | ports: 33 | - name: grpc 34 | port: 8080 35 | targetPort: 8080 36 | - name: prom 37 | port: 8801 38 | targetPort: 8801 39 | selector: 40 | app: emoji-svc 41 | --- 42 | apiVersion: v1 43 | kind: Service 44 | metadata: 45 | name: voting-svc 46 | namespace: emojivoto 47 | spec: 48 | ports: 49 | - name: grpc 50 | port: 8080 51 | targetPort: 8080 52 | - name: prom 53 | port: 8801 54 | targetPort: 8801 55 | selector: 56 | app: voting-svc 57 | --- 58 | apiVersion: v1 59 | kind: Service 60 | metadata: 61 | name: web-svc 62 | namespace: emojivoto 63 | spec: 64 | ports: 65 | - name: http 66 | port: 80 67 | targetPort: 8080 68 | selector: 69 | app: web-svc 70 | type: ClusterIP 71 | --- 72 | apiVersion: apps/v1 73 | kind: Deployment 74 | metadata: 75 | labels: 76 | app.kubernetes.io/name: emoji 77 | app.kubernetes.io/part-of: emojivoto 78 | app.kubernetes.io/version: v11 79 | name: emoji 80 | namespace: emojivoto 81 | spec: 82 | replicas: 1 83 | selector: 84 | matchLabels: 85 | app: emoji-svc 86 | version: v11 87 | template: 88 | metadata: 89 | labels: 90 | app: emoji-svc 91 | version: v11 92 | spec: 93 | containers: 94 | - env: 95 | - name: GRPC_PORT 96 | value: "8080" 97 | - name: PROM_PORT 98 | value: "8801" 99 | image: docker.l5d.io/buoyantio/emojivoto-emoji-svc:v11 100 | name: emoji-svc 101 | ports: 102 | - containerPort: 8080 103 | name: grpc 104 | - containerPort: 8801 105 | name: prom 106 | resources: 107 | requests: 108 | cpu: 100m 109 | serviceAccountName: emoji 110 | --- 111 | apiVersion: apps/v1 112 | kind: Deployment 113 | metadata: 114 | labels: 115 | app.kubernetes.io/name: vote-bot 116 | app.kubernetes.io/part-of: emojivoto 117 | app.kubernetes.io/version: v11 118 | name: vote-bot 119 | namespace: emojivoto 120 | spec: 121 | replicas: 1 122 | selector: 123 | matchLabels: 124 | app: vote-bot 125 | version: v11 126 | template: 127 | metadata: 128 | labels: 129 | app: vote-bot 130 | version: v11 131 | spec: 132 | containers: 133 | - command: 134 | - emojivoto-vote-bot 135 | env: 136 | - name: WEB_HOST 137 | value: web-svc.emojivoto:80 138 | image: docker.l5d.io/buoyantio/emojivoto-web:v11 139 | name: vote-bot 140 | resources: 141 | requests: 142 | cpu: 10m 143 | --- 144 | apiVersion: apps/v1 145 | kind: Deployment 146 | metadata: 147 | labels: 148 | app.kubernetes.io/name: voting 149 | app.kubernetes.io/part-of: emojivoto 150 | app.kubernetes.io/version: v11 151 | name: voting 152 | namespace: emojivoto 153 | spec: 154 | replicas: 1 155 | selector: 156 | matchLabels: 157 | app: voting-svc 158 | version: v11 159 | template: 160 | metadata: 161 | labels: 162 | app: voting-svc 163 | version: v11 164 | spec: 165 | containers: 166 | - env: 167 | - name: GRPC_PORT 168 | value: "8080" 169 | - name: PROM_PORT 170 | value: "8801" 171 | image: docker.l5d.io/buoyantio/emojivoto-voting-svc:v11 172 | name: voting-svc 173 | ports: 174 | - containerPort: 8080 175 | name: grpc 176 | - containerPort: 8801 177 | name: prom 178 | resources: 179 | requests: 180 | cpu: 100m 181 | serviceAccountName: voting 182 | --- 183 | apiVersion: apps/v1 184 | kind: Deployment 185 | metadata: 186 | labels: 187 | app.kubernetes.io/name: web 188 | app.kubernetes.io/part-of: emojivoto 189 | app.kubernetes.io/version: v11 190 | name: web 191 | namespace: emojivoto 192 | spec: 193 | replicas: 1 194 | selector: 195 | matchLabels: 196 | app: web-svc 197 | version: v11 198 | template: 199 | metadata: 200 | labels: 201 | app: web-svc 202 | version: v11 203 | spec: 204 | containers: 205 | - env: 206 | - name: WEB_PORT 207 | value: "8080" 208 | - name: EMOJISVC_HOST 209 | value: emoji-svc.emojivoto:8080 210 | - name: VOTINGSVC_HOST 211 | value: voting-svc.emojivoto:8080 212 | - name: INDEX_BUNDLE 213 | value: dist/index_bundle.js 214 | image: docker.l5d.io/buoyantio/emojivoto-web:v11 215 | name: web-svc 216 | ports: 217 | - containerPort: 8080 218 | name: http 219 | resources: 220 | requests: 221 | cpu: 100m 222 | serviceAccountName: web 223 | -------------------------------------------------------------------------------- /gitops/flux/apps/source/emojivoto/host.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Host 4 | metadata: 5 | name: emojivoto 6 | namespace: default 7 | spec: 8 | hostname: emojivoto.civo.59s.io 9 | acmeProvider: 10 | email: jmorgan@f9vs.com 11 | # tlsSecret: 12 | # name: wildcard -------------------------------------------------------------------------------- /gitops/flux/apps/source/emojivoto/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: emojivoto 5 | namespace: emojivoto 6 | annotations: 7 | kubernetes.io/ingress.class: "nginx" 8 | nginx.ingress.kubernetes.io/service-upstream: "true" 9 | cert-manager.io/cluster-issuer: letsencrypt-prod 10 | spec: 11 | rules: 12 | - host: emojivoto.civo.59s.io 13 | http: 14 | paths: 15 | - path: / 16 | pathType: Prefix 17 | backend: 18 | service: 19 | name: web-svc 20 | port: 21 | number: 80 22 | tls: 23 | - hosts: 24 | - emojivoto.civo.59s.io 25 | secretName: emojivoto-ingress -------------------------------------------------------------------------------- /gitops/flux/apps/source/emojivoto/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - emojivoto.yaml 5 | # - ingress.yaml -------------------------------------------------------------------------------- /gitops/flux/apps/source/emojivoto/mapping.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Mapping 4 | metadata: 5 | name: emojivoto 6 | namespace: default 7 | spec: 8 | prefix: / 9 | service: web-svc.emojivoto:80 10 | rewrite: "" 11 | host: emojivoto.k8s.59s.io -------------------------------------------------------------------------------- /gitops/flux/apps/source/podinfo/canary.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: flagger.app/v1beta1 2 | kind: Canary 3 | metadata: 4 | name: podinfo 5 | namespace: test 6 | spec: 7 | #ingress reference 8 | # provider: nginx 9 | # ingressRef: 10 | # apiVersion: networking.k8s.io/v1 11 | # kind: Ingress 12 | # name: podinfo 13 | # deployment reference 14 | provider: gatewayapi 15 | targetRef: 16 | apiVersion: apps/v1 17 | kind: Deployment 18 | name: podinfo 19 | # HPA reference (optional) 20 | autoscalerRef: 21 | apiVersion: autoscaling/v2beta2 22 | kind: HorizontalPodAutoscaler 23 | name: podinfo 24 | # the maximum time in seconds for the canary deployment 25 | # to make progress before it is rollback (default 600s) 26 | progressDeadlineSeconds: 60 27 | service: 28 | hosts: 29 | - podinfo.svc.cluster.local 30 | gatewayRefs: 31 | - group: gateway.networking.k8s.io 32 | kind: Gateway 33 | name: linkerd 34 | # ClusterIP port number 35 | port: 9898 36 | # container port number or name (optional) 37 | targetPort: 9898 38 | analysis: 39 | # schedule interval (default 60s) 40 | interval: 5s 41 | # max number of failed metric checks before rollback 42 | threshold: 5 43 | ### Uncomment for Linkerd traffic split weighting 44 | # max traffic percentage routed to canary 45 | # percentage (0-100) 46 | maxWeight: 95 47 | # canary increment step 48 | # percentage (0-100) 49 | stepWeight: 5 50 | # Linkerd Prometheus checks 51 | metrics: 52 | - name: request-success-rate 53 | # minimum req success rate (non 5xx responses) 54 | # percentage (0-100) 55 | thresholdRange: 56 | min: 99 57 | interval: 1m 58 | - name: request-duration 59 | # maximum req duration P99 60 | # milliseconds 61 | thresholdRange: 62 | max: 200 63 | interval: 30s 64 | webhooks: 65 | # - name: acceptance-test 66 | # type: pre-rollout 67 | # url: http://flagger-loadtester.test/ 68 | # timeout: 30s 69 | # metadata: 70 | # type: bash 71 | # cmd: "curl -H 'X-Canary: always' https://podinfo.civo.59s.io" 72 | # - name: load-test 73 | # type: rollout 74 | # url: http://flagger-loadtester.test/ 75 | # metadata: 76 | # cmd: "hey -z 2m -q 10 -c 2 -H 'Cookie: canary=always' https://podinfo.civo.59s.io" 77 | 78 | -------------------------------------------------------------------------------- /gitops/flux/apps/source/podinfo/frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: frontend 5 | namespace: podinfo 6 | data: 7 | nginx.conf: |- 8 | pid /tmp/pid; 9 | error_log stderr; 10 | events {} 11 | http { 12 | client_body_temp_path /tmp/client_temp; 13 | proxy_temp_path /tmp/proxy_temp_path; 14 | fastcgi_temp_path /tmp/fastcgi_temp; 15 | uwsgi_temp_path /tmp/uwsgi_temp; 16 | scgi_temp_path /tmp/scgi_temp; 17 | server { 18 | listen 8080; 19 | set $east "east"; 20 | set $west "west"; 21 | location / { 22 | proxy_pass http://podinfo:9898; 23 | proxy_http_version 1.1; 24 | } 25 | } 26 | } 27 | --- 28 | apiVersion: apps/v1 29 | kind: Deployment 30 | metadata: 31 | name: frontend 32 | namespace: podinfo 33 | labels: 34 | app: frontend 35 | spec: 36 | selector: 37 | matchLabels: 38 | app: frontend 39 | replicas: 1 40 | template: 41 | metadata: 42 | annotations: 43 | linkerd.io/inject: enabled 44 | labels: 45 | app: frontend 46 | spec: 47 | containers: 48 | - name: nginx 49 | image: nginx:alpine 50 | volumeMounts: 51 | - name: cfg 52 | mountPath: /etc/nginx/nginx.conf 53 | subPath: nginx.conf 54 | - name: nginx-conf-d 55 | mountPath: /etc/nginx/conf.d 56 | - name: nginx-tmp 57 | mountPath: /tmp 58 | resources: 59 | requests: 60 | cpu: 10m 61 | memory: 10Mi 62 | securityContext: 63 | runAsUser: 1337 64 | volumes: 65 | - name: cfg 66 | configMap: 67 | name: frontend 68 | - name: nginx-conf-d 69 | emptyDir: {} 70 | - name: nginx-tmp 71 | emptyDir: {} 72 | --- 73 | apiVersion: v1 74 | kind: Service 75 | metadata: 76 | name: frontend 77 | namespace: podinfo 78 | spec: 79 | ports: 80 | - name: service 81 | port: 8080 82 | selector: 83 | app: frontend -------------------------------------------------------------------------------- /gitops/flux/apps/source/podinfo/generator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: generator 6 | namespace: podinfo 7 | labels: 8 | app: generator 9 | spec: 10 | selector: 11 | matchLabels: 12 | app: generator 13 | replicas: 1 14 | template: 15 | metadata: 16 | annotations: 17 | linkerd.io/inject: enabled 18 | labels: 19 | app: generator 20 | spec: 21 | containers: 22 | - image: buoyantio/slow_cooker:1.2.0 23 | name: default 24 | env: 25 | - name: QPS 26 | value: "5" 27 | - name: CONCURRENCY 28 | value: "10" 29 | - name: SERVICE 30 | value: podinfo 31 | - name: PORT 32 | value: "9898" 33 | command: ["/bin/sh", "-c"] 34 | args: 35 | - |- 36 | sed -e "s/\${SERVICE}/$SERVICE/" -e "s/\${PORT}/$PORT/" /tmp/urls | slow_cooker -qps ${QPS} -concurrency ${CONCURRENCY} @- 37 | resources: 38 | requests: 39 | cpu: 10m 40 | memory: 10Mi 41 | securityContext: 42 | runAsUser: 1337 43 | volumeMounts: 44 | - name: cfg 45 | mountPath: /tmp/ 46 | volumes: 47 | - name: cfg 48 | configMap: 49 | name: generator 50 | --- 51 | apiVersion: v1 52 | kind: ConfigMap 53 | metadata: 54 | name: generator 55 | namespace: podinfo 56 | data: 57 | urls: |- 58 | http://${SERVICE}:${PORT}/ 59 | 60 | 61 | -------------------------------------------------------------------------------- /gitops/flux/apps/source/podinfo/host.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Host 4 | metadata: 5 | name: podinfo 6 | namespace: default 7 | spec: 8 | hostname: podinfo.civo.59s.io 9 | acmeProvider: 10 | email: jmorgan@f9vs.com 11 | # tlsSecret: 12 | # name: wildcard -------------------------------------------------------------------------------- /gitops/flux/apps/source/podinfo/ingress.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: networking.k8s.io/v1beta1 # for k3s < v1.19 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: podinfo 6 | namespace: podinfo 7 | annotations: 8 | kubernetes.io/ingress.class: "nginx" 9 | nginx.ingress.kubernetes.io/service-upstream: "true" 10 | cert-manager.io/cluster-issuer: letsencrypt-prod 11 | spec: 12 | rules: 13 | - host: podinfo.civo.59s.io 14 | http: 15 | paths: 16 | - path: / 17 | pathType: Prefix 18 | backend: 19 | service: 20 | name: podinfo 21 | port: 22 | number: 9898 23 | tls: 24 | - hosts: 25 | - podinfo.civo.59s.io 26 | secretName: podinfo-ingress 27 | -------------------------------------------------------------------------------- /gitops/flux/apps/source/podinfo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: podinfo 2 | bases: 3 | - "github.com/stefanprodan/podinfo/kustomize/?ref=6.0.3" 4 | 5 | resources: 6 | - frontend.yaml 7 | - ns.yaml 8 | - canary.yaml 9 | - generator.yaml 10 | # - ingress.yaml 11 | # - mapping.yaml 12 | # - host.yaml 13 | 14 | patchesStrategicMerge: 15 | - patch.yaml -------------------------------------------------------------------------------- /gitops/flux/apps/source/podinfo/mapping.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Mapping 4 | metadata: 5 | name: podinfo 6 | namespace: default 7 | spec: 8 | prefix: / 9 | service: podinfo.podinfo:9898 10 | rewrite: "" 11 | host: podinfo.civo.59s.io -------------------------------------------------------------------------------- /gitops/flux/apps/source/podinfo/nginx-canary.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: flagger.app/v1beta1 2 | kind: Canary 3 | metadata: 4 | name: podinfo 5 | namespace: test 6 | spec: 7 | #ingress reference 8 | provider: nginx 9 | ingressRef: 10 | apiVersion: networking.k8s.io/v1 11 | kind: Ingress 12 | name: podinfo 13 | # deployment reference 14 | targetRef: 15 | apiVersion: apps/v1 16 | kind: Deployment 17 | name: podinfo 18 | # HPA reference (optional) 19 | autoscalerRef: 20 | apiVersion: autoscaling/v2beta2 21 | kind: HorizontalPodAutoscaler 22 | name: podinfo 23 | # the maximum time in seconds for the canary deployment 24 | # to make progress before it is rollback (default 600s) 25 | progressDeadlineSeconds: 60 26 | service: 27 | # ClusterIP port number 28 | port: 9898 29 | # container port number or name (optional) 30 | targetPort: 9898 31 | analysis: 32 | # schedule interval (default 60s) 33 | interval: 5s 34 | # max number of failed metric checks before rollback 35 | threshold: 5 36 | ### Uncomment for nginx A/B testing 37 | # iterations: 10 38 | # match: 39 | # curl -H 'X-Canary: always' http://app.example.com 40 | # - headers: 41 | # x-canary: 42 | # exact: "always" 43 | # curl -b 'canary=always' http://app.example.com 44 | #- headers: 45 | # cookie: 46 | # exact: "canary" 47 | ### Uncomment for weighted splits 48 | # max traffic percentage routed to canary 49 | # percentage (0-100) 50 | maxWeight: 95 51 | # canary increment step 52 | # percentage (0-100) 53 | stepWeight: 5 54 | # Linkerd Prometheus checks 55 | metrics: 56 | - name: request-success-rate 57 | # minimum req success rate (non 5xx responses) 58 | # percentage (0-100) 59 | thresholdRange: 60 | min: 99 61 | interval: 1m 62 | - name: request-duration 63 | # maximum req duration P99 64 | # milliseconds 65 | thresholdRange: 66 | max: 200 67 | interval: 30s 68 | webhooks: 69 | - name: acceptance-test 70 | type: pre-rollout 71 | url: http://flagger-loadtester.test/ 72 | timeout: 30s 73 | metadata: 74 | type: bash 75 | cmd: "curl -H 'X-Canary: always' https://podinfo.civo.59s.io" 76 | - name: load-test 77 | type: rollout 78 | url: http://flagger-loadtester.test/ 79 | metadata: 80 | cmd: "hey -z 2m -q 10 -c 2 -H 'Cookie: canary=always' https://podinfo.civo.59s.io" 81 | 82 | 83 | -------------------------------------------------------------------------------- /gitops/flux/apps/source/podinfo/ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: podinfo 5 | annotations: 6 | linkerd.io/inject: enabled -------------------------------------------------------------------------------- /gitops/flux/apps/source/podinfo/patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: podinfo 5 | spec: 6 | template: 7 | metadata: 8 | annotations: 9 | spec: 10 | containers: 11 | - name: podinfod 12 | securityContext: 13 | runAsUser: 1337 14 | env: 15 | # - name: PODINFO_UI_COLOR 16 | # value: '#1919FF' # #008000 #1919FF 17 | command: 18 | - ./podinfo 19 | - --port=9898 20 | - --port-metrics=9797 21 | - --grpc-port=9999 22 | - --grpc-service-name=podinfo 23 | - --level=info 24 | - --random-delay=false 25 | - --random-error=false 26 | # - --ui-logo=https://github.com/wego-example/podinfo-deploy/raw/logo/weaveicon.png 27 | - --ui-logo=https://github.com/cncf/artwork/raw/master/projects/linkerd/icon/color/linkerd-icon-color.png 28 | --- 29 | apiVersion: v1 30 | kind: Service 31 | metadata: 32 | name: podinfo 33 | --- 34 | apiVersion: autoscaling/v2beta2 35 | kind: HorizontalPodAutoscaler 36 | metadata: 37 | name: podinfo 38 | -------------------------------------------------------------------------------- /gitops/flux/apps/source/podinfo/smi-canary.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: flagger.app/v1beta1 2 | kind: Canary 3 | metadata: 4 | name: podinfo 5 | namespace: test 6 | spec: 7 | # deployment reference 8 | targetRef: 9 | apiVersion: apps/v1 10 | kind: Deployment 11 | name: podinfo 12 | # HPA reference (optional) 13 | autoscalerRef: 14 | apiVersion: autoscaling/v2beta2 15 | kind: HorizontalPodAutoscaler 16 | name: podinfo 17 | # the maximum time in seconds for the canary deployment 18 | # to make progress before it is rollback (default 600s) 19 | progressDeadlineSeconds: 60 20 | service: 21 | # ClusterIP port number 22 | port: 9898 23 | # container port number or name (optional) 24 | targetPort: 9898 25 | analysis: 26 | # schedule interval (default 60s) 27 | interval: 5s 28 | # max number of failed metric checks before rollback 29 | threshold: 5 30 | # max traffic percentage routed to canary 31 | # percentage (0-100) 32 | maxWeight: 95 33 | # canary increment step 34 | # percentage (0-100) 35 | stepWeight: 5 36 | # Linkerd Prometheus checks 37 | metrics: 38 | - name: request-success-rate 39 | # minimum req success rate (non 5xx responses) 40 | # percentage (0-100) 41 | thresholdRange: 42 | min: 99 43 | interval: 1m 44 | - name: request-duration 45 | # maximum req duration P99 46 | # milliseconds 47 | thresholdRange: 48 | max: 200 49 | interval: 30s 50 | 51 | 52 | -------------------------------------------------------------------------------- /gitops/flux/cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | k3d cluster delete gitops -------------------------------------------------------------------------------- /gitops/flux/flux.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | . ../../demo-magic.sh 3 | clear 4 | 5 | k3d cluster delete gitops &>/dev/null 6 | k3d cluster create gitops -p "8080:80@loadbalancer" -p "8443:443@loadbalancer" --k3s-arg '--no-deploy=traefik@server:*;agents:*' > /dev/null 2>&1 7 | kubectl ns default 8 | 9 | clear 10 | 11 | pe "flux check --pre" 12 | wait 13 | clear 14 | 15 | pe "flux install" 16 | wait 17 | clear 18 | 19 | # pe "kubectl get crd | grep flux" 20 | # wait 21 | # clear 22 | 23 | pe "linkerd check --pre" 24 | wait 25 | clear 26 | 27 | pe "bat -l yaml runtime/manifests/repo.yaml" 28 | wait 29 | clear 30 | 31 | pe "kubectl apply -f runtime/manifests/repo.yaml" 32 | wait 33 | clear 34 | 35 | pe "kubectl apply -f runtime/manifests/cluster.yaml" 36 | wait 37 | clear 38 | 39 | pe "bat -l yaml runtime/manifests/cluster.yaml" 40 | wait 41 | clear 42 | 43 | pe "linkerd check" 44 | wait 45 | clear 46 | 47 | ### This looks good as it shows the live install 48 | 49 | 50 | pe "kubectl apply -f apps/manifests/apps.yaml" 51 | wait 52 | clear 53 | 54 | pe "bat -l yaml apps/manifests/apps.yaml" 55 | wait 56 | clear 57 | 58 | pe "linkerd check" 59 | wait 60 | clear 61 | 62 | -------------------------------------------------------------------------------- /gitops/flux/launch.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | k3d cluster create gitops -p "8080:80@loadbalancer" -p "8443:443@loadbalancer" --k3s-arg '--disable=traefik@server:0' 4 | flux install 5 | 6 | kubectl apply -f runtime/manifests/repo.yaml 7 | kubectl apply -f runtime/manifests/cluster.test.yaml 8 | kubectl ns default 9 | -------------------------------------------------------------------------------- /gitops/flux/migrate.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | -------------------------------------------------------------------------------- /gitops/flux/refresh.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | flux reconcile source git gitops -n flux-system 4 | flux reconcile source helm linkerd -n linkerd 5 | flux reconcile kustomization linkerd -n flux-system 6 | -------------------------------------------------------------------------------- /gitops/flux/runtime/manifests/cluster.dev.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 3 | kind: Kustomization 4 | metadata: 5 | name: cert-manager 6 | namespace: flux-system 7 | spec: 8 | interval: 1m0s 9 | path: ./gitops/flux/runtime/source/cert-manager 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: gitops 14 | validation: client 15 | healthChecks: 16 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 17 | kind: HelmRelease 18 | name: cert-manager 19 | namespace: cert-manager 20 | - apiVersion: cert-manager.io/v1 21 | kind: Certificate 22 | name: linkerd-identity-issuer 23 | namespace: linkerd 24 | --- 25 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 26 | kind: Kustomization 27 | metadata: 28 | name: linkerd 29 | namespace: flux-system 30 | spec: 31 | interval: 1m0s 32 | path: ./gitops/flux/runtime/source/linkerd 33 | dependsOn: 34 | - name: cert-manager 35 | prune: true 36 | sourceRef: 37 | kind: GitRepository 38 | name: gitops 39 | validation: client 40 | healthChecks: 41 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 42 | kind: HelmRelease 43 | name: linkerd-control-plane 44 | namespace: linkerd 45 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 46 | kind: HelmRelease 47 | name: linkerd-crds 48 | namespace: linkerd 49 | --- 50 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 51 | kind: Kustomization 52 | metadata: 53 | name: emissary 54 | namespace: flux-system 55 | spec: 56 | interval: 3m0s 57 | path: ./gitops/flux/runtime/source/emissary 58 | prune: true 59 | sourceRef: 60 | kind: GitRepository 61 | name: gitops 62 | validation: client 63 | healthChecks: 64 | - kind: Deployment 65 | name: emissary-apiext 66 | namespace: emissary-system 67 | --- 68 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 69 | kind: Kustomization 70 | metadata: 71 | name: ambassador 72 | namespace: flux-system 73 | spec: 74 | dependsOn: 75 | - name: emissary 76 | interval: 3m0s 77 | path: ./gitops/flux/runtime/source/ambassador 78 | prune: true 79 | sourceRef: 80 | kind: GitRepository 81 | name: gitops 82 | validation: client 83 | healthChecks: 84 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 85 | kind: HelmRelease 86 | name: ambassador-edge-stack 87 | namespace: edge-stack 88 | --- 89 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 90 | kind: Kustomization 91 | metadata: 92 | name: finalizers 93 | namespace: flux-system 94 | spec: 95 | interval: 1m0s 96 | path: ./gitops/flux/runtime/source/finalizers 97 | dependsOn: 98 | - name: ambassador 99 | - name: cert-manager 100 | prune: true 101 | sourceRef: 102 | kind: GitRepository 103 | name: gitops 104 | validation: client -------------------------------------------------------------------------------- /gitops/flux/runtime/manifests/cluster.prod.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 3 | kind: Kustomization 4 | metadata: 5 | name: cert-manager 6 | namespace: flux-system 7 | spec: 8 | interval: 1m0s 9 | path: ./gitops/flux/runtime/source/cert-manager 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: gitops 14 | validation: client 15 | healthChecks: 16 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 17 | kind: HelmRelease 18 | name: cert-manager 19 | namespace: cert-manager 20 | - apiVersion: cert-manager.io/v1 21 | kind: Certificate 22 | name: linkerd-identity-issuer 23 | namespace: linkerd 24 | --- 25 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 26 | kind: Kustomization 27 | metadata: 28 | name: linkerd 29 | namespace: flux-system 30 | spec: 31 | interval: 1m0s 32 | path: ./gitops/flux/runtime/source/linkerd 33 | dependsOn: 34 | - name: cert-manager 35 | prune: true 36 | sourceRef: 37 | kind: GitRepository 38 | name: gitops 39 | validation: client 40 | healthChecks: 41 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 42 | kind: HelmRelease 43 | name: linkerd-control-plane 44 | namespace: linkerd 45 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 46 | kind: HelmRelease 47 | name: linkerd-crds 48 | namespace: linkerd 49 | --- 50 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 51 | kind: Kustomization 52 | metadata: 53 | name: linkerd-viz 54 | namespace: flux-system 55 | spec: 56 | dependsOn: 57 | - name: linkerd 58 | interval: 1m0s 59 | path: ./gitops/flux/runtime/source/linkerd-viz 60 | prune: true 61 | sourceRef: 62 | kind: GitRepository 63 | name: gitops 64 | validation: client 65 | healthChecks: 66 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 67 | kind: HelmRelease 68 | name: linkerd-viz 69 | namespace: linkerd-viz 70 | # --- 71 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 72 | # kind: Kustomization 73 | # metadata: 74 | # name: nginx-ingress 75 | # namespace: flux-system 76 | # spec: 77 | # dependsOn: 78 | # - name: linkerd-viz 79 | # interval: 1m0s 80 | # path: ./gitops/flux/runtime/source/nginx-ingress 81 | # prune: true 82 | # sourceRef: 83 | # kind: GitRepository 84 | # name: gitops 85 | # validation: client 86 | # healthChecks: 87 | # - apiVersion: helm.toolkit.fluxcd.io/v2beta1 88 | # kind: HelmRelease 89 | # name: frontdoor 90 | # namespace: nginx-ingress 91 | --- 92 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 93 | kind: Kustomization 94 | metadata: 95 | name: emissary 96 | namespace: flux-system 97 | spec: 98 | dependsOn: 99 | - name: linkerd-viz 100 | interval: 3m0s 101 | path: ./gitops/flux/runtime/source/emissary 102 | prune: true 103 | sourceRef: 104 | kind: GitRepository 105 | name: gitops 106 | validation: client 107 | healthChecks: 108 | - kind: Deployment 109 | name: emissary-apiext 110 | namespace: emissary-system 111 | --- 112 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 113 | kind: Kustomization 114 | metadata: 115 | name: ambassador 116 | namespace: flux-system 117 | spec: 118 | dependsOn: 119 | - name: linkerd-viz 120 | - name: emissary 121 | interval: 3m0s 122 | path: ./gitops/flux/runtime/source/ambassador 123 | prune: true 124 | sourceRef: 125 | kind: GitRepository 126 | name: gitops 127 | validation: client 128 | healthChecks: 129 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 130 | kind: HelmRelease 131 | name: ambassador-edge-stack 132 | namespace: edge-stack 133 | --- 134 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 135 | kind: Kustomization 136 | metadata: 137 | name: flagger 138 | namespace: flux-system 139 | spec: 140 | dependsOn: 141 | - name: linkerd-viz 142 | interval: 1m0s 143 | path: ./gitops/flux/runtime/source/flagger 144 | prune: true 145 | sourceRef: 146 | kind: GitRepository 147 | name: gitops 148 | validation: client 149 | healthChecks: 150 | - apiVersion: apps/v1 151 | kind: Deployment 152 | name: flagger 153 | namespace: linkerd-viz 154 | --- 155 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 156 | kind: Kustomization 157 | metadata: 158 | name: linkerd-multicluster 159 | namespace: flux-system 160 | spec: 161 | dependsOn: 162 | - name: linkerd-viz 163 | interval: 1m0s 164 | path: ./gitops/flux/runtime/source/linkerd-multicluster 165 | prune: true 166 | sourceRef: 167 | kind: GitRepository 168 | name: gitops 169 | validation: client 170 | healthChecks: 171 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 172 | kind: HelmRelease 173 | name: linkerd-multicluster 174 | namespace: linkerd-multicluster 175 | --- 176 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 177 | kind: Kustomization 178 | metadata: 179 | name: finalizers 180 | namespace: flux-system 181 | spec: 182 | interval: 1m0s 183 | path: ./gitops/flux/runtime/source/finalizers 184 | dependsOn: 185 | - name: flagger 186 | - name: linkerd-viz 187 | - name: ambassador 188 | # - name: nginx-ingress 189 | - name: cert-manager 190 | prune: true 191 | sourceRef: 192 | kind: GitRepository 193 | name: gitops 194 | validation: client -------------------------------------------------------------------------------- /gitops/flux/runtime/manifests/cluster.test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 3 | kind: Kustomization 4 | metadata: 5 | name: cert-manager 6 | namespace: flux-system 7 | spec: 8 | interval: 1m0s 9 | path: ./gitops/flux/runtime/source/cert-manager 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: gitops 14 | validation: client 15 | healthChecks: 16 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 17 | kind: HelmRelease 18 | name: cert-manager 19 | namespace: cert-manager 20 | - apiVersion: cert-manager.io/v1 21 | kind: Certificate 22 | name: linkerd-identity-issuer 23 | namespace: linkerd 24 | --- 25 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 26 | kind: Kustomization 27 | metadata: 28 | name: linkerd 29 | namespace: flux-system 30 | spec: 31 | interval: 1m0s 32 | path: ./gitops/flux/runtime/source/linkerd 33 | dependsOn: 34 | - name: cert-manager 35 | prune: true 36 | sourceRef: 37 | kind: GitRepository 38 | name: gitops 39 | validation: client 40 | healthChecks: 41 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 42 | kind: HelmRelease 43 | name: linkerd-control-plane 44 | namespace: linkerd 45 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 46 | kind: HelmRelease 47 | name: linkerd-crds 48 | namespace: linkerd 49 | --- 50 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 51 | kind: Kustomization 52 | metadata: 53 | name: emissary 54 | namespace: flux-system 55 | spec: 56 | interval: 3m0s 57 | path: ./gitops/flux/runtime/source/emissary 58 | prune: true 59 | sourceRef: 60 | kind: GitRepository 61 | name: gitops 62 | validation: client 63 | healthChecks: 64 | - kind: Deployment 65 | name: emissary-apiext 66 | namespace: emissary-system 67 | --- 68 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 69 | kind: Kustomization 70 | metadata: 71 | name: ambassador 72 | namespace: flux-system 73 | spec: 74 | dependsOn: 75 | - name: emissary 76 | interval: 3m0s 77 | path: ./gitops/flux/runtime/source/ambassador 78 | prune: true 79 | sourceRef: 80 | kind: GitRepository 81 | name: gitops 82 | validation: client 83 | healthChecks: 84 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 85 | kind: HelmRelease 86 | name: ambassador-edge-stack 87 | namespace: edge-stack 88 | --- 89 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 90 | kind: Kustomization 91 | metadata: 92 | name: finalizers 93 | namespace: flux-system 94 | spec: 95 | interval: 1m0s 96 | path: ./gitops/flux/runtime/source/finalizers 97 | dependsOn: 98 | - name: ambassador 99 | - name: cert-manager 100 | prune: true 101 | sourceRef: 102 | kind: GitRepository 103 | name: gitops 104 | validation: client -------------------------------------------------------------------------------- /gitops/flux/runtime/manifests/cluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 3 | kind: Kustomization 4 | metadata: 5 | name: cert-manager 6 | namespace: flux-system 7 | spec: 8 | interval: 1m0s 9 | path: ./gitops/flux/runtime/source/cert-manager 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: gitops 14 | validation: client 15 | healthChecks: 16 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 17 | kind: HelmRelease 18 | name: cert-manager 19 | namespace: cert-manager 20 | # - apiVersion: cert-manager.io/v1 21 | # kind: Certificate 22 | # name: linkerd-identity-issuer 23 | # namespace: linkerd 24 | --- 25 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 26 | kind: Kustomization 27 | metadata: 28 | name: linkerd 29 | namespace: flux-system 30 | spec: 31 | interval: 1m0s 32 | path: ./gitops/flux/runtime/source/linkerd 33 | dependsOn: 34 | - name: cert-manager 35 | prune: true 36 | sourceRef: 37 | kind: GitRepository 38 | name: gitops 39 | validation: client 40 | healthChecks: 41 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 42 | kind: HelmRelease 43 | name: linkerd-control-plane 44 | namespace: linkerd 45 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 46 | kind: HelmRelease 47 | name: linkerd-crds 48 | namespace: linkerd 49 | --- 50 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 51 | kind: Kustomization 52 | metadata: 53 | name: linkerd-viz 54 | namespace: flux-system 55 | spec: 56 | dependsOn: 57 | - name: linkerd 58 | interval: 1m0s 59 | path: ./gitops/flux/runtime/source/linkerd-viz 60 | prune: true 61 | sourceRef: 62 | kind: GitRepository 63 | name: gitops 64 | validation: client 65 | healthChecks: 66 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 67 | kind: HelmRelease 68 | name: linkerd-viz 69 | namespace: linkerd-viz 70 | --- 71 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 72 | kind: Kustomization 73 | metadata: 74 | name: emissary 75 | namespace: flux-system 76 | spec: 77 | dependsOn: 78 | - name: linkerd-viz 79 | interval: 3m0s 80 | path: ./gitops/flux/runtime/source/emissary 81 | prune: true 82 | sourceRef: 83 | kind: GitRepository 84 | name: gitops 85 | validation: client 86 | healthChecks: 87 | - kind: Deployment 88 | name: emissary-apiext 89 | namespace: emissary-system 90 | --- 91 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 92 | kind: Kustomization 93 | metadata: 94 | name: ambassador 95 | namespace: flux-system 96 | spec: 97 | dependsOn: 98 | - name: linkerd-viz 99 | - name: emissary 100 | interval: 3m0s 101 | path: ./gitops/flux/runtime/source/ambassador 102 | prune: true 103 | sourceRef: 104 | kind: GitRepository 105 | name: gitops 106 | validation: client 107 | healthChecks: 108 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 109 | kind: HelmRelease 110 | name: ambassador-edge-stack 111 | namespace: edge-stack 112 | --- 113 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 114 | kind: Kustomization 115 | metadata: 116 | name: flagger 117 | namespace: flux-system 118 | spec: 119 | dependsOn: 120 | - name: linkerd-viz 121 | interval: 1m0s 122 | path: ./gitops/flux/runtime/source/flagger 123 | prune: true 124 | sourceRef: 125 | kind: GitRepository 126 | name: gitops 127 | validation: client 128 | healthChecks: 129 | - apiVersion: apps/v1 130 | kind: Deployment 131 | name: flagger 132 | namespace: linkerd-viz 133 | --- 134 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 135 | kind: Kustomization 136 | metadata: 137 | name: linkerd-multicluster 138 | namespace: flux-system 139 | spec: 140 | dependsOn: 141 | - name: linkerd-viz 142 | interval: 1m0s 143 | path: ./gitops/flux/runtime/source/linkerd-multicluster 144 | prune: true 145 | sourceRef: 146 | kind: GitRepository 147 | name: gitops 148 | validation: client 149 | healthChecks: 150 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 151 | kind: HelmRelease 152 | name: linkerd-multicluster 153 | namespace: linkerd-multicluster 154 | --- 155 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 156 | kind: Kustomization 157 | metadata: 158 | name: finalizers 159 | namespace: flux-system 160 | spec: 161 | interval: 1m0s 162 | path: ./gitops/flux/runtime/source/finalizers 163 | dependsOn: 164 | - name: flagger 165 | - name: linkerd-viz 166 | - name: ambassador 167 | # - name: nginx-ingress 168 | - name: cert-manager 169 | prune: true 170 | sourceRef: 171 | kind: GitRepository 172 | name: gitops 173 | validation: client -------------------------------------------------------------------------------- /gitops/flux/runtime/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: kustomize.config.k8s.io/v1beta1 2 | # kind: Kustomization 3 | # resources: 4 | # - cluster.yaml 5 | # - repo.yaml 6 | # namespace: default -------------------------------------------------------------------------------- /gitops/flux/runtime/manifests/repo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: GitRepository 4 | metadata: 5 | name: gitops 6 | namespace: flux-system 7 | spec: 8 | interval: 1m0s 9 | ref: 10 | branch: main 11 | url: https://github.com/jasonmorgan/linkerd-demos 12 | 13 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/ambassador/ambassador-helm-release.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: ambassador-edge-stack 5 | namespace: edge-stack 6 | spec: 7 | timeout: 3m 8 | interval: 40m 9 | releaseName: ambassador 10 | targetNamespace: edge-stack 11 | storageNamespace: edge-stack 12 | chart: 13 | spec: 14 | chart: edge-stack 15 | version: 8.7.2 16 | sourceRef: 17 | kind: HelmRepository 18 | name: ambassador 19 | namespace: edge-stack 20 | interval: 40m 21 | values: 22 | emissary-ingress: 23 | replicaCount: 1 24 | podAnnotations: 25 | linkerd.io/inject: enabled 26 | install: 27 | crds: CreateReplace 28 | upgrade: 29 | crds: CreateReplace 30 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/ambassador/ambassador-listener.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Listener 4 | metadata: 5 | name: edge-stack-listener-8080 6 | namespace: edge-stack 7 | spec: 8 | port: 8080 9 | protocol: HTTP 10 | securityModel: XFP 11 | hostBinding: 12 | namespace: 13 | from: ALL 14 | --- 15 | apiVersion: getambassador.io/v3alpha1 16 | kind: Listener 17 | metadata: 18 | name: edge-stack-listener-8443 19 | namespace: edge-stack 20 | spec: 21 | port: 8443 22 | protocol: HTTPS 23 | securityModel: XFP 24 | hostBinding: 25 | namespace: 26 | from: ALL -------------------------------------------------------------------------------- /gitops/flux/runtime/source/ambassador/ambassador-repo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta2 2 | kind: HelmRepository 3 | metadata: 4 | name: ambassador 5 | namespace: edge-stack 6 | spec: 7 | interval: 2m 8 | url: https://app.getambassador.io -------------------------------------------------------------------------------- /gitops/flux/runtime/source/ambassador/ambassador.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Namespace 3 | apiVersion: v1 4 | metadata: 5 | name: edge-stack 6 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/ambassador/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ambassador.yaml 5 | - ambassador-repo.yaml 6 | - ambassador-helm-release.yaml 7 | - ambassador-listener.yaml 8 | - https://app.getambassador.io/yaml/edge-stack/2.2.2/aes-crds.yaml -------------------------------------------------------------------------------- /gitops/flux/runtime/source/buoyant/helm-repository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: linkerd-buoyant 6 | namespace: buoyant-cloud 7 | spec: 8 | interval: 2m 9 | url: https://helm.buoyant.cloud -------------------------------------------------------------------------------- /gitops/flux/runtime/source/buoyant/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - -------------------------------------------------------------------------------- /gitops/flux/runtime/source/buoyant/linkerd-buoyant.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: linkerd-buoyant 5 | namespace: buoyant-cloud 6 | spec: 7 | timeout: 3m 8 | interval: 10m 9 | releaseName: linkerd-buoyant 10 | targetNamespace: buoyant-cloud 11 | storageNamespace: buoyant-cloud 12 | chart: 13 | spec: 14 | chart: linkerd-buoyant 15 | version: 1.9.5 16 | sourceRef: 17 | kind: HelmRepository 18 | name: linkerd 19 | namespace: linkerd 20 | interval: 40m 21 | values: 22 | installNamespace: false 23 | valuesFrom: 24 | 25 | install: 26 | crds: CreateReplace 27 | upgrade: 28 | crds: CreateReplace 29 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/buoyant/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Namespace 3 | apiVersion: v1 4 | metadata: 5 | name: buoyant-cloud 6 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/cert-manager/cert-manager-ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Namespace 3 | apiVersion: v1 4 | metadata: 5 | name: cert-manager 6 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/cert-manager/cert-manager-repo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta2 2 | kind: HelmRepository 3 | metadata: 4 | name: cert-manager 5 | namespace: cert-manager 6 | spec: 7 | interval: 2m 8 | url: https://charts.jetstack.io -------------------------------------------------------------------------------- /gitops/flux/runtime/source/cert-manager/cert-manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: cert-manager 5 | namespace: cert-manager 6 | spec: 7 | timeout: 3m 8 | interval: 40m 9 | releaseName: cert-manager 10 | targetNamespace: cert-manager 11 | storageNamespace: cert-manager 12 | chart: 13 | spec: 14 | chart: cert-manager 15 | version: v1.12.3 16 | sourceRef: 17 | kind: HelmRepository 18 | name: cert-manager 19 | namespace: cert-manager 20 | interval: 40m 21 | values: 22 | installCRDs: true 23 | install: 24 | crds: CreateReplace 25 | upgrade: 26 | crds: CreateReplace 27 | 28 | 29 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cert-manager.yaml 5 | - cert-manager-repo.yaml 6 | - cert-manager-ns.yaml 7 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/emissary/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - https://app.getambassador.io/yaml/emissary/3.7.2/emissary-crds.yaml -------------------------------------------------------------------------------- /gitops/flux/runtime/source/finalizers/acme-solver.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Mapping 4 | metadata: 5 | name: acme-challenge-mapping 6 | namespace: emissary 7 | spec: 8 | hostname: "*" 9 | prefix: /.well-known/acme-challenge/ 10 | rewrite: "" 11 | service: acme-challenge-service 12 | 13 | --- 14 | apiVersion: v1 15 | kind: Service 16 | metadata: 17 | name: acme-challenge-service 18 | namespace: emissary 19 | spec: 20 | ports: 21 | - port: 80 22 | targetPort: 8089 23 | selector: 24 | acme.cert-manager.io/http01-solver: "true" -------------------------------------------------------------------------------- /gitops/flux/runtime/source/finalizers/allow-bcloud.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1beta1 3 | kind: ServerAuthorization 4 | metadata: 5 | annotations: 6 | labels: 7 | component: linkerd-service-mirror 8 | name: allow-bcloud 9 | namespace: linkerd-multicluster 10 | spec: 11 | client: 12 | meshTLS: 13 | serviceAccounts: 14 | - name: buoyant-cloud-agent 15 | namespace: buoyant-cloud 16 | server: 17 | name: service-mirror -------------------------------------------------------------------------------- /gitops/flux/runtime/source/finalizers/cert-request.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: dashboard 5 | namespace: linkerd-viz 6 | spec: 7 | issuerRef: 8 | name: letsencrypt 9 | dnsNames: 10 | - dashboard.civo.59s.io -------------------------------------------------------------------------------- /gitops/flux/runtime/source/finalizers/hosts.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: getambassador.io/v3alpha1 2 | kind: Host 3 | metadata: 4 | name: dashboard 5 | namespace: linkerd-viz 6 | spec: 7 | hostname: dashboard.civo.59s.io 8 | acmeProvider: 9 | email: jmorgan@f9vs.com 10 | # tlsSecret: 11 | # name: wildcard 12 | --- 13 | apiVersion: getambassador.io/v3alpha1 14 | kind: Host 15 | metadata: 16 | name: wildcard 17 | namespace: default 18 | spec: 19 | hostname: "*" 20 | requestPolicy: 21 | insecure: 22 | action: Reject 23 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/finalizers/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: dashboard 5 | namespace: linkerd-viz 6 | annotations: 7 | nginx.ingress.kubernetes.io/upstream-vhost: $service_name.$namespace.svc.cluster.local:8084 8 | nginx.ingress.kubernetes.io/service-upstream: "true" 9 | cert-manager.io/cluster-issuer: letsencrypt-prod 10 | kubernetes.io/ingress.class: nginx 11 | # nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" 12 | # nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" 13 | nginx.ingress.kubernetes.io/configuration-snippet: | 14 | proxy_set_header Origin ""; 15 | proxy_hide_header l5d-remote-ip; 16 | proxy_hide_header l5d-server-id; 17 | spec: 18 | rules: 19 | - host: dashboard.civo.59s.io 20 | http: 21 | paths: 22 | - path: / 23 | pathType: Prefix 24 | backend: 25 | service: 26 | name: web 27 | port: 28 | number: 8084 29 | tls: 30 | - hosts: 31 | - dashboard.civo.59s.io 32 | secretName: dashboard-ingress 33 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/finalizers/issuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: letsencrypt-staging 5 | namespace: cert-manager 6 | spec: 7 | acme: 8 | email: jmorgan@f9vs.com 9 | privateKeySecretRef: 10 | name: letsencrypt-staging 11 | server: https://acme-staging-v02.api.letsencrypt.org/directory 12 | solvers: 13 | - http01: 14 | ingress: 15 | class: nginx 16 | --- 17 | apiVersion: cert-manager.io/v1 18 | kind: ClusterIssuer 19 | metadata: 20 | name: letsencrypt-prod 21 | namespace: cert-manager 22 | spec: 23 | acme: 24 | email: jmorgan@f9vs.com 25 | privateKeySecretRef: 26 | name: letsencrypt-prod 27 | server: https://acme-v02.api.letsencrypt.org/directory 28 | solvers: 29 | - http01: 30 | ingress: 31 | class: nginx -------------------------------------------------------------------------------- /gitops/flux/runtime/source/finalizers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - hosts.yaml 5 | - mappings.yaml 6 | - namespace.yaml 7 | - issuer.yaml 8 | # - ingress.yaml 9 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/finalizers/mappings.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v3alpha1 3 | kind: Mapping 4 | metadata: 5 | name: dashboard 6 | namespace: linkerd-viz 7 | spec: 8 | prefix: / 9 | service: web.linkerd-viz:8084 10 | host_rewrite: web.linkerd-viz.svc.cluster.local:8084 11 | rewrite: "" 12 | host: dashboard.civo.59s.io 13 | allow_upgrade: 14 | - websocket 15 | remove_request_headers: 16 | - Origin 17 | --- 18 | apiVersion: getambassador.io/v3alpha1 19 | kind: Mapping 20 | metadata: 21 | name: emojivoto 22 | namespace: default 23 | spec: 24 | prefix: / 25 | service: web-svc.emojivoto:80 26 | rewrite: "" 27 | host: emojivoto.civo.59s.io 28 | --- 29 | apiVersion: getambassador.io/v3alpha1 30 | kind: Mapping 31 | metadata: 32 | name: booksapp 33 | namespace: default 34 | spec: 35 | prefix: / 36 | service: webapp.booksapp:7000 37 | rewrite: "" 38 | host: booksapp.civo.59s.io 39 | --- 40 | apiVersion: getambassador.io/v3alpha1 41 | kind: Mapping 42 | metadata: 43 | name: podinfo 44 | namespace: default 45 | spec: 46 | prefix: / 47 | service: podinfo.podinfo:9898 48 | rewrite: "" 49 | host: podinfo.civo.59s.io -------------------------------------------------------------------------------- /gitops/flux/runtime/source/finalizers/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: kube-system 5 | labels: 6 | config.linkerd.io/admission-webhooks: disabled 7 | --- 8 | apiVersion: v1 9 | kind: Namespace 10 | metadata: 11 | name: flux-system 12 | annotations: 13 | linkerd.io/inject: enabled 14 | 15 | 16 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/flagger/flagger-repo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: flagger 6 | namespace: linkerd-viz 7 | spec: 8 | interval: 2m 9 | url: https://flagger.app 10 | 11 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/flagger/flagger.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 3 | kind: HelmRelease 4 | metadata: 5 | name: flagger 6 | namespace: linkerd-viz 7 | spec: 8 | timeout: 3m 9 | interval: 10m 10 | releaseName: flagger 11 | targetNamespace: linkerd-viz 12 | storageNamespace: linkerd-viz 13 | chart: 14 | spec: 15 | chart: flagger 16 | version: 1.32.0 17 | sourceRef: 18 | kind: HelmRepository 19 | name: flagger 20 | namespace: linkerd-viz 21 | interval: 40m 22 | values: 23 | meshProvider: linkerd 24 | metricsServer: http://prometheus.linkerd-viz:9090 25 | linkerdAuthPolicy: 26 | create: true 27 | install: 28 | crds: CreateReplace 29 | upgrade: 30 | crds: CreateReplace 31 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/flagger/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - flagger-repo.yaml 5 | - flagger.yaml 6 | namespace: linkerd-viz -------------------------------------------------------------------------------- /gitops/flux/runtime/source/linkerd-multicluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - linkerd-multicluster.yaml -------------------------------------------------------------------------------- /gitops/flux/runtime/source/linkerd-multicluster/linkerd-multicluster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: linkerd-multicluster 5 | namespace: linkerd-multicluster 6 | spec: 7 | timeout: 3m 8 | interval: 40m 9 | releaseName: linkerd-multicluster 10 | targetNamespace: linkerd-multicluster 11 | storageNamespace: linkerd-multicluster 12 | chart: 13 | spec: 14 | chart: linkerd-multicluster 15 | version: 30.7.5 16 | sourceRef: 17 | kind: HelmRepository 18 | name: linkerd 19 | namespace: linkerd 20 | interval: 40m 21 | values: 22 | installNamespace: false 23 | install: 24 | crds: CreateReplace 25 | upgrade: 26 | crds: CreateReplace 27 | --- 28 | kind: Namespace 29 | apiVersion: v1 30 | metadata: 31 | name: linkerd-multicluster 32 | labels: 33 | linkerd.io/extension: multicluster -------------------------------------------------------------------------------- /gitops/flux/runtime/source/linkerd-viz/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - linkerd-viz.yaml -------------------------------------------------------------------------------- /gitops/flux/runtime/source/linkerd-viz/linkerd-viz.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: linkerd-viz 5 | namespace: linkerd-viz 6 | spec: 7 | timeout: 3m 8 | interval: 40m 9 | releaseName: linkerd-viz 10 | targetNamespace: linkerd-viz 11 | storageNamespace: linkerd-viz 12 | chart: 13 | spec: 14 | chart: linkerd-viz 15 | version: 30.8.5 16 | sourceRef: 17 | kind: HelmRepository 18 | name: linkerd 19 | namespace: linkerd 20 | interval: 40m 21 | values: 22 | installNamespace: false 23 | install: 24 | crds: CreateReplace 25 | upgrade: 26 | crds: CreateReplace 27 | --- 28 | apiVersion: source.toolkit.fluxcd.io/v1beta1 29 | kind: HelmRepository 30 | metadata: 31 | name: linkerd 32 | namespace: linkerd 33 | spec: 34 | interval: 2m 35 | url: https://helm.linkerd.io/stable 36 | --- 37 | kind: Namespace 38 | apiVersion: v1 39 | metadata: 40 | name: linkerd-viz 41 | labels: 42 | linkerd.io/extension: viz 43 | annotations: 44 | linkerd.io/inject: enabled 45 | config.linkerd.io/proxy-await: "enabled" -------------------------------------------------------------------------------- /gitops/flux/runtime/source/linkerd/certs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | name: linkerd-certs 6 | namespace: linkerd 7 | data: 8 | ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJqRENDQVRPZ0F3SUJBZ0lRWm1xWXJPTnRKcTFtZjhlK2trS1BwVEFLQmdncWhrak9QUVFEQWpBbE1TTXcKSVFZRFZRUURFeHB5YjI5MExteHBibXRsY21RdVkyeDFjM1JsY2k1c2IyTmhiREFlRncweU16QTRNRGd4T0RJeQpORFphRncwek16QTRNRFV4T0RJeU5EWmFNQ1V4SXpBaEJnTlZCQU1UR25KdmIzUXViR2x1YTJWeVpDNWpiSFZ6CmRHVnlMbXh2WTJGc01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRUhwRlc0ZW9jcWlJbVNyOGgKM25lRUc5WVBsdDRJdHlOYklocUFTT3Z2cS9IdC9JTnFGd3pQaG81YmVaYlJHKzNKOGZCZ1BveG1admU3d1laUwpMcERDMHFORk1FTXdEZ1lEVlIwUEFRSC9CQVFEQWdFR01CSUdBMVVkRXdFQi93UUlNQVlCQWY4Q0FRRXdIUVlEClZSME9CQllFRkVSRDB1cmNXeHBXTDFvN1ZYc3NVaWdVeHB2V01Bb0dDQ3FHU000OUJBTUNBMGNBTUVRQ0lGUE4KZnRnT3JON1BtUnVXNTZUYXFzUTlBbzEvV1hlTjF1OHc4YVo2TzJEMkFpQmFjakVXVCsxaFp0V2tKbFBlSWtRZApzbURzMFZJL2wxSTVjdS80RWVCMC9nPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= 9 | issuer.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJzVENDQVZpZ0F3SUJBZ0lRWmxRK1BhVzF5VExvZUJaK2JyaVp1REFLQmdncWhrak9QUVFEQWpBbE1TTXcKSVFZRFZRUURFeHB5YjI5MExteHBibXRsY21RdVkyeDFjM1JsY2k1c2IyTmhiREFlRncweU16QTRNRGd4T0RJMQpNakJhRncweU5EQTRNRGN4T0RJMU1qQmFNQ2t4SnpBbEJnTlZCQU1USG1sa1pXNTBhWFI1TG14cGJtdGxjbVF1ClkyeDFjM1JsY2k1c2IyTmhiREJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCTjY4bkZuN1RRRk4KSkdtMmFqZUo0T242QTN4c0hmMXBxZjM3TTgvTXV5ZnIxbG9hd0hhOHQ4NGYweXNnNm5oSmUyRVk4OWhieldaWgpERVFOUk9peStTS2paakJrTUE0R0ExVWREd0VCL3dRRUF3SUJCakFTQmdOVkhSTUJBZjhFQ0RBR0FRSC9BZ0VBCk1CMEdBMVVkRGdRV0JCUXUzY29DODdaWWNMdWtaVWFoZWJiUE1OdDFoakFmQmdOVkhTTUVHREFXZ0JSRVE5THEKM0ZzYVZpOWFPMVY3TEZJb0ZNYWIxakFLQmdncWhrak9QUVFEQWdOSEFEQkVBaUJLc01ZTEc3WHRGTVFNL0tVTQpuVWJHRkJmMVpYdHc2dUFQZXdnUXZlM3piUUlnUGExMis4TXdiTDRLaXY2MWFvRnFJWXZickRrK0hOa01wcGN3ClV2dm9ZRUU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 10 | issuer.key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUpKOXRrYnIyOWhoK3JYZkFBZGtreEZOOExXS0orZXNVTzhkR3VsZk5laFBvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFM3J5Y1dmdE5BVTBrYWJacU40bmc2Zm9EZkd3ZC9XbXAvZnN6ejh5N0ordldXaHJBZHJ5Mwp6aC9US3lEcWVFbDdZUmp6MkZ2Tlpsa01SQTFFNkxMNUlnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= 11 | 12 | 13 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/linkerd/controlplane-test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: linkerd.buoyant.io/v1alpha1 3 | kind: ControlPlane 4 | metadata: 5 | name: linkerd-control-plane 6 | spec: 7 | components: 8 | linkerd: 9 | version: enterprise-2.13.6-1 10 | controlPlaneConfig: 11 | identityTrustAnchorsPEM: 12 | valuesFrom: 13 | secretKeyRef: 14 | name: linkerd-certs 15 | key: ca.crt 16 | imagePullSecrets: 17 | - name: buoyant-registry-secret 18 | identity: 19 | issuer: 20 | scheme: kubernetes.io/tls 21 | tls: 22 | crtPEM: 23 | valuesFrom: 24 | secretKeyRef: 25 | name: linkerd-certs 26 | key: issuer.crt 27 | crtKEY: 28 | valuesFrom: 29 | secretKeyRef: 30 | name: linkerd-certs 31 | key: issuer.key 32 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/linkerd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - linkerd-crds.yaml 5 | - linkerd-control-plane.yaml 6 | - certs.yaml 7 | - linkerd-repo.yaml -------------------------------------------------------------------------------- /gitops/flux/runtime/source/linkerd/linkerd-control-plane.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: linkerd-control-plane 5 | namespace: linkerd 6 | spec: 7 | timeout: 3m 8 | interval: 10m 9 | releaseName: linkerd-control-plane 10 | targetNamespace: linkerd 11 | storageNamespace: linkerd 12 | chart: 13 | spec: 14 | chart: linkerd-enterprise-control-plane 15 | version: 213.6.0 16 | sourceRef: 17 | kind: HelmRepository 18 | name: linkerd 19 | namespace: linkerd 20 | interval: 40m 21 | values: 22 | linkerd-control-plane: 23 | installNamespace: false 24 | imagePullSecrets: 25 | - name: buoyant-acr-secret 26 | valuesFrom: 27 | - kind: Secret 28 | name: linkerd-certs 29 | valuesKey: ca.crt 30 | targetPath: linkerd-control-plane.identityTrustAnchorsPEM 31 | - kind: Secret 32 | name: linkerd-certs 33 | valuesKey: issuer.crt 34 | targetPath: linkerd-control-plane.identity.issuer.tls.crtPEM 35 | - kind: Secret 36 | name: linkerd-certs 37 | valuesKey: issuer.key 38 | targetPath: linkerd-control-plane.identity.issuer.tls.keyPEM 39 | install: 40 | crds: CreateReplace 41 | upgrade: 42 | crds: CreateReplace 43 | -------------------------------------------------------------------------------- /gitops/flux/runtime/source/linkerd/linkerd-crds.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 3 | kind: HelmRelease 4 | metadata: 5 | name: linkerd-crds 6 | namespace: linkerd 7 | spec: 8 | timeout: 3m 9 | interval: 10m 10 | releaseName: linkerd-crds 11 | targetNamespace: linkerd 12 | storageNamespace: linkerd 13 | chart: 14 | spec: 15 | chart: linkerd-enterprise-crds 16 | version: 213.6.0 17 | sourceRef: 18 | kind: HelmRepository 19 | name: linkerd 20 | namespace: linkerd 21 | interval: 40m 22 | install: 23 | crds: CreateReplace 24 | upgrade: 25 | crds: CreateReplace 26 | --- 27 | kind: Namespace 28 | apiVersion: v1 29 | metadata: 30 | name: linkerd 31 | labels: 32 | linkerd.io/is-control-plane: "true" 33 | config.linkerd.io/admission-webhooks: disabled 34 | linkerd.io/control-plane-ns: linkerd -------------------------------------------------------------------------------- /gitops/flux/runtime/source/linkerd/linkerd-repo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: linkerd 6 | namespace: linkerd 7 | spec: 8 | interval: 2m 9 | url: oci://buoyant.azurecr.io/helm/ 10 | type: "oci" 11 | secretRef: 12 | name: buoyant-acr-secret -------------------------------------------------------------------------------- /gitops/flux/runtime/source/nginx-ingress/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - nginx-ingress.yaml -------------------------------------------------------------------------------- /gitops/flux/runtime/source/nginx-ingress/nginx-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: frontdoor 5 | namespace: nginx-ingress 6 | spec: 7 | timeout: 3m 8 | interval: 40m 9 | releaseName: frontdoor 10 | targetNamespace: nginx-ingress 11 | storageNamespace: nginx-ingress 12 | chart: 13 | spec: 14 | chart: nginx-ingress-controller 15 | sourceRef: 16 | kind: HelmRepository 17 | name: bitnami 18 | namespace: nginx-ingress 19 | interval: 40m 20 | postRenderers: 21 | - kustomize: 22 | patchesStrategicMerge: 23 | - kind: Deployment 24 | apiVersion: apps/v1 25 | metadata: 26 | name: frontdoor-nginx-ingress-controller 27 | namespace: nginx-ingress 28 | spec: 29 | template: 30 | metadata: 31 | annotations: 32 | linkerd.io/inject: enabled 33 | - kind: Deployment 34 | apiVersion: apps/v1 35 | metadata: 36 | name: frontdoor-nginx-ingress-controller-default-backend 37 | namespace: nginx-ingress 38 | spec: 39 | template: 40 | metadata: 41 | annotations: 42 | linkerd.io/inject: enabled 43 | values: 44 | installNamespace: false 45 | install: 46 | crds: CreateReplace 47 | upgrade: 48 | crds: CreateReplace 49 | --- 50 | apiVersion: source.toolkit.fluxcd.io/v1beta1 51 | kind: HelmRepository 52 | metadata: 53 | name: bitnami 54 | namespace: nginx-ingress 55 | spec: 56 | interval: 2m 57 | url: https://charts.bitnami.com/bitnami 58 | --- 59 | kind: Namespace 60 | apiVersion: v1 61 | metadata: 62 | name: nginx-ingress -------------------------------------------------------------------------------- /gitops/flux/runtime/source/platform/platform-mappings.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: getambassador.io/v2 3 | kind: Mapping 4 | metadata: 5 | name: linkerd-viz 6 | spec: 7 | prefix: / 8 | host: "dashboard.k8s.59s.io" 9 | # host_regex: true 10 | host_rewrite: web.linkerd-viz.svc.cluster.local:8084 11 | service: web.linkerd-viz.svc.cluster.local:8084 12 | rewrite: "" 13 | allow_upgrade: 14 | - websocket 15 | remove_request_headers: 16 | - Origin 17 | --- 18 | apiVersion: getambassador.io/v2 19 | kind: Host 20 | metadata: 21 | name: dashboard 22 | spec: 23 | hostname: "dashboard.k8s.59s.io" 24 | acmeProvider: 25 | email: jmorgan@f9vs.com -------------------------------------------------------------------------------- /gitops/weave_gitops_core/steps.sh: -------------------------------------------------------------------------------- 1 | # k3d cluster create gitops -p "8080:80@loadbalancer" -p "8443:443@loadbalancer" --k3s-arg '--no-deploy=traefik@server:*;agents:*' 2 | civo kubernetes create gitops -r Traefik -n 3 -s g3.k3s.small -w -y 3 | civo kubernetes config gitops > ~/.kube/config 4 | # k ctx gitops 5 | k ns default 6 | 7 | gitops install 8 | 9 | gitops add app --url https://github.com/JasonMorgan/linkerd-demos.git --path ./gitops/flux/runtime/manifests/ --name platform 10 | 11 | gh pr list 12 | 13 | gh pr merge $NUM 14 | 15 | k get host -A 16 | 17 | gitops add app --url https://github.com/JasonMorgan/linkerd-demos.git --path ./gitops/flux/apps/source/podinfo --name podinfo --app-config-url NONE 18 | 19 | micro git_repos/jasonmorgan/linkerd-demos/gitops/flux/apps/source/podinfo/patch.yaml 20 | 21 | cd git_repos/jasonmorgan/linkerd-demos/ 22 | 23 | git add . 24 | 25 | git commit -m '' 26 | 27 | git push 28 | 29 | watch k get deploy 30 | 31 | ## TAB2 32 | 33 | watch kubectl get pods -A 34 | 35 | watch kubectl get pods -n podinfo 36 | 37 | ## TAB3 38 | 39 | watch kubectl get kustomization 40 | 41 | watch linkerd viz stat ts -------------------------------------------------------------------------------- /helm/README.md: -------------------------------------------------------------------------------- 1 | # Helm Install Demo 2 | 3 | ## Links 4 | 5 | * https://linkerd.io/2.10/tasks/install-helm/ 6 | * https://artifacthub.io/packages/helm/linkerd2/linkerd2 7 | * https://github.com/linkerd/linkerd2/blob/main/viz/charts/linkerd-viz/README.md 8 | * https://github.com/linkerd/linkerd2/tree/main/multicluster/charts 9 | 10 | ## Steps 11 | 12 | * Set up the cluster and CA 13 | * Set up repo 14 | * install linkerd 15 | * wait 16 | * install add ons 17 | * wait 18 | -------------------------------------------------------------------------------- /helm/takeover.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # linkerd install --identity-trust-anchors-file ~/tmp/ca/root.crt --identity-issuer-certificate-file ~/tmp/ca/issuer.crt --identity-issuer-key-file ~/tmp/ca/issuer.key | k apply -f - && linkerd check 4 | 5 | #helm template --set-file identityTrustAnchorsPEM=../ca/root.crt --set-file identity.issuer.tls.crtPEM=../ca/issuer.crt --set-file identity.issuer.tls.keyPEM=../ca/issuer.key linkerd linkerd/linkerd2 | k apply -f - 6 | 7 | kubectl annotate ns linkerd meta.helm.sh/release-name=linkerd --overwrite 8 | kubectl annotate ns linkerd meta.helm.sh/managed-by=Helm --overwrite 9 | kubectl annotate ns linkerd meta.helm.sh/release-namespace=default --overwrite 10 | kubectl label ns linkerd app.kubernetes.io/managed-by=Helm --overwrite 11 | 12 | # k get sa -n linkerd -o json | jq -r '[.items[] | select(.metadata.name | startswith("linkerd")) | {"Kind": .kind, "Name": .metadata.name}]' 13 | for type in deploy sa service secret cm clusterrole clusterrolebinding role rolebinding cronjob MutatingWebhookConfiguration ValidatingWebhookConfiguration # servers.policy.linkerd.io serverauthorizations 14 | do 15 | for i in $(kubectl get "${type}" -n linkerd -o json | jq -c '.items[] | select(.metadata.name | startswith("linkerd")) | {"kind": .kind, "name": .metadata.name}') 16 | do 17 | kind=$(echo $i | jq -r '.kind') 18 | name=$(echo $i | jq -r '.name') 19 | kubectl annotate -n linkerd "${kind}" "${name}" meta.helm.sh/release-name=linkerd --overwrite 20 | kubectl annotate -n linkerd "${kind}" "${name}" meta.helm.sh/managed-by=Helm --overwrite 21 | kubectl annotate -n linkerd "${kind}" "${name}" meta.helm.sh/release-namespace=default --overwrite 22 | kubectl label -n linkerd "${kind}" "${name}" app.kubernetes.io/managed-by=Helm --overwrite 23 | done 24 | done 25 | 26 | for crd in servers.policy.linkerd.io serverauthorizations.policy.linkerd.io serviceprofiles.linkerd.io trafficsplits.split.smi-spec.io 27 | do 28 | kubectl annotate -n linkerd crd "${crd}" meta.helm.sh/release-name=linkerd --overwrite 29 | kubectl annotate -n linkerd crd "${crd}" meta.helm.sh/managed-by=Helm --overwrite 30 | kubectl annotate -n linkerd crd "${crd}" meta.helm.sh/release-namespace=default --overwrite 31 | kubectl label -n linkerd crd "${crd}" app.kubernetes.io/managed-by=Helm --overwrite 32 | done 33 | # helm install --set-file identityTrustAnchorsPEM=~/tmp/ca/root.crt --set-file identity.issuer.tls.crtPEM=~/tmp/ca/issuer.crt --set-file identity.issuer.tls.keyPEM=~/tmp/ca/issuer.key linkerd linkerd/linkerd2 34 | -------------------------------------------------------------------------------- /init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | k3d cluster create dev -s 3 --k3s-arg '--disable=traefik@server:*' 4 | 5 | curl -sL https://run.linkerd.io/emojivoto.yml | kubectl apply -f - 6 | kubectl create ns booksapp 7 | curl -sL https://run.linkerd.io/booksapp.yml | kubectl apply -n booksapp -f - 8 | k apply -k 101/podinfo 9 | k ns default 10 | clear -------------------------------------------------------------------------------- /mc-emoji/emoji.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: emojivoto 6 | --- 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: emoji 11 | namespace: emojivoto 12 | --- 13 | apiVersion: v1 14 | kind: Service 15 | metadata: 16 | name: emoji-svc 17 | namespace: emojivoto 18 | labels: 19 | mirror.linkerd.io/exported: "true" 20 | spec: 21 | ports: 22 | - name: grpc 23 | port: 8080 24 | targetPort: 8080 25 | - name: prom 26 | port: 8801 27 | targetPort: 8801 28 | selector: 29 | app: emoji-svc 30 | --- 31 | apiVersion: apps/v1 32 | kind: Deployment 33 | metadata: 34 | labels: 35 | app.kubernetes.io/name: emoji 36 | app.kubernetes.io/part-of: emojivoto 37 | app.kubernetes.io/version: v11 38 | name: emoji 39 | namespace: emojivoto 40 | spec: 41 | replicas: 1 42 | selector: 43 | matchLabels: 44 | app: emoji-svc 45 | version: v11 46 | template: 47 | metadata: 48 | labels: 49 | app: emoji-svc 50 | version: v11 51 | spec: 52 | containers: 53 | - env: 54 | - name: GRPC_PORT 55 | value: "8080" 56 | - name: PROM_PORT 57 | value: "8801" 58 | image: docker.l5d.io/buoyantio/emojivoto-emoji-svc:v11 59 | name: emoji-svc 60 | ports: 61 | - containerPort: 8080 62 | name: grpc 63 | - containerPort: 8801 64 | name: prom 65 | resources: 66 | requests: 67 | cpu: 100m 68 | serviceAccountName: emoji 69 | -------------------------------------------------------------------------------- /mc-emoji/voting.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: emojivoto 6 | --- 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: voting 11 | namespace: emojivoto 12 | --- 13 | apiVersion: v1 14 | kind: Service 15 | metadata: 16 | name: voting-svc 17 | namespace: emojivoto 18 | labels: 19 | mirror.linkerd.io/exported: "true" 20 | spec: 21 | ports: 22 | - name: grpc 23 | port: 8080 24 | targetPort: 8080 25 | - name: prom 26 | port: 8801 27 | targetPort: 8801 28 | selector: 29 | app: voting-svc 30 | --- 31 | apiVersion: apps/v1 32 | kind: Deployment 33 | metadata: 34 | labels: 35 | app.kubernetes.io/name: voting 36 | app.kubernetes.io/part-of: emojivoto 37 | app.kubernetes.io/version: v11 38 | name: voting 39 | namespace: emojivoto 40 | spec: 41 | replicas: 1 42 | selector: 43 | matchLabels: 44 | app: voting-svc 45 | version: v11 46 | template: 47 | metadata: 48 | labels: 49 | app: voting-svc 50 | version: v11 51 | spec: 52 | containers: 53 | - env: 54 | - name: GRPC_PORT 55 | value: "8080" 56 | - name: PROM_PORT 57 | value: "8801" 58 | image: docker.l5d.io/buoyantio/emojivoto-voting-svc:v11 59 | name: voting-svc 60 | ports: 61 | - containerPort: 8080 62 | name: grpc 63 | - containerPort: 8801 64 | name: prom 65 | resources: 66 | requests: 67 | cpu: 100m 68 | serviceAccountName: voting -------------------------------------------------------------------------------- /mc-emoji/web.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: emojivoto 6 | --- 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: web 11 | namespace: emojivoto 12 | --- 13 | apiVersion: v1 14 | kind: Service 15 | metadata: 16 | name: web-svc 17 | namespace: emojivoto 18 | spec: 19 | ports: 20 | - name: http 21 | port: 80 22 | targetPort: 8080 23 | selector: 24 | app: web-svc 25 | type: ClusterIP 26 | --- 27 | apiVersion: apps/v1 28 | kind: Deployment 29 | metadata: 30 | labels: 31 | app.kubernetes.io/name: web 32 | app.kubernetes.io/part-of: emojivoto 33 | app.kubernetes.io/version: v11 34 | name: web 35 | namespace: emojivoto 36 | spec: 37 | replicas: 1 38 | selector: 39 | matchLabels: 40 | app: web-svc 41 | version: v11 42 | template: 43 | metadata: 44 | labels: 45 | app: web-svc 46 | version: v11 47 | spec: 48 | containers: 49 | - env: 50 | - name: WEB_PORT 51 | value: "8080" 52 | - name: EMOJISVC_HOST 53 | value: emoji-svc.emojivoto:8080 54 | - name: VOTINGSVC_HOST 55 | value: voting-svc.emojivoto:8080 56 | - name: INDEX_BUNDLE 57 | value: dist/index_bundle.js 58 | image: docker.l5d.io/buoyantio/emojivoto-web:v11 59 | name: web-svc 60 | ports: 61 | - containerPort: 8080 62 | name: http 63 | resources: 64 | requests: 65 | cpu: 100m 66 | serviceAccountName: web 67 | --- 68 | apiVersion: apps/v1 69 | kind: Deployment 70 | metadata: 71 | labels: 72 | app.kubernetes.io/name: vote-bot 73 | app.kubernetes.io/part-of: emojivoto 74 | app.kubernetes.io/version: v11 75 | name: vote-bot 76 | namespace: emojivoto 77 | spec: 78 | replicas: 1 79 | selector: 80 | matchLabels: 81 | app: vote-bot 82 | version: v11 83 | template: 84 | metadata: 85 | labels: 86 | app: vote-bot 87 | version: v11 88 | spec: 89 | containers: 90 | - command: 91 | - emojivoto-vote-bot 92 | env: 93 | - name: WEB_HOST 94 | value: web-svc.emojivoto:80 95 | image: docker.l5d.io/buoyantio/emojivoto-web:v11 96 | name: vote-bot 97 | resources: 98 | requests: 99 | cpu: 10m 100 | 101 | -------------------------------------------------------------------------------- /multicluster/cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | civo kubernetes delete NYC2 -y 4 | 5 | civo kubernetes delete LON2 --region LON1 -y 6 | 7 | rm -rf ~/tmp/ca/* 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /multicluster/manifests/backend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | annotations: 5 | linkerd.io/inject: enabled 6 | name: podinfo 7 | --- 8 | apiVersion: v1 9 | data: 10 | urls: |- 11 | http://${SERVICE}:${PORT} 12 | http://${SERVICE}:${PORT}/healthz 13 | http://${SERVICE}:${PORT}/readyz 14 | http://${SERVICE}:${PORT}/configs 15 | http://${SERVICE}:${PORT}/env 16 | http://${SERVICE}:${PORT}/headers 17 | kind: ConfigMap 18 | metadata: 19 | name: generator 20 | namespace: podinfo 21 | --- 22 | apiVersion: v1 23 | kind: Service 24 | metadata: 25 | name: podinfo 26 | namespace: podinfo 27 | labels: 28 | # mirror.linkerd.io/exported: "true" 29 | spec: 30 | ports: 31 | - name: http 32 | port: 9898 33 | protocol: TCP 34 | targetPort: http 35 | - name: grpc 36 | port: 9999 37 | protocol: TCP 38 | targetPort: grpc 39 | selector: 40 | app: podinfo 41 | type: ClusterIP 42 | --- 43 | apiVersion: apps/v1 44 | kind: Deployment 45 | metadata: 46 | name: podinfo 47 | namespace: podinfo 48 | spec: 49 | minReadySeconds: 3 50 | progressDeadlineSeconds: 60 51 | replicas: 3 52 | revisionHistoryLimit: 5 53 | selector: 54 | matchLabels: 55 | app: podinfo 56 | strategy: 57 | rollingUpdate: 58 | maxUnavailable: 0 59 | type: RollingUpdate 60 | template: 61 | metadata: 62 | annotations: 63 | prometheus.io/port: "9797" 64 | prometheus.io/scrape: "true" 65 | labels: 66 | app: podinfo 67 | spec: 68 | containers: 69 | - command: 70 | - ./podinfo 71 | - --port=9898 72 | - --port-metrics=9797 73 | - --grpc-port=9999 74 | - --grpc-service-name=podinfo 75 | - --level=info 76 | - --random-delay=false 77 | - --random-error=false 78 | env: 79 | - name: PODINFO_UI_COLOR 80 | value: '#008000' 81 | image: ghcr.io/stefanprodan/podinfo:5.1.3 82 | imagePullPolicy: IfNotPresent 83 | livenessProbe: 84 | exec: 85 | command: 86 | - podcli 87 | - check 88 | - http 89 | - localhost:9898/healthz 90 | initialDelaySeconds: 5 91 | timeoutSeconds: 5 92 | name: podinfod 93 | ports: 94 | - containerPort: 9898 95 | name: http 96 | protocol: TCP 97 | - containerPort: 9797 98 | name: http-metrics 99 | protocol: TCP 100 | - containerPort: 9999 101 | name: grpc 102 | protocol: TCP 103 | readinessProbe: 104 | exec: 105 | command: 106 | - podcli 107 | - check 108 | - http 109 | - localhost:9898/readyz 110 | initialDelaySeconds: 5 111 | timeoutSeconds: 5 112 | resources: 113 | limits: 114 | cpu: 2000m 115 | memory: 512Mi 116 | requests: 117 | cpu: 100m 118 | memory: 64Mi 119 | securityContext: 120 | runAsUser: 1337 -------------------------------------------------------------------------------- /multicluster/manifests/frontend.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: podinfo 6 | annotations: 7 | linkerd.io/inject: enabled 8 | --- 9 | apiVersion: v1 10 | kind: ConfigMap 11 | metadata: 12 | name: frontend 13 | namespace: podinfo 14 | data: 15 | nginx.conf: |- 16 | pid /tmp/pid; 17 | error_log stderr; 18 | events {} 19 | http { 20 | client_body_temp_path /tmp/client_temp; 21 | proxy_temp_path /tmp/proxy_temp_path; 22 | fastcgi_temp_path /tmp/fastcgi_temp; 23 | uwsgi_temp_path /tmp/uwsgi_temp; 24 | scgi_temp_path /tmp/scgi_temp; 25 | server { 26 | listen 8080; 27 | set $east "east"; 28 | set $west "west"; 29 | location / { 30 | proxy_pass http://podinfo-prod2:9898; 31 | proxy_http_version 1.1; 32 | } 33 | } 34 | } 35 | --- 36 | apiVersion: apps/v1 37 | kind: Deployment 38 | metadata: 39 | name: frontend 40 | namespace: podinfo 41 | labels: 42 | app: frontend 43 | spec: 44 | selector: 45 | matchLabels: 46 | app: frontend 47 | replicas: 1 48 | template: 49 | metadata: 50 | annotations: 51 | linkerd.io/inject: enabled 52 | labels: 53 | app: frontend 54 | spec: 55 | containers: 56 | - name: nginx 57 | image: nginx:alpine 58 | volumeMounts: 59 | - name: cfg 60 | mountPath: /etc/nginx/nginx.conf 61 | subPath: nginx.conf 62 | - name: nginx-conf-d 63 | mountPath: /etc/nginx/conf.d 64 | - name: nginx-tmp 65 | mountPath: /tmp 66 | resources: 67 | requests: 68 | cpu: 10m 69 | memory: 10Mi 70 | securityContext: 71 | runAsUser: 1337 72 | volumes: 73 | - name: cfg 74 | configMap: 75 | name: frontend 76 | - name: nginx-conf-d 77 | emptyDir: {} 78 | - name: nginx-tmp 79 | emptyDir: {} 80 | --- 81 | apiVersion: v1 82 | kind: Service 83 | metadata: 84 | # labels: 85 | # mirror.linkerd.io/exported: "true" 86 | name: frontend 87 | namespace: podinfo 88 | spec: 89 | ports: 90 | - name: service 91 | port: 8080 92 | selector: 93 | app: frontend 94 | # --- 95 | # apiVersion: networking.k8s.io/v1 96 | # kind: Ingress 97 | # metadata: 98 | # annotations: 99 | # ingress.kubernetes.io/ssl-redirect: "false" 100 | # kubernetes.io/ingress.class: traefik 101 | # ingress.kubernetes.io/custom-request-headers: l5d-dst-override:frontend.podinfo.svc.cluster.local:8080 102 | # name: frontend 103 | # namespace: podinfo 104 | # spec: 105 | # rules: 106 | # - http: 107 | # paths: 108 | # - backend: 109 | # service: 110 | # name: frontend 111 | # port: 112 | # number: 8080 113 | # path: / 114 | # pathType: Prefix 115 | --- 116 | apiVersion: getambassador.io/v2 117 | kind: Mapping 118 | metadata: 119 | name: podinfo 120 | namespace: podinfo 121 | spec: 122 | prefix: / 123 | service: frontend.podinfo:8080 124 | rewrite: "" 125 | --- 126 | apiVersion: apps/v1 127 | kind: Deployment 128 | metadata: 129 | labels: 130 | app: generator 131 | name: generator 132 | namespace: podinfo 133 | spec: 134 | replicas: 1 135 | selector: 136 | matchLabels: 137 | app: generator 138 | template: 139 | metadata: 140 | # annotations: null 141 | labels: 142 | app: generator 143 | spec: 144 | containers: 145 | - args: 146 | - sed -e "s/\${SERVICE}/$SERVICE/" -e "s/\${PORT}/$PORT/" /tmp/urls | slow_cooker -qps ${QPS} -concurrency ${CONCURRENCY} @- 147 | command: 148 | - /bin/sh 149 | - -c 150 | env: 151 | - name: QPS 152 | value: "5" 153 | - name: CONCURRENCY 154 | value: "5" 155 | - name: SERVICE 156 | value: frontend 157 | - name: PORT 158 | value: "8080" 159 | image: buoyantio/slow_cooker:1.2.0 160 | name: default 161 | resources: 162 | requests: 163 | cpu: 10m 164 | memory: 10Mi 165 | securityContext: 166 | runAsUser: 1337 167 | volumeMounts: 168 | - mountPath: /tmp/ 169 | name: cfg 170 | volumes: 171 | - configMap: 172 | name: generator 173 | name: cfg 174 | --- 175 | apiVersion: v1 176 | kind: ConfigMap 177 | metadata: 178 | name: generator 179 | data: 180 | urls: |- 181 | http://${SERVICE}:${PORT} 182 | http://${SERVICE}:${PORT}/healthz 183 | http://${SERVICE}:${PORT}/readyz 184 | http://${SERVICE}:${PORT}/configs 185 | http://${SERVICE}:${PORT}/env 186 | http://${SERVICE}:${PORT}/headers 187 | http://${SERVICE}:${PORT}/delay/2 -------------------------------------------------------------------------------- /multicluster/steps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd ~/tmp/ca 4 | 5 | step certificate create root.linkerd.cluster.local root.crt root.key --profile root-ca --no-password --insecure 6 | 7 | step certificate create identity.linkerd.cluster.local issuer.lon.crt issuer.lon.key --profile intermediate-ca --not-after 8760h --no-password --insecure --ca root.crt --ca-key root.key 8 | 9 | step certificate create identity.linkerd.cluster.local issuer.nyc.crt issuer.nyc.key --profile intermediate-ca --not-after 8760h --no-password --insecure --ca root.crt --ca-key root.key 10 | 11 | civo kubernetes create NYC -n 1 -s g4s.kube.small -w -y 12 | 13 | civo kubernetes config NYC > ~/.kube/configs/nyc 14 | 15 | export KUBECONFIG=~/.kube/configs/nyc 16 | 17 | civo kubernetes create LON -n 1 -s g4s.kube.small -w -y --region LON1 18 | 19 | civo kubernetes config LON --region LON1 > ~/.kube/configs/lon 20 | 21 | export KUBECONFIG=~/.kube/configs/lon 22 | 23 | linkerd install --identity-trust-anchors-file ~/tmp/ca/root.crt --identity-issuer-certificate-file ~/tmp/ca/issuer.nyc.crt --identity-issuer-key-file ~/tmp/ca/issuer.nyc.key | k apply -f - && linkerd check 24 | 25 | linkerd install --identity-trust-anchors-file ~/tmp/ca/root.crt --identity-issuer-certificate-file ~/tmp/ca/issuer.lon.crt --identity-issuer-key-file ~/tmp/ca/issuer.lon.key | k apply -f - && linkerd check 26 | 27 | linkerd multicluster install | k apply -f - && linkerd check 28 | 29 | linkerd viz install | k apply -f - && linkerd check 30 | 31 | linkerd multicluster link --cluster-name lon | k apply -f - 32 | 33 | k apply -f ~/git_repos/jasonmorgan/linkerd-demos/multicluster/manifests/frontend.yaml 34 | 35 | k apply -k ~/git_repos/jasonmorgan/linkerd-demos/101/podinfo 36 | 37 | k ns podinfo 38 | 39 | k get pods 40 | 41 | k get svc 42 | 43 | k get ingress 44 | 45 | k edit svc podinfo 46 | 47 | # Cleanup 48 | 49 | civo kubernetes delete NYC2 -y 50 | 51 | civo kubernetes delete LON2 --region LON1 -y 52 | 53 | rm -rf ~/tmp/ca/* -------------------------------------------------------------------------------- /multicluster/tab1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source ../demo-magic.sh 4 | clear 5 | 6 | pe "cd ~/tmp/ca" 7 | wait 8 | clear 9 | 10 | pe "step certificate create root.linkerd.cluster.local root.crt root.key --profile root-ca --no-password --insecure" 11 | wait 12 | clear 13 | 14 | pe "step certificate create identity.linkerd.cluster.local issuer.lon.crt issuer.lon.key --profile intermediate-ca --not-after 8760h --no-password --insecure --ca root.crt --ca-key root.key" 15 | wait 16 | clear 17 | 18 | pe "step certificate create identity.linkerd.cluster.local issuer.nyc.crt issuer.nyc.key --profile intermediate-ca --not-after 8760h --no-password --insecure --ca root.crt --ca-key root.key" 19 | wait 20 | clear 21 | 22 | pe "civo kubernetes create NYC2 -n 1 -s g3.k3s.small -w -y" 23 | wait 24 | clear 25 | 26 | pe "civo kubernetes config NYC2 > ~/.kube/configs/nyc2" 27 | wait 28 | clear 29 | 30 | pe "export KUBECONFIG=~/.kube/configs/nyc2" 31 | wait 32 | clear 33 | 34 | 35 | pe "civo kubernetes create LON2 -n 1 -s g3.k3s.small -w -y --region LON1" 36 | wait 37 | clear 38 | 39 | 40 | pe "civo kubernetes config LON2 --region LON1 > ~/.kube/configs/lon2" 41 | wait 42 | clear 43 | 44 | 45 | pe "linkerd install --identity-trust-anchors-file ~/tmp/ca/root.crt --identity-issuer-certificate-file ~/tmp/ca/issuer.nyc.crt --identity-issuer-key-file ~/tmp/ca/issuer.nyc.key | k apply --kubeconfig ~/.kube/configs/nyc2 -f - && linkerd check" 46 | wait 47 | clear 48 | 49 | 50 | 51 | 52 | pe "linkerd multicluster install | k apply -f - && linkerd check" 53 | wait 54 | clear 55 | 56 | pe "linkerd viz install | k apply -f - && linkerd check" 57 | wait 58 | clear 59 | 60 | pe "linkerd multicluster link --kubeconfig ~/.kube/configs/lon2 --cluster-name lon | k apply --kubeconfig ~/.kube/configs/nyc2 -f -" 61 | wait 62 | clear 63 | 64 | pe "k apply -f git_repos/jasonmorgan/linkerd-demos/multicluster/manifests/frontend.yaml" 65 | wait 66 | clear 67 | 68 | pe "k apply -k git_repos/jasonmorgan/linkerd-demos/101/podinfo" 69 | wait 70 | clear 71 | 72 | pe "k ns podinfo" 73 | wait 74 | clear 75 | 76 | pe "k get pods" 77 | wait 78 | clear 79 | 80 | pe "k get svc" 81 | wait 82 | clear 83 | 84 | pe "k get ingress" 85 | wait 86 | clear 87 | 88 | # pe "k edit svc podinfo" 89 | # wait 90 | # clear 91 | 92 | # Cleanup 93 | 94 | civo kubernetes delete NYC2 -y 95 | 96 | civo kubernetes delete LON2 --region LON1 -y 97 | 98 | rm -rf ~/tmp/ca/* 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | -------------------------------------------------------------------------------- /multicluster/tab2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source ../demo-magic.sh 4 | clear 5 | 6 | pe "cd ~/tmp/ca" 7 | wait 8 | clear 9 | 10 | pe "export KUBECONFIG=~/.kube/configs/lon2" 11 | wait 12 | clear 13 | 14 | pe "linkerd install --identity-trust-anchors-file ~/tmp/ca/root.crt --identity-issuer-certificate-file ~/tmp/ca/issuer.lon.crt --identity-issuer-key-file ~/tmp/ca/issuer.lon.key | k apply --kubeconfig ~/.kube/configs/lon2 -f - && linkerd check" 15 | wait 16 | clear 17 | 18 | pe "linkerd multicluster install | k apply -f - && linkerd check" 19 | wait 20 | clear 21 | 22 | pe "linkerd viz install | k apply -f - && linkerd check" 23 | wait 24 | clear 25 | 26 | pe "k apply -k git_repos/jasonmorgan/linkerd-demos/101/podinfo" 27 | wait 28 | clear 29 | 30 | pe "k ns podinfo" 31 | wait 32 | clear 33 | 34 | pe "k get pods" 35 | wait 36 | clear 37 | 38 | pe "k get svc" 39 | wait 40 | clear 41 | 42 | pe "k get ingress" 43 | wait 44 | clear 45 | 46 | pe "k label svc podinfo mirror.linkerd.io/exported=true" 47 | wait 48 | clear 49 | -------------------------------------------------------------------------------- /policy/manifests/booksapp/admin_server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1beta1 3 | kind: Server 4 | metadata: 5 | namespace: booksapp 6 | name: linkerd-admin 7 | spec: 8 | podSelector: 9 | matchLabels: {} 10 | port: linkerd-admin 11 | proxyProtocol: HTTP/2 -------------------------------------------------------------------------------- /policy/manifests/booksapp/allow_namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1alpha1 3 | kind: AuthorizationPolicy 4 | metadata: 5 | name: booksapp-only 6 | namespace: booksapp 7 | labels: 8 | app.kubernetes.io/part-of: booksapp 9 | project: booksapp 10 | spec: 11 | targetRef: 12 | kind: Namespace 13 | name: booksapp 14 | requiredAuthenticationRefs: 15 | - name: booksapp-accounts 16 | kind: MeshTLSAuthentication 17 | group: policy.linkerd.io 18 | --- 19 | apiVersion: policy.linkerd.io/v1alpha1 20 | kind: MeshTLSAuthentication 21 | metadata: 22 | name: booksapp-accounts 23 | namespace: booksapp 24 | spec: 25 | identities: 26 | - "*.booksapp.serviceaccount.identity.linkerd.cluster.local" -------------------------------------------------------------------------------- /policy/manifests/booksapp/allow_viz.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1alpha1 3 | kind: AuthorizationPolicy 4 | metadata: 5 | name: allow-viz 6 | namespace: booksapp 7 | spec: 8 | targetRef: 9 | group: policy.linkerd.io 10 | kind: Server 11 | name: linkerd-admin 12 | requiredAuthenticationRefs: 13 | - name: viz-apps 14 | kind: MeshTLSAuthentication 15 | group: policy.linkerd.io 16 | --- 17 | apiVersion: policy.linkerd.io/v1alpha1 18 | kind: MeshTLSAuthentication 19 | metadata: 20 | name: viz-apps 21 | namespace: booksapp 22 | spec: 23 | identities: 24 | - "prometheus.linkerd-viz.serviceaccount.identity.linkerd.cluster.local" 25 | - "tap.linkerd-viz.serviceaccount.identity.linkerd.cluster.local" 26 | - "*.buoyant-cloud.serviceaccount.identity.linkerd.cluster.local" -------------------------------------------------------------------------------- /policy/manifests/booksapp/authors_get_policy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1alpha1 3 | kind: AuthorizationPolicy 4 | metadata: 5 | name: authors-get-policy 6 | namespace: booksapp 7 | spec: 8 | targetRef: 9 | group: policy.linkerd.io 10 | kind: HTTPRoute 11 | name: authors-get-route 12 | requiredAuthenticationRefs: 13 | - name: authors-get-authn 14 | kind: MeshTLSAuthentication 15 | group: policy.linkerd.io 16 | --- 17 | apiVersion: policy.linkerd.io/v1alpha1 18 | kind: MeshTLSAuthentication 19 | metadata: 20 | name: authors-get-authn 21 | namespace: booksapp 22 | spec: 23 | identities: 24 | - "traffic.booksapp.serviceaccount.identity.linkerd.cluster.local" 25 | - "books.booksapp.serviceaccount.identity.linkerd.cluster.local" 26 | - "webapp.booksapp.serviceaccount.identity.linkerd.cluster.local" 27 | - "buoyant-cloud-agent.buoyant-cloud.serviceaccount.identity.linkerd.cluster.local" -------------------------------------------------------------------------------- /policy/manifests/booksapp/authors_get_route.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1beta1 3 | kind: HTTPRoute 4 | metadata: 5 | name: authors-get-route 6 | namespace: booksapp 7 | spec: 8 | parentRefs: 9 | - name: authors 10 | kind: Server 11 | group: policy.linkerd.io 12 | rules: 13 | - matches: 14 | - path: 15 | value: "/authors.json" 16 | method: GET 17 | - path: 18 | value: "/authors/" 19 | type: "PathPrefix" 20 | method: GET -------------------------------------------------------------------------------- /policy/manifests/booksapp/authors_modify_policy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1alpha1 3 | kind: AuthorizationPolicy 4 | metadata: 5 | name: authors-modify-policy 6 | namespace: booksapp 7 | spec: 8 | targetRef: 9 | group: policy.linkerd.io 10 | kind: HTTPRoute 11 | name: authors-modify-route 12 | requiredAuthenticationRefs: 13 | - name: authors-modify-authn 14 | kind: MeshTLSAuthentication 15 | group: policy.linkerd.io 16 | --- 17 | apiVersion: policy.linkerd.io/v1alpha1 18 | kind: MeshTLSAuthentication 19 | metadata: 20 | name: authors-modify-authn 21 | namespace: booksapp 22 | spec: 23 | identities: 24 | - "webapp.booksapp.serviceaccount.identity.linkerd.cluster.local" 25 | - "traffic.booksapp.serviceaccount.identity.linkerd.cluster.local" -------------------------------------------------------------------------------- /policy/manifests/booksapp/authors_modify_route.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1beta1 3 | kind: HTTPRoute 4 | metadata: 5 | name: authors-modify-route 6 | namespace: booksapp 7 | spec: 8 | parentRefs: 9 | - name: authors 10 | kind: Server 11 | group: policy.linkerd.io 12 | rules: 13 | - matches: 14 | - path: 15 | value: "/authors/" 16 | type: "PathPrefix" 17 | method: DELETE 18 | - path: 19 | value: "/authors/" 20 | type: "PathPrefix" 21 | method: POST 22 | - path: 23 | value: "/authors/" 24 | type: "PathPrefix" 25 | method: PUT 26 | - path: 27 | value: "/authors.json" 28 | method: POST -------------------------------------------------------------------------------- /policy/manifests/booksapp/authors_probe.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1beta1 3 | kind: HTTPRoute 4 | metadata: 5 | name: authors-probe-route 6 | namespace: booksapp 7 | spec: 8 | parentRefs: 9 | - name: authors 10 | kind: Server 11 | group: policy.linkerd.io 12 | rules: 13 | - matches: 14 | - path: 15 | value: "/ping" 16 | method: GET 17 | --- 18 | apiVersion: policy.linkerd.io/v1alpha1 19 | kind: NetworkAuthentication 20 | metadata: 21 | name: authors-probe-authn 22 | namespace: booksapp 23 | spec: 24 | networks: 25 | - cidr: 0.0.0.0/0 26 | - cidr: ::/0 27 | --- 28 | apiVersion: policy.linkerd.io/v1alpha1 29 | kind: AuthorizationPolicy 30 | metadata: 31 | name: authors-probe-policy 32 | namespace: booksapp 33 | spec: 34 | targetRef: 35 | group: policy.linkerd.io 36 | kind: HTTPRoute 37 | name: authors-probe-route 38 | requiredAuthenticationRefs: 39 | - name: authors-probe-authn 40 | kind: NetworkAuthentication 41 | group: policy.linkerd.io -------------------------------------------------------------------------------- /policy/manifests/booksapp/authors_server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1beta1 3 | kind: Server 4 | metadata: 5 | namespace: booksapp 6 | name: authors 7 | labels: 8 | app: authors 9 | app.kubernetes.io/part-of: booksapp 10 | project: booksapp 11 | spec: 12 | podSelector: 13 | matchLabels: 14 | app: authors 15 | project: booksapp 16 | port: service 17 | proxyProtocol: HTTP/1 -------------------------------------------------------------------------------- /policy/manifests/booksapp/books_server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1beta1 3 | kind: Server 4 | metadata: 5 | namespace: booksapp 6 | name: books 7 | labels: 8 | app: books 9 | app.kubernetes.io/part-of: booksapp 10 | project: booksapp 11 | spec: 12 | podSelector: 13 | matchLabels: 14 | app: books 15 | project: booksapp 16 | port: service 17 | proxyProtocol: HTTP/1 -------------------------------------------------------------------------------- /policy/manifests/booksapp/webapp_server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1beta1 3 | kind: Server 4 | metadata: 5 | namespace: booksapp 6 | name: webapp 7 | labels: 8 | app: webapp 9 | app.kubernetes.io/part-of: booksapp 10 | project: booksapp 11 | spec: 12 | podSelector: 13 | matchLabels: 14 | app: webapp 15 | project: booksapp 16 | port: service 17 | proxyProtocol: HTTP/1 -------------------------------------------------------------------------------- /policy/manifests/emojivoto-allow-health.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | # Server "admin": matches the admin port for every pod in this namespace 4 | apiVersion: policy.linkerd.io/v1beta1 5 | kind: Server 6 | metadata: 7 | namespace: emojivoto 8 | name: admin 9 | labels: 10 | app.kubernetes.io/part-of: emojivoto 11 | app.kubernetes.io/version: v11 12 | spec: 13 | port: linkerd-admin 14 | podSelector: 15 | matchLabels: {} # every pod 16 | proxyProtocol: HTTP/1 17 | 18 | --- 19 | # ServerAuthorization "admin-everyone": allows unauthenticated access to the 20 | # "admin" Server, so that Kubernetes health checks can get through. 21 | apiVersion: policy.linkerd.io/v1beta1 22 | kind: ServerAuthorization 23 | metadata: 24 | namespace: emojivoto 25 | name: admin-everyone 26 | labels: 27 | app.kubernetes.io/part-of: emojivoto 28 | app.kubernetes.io/version: v11 29 | spec: 30 | server: 31 | name: admin 32 | client: 33 | unauthenticated: true 34 | -------------------------------------------------------------------------------- /policy/manifests/emojivoto-allow-prom.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Server "prom": matches the Prometheus port of the emoji, web, and voting 3 | # services, by selecting over the pods with corresponding app labels. 4 | apiVersion: policy.linkerd.io/v1beta1 5 | kind: Server 6 | metadata: 7 | namespace: emojivoto 8 | name: prom 9 | labels: 10 | app.kubernetes.io/part-of: emojivoto 11 | app.kubernetes.io/version: v11 12 | spec: 13 | port: prom 14 | podSelector: 15 | matchExpressions: 16 | - key: app 17 | operator: In 18 | values: [emoji-svc, web-svc, voting-svc] 19 | proxyProtocol: HTTP/1 20 | 21 | --- 22 | # ServerAuthorization "prom-prometheus": allows unauthenticated traffic to the 23 | # "prom" Server, so that metrics scrapes can come from anywhere. 24 | apiVersion: policy.linkerd.io/v1beta1 25 | kind: ServerAuthorization 26 | metadata: 27 | namespace: emojivoto 28 | name: prom-prometheus 29 | labels: 30 | app.kubernetes.io/part-of: emojivoto 31 | app.kubernetes.io/version: v11 32 | spec: 33 | server: 34 | name: prom 35 | client: 36 | unauthenticated: true 37 | -------------------------------------------------------------------------------- /policy/manifests/emojivoto-policy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Server "emoji-grpc": matches the gRPC port of the emoji service, by selecting 3 | # over pods with the app=emoji-svc label. Has an emojivoto/api=internal-grpc 4 | # label; this is used by a ServerAuthorization below. 5 | apiVersion: policy.linkerd.io/v1beta1 6 | kind: Server 7 | metadata: 8 | namespace: emojivoto 9 | name: emoji-grpc 10 | labels: 11 | app.kubernetes.io/part-of: emojivoto 12 | app.kubernetes.io/name: emoji 13 | app.kubernetes.io/version: v11 14 | app: emoji-svc 15 | emojivoto/api: internal-grpc 16 | spec: 17 | podSelector: 18 | matchLabels: 19 | app: emoji-svc 20 | port: grpc 21 | proxyProtocol: gRPC 22 | 23 | --- 24 | # Server "voting-grpc": matches the gRPC port of the voting service by 25 | # selecting over pods with the app=voting-svc label. Has an 26 | # emojivoto/api=internal-grpc label; this is used by a ServerAuthorization 27 | # below. 28 | apiVersion: policy.linkerd.io/v1beta1 29 | kind: Server 30 | metadata: 31 | namespace: emojivoto 32 | name: voting-grpc 33 | labels: 34 | app: voting-svc 35 | emojivoto/api: internal-grpc 36 | spec: 37 | podSelector: 38 | matchLabels: 39 | app: voting-svc 40 | port: grpc 41 | proxyProtocol: gRPC 42 | 43 | --- 44 | # ServerAuthorization "internal-grpc": matches all Servers with the 45 | # emojivoto/api=internal-grpc label and only allows authenticated traffic from 46 | # the web service (as identified by the ServiceAccount) 47 | apiVersion: policy.linkerd.io/v1beta1 48 | kind: ServerAuthorization 49 | metadata: 50 | namespace: emojivoto 51 | name: internal-grpc 52 | labels: 53 | app.kubernetes.io/part-of: emojivoto 54 | app.kubernetes.io/version: v11 55 | spec: 56 | server: 57 | selector: 58 | matchLabels: 59 | emojivoto/api: internal-grpc 60 | client: 61 | meshTLS: 62 | serviceAccounts: 63 | - name: web 64 | 65 | --- 66 | # Server "web-http": matches the http port for pods in the web service, by 67 | # selecting over the app=web-svc label. 68 | apiVersion: policy.linkerd.io/v1beta1 69 | kind: Server 70 | metadata: 71 | namespace: emojivoto 72 | name: web-http 73 | labels: 74 | app.kubernetes.io/part-of: emojivoto 75 | app.kubernetes.io/name: web 76 | app.kubernetes.io/version: v11 77 | spec: 78 | podSelector: 79 | matchLabels: 80 | app: web-svc 81 | port: http 82 | proxyProtocol: HTTP/1 83 | 84 | --- 85 | # ServerAuthorization "web-public": allows unauthenticated traffic 86 | # to the web-http Server, so that the web service can serve HTTP requests 87 | # to anyone. 88 | apiVersion: policy.linkerd.io/v1beta1 89 | kind: ServerAuthorization 90 | metadata: 91 | namespace: emojivoto 92 | name: web-public 93 | labels: 94 | app.kubernetes.io/part-of: emojivoto 95 | app.kubernetes.io/name: web 96 | app.kubernetes.io/version: v11 97 | spec: 98 | server: 99 | name: web-http 100 | client: 101 | unauthenticated: true 102 | networks: 103 | - cidr: 0.0.0.0/0 104 | - cidr: ::/0 105 | -------------------------------------------------------------------------------- /policy/manifests/voting_authorization_policy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1alpha1 3 | kind: AuthorizationPolicy 4 | metadata: 5 | name: voting-grpc 6 | namespace: emojivoto 7 | labels: 8 | app.kubernetes.io/part-of: emojivoto 9 | app.kubernetes.io/name: voting 10 | spec: 11 | targetRef: 12 | group: policy.linkerd.io 13 | kind: Server 14 | name: voting-grpc 15 | requiredAuthenticationRefs: 16 | - name: web 17 | kind: ServiceAccount -------------------------------------------------------------------------------- /policy/manifests/voting_server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy.linkerd.io/v1beta1 3 | kind: Server 4 | metadata: 5 | namespace: emojivoto 6 | name: voting-grpc 7 | labels: 8 | app: voting-svc 9 | spec: 10 | podSelector: 11 | matchLabels: 12 | app: voting-svc 13 | port: grpc 14 | proxyProtocol: gRPC -------------------------------------------------------------------------------- /policy/steps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | source ../demo-magic.sh 3 | clear 4 | 5 | ## Cluster setup 6 | k3d cluster delete pol > /dev/null 2>&1 || true 7 | k3d cluster create pol > /dev/null 2>&1 8 | 9 | ## Linkerd 10 | linkerd install --crds | kubectl apply -f - 11 | linkerd install | kubectl apply -f - 12 | linkerd check 13 | helm install grafana -n grafana --create-namespace grafana/grafana \ 14 | -f https://raw.githubusercontent.com/linkerd/linkerd2/main/grafana/values.yaml \ 15 | --wait 16 | linkerd viz install --set grafana.url=grafana.grafana:3000 | kubectl apply -f - 17 | linkerd check 18 | 19 | ## Load up Booksapp 20 | # curl -sL run.linkerd.io/emojivoto.yml | kubectl apply -f - 21 | kubectl create ns booksapp && \ 22 | curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/booksapp.yml \ 23 | | kubectl -n booksapp apply -f - 24 | 25 | clear 26 | # Start the actual demo here 27 | ## Inject booksapp 28 | pe "kubectl get deploy -n booksapp -o yaml | linkerd inject - | kubectl apply -f -" 29 | wait 30 | clear 31 | 32 | ## Look around 33 | #Things mostly work 34 | pe "linkerd viz stat deploy -n booksapp" 35 | wait 36 | clear 37 | 38 | 39 | # No effective policies 40 | # pe "linkerd viz authz -n booksapp deployment" 41 | # wait 42 | # clear 43 | 44 | ## Harden our ns 45 | ### Default deny 46 | ### Configure a deny policy for booksapp 47 | pe 'kubectl annotate ns booksapp config.linkerd.io/default-inbound-policy=deny' 48 | wait 49 | clear 50 | 51 | pe 'kubectl get pods -n booksapp' 52 | wait 53 | clear 54 | 55 | # pe "linkerd viz authz -n booksapp deployment" 56 | # wait 57 | # clear 58 | 59 | pe "linkerd viz stat deploy -n booksapp" 60 | wait 61 | clear 62 | 63 | # Traffic is still there 64 | ## Apps still restart thanks to default exemptions for health checks 65 | pe 'kubectl rollout restart -n booksapp deploy' 66 | wait 67 | clear 68 | 69 | # Now traffic is gone 70 | ## Alternately watch the traffic 71 | # pe "linkerd viz authz -n booksapp deployment" 72 | # wait 73 | # clear 74 | 75 | # pe "linkerd viz stat deploy -n booksapp" 76 | # wait 77 | # clear 78 | 79 | ### Allow admin traffic 80 | pe "kubectl apply -f manifests/booksapp/admin_server.yaml" 81 | wait 82 | clear 83 | 84 | pe "kubectl apply -f manifests/booksapp/allow_viz.yaml" 85 | wait 86 | clear 87 | 88 | pe "bat -l yaml manifests/booksapp/admin_server.yaml" 89 | wait 90 | clear 91 | 92 | pe "bat -l yaml manifests/booksapp/allow_viz.yaml" 93 | wait 94 | clear 95 | 96 | ### Allow app traffic 97 | pe "kubectl apply -f manifests/booksapp/authors_server.yaml" 98 | wait 99 | clear 100 | 101 | pe "kubectl apply -f manifests/booksapp/books_server.yaml" 102 | wait 103 | clear 104 | 105 | pe "kubectl apply -f manifests/booksapp/webapp_server.yaml" 106 | wait 107 | clear 108 | 109 | pe "kubectl apply -f manifests/booksapp/allow_namespace.yaml" 110 | wait 111 | clear 112 | 113 | pe "bat -l yaml manifests/booksapp/authors_server.yaml" 114 | wait 115 | clear 116 | 117 | pe "bat -l yaml manifests/booksapp/allow_namespace.yaml " 118 | wait 119 | clear 120 | 121 | ### No Traffic app? no ports! 122 | 123 | # HTTPRoutes, Locking down who can do what with our books 124 | ## switch from watching traffic to watching pods 125 | pe "kubectl apply -f manifests/booksapp/authors_get_route.yaml" 126 | wait 127 | clear 128 | ## wait a minute for authors to become unready 129 | 130 | ## App should become unready 131 | 132 | pe 'kubectl apply -f manifests/booksapp/authors_get_policy.yaml' 133 | wait 134 | clear 135 | 136 | ## Lets fix our busted health checks, no more default routes 137 | 138 | pe 'kubectl apply -f manifests/booksapp/authors_probe.yaml' 139 | wait 140 | clear 141 | ## wait a minute for authors to become ready 142 | ### Check readiness 143 | 144 | ## Check app 145 | 146 | ### Looks good 147 | ### Can't update books 148 | 149 | pe 'kubectl apply -f manifests/booksapp/authors_modify_route.yaml' 150 | wait 151 | clear 152 | 153 | pe 'kubectl apply -f manifests/booksapp/authors_modify_policy.yaml' 154 | wait 155 | clear 156 | -------------------------------------------------------------------------------- /service_profiles/source/emojivoto.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JasonMorgan/linkerd-demos/e9ece91eff48e3171b729f4e85678d870d68b2e2/service_profiles/source/emojivoto.yaml -------------------------------------------------------------------------------- /service_profiles/source/podinfo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: linkerd.io/v1alpha2 2 | kind: ServiceProfile 3 | metadata: 4 | creationTimestamp: null 5 | name: podinfo.podinfo.svc.cluster.local 6 | namespace: podinfo 7 | spec: 8 | routes: 9 | - condition: 10 | method: GET 11 | pathRegex: / 12 | name: GET / 13 | responseClasses: 14 | - condition: 15 | status: 16 | max: 200 17 | min: 200 18 | - condition: 19 | method: POST 20 | pathRegex: /api/echo 21 | name: POST /api/echo 22 | responseClasses: 23 | - condition: 24 | status: 25 | max: 202 26 | min: 202 27 | - condition: 28 | method: GET 29 | pathRegex: /api/info 30 | name: GET /api/info 31 | responseClasses: 32 | - condition: 33 | status: 34 | max: 200 35 | min: 200 36 | - condition: 37 | method: DELETE 38 | pathRegex: /cache/[^/]* 39 | name: DELETE /cache/{key} 40 | responseClasses: 41 | - condition: 42 | status: 43 | max: 202 44 | min: 202 45 | - condition: 46 | method: GET 47 | pathRegex: /cache/[^/]* 48 | name: GET /cache/{key} 49 | responseClasses: 50 | - condition: 51 | status: 52 | max: 200 53 | min: 200 54 | - condition: 55 | method: POST 56 | pathRegex: /cache/[^/]* 57 | name: POST /cache/{key} 58 | responseClasses: 59 | - condition: 60 | status: 61 | max: 202 62 | min: 202 63 | - condition: 64 | method: GET 65 | pathRegex: /chunked/[^/]* 66 | name: GET /chunked/{seconds} 67 | responseClasses: 68 | - condition: 69 | status: 70 | max: 200 71 | min: 200 72 | - condition: 73 | method: GET 74 | pathRegex: /delay/[^/]* 75 | name: GET /delay/{seconds} 76 | responseClasses: 77 | - condition: 78 | status: 79 | max: 200 80 | min: 200 81 | - condition: 82 | method: GET 83 | pathRegex: /env 84 | name: GET /env 85 | responseClasses: 86 | - condition: 87 | status: 88 | max: 200 89 | min: 200 90 | - condition: 91 | method: GET 92 | pathRegex: /headers 93 | name: GET /headers 94 | responseClasses: 95 | - condition: 96 | status: 97 | max: 200 98 | min: 200 99 | - condition: 100 | method: GET 101 | pathRegex: /healthz 102 | name: GET /healthz 103 | responseClasses: 104 | - condition: 105 | status: 106 | max: 200 107 | min: 200 108 | - condition: 109 | method: GET 110 | pathRegex: /metrics 111 | name: GET /metrics 112 | responseClasses: 113 | - condition: 114 | status: 115 | max: 200 116 | min: 200 117 | - condition: 118 | method: GET 119 | pathRegex: /panic 120 | name: GET /panic 121 | - condition: 122 | method: GET 123 | pathRegex: /readyz 124 | name: GET /readyz 125 | responseClasses: 126 | - condition: 127 | status: 128 | max: 200 129 | min: 200 130 | - condition: 131 | method: POST 132 | pathRegex: /readyz/disable 133 | name: POST /readyz/disable 134 | responseClasses: 135 | - condition: 136 | status: 137 | max: 202 138 | min: 202 139 | - condition: 140 | method: POST 141 | pathRegex: /readyz/enable 142 | name: POST /readyz/enable 143 | responseClasses: 144 | - condition: 145 | status: 146 | max: 202 147 | min: 202 148 | - condition: 149 | method: GET 150 | pathRegex: /status/[^/]* 151 | name: GET /status/{code} 152 | responseClasses: 153 | - condition: 154 | status: 155 | max: 200 156 | min: 200 157 | - condition: 158 | method: POST 159 | pathRegex: /store 160 | name: POST /store 161 | responseClasses: 162 | - condition: 163 | status: 164 | max: 200 165 | min: 200 166 | - condition: 167 | method: GET 168 | pathRegex: /store/[^/]* 169 | name: GET /store/{hash} 170 | responseClasses: 171 | - condition: 172 | status: 173 | max: 200 174 | min: 200 175 | - condition: 176 | method: POST 177 | pathRegex: /token 178 | name: POST /token 179 | responseClasses: 180 | - condition: 181 | status: 182 | max: 200 183 | min: 200 184 | - condition: 185 | method: POST 186 | pathRegex: /token/validate 187 | name: POST /token/validate 188 | responseClasses: 189 | - condition: 190 | status: 191 | max: 200 192 | min: 200 193 | - condition: 194 | status: 195 | max: 401 196 | min: 401 197 | - condition: 198 | method: GET 199 | pathRegex: /version 200 | name: GET /version 201 | responseClasses: 202 | - condition: 203 | status: 204 | max: 200 205 | min: 200 206 | - condition: 207 | method: POST 208 | pathRegex: /ws/echo 209 | name: POST /ws/echo 210 | responseClasses: 211 | - condition: 212 | status: 213 | max: 202 214 | min: 202 215 | -------------------------------------------------------------------------------- /service_profiles/steps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/env bash 2 | 3 | source ../demo-magic.sh 4 | clear 5 | 6 | pe "kubectl create ns booksapp" 7 | wait 8 | clear 9 | 10 | pe "curl -sL https://run.linkerd.io/booksapp.yml | kubectl -n booksapp apply -f -" 11 | wait 12 | clear 13 | 14 | pe "kubectl -n booksapp port-forward svc/webapp 7000" 15 | wait 16 | clear 17 | 18 | pe "kubectl get deploy -n booksapp -o yaml | linkerd inject - | kubectl apply -f -" 19 | wait 20 | clear 21 | 22 | pe "curl -sL https://run.linkerd.io/booksapp/webapp.swagger | linkerd -n booksapp profile --open-api - webapp" 23 | wait 24 | clear 25 | 26 | pe "curl -sL https://run.linkerd.io/booksapp/webapp.swagger | linkerd -n booksapp profile --open-api - webapp | kubectl -n booksapp apply -f -" 27 | wait 28 | clear 29 | 30 | pe "curl -sL https://run.linkerd.io/booksapp/authors.swagger | linkerd -n booksapp profile --open-api - authors | kubectl -n booksapp apply -f -" 31 | wait 32 | clear 33 | 34 | pe "curl -sL https://run.linkerd.io/booksapp/books.swagger | linkerd -n booksapp profile --open-api - books | kubectl -n booksapp apply -f -" 35 | wait 36 | clear 37 | 38 | # pe "linkerd viz tap -n booksapp deploy/webapp -o wide | grep req" 39 | # wait 40 | # clear 41 | 42 | pe "linkerd viz -n booksapp routes svc/webapp" 43 | # wait 44 | # clear 45 | 46 | pe "linkerd viz -n booksapp routes deploy/webapp --to svc/books" 47 | # wait 48 | # clear 49 | 50 | pe "linkerd viz -n booksapp routes deploy/books --to svc/authors" 51 | wait 52 | clear 53 | 54 | pe "kubectl -n booksapp edit sp/authors.booksapp.svc.cluster.local" 55 | wait 56 | clear 57 | 58 | pe "linkerd viz -n booksapp routes deploy/books --to svc/authors -o wide" 59 | wait 60 | clear 61 | 62 | pe "linkerd viz -n booksapp routes deploy/webapp --to svc/books" 63 | wait 64 | clear 65 | 66 | pe "kubectl -n booksapp edit sp/books.booksapp.svc.cluster.local" 67 | wait 68 | clear 69 | 70 | pe "linkerd viz -n booksapp routes deploy/webapp --to svc/books -o wide" 71 | wait 72 | clear 73 | 74 | # pe "" 75 | # wait 76 | # clear -------------------------------------------------------------------------------- /tap-tap/steps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/env bash 2 | # shellcheck source=demo-magic.sh 3 | . ../demo-magic.sh 4 | 5 | k3d cluster delete tap &>/dev/null 6 | k3d cluster create tap -p "8080:80@loadbalancer" -p "8443:443@loadbalancer" --k3s-server-arg '--no-deploy=traefik' > /dev/null 2>&1 7 | kubectl ns default 8 | curl -sL https://run.linkerd.io/install | sh 9 | linkerd install | kubectl apply -f - && linkerd check 10 | linkerd viz install | kubectl apply -f - && linkerd viz check 11 | curl -sL https://run.linkerd.io/emojivoto.yml | linkerd inject - | kubectl apply -f - 12 | kubectl create ns booksapp 13 | curl -sL https://run.linkerd.io/booksapp.yml | linkerd inject - | kubectl apply -n booksapp -f - 14 | kubectl apply -f ~/git_repos/jasonmorgan/linkerd-demos/101/service_profiles/source/booksapp.yaml 15 | 16 | kubectl apply -f ~/git_repos/jasonmorgan/linkerd-demos/101/service_profiles/source/booksapp.yaml 17 | 18 | clear 19 | 20 | pe "kubectl get nodes" 21 | wait 22 | clear 23 | 24 | pe "linkerd check" 25 | wait 26 | clear 27 | 28 | pe "linkerd viz stat namespace" 29 | wait 30 | clear 31 | 32 | pe "linkerd viz stat deployment -n emojivoto" 33 | wait 34 | clear 35 | 36 | pe "linkerd viz top -n emojivoto deploy/web" 37 | wait 38 | clear 39 | 40 | pe "linkerd viz top -n emojivoto deploy/voting" 41 | wait 42 | clear 43 | 44 | pe "linkerd viz tap deployment/web -n emojivoto --to deployment/voting --path / | less" 45 | wait 46 | clear 47 | 48 | pe "linkerd viz tap deployment/web -n emojivoto --to deployment/voting --path /emojivoto.v1.VotingService/VoteDoughnut | less" 49 | wait 50 | clear 51 | 52 | pe "linkerd viz tap deployment/web -n emojivoto --to deployment/voting --path /emojivoto.v1.VotingService/VoteDoughnut -o json | less" 53 | wait 54 | clear 55 | 56 | pe "linkerd profile --proto ~/git_repos/buoyant/emojivoto/proto/Emoji.proto emoji-svc -n emojivoto" 57 | wait 58 | clear 59 | 60 | pe "linkerd profile --proto ~/git_repos/buoyant/emojivoto/proto/Emoji.proto emoji-svc -n emojivoto | kubectl apply -f -" 61 | wait 62 | clear 63 | 64 | pe "linkerd profile --proto ~/git_repos/buoyant/emojivoto/proto/Voting.proto voting-svc -n emojivoto | kubectl apply -f -" 65 | wait 66 | clear 67 | 68 | pe "linkerd viz profile -n emojivoto web-svc --tap deploy/web --tap-duration 10s | kubectl apply -f -" 69 | wait 70 | clear 71 | 72 | p "Let's go checkout to the dashboard!" 73 | wait 74 | clear 75 | 76 | # pe "linkerd viz tap -n booksapp deploy/webapp -o wide | grep req" 77 | # wait 78 | # clear 79 | 80 | pe "linkerd viz -n booksapp routes svc/webapp" 81 | # wait 82 | # clear 83 | pe "linkerd viz -n booksapp routes deploy/webapp --to svc/authors" 84 | 85 | pe "linkerd viz -n booksapp routes deploy/webapp --to svc/books" 86 | # wait 87 | # clear 88 | 89 | pe "linkerd viz -n booksapp routes deploy/books --to svc/authors" 90 | wait 91 | clear 92 | 93 | pe "kubectl -n booksapp edit sp/authors.booksapp.svc.cluster.local" 94 | wait 95 | clear 96 | 97 | pe "watch linkerd viz -n booksapp routes deploy/books --to svc/authors -o wide" 98 | wait 99 | clear 100 | 101 | pe "watch linkerd viz -n booksapp routes deploy/webapp --to svc/books" 102 | wait 103 | clear -------------------------------------------------------------------------------- /telepresence/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JasonMorgan/linkerd-demos/e9ece91eff48e3171b729f4e85678d870d68b2e2/telepresence/README.md -------------------------------------------------------------------------------- /telepresence/steps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/env bash 2 | source ../demo-magic.sh 3 | 4 | 5 | # k3d cluster delete telepresence > /dev/null 2>&1 || true 6 | # k3d cluster create telepresence -p "8080:80@loadbalancer" -p "8443:443@loadbalancer" --k3s-server-arg '--no-deploy=traefik' > /dev/null 2>&1 7 | civo k8s delete tele -y 8 | civo kubernetes create tele -n 3 -s g3.k3s.small -w -y 9 | 10 | civo kubernetes config tele -sym 11 | 12 | kubectl ctx tele 13 | 14 | # kubectl ns default 15 | 16 | clear 17 | 18 | pe "helm repo add datawire https://www.getambassador.io" 19 | wait 20 | clear 21 | 22 | pe "kubectl create namespace ambassador && helm install ambassador --namespace ambassador datawire/ambassador --set replicaCount=1 && kubectl -n ambassador wait --for condition=available --timeout=90s deploy -lproduct=aes" 23 | wait 24 | clear 25 | 26 | pe "helm install traffic-manager --namespace ambassador datawire/telepresence" 27 | wait 28 | clear 29 | 30 | pe "kubectl ns ambassador" 31 | wait 32 | clear 33 | 34 | pe "kubectl get pods" 35 | wait 36 | clear 37 | 38 | pe "curl -sL https://run.linkerd.io/install | sh" 39 | wait 40 | clear 41 | 42 | pe "export PATH=\$PATH:\$HOME/.linkerd2/bin" 43 | clear 44 | 45 | pe "linkerd version" 46 | wait 47 | clear 48 | 49 | pe "linkerd check --pre" 50 | wait 51 | clear 52 | 53 | pe "linkerd install | kubectl apply -f - && linkerd check" 54 | wait 55 | clear 56 | 57 | pe "linkerd viz install | kubectl apply -f - && linkerd viz check" 58 | wait 59 | clear 60 | 61 | pe "curl -sL https://run.linkerd.io/emojivoto.yml | kubectl apply -f -" 62 | wait 63 | clear 64 | 65 | # pe "telepresence connect" 66 | # wait 67 | # clear 68 | 69 | ## Browse some shit 70 | 71 | pe "kubectl get deploy -n ambassador ambassador -o yaml | linkerd inject --skip-inbound-ports \"80,443\" - | kubectl apply -f -" 72 | wait 73 | clear 74 | 75 | pe "kubectl get deploy -n ambassador traffic-manager -o yaml | linkerd inject - | kubectl apply -f -" 76 | wait 77 | clear 78 | 79 | pe "kubectl get deploy -n emojivoto -o yaml | linkerd inject - | kubectl apply -f -" 80 | wait 81 | clear 82 | 83 | pe "linkerd viz dashboard" 84 | wait 85 | clear 86 | 87 | p 'fin' 88 | wait -------------------------------------------------------------------------------- /upgrading/2.11/steps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/env bash 2 | source ../../demo-magic.sh 3 | clear 4 | 5 | k3d cluster delete linkerd > /dev/null 2>&1 || true 6 | k3d cluster create linkerd --k3s-arg '--no-deploy=traefik@server:*;agents:*' 7 | curl -sL https://run.linkerd.io/emojivoto.yml | kubectl apply -f - 8 | k create ns booksapp 9 | curl -sL https://run.linkerd.io/booksapp.yml | kubectl apply -n booksapp -f - 10 | cd ~/tmp/ca 11 | wait 12 | clear 13 | 14 | pe "helm install linkerd linkerd/linkerd2 --set-file identityTrustAnchorsPEM=root.crt --set-file identity.issuer.tls.crtPEM=issuer.nyc.crt --set-file identity.issuer.tls.keyPEM=issuer.nyc.key --version 2.11.1" 15 | wait 16 | clear 17 | 18 | pe "linkerd check" 19 | wait 20 | clear 21 | 22 | pe "helm install linkerd-dashboard linkerd/linkerd-viz --version 2.11.1" 23 | wait 24 | clear 25 | 26 | pe "linkerd check" 27 | wait 28 | clear 29 | 30 | pe "linkerd viz dashboard" 31 | wait 32 | clear 33 | 34 | pe "k get deploy -n emojivoto -o yaml | linkerd inject - | k apply -f -" 35 | wait 36 | clear 37 | 38 | pe "helm upgrade linkerd linkerd/linkerd2 --version 2.11.2 -n default" 39 | wait 40 | clear 41 | 42 | pe "helm upgrade linkerd-dashboard linkerd/linkerd-viz --version 2.11.2 -n default" 43 | wait 44 | clear 45 | 46 | pe "kubectl rollout restart deployment -n emojivoto" 47 | wait 48 | clear 49 | 50 | pe "linkerd viz dashboard" 51 | wait 52 | clear 53 | -------------------------------------------------------------------------------- /upgrading/9to10.sh: -------------------------------------------------------------------------------- 1 | #!/bin/env bash 2 | source ../demo-magic.sh 3 | clear 4 | 5 | k3d cluster delete myapp > /dev/null 2>&1 || true 6 | k3d cluster create myapp -p "8081:80@loadbalancer" 7 | rm ~/.linkerd2/bin/linkerd-stable-2.9.4 > /dev/null 2>&1 || true 8 | rm ~/.linkerd2/bin/linkerd-stable-2.10.0 > /dev/null 2>&1 || true 9 | export LINKERD2_VERSION=stable-2.9.4 ; curl -sL https://run.linkerd.io/install | sh # > /dev/null 2>&1 || true 10 | unset LINKERD2_VERSION 11 | wait 12 | clear 13 | kubectl create ns booksapp 14 | kubectl ns booksapp 15 | kubectl apply -f ~/git_repos/buoyant/booksapp/k8s/mysql-backend.yml 16 | kubectl apply -f ~/git_repos/buoyant/booksapp/k8s/mysql-app.yml 17 | kubectl apply -f artifacts/ 18 | wait 19 | linkerd install | kubectl apply -f - 20 | linkerd check 21 | kubectl get deploy -n booksapp -o yaml | linkerd inject - | kubectl apply -f - 22 | kubectl get deploy -n kube-system -o yaml traefik | linkerd inject - | kubectl apply -f - 23 | curl -sL https://run.linkerd.io/booksapp/webapp.swagger | linkerd -n booksapp profile --open-api - webapp | kubectl -n booksapp apply -f - 24 | curl -sL https://run.linkerd.io/booksapp/authors.swagger | linkerd -n booksapp profile --open-api - authors | kubectl -n booksapp apply -f - 25 | curl -sL https://run.linkerd.io/booksapp/books.swagger | linkerd -n booksapp profile --open-api - books | kubectl -n booksapp apply -f - 26 | wait 27 | clear 28 | 29 | pe "linkerd version" 30 | wait 31 | clear 32 | 33 | pe "linkerd check" 34 | wait 35 | clear 36 | 37 | pe "curl -sL https://run.linkerd.io/install | sh" 38 | wait 39 | clear 40 | 41 | pe "linkerd version" 42 | wait 43 | clear 44 | 45 | pe "linkerd upgrade | kubectl apply --prune -l linkerd.io/control-plane-ns=linkerd -f -" 46 | wait 47 | clear 48 | 49 | pe "linkerd upgrade | kubectl apply --prune -l linkerd.io/control-plane-ns=linkerd \ 50 | --prune-whitelist=rbac.authorization.k8s.io/v1/clusterrole \ 51 | --prune-whitelist=rbac.authorization.k8s.io/v1/clusterrolebinding \ 52 | --prune-whitelist=apiregistration.k8s.io/v1/apiservice -f -" 53 | wait 54 | clear 55 | 56 | pe "linkerd check" 57 | wait 58 | clear 59 | 60 | pe "linkerd viz install | kubectl apply -f -" 61 | wait 62 | clear 63 | 64 | pe "linkerd viz check" 65 | wait 66 | clear 67 | 68 | pe "kubectl rollout restart deployment -n booksapp" 69 | wait 70 | clear 71 | 72 | pe "linkerd viz dashboard" 73 | wait 74 | clear -------------------------------------------------------------------------------- /upgrading/artifacts/books.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: networking.k8s.io/v1beta1 # for k3s < v1.19 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: books 6 | namespace: booksapp 7 | annotations: 8 | ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: webapp 18 | port: 19 | number: 7000 20 | --------------------------------------------------------------------------------