├── .gitignore ├── Makefile ├── README.md ├── dependencies.sh ├── deploy ├── resources │ ├── istio │ │ ├── 1.1.4 │ │ │ ├── istio-init.yaml │ │ │ ├── istio.yaml │ │ │ └── service │ │ │ │ └── mandatory │ │ │ │ └── namespace.yaml │ │ └── 1.1.5 │ │ │ ├── istio-init.yaml │ │ │ ├── istio.yaml │ │ │ └── service │ │ │ └── mandatory │ │ │ └── namespace.yaml │ └── policy │ │ ├── istio │ │ ├── base │ │ │ ├── demo.yml │ │ │ ├── dr.yaml │ │ │ └── gw.yaml │ │ ├── canary │ │ │ ├── vs.100-v1.yaml │ │ │ ├── vs.90-v1-with-retry.yaml │ │ │ └── vs.90-v1.yaml │ │ └── observability │ │ │ ├── grafana.yml │ │ │ ├── jaeger.yml │ │ │ ├── kiali.yml │ │ │ └── prometheus.yml │ │ ├── microservice-v1 │ │ ├── deployment.yaml │ │ └── service.yaml │ │ ├── microservice-v2 │ │ └── deployment.yaml │ │ ├── microservice-v3 │ │ └── deployment.yaml │ │ ├── nginx │ │ └── nginx.conf │ │ └── webapp │ │ ├── deployment.yaml │ │ └── service.yaml └── values │ └── istio │ ├── 1.1.4 │ └── values.yaml │ └── 1.1.5 │ └── values.yaml ├── helm └── microservice │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── deployment.yaml │ └── service.yaml │ ├── values.v1.yaml │ └── values.v2.yaml ├── hosts ├── init_kube.sh ├── microservice ├── .gitignore ├── .gradle │ └── 4.8.1 │ │ └── fileHashes │ │ ├── fileHashes.bin │ │ └── fileHashes.lock ├── Dockerfile ├── build.gradle ├── caches │ ├── 4.10 │ │ ├── file-changes │ │ │ └── last-build.bin │ │ ├── fileHashes │ │ │ └── fileHashes.lock │ │ ├── gc.properties │ │ ├── md-rule │ │ │ └── md-rule.lock │ │ └── md-supplier │ │ │ └── md-supplier.lock │ ├── jars-3 │ │ └── gc.properties │ ├── journal-1 │ │ ├── file-access.properties │ │ └── journal-1.lock │ ├── modules-2 │ │ └── gc.properties │ └── transforms-1 │ │ ├── gc.properties │ │ └── transforms-1.lock ├── daemon │ └── 4.10 │ │ ├── daemon-16768.out.log │ │ ├── registry.bin │ │ └── registry.bin.lock ├── docker-compose.yaml ├── gradle │ └── wrapper │ │ ├── gradle-wrapper.jar │ │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── native │ ├── 25 │ │ └── osx-amd64 │ │ │ ├── libnative-platform-curses.dylib │ │ │ ├── libnative-platform-curses.dylib.lock │ │ │ ├── libnative-platform.dylib │ │ │ └── libnative-platform.dylib.lock │ └── jansi │ │ └── 1.14 │ │ └── osx │ │ └── libjansi.jnilib ├── notifications │ └── 4.10 │ │ └── release-features.rendered ├── settings.gradle └── src │ ├── main │ ├── java │ │ └── com │ │ │ └── istiodemo │ │ │ └── demo │ │ │ ├── Color.java │ │ │ └── DemoApplication.java │ └── resources │ │ └── application.yaml │ └── test │ └── java │ └── com │ └── istiodemo │ └── demo │ └── DemoApplicationTests.java └── webapp ├── .babelrc ├── .eslintignore ├── .eslintrc ├── .gitignore ├── .nvmrc ├── Dockerfile ├── LICENSE ├── app ├── App.css ├── App.js ├── App.test.js └── index.js ├── assets ├── bad.png ├── bad.svg ├── canary-90-10.vs.yaml ├── canary.dr.yaml ├── canary.vs.yaml ├── city.jpg ├── deck.example ├── digio-logo.svg ├── example.code.js ├── favicon.ico ├── favicon.png ├── formidable-logo.svg ├── github.svg ├── gw.yaml ├── interactive.js ├── istio-icon-2.png ├── istio-icon.svg ├── jbhifi-logo.svg ├── kat.png ├── logo.svg ├── logo3.svg ├── markdown.png └── nab-logo.svg ├── components └── Architecture │ ├── images │ ├── background.svg │ ├── client.svg │ ├── ingress.svg │ └── microservices.svg │ ├── index.jsx │ └── style.js ├── favicon.ico ├── index.html ├── index.js ├── nginx.conf ├── package-lock.json ├── package.json ├── presentation ├── Meetup Slides.pdf └── index.js ├── server.js ├── webpack.config.js ├── webpack.config.production.js ├── yarn-error.log └── yarn.lock /.gitignore: -------------------------------------------------------------------------------- 1 | istio-1* 2 | .DS_Store 3 | node_modules 4 | npm-debug.log 5 | dist 6 | /istio-*/ 7 | .gradle 8 | dist -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | SHELL := /bin/bash 2 | .PHONY: help 3 | # COLORS 4 | GREEN := $(shell tput -Txterm setaf 2) 5 | YELLOW := $(shell tput -Txterm setaf 3) 6 | WHITE := $(shell tput -Txterm setaf 7) 7 | RESET := $(shell tput -Txterm sgr0) 8 | 9 | ISTIO_VERSION=1.1.5 10 | TARGET_MAX_CHAR_NUM=20 11 | ## install dependencies 12 | install: fetch.infra 13 | yarn 14 | sh dependencies.sh 15 | sh init_kube.sh 16 | fetch.infra: 17 | ifeq (,$(wildcard istio-${ISTIO_VERSION})) 18 | cd deploy/charts/; curl -L https://git.io/getLatestIstio | sh - 19 | endif 20 | 21 | define wait_for_ns_termination 22 | @printf "🌀 removing $(1) namespace"; 23 | @while [ "$$(kubectl get namespace $(1) > /dev/null 2>&1; echo $$?)" = "0" ]; do printf "."; sleep 2; done; 24 | @printf " ✅\n"; 25 | endef 26 | 27 | define wait_for_deployment 28 | @printf "🌀 waiting for deployment $(2) to complete"; 29 | @until kubectl get deployment -n $(1) "$(2)" -o jsonpath='{.status.conditions[?(@.type=="Available")].status}' | grep -q True ; do printf "."; sleep 2 ; done; 30 | @printf " ✅\n"; 31 | endef 32 | define wait_for_istio_control_plane 33 | $(call wait_for_deployment,istio-system,istio-citadel) 34 | $(call wait_for_deployment,istio-system,istio-galley) 35 | $(call wait_for_deployment,istio-system,istio-policy) 36 | $(call wait_for_deployment,istio-system,istio-pilot) 37 | $(call wait_for_deployment,istio-system,istio-sidecar-injector) 38 | $(call wait_for_deployment,istio-system,istio-telemetry) 39 | endef 40 | init-nginx: 41 | cp policy/nginx/nginx.conf /usr/local/etc/nginx/nginx.conf 42 | sudo nginx -s stop; sudo nginx 43 | 44 | 45 | restart-nginx: 46 | sudo nginx -s stop; sudo nginx 47 | ## raw gradle build 48 | gradle-build: 49 | gradle build -p microservice 50 | ## build docker container 51 | build: 52 | docker build -t demo webapp/ 53 | ## build docker container 54 | push: 55 | docker-compose -f microservice/docker-compose.yaml push 56 | ## install helm 57 | helm-install: 58 | brew install kubernetes-helm 59 | ## check mtls status 60 | show-mtls: 61 | ./deploy/charts/istio-${ISTIO_VERSION}/bin/istioctl authn tls-check 62 | ## show proxy synchronization status 63 | proxy-status: 64 | ./deploy/charts/istio-${ISTIO_VERSION}/bin/istioctl proxy-status 65 | ## label namespace 66 | label-namespace: 67 | # kubectl create namespace development 68 | kubectl label namespace development istio-injection=enabled 69 | kubectl get namespace -L istio-injection 70 | ## initialise kubernetes 71 | initialise: 72 | cd deploy/charts; curl -L https://git.io/getLatestIstio | sh - 73 | sh init_kube.sh 74 | 75 | ## delete all resources 76 | clean: 77 | kubectl delete --ignore-not-found=true namespace istio-system 78 | kubectl delete --ignore-not-found=true namespace development 79 | ## microservice policy 80 | microservice-policy: 81 | kubectl apply -f policy/istio/base 82 | kubectl apply -f policy/istio/canary 83 | kubectl apply -f policy/istio/canary/vs.100-v1.yaml 84 | ## enable-retries 85 | retry.enable: 86 | kubectl apply -f policy/istio/canary/vs.90-v1-with-retry.yaml 87 | ## disable-retries 88 | retry.disable: 89 | kubectl apply -f policy/istio/canary/vs.90-v1.yaml 90 | ## reapply istio policies 91 | refresh-policy: 92 | kubectl --ignore-not-found=true delete -f policy/istio/base 93 | kubectl --ignore-not-found=true delete -f policy/istio/canary 94 | kubectl apply -f policy/istio/base 95 | kubectl apply -f policy/istio/canary/vs.100-v1.yaml 96 | ## deploy canary with a 90-10 split 97 | deploy.canary: 98 | kubectl apply -f deploy/resources/policy/istio/canary/vs.90-v1.yaml 99 | deploy.canary.retry: 100 | kubectl apply -f deploy/resources/policy/istio/canary/vs.90-v1-with-retry.yaml 101 | ## rollback canary deployment 102 | rollback.canary: 103 | kubectl apply -f deploy/resources/policy/istio/canary/vs.100-v1.yaml 104 | install-ingress: 105 | kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml 106 | kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml 107 | kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml 108 | get-ingress-nodeport: 109 | echo "export NODE_PORT="`kubectl -n ingress-nginx get service ingress-nginx -o jsonpath='{.spec.ports[?(@.name=="http")].nodePort}'` 110 | 111 | traffic: 112 | siege -t 1H -r 2 --delay 0.1 -c 2 -v api.demo/color 113 | # siege -t 100 -r 10 -c 2 -v demo.local/color 114 | ## install istio control plane 115 | istio.install: 116 | kubectl apply -f deploy/resources/istio/${ISTIO_VERSION}/service/mandatory/namespace.yaml 117 | helm template deploy/charts/istio-${ISTIO_VERSION}/install/kubernetes/helm/istio-init --name istio-init --namespace istio-system > deploy/resources/istio/${ISTIO_VERSION}/istio-init.yaml 118 | kubectl apply -f deploy/resources/istio/${ISTIO_VERSION}/istio-init.yaml 119 | sleep 20 120 | helm template deploy/charts/istio-${ISTIO_VERSION}/install/kubernetes/helm/istio --name istio --namespace istio-system -f deploy/values/istio/${ISTIO_VERSION}/values.yaml > deploy/resources/istio/${ISTIO_VERSION}/istio.yaml 121 | kubectl apply -f deploy/resources/istio/${ISTIO_VERSION}/istio.yaml 122 | $(call wait_for_istio_control_plane, ${ISTIO_VERSION}) 123 | istio.observability: 124 | kubectl apply -f deploy/resources/policy/istio/observability/ 125 | demo.deploy.v1: 126 | kubectl apply -f deploy/resources/policy/microservice-v1/ 127 | 128 | demo.deploy.v2: 129 | kubectl apply -f deploy/resources/policy/microservice-v2/ 130 | deploy.demo: 131 | kubectl apply -f deploy/resources/policy/microservice-v3/ 132 | kubectl apply -f deploy/resources/policy/microservice-v2/ 133 | kubectl apply -f deploy/resources/policy/microservice-v1/ 134 | kubectl apply -f deploy/resources/policy/webapp/ 135 | kubectl apply -f deploy/resources/policy/istio/base 136 | kubectl apply -f deploy/resources/policy/istio/canary/vs.100-v1.yaml 137 | $(call wait_for_deployment,development,demo-microservice-v1) 138 | $(call wait_for_deployment,development,demo-microservice-v2) 139 | $(call wait_for_deployment,development,demo-microservice-v3) 140 | $(call wait_for_deployment,development,webapp) 141 | install.demo: istio.install istio.observability deploy.demo 142 | 143 | 144 | 145 | ## Show help 146 | help: 147 | @echo '' 148 | @echo 'Usage:' 149 | @echo ' ${YELLOW}make${RESET} ${GREEN}${RESET}' 150 | @echo '' 151 | @echo 'Targets:' 152 | @awk '/^[a-zA-Z\-\_0-9]+:/ { \ 153 | helpMessage = match(lastLine, /^## (.*)/); \ 154 | if (helpMessage) { \ 155 | helpCommand = substr($$1, 0, index($$1, ":")-1); \ 156 | helpMessage = substr(lastLine, RSTART + 3, RLENGTH); \ 157 | printf " ${YELLOW}%-$(TARGET_MAX_CHAR_NUM)s${RESET} ${GREEN}%s${RESET}\n", helpCommand, helpMessage; \ 158 | } \ 159 | } \ 160 | { lastLine = $$0 }' $(MAKEFILE_LIST) 161 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Istio Demonstration 2 | 3 | A basic example of implementing ingress into an Istio service mesh, with a demonstration of canary based policy which utilises labels on a multi-versioned microservice, which has been deployed within the Istio service mesh. 4 | 5 | ## Contents 6 | 7 | - [Istio Demonstration](#istio-demonstration) 8 | - [Contents](#contents) 9 | - [Reference](#reference) 10 | - [Prerequisites](#prerequisites) 11 | - [Getting Started](#getting-started) 12 | - [install dependencies](#install-dependencies) 13 | - [Resolution](#resolution) 14 | - [Install Demo](#install-demo) 15 | - [Install Istio](#install-istio) 16 | - [Deploy Example Microservice](#deploy-example-microservice) 17 | - [Observability](#observability) 18 | - [Generate Traffic](#generate-traffic) 19 | 20 | ## Reference 21 | 22 | [1] https://istio.io/docs/reference/config/istio.networking.v1alpha3/ 23 | 24 | [2] https://istio.io/blog/2018/v1alpha3-routing/ 25 | 26 | ## Prerequisites 27 | 28 | - I've developed and tested this using Docker for Mac, with the Kubernetes local cluster enabled. It is available [here](https://store.docker.com/editions/community/docker-ce-desktop-mac). These instructions/tooling should also work with Minikube, however I have not tested yet. 29 | 30 | - nginx/haproxy to enable a single origin to prevent CORS complaints when web-app accesses the backend. associated steps are implemented in the `Makefile` contained in this repo, instructions below. 31 | 32 | - [NVM](https://github.com/creationix/nvm) installed and configured in the shell. 33 | 34 | ## Getting Started 35 | 36 | To start the presentation alone run the following: 37 | 38 | ```bash 39 | nvm install 40 | nvm use 41 | npm install 42 | npm run start 43 | ``` 44 | 45 | ### install dependencies 46 | 47 | ```bash 48 | make install 49 | ``` 50 | 51 | ### Resolution 52 | 53 | Add the following to your /etc/hosts to faciliate domain resolution which will be 54 | used for requesting content from the service mesh, running on your local machine within docker-for-desktop. 55 | 56 | ```text 57 | ... 58 | 127.0.0.1 webapp.demo api.demo grafana.demo kiali.demo tracing.demo 59 | ... 60 | ``` 61 | 62 | ### Install Demo 63 | 64 | The end-to-end install can be started by running: 65 | 66 | ```bash 67 | make install.demo 68 | ``` 69 | 70 | ### Install Istio 71 | 72 | In order to install Istio we run the below command. What this will do is deploy the Istio control plane via Helm, there are a range of flags added to add in the additional observability tooling as part of the deployment 73 | 74 | ```bash 75 | make istio.intall 76 | ``` 77 | 78 | ### Deploy Example Microservice 79 | 80 | With the namespace labelled, the below deployment will have side-cars added and consequently be augmented into the mesh. 81 | 82 | These are deployed in the `development` namespace. This namespace has been labeled with `istio-injection=enabled`, consequently the `admissionMutatingWebhook` will modify the deployment resource to include an istio side-car in the deployment. 83 | 84 | ```bash 85 | make deploy.demo 86 | ``` 87 | 88 | This will apply the related Istio CRD's to faciliate ingress into the mesh to the required microservices. You can see these polices in [policy/istio](/policy/istio) within this repo. 89 | 90 | Open a browser and hit [http://localhost:3000](http://localhost:3000), and we are ready to roll. 91 | 92 | ### Observability 93 | 94 | The observability tooling such as Jaeger, Grafana, Prometheus, and Kiali will be deployed as part of the `make istio-install` command. However, in order to enable ingress to these services we need to deploy some `Ingress` policies to enable this connectivity. 95 | 96 | This can be achieved with the following make command: 97 | 98 | ```bash 99 | make istio.observability 100 | ``` 101 | If you've added the required `/etc/hosts` configuration. These services will be available at the the following `${HOSTNAME}:${NODE_PORT}`. Example: 102 | 103 | - [http://grafana.demo](http://grafana.demo) 104 | - [http://tracing.demo](http://tracing.demo) 105 | - [http://kiali.demo](http://kiali.demo) 106 | - [http://webapp.demo](http://webapp.demo) 107 | 108 | ### Generate Traffic 109 | 110 | In order to stimulate the given backend microservices and the Istio service mesh, we can generte some `Siege` traffic via the following command: 111 | 112 | ```bash 113 | make traffic 114 | ``` 115 | 116 | This will generate many requests to the `http://api.demo` host, and we should see this traffic coming in via the myriad of observability tooling made available in the previous step. 117 | -------------------------------------------------------------------------------- /dependencies.sh: -------------------------------------------------------------------------------- 1 | fetch_package() { 2 | if ! command -v $1 > /dev/null | brew ls --versions $1 > /dev/null; then 3 | brew install $1 4 | else 5 | echo " ✅ $1 already installed" 6 | fi 7 | } 8 | 9 | for package in {siege,kubernetes-helm,kubernetes-cli,nginx}; 10 | do 11 | fetch_package $package 12 | done -------------------------------------------------------------------------------- /deploy/resources/istio/1.1.4/service/mandatory/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: development 5 | labels: 6 | istio-injection: enabled 7 | --- 8 | apiVersion: v1 9 | kind: Namespace 10 | metadata: 11 | name: istio-system 12 | --- -------------------------------------------------------------------------------- /deploy/resources/istio/1.1.5/service/mandatory/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: development 5 | labels: 6 | istio-injection: enabled 7 | --- 8 | apiVersion: v1 9 | kind: Namespace 10 | metadata: 11 | name: istio-system 12 | --- -------------------------------------------------------------------------------- /deploy/resources/policy/istio/base/demo.yml: -------------------------------------------------------------------------------- 1 | -- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: demo 6 | namespace: istio-system 7 | spec: 8 | hosts: 9 | - "webapp.demo" 10 | gateways: 11 | - demo-gateway.development.svc.cluster.local 12 | http: 13 | - match: 14 | - uri: 15 | prefix: "/" 16 | corsPolicy: 17 | allowOrigin: 18 | - "*" 19 | allowMethods: 20 | - GET 21 | route: 22 | - destination: 23 | host: webapp.development.svc.cluster.local 24 | port: 25 | number: 3000 26 | --- 27 | apiVersion: networking.istio.io/v1alpha3 28 | kind: DestinationRule 29 | metadata: 30 | name: demo 31 | namespace: istio-system 32 | spec: 33 | host: webapp.development.svc.cluster.local 34 | trafficPolicy: 35 | tls: 36 | mode: DISABLE -------------------------------------------------------------------------------- /deploy/resources/policy/istio/base/dr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: demo-destination 5 | namespace: development 6 | spec: 7 | host: demo-microservice.development.svc.cluster.local 8 | trafficPolicy: 9 | tls: 10 | mode: ISTIO_MUTUAL 11 | connectionPool: 12 | http: 13 | maxRetries: 30 14 | http2MaxRequests: 30 15 | subsets: 16 | - name: v1 17 | labels: 18 | version: v1 19 | - name: v2 20 | labels: 21 | version: v2 22 | - name: v3 23 | labels: 24 | version: v3 25 | --- -------------------------------------------------------------------------------- /deploy/resources/policy/istio/base/gw.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: demo-gateway 5 | namespace: development 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | number: 80 12 | name: http 13 | protocol: HTTP 14 | hosts: 15 | - "*.demo" 16 | -------------------------------------------------------------------------------- /deploy/resources/policy/istio/canary/vs.100-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: demo-vs 5 | namespace: development 6 | spec: 7 | gateways: 8 | - demo-gateway 9 | hosts: 10 | - "api.demo" 11 | http: 12 | - route: 13 | - destination: 14 | host: demo-microservice.development.svc.cluster.local 15 | subset: v1 16 | port: 17 | number: 8080 18 | weight: 100 19 | corsPolicy: 20 | allowOrigin: 21 | - "*" 22 | allowMethods: 23 | - GET -------------------------------------------------------------------------------- /deploy/resources/policy/istio/canary/vs.90-v1-with-retry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: demo-vs 5 | namespace: development 6 | spec: 7 | gateways: 8 | - demo-gateway 9 | - mesh 10 | hosts: 11 | - "api.demo" 12 | - "demo-microservice.development.svc.cluster.local" 13 | http: 14 | - route: 15 | - destination: 16 | host: demo-microservice.development.svc.cluster.local 17 | subset: v1 18 | port: 19 | number: 8080 20 | weight: 90 21 | - destination: 22 | host: demo-microservice.development.svc.cluster.local 23 | subset: v3 24 | port: 25 | number: 8080 26 | weight: 10 27 | retries: 28 | attempts: 10 29 | perTryTimeout: 200ms 30 | retryOn: 5xx 31 | corsPolicy: 32 | allowOrigin: 33 | - "*" 34 | allowMethods: 35 | - GET 36 | -------------------------------------------------------------------------------- /deploy/resources/policy/istio/canary/vs.90-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: demo-vs 5 | namespace: development 6 | spec: 7 | gateways: 8 | - demo-gateway 9 | - mesh 10 | hosts: 11 | - "api.demo" 12 | - "demo-microservice.development.svc.cluster.local" 13 | http: 14 | - route: 15 | - destination: 16 | host: demo-microservice.development.svc.cluster.local 17 | subset: v1 18 | port: 19 | number: 8080 20 | weight: 90 21 | - destination: 22 | host: demo-microservice.development.svc.cluster.local 23 | subset: v3 24 | port: 25 | number: 8080 26 | weight: 10 27 | corsPolicy: 28 | allowOrigin: 29 | - "*" 30 | allowMethods: 31 | - GET -------------------------------------------------------------------------------- /deploy/resources/policy/istio/observability/grafana.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: grafana 6 | namespace: istio-system 7 | spec: 8 | hosts: 9 | - "grafana.demo" 10 | gateways: 11 | - demo-gateway.development.svc.cluster.local 12 | http: 13 | - match: 14 | - uri: 15 | prefix: "/" 16 | route: 17 | - destination: 18 | host: grafana.istio-system.svc.cluster.local 19 | port: 20 | number: 3000 21 | --- 22 | apiVersion: networking.istio.io/v1alpha3 23 | kind: DestinationRule 24 | metadata: 25 | name: grafana 26 | namespace: istio-system 27 | spec: 28 | host: grafana.istio-system.svc.cluster.local 29 | trafficPolicy: 30 | tls: 31 | mode: DISABLE -------------------------------------------------------------------------------- /deploy/resources/policy/istio/observability/jaeger.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: jaeger 5 | namespace: istio-system 6 | spec: 7 | hosts: 8 | - "jaeger.demo" 9 | gateways: 10 | - demo-gateway.development.svc.cluster.local 11 | http: 12 | - match: 13 | - uri: 14 | prefix: "/" 15 | route: 16 | - destination: 17 | host: jaeger-query.istio-system.svc.cluster.local 18 | port: 19 | number: 16686 20 | --- 21 | apiVersion: networking.istio.io/v1alpha3 22 | kind: DestinationRule 23 | metadata: 24 | name: jaeger 25 | namespace: istio-system 26 | spec: 27 | host: jaeger-query.istio-system.svc.cluster.local 28 | trafficPolicy: 29 | tls: 30 | mode: DISABLE -------------------------------------------------------------------------------- /deploy/resources/policy/istio/observability/kiali.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: kiali 5 | namespace: istio-system 6 | spec: 7 | hosts: 8 | - "kiali.demo" 9 | gateways: 10 | - demo-gateway.development.svc.cluster.local 11 | http: 12 | - match: 13 | - uri: 14 | prefix: "/" 15 | route: 16 | - destination: 17 | host: kiali.istio-system.svc.cluster.local 18 | port: 19 | number: 20001 20 | --- 21 | apiVersion: networking.istio.io/v1alpha3 22 | kind: DestinationRule 23 | metadata: 24 | name: kiali 25 | namespace: istio-system 26 | spec: 27 | host: kiali.istio-system.svc.cluster.local 28 | trafficPolicy: 29 | tls: 30 | mode: DISABLE -------------------------------------------------------------------------------- /deploy/resources/policy/istio/observability/prometheus.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: prometheus 5 | namespace: istio-system 6 | spec: 7 | hosts: 8 | - "prometheus.demo" 9 | gateways: 10 | - demo-gateway.development.svc.cluster.local 11 | http: 12 | - match: 13 | - uri: 14 | prefix: "/" 15 | route: 16 | - destination: 17 | host: prometheus 18 | port: 19 | number: 9090 20 | --- 21 | apiVersion: networking.istio.io/v1alpha3 22 | kind: DestinationRule 23 | metadata: 24 | name: prometheus 25 | namespace: istio-system 26 | spec: 27 | host: prometheus.istio-system.svc.cluster.local 28 | trafficPolicy: 29 | tls: 30 | mode: DISABLE 31 | --- -------------------------------------------------------------------------------- /deploy/resources/policy/microservice-v1/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: demo-microservice-v1 5 | namespace: development 6 | spec: 7 | replicas: 1 8 | template: 9 | metadata: 10 | labels: 11 | app: demo-microservice 12 | release: demo-microservice-v1 13 | version: v1 14 | annotations: 15 | sidecar.istio.io/inject: "true" 16 | spec: 17 | containers: 18 | - name: microservice 19 | image: "castlemilk/microservice-a:v1" 20 | imagePullPolicy: IfNotPresent 21 | ports: 22 | - name: http 23 | containerPort: 8080 24 | - name: management 25 | containerPort: 8081 26 | livenessProbe: 27 | httpGet: 28 | path: /healthz 29 | port: management 30 | timeoutSeconds: 3 31 | initialDelaySeconds: 20 32 | readinessProbe: 33 | httpGet: 34 | path: /healthz 35 | port: management 36 | timeoutSeconds: 3 37 | initialDelaySeconds: 20 38 | resources: 39 | {} 40 | -------------------------------------------------------------------------------- /deploy/resources/policy/microservice-v1/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: microservice/templates/service.yaml 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | labels: 7 | app: demo-microservice 8 | namespace: development 9 | name: demo-microservice 10 | spec: 11 | type: ClusterIP 12 | ports: 13 | - port: 8080 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | selector: 18 | app: demo-microservice -------------------------------------------------------------------------------- /deploy/resources/policy/microservice-v2/deployment.yaml: -------------------------------------------------------------------------------- 1 | # Source: microservice/templates/deployment.yaml 2 | apiVersion: apps/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: demo-microservice-v2 6 | namespace: development 7 | spec: 8 | replicas: 1 9 | template: 10 | metadata: 11 | labels: 12 | app: demo-microservice 13 | release: demo-microservice-v2 14 | version: v2 15 | annotations: 16 | sidecar.istio.io/inject: "true" 17 | spec: 18 | containers: 19 | - name: microservice 20 | image: "castlemilk/microservice-a:v2" 21 | imagePullPolicy: Always 22 | ports: 23 | - name: http 24 | containerPort: 8080 25 | - name: management 26 | containerPort: 8081 27 | livenessProbe: 28 | httpGet: 29 | path: /healthz 30 | port: management 31 | timeoutSeconds: 3 32 | initialDelaySeconds: 20 33 | readinessProbe: 34 | httpGet: 35 | path: /healthz 36 | port: management 37 | timeoutSeconds: 3 38 | initialDelaySeconds: 20 -------------------------------------------------------------------------------- /deploy/resources/policy/microservice-v3/deployment.yaml: -------------------------------------------------------------------------------- 1 | # Source: microservice/templates/deployment.yaml 2 | apiVersion: apps/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: demo-microservice-v3 6 | namespace: development 7 | spec: 8 | replicas: 1 9 | template: 10 | metadata: 11 | labels: 12 | app: demo-microservice 13 | release: demo-microservice-v3 14 | version: v3 15 | annotations: 16 | sidecar.istio.io/inject: "true" 17 | spec: 18 | containers: 19 | - name: microservice 20 | image: "castlemilk/microservice-a:v3" 21 | imagePullPolicy: Always 22 | ports: 23 | - name: http 24 | containerPort: 8080 25 | - name: management 26 | containerPort: 8081 27 | livenessProbe: 28 | httpGet: 29 | path: /healthz 30 | port: management 31 | timeoutSeconds: 3 32 | initialDelaySeconds: 20 33 | readinessProbe: 34 | httpGet: 35 | path: /healthz 36 | port: management 37 | timeoutSeconds: 3 38 | initialDelaySeconds: 20 -------------------------------------------------------------------------------- /deploy/resources/policy/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | 2 | #user nobody; 3 | worker_processes 1; 4 | 5 | #error_log logs/error.log; 6 | #error_log logs/error.log notice; 7 | #error_log logs/error.log info; 8 | 9 | #pid logs/nginx.pid; 10 | 11 | 12 | events { 13 | worker_connections 1024; 14 | } 15 | 16 | 17 | http { 18 | include mime.types; 19 | default_type application/octet-stream; 20 | 21 | #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 22 | # '$status $body_bytes_sent "$http_referer" ' 23 | # '"$http_user_agent" "$http_x_forwarded_for"'; 24 | 25 | #access_log logs/access.log main; 26 | 27 | sendfile on; 28 | #tcp_nopush on; 29 | 30 | #keepalive_timeout 0; 31 | keepalive_timeout 65; 32 | 33 | #gzip on; 34 | upstream api { 35 | server demo.microservice.local; 36 | } 37 | upstream webapp { 38 | server localhost:3000; 39 | } 40 | 41 | server { 42 | listen 8080; 43 | server_name localhost; 44 | 45 | #charset koi8-r; 46 | 47 | #access_log logs/host.access.log main; 48 | 49 | location / { 50 | proxy_pass http://webapp; 51 | } 52 | location /api/ { 53 | proxy_pass http://api/; 54 | proxy_http_version 1.1; 55 | proxy_set_header Host demo.microservice.local; 56 | proxy_pass_request_headers on; 57 | proxy_set_header X-Forwarded-For $remote_addr; 58 | proxy_set_header Connection "upgrade"; 59 | } 60 | 61 | #error_page 404 /404.html; 62 | 63 | # redirect server error pages to the static page /50x.html 64 | # 65 | error_page 500 502 503 504 /50x.html; 66 | location = /50x.html { 67 | root html; 68 | } 69 | 70 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80 71 | # 72 | #location ~ \.php$ { 73 | # proxy_pass http://127.0.0.1; 74 | #} 75 | 76 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 77 | # 78 | #location ~ \.php$ { 79 | # root html; 80 | # fastcgi_pass 127.0.0.1:9000; 81 | # fastcgi_index index.php; 82 | # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 83 | # include fastcgi_params; 84 | #} 85 | 86 | # deny access to .htaccess files, if Apache's document root 87 | # concurs with nginx's one 88 | # 89 | #location ~ /\.ht { 90 | # deny all; 91 | #} 92 | } 93 | 94 | 95 | # another virtual host using mix of IP-, name-, and port-based configuration 96 | # 97 | #server { 98 | # listen 8000; 99 | # listen somename:8080; 100 | # server_name somename alias another.alias; 101 | 102 | # location / { 103 | # root html; 104 | # index index.html index.htm; 105 | # } 106 | #} 107 | 108 | 109 | # HTTPS server 110 | # 111 | #server { 112 | # listen 443 ssl; 113 | # server_name localhost; 114 | 115 | # ssl_certificate cert.pem; 116 | # ssl_certificate_key cert.key; 117 | 118 | # ssl_session_cache shared:SSL:1m; 119 | # ssl_session_timeout 5m; 120 | 121 | # ssl_ciphers HIGH:!aNULL:!MD5; 122 | # ssl_prefer_server_ciphers on; 123 | 124 | # location / { 125 | # root html; 126 | # index index.html index.htm; 127 | # } 128 | #} 129 | include servers/*; 130 | } 131 | -------------------------------------------------------------------------------- /deploy/resources/policy/webapp/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: webapp 5 | namespace: development 6 | spec: 7 | replicas: 1 8 | template: 9 | metadata: 10 | labels: 11 | app: webapp 12 | release: webapp 13 | version: v1 14 | annotations: 15 | sidecar.istio.io/inject: "false" 16 | spec: 17 | containers: 18 | - name: webapp 19 | image: demo 20 | imagePullPolicy: Never 21 | ports: 22 | - name: http 23 | containerPort: 3000 24 | livenessProbe: 25 | httpGet: 26 | path: / 27 | port: 3000 28 | timeoutSeconds: 3 29 | initialDelaySeconds: 20 30 | readinessProbe: 31 | httpGet: 32 | path: / 33 | port: 3000 34 | timeoutSeconds: 3 35 | initialDelaySeconds: 20 36 | --- 37 | -------------------------------------------------------------------------------- /deploy/resources/policy/webapp/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: microservice/templates/service.yaml 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | labels: 7 | app: webapp 8 | namespace: development 9 | name: webapp 10 | spec: 11 | type: ClusterIP 12 | ports: 13 | - port: 3000 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | selector: 18 | app: webapp -------------------------------------------------------------------------------- /deploy/values/istio/1.1.4/values.yaml: -------------------------------------------------------------------------------- 1 | 2 | # 3 | # nodeagent configuration 4 | # 5 | nodeagent: 6 | enabled: false 7 | 8 | # 9 | # Istio CNI plugin enabled 10 | # This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. 11 | # If true, the privileged initContainer istio-init is not needed to perform the traffic redirect 12 | # settings for the istio-proxy. 13 | # 14 | istio_cni: 15 | enabled: false 16 | 17 | # 18 | # sidecar-injector webhook configuration, refer to the 19 | # charts/sidecarInjectorWebhook/values.yaml for detailed configuration 20 | # 21 | sidecarInjectorWebhook: 22 | enabled: true 23 | 24 | # Common settings. 25 | global: 26 | # Default hub for Istio images. 27 | # Releases are published to docker hub under 'istio' project. 28 | # Daily builds from prow are on gcr.io, and nightly builds from circle on docker.io/istionightly 29 | hub: docker.io/istio 30 | 31 | # Default tag for Istio images. 32 | tag: 1.1.5 33 | 34 | k8sIngress: 35 | enabled: false 36 | 37 | proxy: 38 | image: proxyv2 39 | # cluster domain. Default value is "cluster.local". 40 | clusterDomain: "cluster.local" 41 | 42 | # Resources for the sidecar. 43 | resources: 44 | requests: 45 | cpu: 100m 46 | memory: 128Mi 47 | limits: 48 | cpu: 2000m 49 | memory: 128Mi 50 | 51 | # Controls number of Proxy worker threads. 52 | # If set to 0 (default), then start worker thread for each CPU thread/core. 53 | concurrency: 2 54 | 55 | # Configures the access log for each sidecar. 56 | # Options: 57 | # "" - disables access log 58 | # "/dev/stdout" - enables access log 59 | accessLogFile: "/dev/stdout" 60 | 61 | # Configure how and what fields are displayed in sidecar access log. Setting to 62 | # empty string will result in default log format 63 | accessLogFormat: "" 64 | 65 | # Configure the access log for sidecar to JSON or TEXT. 66 | accessLogEncoding: TEXT 67 | 68 | # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS 69 | # 5 seconds is the default refresh rate used by Envoy 70 | dnsRefreshRate: 5s 71 | 72 | #If set to true, istio-proxy container will have privileged securityContext 73 | privileged: false 74 | 75 | # If set, newly injected sidecars will have core dumps enabled. 76 | enableCoreDump: false 77 | 78 | # Default port for Pilot agent health checks. A value of 0 will disable health checking. 79 | statusPort: 15020 80 | 81 | # The initial delay for readiness probes in seconds. 82 | readinessInitialDelaySeconds: 1 83 | 84 | # The period between readiness probes. 85 | readinessPeriodSeconds: 2 86 | 87 | # The number of successive failed probes before indicating readiness failure. 88 | readinessFailureThreshold: 30 89 | 90 | # istio egress capture whitelist 91 | # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly 92 | # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" 93 | # would only capture egress traffic on those two IP Ranges, all other outbound traffic would 94 | # be allowed by the sidecar 95 | includeIPRanges: "*" 96 | excludeIPRanges: "" 97 | 98 | # pod internal interfaces 99 | kubevirtInterfaces: "" 100 | 101 | # istio ingress capture whitelist 102 | # examples: 103 | # Redirect no inbound traffic to Envoy: --includeInboundPorts="" 104 | # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" 105 | # Redirect only selected ports: --includeInboundPorts="80,8080" 106 | includeInboundPorts: "*" 107 | excludeInboundPorts: "" 108 | 109 | # This controls the 'policy' in the sidecar injector. 110 | autoInject: enabled 111 | 112 | # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument 113 | # would be :). 114 | # Disabled by default. 115 | # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. 116 | envoyStatsd: 117 | # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. 118 | enabled: false 119 | host: # example: statsd-svc.istio-system 120 | port: # example: 9125 121 | 122 | # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector 123 | # via the Metrics Service gRPC API. This contains detailed stats information emitted directly 124 | # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also 125 | # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. 126 | # 127 | # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto 128 | # for details about Envoy's Metrics Service API. 129 | # 130 | # Disabled by default. 131 | envoyMetricsService: 132 | enabled: false 133 | host: # example: metrics-service.istio-system 134 | port: # example: 15000 135 | 136 | # Specify which tracer to use. One of: lightstep, zipkin, datadog 137 | tracer: "zipkin" 138 | 139 | proxy_init: 140 | # Base name for the proxy_init container, used to configure iptables. 141 | image: proxy_init 142 | 143 | # imagePullPolicy is applied to istio control plane components. 144 | # local tests require IfNotPresent, to avoid uploading to dockerhub. 145 | # TODO: Switch to Always as default, and override in the local tests. 146 | imagePullPolicy: IfNotPresent 147 | 148 | # controlPlaneMtls enabled. Will result in delays starting the pods while secrets are 149 | # propagated, not recommended for tests. 150 | controlPlaneSecurityEnabled: true 151 | 152 | # disablePolicyChecks disables mixer policy checks. 153 | # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. 154 | disablePolicyChecks: false 155 | 156 | # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. 157 | # Default is false which means the traffic is denied when the client is unable to connect to Mixer. 158 | policyCheckFailOpen: false 159 | 160 | # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. 161 | enableTracing: true 162 | # Configuration for each of the supported tracers 163 | tracer: 164 | # Configuration for envoy to send trace data to LightStep. 165 | # Disabled by default. 166 | # address: the : of the satellite pool 167 | # accessToken: required for sending data to the pool 168 | # secure: specifies whether data should be sent with TLS 169 | # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is 170 | # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination 171 | # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. 172 | # 173 | lightstep: 174 | address: "" # example: lightstep-satellite:443 175 | accessToken: "" # example: abcdefg1234567 176 | secure: true # example: true|false 177 | cacertPath: "" # example: /etc/lightstep/cacert.pem 178 | zipkin: 179 | # Host:Port for reporting trace data in zipkin format. If not specified, will default to 180 | # zipkin service (port 9411) in the same namespace as the other istio components. 181 | address: "" 182 | datadog: 183 | # Host:Port for submitting traces to the Datadog agent. 184 | address: "$(HOST_IP):8126" 185 | 186 | # Default mtls policy. If true, mtls between services will be enabled by default. 187 | mtls: 188 | # Default setting for service-to-service mtls. Can be set explicitly using 189 | # destination rules or service annotations. 190 | enabled: true 191 | 192 | # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace 193 | # to use for pulling any images in pods that reference this ServiceAccount. 194 | # Must be set for any clustser configured with privte docker registry. 195 | imagePullSecrets: 196 | # - private-registry-key 197 | 198 | # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: 199 | # 0 - Never scheduled 200 | # 1 - Least preferred 201 | # 2 - No preference 202 | # 3 - Most preferred 203 | arch: 204 | amd64: 2 205 | s390x: 2 206 | ppc64le: 2 207 | # Default node selector to be applied to all deployments so that all pods can be 208 | # constrained to run a particular nodes. Each component can overwrite these default 209 | # values by adding its node selector block in the relevant section below and setting 210 | # the desired values. 211 | defaultNodeSelector: {} 212 | # Whether to restrict the applications namespace the controller manages; 213 | # If not set, controller watches all namespaces 214 | oneNamespace: false 215 | 216 | # Whether to perform server-side validation of configuration. 217 | configValidation: true 218 | 219 | # If set to true, the pilot and citadel mtls will be exposed on the 220 | # ingress gateway 221 | meshExpansion: 222 | enabled: false 223 | # If set to true, the pilot and citadel mtls and the plain text pilot ports 224 | # will be exposed on an internal gateway 225 | useILB: false 226 | 227 | multiCluster: 228 | # Set to true to connect two kubernetes clusters via their respective 229 | # ingressgateway services when pods in each cluster cannot directly 230 | # talk to one another. All clusters should be using Istio mTLS and must 231 | # have a shared root CA for this model to work. 232 | enabled: false 233 | 234 | # A minimal set of requested resources to applied to all deployments so that 235 | # Horizontal Pod Autoscaler will be able to function (if set). 236 | # Each component can overwrite these default values by adding its own resources 237 | # block in the relevant section below and setting the desired resources values. 238 | defaultResources: 239 | requests: 240 | cpu: 10m 241 | # memory: 128Mi 242 | # limits: 243 | # cpu: 100m 244 | # memory: 128Mi 245 | 246 | # enable pod distruption budget for the control plane, which is used to 247 | # ensure Istio control plane components are gradually upgraded or recovered. 248 | defaultPodDisruptionBudget: 249 | enabled: true 250 | # The values aren't mutable due to a current PodDisruptionBudget limitation 251 | # minAvailable: 1 252 | # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and 253 | # system-node-critical, it is better to configure this in order to make sure your Istio pods 254 | # will not be killed because of low priority class. 255 | # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass 256 | # for more detail. 257 | priorityClassName: "" 258 | 259 | # Use the Mesh Control Protocol (MCP) for configuring Mixer and 260 | # Pilot. Requires galley (`--set galley.enabled=true`). 261 | useMCP: true 262 | 263 | # The trust domain corresponds to the trust root of a system 264 | # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain 265 | # Indicate the domain used in SPIFFE identity URL 266 | # The default depends on the environment. 267 | # kubernetes: cluster.local 268 | # else: default dns domain 269 | trustDomain: "" 270 | # Set the default behavior of the sidecar for handling outbound traffic from the application: 271 | # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no 272 | # services or ServiceEntries for the destination port 273 | # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well 274 | # as those defined through ServiceEntries 275 | # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests 276 | # to services outside of the mesh without any ServiceEntry. 277 | # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. 278 | outboundTrafficPolicy: 279 | mode: REGISTRY_ONLY 280 | # set the default set of namespaces to which services, service entries, virtual services, destination 281 | # rules should be exported to. Currently only one value can be provided in this list. This value 282 | # should be one of the following two options: 283 | # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. 284 | # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host 285 | #defaultConfigVisibilitySettings: 286 | #- '*' 287 | 288 | sds: 289 | # SDS enabled. IF set to true, mTLS certificates for the sidecars will be 290 | # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. 291 | enabled: false 292 | udsPath: "" 293 | useTrustworthyJwt: false 294 | useNormalJwt: false 295 | 296 | # 297 | # ingress configuration 298 | # 299 | ingress: 300 | enabled: false 301 | 302 | # 303 | # Gateways Configuration 304 | # By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. 305 | # You can add more gateways in addition to the defaults but make sure those are uniquely named 306 | # and that NodePorts are not conflicting. 307 | # Disable specifc gateway by setting the `enabled` to false. 308 | # 309 | gateways: 310 | enabled: true 311 | istio-ingressgateway: 312 | enabled: true 313 | labels: 314 | app: istio-ingressgateway 315 | istio: ingressgateway 316 | replicaCount: 1 317 | autoscaleMin: 1 318 | autoscaleMax: 5 319 | resources: {} 320 | # limits: 321 | # cpu: 100m 322 | # memory: 128Mi 323 | #requests: 324 | # cpu: 1800m 325 | # memory: 256Mi 326 | cpu: 327 | targetAverageUtilization: 80 328 | loadBalancerIP: "" 329 | serviceAnnotations: {} 330 | type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be 331 | # Uncomment the following line to preserve client source ip. 332 | # externalTrafficPolicy: Local 333 | 334 | ports: 335 | ## You can add custom gateway ports 336 | - port: 80 337 | targetPort: 80 338 | name: http2 339 | nodePort: 31380 340 | - port: 443 341 | name: https 342 | nodePort: 31390 343 | - port: 31400 344 | name: tcp 345 | nodePort: 31400 346 | # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect 347 | # to pilot/citadel if global.meshExpansion settings are enabled. 348 | - port: 15011 349 | targetPort: 15011 350 | name: tcp-pilot-grpc-tls 351 | - port: 8060 352 | targetPort: 8060 353 | name: tcp-citadel-grpc-tls 354 | - port: 853 355 | targetPort: 853 356 | name: tcp-dns-tls 357 | - port: 15030 358 | targetPort: 15030 359 | name: http2-prometheus 360 | - port: 15031 361 | targetPort: 15031 362 | name: http2-grafana 363 | secretVolumes: [] 364 | istio-egressgateway: 365 | enabled: true 366 | labels: 367 | app: istio-egressgateway 368 | istio: egressgateway 369 | replicaCount: 1 370 | autoscaleMin: 1 371 | autoscaleMax: 5 372 | cpu: 373 | targetAverageUtilization: 80 374 | serviceAnnotations: {} 375 | type: ClusterIP #change to NodePort or LoadBalancer if need be 376 | ports: 377 | - port: 80 378 | name: http2 379 | - port: 443 380 | name: https 381 | secretVolumes: 382 | - name: stock-mtls-server-cert 383 | secretName: stock-mtls-server-cert 384 | mountPath: /etc/certs/stock-server-cert 385 | - name: stock-mtls-client-cert 386 | secretName: stock-mtls-client-cert 387 | mountPath: /etc/certs/stock-client-cert 388 | - name: stock-mtls-ca-cert 389 | secretName: stock-mtls-ca-cert 390 | mountPath: /etc/certs/stock-ca 391 | # sidecar-injector webhook configuration 392 | # 393 | sidecarInjectorWebhook: 394 | enabled: true 395 | replicaCount: 1 396 | enableNamespacesByDefault: false 397 | 398 | # 399 | # galley configuration 400 | # 401 | galley: 402 | enabled: true 403 | replicaCount: 1 404 | image: galley 405 | 406 | # 407 | # mixer configuration 408 | # 409 | mixer: 410 | # 411 | # mixer configuration 412 | # 413 | enabled: true 414 | image: mixer 415 | 416 | env: 417 | GODEBUG: gctrace=1 418 | # max procs should be ceil(cpu limit + 1) 419 | GOMAXPROCS: "6" 420 | 421 | policy: 422 | # if policy is enabled, global.disablePolicyChecks has affect. 423 | enabled: true 424 | replicaCount: 1 425 | autoscaleEnabled: true 426 | autoscaleMin: 1 427 | autoscaleMax: 5 428 | cpu: 429 | targetAverageUtilization: 80 430 | 431 | telemetry: 432 | enabled: true 433 | replicaCount: 1 434 | autoscaleEnabled: true 435 | autoscaleMin: 1 436 | autoscaleMax: 5 437 | cpu: 438 | targetAverageUtilization: 80 439 | sessionAffinityEnabled: false 440 | 441 | # mixer load shedding configuration. 442 | # When mixer detects that it is overloaded, it starts rejecting grpc requests. 443 | loadshedding: 444 | # disabled, logonly or enforce 445 | mode: enforce 446 | # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. 447 | latencyThreshold: 100ms 448 | resources: 449 | requests: 450 | cpu: 300m 451 | memory: 256Mi 452 | limits: 453 | # It is best to do horizontal scaling of mixer using moderate cpu allocation. 454 | # We have experimentally found that these values work well. 455 | cpu: 4800m 456 | memory: 4G 457 | 458 | podAnnotations: {} 459 | nodeSelector: {} 460 | 461 | # Specify the pod anti-affinity that allows you to constrain which nodes 462 | # your pod is eligible to be scheduled based on labels on pods that are 463 | # already running on the node rather than based on labels on nodes. 464 | # There are currently two types of anti-affinity: 465 | # "requiredDuringSchedulingIgnoredDuringExecution" 466 | # "preferredDuringSchedulingIgnoredDuringExecution" 467 | # which denote “hard” vs. “soft” requirements, you can define your values 468 | # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" 469 | # correspondingly. 470 | # For example: 471 | # podAntiAffinityLabelSelector: 472 | # - key: security 473 | # operator: In 474 | # values: S1,S2 475 | # topologyKey: "kubernetes.io/hostname" 476 | # This pod anti-affinity rule says that the pod requires not to be scheduled 477 | # onto a node if that node is already running a pod with label having key 478 | # “security” and value “S1”. 479 | podAntiAffinityLabelSelector: {} 480 | podAntiAffinityTermLabelSelector: {} 481 | 482 | adapters: 483 | kubernetesenv: 484 | enabled: true 485 | # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. 486 | stdio: 487 | enabled: false 488 | outputAsJson: true 489 | prometheus: 490 | enabled: true 491 | metricsExpiryDuration: 10m 492 | # Setting this to false sets the useAdapterCRDs mixer startup argument to false 493 | useAdapterCRDs: true 494 | # 495 | # pilot configuration 496 | # 497 | pilot: 498 | # 499 | # pilot configuration 500 | # 501 | enabled: true 502 | autoscaleEnabled: true 503 | autoscaleMin: 1 504 | autoscaleMax: 5 505 | # specify replicaCount when autoscaleEnabled: false 506 | # replicaCount: 1 507 | image: pilot 508 | sidecar: true 509 | traceSampling: 1.0 510 | # Resources for a small pilot install 511 | resources: 512 | requests: 513 | cpu: 300m 514 | memory: 512Mi 515 | env: 516 | PILOT_PUSH_THROTTLE: 100 517 | GODEBUG: gctrace=1 518 | cpu: 519 | targetAverageUtilization: 80 520 | nodeSelector: {} 521 | 522 | # Specify the pod anti-affinity that allows you to constrain which nodes 523 | # your pod is eligible to be scheduled based on labels on pods that are 524 | # already running on the node rather than based on labels on nodes. 525 | # There are currently two types of anti-affinity: 526 | # "requiredDuringSchedulingIgnoredDuringExecution" 527 | # "preferredDuringSchedulingIgnoredDuringExecution" 528 | # which denote “hard” vs. “soft” requirements, you can define your values 529 | # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" 530 | # correspondingly. 531 | # For example: 532 | # podAntiAffinityLabelSelector: 533 | # - key: security 534 | # operator: In 535 | # values: S1,S2 536 | # topologyKey: "kubernetes.io/hostname" 537 | # This pod anti-affinity rule says that the pod requires not to be scheduled 538 | # onto a node if that node is already running a pod with label having key 539 | # “security” and value “S1”. 540 | podAntiAffinityLabelSelector: {} 541 | podAntiAffinityTermLabelSelector: {} 542 | 543 | # The following is used to limit how long a sidecar can be connected 544 | # to a pilot. It balances out load across pilot instances at the cost of 545 | # increasing system churn. 546 | keepaliveMaxServerConnectionAge: 30m 547 | 548 | 549 | # 550 | # security configuration 551 | # 552 | security: 553 | enabled: true 554 | replicaCount: 1 555 | image: citadel 556 | selfSigned: true # indicate if self-signed CA is used. 557 | createMeshPolicy: true 558 | 559 | grafana: 560 | enabled: true 561 | replicaCount: 1 562 | # istio < v1.0.0 563 | #image: grafana 564 | # istio > v1.0.2 565 | image: 566 | repository: grafana/grafana 567 | tag: 6.0.2 568 | persist: false 569 | storageClassName: "" 570 | contextPath: / 571 | accessMode: ReadWriteMany 572 | security: 573 | enabled: false 574 | secretName: grafana 575 | adminUser: admin 576 | adminPassword: admin 577 | datasources: 578 | datasources.yaml: 579 | apiVersion: 1 580 | datasources: 581 | - name: Prometheus 582 | type: prometheus 583 | orgId: 1 584 | url: http://prometheus:9090 585 | access: proxy 586 | isDefault: true 587 | jsonData: 588 | timeInterval: 5s 589 | editable: true 590 | dashboardProviders: 591 | dashboardproviders.yaml: 592 | apiVersion: 1 593 | providers: 594 | - name: 'istio' 595 | orgId: 1 596 | folder: 'istio' 597 | type: file 598 | disableDeletion: false 599 | options: 600 | path: /var/lib/grafana/dashboards/istio 601 | service: 602 | annotations: {} 603 | name: http 604 | type: ClusterIP 605 | externalPort: 3000 606 | internalPort: 3000 607 | 608 | prometheus: 609 | enabled: true 610 | replicaCount: 1 611 | hub: docker.io/prom 612 | tag: v2.8.0 613 | retention: 6h 614 | contextPath: / 615 | service: 616 | annotations: {} 617 | nodePort: 618 | enabled: false 619 | port: 32090 620 | 621 | servicegraph: 622 | enabled: false 623 | tracing: 624 | enabled: true 625 | provider: jaeger 626 | jaeger: 627 | enabled: true 628 | hub: docker.io/jaegertracing 629 | resources: 630 | requests: 631 | cpu: 300m 632 | memory: 300Mi 633 | replicaCount: 1 634 | kiali: 635 | enabled: true 636 | replicaCount: 1 637 | hub: docker.io/kiali 638 | contextPath: / # The root context path to access the Kiali UI. 639 | tag: v0.16 640 | # When true, a secret will be created with a default username and password. Useful for demos. 641 | createDemoSecret: true 642 | ingress: 643 | enabled: false 644 | ## Used to create an Ingress record. 645 | # hosts: 646 | # - kiali.local 647 | annotations: 648 | # kubernetes.io/ingress.class: nginx 649 | # kubernetes.io/tls-acme: "true" 650 | tls: 651 | # Secrets must be manually created in the namespace. 652 | # - secretName: kiali-tls 653 | # hosts: 654 | # - kiali.local 655 | dashboard: 656 | username: admin 657 | # Default admin passphrase for kiali. Must be set during setup, and 658 | # changed by overriding the secret 659 | passphrase: admin 660 | 661 | # Override the automatically detected Grafana URL, usefull when Grafana service has no ExternalIPs 662 | grafanaURL: https://grafana.obs.training.local 663 | 664 | # Override the automatically detected Jaeger URL, usefull when Jaeger service has no ExternalIPs 665 | jaegerURL: https://jaeger.obs.training.local 666 | 667 | # Certmanager uses ACME to sign certificates. Since Istio gateways are 668 | # mounting the TLS secrets the Certificate CRDs must be created in the 669 | # istio-system namespace. Once the certificate has been created, the 670 | # gateway must be updated by adding 'secretVolumes'. After the gateway 671 | # restart, DestinationRules can be created using the ACME-signed certificates. 672 | certmanager: 673 | enabled: false 674 | hub: quay.io/jetstack 675 | tag: v0.3.1 676 | resources: {} -------------------------------------------------------------------------------- /deploy/values/istio/1.1.5/values.yaml: -------------------------------------------------------------------------------- 1 | 2 | # 3 | # nodeagent configuration 4 | # 5 | nodeagent: 6 | enabled: false 7 | 8 | # 9 | # Istio CNI plugin enabled 10 | # This must be enabled to use the CNI plugin in Istio. The CNI plugin is installed separately. 11 | # If true, the privileged initContainer istio-init is not needed to perform the traffic redirect 12 | # settings for the istio-proxy. 13 | # 14 | istio_cni: 15 | enabled: false 16 | 17 | # 18 | # sidecar-injector webhook configuration, refer to the 19 | # charts/sidecarInjectorWebhook/values.yaml for detailed configuration 20 | # 21 | sidecarInjectorWebhook: 22 | enabled: true 23 | 24 | # Common settings. 25 | global: 26 | # Default hub for Istio images. 27 | # Releases are published to docker hub under 'istio' project. 28 | # Daily builds from prow are on gcr.io, and nightly builds from circle on docker.io/istionightly 29 | hub: docker.io/istio 30 | 31 | # Default tag for Istio images. 32 | tag: 1.1.4 33 | 34 | k8sIngress: 35 | enabled: false 36 | 37 | proxy: 38 | image: proxyv2 39 | # cluster domain. Default value is "cluster.local". 40 | clusterDomain: "cluster.local" 41 | 42 | # Resources for the sidecar. 43 | resources: 44 | requests: 45 | cpu: 100m 46 | memory: 128Mi 47 | limits: 48 | cpu: 2000m 49 | memory: 128Mi 50 | 51 | # Controls number of Proxy worker threads. 52 | # If set to 0 (default), then start worker thread for each CPU thread/core. 53 | concurrency: 2 54 | 55 | # Configures the access log for each sidecar. 56 | # Options: 57 | # "" - disables access log 58 | # "/dev/stdout" - enables access log 59 | accessLogFile: "/dev/stdout" 60 | 61 | # Configure how and what fields are displayed in sidecar access log. Setting to 62 | # empty string will result in default log format 63 | accessLogFormat: "" 64 | 65 | # Configure the access log for sidecar to JSON or TEXT. 66 | accessLogEncoding: TEXT 67 | 68 | # Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS 69 | # 5 seconds is the default refresh rate used by Envoy 70 | dnsRefreshRate: 5s 71 | 72 | #If set to true, istio-proxy container will have privileged securityContext 73 | privileged: false 74 | 75 | # If set, newly injected sidecars will have core dumps enabled. 76 | enableCoreDump: false 77 | 78 | # Default port for Pilot agent health checks. A value of 0 will disable health checking. 79 | statusPort: 15020 80 | 81 | # The initial delay for readiness probes in seconds. 82 | readinessInitialDelaySeconds: 1 83 | 84 | # The period between readiness probes. 85 | readinessPeriodSeconds: 2 86 | 87 | # The number of successive failed probes before indicating readiness failure. 88 | readinessFailureThreshold: 30 89 | 90 | # istio egress capture whitelist 91 | # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly 92 | # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" 93 | # would only capture egress traffic on those two IP Ranges, all other outbound traffic would 94 | # be allowed by the sidecar 95 | includeIPRanges: "*" 96 | excludeIPRanges: "" 97 | 98 | # pod internal interfaces 99 | kubevirtInterfaces: "" 100 | 101 | # istio ingress capture whitelist 102 | # examples: 103 | # Redirect no inbound traffic to Envoy: --includeInboundPorts="" 104 | # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" 105 | # Redirect only selected ports: --includeInboundPorts="80,8080" 106 | includeInboundPorts: "*" 107 | excludeInboundPorts: "" 108 | 109 | # This controls the 'policy' in the sidecar injector. 110 | autoInject: enabled 111 | 112 | # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument 113 | # would be :). 114 | # Disabled by default. 115 | # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. 116 | envoyStatsd: 117 | # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. 118 | enabled: false 119 | host: # example: statsd-svc.istio-system 120 | port: # example: 9125 121 | 122 | # Sets the Envoy Metrics Service address, used to push Envoy metrics to an external collector 123 | # via the Metrics Service gRPC API. This contains detailed stats information emitted directly 124 | # by Envoy and should not be confused with the the Istio telemetry. The Envoy stats are also 125 | # available to scrape via the Envoy admin port at either /stats or /stats/prometheus. 126 | # 127 | # See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto 128 | # for details about Envoy's Metrics Service API. 129 | # 130 | # Disabled by default. 131 | envoyMetricsService: 132 | enabled: false 133 | host: # example: metrics-service.istio-system 134 | port: # example: 15000 135 | 136 | # Specify which tracer to use. One of: lightstep, zipkin, datadog 137 | tracer: "zipkin" 138 | 139 | proxy_init: 140 | # Base name for the proxy_init container, used to configure iptables. 141 | image: proxy_init 142 | 143 | # imagePullPolicy is applied to istio control plane components. 144 | # local tests require IfNotPresent, to avoid uploading to dockerhub. 145 | # TODO: Switch to Always as default, and override in the local tests. 146 | imagePullPolicy: IfNotPresent 147 | 148 | # controlPlaneMtls enabled. Will result in delays starting the pods while secrets are 149 | # propagated, not recommended for tests. 150 | controlPlaneSecurityEnabled: true 151 | 152 | # disablePolicyChecks disables mixer policy checks. 153 | # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. 154 | disablePolicyChecks: false 155 | 156 | # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. 157 | # Default is false which means the traffic is denied when the client is unable to connect to Mixer. 158 | policyCheckFailOpen: false 159 | 160 | # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. 161 | enableTracing: true 162 | # Configuration for each of the supported tracers 163 | tracer: 164 | # Configuration for envoy to send trace data to LightStep. 165 | # Disabled by default. 166 | # address: the : of the satellite pool 167 | # accessToken: required for sending data to the pool 168 | # secure: specifies whether data should be sent with TLS 169 | # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is 170 | # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination 171 | # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. 172 | # 173 | lightstep: 174 | address: "" # example: lightstep-satellite:443 175 | accessToken: "" # example: abcdefg1234567 176 | secure: true # example: true|false 177 | cacertPath: "" # example: /etc/lightstep/cacert.pem 178 | zipkin: 179 | # Host:Port for reporting trace data in zipkin format. If not specified, will default to 180 | # zipkin service (port 9411) in the same namespace as the other istio components. 181 | address: "" 182 | datadog: 183 | # Host:Port for submitting traces to the Datadog agent. 184 | address: "$(HOST_IP):8126" 185 | 186 | # Default mtls policy. If true, mtls between services will be enabled by default. 187 | mtls: 188 | # Default setting for service-to-service mtls. Can be set explicitly using 189 | # destination rules or service annotations. 190 | enabled: true 191 | 192 | # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace 193 | # to use for pulling any images in pods that reference this ServiceAccount. 194 | # Must be set for any clustser configured with privte docker registry. 195 | imagePullSecrets: 196 | # - private-registry-key 197 | 198 | # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: 199 | # 0 - Never scheduled 200 | # 1 - Least preferred 201 | # 2 - No preference 202 | # 3 - Most preferred 203 | arch: 204 | amd64: 2 205 | s390x: 2 206 | ppc64le: 2 207 | # Default node selector to be applied to all deployments so that all pods can be 208 | # constrained to run a particular nodes. Each component can overwrite these default 209 | # values by adding its node selector block in the relevant section below and setting 210 | # the desired values. 211 | defaultNodeSelector: {} 212 | # Whether to restrict the applications namespace the controller manages; 213 | # If not set, controller watches all namespaces 214 | oneNamespace: false 215 | 216 | # Whether to perform server-side validation of configuration. 217 | configValidation: true 218 | 219 | # If set to true, the pilot and citadel mtls will be exposed on the 220 | # ingress gateway 221 | meshExpansion: 222 | enabled: false 223 | # If set to true, the pilot and citadel mtls and the plain text pilot ports 224 | # will be exposed on an internal gateway 225 | useILB: false 226 | 227 | multiCluster: 228 | # Set to true to connect two kubernetes clusters via their respective 229 | # ingressgateway services when pods in each cluster cannot directly 230 | # talk to one another. All clusters should be using Istio mTLS and must 231 | # have a shared root CA for this model to work. 232 | enabled: false 233 | 234 | # A minimal set of requested resources to applied to all deployments so that 235 | # Horizontal Pod Autoscaler will be able to function (if set). 236 | # Each component can overwrite these default values by adding its own resources 237 | # block in the relevant section below and setting the desired resources values. 238 | defaultResources: 239 | requests: 240 | cpu: 10m 241 | # memory: 128Mi 242 | # limits: 243 | # cpu: 100m 244 | # memory: 128Mi 245 | 246 | # enable pod distruption budget for the control plane, which is used to 247 | # ensure Istio control plane components are gradually upgraded or recovered. 248 | defaultPodDisruptionBudget: 249 | enabled: true 250 | # The values aren't mutable due to a current PodDisruptionBudget limitation 251 | # minAvailable: 1 252 | # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and 253 | # system-node-critical, it is better to configure this in order to make sure your Istio pods 254 | # will not be killed because of low priority class. 255 | # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass 256 | # for more detail. 257 | priorityClassName: "" 258 | 259 | # Use the Mesh Control Protocol (MCP) for configuring Mixer and 260 | # Pilot. Requires galley (`--set galley.enabled=true`). 261 | useMCP: true 262 | 263 | # The trust domain corresponds to the trust root of a system 264 | # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain 265 | # Indicate the domain used in SPIFFE identity URL 266 | # The default depends on the environment. 267 | # kubernetes: cluster.local 268 | # else: default dns domain 269 | trustDomain: "" 270 | # Set the default behavior of the sidecar for handling outbound traffic from the application: 271 | # ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no 272 | # services or ServiceEntries for the destination port 273 | # REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well 274 | # as those defined through ServiceEntries 275 | # ALLOW_ANY is the default in 1.1. This means each pod will be able to make outbound requests 276 | # to services outside of the mesh without any ServiceEntry. 277 | # REGISTRY_ONLY was the default in 1.0. If this behavior is desired, set the value below to REGISTRY_ONLY. 278 | outboundTrafficPolicy: 279 | mode: REGISTRY_ONLY 280 | # set the default set of namespaces to which services, service entries, virtual services, destination 281 | # rules should be exported to. Currently only one value can be provided in this list. This value 282 | # should be one of the following two options: 283 | # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. 284 | # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host 285 | #defaultConfigVisibilitySettings: 286 | #- '*' 287 | 288 | sds: 289 | # SDS enabled. IF set to true, mTLS certificates for the sidecars will be 290 | # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. 291 | enabled: false 292 | udsPath: "" 293 | useTrustworthyJwt: false 294 | useNormalJwt: false 295 | 296 | # 297 | # ingress configuration 298 | # 299 | ingress: 300 | enabled: false 301 | 302 | # 303 | # Gateways Configuration 304 | # By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. 305 | # You can add more gateways in addition to the defaults but make sure those are uniquely named 306 | # and that NodePorts are not conflicting. 307 | # Disable specifc gateway by setting the `enabled` to false. 308 | # 309 | gateways: 310 | enabled: true 311 | istio-ingressgateway: 312 | enabled: true 313 | labels: 314 | app: istio-ingressgateway 315 | istio: ingressgateway 316 | replicaCount: 1 317 | autoscaleMin: 1 318 | autoscaleMax: 5 319 | resources: {} 320 | # limits: 321 | # cpu: 100m 322 | # memory: 128Mi 323 | #requests: 324 | # cpu: 1800m 325 | # memory: 256Mi 326 | cpu: 327 | targetAverageUtilization: 80 328 | loadBalancerIP: "" 329 | serviceAnnotations: {} 330 | type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be 331 | # Uncomment the following line to preserve client source ip. 332 | # externalTrafficPolicy: Local 333 | 334 | ports: 335 | ## You can add custom gateway ports 336 | - port: 80 337 | targetPort: 80 338 | name: http2 339 | nodePort: 31380 340 | - port: 443 341 | name: https 342 | nodePort: 31390 343 | - port: 31400 344 | name: tcp 345 | nodePort: 31400 346 | # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect 347 | # to pilot/citadel if global.meshExpansion settings are enabled. 348 | - port: 15011 349 | targetPort: 15011 350 | name: tcp-pilot-grpc-tls 351 | - port: 8060 352 | targetPort: 8060 353 | name: tcp-citadel-grpc-tls 354 | - port: 853 355 | targetPort: 853 356 | name: tcp-dns-tls 357 | - port: 15030 358 | targetPort: 15030 359 | name: http2-prometheus 360 | - port: 15031 361 | targetPort: 15031 362 | name: http2-grafana 363 | secretVolumes: [] 364 | istio-egressgateway: 365 | enabled: true 366 | labels: 367 | app: istio-egressgateway 368 | istio: egressgateway 369 | replicaCount: 1 370 | autoscaleMin: 1 371 | autoscaleMax: 5 372 | cpu: 373 | targetAverageUtilization: 80 374 | serviceAnnotations: {} 375 | type: ClusterIP #change to NodePort or LoadBalancer if need be 376 | ports: 377 | - port: 80 378 | name: http2 379 | - port: 443 380 | name: https 381 | secretVolumes: 382 | - name: stock-mtls-server-cert 383 | secretName: stock-mtls-server-cert 384 | mountPath: /etc/certs/stock-server-cert 385 | - name: stock-mtls-client-cert 386 | secretName: stock-mtls-client-cert 387 | mountPath: /etc/certs/stock-client-cert 388 | - name: stock-mtls-ca-cert 389 | secretName: stock-mtls-ca-cert 390 | mountPath: /etc/certs/stock-ca 391 | # sidecar-injector webhook configuration 392 | # 393 | sidecarInjectorWebhook: 394 | enabled: true 395 | replicaCount: 1 396 | enableNamespacesByDefault: false 397 | 398 | # 399 | # galley configuration 400 | # 401 | galley: 402 | enabled: true 403 | replicaCount: 1 404 | image: galley 405 | 406 | # 407 | # mixer configuration 408 | # 409 | mixer: 410 | # 411 | # mixer configuration 412 | # 413 | enabled: true 414 | image: mixer 415 | 416 | env: 417 | GODEBUG: gctrace=1 418 | # max procs should be ceil(cpu limit + 1) 419 | GOMAXPROCS: "6" 420 | 421 | policy: 422 | # if policy is enabled, global.disablePolicyChecks has affect. 423 | enabled: true 424 | replicaCount: 1 425 | autoscaleEnabled: true 426 | autoscaleMin: 1 427 | autoscaleMax: 5 428 | cpu: 429 | targetAverageUtilization: 80 430 | 431 | telemetry: 432 | enabled: true 433 | replicaCount: 1 434 | autoscaleEnabled: true 435 | autoscaleMin: 1 436 | autoscaleMax: 5 437 | cpu: 438 | targetAverageUtilization: 80 439 | sessionAffinityEnabled: false 440 | 441 | # mixer load shedding configuration. 442 | # When mixer detects that it is overloaded, it starts rejecting grpc requests. 443 | loadshedding: 444 | # disabled, logonly or enforce 445 | mode: enforce 446 | # based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async. 447 | latencyThreshold: 100ms 448 | resources: 449 | requests: 450 | cpu: 300m 451 | memory: 256Mi 452 | limits: 453 | # It is best to do horizontal scaling of mixer using moderate cpu allocation. 454 | # We have experimentally found that these values work well. 455 | cpu: 4800m 456 | memory: 4G 457 | 458 | podAnnotations: {} 459 | nodeSelector: {} 460 | 461 | # Specify the pod anti-affinity that allows you to constrain which nodes 462 | # your pod is eligible to be scheduled based on labels on pods that are 463 | # already running on the node rather than based on labels on nodes. 464 | # There are currently two types of anti-affinity: 465 | # "requiredDuringSchedulingIgnoredDuringExecution" 466 | # "preferredDuringSchedulingIgnoredDuringExecution" 467 | # which denote “hard” vs. “soft” requirements, you can define your values 468 | # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" 469 | # correspondingly. 470 | # For example: 471 | # podAntiAffinityLabelSelector: 472 | # - key: security 473 | # operator: In 474 | # values: S1,S2 475 | # topologyKey: "kubernetes.io/hostname" 476 | # This pod anti-affinity rule says that the pod requires not to be scheduled 477 | # onto a node if that node is already running a pod with label having key 478 | # “security” and value “S1”. 479 | podAntiAffinityLabelSelector: {} 480 | podAntiAffinityTermLabelSelector: {} 481 | 482 | adapters: 483 | kubernetesenv: 484 | enabled: true 485 | # stdio is a debug adapter in istio-telemetry, it is not recommended for production use. 486 | stdio: 487 | enabled: false 488 | outputAsJson: true 489 | prometheus: 490 | enabled: true 491 | metricsExpiryDuration: 10m 492 | # Setting this to false sets the useAdapterCRDs mixer startup argument to false 493 | useAdapterCRDs: true 494 | # 495 | # pilot configuration 496 | # 497 | pilot: 498 | # 499 | # pilot configuration 500 | # 501 | enabled: true 502 | autoscaleEnabled: true 503 | autoscaleMin: 1 504 | autoscaleMax: 5 505 | # specify replicaCount when autoscaleEnabled: false 506 | # replicaCount: 1 507 | image: pilot 508 | sidecar: true 509 | traceSampling: 1.0 510 | # Resources for a small pilot install 511 | resources: 512 | requests: 513 | cpu: 300m 514 | memory: 512Mi 515 | env: 516 | PILOT_PUSH_THROTTLE: 100 517 | GODEBUG: gctrace=1 518 | cpu: 519 | targetAverageUtilization: 80 520 | nodeSelector: {} 521 | 522 | # Specify the pod anti-affinity that allows you to constrain which nodes 523 | # your pod is eligible to be scheduled based on labels on pods that are 524 | # already running on the node rather than based on labels on nodes. 525 | # There are currently two types of anti-affinity: 526 | # "requiredDuringSchedulingIgnoredDuringExecution" 527 | # "preferredDuringSchedulingIgnoredDuringExecution" 528 | # which denote “hard” vs. “soft” requirements, you can define your values 529 | # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" 530 | # correspondingly. 531 | # For example: 532 | # podAntiAffinityLabelSelector: 533 | # - key: security 534 | # operator: In 535 | # values: S1,S2 536 | # topologyKey: "kubernetes.io/hostname" 537 | # This pod anti-affinity rule says that the pod requires not to be scheduled 538 | # onto a node if that node is already running a pod with label having key 539 | # “security” and value “S1”. 540 | podAntiAffinityLabelSelector: {} 541 | podAntiAffinityTermLabelSelector: {} 542 | 543 | # The following is used to limit how long a sidecar can be connected 544 | # to a pilot. It balances out load across pilot instances at the cost of 545 | # increasing system churn. 546 | keepaliveMaxServerConnectionAge: 30m 547 | 548 | 549 | # 550 | # security configuration 551 | # 552 | security: 553 | enabled: true 554 | replicaCount: 1 555 | image: citadel 556 | selfSigned: true # indicate if self-signed CA is used. 557 | createMeshPolicy: true 558 | 559 | grafana: 560 | enabled: true 561 | replicaCount: 1 562 | # istio < v1.0.0 563 | #image: grafana 564 | # istio > v1.0.2 565 | image: 566 | repository: grafana/grafana 567 | tag: 6.0.2 568 | persist: false 569 | storageClassName: "" 570 | contextPath: / 571 | accessMode: ReadWriteMany 572 | security: 573 | enabled: false 574 | secretName: grafana 575 | adminUser: admin 576 | adminPassword: admin 577 | datasources: 578 | datasources.yaml: 579 | apiVersion: 1 580 | datasources: 581 | - name: Prometheus 582 | type: prometheus 583 | orgId: 1 584 | url: http://prometheus:9090 585 | access: proxy 586 | isDefault: true 587 | jsonData: 588 | timeInterval: 5s 589 | editable: true 590 | dashboardProviders: 591 | dashboardproviders.yaml: 592 | apiVersion: 1 593 | providers: 594 | - name: 'istio' 595 | orgId: 1 596 | folder: 'istio' 597 | type: file 598 | disableDeletion: false 599 | options: 600 | path: /var/lib/grafana/dashboards/istio 601 | service: 602 | annotations: {} 603 | name: http 604 | type: ClusterIP 605 | externalPort: 3000 606 | internalPort: 3000 607 | 608 | prometheus: 609 | enabled: true 610 | replicaCount: 1 611 | hub: docker.io/prom 612 | tag: v2.8.0 613 | retention: 6h 614 | contextPath: / 615 | service: 616 | annotations: {} 617 | nodePort: 618 | enabled: false 619 | port: 32090 620 | 621 | servicegraph: 622 | enabled: false 623 | tracing: 624 | enabled: true 625 | provider: jaeger 626 | jaeger: 627 | enabled: true 628 | hub: docker.io/jaegertracing 629 | resources: 630 | requests: 631 | cpu: 300m 632 | memory: 300Mi 633 | replicaCount: 1 634 | kiali: 635 | enabled: true 636 | replicaCount: 1 637 | hub: docker.io/kiali 638 | contextPath: / # The root context path to access the Kiali UI. 639 | tag: v0.16 640 | # When true, a secret will be created with a default username and password. Useful for demos. 641 | createDemoSecret: true 642 | ingress: 643 | enabled: false 644 | ## Used to create an Ingress record. 645 | # hosts: 646 | # - kiali.local 647 | annotations: 648 | # kubernetes.io/ingress.class: nginx 649 | # kubernetes.io/tls-acme: "true" 650 | tls: 651 | # Secrets must be manually created in the namespace. 652 | # - secretName: kiali-tls 653 | # hosts: 654 | # - kiali.local 655 | dashboard: 656 | username: admin 657 | # Default admin passphrase for kiali. Must be set during setup, and 658 | # changed by overriding the secret 659 | passphrase: admin 660 | 661 | # Override the automatically detected Grafana URL, usefull when Grafana service has no ExternalIPs 662 | grafanaURL: https://grafana.obs.training.local 663 | 664 | # Override the automatically detected Jaeger URL, usefull when Jaeger service has no ExternalIPs 665 | jaegerURL: https://jaeger.obs.training.local 666 | 667 | # Certmanager uses ACME to sign certificates. Since Istio gateways are 668 | # mounting the TLS secrets the Certificate CRDs must be created in the 669 | # istio-system namespace. Once the certificate has been created, the 670 | # gateway must be updated by adding 'secretVolumes'. After the gateway 671 | # restart, DestinationRules can be created using the ACME-signed certificates. 672 | certmanager: 673 | enabled: false 674 | hub: quay.io/jetstack 675 | tag: v0.3.1 676 | resources: {} -------------------------------------------------------------------------------- /helm/microservice/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /helm/microservice/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: microservice 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /helm/microservice/templates/NOTES.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/helm/microservice/templates/NOTES.txt -------------------------------------------------------------------------------- /helm/microservice/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "microservice.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | {{- define "name" -}} 9 | {{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 10 | {{- end -}} 11 | 12 | {{/* 13 | Create a default fully qualified app name. 14 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 15 | If release name contains chart name it will be used as a full name. 16 | */}} 17 | {{- define "microservice.fullname" -}} 18 | {{- if .Values.fullnameOverride -}} 19 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 20 | {{- else -}} 21 | {{- $name := default .Chart.Name .Values.nameOverride -}} 22 | {{- if contains $name .Release.Name -}} 23 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 24 | {{- else -}} 25 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 26 | {{- end -}} 27 | {{- end -}} 28 | {{- end -}} 29 | 30 | {{/* 31 | Create chart name and version as used by the chart label. 32 | */}} 33 | {{- define "microservice.chart" -}} 34 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 35 | {{- end -}} 36 | -------------------------------------------------------------------------------- /helm/microservice/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "microservice.fullname" . }} 5 | labels: 6 | app: {{ include "microservice.name" . }} 7 | chart: {{ include "microservice.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | version: {{ .Values.version }} 11 | spec: 12 | replicas: {{ .Values.replicaCount }} 13 | selector: 14 | matchLabels: 15 | app: {{ include "microservice.name" . }} 16 | release: {{ .Release.Name }} 17 | version: {{ .Values.version }} 18 | template: 19 | metadata: 20 | labels: 21 | app: {{ include "microservice.name" . }} 22 | release: {{ .Release.Name }} 23 | version: {{ .Values.version }} 24 | annotations: 25 | {{- if .Values.istio.enabled }} 26 | sidecar.istio.io/inject: "true" 27 | {{- end }} 28 | spec: 29 | containers: 30 | - name: {{ .Chart.Name }} 31 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 32 | imagePullPolicy: {{ .Values.image.pullPolicy }} 33 | ports: 34 | - name: http 35 | containerPort: {{ .Values.service.httpPort }} 36 | - name: management 37 | containerPort: {{ .Values.service.managementPort }} 38 | livenessProbe: 39 | httpGet: 40 | path: /healthz 41 | {{- if .Values.service.managementPort }} 42 | port: management 43 | {{- else }} 44 | port: http 45 | {{- end }} 46 | timeoutSeconds: 3 47 | initialDelaySeconds: 20 48 | readinessProbe: 49 | httpGet: 50 | path: /healthz 51 | {{- if .Values.service.managementPort }} 52 | port: management 53 | {{- else }} 54 | port: http 55 | {{- end }} 56 | timeoutSeconds: 3 57 | initialDelaySeconds: 20 58 | resources: 59 | {{ toYaml .Values.resources | indent 12 }} 60 | {{- with .Values.nodeSelector }} 61 | nodeSelector: 62 | {{ toYaml . | indent 8 }} 63 | {{- end }} 64 | {{- with .Values.affinity }} 65 | affinity: 66 | {{ toYaml . | indent 8 }} 67 | {{- end }} 68 | {{- with .Values.tolerations }} 69 | tolerations: 70 | {{ toYaml . | indent 8 }} 71 | {{- end }} 72 | -------------------------------------------------------------------------------- /helm/microservice/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: {{ template "name" . }} 6 | chart: {{ template "microservice.chart" . }} 7 | environment: "{{ .Values.environment }}" 8 | release: {{ .Release.Name }} 9 | version: {{ .Values.version }} 10 | name: {{ template "microservice.fullname" . }} 11 | spec: 12 | type: {{ .Values.service.type }} 13 | ports: 14 | - port: {{ .Values.service.httpPort }} 15 | targetPort: http 16 | protocol: TCP 17 | name: http 18 | {{- if not (eq (.Values.service.httpsPort | int) 0) }} 19 | - port: {{ .Values.service.httpsPort }} 20 | targetPort: https 21 | protocol: TCP 22 | name: https 23 | {{- end }} 24 | selector: 25 | app: {{ template "name" . }} 26 | -------------------------------------------------------------------------------- /helm/microservice/values.v1.yaml: -------------------------------------------------------------------------------- 1 | # Default values for microservice. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | version: v1 5 | replicaCount: 1 6 | 7 | image: 8 | repository: castlemilk/demo-microservice 9 | tag: v1 10 | pullPolicy: IfNotPresent 11 | 12 | nameOverride: "demo-microservice" 13 | fullnameOverride: "" 14 | istio: 15 | enabled: true 16 | service: 17 | type: ClusterIP 18 | httpPort: 8080 19 | # If zero, https port will not be exposed from Pod/Service 20 | httpsPort: 0 21 | # If zero, will assume same port as httpPort. Port used for management functionality such as livenessProbe, readinessProbe, and metrics 22 | # NOTE: Port is never exposed from Service 23 | managementPort: 8081 24 | 25 | resources: {} 26 | # We usually recommend not to specify default resources and to leave this as a conscious 27 | # choice for the user. This also increases chances charts run on environments with little 28 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 29 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 30 | # limits: 31 | # cpu: 100m 32 | # memory: 128Mi 33 | # requests: 34 | # cpu: 100m 35 | # memory: 128Mi 36 | 37 | nodeSelector: {} 38 | 39 | tolerations: [] 40 | 41 | affinity: {} 42 | -------------------------------------------------------------------------------- /helm/microservice/values.v2.yaml: -------------------------------------------------------------------------------- 1 | # Default values for microservice. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | version: v2 5 | replicaCount: 1 6 | 7 | image: 8 | repository: castlemilk/demo-microservice 9 | tag: v2 10 | pullPolicy: IfNotPresent 11 | 12 | nameOverride: "demo-microservice" 13 | fullnameOverride: "" 14 | istio: 15 | enabled: true 16 | service: 17 | type: ClusterIP 18 | httpPort: 8080 19 | # If zero, https port will not be exposed from Pod/Service 20 | httpsPort: 0 21 | # If zero, will assume same port as httpPort. Port used for management functionality such as livenessProbe, readinessProbe, and metrics 22 | # NOTE: Port is never exposed from Service 23 | managementPort: 8081 24 | 25 | resources: {} 26 | # We usually recommend not to specify default resources and to leave this as a conscious 27 | # choice for the user. This also increases chances charts run on environments with little 28 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 29 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 30 | # limits: 31 | # cpu: 100m 32 | # memory: 128Mi 33 | # requests: 34 | # cpu: 100m 35 | # memory: 128Mi 36 | 37 | nodeSelector: {} 38 | 39 | tolerations: [] 40 | 41 | affinity: {} 42 | -------------------------------------------------------------------------------- /hosts: -------------------------------------------------------------------------------- 1 | 127.0.0.1 webapp.demo api.demo grafana.demo kiali.demo tracing.demo -------------------------------------------------------------------------------- /init_kube.sh: -------------------------------------------------------------------------------- 1 | # create workload namespace 2 | #/bin/bash 3 | kubectl create namespace development --save-config --dry-run -o yaml | kubectl apply -f - -------------------------------------------------------------------------------- /microservice/.gitignore: -------------------------------------------------------------------------------- 1 | /.classpath 2 | /.gradle 3 | /.project 4 | /.settings 5 | /.vscode 6 | /bin 7 | /build 8 | -------------------------------------------------------------------------------- /microservice/.gradle/4.8.1/fileHashes/fileHashes.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/.gradle/4.8.1/fileHashes/fileHashes.bin -------------------------------------------------------------------------------- /microservice/.gradle/4.8.1/fileHashes/fileHashes.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/.gradle/4.8.1/fileHashes/fileHashes.lock -------------------------------------------------------------------------------- /microservice/Dockerfile: -------------------------------------------------------------------------------- 1 | # ******* 2 | # Build * 3 | # ******* 4 | # Using slim image because main image has issues with missing SSL CA certificates 5 | FROM openjdk:8-jdk-slim AS build 6 | 7 | WORKDIR /app 8 | 9 | # Install Gradle - running the wrapper help command will trigger depdenency download 10 | COPY gradlew ./ 11 | COPY gradle ./gradle/ 12 | RUN ./gradlew help 13 | 14 | # Retrieve all dependencies prior to copying source to avoid re-downloading every time source changes 15 | COPY build.gradle settings.gradle ./ 16 | RUN ./gradlew download 17 | 18 | 19 | 20 | # Copy the source code and perform the final build 21 | ARG VERSION 22 | COPY src ./src/ 23 | RUN ./gradlew build 24 | 25 | # ************** 26 | # * Deployment * 27 | # ************** 28 | FROM openjdk:8-jdk-slim 29 | 30 | COPY --from=build /app/build/libs/demo-microservice.jar /app.jar 31 | CMD [ "java", "-jar", "/app.jar" ] 32 | -------------------------------------------------------------------------------- /microservice/build.gradle: -------------------------------------------------------------------------------- 1 | buildscript { 2 | ext { 3 | springBootVersion = '2.0.4.RELEASE' 4 | } 5 | repositories { 6 | mavenCentral() 7 | } 8 | dependencies { 9 | classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}") 10 | } 11 | } 12 | 13 | apply plugin: 'java' 14 | apply plugin: 'eclipse' 15 | apply plugin: 'org.springframework.boot' 16 | apply plugin: 'io.spring.dependency-management' 17 | 18 | group = 'com.istiodemo' 19 | version = '' 20 | sourceCompatibility = 1.8 21 | 22 | repositories { 23 | mavenCentral() 24 | } 25 | 26 | 27 | dependencies { 28 | compile 'org.springframework.boot:spring-boot-starter' 29 | compile 'org.springframework.boot:spring-boot-starter-actuator' 30 | compile 'org.springframework.boot:spring-boot-starter-web' 31 | compile 'io.micrometer:micrometer-registry-prometheus' 32 | testCompile('org.springframework.boot:spring-boot-starter-test') 33 | } 34 | 35 | task download (type: Exec) { 36 | description "Pre-downloads *most* dependencies" 37 | doLast { 38 | configurations.getAsMap().each { name, config -> 39 | println "Retrieving dependencies for $name" 40 | try { 41 | config.files 42 | } catch (e) { 43 | project.logger.info e.message // some cannot be resolved, silentlyish skip them 44 | } 45 | } 46 | } 47 | // configurations.testCompile.files 48 | // configurations.jacocoAgent.files 49 | commandLine 'echo', 'Downloaded all dependencies' 50 | 51 | } 52 | 53 | -------------------------------------------------------------------------------- /microservice/caches/4.10/file-changes/last-build.bin: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /microservice/caches/4.10/fileHashes/fileHashes.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/caches/4.10/fileHashes/fileHashes.lock -------------------------------------------------------------------------------- /microservice/caches/4.10/gc.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/caches/4.10/gc.properties -------------------------------------------------------------------------------- /microservice/caches/4.10/md-rule/md-rule.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/caches/4.10/md-rule/md-rule.lock -------------------------------------------------------------------------------- /microservice/caches/4.10/md-supplier/md-supplier.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/caches/4.10/md-supplier/md-supplier.lock -------------------------------------------------------------------------------- /microservice/caches/jars-3/gc.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/caches/jars-3/gc.properties -------------------------------------------------------------------------------- /microservice/caches/journal-1/file-access.properties: -------------------------------------------------------------------------------- 1 | #Sat Sep 01 16:14:06 AEST 2018 2 | inceptionTimestamp=1535782446479 3 | -------------------------------------------------------------------------------- /microservice/caches/journal-1/journal-1.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/caches/journal-1/journal-1.lock -------------------------------------------------------------------------------- /microservice/caches/modules-2/gc.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/caches/modules-2/gc.properties -------------------------------------------------------------------------------- /microservice/caches/transforms-1/gc.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/caches/transforms-1/gc.properties -------------------------------------------------------------------------------- /microservice/caches/transforms-1/transforms-1.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/caches/transforms-1/transforms-1.lock -------------------------------------------------------------------------------- /microservice/daemon/4.10/registry.bin: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /microservice/daemon/4.10/registry.bin.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/daemon/4.10/registry.bin.lock -------------------------------------------------------------------------------- /microservice/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | app: 4 | build: 5 | context: . 6 | image: castlemilk/microservice-a:v3 7 | ports: 8 | - "8080:8080" 9 | - "8081:8081" -------------------------------------------------------------------------------- /microservice/gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /microservice/gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Tue Feb 06 12:27:20 CET 2018 2 | distributionBase=GRADLE_USER_HOME 3 | distributionPath=wrapper/dists 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | distributionUrl=https\://services.gradle.org/distributions/gradle-4.8.1-bin.zip 7 | -------------------------------------------------------------------------------- /microservice/gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | ############################################################################## 4 | ## 5 | ## Gradle start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Attempt to set APP_HOME 10 | # Resolve links: $0 may be a link 11 | PRG="$0" 12 | # Need this for relative symlinks. 13 | while [ -h "$PRG" ] ; do 14 | ls=`ls -ld "$PRG"` 15 | link=`expr "$ls" : '.*-> \(.*\)$'` 16 | if expr "$link" : '/.*' > /dev/null; then 17 | PRG="$link" 18 | else 19 | PRG=`dirname "$PRG"`"/$link" 20 | fi 21 | done 22 | SAVED="`pwd`" 23 | cd "`dirname \"$PRG\"`/" >/dev/null 24 | APP_HOME="`pwd -P`" 25 | cd "$SAVED" >/dev/null 26 | 27 | APP_NAME="Gradle" 28 | APP_BASE_NAME=`basename "$0"` 29 | 30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 31 | DEFAULT_JVM_OPTS="" 32 | 33 | # Use the maximum available, or set MAX_FD != -1 to use that value. 34 | MAX_FD="maximum" 35 | 36 | warn ( ) { 37 | echo "$*" 38 | } 39 | 40 | die ( ) { 41 | echo 42 | echo "$*" 43 | echo 44 | exit 1 45 | } 46 | 47 | # OS specific support (must be 'true' or 'false'). 48 | cygwin=false 49 | msys=false 50 | darwin=false 51 | nonstop=false 52 | case "`uname`" in 53 | CYGWIN* ) 54 | cygwin=true 55 | ;; 56 | Darwin* ) 57 | darwin=true 58 | ;; 59 | MINGW* ) 60 | msys=true 61 | ;; 62 | NONSTOP* ) 63 | nonstop=true 64 | ;; 65 | esac 66 | 67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 68 | 69 | # Determine the Java command to use to start the JVM. 70 | if [ -n "$JAVA_HOME" ] ; then 71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 72 | # IBM's JDK on AIX uses strange locations for the executables 73 | JAVACMD="$JAVA_HOME/jre/sh/java" 74 | else 75 | JAVACMD="$JAVA_HOME/bin/java" 76 | fi 77 | if [ ! -x "$JAVACMD" ] ; then 78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 79 | 80 | Please set the JAVA_HOME variable in your environment to match the 81 | location of your Java installation." 82 | fi 83 | else 84 | JAVACMD="java" 85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 86 | 87 | Please set the JAVA_HOME variable in your environment to match the 88 | location of your Java installation." 89 | fi 90 | 91 | # Increase the maximum file descriptors if we can. 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 93 | MAX_FD_LIMIT=`ulimit -H -n` 94 | if [ $? -eq 0 ] ; then 95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 96 | MAX_FD="$MAX_FD_LIMIT" 97 | fi 98 | ulimit -n $MAX_FD 99 | if [ $? -ne 0 ] ; then 100 | warn "Could not set maximum file descriptor limit: $MAX_FD" 101 | fi 102 | else 103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 104 | fi 105 | fi 106 | 107 | # For Darwin, add options to specify how the application appears in the dock 108 | if $darwin; then 109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 110 | fi 111 | 112 | # For Cygwin, switch paths to Windows format before running java 113 | if $cygwin ; then 114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 116 | JAVACMD=`cygpath --unix "$JAVACMD"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Escape application args 158 | save ( ) { 159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 160 | echo " " 161 | } 162 | APP_ARGS=$(save "$@") 163 | 164 | # Collect all arguments for the java command, following the shell quoting and substitution rules 165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 166 | 167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 169 | cd "$(dirname "$0")" 170 | fi 171 | 172 | exec "$JAVACMD" "$@" 173 | -------------------------------------------------------------------------------- /microservice/gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME% 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS= 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 67 | 68 | @rem Execute Gradle 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /microservice/native/25/osx-amd64/libnative-platform-curses.dylib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/native/25/osx-amd64/libnative-platform-curses.dylib -------------------------------------------------------------------------------- /microservice/native/25/osx-amd64/libnative-platform-curses.dylib.lock: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /microservice/native/25/osx-amd64/libnative-platform.dylib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/native/25/osx-amd64/libnative-platform.dylib -------------------------------------------------------------------------------- /microservice/native/25/osx-amd64/libnative-platform.dylib.lock: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /microservice/native/jansi/1.14/osx/libjansi.jnilib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/native/jansi/1.14/osx/libjansi.jnilib -------------------------------------------------------------------------------- /microservice/notifications/4.10/release-features.rendered: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/microservice/notifications/4.10/release-features.rendered -------------------------------------------------------------------------------- /microservice/settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'demo-microservice' 2 | -------------------------------------------------------------------------------- /microservice/src/main/java/com/istiodemo/demo/Color.java: -------------------------------------------------------------------------------- 1 | package com.istiodemo.demo; 2 | 3 | import org.apache.commons.logging.Log; 4 | import org.apache.commons.logging.LogFactory; 5 | import org.springframework.beans.factory.annotation.Value; 6 | import org.springframework.http.MediaType; 7 | import org.springframework.web.bind.annotation.RequestMapping; 8 | import org.springframework.web.bind.annotation.RequestMethod; 9 | import org.springframework.web.bind.annotation.RestController; 10 | 11 | import java.net.InetAddress; 12 | import java.util.HashMap; 13 | import java.util.Map; 14 | import java.util.Random; 15 | 16 | @RestController 17 | @RequestMapping(value="/color") 18 | public class Color { 19 | @Value("${version}") 20 | public String version = "3.0"; 21 | 22 | public String color = "red"; 23 | private static final Log log = LogFactory.getLog(Color.class); 24 | 25 | @RequestMapping( 26 | method = RequestMethod.GET, 27 | produces = { MediaType.APPLICATION_JSON_VALUE } 28 | ) 29 | public Map getResponseFromHeader() { 30 | Map response = new HashMap<>(); 31 | if (color.contains("red")) { 32 | try { 33 | int max = 500; // maxmimum flux delay in ms 34 | int min = 30; // maximum flux delay in ms 35 | int ms = new Random().nextInt((max - min)) + min; 36 | if (ms > 300) { 37 | throw new IllegalArgumentException("REQUEST_TOO_LONG"); 38 | } 39 | Thread.sleep(ms); 40 | } catch (InterruptedException e) { 41 | // TODO Auto-generated catch block 42 | 43 | log.debug("ERROR:", e); 44 | e.printStackTrace(); 45 | } 46 | } 47 | try { 48 | String hostname = InetAddress.getLocalHost().getHostName(); 49 | response.put("version", version); 50 | response.put("color", color); 51 | response.put("hostname", hostname); 52 | } catch (Exception e) { 53 | log.debug("ERROR:", e); 54 | } 55 | return response; 56 | 57 | } 58 | 59 | } -------------------------------------------------------------------------------- /microservice/src/main/java/com/istiodemo/demo/DemoApplication.java: -------------------------------------------------------------------------------- 1 | package com.istiodemo.demo; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class DemoApplication { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(DemoApplication.class, args); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /microservice/src/main/resources/application.yaml: -------------------------------------------------------------------------------- 1 | version: 0.0.3 2 | color: "red" 3 | management: 4 | server: 5 | port: 8081 6 | endpoints: 7 | prometheus: 8 | enabled: true 9 | web: 10 | exposure: 11 | include: 'info,health,prometheus' 12 | base-path: / 13 | path-mapping: 14 | health: healthz 15 | prometheus: metrics -------------------------------------------------------------------------------- /microservice/src/test/java/com/istiodemo/demo/DemoApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.istiodemo.demo; 2 | 3 | import org.junit.Test; 4 | import org.junit.runner.RunWith; 5 | import org.springframework.boot.test.context.SpringBootTest; 6 | import org.springframework.test.context.junit4.SpringRunner; 7 | 8 | @RunWith(SpringRunner.class) 9 | @SpringBootTest 10 | public class DemoApplicationTests { 11 | 12 | @Test 13 | public void contextLoads() { 14 | } 15 | 16 | } 17 | -------------------------------------------------------------------------------- /webapp/.babelrc: -------------------------------------------------------------------------------- 1 | { 2 | "presets": [ 3 | [ "es2015", { "loose": true, "modules" : false } ], 4 | "stage-0", 5 | "react" 6 | ], 7 | "plugins": [ 8 | "react-hot-loader/babel", 9 | "transform-decorators-legacy" 10 | ], 11 | "env": { 12 | "production": { 13 | "plugins": [ 14 | "transform-es2015-modules-commonjs", 15 | "transform-react-remove-prop-types", 16 | "transform-react-constant-elements", 17 | "transform-react-inline-elements", 18 | "transform-runtime", 19 | "transform-decorators-legacy" 20 | ] 21 | }, 22 | "test": { 23 | "plugins": [ 24 | "transform-es2015-modules-commonjs" 25 | ] 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /webapp/.eslintignore: -------------------------------------------------------------------------------- 1 | dist/ 2 | -------------------------------------------------------------------------------- /webapp/.eslintrc: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "react-app", 3 | "plugins": [ 4 | "prettier", 5 | "react" 6 | ] 7 | } -------------------------------------------------------------------------------- /webapp/.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | node_modules 3 | npm-debug.log 4 | dist 5 | /istio-* 6 | .gradle 7 | -------------------------------------------------------------------------------- /webapp/.nvmrc: -------------------------------------------------------------------------------- 1 | 10.4.1 2 | -------------------------------------------------------------------------------- /webapp/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:10.12.0 as build-deps 2 | 3 | WORKDIR /usr/src/app 4 | COPY package.json yarn.lock ./ 5 | 6 | RUN yarn 7 | COPY . ./ 8 | EXPOSE 3000 9 | CMD ["npm", "run", "start"] 10 | -------------------------------------------------------------------------------- /webapp/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2013 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /webapp/app/App.css: -------------------------------------------------------------------------------- 1 | .App { 2 | text-align: center; 3 | width: 100%; 4 | } 5 | 6 | .App-logo { 7 | animation: App-logo-spin infinite 20s linear; 8 | height: 80px; 9 | } 10 | 11 | .App-header { 12 | background-color: #797373; 13 | height: 150px; 14 | padding: 20px; 15 | color: white; 16 | } 17 | .App-title { 18 | font-size: 1.5em; 19 | } 20 | 21 | .App-intro { 22 | font-size: large; 23 | } 24 | 25 | @keyframes App-logo-spin { 26 | from { transform: rotate(0deg); } 27 | to { transform: rotate(360deg); } 28 | } 29 | -------------------------------------------------------------------------------- /webapp/app/App.js: -------------------------------------------------------------------------------- 1 | import React, { Component } from 'react' 2 | import axios from 'axios' 3 | import styled from 'styled-components' 4 | import logo from '../assets/logo.svg' 5 | import Bad from '../assets/bad.svg' 6 | import './App.css' 7 | 8 | const colorDict = { 9 | blue: '#435cea', 10 | red: '#ea4366', 11 | green: '#65d8a5' 12 | } 13 | const BoxViewWrapper = styled.div` 14 | text-align: center; 15 | justify-content: center; 16 | .box-view { 17 | display: flex; 18 | flex-wrap: wrap; 19 | margin: auto; 20 | justify-content: center; 21 | width: 900px; 22 | } 23 | .version { 24 | padding-left: 5px; 25 | text-overflow: ellipsis; 26 | /* Required for text-overflow to do anything */ 27 | white-space: nowrap; 28 | overflow: hidden; 29 | } 30 | 31 | .refresh-button { 32 | border-radius: 20px; 33 | width: 160px; 34 | height: 50px; 35 | margin-top: 30px; 36 | background: black; 37 | color: white; 38 | border: black; 39 | outline: none; 40 | 41 | } 42 | .refresh-button:hover { 43 | box-shadow: 0 5px #666; 44 | } 45 | .refesh-button:focus { 46 | text-decoration: none; 47 | outline: none; 48 | border: none; 49 | box-shadow: none; 50 | outline-style: none; 51 | 52 | } 53 | .refresh-button:active { 54 | text-decoration: none; 55 | outline: none; 56 | border: none; 57 | box-shadow: none; 58 | outline-style: none; 59 | box-shadow: 0 5px #666; 60 | transform: translateY(4px); 61 | } 62 | ` 63 | const BoxWrapper = styled.div` 64 | background: ${props => colorDict[props.color]}; 65 | width: 150px; 66 | height: 50px; 67 | margin: 10px; 68 | 69 | border-radius: 10px; 70 | border: 2px solid black; 71 | display: flex; 72 | justify-content: center; 73 | align-content: center; 74 | flex-direction: column; /* column | row */ 75 | ` 76 | const FailBoxWrapper = styled.div` 77 | background: black; 78 | color: white; 79 | width: 150px; 80 | height: 50px; 81 | margin: 10px; 82 | border-radius: 10px; 83 | border: 2px solid black; 84 | display: flex; 85 | justify-content: center; 86 | align-content: center; 87 | flex-direction: column; /* column | row */ 88 | ` 89 | 90 | const Box = props => { 91 | return (props.data === 'ERROR' ? bad : 92 | 93 |
94 | {props.data.version} 95 |
96 | 97 | ) 98 | } 99 | class App extends Component { 100 | constructor (props) { 101 | super(props) 102 | this.state = { 103 | box_requests: Array(25), 104 | boxes: [] 105 | } 106 | } 107 | 108 | _loadData () { 109 | const path = 'color' 110 | const box_requests = Array(25) 111 | for (let i = 0; i < box_requests.length; i++) { 112 | box_requests[i] = axios 113 | .create({ 114 | baseURL: 'http://api.demo/', 115 | headers: { 116 | 'Content-Type': 'application/json', 117 | Accept: 'application/json' 118 | }, 119 | params: { 120 | rando: `${Math.random()}` 121 | }, 122 | crossdomain: true 123 | }) 124 | .get(path) 125 | .then(response => response.data) 126 | .catch(error => 'ERROR') 127 | } 128 | axios 129 | .all(box_requests) 130 | .then(response => 131 | this.setState({ boxes: response.map(response => response) }) 132 | ) 133 | } 134 | componentDidMount () { 135 | this._loadData() 136 | } 137 | reloadData () { 138 | this._loadData() 139 | this.forceUpdate() 140 | } 141 | render () { 142 | console.log('fetching content...') 143 | console.log(this.state.boxes) 144 | const boxView = this.state.boxes.map((data, index) => ( 145 | 146 | )) 147 | return ( 148 |
149 | 150 |
151 | {boxView} 152 |
153 | 156 | 157 |
158 | ) 159 | } 160 | } 161 | 162 | export default App 163 | -------------------------------------------------------------------------------- /webapp/app/App.test.js: -------------------------------------------------------------------------------- 1 | import React from 'react'; 2 | import ReactDOM from 'react-dom'; 3 | import App from './App'; 4 | 5 | it('renders without crashing', () => { 6 | const div = document.createElement('div'); 7 | ReactDOM.render(, div); 8 | ReactDOM.unmountComponentAtNode(div); 9 | }); 10 | -------------------------------------------------------------------------------- /webapp/app/index.js: -------------------------------------------------------------------------------- 1 | import React from 'react'; 2 | import ReactDOM from 'react-dom'; 3 | import App from './App'; 4 | 5 | ReactDOM.render(, document.getElementById('root')); 6 | -------------------------------------------------------------------------------- /webapp/assets/bad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/webapp/assets/bad.png -------------------------------------------------------------------------------- /webapp/assets/bad.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /webapp/assets/canary-90-10.vs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: demo-vs 5 | namespace: development 6 | spec: 7 | gateways: 8 | - demo-gateway 9 | - mesh 10 | hosts: 11 | - "demo-microservice.development.svc.cluster.local" 12 | http: 13 | - route: 14 | - destination: 15 | host: demo-microservice.development.svc.cluster.local 16 | subset: v1 17 | port: 18 | number: 8080 19 | weight: 90 20 | - destination: 21 | host: demo-microservice.development.svc.cluster.local 22 | subset: v2 23 | port: 24 | number: 8080 25 | weight: 10 26 | retries: 27 | attempts: 5 28 | perTryTimeout: 2s -------------------------------------------------------------------------------- /webapp/assets/canary.dr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: demo-destination 5 | namespace: development 6 | spec: 7 | host: demo-microservice.development.svc.cluster.local 8 | trafficPolicy: 9 | tls: 10 | mode: ISTIO_MUTUAL 11 | subsets: 12 | - name: v1 13 | labels: 14 | version: v1 15 | - name: v2 16 | labels: 17 | version: v2 -------------------------------------------------------------------------------- /webapp/assets/canary.vs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: demo-vs 5 | namespace: development 6 | spec: 7 | gateways: 8 | - demo-gateway 9 | - mesh 10 | hosts: 11 | - "demo-microservice.development.svc.cluster.local" 12 | http: 13 | - route: 14 | - destination: 15 | host: demo-microservice.development.svc.cluster.local 16 | subset: v1 17 | port: 18 | number: 8080 19 | weight: 100 -------------------------------------------------------------------------------- /webapp/assets/city.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/webapp/assets/city.jpg -------------------------------------------------------------------------------- /webapp/assets/deck.example: -------------------------------------------------------------------------------- 1 | return ( 2 | 3 | 4 | 5 | React Presentations 6 | 7 | 8 | Written In React 9 | 10 | 11 | 12 | 13 | Wait What? 14 | 15 | 16 | 17 | 18 | Thats right 19 | 20 | 21 | Inline style based theme system 22 | Autofit Text 23 | react-router navigation 24 | PDF Export 25 | 26 | 27 | 28 | ) 29 | -------------------------------------------------------------------------------- /webapp/assets/digio-logo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /webapp/assets/example.code.js: -------------------------------------------------------------------------------- 1 | import createTheme from 'spectacle/lib/themes/default' 2 | import App from '../app/App' 3 | import Logo from './logo.svg' -------------------------------------------------------------------------------- /webapp/assets/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/webapp/assets/favicon.ico -------------------------------------------------------------------------------- /webapp/assets/favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/webapp/assets/favicon.png -------------------------------------------------------------------------------- /webapp/assets/formidable-logo.svg: -------------------------------------------------------------------------------- 1 | image/svg+xml -------------------------------------------------------------------------------- /webapp/assets/github.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /webapp/assets/gw.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: demo-gateway 5 | namespace: development 6 | spec: 7 | selector: 8 | istio: ingress 9 | servers: 10 | - port: 11 | number: 443 12 | name: https 13 | protocol: HTTPS 14 | hosts: 15 | - "demo.microservice.local" 16 | tls: 17 | mode: MUTUAL 18 | serverCertificate: /etc/certs/cert-chain.pem 19 | privateKey: /etc/certs/key.pem 20 | caCertificates: /etc/certs/root-cert.pem -------------------------------------------------------------------------------- /webapp/assets/interactive.js: -------------------------------------------------------------------------------- 1 | import React, { Component } from "react"; 2 | import { Heading } from "spectacle"; 3 | 4 | export default class Interactive extends Component { 5 | constructor() { 6 | super(); 7 | this.state = { 8 | count: 0 9 | }; 10 | this.handleClick = this.handleClick.bind(this); 11 | } 12 | handleClick() { 13 | this.setState({ 14 | count: this.state.count + 1 15 | }); 16 | } 17 | render() { 18 | const styles = { 19 | padding: 20, 20 | background: "black", 21 | minWidth: 300, 22 | marginTop: 20, 23 | textTransform: "uppercase", 24 | border: "none", 25 | color: "white", 26 | outline: "none", 27 | fontWeight: "bold", 28 | fontSize: "2em" 29 | }; 30 | return ( 31 |
32 | {this.state.count < 5 ? 33 |
34 | 35 | The button has been clicked {this.state.count} times 36 | 37 | 38 |
: 39 | Easy there pal 40 | } 41 |
42 | ); 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /webapp/assets/istio-icon-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/webapp/assets/istio-icon-2.png -------------------------------------------------------------------------------- /webapp/assets/istio-icon.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /webapp/assets/jbhifi-logo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /webapp/assets/kat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/webapp/assets/kat.png -------------------------------------------------------------------------------- /webapp/assets/logo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /webapp/assets/logo3.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /webapp/assets/markdown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/webapp/assets/markdown.png -------------------------------------------------------------------------------- /webapp/components/Architecture/images/client.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /webapp/components/Architecture/index.jsx: -------------------------------------------------------------------------------- 1 | import React, { Component } from 'react' 2 | import Client from './images/client.svg'; 3 | import Microservices from './images/microservices.svg'; 4 | import Background from './images/background.svg'; 5 | import Ingress from './images/ingress.svg'; 6 | import { 7 | Wrapper, 8 | BackgroundImageWrapper, 9 | BackgroundLabel, 10 | ClientImageWrapper, 11 | ClientLabel, 12 | IngressImageWrapper, 13 | IngressLabel, 14 | MicroservicesImageWrapper, 15 | MicroservicesLabel 16 | } from './style'; 17 | 18 | class Architecture extends React.Component { 19 | constructor(props) { 20 | super(props); 21 | this.state = { 22 | index: 0, 23 | items: [ 24 | { 25 | component: , 26 | index: 0 27 | }, 28 | { 29 | component: , 30 | index: 1 31 | }, 32 | { 33 | component: , 34 | index: 2 35 | }, 36 | { 37 | component: , 38 | index: 3 39 | } 40 | ] 41 | }; 42 | this.handleKeyPress = this.handleKeyPress.bind(this); 43 | 44 | } 45 | handleKeyPress(e) { 46 | console.log(e) 47 | e.preventDefault() 48 | // this.setState({ index: 1}) 49 | if (e.key === 'ArrowUp') { 50 | this.setState(prevState => ({ index: (prevState.index < 4 ? prevState.index + 1 : 0)})) 51 | } else if (e.key === 'ArrowDown') { 52 | this.setState(prevState => ({ index: (prevState.index > 0 ? prevState.index - 1 : 4)})) 53 | } 54 | 55 | // console.log(this.state.index) 56 | } 57 | componentDidMount() { 58 | document.addEventListener('keydown',this.handleKeyPress, false); 59 | } 60 | componentWillUnmount() { 61 | document.removeEventListener('keydown',this.handleKeyPress, false); 62 | } 63 | 64 | render() { 65 | console.log(this.state.index) 66 | return ( 67 | 68 | 69 |

React WebApp (this presentation)

70 | 71 | 72 | 73 |

Docker-for-Mac, running Kubernetes + Istio control plane

74 |

+ observability tooling

 75 | 76 | 77 |

Ingress Gateway, allowing traffic

into the Kubernetes cluster

78 | 79 | 80 | 81 |

Deployed microservices within kubernetes cluster

82 |

sidecar loaded to allow traffic steering.

83 |

each deployment is labeled with

a different version: 0.0.x key-value label

84 | 85 | ) 86 | } 87 | } 88 | 89 | export default Architecture; -------------------------------------------------------------------------------- /webapp/components/Architecture/style.js: -------------------------------------------------------------------------------- 1 | import styled from 'styled-components' 2 | 3 | export const Wrapper = styled.div` 4 | height: 800px; 5 | width: 100%; 6 | display: flex; 7 | flex-direction: column; 8 | align-items: center; 9 | justify-content: center; 10 | p { 11 | font-family: Avenir Next, sans-serif; 12 | 13 | } 14 | 15 | `; 16 | 17 | export const ClientImageWrapper = styled.img` 18 | position: absolute; 19 | grid-area: image; 20 | bottom: ${props => props.selected ? 5 : 4}%; 21 | right: 49%; 22 | filter: ${props => props.selected ? `drop-shadow(0 3px 2px rgb(85, 72, 132)) drop-shadow(0 2px 2px rgb(85, 72, 132))` : `none`}; 23 | &:hover { 24 | filter: drop-shadow(0 3px 2px rgb(85, 72, 132)) drop-shadow(0 2px 2px rgb(85, 72, 132)); 25 | } 26 | `; 27 | export const ClientLabel = styled.div` 28 | position: absolute; 29 | color: white; 30 | background: black; 31 | padding: 10px; 32 | bottom: 9%; 33 | right: 3%; 34 | display: ${props => props.selected ? `block` : `none`}; 35 | p { 36 | margin: 0 20px 0 20px; 37 | } 38 | `; 39 | export const BackgroundImageWrapper = styled.img` 40 | position: absolute; 41 | top: ${props => props.selected ? 19 : 20}%; 42 | filter: ${props => props.selected ? `drop-shadow(0 3px 2px rgb(85, 72, 132)) drop-shadow(0 2px 2px rgb(85, 72, 132))` : `none`}; 43 | &:hover { 44 | filter: drop-shadow(0 3px 2px rgb(85, 72, 132)) drop-shadow(0 2px 2px rgb(85, 72, 132)); 45 | } 46 | `; 47 | export const BackgroundLabel = styled.div` 48 | position: absolute; 49 | color: white; 50 | background: black; 51 | top: 17%; 52 | right: -6%; 53 | display: ${props => props.selected ? `block` : `none`}; 54 | p { 55 | margin: 0 20px 0 20px; 56 | } 57 | 58 | `; 59 | export const MicroservicesImageWrapper = styled.img` 60 | position: absolute; 61 | top: ${props => props.selected ? 32 :33}%; 62 | filter: ${props => props.selected ? `drop-shadow(0 3px 2px rgb(85, 72, 132)) drop-shadow(0 2px 2px rgb(85, 72, 132))` : `none`}; 63 | &:hover { 64 | filter: drop-shadow(0 3px 2px rgb(85, 72, 132)) drop-shadow(0 2px 2px rgb(85, 72, 132)); 65 | } 66 | `; 67 | export const MicroservicesLabel = styled.div` 68 | position: absolute; 69 | top: 16%; 70 | right: -7%; 71 | color: white; 72 | background: black; 73 | display: ${props => props.selected ? `block` : `none`}; 74 | p { 75 | margin: 0 20px 0 20px; 76 | } 77 | `; 78 | export const IngressImageWrapper = styled.img` 79 | position: absolute; 80 | top: ${props => props.selected ? 48 : 49}%; 81 | filter: ${props => props.selected ? `drop-shadow(0 3px 2px rgb(85, 72, 132)) drop-shadow(0 2px 2px rgb(85, 72, 132))` : `none`}; 82 | &:hover { 83 | filter: drop-shadow(0 3px 2px rgb(85, 72, 132)) drop-shadow(0 2px 2px rgb(85, 72, 132)); 84 | } 85 | `; 86 | export const IngressLabel = styled.div` 87 | position: absolute; 88 | top: 60%; 89 | right: -5%; 90 | color: white; 91 | background: black; 92 | display: ${props => props.selected ? `block` : `none`}; 93 | p { 94 | margin: 0 20px 0 20px; 95 | } 96 | 97 | `; 98 | -------------------------------------------------------------------------------- /webapp/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/webapp/favicon.ico -------------------------------------------------------------------------------- /webapp/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Istio Demo 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /webapp/index.js: -------------------------------------------------------------------------------- 1 | import React from "react"; 2 | import PropTypes from "prop-types"; 3 | import ReactDOM from "react-dom"; 4 | import { AppContainer } from "react-hot-loader"; 5 | import Redbox from "redbox-react"; 6 | import './assets/favicon.png'; 7 | import Presentation from "./presentation"; 8 | 9 | const CustomErrorReporter = ({ error }) => ; 10 | 11 | CustomErrorReporter.propTypes = { 12 | error: PropTypes.instanceOf(Error).isRequired 13 | }; 14 | 15 | ReactDOM.render( 16 | 17 | 18 | , 19 | document.getElementById("root"), 20 | ); 21 | 22 | if (module.hot) { 23 | module.hot.accept("./presentation", () => { 24 | const NextPresentation = require("./presentation").default; ReactDOM.render( 25 | 26 | 27 | , 28 | document.getElementById("root"), 29 | ); 30 | }); 31 | } 32 | -------------------------------------------------------------------------------- /webapp/nginx.conf: -------------------------------------------------------------------------------- 1 | # auto detects a good number of processes to run 2 | worker_processes auto; 3 | 4 | #Provides the configuration file context in which the directives that affect connection processing are specified. 5 | events { 6 | # Sets the maximum number of simultaneous connections that can be opened by a worker process. 7 | worker_connections 8000; 8 | # Tells the worker to accept multiple connections at a time 9 | multi_accept on; 10 | } 11 | 12 | 13 | http { 14 | # what times to include 15 | include /etc/nginx/mime.types; 16 | # what is the default one 17 | default_type application/octet-stream; 18 | 19 | # Sets the path, format, and configuration for a buffered log write 20 | log_format compression '$remote_addr - $remote_user [$time_local] ' 21 | '"$request" $status $upstream_addr ' 22 | '"$http_referer" "$http_user_agent"'; 23 | 24 | server { 25 | # listen on port 80 26 | listen 80; 27 | # save logs here 28 | access_log /var/log/nginx/access.log compression; 29 | 30 | # where the root here 31 | root /var/www; 32 | # what file to server as index 33 | index index.html index.htm; 34 | 35 | location / { 36 | # First attempt to serve request as file, then 37 | # as directory, then fall back to redirecting to index.html 38 | try_files $uri $uri/ /index.html; 39 | } 40 | 41 | # Media: images, icons, video, audio, HTC 42 | location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { 43 | expires 1M; 44 | access_log off; 45 | add_header Cache-Control "public"; 46 | } 47 | 48 | # Javascript and CSS files 49 | location ~* \.(?:css|js)$ { 50 | try_files $uri =404; 51 | expires 1y; 52 | access_log off; 53 | add_header Cache-Control "public"; 54 | } 55 | 56 | # Any route containing a file extension (e.g. /devicesfile.js) 57 | location ~ ^.+\..+$ { 58 | try_files $uri =404; 59 | } 60 | } 61 | } -------------------------------------------------------------------------------- /webapp/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "spectacle-boilerplate", 3 | "version": "1.0.1", 4 | "description": "ReactJS Powered Presentation Framework", 5 | "main": "lib/index.js", 6 | "scripts": { 7 | "clean": "rimraf dist", 8 | "build": "cross-env NODE_ENV=production webpack --config webpack.config.production.js", 9 | "lint": "eslint --ext .js,.jsx .", 10 | "deploy": "npm run clean & npm run build && surge -p .", 11 | "export": "spectacle-renderer --delay 3000", 12 | "start": "cross-env NODE_ENV=development node server.js" 13 | }, 14 | "author": "", 15 | "license": "MIT", 16 | "dependencies": { 17 | "axios": "^0.19.0", 18 | "lodash": "^4.17.13", 19 | "marked": "^0.6.2", 20 | "normalize-css": "^2.3.1", 21 | "normalize.css": "^7.0.0", 22 | "react": "^16.0.0", 23 | "react-dom": "^16.0.1", 24 | "spectacle": "^5.5.0", 25 | "spectacle-code-slide": "^0.5.2", 26 | "spectacle-renderer": "^0.0.3", 27 | "spectacle-terminal": "^0.5.0", 28 | "styled-components": "^3.4.5", 29 | "webpack": "^3.11.0" 30 | }, 31 | "devDependencies": { 32 | "babel-cli": "^6.26.0", 33 | "babel-core": "^6.26.3", 34 | "babel-eslint": "^8.0.1", 35 | "babel-loader": "^7.1.2", 36 | "babel-plugin-react-transform": "^3.0.0", 37 | "babel-plugin-transform-decorators-legacy": "^1.3.4", 38 | "babel-plugin-transform-react-constant-elements": "^6.23.0", 39 | "babel-plugin-transform-react-inline-elements": "^6.22.0", 40 | "babel-plugin-transform-react-remove-prop-types": "^0.4.10", 41 | "babel-plugin-transform-runtime": "^6.23.0", 42 | "babel-polyfill": "^6.26.0", 43 | "babel-preset-es2015": "^6.24.1", 44 | "babel-preset-react": "^6.24.1", 45 | "babel-preset-stage-0": "^6.24.1", 46 | "babel-runtime": "^6.26.0", 47 | "cross-env": "^5.1.0", 48 | "css-loader": "^2.1.1", 49 | "eslint": "^4.18.2", 50 | "eslint-config-formidable": "^3.0.0", 51 | "eslint-plugin-filenames": "^1.2.0", 52 | "eslint-plugin-import": "^2.8.0", 53 | "eslint-plugin-react": "^7.4.0", 54 | "express": "^4.16.2", 55 | "file-loader": "^1.1.5", 56 | "html-loader": "^0.5.1", 57 | "html-webpack-plugin": "^4.0.0-beta.2", 58 | "is-buffer": "^1.1.5", 59 | "markdown-loader": "^5.0.0", 60 | "node-libs-browser": "^2.0.0", 61 | "raw-loader": "^0.5.1", 62 | "react-hot-loader": "^3.1.1", 63 | "react-transform-catch-errors": "^1.0.2", 64 | "redbox-react": "^1.5.0", 65 | "rimraf": "^2.6.2", 66 | "style-loader": "^0.19.0", 67 | "surge": "latest", 68 | "url-loader": "^0.6.2", 69 | "webpack-dev-middleware": "^1.12.0", 70 | "webpack-dev-server": "^3.3.1", 71 | "webpack-hot-middleware": "^2.20.0" 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /webapp/presentation/Meetup Slides.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/digio/istio-demo/e2564fed45c188902c68a98df4e43ecb3685c19d/webapp/presentation/Meetup Slides.pdf -------------------------------------------------------------------------------- /webapp/presentation/index.js: -------------------------------------------------------------------------------- 1 | // Import React 2 | import React from 'react'; 3 | 4 | // Import Spectacle Core tags 5 | import { 6 | Deck, 7 | Heading, 8 | Slide, 9 | Image, 10 | Text 11 | } from 'spectacle'; 12 | import CodeSlide from 'spectacle-code-slide'; 13 | import Terminal from "spectacle-terminal"; 14 | // Import theme 15 | import createTheme from 'spectacle/lib/themes/default'; 16 | import App from '../app/App'; 17 | import Architecture from '../components/Architecture/index.jsx'; 18 | import GenericLogo from '../assets/istio-icon.svg'; 19 | import DigioLogo from '../assets/digio-logo.svg'; 20 | import IstioLogo from '../assets/istio-icon.svg' 21 | // import OtherLogo from '../assets/logo3.svg'; 22 | import Github from '../assets/github.svg'; 23 | 24 | import 'normalize.css'; 25 | const vsCode = require('raw-loader!../assets/example.code.js') 26 | const theme = createTheme( 27 | { 28 | primary: 'white', 29 | frontPage: '#f6f9ff', 30 | frontPagePrimary: 'black', 31 | frontPageSecondary: '#868686', 32 | secondary: '#1F2022', 33 | tertiary: '#03A9FC', 34 | quaternary: '#CECECE', 35 | codeBackground: '#72a0f5', 36 | 37 | }, 38 | { 39 | primary: 'Montserrat', 40 | secondary: 'Helvetica' 41 | } 42 | ) 43 | 44 | export default class Presentation extends React.Component { 45 | render () { 46 | return ( 47 | ( 48 | 55 | {/* 56 | 57 | 58 | IStio Demo 59 | 60 | 61 | Enabling resilient canary deployments and rollbacks with Istio 62 | 63 | */} 64 | 65 | 66 | Architecture 67 | 68 | 69 | 70 | 87 | 104 | 122 | 123 | kubectl 124 | kubectl get pods -n development --show-labels, 126 |
127 |
NAME READY STATUS RESTARTS AGE LABELS
128 |
microservice-a-v1-544b964d55-5ddnz 2/2 Running 0 1d
version=0.0.1
129 |
microservice-a-v2-85c99d7f59-4j9n9 2/2 Running 0 2d
version=0.0.2
130 |
microservice-a-v3-7449556665-kj6g8 2/2 Running 0 10m
version=0.0.3
131 |
]} 132 | /> 133 | 134 | {/* 141 | 146 | 147 | Canary Demo 148 | 149 | 150 | */} 151 | 169 | 176 |
186 | 187 | Jaeger (Distributed Tracing) 188 | 189 |
190 |
191 |