├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── documentation.md │ ├── feature_request.md │ └── question.md ├── PULL_REQUEST_TEMPLATE.md ├── config.yml ├── label-commenter-config.yml ├── release-drafter.yml ├── stale.yml ├── welcome │ └── Layer5-celebration.png └── workflows │ ├── label-commenter.yml │ ├── release-drafter.yml │ └── slack.yml ├── .gitignore ├── LICENSE ├── README.md ├── img ├── bonus.png ├── break.png ├── go.svg ├── info.png └── warning.png ├── lab-1 ├── README.md └── img │ ├── Grafana_-_Istio_Dashboard.png │ ├── Jaeger_UI.png │ ├── install-istio.png │ ├── install-istio1.png │ ├── install-istio2.png │ └── istio-adapter.png ├── lab-2 ├── README.md ├── appendix-manual-injection.md └── img │ ├── bookinfo-off-mesh.png │ ├── bookinfo-on-mesh.png │ └── sidecar-injection.png ├── lab-3 ├── README.md └── bookinfo-design-dr.yaml ├── lab-4 ├── README.md └── img │ ├── Grafana_-_Istio_Dashboard.png │ ├── Grafana_Istio_Dashboard.png │ ├── Loggly.png │ ├── Prometheus.png │ ├── ip.png │ ├── istio-add-ons.png │ ├── istio-addons.png │ ├── jaeger copy.png │ ├── jaeger.png │ ├── jaeger_1.png │ ├── jaeger_2.png │ ├── meshery_initial_load_test.png │ ├── servicegraph.png │ ├── zipkin.png │ ├── zipkin_1.png │ └── zipkin_2.png ├── lab-5 ├── README.md ├── alltraffik-to-v3.design.yaml ├── canary.design.yaml ├── traffik-to-v1.design.yaml └── v2-for-jason.design.yaml ├── lab-6 ├── README.md ├── abort-for-jason.design.yaml └── fault-for-json.design.yaml ├── lab-7 ├── README.md ├── img │ ├── meshery_cb_load_test.png │ └── meshery_initial_load_test.png └── trip-circuit.design.yaml ├── lab-8 ├── README.md └── disable-plain-http.design.yaml └── prereq ├── README.md └── img ├── docker-desktop-config.png ├── docker-desktop-kube.png ├── docker-desktop-memory.png ├── docker_signup.png ├── meshery-architecture.svg ├── meshery_landing_page.png ├── meshery_landing_page_settings_icon.png ├── meshery_management_istio-install.png ├── meshery_management_istio.png ├── meshery_settings_page-service-meshes.png ├── meshery_settings_page-service_meshes_with_menu.png ├── meshery_settings_page.png ├── more_nodes.png ├── pwk_instance1.png ├── pwk_login.png ├── pwk_main.png ├── pwk_start.png └── sign-into-meshery.png /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug/issue report 3 | about: Report an issue to help improve the project. 4 | title: '' 5 | labels: 'kind/bug' 6 | assignees: '' 7 | --- 8 | **Description** 9 | 10 | 11 | **Expected Behavior** 12 | 13 | 14 | **Screenshots** 15 | 16 | 17 | **Environment:** 18 | - OS: [e.g. Ubuntu] 19 | - Browser: [e.g. Chrome, Safari] 20 | - Version: [e.g. 22] 21 | - Device: [e.g. laptop, iPhone 8] 22 | 23 | --- 24 | [Optional] **To Reproduce** 25 | Steps to reproduce the behavior: 26 | 1. Go to '...' 27 | 2. Click on '....' 28 | 3. Scroll down to '....' 29 | 4. See error 30 | 31 | [Optional] **Additional Context** 32 | 33 | - 🎨 Wireframes and [designs for Layer5 site](https://www.figma.com/file/5ZwEkSJwUPitURD59YHMEN/Layer5-Designs) in Figma [(open invite)](https://www.figma.com/team_invite/redeem/qJy1c95qirjgWQODApilR9) 34 | 35 | 36 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/documentation.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Documentation issue 3 | about: Issues related to documentation. 4 | title: '[Docs]' 5 | labels: 'area/docs' 6 | assignees: '' 7 | --- 8 | **Current State:** 9 | 10 | 11 | **Desired State:** 12 | 13 | 14 | --- 15 | **Contributor Resources** 16 | - [Meshery documentation site](https://meshery.layer5.io/docs/) 17 | - [Meshery documentation source](https://github.com/layer5io/meshery/tree/master/docs) 18 | - [Instructions for contributing to documentation](https://github.com/layer5io/meshery/blob/master/CONTRIBUTING.md#documentation-contribution-flow) 19 | - 🎨 Wireframes and [designs for Layer5 site](https://www.figma.com/file/5ZwEkSJwUPitURD59YHMEN/Layer5-Designs) in Figma [(open invite)](https://www.figma.com/team_invite/redeem/qJy1c95qirjgWQODApilR9) 20 | 21 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature Request 3 | about: Suggest an enhancement to this project. 4 | title: '' 5 | labels: 'kind/enhancement' 6 | assignees: '' 7 | --- 8 | 9 | **Current Behavior** 10 | 11 | 12 | 13 | **Desired Behavior** 14 | 15 | 16 | 17 | --- 18 | **Resources** 19 | 20 | 21 | **Alternatives / Additional Context** 22 | 23 | - 🎨 Wireframes and [designs for Layer5 site](https://www.figma.com/file/5ZwEkSJwUPitURD59YHMEN/Layer5-Designs) in Figma [(open invite)](https://www.figma.com/team_invite/redeem/qJy1c95qirjgWQODApilR9) 24 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/question.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: General question 3 | about: Request information about the project; clarify behavior of the software 4 | title: '[Question]' 5 | labels: 'kind/question' 6 | assignees: '' 7 | --- 8 | 9 | **How can we help?** 10 | 11 | - 🎨 Wireframes and [designs for Layer5 site](https://www.figma.com/file/5ZwEkSJwUPitURD59YHMEN/Layer5-Designs) in Figma [(open invite)](https://www.figma.com/team_invite/redeem/qJy1c95qirjgWQODApilR9) 12 | 13 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | **Description** 2 | 3 | This PR fixes # 4 | 5 | **Notes for Reviewers** 6 | 7 | 8 | **[Signed commits](../CONTRIBUTING.md#signing-off-on-commits-developer-certificate-of-origin)** 9 | - [ ] Yes, I signed my commits. 10 | 11 | 12 | 24 | -------------------------------------------------------------------------------- /.github/config.yml: -------------------------------------------------------------------------------- 1 | #------------------------------------------------------------------------------- 2 | # Configuration for new-issue-welcome - https://github.com/behaviorbot/new-issue-welcome 3 | # Comment to be posted to on first time issues 4 | newIssueWelcomeComment: > 5 | Thanks for opening this issue. A contributor will be by to give feedback soon. In the meantime, please review the [Layer5 Community Welcome Guide](https://docs.google.com/document/d/17OPtDE_rdnPQxmk2Kauhm3GwXF1R5dZ3Cj8qZLKdo5E/edit?usp=sharing) and sure to join the [community Slack](http://slack.layer5.io/). 6 | # Configuration for new-pr-welcome - https://github.com/behaviorbot/new-pr-welcome 7 | # Comment to be posted to on PRs from first time contributors in your repository 8 | newPRWelcomeComment: > 9 | Yay, your first pull request! :thumbsup: A contributor will be by to give feedback soon. In the meantime, please review the [Layer5 Community Welcome Guide](https://docs.google.com/document/d/17OPtDE_rdnPQxmk2Kauhm3GwXF1R5dZ3Cj8qZLKdo5E/edit?usp=sharing) and sure to join the [community Slack](http://slack.layer5.io/). 10 | 11 | Be sure to double-check that you have signed your commits. Here are instructions for [making signing an implicit activity while peforming a commit](../CONTRIBUTING.md#signing-off-on-commits-developer-certificate-of-origin). 12 | 13 | 14 | #------------------------------------------------------------------------------- 15 | # Configuration for first-pr-merge - https://github.com/behaviorbot/first-pr-merge 16 | # Comment to be posted to on pull requests merged by a first time user 17 | firstPRMergeComment: > 18 | Thanks for your contribution to the Layer5 community! :tada: 19 | 20 | ![Congrats!](https://raw.githubusercontent.com/layer5io/advanced-istio-service-mesh-workshop/master/.github/welcome/Layer5-celebration.png) 21 | 22 | 23 | #------------------------------------------------------------------------------- 24 | # Configuration for request-info - https://github.com/behaviorbot/request-info 25 | # Comment to reply with 26 | requestInfoReplyComment: > 27 | Thanks for opening this issue. We welcome all input! If you could provide a little more information, this will greatly aide in its resolution. :thumbsup: 28 | # *OPTIONAL* Add a list of people whose Issues/PRs will not be commented on 29 | # keys must be GitHub usernames 30 | #requestInfoUserstoExclude: 31 | # - layer5io/maintainers 32 | 33 | 34 | #------------------------------------------------------------------------------- 35 | # Configuration for sentiment-bot - https://github.com/behaviorbot/sentiment-bot 36 | # *Required* toxicity threshold between 0 and .99 with the higher numbers being the most toxic 37 | # Anything higher than this threshold will be marked as toxic and commented on 38 | sentimentBotToxicityThreshold: .9 39 | 40 | # *Required* Comment to reply with 41 | sentimentBotReplyComment: > 42 | Please be sure to review the code of conduct and be respectful of other users. // @layer5io/maintainers 43 | 44 | -------------------------------------------------------------------------------- /.github/label-commenter-config.yml: -------------------------------------------------------------------------------- 1 | 2 | comment: 3 | # header: "Please note the following requirement:" 4 | footer: "\ 5 | ---\n\n 6 | >         Be sure to [join the community](http://slack.layer5.io), if you haven't yet and please leave a :star: [star on the project](../stargazers) :smile: 7 | " 8 | 9 | labels: 10 | - name: issue/design required 11 | labeled: 12 | issue: 13 | body: This issue has been labeled with 'design-required'. Note that prior to commencing on implementation, a design specification needs to be created and reviewed for approval. See [Creating a Functional Specification](https://docs.google.com/document/d/1RP3IWLc-MiQS-QYasqCoVuCH7--G87p5ezE5f_nOzB8/edit?usp=sharing) to create a design spec. 14 | action: open 15 | - name: issue/remind 16 | labeled: 17 | issue: 18 | body: Checking in... it has been awhile since we've heard from you on this issue. Are you still working on it? Please let us know and please don't hesitate to contact a [MeshMate](https://layer5.io/community/meshmates/) or any other [community member](https://layer5.io/community/members) for assistance. 19 | action: open 20 | - name: issue/dco 21 | labeled: 22 | pr: 23 | body: "🚨 Alert! Git Police! We couldn’t help but notice that one or more of your commits is missing a sign-off. _A what?_ A commit sign-off (your email address).\n\n 24 | To amend the commits in this PR with your signoff using the instructions provided in the DCO check above. \n\n 25 | To configure your dev environment to automatically signoff on your commits in the future, see [these instructions](https://github.com/meshery/meshery/blob/master/CONTRIBUTING.md#signing-off-on-commits-developer-certificate-of-origin)." 26 | action: open 27 | -------------------------------------------------------------------------------- /.github/release-drafter.yml: -------------------------------------------------------------------------------- 1 | name-template: 'v$NEXT_PATCH_VERSION' 2 | tag-template: 'v$NEXT_PATCH_VERSION' 3 | categories: 4 | - title: '🚀 Features' 5 | labels: 6 | - 'kind/feature' 7 | - 'kind/enhancement' 8 | - title: '🐛 Bug Fixes' 9 | labels: 10 | - 'kind/fix' 11 | - 'kind/bugfix' 12 | - 'kind/bug' 13 | - title: '🧰 Maintenance' 14 | labels: 15 | - 'kind/chore' 16 | - 'area/ci' 17 | - 'area/tests' 18 | - title: 📖 Documentation 19 | label: area/docs 20 | change-template: '- $TITLE @$AUTHOR (#$NUMBER)' 21 | template: | 22 | ## What's New 23 | $CHANGES 24 | 25 | ## Contributors 26 | 27 | Thank you to our contributors for making this release possible: 28 | $CONTRIBUTORS -------------------------------------------------------------------------------- /.github/stale.yml: -------------------------------------------------------------------------------- 1 | # Number of days of inactivity before an issue becomes stale 2 | daysUntilStale: 45 3 | # Number of days of inactivity before a stale issue is closed 4 | daysUntilClose: 10 5 | # Issues with these labels will never be considered stale 6 | exemptLabels: 7 | - issue/willfix 8 | # Label to use when marking an issue as stale 9 | staleLabel: issue/stale 10 | # Comment to post when marking an issue as stale. Set to `false` to disable 11 | markComment: > 12 | This issue has been automatically marked as stale because it has not had 13 | recent activity. It will be closed if no further activity occurs. Thank you 14 | for your contributions. 15 | # Comment to post when closing a stale issue. Set to `false` to disable 16 | closeComment: > 17 | This issue is being automatically closed due to inactivity. 18 | However, you may choose to reopen this issue. 19 | -------------------------------------------------------------------------------- /.github/welcome/Layer5-celebration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/.github/welcome/Layer5-celebration.png -------------------------------------------------------------------------------- /.github/workflows/label-commenter.yml: -------------------------------------------------------------------------------- 1 | name: Label Commenter 2 | 3 | on: 4 | issues: 5 | types: 6 | - labeled 7 | 8 | pull_request_target: 9 | types: 10 | - labeled 11 | 12 | permissions: 13 | contents: read 14 | issues: write 15 | pull-requests: write 16 | 17 | jobs: 18 | comment: 19 | runs-on: ubuntu-18.04 20 | steps: 21 | - uses: actions/checkout@v2 22 | with: 23 | ref: master # Set your default branch 24 | env: 25 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 26 | - name: Label Commenter 27 | uses: peaceiris/actions-label-commenter@v1 28 | -------------------------------------------------------------------------------- /.github/workflows/release-drafter.yml: -------------------------------------------------------------------------------- 1 | name: Release Drafter 2 | 3 | on: 4 | push: 5 | # our release branch 6 | branches: 7 | - master 8 | 9 | jobs: 10 | update_release_draft: 11 | runs-on: ubuntu-latest 12 | steps: 13 | # Drafts your next Release notes as Pull Requests are merged into "master" 14 | - uses: release-drafter/release-drafter@v5 15 | with: 16 | config-name: release-drafter.yml 17 | env: 18 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} -------------------------------------------------------------------------------- /.github/workflows/slack.yml: -------------------------------------------------------------------------------- 1 | name: Slack Notify on Star 2 | on: watch 3 | jobs: 4 | star-notify: 5 | name: Notify Slack on star 6 | runs-on: ubuntu-latest 7 | steps: 8 | - name: Get current star count 9 | run: | 10 | echo "STARS=$(curl --silent 'https://api.github.com/repos/${{github.repository}}' -H 'Accept: application/vnd.github.preview' | jq '.stargazers_count')" >> $GITHUB_ENV 11 | - name: Notify slack 12 | env: 13 | SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} 14 | uses: pullreminders/slack-action@master 15 | with: 16 | args: '{\"channel\":\"CSK7N9TGX\",\"text\":\"${{ github.actor }} just starred ${{github.repository}}! (https://github.com/${{github.repository}}/stargazers) Total ⭐️: ${{env.STARS}}\"}' 17 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | istio-0.7.1/* 2 | istio-0.8.0/* 3 | 4 | workshop_snaps/* 5 | 6 | notes*.txt 7 | 8 | **/separation*/* -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2019, 2020 Layer5, Inc. 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Introduction to Istio 2 | A workshop teaching concepts of service mesh through the lens of Istio. Questions? See the community [discussion forum](https://discuss.layer5.io). 3 | 4 | [Free] Use the Cloud Native Playground to walk-through the labs in this workshop in a live Kubernetes environment - https://play.meshery.io 5 | 6 | ## Prerequisites 7 | 8 | - [Prereq - Setup Docker, Kubernetes, and Meshery](prereq/README.md) 9 | 10 | ## Setup Istio 11 | - [Lab 1 - Setup Istio](lab-1/README.md) 12 | 13 | ## Deploying an App onto the Mesh 14 | - [Lab 2 - Deploy the sample application BookInfo](lab-2/README.md) 15 | 16 |

17 | 18 | Break (5 minutes) 19 |

20 | 21 | ## Exposing Workloads with Ingress Gateway 22 | 23 | - [Lab 3 - Istio Ingress Gateway](lab-3/README.md) 24 | 25 | ## Observability 26 | 27 | - [Lab 4 - Telemetry Add-ons](lab-4/README.md) 28 | 29 |

30 | 31 | Break (5 minutes) 32 |

33 | 34 | ## Traffic Control 35 | - [Lab 5 - Request Routing and Canary Testing](lab-5/README.md) 36 | - [Lab 6 - Fault Injection](lab-6/README.md) 37 | - [Lab 7 - Circuit Breaking](lab-7/README.md) 38 | 39 | ## Security 40 | - [Lab 8 - Mutual TLS & Identity Verification](lab-8/README.md) 41 | 42 |

43 | 44 | Wrap up / Q&A (10 minutes) 45 |

46 | 47 | # Authors 48 | 49 | - Layer5 Authors [Twitter](https://x.com/layer5), [Slack](https://slack.layer5.io) 50 | 51 | ## Workshop Resources 52 | 53 | This workshop and other service mesh resources have been created by the [Layer5 community](https://layer5.io/community). Visit our free [Learning Paths](https://layer5.io/learn/learning-paths) for more courses. 54 | 55 |
56 | 57 | ### About Layer5 58 | 59 | [Layer5](https://layer5.io)'s cloud native application and infrastructure management software enables organizations to expect more from their infrastructure. We embrace developer-defined infrastructure. We empower engineer to change how they write applications, support operators in rethinking how they run modern infrastructure and enable product owners to regain full control over their product portfolio. 60 | 61 | - Engage in [Slack](https://slack.layer5.io) 62 | - Follow on Twitter: [@layer5](https://x.com/layer5), [@mesheryio](https://x.com/mesheryio), [@smp_spec](https://x.com/smp_spec) 63 | - Watch on [YouTube](https://www.youtube.com/channel/UCFL1af7_wdnhHXL1InzaMvA?sub_confirmation=1), Follow on [LinkedIn](https://www.linkedin.com/company/layer5) 64 | - Discuss in the [Community Forum](https://discuss.layer5.io). 65 | 66 | ### License 67 | 68 | This repository and site are available as open-source under the terms of the [Apache 2.0 License](https://opensource.org/licenses/Apache-2.0). 69 | -------------------------------------------------------------------------------- /img/bonus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/img/bonus.png -------------------------------------------------------------------------------- /img/break.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/img/break.png -------------------------------------------------------------------------------- /img/go.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /img/info.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/img/info.png -------------------------------------------------------------------------------- /img/warning.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/img/warning.png -------------------------------------------------------------------------------- /lab-1/README.md: -------------------------------------------------------------------------------- 1 | # Lab 1 - Setup Istio 2 | 3 | Now that we have a Kubernetes cluster and Meshery, we are ready to download and deploy Istio resources. 4 | 5 | ## Steps 6 | 7 | - [1. Install Istio](#1) 8 | - [2. Verify install](#2) 9 | - [3. Confirm add-ons](#3) 10 | 11 | Optional (manual install of Istio): 12 | 13 | - [1. Download Istio resources](#1.1) 14 | - [2. Setup `istioctl`](#1.2) 15 | 16 | ## 1 - Install Istio 17 | 18 | Using Meshery, select Istio from the `Management` menu. 19 | 20 | 21 | 22 | 23 | 24 | In the Istio management page: 25 | 26 | 1. Type `istio-system` into the namespace field. 27 | 2. Click the (+) icon on the `Install` card and click on `Istio Service Mesh` to install latest version of Istio. 28 | 29 | 30 | 31 | 32 | 33 | 3. Click the `Deploy` button on the confirmation modal. 34 | 35 | 36 | 37 | 38 | 39 |

40 | 41 | 42 | Continue to Lab 2: Deploy the sample application BookInfo 43 |

44 | 45 |
46 |
47 | 48 | Alternative, manual installation steps are provided for reference below. No need to execute these if you have performed the steps above. 49 | 50 |
51 | 52 | ## Appendix - Alternative Manual Install 53 | 54 | ### 1.1 - Download Istio 55 | 56 | You will download and deploy the latest Istio resources on your Kubernetes cluster. 57 | 58 | **_Note to Docker Desktop users:_** please ensure your Docker VM has atleast 4GiB of Memory, which is required for all services to run. 59 | 60 | On your local machine: 61 | 62 | ```sh 63 | curl -L https://git.io/getLatestIstio | ISTIO_VERSION=1.7.3 sh - 64 | ``` 65 | 66 | ### 1.2 - Setting up istioctl 67 | 68 | On a \*nix system, you can setup `istioctl` by doing the following: 69 | 70 | ```sh 71 | brew install istioctl 72 | ``` 73 | 74 | Alternatively, change into the Istio package directory and add the `istioctl` client to your PATH environment variable. 75 | 76 | ```sh 77 | cd istio-* 78 | export PATH=$PWD/bin:$PATH 79 | ``` 80 | 81 | Verify `istioctl` is available: 82 | 83 | ```sh 84 | istioctl version 85 | ``` 86 | 87 | Check if the cluster is ready for installation: 88 | 89 | ```sh 90 | istioctl verify-install 91 | ``` 92 | 93 | ### 1.3 Install Istio: 94 | 95 | To install Istio with a `demo` profile, execute the below command. 96 | 97 | ```sh 98 | istioctl install --set profile=demo 99 | ``` 100 | 101 | Alternatively, with Envoy logging enabled: 102 | 103 | ```sh 104 | istioctl install --set profile=demo --set meshConfig.accessLogFile=/dev/stdout 105 | ``` 106 | 107 | ## 1.4 - Verify install 108 | 109 | In the Istio management page: 110 | 111 | 1. Click the (+) icon on the `Validate Service Mesh Configuration` card. 112 | 1. Select `Verify Installation` to verify the installation of Istio. 113 | 114 | #### Alternatively: 115 | 116 | Istio is deployed in a separate Kubernetes namespace `istio-system`. To check if Istio is deployed, and also, to see all the pieces that are deployed, execute the following: 117 | 118 | ```sh 119 | kubectl get all -n istio-system 120 | ``` -------------------------------------------------------------------------------- /lab-1/img/Grafana_-_Istio_Dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-1/img/Grafana_-_Istio_Dashboard.png -------------------------------------------------------------------------------- /lab-1/img/Jaeger_UI.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-1/img/Jaeger_UI.png -------------------------------------------------------------------------------- /lab-1/img/install-istio.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-1/img/install-istio.png -------------------------------------------------------------------------------- /lab-1/img/install-istio1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-1/img/install-istio1.png -------------------------------------------------------------------------------- /lab-1/img/install-istio2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-1/img/install-istio2.png -------------------------------------------------------------------------------- /lab-1/img/istio-adapter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-1/img/istio-adapter.png -------------------------------------------------------------------------------- /lab-2/README.md: -------------------------------------------------------------------------------- 1 | # Lab 2 - Deploy the sample application BookInfo 2 | 3 | To play with Istio and demonstrate some of it's capabilities, you will deploy the example BookInfo application, which is included the Istio package. 4 | 5 | ## What is the BookInfo Application? 6 | 7 | This application is a polyglot composition of microservices are written in different languages and sample BookInfo application displays information about a book, similar to a single catalog entry of an online book store. Displayed on the page is a description of the book, book details (ISBN, number of pages, and so on), and a few book reviews. 8 | 9 | The end-to-end architecture of the application is shown in the figure. 10 | 11 | 12 | 13 | 14 | 15 | _Figure: BookInfo deployed off the mesh_ 16 | 17 | It’s worth noting that these services have no dependencies on Istio, but make an interesting service mesh example, particularly because of the multitude of services, languages and versions for the reviews service. 18 | 19 | As shown in the figure below, proxies are sidecarred to each of the application containers. 20 | 21 | 22 | 23 | 24 | 25 | _Figure: BookInfo deployed on the mesh_ 26 | 27 | Sidecars proxy can be either manually or automatically injected into the pods. Automatic sidecar injection requires that your Kubernetes api-server supports `admissionregistration.k8s.io/v1` or `admissionregistration.k8s.io/v1beta1` or `admissionregistration.k8s.io/v1beta2` APIs. Verify whether your Kubernetes deployment supports these APIs by executing: 28 | 29 | ```sh 30 | kubectl api-versions | grep admissionregistration 31 | ``` 32 | 33 | If your environment **does NOT** supports either of these two APIs, then you may use [manual sidecar injection](./appendix-manual-injection.md) to deploy the sample app. 34 | 35 | As part of Istio deployment in [Lab 1](../lab-1/README.md), you have deployed the sidecar injector. 36 | 37 | ### Deploying Sample App with Automatic sidecar injection 38 | 39 | Istio, deployed as part of this workshop, will also deploy the sidecar injector. Let us now verify sidecar injector deployment. 40 | 41 | ```sh 42 | kubectl -n istio-system get configmaps istio-sidecar-injector 43 | ``` 44 | 45 | Output: 46 | 47 | ```sh 48 | NAME DATA AGE 49 | istio-sidecar-injector 2 9h 50 | ``` 51 | #### Enable automatic sidecar injection 52 | Using Meshery, navigate to the Istio management page. 53 | 1. Enter `default` in the namespace field. 54 | 2. Then click on `+` under `Apply Service Mesh Configuration` and click on `Automatic Sidecar injection` 55 | 56 | 57 | 58 | 59 | 60 | NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the [selector](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors). 61 | 62 | ```sh 63 | kubectl get namespace -L istio-injection 64 | ``` 65 | 66 | Output: 67 | 68 | ```sh 69 | NAME STATUS AGE ISTIO-INJECTION 70 | default Active 1h enabled 71 | istio-system Active 1h disabled 72 | kube-public Active 1h 73 | kube-system Active 1h 74 | ``` 75 | 76 | 77 | 78 | Using Meshery, navigate to the Istio management page. 79 | 80 | 1. Enter `default` in the `Namespace` field. 81 | 1. Click the (+) icon on the `Sample Application` card and select `BookInfo Application` from the list. 82 | 83 | This will do 2 things: 84 | 85 | 1. Deploys all the BookInfo services in the `default` namespace. 86 | 1. Deploys the virtual service and gateway needed to expose the BookInfo's productpage application in the `default` namespace. 87 | 88 | Manual step for can be found [here](#appendix) 89 | 90 | ### Verify Bookinfo deployment 91 | 92 | 1. Verify that the deployments are all in a state of AVAILABLE before continuing. 93 | 94 | ```sh 95 | watch kubectl get deployment 96 | ``` 97 | 98 | 2. Choose a service, for instance `productpage`, and view it's container configuration: 99 | 100 | ```sh 101 | kubectl get po 102 | 103 | kubectl describe pod productpage-v1-..... 104 | ``` 105 | 106 | 3. Examine details of the services: 107 | 108 | ```sh 109 | kubectl describe svc productpage 110 | ``` 111 | 112 | Next, you will expose the BookInfo application to be accessed external from the cluster. 113 | 114 |

115 | 116 | 117 | Continue to Lab 3: Access BookInfo via Istio Ingress Gateway 118 |

119 | 120 |
121 |
122 | 123 | Alternative, manual installation steps are provided for reference below. No need to execute these if you have performed the steps above. 124 | 125 |
126 | 127 | ## Appendix - Alternative Manual Steps 128 | 129 | ### Label namespace for injection 130 | 131 | Label the default namespace with istio-injection=enabled 132 | 133 | ```sh 134 | kubectl label namespace default istio-injection=enabled 135 | ``` 136 | 137 | ```sh 138 | kubectl get namespace -L istio-injection 139 | ``` 140 | 141 | Output: 142 | 143 | ```sh 144 | NAME STATUS AGE ISTIO-INJECTION 145 | default Active 1h enabled 146 | istio-system Active 1h disabled 147 | kube-public Active 1h 148 | kube-system Active 1h 149 | ``` 150 | 151 | ### Deploy BookInfo 152 | 153 | Applying this yaml file included in the Istio package you collected in https://github.com/layer5io/istio-service-mesh-workshop/tree/master/lab-1#1 will deploy the BookInfo app in you cluster. 154 | 155 | ```sh 156 | kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml 157 | ``` 158 | 159 | ### Deploy Gateway and Virtual Service for BookInfo app 160 | 161 | ```sh 162 | kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml 163 | ``` 164 | -------------------------------------------------------------------------------- /lab-2/appendix-manual-injection.md: -------------------------------------------------------------------------------- 1 | ### Lab 3 Appendix: Deploying Sample App with manual sidecar injection 2 | 3 | To do a manual sidecar injection we will be using `istioctl` command: 4 | 5 | ```sh 6 | curl https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/platform/kube/bookinfo.yaml | istioctl kube-inject -f - > newBookInfo.yaml 7 | ``` 8 | 9 | Observing the new yaml file reveals that additional container Istio Proxy has been added to the Pods with necessary configurations: 10 | 11 | ``` 12 | image: docker.io/istio/proxyv2:1.3.0 13 | imagePullPolicy: IfNotPresent 14 | name: istio-proxy 15 | ``` 16 | 17 | We need to now deploy the new yaml using `kubectl` 18 | ```sh 19 | kubectl apply -f newBookInfo.yaml 20 | ``` 21 | 22 | To do both in a single command: 23 | 24 | ```sh 25 | kubectl apply -f <(curl https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/platform/kube/bookinfo.yaml | istioctl kube-inject -f -) 26 | ``` 27 | 28 | Now continue to [Verify Bookinfo deployment](README.md#verify). -------------------------------------------------------------------------------- /lab-2/img/bookinfo-off-mesh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-2/img/bookinfo-off-mesh.png -------------------------------------------------------------------------------- /lab-2/img/bookinfo-on-mesh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-2/img/bookinfo-on-mesh.png -------------------------------------------------------------------------------- /lab-2/img/sidecar-injection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-2/img/sidecar-injection.png -------------------------------------------------------------------------------- /lab-3/README.md: -------------------------------------------------------------------------------- 1 | # Lab 3 - Exposing services through Istio Ingress Gateway 2 | 3 | The components deployed on the service mesh by default are not exposed outside the cluster. An Ingress Gateway is deployed as a Kubernetes service of type LoadBalancer (or NodePort). To make Bookinfo accessible external to the cluster, you have to create an `Istio Gateway` for the Bookinfo application and also define an `Istio VirtualService` with the routes we need. 4 | 5 | ## 3.1 Inspecting the Istio Ingress Gateway 6 | 7 | The ingress gateway gets exposed as a normal Kubernetes service of type LoadBalancer (or NodePort): 8 | 9 | ```sh 10 | kubectl get svc istio-ingressgateway -n istio-system -o yaml 11 | ``` 12 | 13 | Because the Istio Ingress Gateway is an Envoy Proxy you can inspect it using the admin routes. First find the name of the istio-ingressgateway: 14 | 15 | ```sh 16 | kubectl get pods -n istio-system 17 | ``` 18 | 19 | Copy and paste your ingress gateway's pod name. Execute: 20 | 21 | ```sh 22 | kubectl -n istio-system exec -it -- bash 23 | ``` 24 | 25 | You can view the statistics, listeners, routes, clusters and server info for the Envoy proxy by forwarding the local port: 26 | 27 | ```sh 28 | curl localhost:15000/help 29 | curl localhost:15000/stats 30 | curl localhost:15000/listeners 31 | curl localhost:15000/clusters 32 | curl localhost:15000/server_info 33 | ``` 34 | 35 | See the [admin docs](https://www.envoyproxy.io/docs/envoy/latest/operations/admin) for more details. 36 | 37 | Also it can be helpful to look at the log files of the Istio ingress controller to see what request is being routed. 38 | 39 | Before we check the logs, let us get out of the container back on the host: 40 | 41 | ```sh 42 | exit 43 | ``` 44 | 45 | Now let us find the ingress pod and output the log: 46 | 47 | ```sh 48 | kubectl logs istio-ingressgateway-... -n istio-system 49 | ``` 50 | 51 | ## 3.2 View Istio Ingress Gateway for Bookinfo 52 | 53 | ### 3.2.1 - View the Gateway and VirtualServices 54 | 55 | Check the created `Istio Gateway` and `Istio VirtualService` to see the changes deployed: 56 | 57 | ```sh 58 | kubectl get gateway 59 | kubectl get gateway -o yaml 60 | 61 | kubectl get virtualservices 62 | kubectl get virtualservices -o yaml 63 | ``` 64 | 65 | ### 3.2.2 - Find the external port of the Istio Ingress Gateway by running: 66 | 67 | ```sh 68 | kubectl get service istio-ingressgateway -n istio-system -o wide 69 | ``` 70 | 71 | To just get the first port of istio-ingressgateway service, we can run this: 72 | 73 | ```sh 74 | kubectl get service istio-ingressgateway -n istio-system --template='{{(index .spec.ports 1).nodePort}}' 75 | ``` 76 | ### 3.2.2 - Create a DNS entry: 77 | 78 | Modify you local `/etc/hosts` file to add an entry for your sample application. 79 | 80 | `127.0.0.1. bookinfo.meshery.io` 81 | 82 | The HTTP port is usually 31380. 83 | 84 | Or run these commands to retrieve the full URL: 85 | 86 | ```sh 87 | echo "http://$(kubectl get nodes --selector=kubernetes.io/role!=master -o jsonpath={.items[0].status.addresses[?\(@.type==\"InternalIP\"\)].address}):$(kubectl get svc istio-ingressgateway -n istio-system -o jsonpath='{.spec.ports[1].nodePort}')/productpage" 88 | ``` 89 | 90 | Docker Desktop users please use `http://localhost/productpage` to access product page in your browser. 91 | 92 | ## 3.3 Apply default destination rules 93 | 94 | Before we start playing with Istio's traffic management capabilities we need to define the available versions of the deployed services. They are called subsets, in destination rules. 95 | 96 | Using Meshery, navigate to the designs page under configuration and import the below design. Make sure Istio adapter is running. 97 | 98 | ```sh 99 | name: WorkshopIstio 100 | services: 101 | reviews: 102 | name: reviews 103 | type: DestinationRule.Istio 104 | version: 1.12.9 105 | namespace: default 106 | settings: 107 | host: reviews 108 | subsets: 109 | - labels: 110 | version: v1 111 | name: v1 112 | - labels: 113 | version: v2 114 | name: v2 115 | - labels: 116 | version: v3 117 | name: v3 118 | details: 119 | name: details 120 | type: DestinationRule.Istio 121 | namespace: default 122 | version: 1.12.9 123 | settings: 124 | host: details 125 | subsets: 126 | - labels: 127 | version: v1 128 | name: v1 129 | - labels: 130 | version: v2 131 | name: v2 132 | ratings: 133 | name: ratings 134 | type: DestinationRule.Istio 135 | version: 1.12.9 136 | namespace: default 137 | settings: 138 | host: ratings 139 | subsets: 140 | - labels: 141 | version: v1 142 | name: v1 143 | - labels: 144 | version: v2 145 | name: v2 146 | - labels: 147 | version: v2-mysql 148 | name: v2-mysql 149 | - labels: 150 | version: v2-mysql-vm 151 | name: v2-mysql-vm 152 | productpage: 153 | name: productpage 154 | type: DestinationRule.Istio 155 | namespace: default 156 | version: 1.12.9 157 | settings: 158 | host: productpage 159 | subsets: 160 | - labels: 161 | version: v1 162 | name: v1 163 | 164 | ``` 165 | This creates destination rules for each of the BookInfo services and defines version subsets 166 | 167 | Manual step for can be found [here](#appendix) 168 | 169 | In a few seconds we should be able to verify the destination rules created by using the command below: 170 | 171 | ```sh 172 | kubectl get destinationrules 173 | 174 | 175 | kubectl get destinationrules -o yaml 176 | ``` 177 | 178 | ## 3.4 - Browse to BookInfo 179 | 180 | Browse to the website of the Bookinfo. To view the product page, you will have to append 181 | `/productpage` to the url. 182 | 183 | ### 3.4.1 - Reload Page 184 | 185 | Now, reload the page multiple times and notice how it round robins between v1, v2 and v3 of the reviews service. 186 | 187 | ## 3.5 Inspect the Istio proxy of the productpage pod 188 | 189 | To better understand the istio proxy, let's inspect the details. Let us `exec` into the productpage pod to find the proxy details. To do so we need to first find the full pod name and then `exec` into the istio-proxy container: 190 | 191 | ```sh 192 | kubectl get pods 193 | kubectl exec -it productpage-v1-... -c istio-proxy sh 194 | ``` 195 | 196 | Once in the container look at some of the envoy proxy details by inspecting it's config file: 197 | 198 | ```sh 199 | ps aux 200 | ls -l /etc/istio/proxy 201 | cat /etc/istio/proxy/envoy-rev0.json 202 | ``` 203 | 204 | For more details on envoy proxy please check out their [admin docs](https://www.envoyproxy.io/docs/envoy/v1.5.0/operations/admin). 205 | 206 | As a last step, lets exit the container: 207 | 208 | ```sh 209 | exit 210 | ``` 211 | 212 | ### Default destination rules 213 | 214 | Run the following command to create default destination rules for the Bookinfo services: 215 | 216 | ```sh 217 | kubectl apply -f samples/bookinfo/networking/destination-rule-all-mtls.yaml 218 | ``` 219 | 220 |

221 | 222 | 223 | Continue to Lab 4: Observability 224 |

225 | 226 |
227 |
228 | 229 | Alternative, manual installation steps are provided for reference below. No need to execute these if you have performed the steps above. 230 | 231 |
232 | 233 | ## Appendix - Alternative Manual Steps 234 | 235 | ### Default destination rules 236 | 237 | Run the following command to create default destination rules for the Bookinfo services: 238 | 239 | ```sh 240 | kubectl apply -f samples/bookinfo/networking/destination-rule-all-mtls.yaml 241 | ``` 242 | 243 | ### 3.2.1 - Configure the Bookinfo route with the Istio Ingress gateway: 244 | 245 | We can create a virtualservice & gateway for bookinfo app in the ingress gateway by running the following: 246 | 247 | ```sh 248 | kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml 249 | ``` 250 | 251 | ### 3.2.2 - View the Gateway and VirtualServices 252 | -------------------------------------------------------------------------------- /lab-3/bookinfo-design-dr.yaml: -------------------------------------------------------------------------------- 1 | name: WorkshopIstio 2 | services: 3 | reviews: 4 | name: reviews 5 | type: DestinationRule.Istio 6 | version: 1.12.9 7 | namespace: default 8 | settings: 9 | host: reviews 10 | subsets: 11 | - labels: 12 | version: v1 13 | name: v1 14 | - labels: 15 | version: v2 16 | name: v2 17 | - labels: 18 | version: v3 19 | name: v3 20 | details: 21 | name: details 22 | type: DestinationRule.Istio 23 | namespace: default 24 | version: 1.12.9 25 | settings: 26 | host: details 27 | subsets: 28 | - labels: 29 | version: v1 30 | name: v1 31 | - labels: 32 | version: v2 33 | name: v2 34 | ratings: 35 | name: ratings 36 | type: DestinationRule.Istio 37 | version: 1.12.9 38 | namespace: default 39 | settings: 40 | host: ratings 41 | subsets: 42 | - labels: 43 | version: v1 44 | name: v1 45 | - labels: 46 | version: v2 47 | name: v2 48 | - labels: 49 | version: v2-mysql 50 | name: v2-mysql 51 | - labels: 52 | version: v2-mysql-vm 53 | name: v2-mysql-vm 54 | productpage: 55 | name: productpage 56 | type: DestinationRule.Istio 57 | namespace: default 58 | version: 1.12.9 59 | settings: 60 | host: productpage 61 | subsets: 62 | - labels: 63 | version: v1 64 | name: v1 65 | -------------------------------------------------------------------------------- /lab-4/README.md: -------------------------------------------------------------------------------- 1 | # Lab 4 - Observability 2 | 3 | ## 4.1 Install Telemetry Add-ons 4 | 5 | Using Meshery, install Istio telemetry add-ons. In the Istio management page: 6 | 7 | 1. Toggle each of the following add-ons: 8 | 1. [Prometheus](https://prometheus.io/) 9 | 1. [Grafana](https://grafana.com/) 10 | 1. [Jaeger](https://www.jaegertracing.io/) 11 | 12 | 13 | 14 | 15 | 16 | You will use Prometheus and Grafana for collecting and viewing metrics and [Jaeger](https://www.jaegertracing.io/) collecting and viewing distributed traces. Expose each add-on external to the cluster. Each the service network typs are set to "LoadBalancer". 17 | 18 | **Question: Why can't you expose these add-on components through Istio Ingress Gateway?** 19 | 20 | ### 4.2 Service Mesh Performance and Telemetry 21 | 22 | Many of the labs require load to be placed on the sample apps. Let's generate HTTP traffic against the BookInfo application, so we can see interesting telemetry. 23 | 24 | Verify access through the Ingress Gateway: 25 | 26 | ```sh 27 | kubectl get service istio-ingressgateway -n istio-system 28 | ``` 29 | 30 | Once we have the port, we can append the IP of one of the nodes to get the host. 31 | 32 | The URL to run a load test against will be `http://:/productpage` 33 | 34 | __Please note:__ If you are using Docker Desktop, please use the IP address of your host. You can leave the port blank. For example: `http://1.2.3.4/productpage` 35 | 36 | Use the computed URL above in Meshery, in the browser, to run a load test and see the results. 37 | 38 | #### 2.1 Connect Grafana (optionally, Prometheus) to Meshery. 39 | 40 | On the [Settings page](http://localhost:9081/settings#metrics): 41 | 42 | 1. Navigate to the `Metrics` tab. 43 | 1. Enter Grafana's URL:port number and submit. 44 | 45 | #### 2.2 Use Meshery to generate load and analyze performance. 46 | 47 | On the [Performance page](http://localhost:9081/performance): 48 | 49 | 1. give this load test a memorable name 50 | 1. enter the URL to the BookInfo productpage 51 | 1. select `Istio` in the `Service Mesh` dropdown 52 | 1. enter a valid number for `Concurrent requests` 53 | 1. enter a valid number for `Queries per second` 54 | 1. enter a valid `Duration` (a number followed by `s` for seconds (OR) `m` for minutes (OR) `h` for hour) 55 | 1. use the host IP address in the request Tab and in the advanced options, type in the header as `Host:` 56 | 57 | Click on `Run Test`. A performance test will run and statistical analysis performed. Examine the results of the test and behavior of the service mesh. 58 | 59 | Next, you will begin controlling requests to BookInfo using traffic management features. 60 | 61 |

62 | 63 | 64 | Continue to Lab 5: Traffic Management 65 |

66 | 67 |
68 |
69 | 70 | Alternative, manual installation steps are provided for reference below. No need to execute these if you have performed the steps above. 71 | 72 |
73 | 74 | ## Appendix - Alternative Manual Steps 75 | 76 | ### 4.1 Install Add-ons: 77 | 78 | **Prometheus** 79 | 80 | ```sh 81 | kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.7/samples/addons/prometheus.yaml 82 | 83 | ``` 84 | 85 | **Grafana** 86 | 87 | ```sh 88 | kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.7/samples/addons/grafana.yaml 89 | 90 | ``` 91 | 92 | **Jaeger** 93 | 94 | ```sh 95 | kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.7/samples/addons/jaeger.yaml 96 | 97 | ``` 98 | 99 | ### Exposing services 100 | 101 | Istio add-on services are deployed by default as `ClusterIP` type services. We can expose the services outside the cluster by either changing the Kubernetes service type to `NodePort` or `LoadBalancer` or by port-forwarding or by configuring Kubernetes Ingress. 102 | 103 | **Option 1: Expose services with NodePort** 104 | To expose them using NodePort service type, we can edit the services and change the service type from `ClusterIP` to `NodePort` 105 | 106 | **Option 2: Expose services with port-forwarding** 107 | Port-forwarding runs in the foreground. We have appeneded `&` to the end of the above 2 commands to run them in the background. If you donot want this behavior, please remove the `&` from the end. 108 | 109 | ## 4.2 Prometheus 110 | 111 | You will need to expose the Prometheus service on a port either of the two following methods: 112 | 113 | **Option 1: Expose services with NodePort** 114 | 115 | ```sh 116 | kubectl -n istio-system edit svc prometheus 117 | ``` 118 | 119 | To find the assigned ports for Prometheus: 120 | 121 | ```sh 122 | kubectl -n istio-system get svc prometheus 123 | ``` 124 | 125 | **Option 2: Expose Prometheus service with port-forwarding:** 126 | \*\* 127 | Expose Prometheus service with port-forwarding: 128 | 129 | ```sh 130 | kubectl -n istio-system port-forward \ 131 | $(kubectl -n istio-system get pod -l app=prometheus -o jsonpath='{.items[0].metadata.name}') \ 132 | 9090:9090 & 133 | ``` 134 | 135 | Browse to `http://:` and in the `Expression` input box enter: `istio_request_bytes_count`. Click the Execute button. 136 | 137 | ![](img/Prometheus.png) 138 | 139 | ## 4.3 Grafana 140 | 141 | You will need to expose the Grafana service on a port either of the two following methods: 142 | 143 | ```sh 144 | kubectl -n istio-system edit svc grafana 145 | ``` 146 | 147 | Once this is done the services will be assigned dedicated ports on the hosts. 148 | 149 | To find the assigned ports for Grafana: 150 | 151 | ```sh 152 | kubectl -n istio-system get svc grafana 153 | ``` 154 | 155 | **Expose Grafana service with port-forwarding:** 156 | 157 | ```sh 158 | kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=grafana \ 159 | -o jsonpath='{.items[0].metadata.name}') 3000:3000 & 160 | ``` 161 | 162 | ![](img/Grafana_Istio_Dashboard.png) 163 | 164 | 191 | 192 | ## 4.4 - Distributed Tracing 193 | 194 | The sample Bookinfo application is configured to collect trace spans using Zipkin or Jaeger. Although Istio proxies are able to automatically send spans, it needs help from the application to tie together the entire trace. To do this applications need to propagate the appropriate HTTP headers so that when the proxies send span information to Zipkin or Jaeger, the spans can be correlated correctly into a single trace. 195 | 196 | To do this the application collects and propagates the following headers from the incoming request to any outgoing requests: 197 | 198 | - `x-request-id` 199 | - `x-b3-traceid` 200 | - `x-b3-spanid` 201 | - `x-b3-parentspanid` 202 | - `x-b3-sampled` 203 | - `x-b3-flags` 204 | - `x-ot-span-context` 205 | 206 | 207 | 208 | 209 | 210 | ### Exposing services 211 | 212 | Istio add-on services are deployed by default as `ClusterIP` type services. We can expose the services outside the cluster by either changing the Kubernetes service type to `NodePort` or `LoadBalancer` or by port-forwarding or by configuring Kubernetes Ingress. In this lab, we will briefly demonstrate the `NodePort` and port-forwarding ways of exposing services. 213 | 214 | #### Option 1: Expose services with NodePort 215 | 216 | To expose them using NodePort service type, we can edit the services and change the service type from `ClusterIP` to `NodePort` 217 | 218 | For Jaeger, either of `tracing` or `jaeger-query` can be exposed. 219 | 220 | ```sh 221 | kubectl -n istio-system edit svc tracing 222 | ``` 223 | 224 | Once this is done the services will be assigned dedicated ports on the hosts. 225 | 226 | To find the assigned ports for Jaeger: 227 | 228 | ```sh 229 | kubectl -n istio-system get svc tracing 230 | ``` 231 | 232 | #### Option 2: Expose services with port-forwarding 233 | 234 | To port-forward Jaeger: 235 | 236 | ```sh 237 | kubectl -n istio-system port-forward \ 238 | $(kubectl -n istio-system get pod -l app=jaeger -o jsonpath='{.items[0].metadata.name}') \ 239 | 16686:16686 & 240 | ``` 241 | 242 | 243 | 244 | ### 4.4.1 View Traces 245 | 246 | Let us find the port Jaeger is exposed on by running the following command: 247 | 248 | ```sh 249 | kubectl -n istio-system get svc tracing 250 | ``` 251 | 252 | You can click on the link at the top of the page which maps to the right port and it will open Jaeger UI in a new tab. 253 | 254 | -------------------------------------------------------------------------------- /lab-4/img/Grafana_-_Istio_Dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/Grafana_-_Istio_Dashboard.png -------------------------------------------------------------------------------- /lab-4/img/Grafana_Istio_Dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/Grafana_Istio_Dashboard.png -------------------------------------------------------------------------------- /lab-4/img/Loggly.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/Loggly.png -------------------------------------------------------------------------------- /lab-4/img/Prometheus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/Prometheus.png -------------------------------------------------------------------------------- /lab-4/img/ip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/ip.png -------------------------------------------------------------------------------- /lab-4/img/istio-add-ons.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/istio-add-ons.png -------------------------------------------------------------------------------- /lab-4/img/istio-addons.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/istio-addons.png -------------------------------------------------------------------------------- /lab-4/img/jaeger copy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/jaeger copy.png -------------------------------------------------------------------------------- /lab-4/img/jaeger.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/jaeger.png -------------------------------------------------------------------------------- /lab-4/img/jaeger_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/jaeger_1.png -------------------------------------------------------------------------------- /lab-4/img/jaeger_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/jaeger_2.png -------------------------------------------------------------------------------- /lab-4/img/meshery_initial_load_test.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/meshery_initial_load_test.png -------------------------------------------------------------------------------- /lab-4/img/servicegraph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/servicegraph.png -------------------------------------------------------------------------------- /lab-4/img/zipkin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/zipkin.png -------------------------------------------------------------------------------- /lab-4/img/zipkin_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/zipkin_1.png -------------------------------------------------------------------------------- /lab-4/img/zipkin_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/lab-4/img/zipkin_2.png -------------------------------------------------------------------------------- /lab-5/README.md: -------------------------------------------------------------------------------- 1 | # Lab 5 - Request Routing and Canary Testing 2 | 3 | In this lab, we are going to get our hands on some of the traffic management capabilities of Istio. 4 | 5 | ## 5.1 Configure the default route for all services to V1 6 | 7 | As part of the bookinfo sample app, there are multiple versions of reviews service. When we load the `/productpage` in the browser multiple times we have seen the reviews service round robin between v1, v2 or v3. As the first exercise, let us first restrict traffic to just V1 of all the services. 8 | 9 | Using Meshery, navigate to the designs page under configuration and import the below design. Make sure Istio adapter is running. 10 | **Patternfile**: 11 | ```yaml 12 | name: Lab5 13 | services: 14 | vs: 15 | settings: 16 | hosts: 17 | - reviews 18 | http: 19 | - route: 20 | - destination: 21 | host: reviews 22 | subset: v1 23 | type: VirtualService.Istio 24 | name: vs 25 | namespace: default 26 | 27 | --- 28 | ``` 29 | 33 | 34 | To view the applied rule: 35 | ```sh 36 | kubectl get virtualservice 37 | ``` 38 | 39 | To take a look at a specific one: 40 | ```sh 41 | kubectl get virtualservice reviews -o yaml 42 | ``` 43 | 44 | *Please note:* In the place of the above command, we can either use kubectl or istioctl. 45 | 46 | 47 | 48 | Now when we reload the `/productpage` several times, we will ONLY be viewing the data from v1 of all the services, which means we will not see any ratings (any stars). 49 | 50 | 51 | ## 5.3 Content-based routing 52 | 53 | Let's replace our first rules with a new set. Enable the `ratings` service for a user `jason` by routing `productpage` traffic to `reviews` v2: 54 | 55 | ```sh 56 | kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml 57 | ``` 58 | Using Meshery, navigate to the Istio management page: 59 | 60 | 61 | Using Meshery, navigate to the designs page under configuration and import the below design. Make sure Istio adapter is running. 62 | **Patternfile**: 63 | ```yaml 64 | name: V2ForJason 65 | services: 66 | vs: 67 | settings: 68 | hosts: 69 | - reviews 70 | http: 71 | - corsPolicy: {} 72 | match: 73 | - headers: 74 | end-user: 75 | exact: jason 76 | route: 77 | - destination: 78 | host: reviews 79 | subset: v2 80 | - corsPolicy: {} 81 | route: 82 | - destination: 83 | host: reviews 84 | subset: v1 85 | type: VirtualService.Istio 86 | name: vs 87 | namespace: default 88 | --- 89 | ``` 90 | Manual step for can be found [here](#appendix) 91 | 92 | This will update the existing virtual service definition for reviews to route all traffic for user `jason` to review V2. 93 | 94 | In a few, we should be able to verify the virtual service by using the command below: 95 | ```sh 96 | kubectl get virtualservice reviews -o yaml 97 | ``` 98 | 99 | 100 | 101 | Now if we login as your `jason`, you will be able to see data from `reviews` v2. While if you NOT logged in or logged in as a different user, you will see data from `reviews` v1. 102 | 103 | 104 | ## 5.4 Canary Testing - Traffic Shifting 105 | 106 | ### 5.4.1 Canary testing w/50% load 107 | To start canary testing, let's begin by transferring 50% of the traffic from reviews:v1 to reviews:v3 with the following command: 108 | 109 | 112 | 113 | 114 | Using Meshery, navigate to the designs page under configuration and import the below design. Make sure Istio adapter is running. 115 | **Patternfile**: 116 | ```yaml 117 | name: CanaryV1V3 118 | services: 119 | vs: 120 | settings: 121 | hosts: 122 | - reviews 123 | http: 124 | - route: 125 | - destination: 126 | host: reviews 127 | subset: v1 128 | weight: 50 129 | - destination: 130 | host: reviews 131 | subset: v3 132 | weight: 50 133 | type: VirtualService.Istio 134 | name: vs 135 | namespace: default 136 | 137 | --- 138 | ``` 139 | Manual step for can be found [here](#appendix) 140 | 141 | This will update the existing virtual service definition for reviews to route 50% of all traffic to review V3. 142 | 143 | In a few, we should be able to verify the virtual service by using the command below: 144 | ```sh 145 | kubectl get virtualservice reviews -o yaml 146 | ``` 147 | 148 | 149 | Now, if we reload the `/productpage` in your browser several times, you should now see red-colored star ratings approximately 50% of the time. 150 | 151 | 152 | ### 5.4.2 Shift 100% to v3 153 | When version v3 of the reviews microservice is considered stable, we can route 100% of the traffic to reviews:v3: 154 | 155 | 158 | 159 | 160 | Using Meshery, navigate to the designs page under configuration and import the below design. Make sure Istio adapter is running. 161 | **Patternfile**: 162 | ```yaml 163 | name: ShiftAllTrafficToV3 164 | services: 165 | vs: 166 | settings: 167 | hosts: 168 | - reviews 169 | http: 170 | - route: 171 | - destination: 172 | host: reviews 173 | subset: v3 174 | type: VirtualService.Istio 175 | name: vs 176 | namespace: default 177 | 178 | --- 179 | Manual step for can be found [here](#appendix) 180 | 181 | This will update the existing virtual service definition for reviews to route 100% of all traffic to review V3. 182 | 183 | In a few, we should be able to verify the virtual service by using the command below: 184 | 185 | ```sh 186 | kubectl get virtualservice reviews -o yaml 187 | ``` 188 | 189 | 190 | 191 | Now, if we reload the `/productpage` in your browser several times, you should now see red-colored star ratings 100% of the time. 192 | 193 | 194 | ## [Continue to lab 6 - Fault Injection and Rate Limiting](../lab-6/README.md) 195 | 196 |
197 | Alternative, manual installation steps below. No need to execute, if you have performed the steps above. 198 |
199 | 200 | ## Appendix - Manual Instructions 201 | 202 | ### Default destination rules 203 | Run the following command to create default destination rules for the Bookinfo services: 204 | ```sh 205 | kubectl apply -f samples/bookinfo/networking/destination-rule-all-mtls.yaml 206 | ``` 207 | 208 | ### Route all traffic to version V1 of all services 209 | 210 | ```sh 211 | kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml 212 | ``` 213 | 214 | ### Route all traffic to version V2 of reviews for user Jason 215 | 216 | ```sh 217 | kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml 218 | ``` 219 | 220 | ### Route 50% of traffic to version V3 of reviews service 221 | 222 | ```sh 223 | kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml 224 | ``` 225 | 226 | ### Route 100% of traffic to version V3 of reviews service 227 | 228 | ```sh 229 | kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-v3.yaml 230 | ``` 231 | -------------------------------------------------------------------------------- /lab-5/alltraffik-to-v3.design.yaml: -------------------------------------------------------------------------------- 1 | name: ShiftAllTrafficToV3 2 | services: 3 | vs: 4 | settings: 5 | hosts: 6 | - reviews 7 | http: 8 | - route: 9 | - destination: 10 | host: reviews 11 | subset: v3 12 | type: VirtualService.Istio 13 | name: vs 14 | namespace: default 15 | -------------------------------------------------------------------------------- /lab-5/canary.design.yaml: -------------------------------------------------------------------------------- 1 | name: CanaryV1V3 2 | services: 3 | vs: 4 | settings: 5 | hosts: 6 | - reviews 7 | http: 8 | - route: 9 | - destination: 10 | host: reviews 11 | subset: v1 12 | weight: 50 13 | - destination: 14 | host: reviews 15 | subset: v3 16 | weight: 50 17 | type: VirtualService.Istio 18 | name: vs 19 | namespace: default 20 | -------------------------------------------------------------------------------- /lab-5/traffik-to-v1.design.yaml: -------------------------------------------------------------------------------- 1 | name: Lab5 2 | services: 3 | vs: 4 | settings: 5 | hosts: 6 | - reviews 7 | http: 8 | - route: 9 | - destination: 10 | host: reviews 11 | subset: v1 12 | type: VirtualService.Istio 13 | name: vs 14 | namespace: default 15 | -------------------------------------------------------------------------------- /lab-5/v2-for-jason.design.yaml: -------------------------------------------------------------------------------- 1 | name: V2ForJason 2 | services: 3 | vs: 4 | settings: 5 | hosts: 6 | - reviews 7 | http: 8 | - corsPolicy: {} 9 | match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | route: 14 | - destination: 15 | host: reviews 16 | subset: v2 17 | - corsPolicy: {} 18 | route: 19 | - destination: 20 | host: reviews 21 | subset: v1 22 | type: VirtualService.Istio 23 | name: vs 24 | namespace: default 25 | -------------------------------------------------------------------------------- /lab-6/README.md: -------------------------------------------------------------------------------- 1 | # Lab 6 - Fault Injection 2 | 3 | In this lab we will learn how to test the resiliency of an application by injecting systematic faults. 4 | 5 | 6 | 7 | 10 | Before we start, we will need to reset the virtual services. 11 | 12 | Using Meshery, navigate to the Istio management page: 13 | Undeploy `alltraffic-to-v3.design.yaml` that you had imported in the previous lab from design configurator 14 | 15 | 19 | 20 | ## 6.1 Inject a route rule to create a fault using HTTP delay 21 | 22 | To start, we will inject a 7s delay for accessing the ratings service for a user `jason`. reviews v2 service has a 10s hard-coded connection timeout for its calls to the ratings service configured globally. 23 | 24 | 27 | 28 | Using Meshery, navigate to the designs page under configuration and import the below design. Make sure Istio adapter is running. 29 | **Patternfile**: 30 | ```yaml 31 | name: FaultForJason 32 | services: 33 | vs: 34 | settings: 35 | hosts: 36 | - ratings 37 | http: 38 | - fault: 39 | delay: 40 | fixedDelay: 7s 41 | percentage: 42 | value: 100 43 | match: 44 | - headers: 45 | end-user: 46 | exact: jason 47 | route: 48 | - destination: 49 | host: ratings 50 | subset: v1 51 | - route: 52 | - destination: 53 | host: ratings 54 | subset: v1 55 | type: VirtualService.Istio 56 | name: vs 57 | namespace: default 58 | 59 | ``` 60 | 61 | Manual step for can be found [here](#appendix) 62 | 63 | This will update the existing virtual service definition for ratings to inject a delay for user `jason` to access the ratings V1. 64 | 65 | In a few, we should be able to verify the virtual service by using the command below: 66 | ```sh 67 | kubectl get virtualservice ratings -o yaml 68 | ``` 69 | 70 | Now we login to `/productpage` as user `jason` and observe that the page loads but because of the induced delay between services the reviews section will show : 71 | 72 | 
 73 |         Error fetching product reviews!
 74 | 
 75 | Sorry, product reviews are currently unavailable for this book.
 76 |
77 | 78 | If you logout or login as a different user, the page should load normally without any errors. 79 | 80 | ## 6.2 Inject a route rule to create a fault using HTTP abort 81 | 82 | In this section, , we will introduce an HTTP abort to the ratings microservices for user `jason`. 83 | 84 | 88 | 89 | 90 | Using Meshery, navigate to the designs page under configuration and import the below design. Make sure Istio adapter is running. 91 | **Patternfile**: 92 | ```yaml 93 | name: FaultForJason 94 | services: 95 | vs: 96 | settings: 97 | hosts: 98 | - ratings 99 | http: 100 | - fault: 101 | delay: 102 | fixedDelay: 7s 103 | percentage: 104 | value: 100 105 | match: 106 | - headers: 107 | end-user: 108 | exact: jason 109 | route: 110 | - destination: 111 | host: ratings 112 | subset: v1 113 | - route: 114 | - destination: 115 | host: ratings 116 | subset: v1 117 | type: VirtualService.Istio 118 | name: vs 119 | namespace: default 120 | ``` 121 | 122 | This will update the existing virtual service definition for ratings to inject a HTTP abort for user `jason` to access the ratings V1. 123 | 124 | In a few, we should be able to verify the virtual service by using the command below: 125 | 126 | ```sh 127 | kubectl get virtualservice ratings -o yaml 128 | ``` 129 | 130 | 131 | Now we login to `/productpage` as user `jason` and observe that the page loads without any new delays but because of the induced fault between services the reviews section will show: 132 | 133 | `Ratings service is currently unavailable`. 134 | 135 | ### 6.3 Verify fault injection 136 | Verify the fault injection by logging out (or logging in as a different user), the page should load normally without any errors. 137 | 138 | ## [Continue to Lab 7 - Circuit Breaking](../lab-7/README.md) 139 | 140 |
141 | Alternative, manual installation steps below. No need to execute, if you have performed the steps above. 142 |
143 | 144 | ## Appendix 145 | 146 | ### Route all traffic to version V1 of all services 147 | 148 | ```sh 149 | kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml 150 | ``` 151 | 152 | ### Route all traffic to version V2 of reviews for user Jason 153 | 154 | ```sh 155 | kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml 156 | ``` 157 | 158 | ### Inject 7s delay for ratings service 159 | 160 | ```sh 161 | kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml 162 | ``` 163 | 164 | ### Inject HTTP abort for ratings service 165 | ```sh 166 | kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-abort.yaml 167 | ``` 168 | 169 | 170 | -------------------------------------------------------------------------------- /lab-6/abort-for-jason.design.yaml: -------------------------------------------------------------------------------- 1 | name: AbortForJason 2 | services: 3 | vs: 4 | settings: 5 | hosts: 6 | - ratings 7 | http: 8 | - fault: 9 | abort: 10 | httpStatus: 500 11 | percentage: 12 | value: 100 13 | match: 14 | - headers: 15 | end-user: 16 | exact: jason 17 | route: 18 | - destination: 19 | host: ratings 20 | subset: v1 21 | - route: 22 | - destination: 23 | host: ratings 24 | subset: v1 25 | type: VirtualService.Istio 26 | name: vs 27 | namespace: default 28 | -------------------------------------------------------------------------------- /lab-6/fault-for-json.design.yaml: -------------------------------------------------------------------------------- 1 | name: FaultForJason 2 | services: 3 | vs: 4 | settings: 5 | hosts: 6 | - ratings 7 | http: 8 | - fault: 9 | delay: 10 | fixedDelay: 7s 11 | percentage: 12 | value: 100 13 | match: 14 | - headers: 15 | end-user: 16 | exact: jason 17 | route: 18 | - destination: 19 | host: ratings 20 | subset: v1 21 | - route: 22 | - destination: 23 | host: ratings 24 | subset: v1 25 | type: VirtualService.Istio 26 | name: vs 27 | namespace: default 28 | -------------------------------------------------------------------------------- /lab-7/README.md: -------------------------------------------------------------------------------- 1 | # Lab 7 - Circuit Breaking 2 | 3 | In this lab we will configure circuit breaking using Istio. Circuit breaking allows developers to write applications that limit the impact of failures, latency spikes, and other undesirable effects of network peculiarities. This task will show how to configure circuit breaking for connections, requests, and outlier detection. 4 | 5 | ## 7.1 Preparing for circuit breaking 6 | Before we can configure circuit breaking, please try to access the `product page` app from within `Meshery` to ensure all the calls are making it through **without** errors as we did in [Lab 4 - Telemetry - Section 4.1](../lab-4/README.md) ([see screenshot](https://raw.githubusercontent.com/leecalcote/istio-service-mesh-workshop/feature/blend-in-meshery/lab-7/img/meshery_initial_load_test.png)). 7 | 8 | 9 | ## 7.2 Configure circuit breaking 10 | Now that we have the needed services in place, it is time to configure circuit breaking using a destination rule. 11 | 12 | 38 | 39 | 40 | Using Meshery, navigate to the designs page under configuration and import the below design. Make sure Istio adapter is running. 41 | **Patternfile**: 42 | ```yaml 43 | name: CircuitBreaker 44 | services: 45 | reviews: 46 | name: reviews 47 | type: DestinationRule.Istio 48 | version: 1.12.9 49 | namespace: default 50 | settings: 51 | host: productpage 52 | subsets: 53 | - labels: 54 | version: v1 55 | name: v1 56 | trafficPolicy: 57 | connectionPool: 58 | http: 59 | http1MaxPendingRequests: 1 60 | maxRequestsPerConnection: 1 61 | tcp: 62 | maxConnections: 1 63 | outlierDetection: 64 | baseEjectionTime: 3m 65 | consecutiveErrors: 1 66 | interval: 1s 67 | maxEjectionPercent: 100 68 | tls: 69 | mode: ISTIO_MUTUAL 70 | ``` 71 | 72 | Manual step for can be found [here](#appendix) 73 | 74 | This will update the existing destination rule definition for product page service to break the circuit if there are more than one connection and more than one pending request. 75 | 76 | In a few, we should be able to verify the destination rule by using the command below: 77 | 78 | ```sh 79 | kubectl get destinationrule productpage -o yaml 80 | ``` 81 | 82 | 83 | ## 7.3 Time to trip the circuit 84 | In the circuit-breaker settings, we specified maxRequestsPerConnection: 1 and http1MaxPendingRequests: 1. This should mean that if we exceed more than one request per connection and more than one pending request, we should see the istio-proxy sidecar open the circuit for further requests/connections. 85 | 86 | Let us now use Meshery to make several calls to `product page` app by changing the number of concurrent connections to 5 from within Meshery's Performance page. 87 | 88 | Once you have updated the fields, you now click on `Run Test`. 89 | 90 | This will run the load test and show the results in a chart. ([see screenshot](https://raw.githubusercontent.com/leecalcote/istio-service-mesh-workshop/feature/blend-in-meshery/lab-7/img/meshery_cb_load_test.png)). 91 | 92 | You should only see a percentage of the requests succeed and the rest trapped by the configured circuit breaker. 93 | 94 | 95 | ## [Continue to Lab 8 - Mutual TLS & Identity Verification](../lab-8/README.md) 96 | 97 | ## Appendix 98 | 99 | ### Configure circuit breaking 100 | 101 | ```sh 102 | kubectl apply -f - < GET /details/0 HTTP/1.1 91 | > Host: details:9080 92 | > User-Agent: curl/7.47.0 93 | > Accept: */* 94 | > 95 | < HTTP/1.1 200 OK 96 | < content-type: application/json 97 | < server: envoy 98 | < date: Thu, 07 Jun 2018 15:19:46 GMT 99 | < content-length: 178 100 | < x-envoy-upstream-service-time: 1 101 | < x-envoy-decorator-operation: default-route 102 | < 103 | * Connection #0 to host details left intact 104 | {"id":0,"author":"William Shakespeare","year":1595,"type":"paperback","pages":200,"publisher":"PublisherA","language":"English","ISBN-10":"1234567890","ISBN-13":"123-1234567890"} 105 | ``` 106 | 107 | This proves the existence of mTLS between the services on the Istio mesh. 108 | 109 | Now lets come out of the container before we go to the next section: 110 | 111 | ```sh 112 | exit 113 | ``` 114 | 115 | 116 | ## 8.2 [Secure Production Identity Framework for Everyone (SPIFFE)](https://spiffe.io/) 117 | 118 | Istio uses [SPIFFE](https://spiffe.io/) to assert the identify of workloads on the cluster. SPIFFE consists of a notion of identity and a method of proving it. A SPIFFE identity consists of an authority part and a path. The meaning of the path in spiffe land is implementation defined. In k8s it takes the form `/ns/$namespace/sa/$service-account` with the expected meaning. A SPIFFE identify is embedded in a document. This document in principle can take many forms but currently the only defined format is x509. 119 | 120 | 121 | To start our investigation, let us check if the certs are in place in the productpage sidecar: 122 | ```sh 123 | kubectl exec $(kubectl get pod -l app=productpage -o jsonpath={.items..metadata.name}) -c istio-proxy -- ls /etc/certs 124 | ``` 125 | Output will be similar to: 126 | ```sh 127 | cert-chain.pem 128 | key.pem 129 | root-cert.pem 130 | ``` 131 | 132 | Mac users, MacOS should have openssl available. If your machine does not have openssl install, install it using your preferred method. 133 | 134 | Here is one way to install it on RHEL or CentOS or its derivatives: 135 | ```sh 136 | sudo yum install -y openssl-devel 137 | ``` 138 | 139 | Here is one way to install it on Ubuntu or Debian or its derivatives: 140 | ```sh 141 | sudo apt install -y libssl-dev 142 | ``` 143 | 144 | Now that we have found the certs, let us verify the certificate of productpage sidecar by running this command: 145 | ```sh 146 | kubectl exec $(kubectl get pod -l app=productpage -o jsonpath={.items..metadata.name}) -c istio-proxy -- cat /etc/certs/cert-chain.pem | openssl x509 -text -noout | grep Validity -A 2 147 | ``` 148 | 149 | Output will be similar to: 150 | ```sh 151 | Not Before: Sep 23 17:32:28 2019 GMT 152 | Not After : Dec 22 17:32:28 2019 GMT 153 | ``` 154 | 155 | Lets also verify the URI SAN: 156 | ```sh 157 | kubectl exec $(kubectl get pod -l app=productpage -o jsonpath={.items..metadata.name}) -c istio-proxy -- cat /etc/certs/cert-chain.pem | openssl x509 -text -noout | grep 'Subject Alternative Name' -A 1 158 | ``` 159 | 160 | Output will be similar to: 161 | ```sh 162 | X509v3 Subject Alternative Name: critical 163 | URI:spiffe://cluster.local/ns/default/sa/bookinfo-productpage 164 | ``` 165 | You can see that the subject isn't what you'd normally expect, URI SAN extension has a `spiffe` URI. 166 | 167 | This wraps up this lab and training. Thank you for attending! 168 | 169 | --- 170 | 171 | # Additional Resources 172 | For future updates and additional resources, check out [layer5.io](https://layer5.io). 173 | 174 | Join the Layer5 service mesh community on [Slack](http://slack.layer5.io) or point questions to [@Layer5](https://twitter.com/layer5) on Twitter. 175 | -------------------------------------------------------------------------------- /lab-8/disable-plain-http.design.yaml: -------------------------------------------------------------------------------- 1 | name: DisablePlainHTTP 2 | services: 3 | bukohbknil: 4 | settings: 5 | mtls: 6 | mode: STRICT 7 | type: PeerAuthentication.Istio 8 | name: peerauth 9 | namespace: default 10 | -------------------------------------------------------------------------------- /prereq/README.md: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | 3 | You will need each of the following in order to complete the workshop: 4 | 5 | 1. Kubernetes (installed locally or have remote access to a cluster) 6 | 1. Meshery (installed locally) 7 | 1. Istioctl (installed locally) 8 | 9 | ## Create a Kubernetes Cluster 10 | 11 | You will need access to a Kubernetes cluster in this training. While any Kubernetes cluster _should_ work, instructions for Docker Desktop and Minikube are included in these labs as the example Kubernetes platforms. Alternatively, you may choose to use any of the other [supported Kubernetes platform](https://github.com/layer5io/meshery#run-meshery). 12 | 13 | ### Setup Docker Desktop (MacOS and Windows) 14 | 15 | 1. Download and install [Docker Desktop](https://www.docker.com/products/docker-desktop). 16 | 1. Ensure 4GB is allocated to your Docker Desktop VM in Docker Desktop preferences ([see screenshot](https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/master/prereq/img/docker-desktop-memory.png)). 17 | 1. Create Kubernetes cluster. Enable Kubernetes in Docker Desktop preferences ([see screenshot](https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/master/prereq/img/docker-desktop-kube.png)). 18 | 1. Please open `~/.kube/config` and check the `docker-desktop` cluster under `clusters` section and ensure you see something like the image below: 19 | ![](img/docker-desktop-config.png) 20 | 21 | **Note**: If you see `https://localhost:6443` as the value for server, please get the IP address of your host and replace `localhost` with the the IP address. The end result should look like this `https://1.2.3.4:6443`. 22 | 23 | - Mac and Windows users may continue this workshop with Kubernetes on Docker Desktop. 24 | 25 | ### Or... Setup Minikube (MacOS, Windows, Linux) 26 | 27 | 1. [Install minikube](https://minikube.sigs.k8s.io). 28 | 1. Create Kubernetes cluster: `minikube start`. 29 | 30 | ### Check Cluster Status 31 | 32 | Check the status of the nodes. Ensure `Ready` state. 33 | 34 | ```sh 35 | [node1 ~]$ kubectl get nodes 36 | NAME STATUS ROLES AGE VERSION 37 | node1 Ready master 1h v1.15.2 38 | ``` 39 | 40 | Check the status of the pods next: 41 | 42 | ```sh 43 | [node1 ~]$ kubectl get pods --all-namespaces 44 | NAMESPACE NAME READY STATUS RESTARTS AGE 45 | kube-system etcd-node1 1/1 Running 0 1h 46 | kube-system kube-apiserver-node1 1/1 Running 0 1h 47 | kube-system kube-controller-manager-node1 1/1 Running 0 1h 48 | kube-system kube-dns-545bc4bfd4-nnbwn 3/3 Running 0 1h 49 | kube-system kube-proxy-pxq27 1/1 Running 0 1h 50 | kube-system kube-scheduler-node1 1/1 Running 0 1h 51 | ``` 52 | 53 | If all pods are in a `Running` state, you have an operational Kubernetes cluster. Please continue to download and run Meshery. 54 | 55 | ## Download `mesheryctl` 56 | 57 | ### Meshery Architecture 58 | In this workshop, Meshery and Istio adapter for Meshery will be running in-cluster in the `meshery` namespace. 59 | 60 | Meshery Architecture 61 | 62 | 63 | 64 | #### Install on MacOS and Linux with bash script: 65 | The below command installs Meshery and Istio adapter for Meshery in `meshery` namespace in your cluster. 66 | ``` 67 | curl -L https://meshery.io/install | ADAPTERS=istio PLATFORM=kubernetes bash - 68 | ``` 69 | 70 | #### Or.... Install on Windows with `mesheryctl` binary 71 | 72 | ### [Windows](https://meshery.layer5.io/docs/installation#windows) 73 | 74 | 1. Use Scoop. 75 | 76 | or 77 | 78 | 1. Download and unzip `mesheryctl` from the [Meshery releases](https://github.com/layer5io/meshery/releases/latest) page. 79 | 1. Add `mesheryctl` to your PATH for ease of use. Then, execute: 80 | 81 | ``` 82 | ./mesheryctl system start 83 | ``` 84 | 85 | Upon starting Meshery successfully, instructions to access Meshery will be printed on the sceen. 86 | 87 | ## Run Meshery 88 | 89 | Meshery will automatically launch in your browser. 90 | 91 | Sign into Meshery ([see screenshot](/master/prereq/img/sign-into-meshery.png)) using either Twitter, Linkedin, GitHub or Google authentication. 92 | 93 | Meshery attempts to automatically connect with your Kubernetes cluster by loading the kubeconfig found in your `$HOME/.kube` folder and connecting existing service mesh adapters ([see screenshot](../master/prereq/img/meshery_landing_page.png)). 94 | 95 | If your kubeconfig is in a different location (i.e. if you are not using Docker Desktop), point Meshery to your kubeconfig location by navigating to the Settings page. Navigate to Settings by clicking the gear icon on the right top of the screen ([see screenshot](https://raw.githubusercontent.com/layer5io/advanced-istio-service-mesh-workshop/master/prereq/img/meshery_landing_page_settings_icon.png)). 96 | 97 | This will take the user to the `Settings` page and here you can load up your new config file and select the context to use ([see screenshot](https://raw.githubusercontent.com/layer5io/advanced-istio-service-mesh-workshop/feature/blend-in-meshery/prereq/img/meshery_settings_page.png)). 98 | 99 | **If you are using minikube**: 100 | To configure Meshery to use minikube: 101 | 102 | 1. Login to Meshery. Under your user profile, click `Get Token`. 103 | 1. Use `mesheryctl` to configure Meshery to use minikube. Execute: 104 | 105 | ```sh 106 | mesheryctl system config minikube -t ~/Downloads/auth.json 107 | ``` 108 | 109 | In a similar fashion, if you don't see the Istio adapter loaded, you should be able to switch to the `Service Meshes` tab in the `Settings` page and connect to existing adapters from the drop down ([see screenshot](https://raw.githubusercontent.com/layer5io/advanced-istio-service-mesh-workshop/master/prereq/img/meshery_settings_page-service-meshes.png)). 110 | 111 | Once an adapter is connected, you will also see it added to the nav menu on the left ([see screenshot](https://raw.githubusercontent.com/layer5io/advanced-istio-service-mesh-workshop/master/prereq/img/meshery_settings_page-service_meshes_with_menu.png)). 112 | 113 | In the labs, you will use a combination of Meshery's UI and your terminal. We suggest splitting the view on your display between your terminal and your web browser, so that you don't have to switch between apps frequently. 114 | 115 |

116 | 117 | 118 | Continue to Lab 1: Deploy Istio 119 |

120 | 121 |
122 |
123 | 124 | Optional, manual installation steps are provided for reference below. No need to execute these if you have performed the steps above. 125 | 126 |
127 | 128 | ## Download `istioctl` 129 | 130 | **Bash** 131 | Install `istioctl` CLI on your local system by executing: 132 | 133 | ```sh 134 | curl -L https://istio.io/downloadIstio | sh - 135 | export PATH=$PWD/bin:$PATH 136 | ``` 137 | 138 | **Brew** 139 | If you are on MacOS, you can use homebrew to install Istio cli: 140 | 141 | ```sh 142 | brew install istioctl 143 | ``` 144 | 145 | To verify if the cli was successfully installed: 146 | 147 | ```sh 148 | istioctl version 149 | ``` 150 | -------------------------------------------------------------------------------- /prereq/img/docker-desktop-config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/docker-desktop-config.png -------------------------------------------------------------------------------- /prereq/img/docker-desktop-kube.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/docker-desktop-kube.png -------------------------------------------------------------------------------- /prereq/img/docker-desktop-memory.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/docker-desktop-memory.png -------------------------------------------------------------------------------- /prereq/img/docker_signup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/docker_signup.png -------------------------------------------------------------------------------- /prereq/img/meshery-architecture.svg: -------------------------------------------------------------------------------- 1 | Docker or KubernetesService Mesh -------------------------------------------------------------------------------- /prereq/img/meshery_landing_page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/meshery_landing_page.png -------------------------------------------------------------------------------- /prereq/img/meshery_landing_page_settings_icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/meshery_landing_page_settings_icon.png -------------------------------------------------------------------------------- /prereq/img/meshery_management_istio-install.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/meshery_management_istio-install.png -------------------------------------------------------------------------------- /prereq/img/meshery_management_istio.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/meshery_management_istio.png -------------------------------------------------------------------------------- /prereq/img/meshery_settings_page-service-meshes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/meshery_settings_page-service-meshes.png -------------------------------------------------------------------------------- /prereq/img/meshery_settings_page-service_meshes_with_menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/meshery_settings_page-service_meshes_with_menu.png -------------------------------------------------------------------------------- /prereq/img/meshery_settings_page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/meshery_settings_page.png -------------------------------------------------------------------------------- /prereq/img/more_nodes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/more_nodes.png -------------------------------------------------------------------------------- /prereq/img/pwk_instance1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/pwk_instance1.png -------------------------------------------------------------------------------- /prereq/img/pwk_login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/pwk_login.png -------------------------------------------------------------------------------- /prereq/img/pwk_main.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/pwk_main.png -------------------------------------------------------------------------------- /prereq/img/pwk_start.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/pwk_start.png -------------------------------------------------------------------------------- /prereq/img/sign-into-meshery.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/layer5io/istio-service-mesh-workshop/e809e82b337ce34a126cbac9b7637c07d956ac23/prereq/img/sign-into-meshery.png --------------------------------------------------------------------------------