├── .checkov.yml
├── .github
    ├── CODEOWNERS
    ├── ISSUE_TEMPLATE
    │   ├── bug_report.md
    │   ├── config.yml
    │   └── proposal.md
    ├── renovate.json5
    └── workflows
    │   ├── links.yml
    │   ├── markdown-check.yml
    │   ├── mega-linter.yml
    │   ├── release-please.yml
    │   ├── renovate.yml
    │   ├── semantic-pull-request.yml
    │   ├── stale.yml
    │   └── vuepress-build.yml
├── .gitignore
├── .grype.yaml
├── .jscpd.json
├── .lycheeignore
├── .markdownlint.yml
├── .mega-linter.yml
├── .mlc_config.json
├── .spelling
├── .trivyignore.yaml
├── CHANGELOG.md
├── LICENSE
├── docs
    ├── .vuepress
    │   ├── config.js
    │   └── public
    │   │   ├── favicon.ico
    │   │   └── istio.svg
    ├── README.md
    ├── part-01
    │   └── README.md
    ├── part-02
    │   └── README.md
    ├── part-03
    │   └── README.md
    ├── part-04
    │   ├── README.md
    │   ├── bookinfo_v1_raiting.png
    │   ├── bookinfo_v1_v3_v2.gif
    │   ├── bookinfo_v2_raiting.png
    │   ├── bookinfo_v3_raiting.png
    │   ├── crt_sh.png
    │   ├── grafana_istio_galley_dashboard.png
    │   ├── grafana_istio_mixer_dashboard.png
    │   ├── grafana_istio_performance_dashboard.png
    │   ├── grafana_istio_pilot_dashboard.png
    │   ├── grafana_istio_service_dashboard.png
    │   ├── grafana_istio_workload_dashboard.png
    │   ├── istio_kiali_graph.gif
    │   ├── jaeger.png
    │   ├── kiali.png
    │   ├── kiali_ssl_certificate.png
    │   ├── prometheus_istio_requests_total1.png
    │   ├── prometheus_istio_requests_total2.png
    │   ├── prometheus_istio_requests_total3.png
    │   ├── prometheus_istio_requests_total4.png
    │   ├── servicegraph_dotviz.png
    │   └── servicegraph_istio_service_graph.png
    ├── part-05
    │   ├── README.md
    │   ├── bookinfo_v1.jpg
    │   └── bookinfo_v2.jpg
    ├── part-06
    │   ├── README.md
    │   ├── bookinfo_injecting_http_abort_fault.gif
    │   ├── bookinfo_injecting_http_delay_fault.gif
    │   ├── bookinfo_injecting_http_delay_fault_developer_tools.png
    │   └── istio_kiali_injecting_an_http_abort_fault.gif
    ├── part-07
    │   ├── README.md
    │   ├── bookinfo_v3.jpg
    │   ├── istio_kiali_weight-based_routing-bookinfo_v3.gif
    │   └── istio_kiali_weight-based_routing.gif
    └── part-08
    │   └── README.md
├── files
    ├── aws_route53-dns_change.json
    ├── cert-manager-letsencrypt-aws-route53-clusterissuer-certificate.yaml
    ├── export_services_gateway.yaml
    └── route_53_change_policy.json
├── lychee.toml
├── package-lock.json
├── package.json
├── run-k8s-istio-webinar-full.sh
├── run-k8s-istio-webinar.sh
└── tests
    └── ci_test.sh


/.checkov.yml:
--------------------------------------------------------------------------------
1 | skip-check:
2 |   # The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty
3 |   - CKV_GHA_7
4 | 


--------------------------------------------------------------------------------
/.github/CODEOWNERS:
--------------------------------------------------------------------------------
1 | # Users referenced in this file will automatically be requested as reviewers for
2 | # PRs that modify the given paths
3 | # See https://help.github.com/articles/about-code-owners/, https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
4 | 
5 | # All code
6 | * @ruzickap
7 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Bug report
 3 | about: Create a report to help us improve
 4 | title: "Bug: This is a sample issue title"
 5 | labels: bug
 6 | assignees: ruzickap
 7 | ---
 8 | 
 9 | **Describe the bug**
10 | A clear and concise description of what the bug is.
11 | 
12 | **To Reproduce**
13 | Steps to reproduce the behaviour.
14 | 
15 | **Expected behaviour**
16 | A clear and concise description of what you expected to happen.
17 | 
18 | **Screenshots**
19 | If applicable, add screenshots to help explain your problem.
20 | 
21 | **Additional context**
22 | Add any other context about the problem here.
23 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
1 | blank_issues_enabled: false
2 | contact_links:
3 |   - name: GitHub Actions Community Forum
4 |     url: https://github.com/orgs/community/discussions/
5 |     about: Please ask questions about GitHub Actions here.
6 |   - name: GitHub Pages help
7 |     url: https://help.github.com/en/github/working-with-github-pages
8 |     about: GitHub Pages documentation here.
9 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/proposal.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Proposal
 3 | about: Suggest an idea for this project
 4 | title: "Proposal: This is a sample title"
 5 | labels: proposal
 6 | assignees: ruzickap
 7 | ---
 8 | 
 9 | **Is your feature request related to a problem? Please describe**
10 | A clear and concise description of what the problem is. Ex. I'm always
11 | frustrated when [...]
12 | 
13 | **Describe the solution you'd like**
14 | A clear and concise description of what you want to happen.
15 | 
16 | **Describe alternatives you've considered**
17 | A clear and concise description of any alternative solutions or features you've considered.
18 | 
19 | **Additional context**
20 | Add any other context or screenshots about the feature request here.
21 | 


--------------------------------------------------------------------------------
/.github/renovate.json5:
--------------------------------------------------------------------------------
 1 | {
 2 |   $schema: "https://docs.renovatebot.com/renovate-schema.json",
 3 |   // Keep the extends started with ":" at the end of the list to allow overriding
 4 |   extends: [
 5 |     "config:recommended",
 6 |     "docker:pinDigests",
 7 |     "helpers:pinGitHubActionDigestsToSemver",
 8 |     "security:openssf-scorecard",
 9 |     ":disableDependencyDashboard",
10 |     ":disableRateLimiting",
11 |     ":docker",
12 |     ":enableVulnerabilityAlertsWithLabel(security)",
13 |     ":pinSkipCi",
14 |   ],
15 |   "git-submodules": {
16 |     enabled: true,
17 |   },
18 |   labels: [
19 |     "renovate",
20 |     "renovate/{{replace '.*/' '' depName}}",
21 |     "renovate/{{updateType}}",
22 |   ],
23 |   lockFileMaintenance: {
24 |     enabled: true,
25 |     schedule: ["before 6am on Sunday"],
26 |   },
27 |   packageRules: [
28 |     {
29 |       matchUpdateTypes: ["major"],
30 |       automerge: false,
31 |     },
32 |     {
33 |       description: "Ignore frequent renovate updates",
34 |       enabled: false,
35 |       matchPackageNames: ["renovatebot/github-action"],
36 |       matchUpdateTypes: ["patch"],
37 |     },
38 |     {
39 |       description: "Update renovatebot/github-action minor updates on Sundays",
40 |       matchPackageNames: ["renovatebot/github-action"],
41 |       matchUpdateTypes: ["minor"],
42 |       schedule: ["* * * * 0"],
43 |     },
44 |   ],
45 |   prBodyTemplate: "{{{table}}}{{{notes}}}{{{changelogs}}}",
46 |   rebaseWhen: "behind-base-branch",
47 |   regexManagers: [
48 |     {
49 |       extractVersionTemplate: "{{#if extractVersion}}{{{extractVersion}}}{{else}}^v?(?<version>.+)${{/if}}",
50 |       fileMatch: ["\\.ya?ml$", "\\.md$", "^Dockerfile$", "^entrypoint\\.sh$"],
51 |       matchStrings: [
52 |         '# renovate: datasource=(?<datasource>.+?) depName=(?<depName>.+?)( versioning=(?<versioning>.+?))?( extractVersion=(?<extractVersion>.+?))?( registryUrl=(?<registryUrl>.+?))?\\s.*[=:]\\s*"?(?<currentValue>.+?)"?\\s',
53 |       ],
54 |       versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
55 |     },
56 |   ],
57 |   separateMinorPatch: true,
58 | }
59 | 


--------------------------------------------------------------------------------
/.github/workflows/links.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: links
 3 | 
 4 | on:
 5 |   workflow_dispatch:
 6 |   push:
 7 |     paths:
 8 |       - .github/workflows/links.yml
 9 |       - lychee.toml
10 |   schedule:
11 |     - cron: "0 0 * * 2"
12 | 
13 | permissions: read-all
14 | 
15 | jobs:
16 |   links:
17 |     runs-on: ubuntu-latest
18 |     steps:
19 |       - name: Checkout
20 |         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
21 | 
22 |       - name: Setup Pages
23 |         id: pages
24 |         uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
25 | 
26 |       - name: Restore lychee cache
27 |         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
28 |         with:
29 |           path: .lycheecache
30 |           key: cache-lychee-${{ github.sha }}
31 |           restore-keys: cache-lychee-
32 | 
33 |       - name: Link Checker
34 |         env:
35 |           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
36 |         uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # v1.10.0
37 |         with:
38 |           args: ". --exclude-path CHANGELOG.md ${{ steps.pages.outputs.base_url }}"
39 |           fail: true
40 | 


--------------------------------------------------------------------------------
/.github/workflows/markdown-check.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: markdown-check
 3 | 
 4 | on:
 5 |   workflow_dispatch:
 6 |   push:
 7 |     branches-ignore:
 8 |       - main
 9 |     paths:
10 |       - "**.md"
11 |       - .github/workflows/markdown-check.yml
12 |       - .markdownlint.yml
13 |       - .mlc_config.json
14 |       - .spelling
15 | 
16 | permissions: read-all
17 | 
18 | jobs:
19 |   markdownlint-check:
20 |     runs-on: ubuntu-latest
21 |     steps:
22 |       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
23 | 
24 |       - name: Markdown Lint
25 |         uses: ruzickap/action-my-markdown-linter@26b4129bf0352527e60b5bd739357af63df1b7bf # v1.2.0
26 |         with:
27 |           exclude: |
28 |             CHANGELOG.md
29 | 
30 |   markdown-link-check:
31 |     runs-on: ubuntu-latest
32 |     steps:
33 |       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
34 | 
35 |       - name: Link Checker
36 |         uses: ruzickap/action-my-markdown-link-checker@1126c6a5c31df989b4f3b1a8072ad125887b4c47 # v1.3.0
37 |         with:
38 |           exclude: |
39 |             CHANGELOG.md
40 | 
41 |   markdown-spell-check:
42 |     runs-on: ubuntu-latest
43 |     steps:
44 |       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
45 | 
46 |       - name: Install Node.js LTS version
47 |         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
48 | 
49 |       - name: Install markdown-spellcheck
50 |         run: npm install -g markdown-spellcheck
51 | 
52 |       - name: Run mdspell
53 |         run: find . -type f \( -name "*.md" ! -name "CHANGELOG.md" \) -print0 | xargs -0 --max-args=1 --verbose mdspell --ignore-numbers --ignore-acronyms --report --en-gb
54 | 


--------------------------------------------------------------------------------
/.github/workflows/mega-linter.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: mega-linter
 3 | 
 4 | on:
 5 |   workflow_dispatch:
 6 |   push:
 7 |     branches-ignore:
 8 |       - main
 9 | 
10 | permissions: read-all
11 | 
12 | jobs:
13 |   mega-linter:
14 |     runs-on: ubuntu-latest
15 |     timeout-minutes: 30
16 |     steps:
17 |       - name: Checkout Code
18 |         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
19 | 
20 |       - name: Restore lychee cache
21 |         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
22 |         with:
23 |           path: .lycheecache
24 |           key: cache-lychee-${{ github.sha }}
25 |           restore-keys: cache-lychee-
26 | 
27 |       - name: Extract commands from markdown files
28 |         run: |
29 |           set -euxo pipefail
30 |           echo '#!/usr/bin/env bash' > README.sh
31 |           find . -name '*.md' -print0 | while IFS= read -r -d '' FILE; do
32 |             # Extract: ```bash ... ```
33 |             sed -n "/^\`\`\`\(bash\|shell\)$/,/^\`\`\`$/p" "${FILE}" | sed '/^```*/d' >> README.sh
34 |             # Extract:   ```bash ... ```
35 |             sed -n "/^  \`\`\`\(bash\|shell\)$/,/^  \`\`\`$/p" "${FILE}" | sed '/^  ```*/d; s/^  //' >> README.sh
36 |           done
37 |           chmod a+x README.sh
38 | 
39 |       - name: 💡 MegaLinter
40 |         uses: oxsecurity/megalinter@5199c6377b4cb7faff749a1971636f3343db9fe6 # v7.12.0
41 |         env:
42 |           GITHUB_COMMENT_REPORTER: false
43 |           # Disabled due to error: [GitHub Status Reporter] Error posting Status for REPOSITORY with ...: 403
44 |           GITHUB_STATUS_REPORTER: false
45 |           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
46 | 


--------------------------------------------------------------------------------
/.github/workflows/release-please.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: release-please
 3 | 
 4 | on:
 5 |   workflow_dispatch:
 6 |   push:
 7 |     branches:
 8 |       - main
 9 | 
10 | permissions:
11 |   contents: write
12 |   pull-requests: write
13 | 
14 | jobs:
15 |   release-please:
16 |     runs-on: ubuntu-latest
17 |     steps:
18 |       - uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
19 |         id: app-token
20 |         with:
21 |           app-id: ${{ secrets.MY_RENOVATE_GITHUB_APP_ID }}
22 |           private-key: ${{ secrets.MY_RENOVATE_GITHUB_PRIVATE_KEY }}
23 | 
24 |       - uses: google-github-actions/release-please-action@e4dc86ba9405554aeba3c6bb2d169500e7d3b4ee # v4.1.1
25 |         with:
26 |           release-type: simple
27 |           token: ${{ steps.app-token.outputs.token }}
28 | 


--------------------------------------------------------------------------------
/.github/workflows/renovate.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: renovate
 3 | 
 4 | on:
 5 |   workflow_dispatch:
 6 |     inputs:
 7 |       dryRun:
 8 |         type: boolean
 9 |         description: "Dry-Run"
10 |       logLevel:
11 |         type: choice
12 |         description: "Log-Level"
13 |         default: debug
14 |         options:
15 |           - info
16 |           - debug
17 |           - trace
18 |   push:
19 |     branches:
20 |       - main
21 |       - "!renovate/*"
22 |   schedule:
23 |     - cron: "0 0-3 * * 0"
24 | 
25 | env:
26 |   # https://docs.renovatebot.com/troubleshooting/#log-debug-levels
27 |   LOG_LEVEL: "${{ inputs.logLevel || 'debug' }}"
28 |   # https://docs.renovatebot.com/self-hosted-configuration/#repositories
29 |   RENOVATE_REPOSITORIES: ${{ github.repository }}
30 |   # https://docs.renovatebot.com/self-hosted-configuration/#username
31 |   RENOVATE_USERNAME: ${{ github.repository_owner }}
32 |   # https://docs.renovatebot.com/configuration-options/#platformcommit
33 |   RENOVATE_PLATFORM_COMMIT: "true"
34 |   # https://docs.renovatebot.com/self-hosted-configuration/#dryrun
35 |   # Run renovate in dry-run mode if executed in branches other than main - prevents versions in PRs/branches from being updated
36 |   RENOVATE_DRY_RUN: "${{ inputs.dryRun || ( github.head_ref || github.ref_name ) != 'main' || false }}"
37 |   # Renovate Automerge
38 |   RENOVATE_AUTOMERGE_TYPE: "branch"
39 |   RENOVATE_AUTOMERGE: "true"
40 | 
41 | permissions: read-all
42 | 
43 | jobs:
44 |   renovate:
45 |     runs-on: ubuntu-latest
46 |     concurrency:
47 |       group: ${{ github.workflow }}-${{ github.ref }}
48 |     permissions: write-all
49 |     steps:
50 |       - name: Checkout
51 |         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
52 | 
53 |       - uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
54 |         id: app-token
55 |         with:
56 |           app-id: ${{ secrets.MY_RENOVATE_GITHUB_APP_ID }}
57 |           private-key: ${{ secrets.MY_RENOVATE_GITHUB_PRIVATE_KEY }}
58 | 
59 |       - name: 💡 Self-hosted Renovate
60 |         uses: renovatebot/github-action@89bd050bafa5a15de5d9383e3129edf210422004 # v40.1.5
61 |         with:
62 |           token: ${{ steps.app-token.outputs.token }}
63 | 


--------------------------------------------------------------------------------
/.github/workflows/semantic-pull-request.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: semantic-pull-request
 3 | 
 4 | on:
 5 |   workflow_dispatch:
 6 |   pull_request_target:
 7 |     types:
 8 |       - opened
 9 |       - edited
10 |       - synchronize
11 | 
12 | permissions:
13 |   pull-requests: read
14 | 
15 | jobs:
16 |   semantic-pull-request:
17 |     runs-on: ubuntu-latest
18 |     steps:
19 |       - uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
20 |         id: app-token
21 |         with:
22 |           app-id: ${{ secrets.MY_RENOVATE_GITHUB_APP_ID }}
23 |           private-key: ${{ secrets.MY_RENOVATE_GITHUB_PRIVATE_KEY }}
24 | 
25 |       - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
26 |         env:
27 |           GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
28 | 


--------------------------------------------------------------------------------
/.github/workflows/stale.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: stale
 3 | 
 4 | on:
 5 |   workflow_dispatch:
 6 |   schedule:
 7 |     - cron: "9 9 * * *"
 8 | 
 9 | permissions:
10 |   issues: write
11 |   pull-requests: write
12 | 
13 | jobs:
14 |   stale:
15 |     runs-on: ubuntu-latest
16 |     steps:
17 |       - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
18 |         with:
19 |           close-issue-message: |
20 |             This issue has not seen any activity since it was marked stale.
21 |             Closing.
22 |           close-pr-message: |
23 |             This pull request has not seen any activity since it was marked stale.
24 |             Closing.
25 |           exempt-issue-labels: good-first-issue,need-help,no-stale,pinned,security
26 |           exempt-pr-labels: "autorelease: pending,good-first-issue,need-help,no-stale,pinned,security"
27 |           stale-issue-label: stale
28 |           stale-issue-message: |
29 |             This issue is stale because it has been open 60 days with no activity.
30 |             Remove stale label or comment or this will be closed in 7 days
31 |           stale-pr-label: stale
32 |           stale-pr-message: |
33 |             This PR is stale because it has been open 60 days with no activity.
34 |             Remove stale label or comment or this will be closed in 7 days.
35 | 


--------------------------------------------------------------------------------
/.github/workflows/vuepress-build.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: vuepress-build
 3 | 
 4 | on:
 5 |   workflow_dispatch:
 6 |   push:
 7 |     paths:
 8 |       - .github/workflows/vuepress-build.yml
 9 |       - docs/**
10 |       - package.json
11 |       - package-lock.json
12 | 
13 | permissions:
14 |   contents: write
15 | 
16 | jobs:
17 |   vuepress-build:
18 |     runs-on: ubuntu-latest
19 |     concurrency:
20 |       group: ${{ github.workflow }}-${{ github.ref }}
21 |     steps:
22 |       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
23 | 
24 |       - name: Install Node.js
25 |         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
26 |         with:
27 |           node-version: 16.x
28 | 
29 |       - name: Install VuePress and build the document
30 |         run: |
31 |           npm install
32 |           npm run build
33 |           cp LICENSE docs/.vuepress/dist
34 |           sed -e "s@(part-@(https://github.com/${{ github.repository }}/tree/main/docs/part-@" -e 's@.\/.vuepress\/public\/@./@' docs/README.md > docs/.vuepress/dist/README.md
35 |           ln -s docs/.vuepress/dist ${{ github.event.repository.name }}
36 | 
37 |       - name: Setup Pages
38 |         id: pages
39 |         uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
40 | 
41 |       - name: Check broken links
42 |         uses: ruzickap/action-my-broken-link-checker@bec36cf5736d969f1c5191b9fd2052df87675012 # v2.6.0
43 |         with:
44 |           url: ${{ steps.pages.outputs.base_url }}
45 |           pages_path: .
46 |           cmd_params: '--exclude=(mylabs.dev|localhost|stackoverflow.com) --buffer-size=8192 --ignore-fragments --max-connections-per-host=5 --color=always --rate-limit=5 --header="User-Agent:Mozilla" --skip-tls-verification --timeout=20'
47 | 
48 |       - name: Deploy
49 |         uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0
50 |         if: ${{ github.ref == 'refs/heads/main' }}
51 |         with:
52 |           github_token: ${{ secrets.GITHUB_TOKEN }}
53 |           publish_dir: ./docs/.vuepress/dist
54 |           force_orphan: true
55 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # pre-commit configuration file
 2 | .pre-commit-config.yaml
 3 | 
 4 | # demo-magic.sh script
 5 | demo-magic.sh
 6 | 
 7 | # Vuepress Pages
 8 | docs/.vuepress/dist
 9 | 
10 | # Kubernetes kubeconfig file
11 | kubeconfig*.conf*
12 | 
13 | # Node modules
14 | node_modules/
15 | 
16 | # nohup output
17 | nohup.out
18 | 
19 | # README.sh script
20 | README.sh
21 | 
22 | # tmp directory
23 | tmp/
24 | 


--------------------------------------------------------------------------------
/.grype.yaml:
--------------------------------------------------------------------------------
 1 | ignore:
 2 |   # glob-parent   3.1.0      5.1.2     npm   GHSA-ww39-953v-wcq6  High
 3 |   - vulnerability: GHSA-ww39-953v-wcq6
 4 |   # json5         0.5.1      1.0.2     npm   GHSA-9c47-m6qq-7p4h  High
 5 |   - vulnerability: GHSA-9c47-m6qq-7p4h
 6 |   # loader-utils  0.2.17     1.4.1     npm   GHSA-76p3-8jx3-jpfq  Critical
 7 |   - vulnerability: GHSA-76p3-8jx3-jpfq
 8 |   # node-forge    0.10.0     1.3.0     npm   GHSA-cfm4-qjh2-4765  High
 9 |   - vulnerability: GHSA-cfm4-qjh2-4765
10 |   # node-forge    0.10.0     1.3.0     npm   GHSA-x4jg-mjrx-434g  High
11 |   - vulnerability: GHSA-x4jg-mjrx-434g
12 |   # nth-check     1.0.2      2.0.1     npm   GHSA-rp65-9cf3-cjxr  High
13 |   - vulnerability: GHSA-rp65-9cf3-cjxr
14 | 


--------------------------------------------------------------------------------
/.jscpd.json:
--------------------------------------------------------------------------------
1 | {
2 |   "ignore": ["**"]
3 | }
4 | 


--------------------------------------------------------------------------------
/.lycheeignore:
--------------------------------------------------------------------------------
1 | mylabs.dev
2 | 


--------------------------------------------------------------------------------
/.markdownlint.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Line length - https://github.com/DavidAnson/markdownlint/blob/master/doc/Rules.md#md013---line-length
3 | MD013:
4 |   code_blocks: false
5 |   tables: false
6 | 


--------------------------------------------------------------------------------
/.mega-linter.yml:
--------------------------------------------------------------------------------
 1 | # Configuration file for MegaLinter
 2 | # See all available variables at https://megalinter.io/latest/configuration/ and in linters documentation
 3 | 
 4 | BASH_SHFMT_ARGUMENTS: --case-indent --indent 2 --space-redirects
 5 | 
 6 | DISABLE_LINTERS:
 7 |   - MARKDOWN_MARKDOWN_LINK_CHECK # Using lychee instead
 8 |   - SPELL_CSPELL
 9 |   - TERRAFORM_TERRASCAN # Hard to configure - no documentation of the config file
10 | 
11 | # Remove: To receive reports as email, please set variable EMAIL_REPORTER_EMAIL
12 | EMAIL_REPORTER: false
13 | 
14 | FAIL_IF_MISSING_LINTER_IN_FLAVOR: true
15 | 
16 | FILTER_REGEX_EXCLUDE: CHANGELOG.md
17 | 
18 | FORMATTERS_DISABLE_ERRORS: false
19 | 
20 | MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdownlint.yml
21 | MARKDOWN_MARKDOWNLINT_FILTER_REGEX_EXCLUDE: CHANGELOG.md
22 | 
23 | # Remove initial MegaLinter graphic
24 | PRINT_ALPACA: false
25 | 
26 | # Disable creating report directory
27 | REPORT_OUTPUT_FOLDER: none
28 | 
29 | REPOSITORY_CHECKOV_ARGUMENTS: --quiet
30 | 
31 | # Do not leave debug code in production, Insecure URL
32 | REPOSITORY_DEVSKIM_ARGUMENTS: --ignore-globs CHANGELOG.md --ignore-rule-ids DS162092,DS137138
33 | 
34 | REPOSITORY_KICS_ARGUMENTS: --fail-on high
35 | 
36 | REPOSITORY_TRIVY_ARGUMENTS: --ignorefile .trivyignore.yaml --severity HIGH,CRITICAL --ignore-unfixed
37 | 
38 | TERRAFORM_TFLINT_UNSECURED_ENV_VARIABLES:
39 |   - GITHUB_TOKEN
40 | 
41 | TYPESCRIPT_PRETTIER_ARGUMENTS: --html-whitespace-sensitivity=ignore
42 | 
43 | VALIDATE_ALL_CODEBASE: true
44 | 


--------------------------------------------------------------------------------
/.mlc_config.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "ignorePatterns": [
 3 |     {
 4 |       "pattern": "(http|https)://.*mylabs.dev"
 5 |     },
 6 |     {
 7 |       "pattern": "(http|https)://localhost"
 8 |     }
 9 |   ]
10 | }
11 | 


--------------------------------------------------------------------------------
/.spelling:
--------------------------------------------------------------------------------
 1 | 20response_code
 2 | 22productpage
 3 | 5B5m
 4 | Álex
 5 | Asciinema
 6 | Atamel
 7 | awscli
 8 | blogs.oracle.com
 9 | Bookinfo
10 | Cleanup
11 | CloudFormation
12 | cloudnative
13 | colored
14 | Conf
15 | CRDs
16 | DevFest
17 | dotviz
18 | eksctl
19 | g0.tab
20 | GDGReading
21 | Grafana
22 | grafana_istio_galley_dashboard.png
23 | grafana_istio_mixer_dashboard.png
24 | grafana_istio_performance_dashboard.png
25 | grafana_istio_pilot_dashboard.png
26 | grafana_istio_service_dashboard.png
27 | grafana_istio_workload_dashboard.png
28 | helm-kubernetes-package-management
29 | Istio
30 | istio_requests_total
31 | Kiali
32 | kubectl
33 | Kubernetes
34 | Layer5.io
35 | loadbalancer
36 | microservice
37 | microservices
38 | nameservers
39 | productpage
40 | prometheus_istio_requests_total1.png
41 | prometheus_istio_requests_total2.png
42 | prometheus_istio_requests_total3.png
43 | prometheus_istio_requests_total4.png
44 | Route53
45 | screencast
46 | Servicegraph
47 | servicegraph_dotviz.png
48 | servicegraph_istio_service_graph.png
49 | Soto
50 | Tsang
51 | v2018
52 | virtualsevice
53 | Weaveworks
54 | yaml
55 | 


--------------------------------------------------------------------------------
/.trivyignore.yaml:
--------------------------------------------------------------------------------
 1 | vulnerabilities:
 2 |   # │ braces                 │ CVE-2024-4068  │ HIGH     │ fixed  │ 2.3.2             │ 3.0.3               │ braces: fails to limit the number of characters it can      │
 3 |   - id: CVE-2024-4068
 4 |   # │ glob-parent            │ CVE-2020-28469 │ HIGH     │ fixed  │ 3.1.0             │ 5.1.2               │ Regular expression denial of service                        │
 5 |   - id: CVE-2020-28469
 6 |   # │ json5                  │ CVE-2022-46175 │ HIGH     │ fixed  │ 0.5.1             │ 2.2.2, 1.0.2        │ json5: Prototype Pollution in JSON5 via Parse Method        │
 7 |   - id: CVE-2022-46175
 8 |   # │ loader-utils           │ CVE-2022-37601 │ CRITICAL │ fixed  │ 0.2.17            │ 2.0.3, 1.4.1        │ loader-utils: prototype pollution in function parseQuery in │
 9 |   - id: CVE-2022-37601
10 |   # │ node-forge             │ CVE-2022-24771 │ HIGH     │ fixed  │ 0.10.0            │ 1.3.0               │ node-forge: Signature verification leniency in checking     │
11 |   - id: CVE-2022-24771
12 |   # │ node-forge             │ CVE-2022-24772 │ HIGH     │ fixed  │ 0.10.0            │ 1.3.0               │ node-forge: Signature verification failing to check tailing │
13 |   - id: CVE-2022-24772
14 |   # │ nth-check              │ CVE-2021-3803  │ HIGH     │ fixed  │ 1.0.2             │ 2.0.1               │ inefficient regular expression complexity                   │
15 |   - id: CVE-2021-3803
16 |   # │ webpack-dev-middleware │ CVE-2024-29180 │ HIGH     │ fixed  │ 3.7.3             │ 7.1.0, 6.1.2, 5.3.4 │ webpack-dev-middleware: lack of URL validation may lead to  │
17 |   - id: CVE-2024-29180
18 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
  1 | # Changelog
  2 | 
  3 | ## [0.2.0](https://github.com/ruzickap/k8s-istio-webinar/compare/v0.1.1...v0.2.0) (2024-07-02)
  4 | 
  5 | 
  6 | ### Features
  7 | 
  8 | * **gh:** add default GitHub repo files ([#147](https://github.com/ruzickap/k8s-istio-webinar/issues/147)) ([5367d21](https://github.com/ruzickap/k8s-istio-webinar/commit/5367d210cb5b79dfd50b710ce36382e352145dc1))
  9 | * **gh:** add default GitHub repo files ([#150](https://github.com/ruzickap/k8s-istio-webinar/issues/150)) ([d837995](https://github.com/ruzickap/k8s-istio-webinar/commit/d837995469a46e0bb5cafc96bc327d3f7d380388))
 10 | * **gh:** add default GitHub repo files ([#151](https://github.com/ruzickap/k8s-istio-webinar/issues/151)) ([69a6f45](https://github.com/ruzickap/k8s-istio-webinar/commit/69a6f4524f197b81c928aaa77c3c51f8882bf803))
 11 | * **gh:** add default GitHub repo files ([#160](https://github.com/ruzickap/k8s-istio-webinar/issues/160)) ([82914ef](https://github.com/ruzickap/k8s-istio-webinar/commit/82914efba0b01d01a7fdd40df6fa3c60b64ba8cb))
 12 | * **gha:** unify GHA - renovate, megalinter, markdown, and others ([#145](https://github.com/ruzickap/k8s-istio-webinar/issues/145)) ([45babbd](https://github.com/ruzickap/k8s-istio-webinar/commit/45babbd3b255cafb4ea75c16610477fdca914b0b))
 13 | * **gha:** update gha + add ignore-unfixed to trivy ([#169](https://github.com/ruzickap/k8s-istio-webinar/issues/169)) ([ed19348](https://github.com/ruzickap/k8s-istio-webinar/commit/ed193489904bcc6173fff5ccf3d68d33bc147732))
 14 | 
 15 | 
 16 | ### Bug Fixes
 17 | 
 18 | * add CVE-2024-4068 to .trivyignore.yaml ([#177](https://github.com/ruzickap/k8s-istio-webinar/issues/177)) ([953b432](https://github.com/ruzickap/k8s-istio-webinar/commit/953b432ddfb638425aa09ce389e20d8acc991cdb))
 19 | * **gha:** fix shellcheck by adding SC1094 to ignore list ([#156](https://github.com/ruzickap/k8s-istio-webinar/issues/156)) ([c0dd38e](https://github.com/ruzickap/k8s-istio-webinar/commit/c0dd38e9343a37441db7a482173cb8c97b4d2f4d))
 20 | * **url:** exclude package-lock.json from URL checks ([#173](https://github.com/ruzickap/k8s-istio-webinar/issues/173)) ([2c62067](https://github.com/ruzickap/k8s-istio-webinar/commit/2c6206767bb68aa1335c2fb2b74347715f9ef374))
 21 | 
 22 | ## [v0.1.1](https://github.com/ruzickap/k8s-istio-webinar/compare/v0.1.0...v0.1.1) (2021-12-20)
 23 | 
 24 | - Improve GH Action files [`#86`](https://github.com/ruzickap/k8s-istio-webinar/pull/86)
 25 | - Fix linter issues [`#85`](https://github.com/ruzickap/k8s-istio-webinar/pull/85)
 26 | - Upgrade GH Actions versions [`#84`](https://github.com/ruzickap/k8s-istio-webinar/pull/84)
 27 | - npm update [`#83`](https://github.com/ruzickap/k8s-istio-webinar/pull/83)
 28 | - Disable jscpd [`#79`](https://github.com/ruzickap/k8s-istio-webinar/pull/79)
 29 | - Upgrade action-my-broken-link-checker [`#71`](https://github.com/ruzickap/k8s-istio-webinar/pull/71)
 30 | - Ignore CHANGELOG.md from being checked by super-linter [`#67`](https://github.com/ruzickap/k8s-istio-webinar/pull/67)
 31 | - Fix My Broken Link Checker parameter [`#60`](https://github.com/ruzickap/k8s-istio-webinar/pull/60)
 32 | - Add missing Vuepress plugins to config.js [`#59`](https://github.com/ruzickap/k8s-istio-webinar/pull/59)
 33 | - Update package-lock.json [`#58`](https://github.com/ruzickap/k8s-istio-webinar/pull/58)
 34 | 
 35 | ## [v0.1.0](https://github.com/ruzickap/k8s-istio-webinar/compare/v0.0.2...v0.1.0) (2020-09-17)
 36 | 
 37 | - Add actions/checkout with gh-page add use GITHUB_TOKEN with super-linter [`#56`](https://github.com/ruzickap/k8s-istio-webinar/pull/56)
 38 | - Disable the linting process for AWS States Language (VALIDATE_STATES) [`#51`](https://github.com/ruzickap/k8s-istio-webinar/pull/51)
 39 | - Replace markdown linter [`#42`](https://github.com/ruzickap/k8s-istio-webinar/pull/42)
 40 | - Add super-linter + fix related issues [`#38`](https://github.com/ruzickap/k8s-istio-webinar/pull/38)
 41 | - Fix GH variables to pass the tests [`#37`](https://github.com/ruzickap/k8s-istio-webinar/pull/37)
 42 | - Move to GitHub's Dependabot (version 2) [`#30`](https://github.com/ruzickap/k8s-istio-webinar/pull/30)
 43 | - Use shell-linter in latest version [`#25`](https://github.com/ruzickap/k8s-istio-webinar/pull/25)
 44 | - Bump @vuepress/plugin-back-to-top from 1.4.1 to 1.5.0 [`#22`](https://github.com/ruzickap/k8s-istio-webinar/pull/22)
 45 | - Bump @vuepress/plugin-medium-zoom from 1.4.1 to 1.5.0 [`#20`](https://github.com/ruzickap/k8s-istio-webinar/pull/20)
 46 | - Bump vuepress from 1.4.1 to 1.5.0 [`#21`](https://github.com/ruzickap/k8s-istio-webinar/pull/21)
 47 | - Ignore CHANGELOG.md when doing markdown checks [`#23`](https://github.com/ruzickap/k8s-istio-webinar/pull/23)
 48 | 
 49 | ## [v0.0.2](https://github.com/ruzickap/k8s-istio-webinar/compare/v0.0.1...v0.0.2) (2020-05-11)
 50 | 
 51 | - Improve formatting of json files [`3fcb21d`](https://github.com/ruzickap/k8s-istio-webinar/commit/3fcb21d2e1aa4aa0a562d96bdc7a135c6f59988e)
 52 | - Add .pre-commit-config.yaml and .release-it.yml to .gitignore [`cb84bea`](https://github.com/ruzickap/k8s-istio-webinar/commit/cb84beacd363a3a058986f0a31e8b4026a35f867)
 53 | - Add shellcheck + necessary changes in the scripts [`5ac9fe1`](https://github.com/ruzickap/k8s-istio-webinar/commit/5ac9fe18ecf64837db90b61f3049e0fc62479e66)
 54 | - Fix broken URL [`93c9b47`](https://github.com/ruzickap/k8s-istio-webinar/commit/93c9b47b23f83ee7131aff4514f99507cb309785)
 55 | - Update ubuntu from ubuntu-18.04 -&gt; ubuntu-latest [`1876705`](https://github.com/ruzickap/k8s-istio-webinar/commit/18767058571b314d21caa3740112f9d4b82361e4)
 56 | - Use action-yamllint with proper tag "v1" instead of master [`f120956`](https://github.com/ruzickap/k8s-istio-webinar/commit/f12095665e42db53fa8e69179eb2868a2781c0d1)
 57 | - Upgrade actions-gh-pages to "v3" [`f96a712`](https://github.com/ruzickap/k8s-istio-webinar/commit/f96a7122a76d0d4e615f58678cf6da19d324b16d)
 58 | - Add comments to .yamllint.yml [`12493e0`](https://github.com/ruzickap/k8s-istio-webinar/commit/12493e043242c0b39e6a9b65b22027ed2f2baa34)
 59 | - Add comment to .markdownlint.yml [`303d6b1`](https://github.com/ruzickap/k8s-istio-webinar/commit/303d6b117013b22e20422699d1cea182432fa80a)
 60 | - Add comments to .gitignore [`eb1dccf`](https://github.com/ruzickap/k8s-istio-webinar/commit/eb1dccf8c905e7c9cc8f42ab75b1e7dff8c096db)
 61 | - Change broken link checker GH repository [`5adad47`](https://github.com/ruzickap/k8s-istio-webinar/commit/5adad4797f93adf0fff6dc5bff000abf13173f40)
 62 | - Periodic broken link checker improved [`1396edf`](https://github.com/ruzickap/k8s-istio-webinar/commit/1396edf47e8fe1857e66ba0f7e33e095cfaf5210)
 63 | - Fix tests to let them run only on master branch [`2245ba5`](https://github.com/ruzickap/k8s-istio-webinar/commit/2245ba589650fd526d5c7dbcd25e98c48624a5c1)
 64 | - Fix mdspell [`812b860`](https://github.com/ruzickap/k8s-istio-webinar/commit/812b8608ba35d70bc6aabcafcacf397c8a67751e)
 65 | - GitHub Actions rewritten + necessary code fix [`20a458b`](https://github.com/ruzickap/k8s-istio-webinar/commit/20a458bffc6d818424ad4da36ba74bb12711acb6)
 66 | - Upgrading peaceiris/actions-gh-pages to v2.8.0 [`59ed980`](https://github.com/ruzickap/k8s-istio-webinar/commit/59ed98064f3ca0bf73e2ab00e93caa8697e3d56b)
 67 | - Upgrading peaceiris/actions-gh-pages to v2.6.0 [`bf10a8d`](https://github.com/ruzickap/k8s-istio-webinar/commit/bf10a8dc3c1c70da04f369b464d0bd29cdb34f55)
 68 | - Upgrading actions/checkout from v1 to v2 [`4c6ae70`](https://github.com/ruzickap/k8s-istio-webinar/commit/4c6ae70d1c57e56549423ade5cf7224c06831cbc)
 69 | - Adding "Automerged updates" by Dependabot [`be321b2`](https://github.com/ruzickap/k8s-istio-webinar/commit/be321b2f0a956c548788f568a2326d9bfad2c619)
 70 | - Set request limit for muffet [`61fdb9a`](https://github.com/ruzickap/k8s-istio-webinar/commit/61fdb9ac81a49f60c60557b97999214da2f51483)
 71 | - Fix broken url links [`b3bff9c`](https://github.com/ruzickap/k8s-istio-webinar/commit/b3bff9c90196576b18d6721b26b64c6aa2d6ec5a)
 72 | - Fix "Build Status" [`377daaf`](https://github.com/ruzickap/k8s-istio-webinar/commit/377daaf1078ac3a3b1b2c2be04438617a10977b3)
 73 | - Adding GitHub Workflow instead of TravisCI [`2d53101`](https://github.com/ruzickap/k8s-istio-webinar/commit/2d531018e47959debc4363f9c60073620069dc46)
 74 | - Fix links [`0bc1e09`](https://github.com/ruzickap/k8s-istio-webinar/commit/0bc1e09eb0dc2d49119dc5f030c3b7601d9e0988)
 75 | - .travis.yml updated [`29e64db`](https://github.com/ruzickap/k8s-istio-webinar/commit/29e64dbe8737237e8887725defe0f4f9328744b4)
 76 | - Fix broken links... [`5d16573`](https://github.com/ruzickap/k8s-istio-webinar/commit/5d165734a3987bb7be3153db4b6e321f01331a4a)
 77 | - Fix TravisCI build - build only master branch [`34db6c9`](https://github.com/ruzickap/k8s-istio-webinar/commit/34db6c90b42e0706fba4d7cdfc338aef0e5fc48c)
 78 | - Fix TravisCI issue when deploying any branch [`ba6733d`](https://github.com/ruzickap/k8s-istio-webinar/commit/ba6733dc00d0b79baf9a21219371c3dad578ffef)
 79 | - Skip travis tests for gh-pages branch [`a7910a4`](https://github.com/ruzickap/k8s-istio-webinar/commit/a7910a4a64e9e3596876dd5aaa148eda108b1ab6)
 80 | - Adding YouTube link [`9e01399`](https://github.com/ruzickap/k8s-istio-webinar/commit/9e01399c328b199e6c5298cffa475930d6f4d3a2)
 81 | - Vuepress installation in TravisCI simplified [`e7b0799`](https://github.com/ruzickap/k8s-istio-webinar/commit/e7b0799ff0da31b97def1bad3673e837c4c262b0)
 82 | - Kiali URL fix [`1faa9b5`](https://github.com/ruzickap/k8s-istio-webinar/commit/1faa9b524f57c00d21422f043977f2cab181f752)
 83 | 
 84 | ## v0.0.1 (2019-04-03)
 85 | 
 86 | - Minor code change in part-04/README.md [`066315c`](https://github.com/ruzickap/k8s-istio-webinar/commit/066315cca6792f063917b56a32fc04b6056ca793)
 87 | - Add the "istioctl kube-inject" and normal output of bookinfo.yaml [`8707045`](https://github.com/ruzickap/k8s-istio-webinar/commit/8707045cbddc74dbd082aa5a63c2fb6cd8dcd061)
 88 | - Use cat instead of envsubst to hide secrets for cert-manager-letsencrypt...yaml [`be19218`](https://github.com/ruzickap/k8s-istio-webinar/commit/be19218aa9b604a263107e7e9df650b2d84e6869)
 89 | - Change 5 -&gt; 10 minutes of traffic generation using siege [`8f558c8`](https://github.com/ruzickap/k8s-istio-webinar/commit/8f558c8f0011ebcf41f722a8d863919b935ad4ac)
 90 | - Show cert-manager-letsencrypt-aws-route53-clusterissuer configuration [`9409e44`](https://github.com/ruzickap/k8s-istio-webinar/commit/9409e44f228c2a9f46f07e259c57057f28fea0e5)
 91 | - Show cert-manager Let's Encrypt + Route53 configuration [`c87b420`](https://github.com/ruzickap/k8s-istio-webinar/commit/c87b4209d0fcafc7cde44d456499648c69e4250a)
 92 | - Adding "echo variables" to part-01/README.md [`12380e2`](https://github.com/ruzickap/k8s-istio-webinar/commit/12380e298e45b1550467232848af5a8845b94677)
 93 | - Specify vuepress version in .travis.yml [`3df8c40`](https://github.com/ruzickap/k8s-istio-webinar/commit/3df8c40a8fd2d150a5a03faf3dbd0d862704a3f5)
 94 | - Fix ci_test.sh script to pass linter [`32e9ef8`](https://github.com/ruzickap/k8s-istio-webinar/commit/32e9ef8ce545a9abe537a8eec51b360cce28dd33)
 95 | - README files updated [`f02913c`](https://github.com/ruzickap/k8s-istio-webinar/commit/f02913c622d624b9ab5f158c14dfd40eb8e55d84)
 96 | - Adding check of kubeconfig.conf presence to run-k8s-istio-webinar.sh [`83cb4cc`](https://github.com/ruzickap/k8s-istio-webinar/commit/83cb4cc33df7008ea23fe344b2d2889544d352db)
 97 | - Adding url to DNS challenge providers in cert-manager-letsencrypt-aws-route53-clusterissuer-certificate.yaml [`15aeb73`](https://github.com/ruzickap/k8s-istio-webinar/commit/15aeb730c10ba957da8795422cda68b3d0fb5128)
 98 | - Adding LICENSE file [`d472109`](https://github.com/ruzickap/k8s-istio-webinar/commit/d4721099e087ee3e445230a0c4afb97367c6ace6)
 99 | - Spell check added + using ISTIO_VERSION="1.1.0" [`d461490`](https://github.com/ruzickap/k8s-istio-webinar/commit/d4614900ffc573740c87ad8f8f7d5114b01093ac)
100 | - Fix sed in run-k8s-istio-webinar-full.sh [`f3bf700`](https://github.com/ruzickap/k8s-istio-webinar/commit/f3bf700c4c4b56ad356adbc5a7f8f6478e7314c1)
101 | - README text updates [`49d42d2`](https://github.com/ruzickap/k8s-istio-webinar/commit/49d42d2f37eb4e191e1e267385a89786a764ac82)
102 | - Adding "Build Status" to the main README [`7af6557`](https://github.com/ruzickap/k8s-istio-webinar/commit/7af6557d6119ebb659f07c6d8008ca53ce6852b2)
103 | - Adding "webinar pages" to the main README [`d62f0df`](https://github.com/ruzickap/k8s-istio-webinar/commit/d62f0df12af7f7f3949a4889920d01c6eb8ebc6c)
104 | - Adding comments to run-k8s-istio-webinar*.sh scripts [`51d605f`](https://github.com/ruzickap/k8s-istio-webinar/commit/51d605f253481a0aef81a2e30a409b75e0f05dad)
105 | - All outputs updated [`c0ee046`](https://github.com/ruzickap/k8s-istio-webinar/commit/c0ee046b9453fa44a8ed8e2172ce79a79210364d)
106 | - Enable "Command check" for TravisCI [`2f166ea`](https://github.com/ruzickap/k8s-istio-webinar/commit/2f166eadc75fca8506579b654a5e452744591774)
107 | - Minor README and code updates [`22e2ee1`](https://github.com/ruzickap/k8s-istio-webinar/commit/22e2ee12a28ac2394194176f3303312a77198c51)
108 | - Structure changed in part-04/README.md [`8fb71e2`](https://github.com/ruzickap/k8s-istio-webinar/commit/8fb71e22dadc6d22fa524bfdee6481a10332b910)
109 | - Fix markdown lint issue [`65dc75b`](https://github.com/ruzickap/k8s-istio-webinar/commit/65dc75b5a68acb524a796981fd637f680e61fbde)
110 | - Jaeger port fix in export_services_gateway.yaml [`d5714aa`](https://github.com/ruzickap/k8s-istio-webinar/commit/d5714aa0a2676639935a2476c058b3899eb0b6b4)
111 | - Adding screenshots of Grafana, Jaeger, Kiali, Prometheus, Servicegraph [`8650b73`](https://github.com/ruzickap/k8s-istio-webinar/commit/8650b7356d3c9dbcc5aa8844d89f05257e80ae64)
112 | - Adding Part 8 [`3299413`](https://github.com/ruzickap/k8s-istio-webinar/commit/32994130ded1682fe63a9ec442691191c597b17d)
113 | - Adding output of eksctl [`5532448`](https://github.com/ruzickap/k8s-istio-webinar/commit/5532448a181342180e24f730d647213769cfea03)
114 | - Generate kubeconfig.conf in run-k8s-istio-webinar.sh [`cf77da9`](https://github.com/ruzickap/k8s-istio-webinar/commit/cf77da9232b0393a95c496eccde54d35c735402f)
115 | - Adding few images + minor README changes [`45eeb81`](https://github.com/ruzickap/k8s-istio-webinar/commit/45eeb818e7c978374a3d25a2b04083a361f440a4)
116 | - Fixing issue with 2 gateways on the same port [`2ae744c`](https://github.com/ruzickap/k8s-istio-webinar/commit/2ae744ce1e08e0ef9a4e3e76f0ae2746e9ceab42)
117 | - Adding "cd /mnt" before cloning the git repository [`8471ffe`](https://github.com/ruzickap/k8s-istio-webinar/commit/8471ffe1f55619bb8e01795fe41d5e5d62f384c0)
118 | - Add variable checking to run-k8s-istio-webinar.sh [`a8ad629`](https://github.com/ruzickap/k8s-istio-webinar/commit/a8ad6296e29700c15d08dfeae253403817337a02)
119 | - Minor changes in README files + "kubectl describe certificates" added [`4c3d987`](https://github.com/ruzickap/k8s-istio-webinar/commit/4c3d987e53c26813fd2c1cafbc5967e0a5d368cc)
120 | - AWS variables fixed in run-k8s-istio-webinar.sh script [`1c6c79a`](https://github.com/ruzickap/k8s-istio-webinar/commit/1c6c79abfce6cd52573ffcc83256b57e07a57430)
121 | - AccessKeyId and SecretAccessKey are now automatically created / managed [`84bc23d`](https://github.com/ruzickap/k8s-istio-webinar/commit/84bc23de5509dc63f8d472aa6c9dccbd42037b9f)
122 | - Adding gettext-base to installed programs [`f10b679`](https://github.com/ruzickap/k8s-istio-webinar/commit/f10b679ed098642d76301eefe906073f1a5156b0)
123 | - Fix old hardcoded domain in export_services_gateway.yaml [`4874959`](https://github.com/ruzickap/k8s-istio-webinar/commit/48749590df809c6a5a36683a2202ea6fdbe74007)
124 | - Adding demo-magic scripts [`cd2d79e`](https://github.com/ruzickap/k8s-istio-webinar/commit/cd2d79e32be04ac3ea7c2db902c087cfdd084e5d)
125 | - Cosmetic code change [`6a5e45a`](https://github.com/ruzickap/k8s-istio-webinar/commit/6a5e45aa225e2ffbabb2a83d21bbc5e3da08843a)
126 | - Fix missing envsubst for export_services_gateway.yaml file [`e388802`](https://github.com/ruzickap/k8s-istio-webinar/commit/e38880200044bf25595507cf2c8499b34e72e8eb)
127 | - Code cleanup and LETSENCRYPT_ENVIRONMENT introduced [`5803bce`](https://github.com/ruzickap/k8s-istio-webinar/commit/5803bce60ef176a59fd96da67081231a68b840e4)
128 | - Removing "istio-injection" label during cleanup procedure in TravisCI [`8a72a32`](https://github.com/ruzickap/k8s-istio-webinar/commit/8a72a3262d34c868d10380f27df2e2e286e47ff0)
129 | - Adding Let's Encrypt + cert-manager to Istio (to enable HTTPS) [`aa87a48`](https://github.com/ruzickap/k8s-istio-webinar/commit/aa87a489fc9af1dc695fb8eaf117d4e43ff0eb89)
130 | - Use MY_DOMAIN in all README commands instead of static domain [`6369428`](https://github.com/ruzickap/k8s-istio-webinar/commit/6369428f5fc9bb64cc6de379e1a398718849fa99)
131 | - TravisCI improved by adding MY_DOMAIN variable [`117e114`](https://github.com/ruzickap/k8s-istio-webinar/commit/117e1146e3a44f259a1502d326f5d32108544215)
132 | - Adding the procedure how to create zone in AWS to README [`14e170a`](https://github.com/ruzickap/k8s-istio-webinar/commit/14e170a299f10063735e6d6e10a3b24a2e6fc586)
133 | - Adding service ports to README, params of Istio installation changed [`0e19bd5`](https://github.com/ruzickap/k8s-istio-webinar/commit/0e19bd53de89dd700ca17936df16f9a4bc0aabed)
134 | - Exporting ports from the Istio services to be accessible from Internet [`aed8ba0`](https://github.com/ruzickap/k8s-istio-webinar/commit/aed8ba02187c828ef2a81190c93bdd858e919888)
135 | - Packages and tools installation improved [`25da051`](https://github.com/ruzickap/k8s-istio-webinar/commit/25da051cc8387762bd5599da85502d4efddbd2da)
136 | - Moving from terraform to eksctl [`3e4131c`](https://github.com/ruzickap/k8s-istio-webinar/commit/3e4131ccf3d23739a12b5d57c356b756ab16d25e)
137 | - TravisCI linkchecker fix [`f041394`](https://github.com/ruzickap/k8s-istio-webinar/commit/f04139457c40a9b6c825562e28de0d759c472788)
138 | - Minor changes in README files [`e1bb7a0`](https://github.com/ruzickap/k8s-istio-webinar/commit/e1bb7a09f3d61ef5ac566843c4225e6fe2061c5f)
139 | - Part 7 added [`edc832c`](https://github.com/ruzickap/k8s-istio-webinar/commit/edc832c49dfe9cc66d377187d02c6b275b6e7e05)
140 | - Part 6 added [`c4d02c9`](https://github.com/ruzickap/k8s-istio-webinar/commit/c4d02c986704a651738aeb67770798cb2f67ed00)
141 | - Part 5 added [`90a6ad9`](https://github.com/ruzickap/k8s-istio-webinar/commit/90a6ad9306f6b6503f9a582f58372223d90642ac)
142 | - Part 4 added [`7f8cf0a`](https://github.com/ruzickap/k8s-istio-webinar/commit/7f8cf0a9c01b8e7c80da3b29cd17ac77b0aacfd0)
143 | - Main README updated [`4413fdb`](https://github.com/ruzickap/k8s-istio-webinar/commit/4413fdbdcb3e797a62ae58a2875919d042bea1e6)
144 | - Part 3 added [`8014269`](https://github.com/ruzickap/k8s-istio-webinar/commit/8014269035eb19708ac95977f0632d6da2f951cb)
145 | - Istio cleanup procedure changed in TravisCI test script [`3e4eda5`](https://github.com/ruzickap/k8s-istio-webinar/commit/3e4eda5ce7bf312162e2f8502116742a839fa0ad)
146 | - Few Terraform improvements [`8a1c1d8`](https://github.com/ruzickap/k8s-istio-webinar/commit/8a1c1d8196471086bafa8f1bb4e4bb5e6c95c556)
147 | - Adding Helm (part-02) [`f7f3c0f`](https://github.com/ruzickap/k8s-istio-webinar/commit/f7f3c0fb56b03401e41719669e65f1a1e9a602e4)
148 | - Adding TravisCI tests for commands [`cb9105c`](https://github.com/ruzickap/k8s-istio-webinar/commit/cb9105cf26cbfa0a80d2179ab12dbae55ba07589)
149 | - Fix TravisCI by changing terraform directory [`f9ecac6`](https://github.com/ruzickap/k8s-istio-webinar/commit/f9ecac63056a4a5262d9a41cc8e8fb08fb9c2899)
150 | - Initial commit [`8211044`](https://github.com/ruzickap/k8s-istio-webinar/commit/8211044387f221a14dc2ebd1c8b8de68ec9426ec)
151 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "[]"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright [yyyy] [name of copyright owner]
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------
/docs/.vuepress/config.js:
--------------------------------------------------------------------------------
 1 | module.exports = {
 2 |   title: 'Istio webinar',
 3 |   description: 'Using Istio to control traffic flow without changing your application',
 4 |   base: '/k8s-istio-webinar/',
 5 |   head: [
 6 |     ['link', { rel: 'icon', href: '/favicon.ico' }]
 7 |   ],
 8 |   themeConfig: {
 9 |     displayAllHeaders: true,
10 |     lastUpdated: true,
11 |     repo: 'ruzickap/k8s-istio-webinar',
12 |     docsDir: 'docs',
13 |     editLinks: true,
14 |     logo: '/istio.svg',
15 |     nav: [
16 |       { text: 'Home', link: '/' },
17 |       {
18 |         text: 'Istio links',
19 |         items: [
20 |           { text: 'Istio', link: 'https://istio.io/' },
21 |           { text: 'Istio docs', link: 'https://istio.io/docs/' },
22 |           { text: 'Istio webinar', link: 'https://github.com/ruzickap/k8s-istio-webinar' }
23 |         ]
24 |       }
25 |     ],
26 |     sidebar: [
27 |       '/',
28 |       '/part-01/',
29 |       '/part-02/',
30 |       '/part-03/',
31 |       '/part-04/',
32 |       '/part-05/',
33 |       '/part-06/',
34 |       '/part-07/',
35 |       '/part-08/'
36 |     ]
37 |   },
38 |   plugins: [
39 |     ['@vuepress/medium-zoom'],
40 |     ['@vuepress/back-to-top'],
41 |     ['reading-progress'],
42 |     ['smooth-scroll'],
43 |     ['seo']
44 |   ]
45 | }
46 | 


--------------------------------------------------------------------------------
/docs/.vuepress/public/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/.vuepress/public/favicon.ico


--------------------------------------------------------------------------------
/docs/.vuepress/public/istio.svg:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" standalone="no"?>
  2 | <!-- Generator: Adobe Illustrator 21.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
  3 | 
  4 | <svg
  5 |    xmlns:dc="http://purl.org/dc/elements/1.1/"
  6 |    xmlns:cc="http://creativecommons.org/ns#"
  7 |    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
  8 |    xmlns:svg="http://www.w3.org/2000/svg"
  9 |    xmlns="http://www.w3.org/2000/svg"
 10 |    xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
 11 |    xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
 12 |    version="1.1"
 13 |    id="Layer_1"
 14 |    x="0px"
 15 |    y="0px"
 16 |    viewBox="0 0 120 60"
 17 |    xml:space="preserve"
 18 |    sodipodi:docname="istioio-ar21.svg"
 19 |    width="120"
 20 |    height="60"
 21 |    inkscape:version="0.92.3 (2405546, 2018-03-11)"><metadata
 22 |    id="metadata32"><rdf:RDF><cc:Work
 23 |        rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
 24 |          rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title /></cc:Work></rdf:RDF></metadata><defs
 25 |    id="defs30" /><sodipodi:namedview
 26 |    pagecolor="#ffffff"
 27 |    bordercolor="#666666"
 28 |    borderopacity="1"
 29 |    objecttolerance="10"
 30 |    gridtolerance="10"
 31 |    guidetolerance="10"
 32 |    inkscape:pageopacity="0"
 33 |    inkscape:pageshadow="2"
 34 |    inkscape:window-width="1920"
 35 |    inkscape:window-height="1001"
 36 |    id="namedview28"
 37 |    showgrid="false"
 38 |    inkscape:zoom="4.5331667"
 39 |    inkscape:cx="-3.6543091"
 40 |    inkscape:cy="27.857848"
 41 |    inkscape:window-x="-9"
 42 |    inkscape:window-y="-9"
 43 |    inkscape:window-maximized="1"
 44 |    inkscape:current-layer="Layer_1" />
 45 | <style
 46 |    type="text/css"
 47 |    id="style2">
 48 | 	.st0{fill:#466BB0;}
 49 | </style>
 50 | 
 51 | <g
 52 |    id="g885"
 53 |    transform="translate(-1.0000006)"><g
 54 |      transform="matrix(0.29605319,0,0,0.29605319,31.66851,74.523995)"
 55 |      id="g874"><g
 56 |        id="g13"
 57 |        transform="matrix(0.34409728,0,0,0.34409728,-60.53197,-240.79747)">
 58 | 	<g
 59 |    id="hull">
 60 | 		<polygon
 61 |    class="st0"
 62 |    points="129.4,479.2 11.3,420.2 326.1,420.2 "
 63 |    id="polygon4"
 64 |    style="fill:#466bb0" />
 65 | 	</g>
 66 | 	<g
 67 |    id="mainsail">
 68 | 		<polygon
 69 |    class="st0"
 70 |    points="129.4,164.4 11.3,400.5 129.4,380.8 "
 71 |    id="polygon7"
 72 |    style="fill:#466bb0" />
 73 | 	</g>
 74 | 	<g
 75 |    id="headsail">
 76 | 		<polygon
 77 |    class="st0"
 78 |    points="149,7 149,380.8 326.1,400.5 "
 79 |    id="polygon10"
 80 |    style="fill:#466bb0" />
 81 | 	</g>
 82 | </g></g><g
 83 |      transform="matrix(0.2479399,0,0,0.2479399,38.967146,-104.63137)"
 84 |      id="g25">
 85 | 	<path
 86 |    inkscape:connector-curvature="0"
 87 |    id="path15"
 88 |    d="m 82.8,504 v 76.7 H 65.9 V 504 Z" />
 89 | 	<path
 90 |    inkscape:connector-curvature="0"
 91 |    id="path17"
 92 |    d="m 108.8,566.8 c 0.7,1.2 1.6,2.1 2.6,2.9 1.1,0.8 2.3,1.3 3.7,1.7 1.4,0.4 2.8,0.5 4.3,0.5 1.1,0 2.2,-0.1 3.4,-0.4 1.2,-0.3 2.3,-0.6 3.2,-1.2 1,-0.5 1.8,-1.3 2.4,-2.1 0.6,-0.9 1,-2 1,-3.4 0,-2.3 -1.5,-4 -4.6,-5.2 -3,-1.1 -7.3,-2.3 -12.7,-3.4 -2.2,-0.5 -4.4,-1.1 -6.5,-1.8 -2.1,-0.7 -4,-1.6 -5.6,-2.7 -1.6,-1.1 -3,-2.5 -4,-4.2 -1,-1.7 -1.5,-3.7 -1.5,-6.2 0,-3.6 0.7,-6.5 2.1,-8.8 1.4,-2.3 3.2,-4.1 5.5,-5.4 2.3,-1.3 4.9,-2.3 7.7,-2.8 2.9,-0.5 5.8,-0.8 8.8,-0.8 3,0 5.9,0.3 8.7,0.9 2.8,0.6 5.3,1.5 7.6,2.9 2.2,1.4 4.1,3.2 5.5,5.4 1.5,2.3 2.3,5.1 2.6,8.5 h -14.5 c -0.2,-2.9 -1.3,-4.9 -3.3,-6 -2,-1 -4.4,-1.6 -7.1,-1.6 -0.9,0 -1.8,0.1 -2.8,0.2 -1,0.1 -1.9,0.3 -2.7,0.7 -0.8,0.4 -1.5,0.9 -2.1,1.6 -0.6,0.7 -0.9,1.6 -0.9,2.7 0,1.4 0.5,2.5 1.5,3.3 1,0.9 2.3,1.6 3.9,2.1 1.6,0.5 3.5,1 5.5,1.4 2.1,0.4 4.2,0.9 6.3,1.4 2.2,0.5 4.4,1.1 6.5,1.8 2.1,0.7 4,1.7 5.6,2.8 1.6,1.2 3,2.6 4,4.4 1,1.8 1.5,3.9 1.5,6.5 0,3.7 -0.7,6.7 -2.2,9.2 -1.5,2.5 -3.4,4.5 -5.7,6 -2.4,1.5 -5.1,2.6 -8.1,3.2 -3,0.6 -6.1,0.9 -9.3,0.9 -3.2,0 -6.4,-0.3 -9.4,-1 -3.1,-0.6 -5.8,-1.7 -8.2,-3.2 -2.4,-1.5 -4.4,-3.5 -5.9,-6 -1.5,-2.5 -2.4,-5.6 -2.5,-9.3 h 14.5 c 0.2,1.9 0.5,3.3 1.2,4.5 z" />
 93 | 	<path
 94 |    inkscape:connector-curvature="0"
 95 |    id="path19"
 96 |    d="m 184.1,525.1 v 10.2 H 173 v 27.5 c 0,2.6 0.4,4.3 1.3,5.2 0.9,0.9 2.6,1.3 5.2,1.3 0.9,0 1.7,0 2.5,-0.1 0.8,-0.1 1.5,-0.2 2.3,-0.3 v 11.8 c -1.3,0.2 -2.7,0.4 -4.3,0.4 -1.6,0.1 -3.1,0.1 -4.6,0.1 -2.4,0 -4.6,-0.2 -6.7,-0.5 -2.1,-0.3 -4,-0.9 -5.6,-1.9 -1.6,-0.9 -2.9,-2.3 -3.8,-4 -0.9,-1.7 -1.4,-4 -1.4,-6.8 v -32.7 h -9.2 v -10.2 h 9.2 V 508.5 H 173 v 16.6 z" />
 97 | 	<path
 98 |    inkscape:connector-curvature="0"
 99 |    id="path21"
100 |    d="M 191.8,516.5 V 504 H 207 v 12.6 h -15.2 z m 15.3,8.6 v 55.5 h -15.2 v -55.5 z" />
101 | 	<path
102 |    inkscape:connector-curvature="0"
103 |    id="path23"
104 |    d="m 219.4,540.8 c 1.4,-3.6 3.3,-6.7 5.8,-9.2 2.5,-2.5 5.5,-4.5 9,-5.9 3.5,-1.4 7.4,-2.1 11.8,-2.1 4.4,0 8.3,0.7 11.9,2.1 3.5,1.4 6.6,3.4 9.1,5.9 2.5,2.5 4.4,5.6 5.8,9.2 1.4,3.6 2,7.6 2,12.1 0,4.4 -0.7,8.4 -2,12 -1.4,3.6 -3.3,6.6 -5.8,9.2 -2.5,2.5 -5.5,4.5 -9.1,5.9 -3.5,1.4 -7.5,2 -11.9,2 -4.4,0 -8.3,-0.7 -11.8,-2 -3.5,-1.4 -6.5,-3.3 -9,-5.9 -2.5,-2.5 -4.4,-5.6 -5.8,-9.2 -1.4,-3.6 -2,-7.6 -2,-12 0,-4.4 0.7,-8.5 2,-12.1 z m 13.9,18.6 c 0.4,2.1 1.2,4 2.2,5.7 1,1.7 2.4,3 4.1,4 1.7,1 3.9,1.5 6.4,1.5 2.5,0 4.7,-0.5 6.5,-1.5 1.8,-1 3.1,-2.3 4.2,-4 1,-1.7 1.8,-3.6 2.2,-5.7 0.4,-2.1 0.6,-4.3 0.6,-6.5 0,-2.2 -0.2,-4.4 -0.6,-6.5 -0.4,-2.1 -1.2,-4 -2.2,-5.7 -1,-1.6 -2.4,-3 -4.2,-4 -1.8,-1 -3.9,-1.6 -6.5,-1.6 -2.6,0 -4.7,0.5 -6.4,1.6 -1.7,1 -3.1,2.4 -4.1,4 -1,1.6 -1.8,3.5 -2.2,5.7 -0.4,2.2 -0.6,4.3 -0.6,6.5 -0.1,2.2 0.2,4.4 0.6,6.5 z" />
105 | </g></g>
106 | </svg>


--------------------------------------------------------------------------------
/docs/README.md:
--------------------------------------------------------------------------------
 1 | # Istio webinar
 2 | 
 3 | [![Build Status](https://github.com/ruzickap/k8s-istio-webinar/workflows/vuepress-build/badge.svg)](https://github.com/ruzickap/k8s-istio-webinar)
 4 | 
 5 | [Istio](https://istio.io/) is an open platform to connect, secure, control
 6 | and observe microservices, also known as a service mesh, on cloud platforms
 7 | such as Kubernetes.
 8 | 
 9 | ![Istio](./.vuepress/public/istio.svg "Istio")
10 | 
11 | With Istio, you can manage network traffic, load balance across microservices,
12 | enforce access policies, verify service identity, secure service communication,
13 | and observe what exactly is going on with your services.
14 | 
15 | * GitHub repository: [https://github.com/ruzickap/k8s-istio-webinar](https://github.com/ruzickap/k8s-istio-webinar)
16 | * Web Pages: [https://ruzickap.github.io/k8s-istio-webinar](https://ruzickap.github.io/k8s-istio-webinar)
17 | * Presentation: [https://slides.com/ruzickap/k8s-istio-webinar](https://slides.com/ruzickap/k8s-istio-webinar)
18 | * YouTube: [https://youtu.be/6S3Cr_eJqiU](https://youtu.be/6S3Cr_eJqiU)
19 | * Asciinema webinar screencast: [https://asciinema.org/a/237567](https://asciinema.org/a/237567?autoplay=1)
20 | 
21 | ## Requirements
22 | 
23 | * [awscli](https://aws.amazon.com/cli/)
24 | * [AWS IAM Authenticator for Kubernetes](https://github.com/kubernetes-sigs/aws-iam-authenticator)
25 | * [AWS account](https://aws.amazon.com/account/)
26 | * [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
27 | * [eksctl](https://eksctl.io/)
28 | * Kubernetes and Linux knowledge required
29 | 
30 | ## Objectives
31 | 
32 | * Download and install Istio in your cluster
33 | * Deploy the Bookinfo application
34 | * Use metrics, logging, and tracing to observe services
35 | * Set up the Istio Ingress Gateway
36 | * Perform simple traffic management, such as A/B tests and canary deployments
37 | * Secure your service mesh
38 | 
39 | ## Webinar
40 | 
41 | * [Part 01 - Create EKS cluster](part-01/README.md)
42 | * [Part 02 - Install Helm](part-02/README.md)
43 | * [Part 03 - Istio - Installation](part-03/README.md)
44 | * [Part 04 - Istio - Bookinfo Application](part-04/README.md)
45 | * [Part 05 - Istio - Configuring Request Routing](part-05/README.md)
46 | * [Part 06 - Istio - Injecting an HTTP delay fault](part-06/README.md)
47 | * [Part 07 - Istio - Weight-based routing](part-07/README.md)
48 | * [Part 08 - Istio - Cleanup](part-08/README.md)
49 | 
50 | ## Links
51 | 
52 | * Video:
53 | 
54 |   * [Istio Service Mesh by Mete Atamel @ .NET Conf UY v2018](https://www.youtube.com/watch?v=sh0F7FMFVSI)
55 | 
56 |   * [Liam White - Istio @ GDGReading DevFest 2018](https://www.youtube.com/watch?v=RVScqW8_liw)
57 | 
58 |   * [Istio Service Mesh & pragmatic microservices architecture - Álex Soto](https://www.youtube.com/watch?v=OAW5rbttic0)
59 | 
60 | * Pages:
61 | 
62 |   * [Introduction - Istio 101 Lab](https://istio101.gitbook.io/lab/workshop/)
63 | 
64 |   * [Using Istio Workshop by Layer5.io](https://github.com/leecalcote/istio-service-mesh-workshop)
65 | 
66 |   * [Istio Workshop by Ray Tsang](https://github.com/retroryan/istio-workshop)
67 | 
68 |   * [Amazon EKS Workshop - Service Mesh with Istio](https://archive.eksworkshop.com/advanced/310_servicemesh_with_istio/)
69 | 


--------------------------------------------------------------------------------
/docs/part-01/README.md:
--------------------------------------------------------------------------------
  1 | # Create EKS cluster
  2 | 
  3 | Before you start with the main content of the webinar, you need to provision
  4 | the [Amazon EKS](https://aws.amazon.com/eks/) in AWS.
  5 | 
  6 | Use the `MY_DOMAIN` variable containing domain and `LETSENCRYPT_ENVIRONMENT`
  7 | variable.
  8 | The `LETSENCRYPT_ENVIRONMENT` variable should be one of:
  9 | 
 10 | * `staging` - Let’s Encrypt will create testing certificate (not valid)
 11 | 
 12 | * `production` - Let’s Encrypt will create valid certificate (use with care)
 13 | 
 14 | ```bash
 15 | export MY_DOMAIN=${MY_DOMAIN:-mylabs.dev}
 16 | export LETSENCRYPT_ENVIRONMENT=${LETSENCRYPT_ENVIRONMENT:-staging}
 17 | echo "${MY_DOMAIN} | ${LETSENCRYPT_ENVIRONMENT}"
 18 | ```
 19 | 
 20 | ## Prepare the local working environment
 21 | 
 22 | ::: tip
 23 | You can skip these steps if you have all the required software already
 24 | installed.
 25 | :::
 26 | 
 27 | Install necessary software:
 28 | 
 29 | ```bash
 30 | test -x /usr/bin/apt && \
 31 | apt update -qq && \
 32 | DEBIAN_FRONTEND=noninteractive apt-get install -y -qq awscli curl gettext-base git openssh-client siege sudo > /dev/null
 33 | ```
 34 | 
 35 | Install [kubectl](https://github.com/kubernetes/kubectl) binary:
 36 | 
 37 | ```bash
 38 | if [ ! -x /usr/local/bin/kubectl ]; then
 39 |   sudo curl -s -Lo /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
 40 |   sudo chmod a+x /usr/local/bin/kubectl
 41 | fi
 42 | ```
 43 | 
 44 | Install [eksctl](https://eksctl.io/):
 45 | 
 46 | ```bash
 47 | if [ ! -x /usr/local/bin/eksctl ]; then
 48 |   curl -s -L "https://github.com/weaveworks/eksctl/releases/download/latest_release/eksctl_Linux_amd64.tar.gz" | sudo tar xz -C /usr/local/bin/
 49 | fi
 50 | ```
 51 | 
 52 | Install [AWS IAM Authenticator for Kubernetes](https://github.com/kubernetes-sigs/aws-iam-authenticator):
 53 | 
 54 | ```bash
 55 | if [ ! -x /usr/local/bin/aws-iam-authenticator ]; then
 56 |   sudo curl -s -Lo /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/aws-iam-authenticator
 57 |   sudo chmod a+x /usr/local/bin/aws-iam-authenticator
 58 | fi
 59 | ```
 60 | 
 61 | ## Configure AWS
 62 | 
 63 | Authorize to AWS using AWS CLI: [Configuring the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html)
 64 | 
 65 | ```bash
 66 | aws configure
 67 | ...
 68 | ```
 69 | 
 70 | Create DNS zone:
 71 | 
 72 | ```bash
 73 | aws route53 create-hosted-zone --name ${MY_DOMAIN} --caller-reference ${MY_DOMAIN}
 74 | ```
 75 | 
 76 | Use your domain registrar to change the nameservers for your zone (for example
 77 | `mylabs.dev`) to use the Amazon Route 53 nameservers. Here is the way how you
 78 | can find out the the Route 53 nameservers:
 79 | 
 80 | ```bash
 81 | aws route53 get-hosted-zone \
 82 |   --id $(aws route53 list-hosted-zones --query "HostedZones[?Name==\`${MY_DOMAIN}.\`].Id" --output text) \
 83 |   --query "DelegationSet.NameServers"
 84 | ```
 85 | 
 86 | Create policy allowing the cert-manager to change Route 53 settings. This will
 87 | allow cert-manager to generate wildcard SSL certificates by Let's Encrypt
 88 | certificate authority.
 89 | 
 90 | ```bash
 91 | aws iam create-policy \
 92 |   --policy-name ${USER}-AmazonRoute53Domains-cert-manager \
 93 |   --description "Policy required by cert-manager to be able to modify Route 53 when generating wildcard certificates using Lets Encrypt" \
 94 |   --policy-document file://files/route_53_change_policy.json
 95 | ```
 96 | 
 97 | Create user which will use the policy above allowing the cert-manager to change
 98 | Route 53 settings:
 99 | 
100 | ```bash
101 | aws iam create-user --user-name ${USER}-eks-cert-manager-route53
102 | POLICY_ARN=$(aws iam list-policies --query "Policies[?PolicyName==\`${USER}-AmazonRoute53Domains-cert-manager\`].{ARN:Arn}" --output text)
103 | aws iam attach-user-policy --user-name "${USER}-eks-cert-manager-route53" --policy-arn $POLICY_ARN
104 | aws iam create-access-key --user-name ${USER}-eks-cert-manager-route53 > $HOME/.aws/${USER}-eks-cert-manager-route53-${MY_DOMAIN}
105 | export EKS_CERT_MANAGER_ROUTE53_AWS_ACCESS_KEY_ID=$(awk -F\" "/AccessKeyId/ { print \$4 }" $HOME/.aws/${USER}-eks-cert-manager-route53-${MY_DOMAIN})
106 | export EKS_CERT_MANAGER_ROUTE53_AWS_SECRET_ACCESS_KEY=$(awk -F\" "/SecretAccessKey/ { print \$4 }" $HOME/.aws/${USER}-eks-cert-manager-route53-${MY_DOMAIN})
107 | ```
108 | 
109 | The `AccessKeyId` and `SecretAccessKey` is need for creating the `ClusterIssuer`
110 | definition for `cert-manager`.
111 | 
112 | ## Create Amazon EKS
113 | 
114 | ![EKS](https://raw.githubusercontent.com/aws-samples/eks-workshop/65b766c494a5b4f5420b2912d8373c4957163541/static/images/3-service-animated.gif
115 | "EKS")
116 | 
117 | Generate SSH keys if not exists:
118 | 
119 | ```bash
120 | test -f $HOME/.ssh/id_rsa || ( install -m 0700 -d $HOME/.ssh && ssh-keygen -b 2048 -t rsa -f $HOME/.ssh/id_rsa -q -N "" )
121 | ```
122 | 
123 | Clone the Git repository:
124 | 
125 | ```bash
126 | git clone https://github.com/ruzickap/k8s-istio-webinar
127 | cd k8s-istio-webinar
128 | ```
129 | 
130 | ![EKS](https://raw.githubusercontent.com/aws-samples/eks-workshop/e2c437de2815dd0b69ada81895ea5d5144362c21/static/images/introduction/eks-product-page.png
131 | "EKS")
132 | 
133 | Create [Amazon EKS](https://aws.amazon.com/eks/) in AWS by using [eksctl](https://eksctl.io/).
134 | It's a tool from Weaveworks based on official
135 | AWS CloudFormation templates which will be used to launch and configure our
136 | EKS cluster and nodes.
137 | 
138 | ```bash
139 | eksctl create cluster \
140 | --name=${USER}-k8s-istio-webinar \
141 | --tags "Application=Istio Webinar,Owner=${USER},Environment=Webinar,Division=Services" \
142 | --region=eu-central-1 \
143 | --node-type=t3.medium \
144 | --ssh-access \
145 | --node-ami=auto \
146 | --node-labels "Application=Istio_Webinar,Owner=${USER},Environment=Webinar,Division=Services" \
147 | --kubeconfig=kubeconfig.conf
148 | ```
149 | 
150 | Output:
151 | 
152 | ```text
153 | [ℹ]  using region eu-central-1
154 | [ℹ]  setting availability zones to [eu-central-1a eu-central-1b eu-central-1c]
155 | [ℹ]  subnets for eu-central-1a - public:192.168.0.0/19 private:192.168.96.0/19
156 | [ℹ]  subnets for eu-central-1b - public:192.168.32.0/19 private:192.168.128.0/19
157 | [ℹ]  subnets for eu-central-1c - public:192.168.64.0/19 private:192.168.160.0/19
158 | [ℹ]  nodegroup "ng-5be027b5" will use "ami-07c77043ca4cb9123" [AmazonLinux2/1.11]
159 | [ℹ]  importing SSH public key "/root/.ssh/id_rsa.pub" as "eksctl-pruzicka-k8s-istio-webinar-nodegroup-ng-5be027b5-f8:37:5c:d1:62:35:1e:21:66:a1:8e:3d:19:d0:8f:86"
160 | [ℹ]  creating EKS cluster "pruzicka-k8s-istio-webinar" in "eu-central-1" region
161 | [ℹ]  will create 2 separate CloudFormation stacks for cluster itself and the initial nodegroup
162 | [ℹ]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=eu-central-1 --name=pruzicka-k8s-istio-webinar'
163 | [ℹ]  building cluster stack "eksctl-pruzicka-k8s-istio-webinar-cluster"
164 | [ℹ]  creating nodegroup stack "eksctl-pruzicka-k8s-istio-webinar-nodegroup-ng-5be027b5"
165 | [ℹ]  --nodes-min=2 was set automatically for nodegroup ng-5be027b5
166 | [ℹ]  --nodes-max=2 was set automatically for nodegroup ng-5be027b5
167 | [✔]  all EKS cluster resource for "pruzicka-k8s-istio-webinar" had been created
168 | [✔]  saved kubeconfig as "kubeconfig.conf"
169 | [ℹ]  adding role "arn:aws:iam::822044714040:role/eksctl-pruzicka-k8s-istio-webinar-NodeInstanceRole-DVZ6BH8KDQ1K" to auth ConfigMap
170 | [ℹ]  nodegroup "ng-5be027b5" has 0 node(s)
171 | [ℹ]  waiting for at least 2 node(s) to become ready in "ng-5be027b5"
172 | [ℹ]  nodegroup "ng-5be027b5" has 2 node(s)
173 | [ℹ]  node "ip-192-168-26-217.eu-central-1.compute.internal" is ready
174 | [ℹ]  node "ip-192-168-69-19.eu-central-1.compute.internal" is ready
175 | [ℹ]  kubectl command should work with "kubeconfig.conf", try 'kubectl --kubeconfig=kubeconfig.conf get nodes'
176 | [✔]  EKS cluster "pruzicka-k8s-istio-webinar" in "eu-central-1" region is ready
177 | ```
178 | 
179 | ![EKS Architecture](https://raw.githubusercontent.com/aws-samples/eks-workshop/3e7da75de884d9efeec8e8ba21161169d3e80da7/static/images/introduction/eks-architecture.svg?sanitize=true
180 | "EKS Architecture")
181 | 
182 | Check if the new EKS cluster is available:
183 | 
184 | ```bash
185 | export KUBECONFIG=$PWD/kubeconfig.conf
186 | kubectl get nodes -o wide
187 | ```
188 | 
189 | Output:
190 | 
191 | ```shell
192 | NAME                                              STATUS   ROLES    AGE   VERSION   INTERNAL-IP      EXTERNAL-IP     OS-IMAGE         KERNEL-VERSION                CONTAINER-RUNTIME
193 | ip-192-168-26-217.eu-central-1.compute.internal   Ready    <none>   4m    v1.11.9   192.168.26.217   18.194.16.192   Amazon Linux 2   4.14.104-95.84.amzn2.x86_64   docker://18.6.1
194 | ip-192-168-69-19.eu-central-1.compute.internal    Ready    <none>   4m    v1.11.9   192.168.69.19    18.184.88.98    Amazon Linux 2   4.14.104-95.84.amzn2.x86_64   docker://18.6.1
195 | ```
196 | 
197 | ![EKS High Level](https://raw.githubusercontent.com/aws-samples/eks-workshop/3e7da75de884d9efeec8e8ba21161169d3e80da7/static/images/introduction/eks-high-level.svg?sanitize=true
198 | "EKS High Level")
199 | 
200 | Both worker nodes should be accessible via SSH:
201 | 
202 | ```bash
203 | for EXTERNAL_IP in $(kubectl get nodes --output=jsonpath="{.items[*].status.addresses[?(@.type==\"ExternalIP\")].address}"); do
204 |   echo "*** ${EXTERNAL_IP}"
205 |   ssh -q -o StrictHostKeyChecking=no -l ec2-user ${EXTERNAL_IP} uptime
206 | done
207 | ```
208 | 
209 | Output:
210 | 
211 | ```shell
212 | *** 18.194.16.192
213 |  09:39:19 up 5 min,  0 users,  load average: 0.06, 0.17, 0.08
214 | *** 18.184.88.98
215 |  09:39:20 up 5 min,  0 users,  load average: 0.18, 0.12, 0.05
216 | ```
217 | 
218 | At the end of the output you should see 2 IP addresses which
219 | should be accessible by SSH using your public key `~/.ssh/id_rsa.pub`.
220 | 


--------------------------------------------------------------------------------
/docs/part-02/README.md:
--------------------------------------------------------------------------------
 1 | # Install Helm
 2 | 
 3 | Install [Helm](https://helm.sh/) binary:
 4 | 
 5 | ```bash
 6 | curl -s https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
 7 | ```
 8 | 
 9 | Output:
10 | 
11 | ```shell
12 | Downloading https://kubernetes-helm.storage.googleapis.com/helm-v2.13.1-linux-amd64.tar.gz
13 | Preparing to install helm and tiller into /usr/local/bin
14 | helm installed into /usr/local/bin/helm
15 | tiller installed into /usr/local/bin/tiller
16 | Run 'helm init' to configure helm.
17 | ```
18 | 
19 | Install Tiller (the Helm server-side component) into the Kubernetes cluster:
20 | 
21 | ```bash
22 | kubectl create serviceaccount tiller --namespace kube-system
23 | kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
24 | helm init --wait --service-account tiller
25 | helm repo update
26 | ```
27 | 
28 | Output:
29 | 
30 | ```shell
31 | serviceaccount/tiller created
32 | clusterrolebinding.rbac.authorization.k8s.io/tiller-cluster-rule created
33 | Creating /root/.helm
34 | Creating /root/.helm/repository
35 | Creating /root/.helm/repository/cache
36 | Creating /root/.helm/repository/local
37 | Creating /root/.helm/plugins
38 | Creating /root/.helm/starters
39 | Creating /root/.helm/cache/archive
40 | Creating /root/.helm/repository/repositories.yaml
41 | Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
42 | Adding local repo with URL: http://127.0.0.1:8879/charts
43 | $HELM_HOME has been configured at /root/.helm.
44 | 
45 | Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
46 | 
47 | Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
48 | To prevent this, run `helm init` with the --tiller-tls-verify flag.
49 | For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
50 | Happy Helming!
51 | Hang tight while we grab the latest from your chart repositories...
52 | ...Skip local chart repository
53 | ...Successfully got an update from the "stable" chart repository
54 | Update Complete. ⎈ Happy Helming!⎈
55 | ```
56 | 
57 | Check if the tiller was installed properly:
58 | 
59 | ```bash
60 | kubectl get pods -l app=helm -n kube-system
61 | ```
62 | 
63 | Output:
64 | 
65 | ```shell
66 | NAMESPACE     NAME                             READY   STATUS    RESTARTS   AGE
67 | kube-system   tiller-deploy-54fc6d9ccc-48n4w   1/1     Running   0          19s
68 | ```
69 | 


--------------------------------------------------------------------------------
/docs/part-03/README.md:
--------------------------------------------------------------------------------
  1 | # Istio - Installation
  2 | 
  3 | Istio architecture:
  4 | 
  5 | ![Istio Architecture](https://raw.githubusercontent.com/istio/istio.io/7bf371365e4a16a9a13c0e79355fe1eac7f8f99f/content/docs/concepts/what-is-istio/arch.svg?sanitize=true
  6 | "Istio Architecture")
  7 | 
  8 | ## Install Istio
  9 | 
 10 | Either download Istio directly from [https://github.com/istio/istio/releases](https://github.com/istio/istio/releases)
 11 | or get the latest version by using curl:
 12 | 
 13 | ```bash
 14 | export ISTIO_VERSION="1.1.0"
 15 | test -d tmp || mkdir tmp
 16 | cd tmp
 17 | curl -sL https://git.io/getLatestIstio | sh -
 18 | ```
 19 | 
 20 | Output:
 21 | 
 22 | ```shell
 23 | Downloading istio-1.1.0 from https://github.com/istio/istio/releases/download/1.1.0/istio-1.1.0-linux.tar.gz ...
 24 |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
 25 |                                  Dload  Upload   Total   Spent    Left  Speed
 26 | 100   614    0   614    0     0    884      0 --:--:-- --:--:-- --:--:--   883
 27 | 100 15.0M  100 15.0M    0     0  5252k      0  0:00:02  0:00:02 --:--:-- 12.4M
 28 | Downloaded into istio-1.1.0:
 29 | LICENSE  README.md  bin  install  istio.VERSION  samples  tools
 30 | Add /mnt/k8s-istio-webinar/k8s-istio-webinar/tmp/istio-1.1.0/bin to your path; e.g copy paste in your shell and/or ~/.profile:
 31 | export PATH="$PATH:/mnt/k8s-istio-webinar/k8s-istio-webinar/tmp/istio-1.1.0/bin"
 32 | ```
 33 | 
 34 | Change the directory to the Istio installation files location:
 35 | 
 36 | ```bash
 37 | cd istio*
 38 | ```
 39 | 
 40 | Install `istioctl`:
 41 | 
 42 | ```bash
 43 | test -x /usr/local/bin/istioctl || sudo mv bin/istioctl /usr/local/bin/
 44 | ```
 45 | 
 46 | Install the `istio-init` chart to bootstrap all the Istio's CRDs:
 47 | 
 48 | ```bash
 49 | helm install install/kubernetes/helm/istio-init --wait \
 50 | --name istio-init --namespace istio-system --set certmanager.enabled=true
 51 | sleep 30
 52 | ```
 53 | 
 54 | Install [Istio](https://istio.io/) with add-ons ([Kiali](https://www.kiali.io/),
 55 | [Jaeger](https://www.jaegertracing.io/), [Grafana](https://grafana.com/),
 56 | [Prometheus](https://prometheus.io/), [cert-manager](https://github.com/jetstack/cert-manager)):
 57 | 
 58 | ```bash
 59 | helm install install/kubernetes/helm/istio --wait --name istio --namespace istio-system \
 60 |   --set certmanager.enabled=true \
 61 |   --set certmanager.email=petr.ruzicka@gmail.com \
 62 |   --set gateways.istio-ingressgateway.sds.enabled=true \
 63 |   --set global.k8sIngress.enabled=true \
 64 |   --set global.k8sIngress.enableHttps=true \
 65 |   --set global.k8sIngress.gatewayName=ingressgateway \
 66 |   --set grafana.enabled=true \
 67 |   --set kiali.enabled=true \
 68 |   --set kiali.createDemoSecret=true \
 69 |   --set kiali.contextPath=/ \
 70 |   --set kiali.dashboard.grafanaURL=http://grafana.${MY_DOMAIN}/ \
 71 |   --set kiali.dashboard.jaegerURL=http://jaeger.${MY_DOMAIN}/ \
 72 |   --set servicegraph.enabled=true \
 73 |   --set tracing.enabled=true
 74 | ```
 75 | 
 76 | ## Create DNS records
 77 | 
 78 | Create DNS record `mylabs.dev` for the loadbalancer created by Istio:
 79 | 
 80 | ```bash
 81 | export LOADBALANCER_HOSTNAME=$(kubectl get svc istio-ingressgateway -n istio-system -o jsonpath="{.status.loadBalancer.ingress[0].hostname}")
 82 | export CANONICAL_HOSTED_ZONE_NAME_ID=$(aws elb describe-load-balancers --query "LoadBalancerDescriptions[?DNSName==\`$LOADBALANCER_HOSTNAME\`].CanonicalHostedZoneNameID" --output text)
 83 | export HOSTED_ZONE_ID=$(aws route53 list-hosted-zones --query "HostedZones[?Name==\`${MY_DOMAIN}.\`].Id" --output text)
 84 | 
 85 | envsubst < ../../files/aws_route53-dns_change.json | aws route53 change-resource-record-sets --hosted-zone-id ${HOSTED_ZONE_ID} --change-batch=file:///dev/stdin
 86 | ```
 87 | 
 88 | ![Architecture](https://raw.githubusercontent.com/aws-samples/eks-workshop/65b766c494a5b4f5420b2912d8373c4957163541/static/images/crystal.svg?sanitize=true
 89 | "Architecture")
 90 | 
 91 | ## Create SSL certificate using Let's Encrypt
 92 | 
 93 | Create `ClusterIssuer` and `Certificate` for Route53 used by cert-manager.
 94 | It will allow Let's encrypt to generate certificate. Route53 (DNS) method of
 95 | requesting certificate from Let's Encrypt must be used to create wildcard
 96 | certificate `*.mylabs.dev` (details [here](https://community.letsencrypt.org/t/wildcard-certificates-via-http-01/51223)).
 97 | 
 98 | ```bash
 99 | export EKS_CERT_MANAGER_ROUTE53_AWS_SECRET_ACCESS_KEY_BASE64=$(echo -n "$EKS_CERT_MANAGER_ROUTE53_AWS_SECRET_ACCESS_KEY" | base64)
100 | cat ../../files/cert-manager-letsencrypt-aws-route53-clusterissuer-certificate.yaml
101 | envsubst < ../../files/cert-manager-letsencrypt-aws-route53-clusterissuer-certificate.yaml | kubectl apply -f -
102 | ```
103 | 
104 | ![ACME DNS Challenge](https://b3n.org/wp-content/uploads/2016/09/acme_letsencrypt_dns-01-challenge.png
105 | "ACME DNS Challenge")
106 | 
107 | ([https://b3n.org/intranet-ssl-certificates-using-lets-encrypt-dns-01/](https://b3n.org/intranet-ssl-certificates-using-lets-encrypt-dns-01/))
108 | 
109 | Let `istio-ingressgateway` to use cert-manager generated certificate via
110 | [SDS](https://www.envoyproxy.io/docs/envoy/v1.5.0/intro/arch_overview/service_discovery#arch-overview-service-discovery-types-sds).
111 | Steps are taken from here [https://istio.io/docs/tasks/traffic-management/ingress/ingress-certmgr/](https://istio.io/docs/tasks/traffic-management/ingress/ingress-certmgr/).
112 | 
113 | ```bash
114 | kubectl -n istio-system patch gateway istio-autogenerated-k8s-ingress \
115 |   --type=json \
116 |   -p="[{"op": "replace", "path": "/spec/servers/1/tls", "value": {"credentialName": "ingress-cert-${LETSENCRYPT_ENVIRONMENT}", "mode": "SIMPLE", "privateKey": "sds", "serverCertificate": "sds"}}]"
117 | ```
118 | 
119 | ## Check and configure Istio
120 | 
121 | Allow the `default` namespace to use Istio injection:
122 | 
123 | ```bash
124 | kubectl label namespace default istio-injection=enabled
125 | ```
126 | 
127 | Check namespaces:
128 | 
129 | ```bash
130 | kubectl get namespace -L istio-injection
131 | ```
132 | 
133 | Output:
134 | 
135 | ```shell
136 | NAME           STATUS   AGE   ISTIO-INJECTION
137 | default        Active   19m   enabled
138 | istio-system   Active   7m
139 | kube-public    Active   19m
140 | kube-system    Active   19m
141 | ```
142 | 
143 | See the Istio components:
144 | 
145 | ```bash
146 | kubectl get --namespace=istio-system svc,deployment,pods,job,horizontalpodautoscaler,destinationrule
147 | ```
148 | 
149 | Output:
150 | 
151 | ```shell
152 | NAME                             TYPE           CLUSTER-IP       EXTERNAL-IP                                                                  PORT(S)                                                                                                                                      AGE
153 | service/grafana                  ClusterIP      10.100.84.93     <none>                                                                       3000/TCP                                                                                                                                     7m
154 | service/istio-citadel            ClusterIP      10.100.203.5     <none>                                                                       8060/TCP,15014/TCP                                                                                                                           7m
155 | service/istio-galley             ClusterIP      10.100.224.231   <none>                                                                       443/TCP,15014/TCP,9901/TCP                                                                                                                   7m
156 | service/istio-ingressgateway     LoadBalancer   10.100.241.162   abd0be556520611e9ac0602dc9c152bf-2144127322.eu-central-1.elb.amazonaws.com   80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:31705/TCP,15030:30101/TCP,15031:30032/TCP,15032:32493/TCP,15443:31895/TCP,15020:31909/TCP   7m
157 | service/istio-pilot              ClusterIP      10.100.68.4      <none>                                                                       15010/TCP,15011/TCP,8080/TCP,15014/TCP                                                                                                       7m
158 | service/istio-policy             ClusterIP      10.100.24.13     <none>                                                                       9091/TCP,15004/TCP,15014/TCP                                                                                                                 7m
159 | service/istio-sidecar-injector   ClusterIP      10.100.252.24    <none>                                                                       443/TCP                                                                                                                                      7m
160 | service/istio-telemetry          ClusterIP      10.100.103.164   <none>                                                                       9091/TCP,15004/TCP,15014/TCP,42422/TCP                                                                                                       7m
161 | service/jaeger-agent             ClusterIP      None             <none>                                                                       5775/UDP,6831/UDP,6832/UDP                                                                                                                   7m
162 | service/jaeger-collector         ClusterIP      10.100.32.192    <none>                                                                       14267/TCP,14268/TCP                                                                                                                          7m
163 | service/jaeger-query             ClusterIP      10.100.196.113   <none>                                                                       16686/TCP                                                                                                                                    7m
164 | service/kiali                    ClusterIP      10.100.66.131    <none>                                                                       20001/TCP                                                                                                                                    7m
165 | service/prometheus               ClusterIP      10.100.246.253   <none>                                                                       9090/TCP                                                                                                                                     7m
166 | service/servicegraph             ClusterIP      10.100.163.157   <none>                                                                       8088/TCP                                                                                                                                     7m
167 | service/tracing                  ClusterIP      10.100.90.197    <none>                                                                       80/TCP                                                                                                                                       7m
168 | service/zipkin                   ClusterIP      10.100.8.55      <none>                                                                       9411/TCP                                                                                                                                     7m
169 | 
170 | NAME                                           DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
171 | deployment.extensions/certmanager              1         1         1            1           7m
172 | deployment.extensions/grafana                  1         1         1            1           7m
173 | deployment.extensions/istio-citadel            1         1         1            1           7m
174 | deployment.extensions/istio-galley             1         1         1            1           7m
175 | deployment.extensions/istio-ingressgateway     1         1         1            1           7m
176 | deployment.extensions/istio-pilot              1         1         1            1           7m
177 | deployment.extensions/istio-policy             1         1         1            1           7m
178 | deployment.extensions/istio-sidecar-injector   1         1         1            1           7m
179 | deployment.extensions/istio-telemetry          1         1         1            1           7m
180 | deployment.extensions/istio-tracing            1         1         1            1           7m
181 | deployment.extensions/kiali                    1         1         1            1           7m
182 | deployment.extensions/prometheus               1         1         1            1           7m
183 | deployment.extensions/servicegraph             1         1         1            1           7m
184 | 
185 | NAME                                          READY   STATUS      RESTARTS   AGE
186 | pod/certmanager-7478689867-6n8r7              1/1     Running     0          7m
187 | pod/grafana-7b46bf6b7c-w7ms2                  1/1     Running     0          7m
188 | pod/istio-citadel-75fdb679db-v8bqh            1/1     Running     0          7m
189 | pod/istio-galley-c864b5c86-8xfpm              1/1     Running     0          7m
190 | pod/istio-ingressgateway-6cb65d86cb-5ptgp     2/2     Running     0          7m
191 | pod/istio-init-crd-10-stcw2                   0/1     Completed   0          7m
192 | pod/istio-init-crd-11-fgdh9                   0/1     Completed   0          7m
193 | pod/istio-init-crd-certmanager-10-rhmv9       0/1     Completed   0          7m
194 | pod/istio-init-crd-certmanager-11-dv24d       0/1     Completed   0          7m
195 | pod/istio-pilot-f4c98cfbf-pwp45               2/2     Running     0          7m
196 | pod/istio-policy-6cbbd844dd-4dzbx             2/2     Running     2          7m
197 | pod/istio-sidecar-injector-7b47cb4689-5x7ph   1/1     Running     0          7m
198 | pod/istio-telemetry-ccc4df498-w77hk           2/2     Running     2          7m
199 | pod/istio-tracing-75dd89b8b4-frg8w            1/1     Running     0          7m
200 | pod/kiali-7787748c7d-lb454                    1/1     Running     0          7m
201 | pod/prometheus-89bc5668c-54pdj                1/1     Running     0          7m
202 | pod/servicegraph-5d4b49848-cscbp              1/1     Running     1          7m
203 | 
204 | NAME                                      DESIRED   SUCCESSFUL   AGE
205 | job.batch/istio-init-crd-10               1         1            7m
206 | job.batch/istio-init-crd-11               1         1            7m
207 | job.batch/istio-init-crd-certmanager-10   1         1            7m
208 | job.batch/istio-init-crd-certmanager-11   1         1            7m
209 | 
210 | NAME                                                       REFERENCE                         TARGETS         MINPODS   MAXPODS   REPLICAS   AGE
211 | horizontalpodautoscaler.autoscaling/istio-ingressgateway   Deployment/istio-ingressgateway   <unknown>/80%   1         5         1          7m
212 | horizontalpodautoscaler.autoscaling/istio-pilot            Deployment/istio-pilot            <unknown>/80%   1         5         1          7m
213 | horizontalpodautoscaler.autoscaling/istio-policy           Deployment/istio-policy           <unknown>/80%   1         5         1          7m
214 | horizontalpodautoscaler.autoscaling/istio-telemetry        Deployment/istio-telemetry        <unknown>/80%   1         5         1          7m
215 | 
216 | NAME                                                  HOST                                             AGE
217 | destinationrule.networking.istio.io/istio-policy      istio-policy.istio-system.svc.cluster.local      7m
218 | destinationrule.networking.istio.io/istio-telemetry   istio-telemetry.istio-system.svc.cluster.local   7m
219 | ```
220 | 
221 | Configure the Istio services ([Jaeger](https://www.jaegertracing.io/),
222 | [Prometheus](https://prometheus.io/), [Grafana](https://grafana.com/),
223 | [Kiali](https://www.kiali.io/), Servicegraph) to be visible externally:
224 | 
225 | ```bash
226 | envsubst < ../../files/export_services_gateway.yaml | kubectl apply -f -
227 | ```
228 | 
229 | ![Istio](../.vuepress/public/istio.svg "Istio")
230 | 


--------------------------------------------------------------------------------
/docs/part-04/README.md:
--------------------------------------------------------------------------------
  1 | # Istio - Bookinfo Application
  2 | 
  3 | Deploy the demo of [Bookinfo](https://istio.io/docs/examples/bookinfo/) application:
  4 | 
  5 | ```bash
  6 | # kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)
  7 | tail -40 samples/bookinfo/platform/kube/bookinfo.yaml
  8 | kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
  9 | ```
 10 | 
 11 | Output:
 12 | 
 13 | ```shell
 14 | ---
 15 | ##################################################################################################
 16 | # Productpage services
 17 | ##################################################################################################
 18 | apiVersion: v1
 19 | kind: Service
 20 | metadata:
 21 |   name: productpage
 22 |   labels:
 23 |     app: productpage
 24 |     service: productpage
 25 | spec:
 26 |   ports:
 27 |   - port: 9080
 28 |     name: http
 29 |   selector:
 30 |     app: productpage
 31 | ---
 32 | apiVersion: extensions/v1beta1
 33 | kind: Deployment
 34 | metadata:
 35 |   name: productpage-v1
 36 |   labels:
 37 |     app: productpage
 38 |     version: v1
 39 | spec:
 40 |   replicas: 1
 41 |   template:
 42 |     metadata:
 43 |       labels:
 44 |         app: productpage
 45 |         version: v1
 46 |     spec:
 47 |       containers:
 48 |       - name: productpage
 49 |         image: istio/examples-bookinfo-productpage-v1:1.10.1
 50 |         imagePullPolicy: IfNotPresent
 51 |         ports:
 52 |         - containerPort: 9080
 53 | ---
 54 | ```
 55 | 
 56 | Example with `istioctl`:
 57 | 
 58 | ```bash
 59 | istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml | tail -172
 60 | sleep 400
 61 | ```
 62 | 
 63 | Output:
 64 | 
 65 | ```shell
 66 | ...
 67 | apiVersion: extensions/v1beta1
 68 | kind: Deployment
 69 | metadata:
 70 |   creationTimestamp: null
 71 |   labels:
 72 |     app: productpage
 73 |     version: v1
 74 |   name: productpage-v1
 75 | spec:
 76 |   replicas: 1
 77 |   strategy: {}
 78 |   template:
 79 |     metadata:
 80 |       annotations:
 81 |         sidecar.istio.io/status: '{"version":"1d03c7b8369fddca69b40289a75eabb02e48b68ad5516e6975265f215d382f74","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}'
 82 |       creationTimestamp: null
 83 |       labels:
 84 |         app: productpage
 85 |         version: v1
 86 |     spec:
 87 |       containers:
 88 |       - image: istio/examples-bookinfo-productpage-v1:1.10.1
 89 |         imagePullPolicy: IfNotPresent
 90 |         name: productpage
 91 |         ports:
 92 |         - containerPort: 9080
 93 |         resources: {}
 94 | ...
 95 |         image: docker.io/istio/proxyv2:1.1.0
 96 |         imagePullPolicy: IfNotPresent
 97 |         name: istio-proxy
 98 |         ports:
 99 |         - containerPort: 15090
100 |           name: http-envoy-prom
101 |           protocol: TCP
102 | ```
103 | 
104 | The Bookinfo application is broken into four separate microservices:
105 | 
106 | * `productpage` - the productpage microservice calls the details and reviews
107 |   microservices to populate the page.
108 | * `details` - the details microservice contains book information.
109 | * `reviews` - the reviews microservice contains book reviews. It also calls
110 |   the ratings microservice.
111 | * `ratings` - the ratings microservice contains book ranking information
112 |   that accompanies a book review.
113 | 
114 | There are 3 versions of the `reviews` microservice:
115 | 
116 | * Version `v1` - doesn't call the **ratings service**.
117 | 
118 |   ![Bookinfo v1](./bookinfo_v1_raiting.png "Bookinfo v1")
119 | 
120 | * Version `v2` - calls the ratings service, and displays each rating as 1 to 5
121 |   **black stars**.
122 | 
123 |   ![Bookinfo v2](./bookinfo_v2_raiting.png "Bookinfo v2")
124 | 
125 | * Version `v3` - calls the ratings service, and displays each rating as 1 to 5
126 |   **red stars**.
127 | 
128 |   ![Bookinfo v3](./bookinfo_v3_raiting.png "Bookinfo v3")
129 | 
130 | [Bookinfo](https://istio.io/docs/examples/bookinfo/) application architecture:
131 | 
132 | ![Application Architecture with Istio](https://raw.githubusercontent.com/istio/istio.io/7bf371365e4a16a9a13c0e79355fe1eac7f8f99f/content/docs/examples/bookinfo/withistio.svg?sanitize=true
133 | "Application Architecture with Istio")
134 | 
135 | Confirm all services and pods are correctly defined and running:
136 | 
137 | ```bash
138 | kubectl get svc,deployment,pods -o wide
139 | ```
140 | 
141 | Output:
142 | 
143 | ```shell
144 | NAME                  TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE   SELECTOR
145 | service/details       ClusterIP   10.100.84.225    <none>        9080/TCP   2m    app=details
146 | service/kubernetes    ClusterIP   10.100.0.1       <none>        443/TCP    21m   <none>
147 | service/productpage   ClusterIP   10.100.111.89    <none>        9080/TCP   2m    app=productpage
148 | service/ratings       ClusterIP   10.100.217.110   <none>        9080/TCP   2m    app=ratings
149 | service/reviews       ClusterIP   10.100.83.162    <none>        9080/TCP   2m    app=reviews
150 | 
151 | NAME                                   DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS    IMAGES                                          SELECTOR
152 | deployment.extensions/details-v1       1         1         1            1           2m    details       istio/examples-bookinfo-details-v1:1.10.1       app=details,version=v1
153 | deployment.extensions/productpage-v1   1         1         1            1           2m    productpage   istio/examples-bookinfo-productpage-v1:1.10.1   app=productpage,version=v1
154 | deployment.extensions/ratings-v1       1         1         1            1           2m    ratings       istio/examples-bookinfo-ratings-v1:1.10.1       app=ratings,version=v1
155 | deployment.extensions/reviews-v1       1         1         1            1           2m    reviews       istio/examples-bookinfo-reviews-v1:1.10.1       app=reviews,version=v1
156 | deployment.extensions/reviews-v2       1         1         1            1           2m    reviews       istio/examples-bookinfo-reviews-v2:1.10.1       app=reviews,version=v2
157 | deployment.extensions/reviews-v3       1         1         1            1           2m    reviews       istio/examples-bookinfo-reviews-v3:1.10.1       app=reviews,version=v3
158 | 
159 | NAME                                  READY   STATUS    RESTARTS   AGE   IP               NODE                                              NOMINATED NODE
160 | pod/details-v1-68868454f5-sphh7       2/2     Running   0          2m    192.168.13.128   ip-192-168-26-217.eu-central-1.compute.internal   <none>
161 | pod/productpage-v1-5cb458d74f-wwcqc   2/2     Running   0          2m    192.168.76.160   ip-192-168-69-19.eu-central-1.compute.internal    <none>
162 | pod/ratings-v1-76f4c9765f-lzgpb       2/2     Running   0          2m    192.168.91.69    ip-192-168-69-19.eu-central-1.compute.internal    <none>
163 | pod/reviews-v1-56f6855586-rnkjj       2/2     Running   0          2m    192.168.77.69    ip-192-168-69-19.eu-central-1.compute.internal    <none>
164 | pod/reviews-v2-65c9df47f8-sq2vh       2/2     Running   0          2m    192.168.8.68     ip-192-168-26-217.eu-central-1.compute.internal   <none>
165 | pod/reviews-v3-6cf47594fd-nw8hv       2/2     Running   0          2m    192.168.6.236    ip-192-168-26-217.eu-central-1.compute.internal   <none>
166 | ```
167 | 
168 | Check the container details - you should see also container `istio-proxy` next
169 | to `productpage` container.
170 | 
171 | ```bash
172 | kubectl describe pod -l app=productpage
173 | ```
174 | 
175 | Output:
176 | 
177 | ```yaml
178 | ...
179 | Containers:
180 |   productpage:
181 |     Container ID:   docker://62984fbf7913e8cd91e5188571c7efad781880966a0d9b36279f368ad9cbf2a0
182 |     Image:          istio/examples-bookinfo-productpage-v1:1.10.1
183 | ...
184 |   istio-proxy:
185 |     Container ID:  docker://17a2c6c87b1e8f315417b284973452332ea34162543af46776075ad1f43db327
186 |     Image:         docker.io/istio/proxyv2:1.1.0
187 | ...
188 | ```
189 | 
190 | The `kubectl logs` command will show you the output of the envoy proxy
191 | (`istio-proxy`):
192 | 
193 | ```bash
194 | kubectl logs $(kubectl get pod -l app=productpage -o jsonpath="{.items[0].metadata.name}") istio-proxy | head -70
195 | ```
196 | 
197 | Output:
198 | 
199 | ```shell
200 | ...
201 | 2019-03-29T09:49:07.660863Z     info    Effective config: binaryPath: /usr/local/bin/envoy
202 | concurrency: 2
203 | configPath: /etc/istio/proxy
204 | connectTimeout: 10s
205 | discoveryAddress: istio-pilot.istio-system:15010
206 | drainDuration: 45s
207 | parentShutdownDuration: 60s
208 | proxyAdminPort: 15000
209 | serviceCluster: productpage.default
210 | statNameLength: 189
211 | tracing:
212 |   zipkin:
213 |     address: zipkin.istio-system:9411
214 | 
215 | 2019-03-29T09:49:07.660886Z     info    Monitored certs: []envoy.CertSource{envoy.CertSource{Directory:"/etc/certs/", Files:[]string{"cert-chain.pem", "key.pem", "root-cert.pem"}}}
216 | 2019-03-29T09:49:07.660896Z     info    PilotSAN []string(nil)
217 | 2019-03-29T09:49:07.660996Z     info    Opening status port 15020
218 | 
219 | 2019-03-29T09:49:07.661159Z     info    Starting proxy agent
220 | 2019-03-29T09:49:07.661340Z     info    Received new config, resetting budget
221 | 2019-03-29T09:49:07.661349Z     info    Reconciling retry (budget 10)
222 | 2019-03-29T09:49:07.661359Z     info    Epoch 0 starting
223 | 2019-03-29T09:49:07.662335Z     info    Envoy command: [-c /etc/istio/proxy/envoy-rev0.json --restart-epoch 0 --drain-time-s 45 --parent-shutdown-time-s 60 --service-cluster productpage.default --service-node sidecar~192.168.76.160~productpage-v1-5cb458d74f-wwcqc.default~default.svc.cluster.local --max-obj-name-len 189 --allow-unknown-fields -l warning --concurrency 2]
224 | ...
225 | ```
226 | 
227 | Define the [Istio gateway](https://istio.io/docs/reference/config/networking/gateway/)
228 | for the application:
229 | 
230 | ```bash
231 | cat samples/bookinfo/networking/bookinfo-gateway.yaml
232 | kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
233 | sleep 5
234 | ```
235 | 
236 | Output:
237 | 
238 | ```yaml
239 | apiVersion: networking.istio.io/v1alpha3
240 | kind: Gateway
241 | metadata:
242 |   name: bookinfo-gateway
243 | spec:
244 |   selector:
245 |     istio: ingressgateway # use istio default controller
246 |   servers:
247 |   - port:
248 |       number: 80
249 |       name: http
250 |       protocol: HTTP
251 |     hosts:
252 |     - "*"
253 | ---
254 | apiVersion: networking.istio.io/v1alpha3
255 | kind: VirtualService
256 | metadata:
257 |   name: bookinfo
258 | spec:
259 |   hosts:
260 |   - "*"
261 |   gateways:
262 |   - bookinfo-gateway
263 |   http:
264 |   - match:
265 |     - uri:
266 |         exact: /productpage
267 |     - uri:
268 |         exact: /login
269 |     - uri:
270 |         exact: /logout
271 |     - uri:
272 |         prefix: /api/v1/products
273 |     route:
274 |     - destination:
275 |         host: productpage
276 |         port:
277 |           number: 9080
278 | ```
279 | 
280 | Create and display default [destination rules](https://istio.io/docs/reference/config/networking/destination-rule/)
281 | (subsets) for the Bookinfo services:
282 | 
283 | ```bash
284 | kubectl apply -f samples/bookinfo/networking/destination-rule-all.yaml
285 | kubectl get destinationrules -o yaml
286 | ```
287 | 
288 | Display the destination rules:
289 | 
290 | Output:
291 | 
292 | ```yaml
293 | ...
294 | - apiVersion: networking.istio.io/v1alpha3
295 |   kind: DestinationRule
296 | ...
297 |     name: reviews
298 |     namespace: default
299 | ...
300 |   spec:
301 |     host: reviews
302 |     subsets:
303 |     - labels:
304 |         version: v1
305 |       name: v1
306 |     - labels:
307 |         version: v2
308 |       name: v2
309 |     - labels:
310 |         version: v3
311 |       name: v3
312 | ...
313 | ```
314 | 
315 | Confirm the gateway and virtualsevice has been created:
316 | 
317 | ```bash
318 | kubectl get gateway,virtualservice,destinationrule
319 | ```
320 | 
321 | Output:
322 | 
323 | ```shell
324 | NAME                                           AGE
325 | gateway.networking.istio.io/bookinfo-gateway   13s
326 | 
327 | NAME                                          GATEWAYS             HOSTS   AGE
328 | virtualservice.networking.istio.io/bookinfo   [bookinfo-gateway]   [*]     13s
329 | 
330 | NAME                                              HOST          AGE
331 | destinationrule.networking.istio.io/details       details       8s
332 | destinationrule.networking.istio.io/productpage   productpage   8s
333 | destinationrule.networking.istio.io/ratings       ratings       8s
334 | destinationrule.networking.istio.io/reviews       reviews       8s
335 | ```
336 | 
337 | ![Gateway -> VirtualService -> DestinationRule](https://raw.githubusercontent.com/istio/istio.io/92bc65af57592294102e1bc2cb13b333b44a73e0/content/blog/2018/v1alpha3-routing/virtualservices-destrules.svg?sanitize=true
338 | "Gateway -> VirtualService -> DestinationRule")
339 | 
340 | Check the SSL certificate:
341 | 
342 | ```bash
343 | echo | openssl s_client -showcerts -connect ${MY_DOMAIN}:443 2>/dev/null | openssl x509 -inform pem -noout -text
344 | ```
345 | 
346 | Output:
347 | 
348 | ```shell
349 | Certificate:
350 |     Data:
351 |         Version: 3 (0x2)
352 |         Serial Number:
353 |             03:ba:eb:a2:34:43:0c:ae:7b:63:64:4d:4a:ee:c1:25:b4:35
354 |     Signature Algorithm: sha256WithRSAEncryption
355 |         Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
356 |         Validity
357 |             Not Before: Mar 29 08:46:52 2019 GMT
358 |             Not After : Jun 27 08:46:52 2019 GMT
359 |         Subject: CN = *.mylabs.dev
360 |         Subject Public Key Info:
361 |             Public Key Algorithm: rsaEncryption
362 |                 Public-Key: (2048 bit)
363 |                 Modulus:
364 | ...
365 |         X509v3 extensions:
366 |             X509v3 Key Usage: critical
367 |                 Digital Signature, Key Encipherment
368 |             X509v3 Extended Key Usage:
369 |                 TLS Web Server Authentication, TLS Web Client Authentication
370 |             X509v3 Basic Constraints: critical
371 |                 CA:FALSE
372 |             X509v3 Subject Key Identifier:
373 |                 AB:60:E9:ED:3F:40:72:83:7D:62:08:F9:EB:8F:EA:1C:42:CC:76:4E
374 |             X509v3 Authority Key Identifier:
375 |                 keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
376 | 
377 |             Authority Information Access:
378 |                 OCSP - URI:http://ocsp.int-x3.letsencrypt.org
379 |                 CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
380 | 
381 |             X509v3 Subject Alternative Name:
382 |                 DNS:*.mylabs.dev, DNS:mylabs.dev
383 |             X509v3 Certificate Policies:
384 |                 Policy: 2.23.140.1.2.1
385 |                 Policy: 1.3.6.1.4.1.44947.1.1.1
386 |                   CPS: http://cps.letsencrypt.org
387 | ...
388 | ```
389 | 
390 | You can see it in the certificate transparency log: [https://crt.sh/?q=mylabs.dev](https://crt.sh/?q=mylabs.dev))
391 | 
392 | ![crt.sh Certificate](./crt_sh.png "crt.sh Certificate")
393 | 
394 | SSL Certificate in Kiali [https://kiali.mylabs.dev](https://kiali.mylabs.dev)
395 | web page:
396 | 
397 | ![Kiali SSL Certificate displayed in browser](./kiali_ssl_certificate.png
398 | "Kiali SSL Certificate displayed in browser")
399 | 
400 | You can also use the [cert-manager](https://github.com/jetstack/cert-manager)
401 | directly to see the status of the certificate:
402 | 
403 | ```bash
404 | kubectl describe certificates ingress-cert-${LETSENCRYPT_ENVIRONMENT} -n istio-system
405 | ```
406 | 
407 | Output:
408 | 
409 | ```text
410 | Name:         ingress-cert-production
411 | Namespace:    istio-system
412 | Labels:       <none>
413 | Annotations:  kubectl.kubernetes.io/last-applied-configuration:
414 |                 {"apiVersion":"certmanager.k8s.io/v1alpha1","kind":"Certificate","metadata":{"annotations":{},"name":"ingress-cert-production","namespace"...
415 | API Version:  certmanager.k8s.io/v1alpha1
416 | Kind:         Certificate
417 | Metadata:
418 |   Creation Timestamp:  2019-03-29T09:43:02Z
419 |   Generation:          1
420 |   Resource Version:    2854
421 |   Self Link:           /apis/certmanager.k8s.io/v1alpha1/namespaces/istio-system/certificates/ingress-cert-production
422 |   UID:                 0b677790-5207-11e9-ac06-02dc9c152bfa
423 | Spec:
424 |   Acme:
425 |     Config:
426 |       Dns 01:
427 |         Provider:  aws-route53
428 |       Domains:
429 |         *.mylabs.dev
430 |         mylabs.dev
431 |   Common Name:  *.mylabs.dev
432 |   Dns Names:
433 |     *.mylabs.dev
434 |     mylabs.dev
435 |   Issuer Ref:
436 |     Kind:       ClusterIssuer
437 |     Name:       letsencrypt-production-dns
438 |   Secret Name:  ingress-cert-production
439 | Status:
440 |   Conditions:
441 |     Last Transition Time:  2019-03-29T09:46:53Z
442 |     Message:               Certificate is up to date and has not expired
443 |     Reason:                Ready
444 |     Status:                True
445 |     Type:                  Ready
446 |   Not After:               2019-06-27T08:46:52Z
447 | Events:
448 |   Type     Reason          Age                  From          Message
449 |   ----     ------          ----                 ----          -------
450 |   Warning  IssuerNotReady  9m9s (x2 over 9m9s)  cert-manager  Issuer letsencrypt-production-dns not ready
451 |   Normal   Generated       9m8s                 cert-manager  Generated new private key
452 |   Normal   OrderCreated    9m8s                 cert-manager  Created Order resource "ingress-cert-production-3383842614"
453 |   Normal   OrderComplete   5m18s                cert-manager  Order "ingress-cert-production-3383842614" completed successfully
454 |   Normal   CertIssued      5m18s                cert-manager  Certificate issued successfully
455 | ```
456 | 
457 | ![cert-manager high level overview](https://raw.githubusercontent.com/jetstack/cert-manager/4f30ed75e88e5d0defeb950501b5cac6da7fa7fe/docs/images/high-level-overview.png
458 | "cert-manager high level overview")
459 | 
460 | Confirm the app is running:
461 | 
462 | ```bash
463 | curl -o /dev/null -s -w "%{http_code}" http://${MY_DOMAIN}/productpage; echo
464 | ```
465 | 
466 | Output:
467 | 
468 | ```shell
469 | 200
470 | ```
471 | 
472 | Generate some traffic for next 5 minutes to gather some data for monitoring:
473 | 
474 | ```bash
475 | siege --log=/tmp/siege --concurrent=1 -q --internet --time=10M http://${MY_DOMAIN}/productpage &> /dev/null &
476 | ```
477 | 
478 | In case of DNS issue you can use the services exposed on ports directly from
479 | loadbalancer:
480 | 
481 | ```bash
482 | kubectl -n istio-system get service istio-ingressgateway -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"; echo
483 | ```
484 | 
485 | Output:
486 | 
487 | ```shell
488 | abd0be556520611e9ac0602dc9c152bf-2144127322.eu-central-1.elb.amazonaws.com
489 | ```
490 | 
491 | * Kiali: `http://<IP ADDRESS OF CLUSTER INGRESS>:15029`
492 | * Prometheus: `http://<IP ADDRESS OF CLUSTER INGRESS>:15030`
493 | * Grafana: `http://<IP ADDRESS OF CLUSTER INGRESS>:15031`
494 | * Tracing: `http://<IP ADDRESS OF CLUSTER INGRESS>:15032`
495 | 
496 | Open the Bookinfo site in your browser [http://mylabs.dev/productpage](http://mylabs.dev/productpage)
497 | and refresh the page several times - you should see different versions
498 | of reviews shown in productpage, presented in a **round robin style**
499 | (red stars, black stars, no stars), since we haven't yet used Istio to control
500 | the version routing.
501 | 
502 | ![Bookinfo v1, v3, v2](./bookinfo_v1_v3_v2.gif "Bookinfo v1, v3, v2")
503 | 
504 | Check the flows in [Kiali](https://kiali.mylabs.dev/console/graph/namespaces/?edges=requestsPercentOfTotal&graphType=versionedApp&namespaces=default&injectServiceNodes=true&duration=60&pi=5000&layout=dagre):
505 | 
506 | ![Istio Graph](./istio_kiali_graph.gif "Istio Graph")
507 | 
508 | Open the browser with these pages:
509 | 
510 | * Servicegraph:
511 | 
512 |   * [https://servicegraph.mylabs.dev/force/forcegraph.html](https://servicegraph.mylabs.dev/force/forcegraph.html)
513 | 
514 |     ![Istio Service Graph](./servicegraph_istio_service_graph.png
515 |     "Istio Service Graph")
516 | 
517 |   * [https://servicegraph.mylabs.dev/dotviz](https://servicegraph.mylabs.dev/dotviz)
518 | 
519 |     ![Service Graph - dotviz](./servicegraph_dotviz.png
520 |     "Service Graph - dotviz")
521 | 
522 | * [Kiali](https://www.kiali.io/):
523 | 
524 |   * [https://kiali.mylabs.dev](https://kiali.mylabs.dev) (admin/admin)
525 | 
526 |     ![Kiali](./kiali.png "Kiali")
527 | 
528 | * [Jaeger](https://www.jaegertracing.io/):
529 | 
530 |   * [https://jaeger.mylabs.dev](https://jaeger.mylabs.dev)
531 | 
532 |     ![Jaeger](./jaeger.png "Jaeger")
533 | 
534 | * [Prometheus](https://prometheus.io/):
535 | 
536 |   * [https://prometheus.mylabs.dev/graph?g0.range_input=1h&g0.expr=istio_requests_total&g0.tab=0](https://prometheus.mylabs.dev/graph?g0.range_input=1h&g0.expr=istio_requests_total&g0.tab=0)
537 | 
538 |     ![Prometheus - istio_requests_total](./prometheus_istio_requests_total1.png
539 |     "Prometheus - istio_requests_total")
540 | 
541 |   * Total count of all requests to the productpage service:
542 | 
543 |     * [https://prometheus.mylabs.dev/graph?g0.range_input=1h&g0.expr=istio_requests_total%7Bdestination_service%3D%22productpage.default.svc.cluster.local%22%7D&g0.tab=0](https://prometheus.mylabs.dev/graph?g0.range_input=1h&g0.expr=istio_requests_total%7Bdestination_service%3D%22productpage.default.svc.cluster.local%22%7D&g0.tab=0)
544 | 
545 |       ![Prometheus - istio_requests_total](./prometheus_istio_requests_total2.png
546 |       "Prometheus - istio_requests_total")
547 | 
548 |   * Total count of all requests to `v1` of the reviews service:
549 | 
550 |     * [https://prometheus.mylabs.dev/graph?g0.range_input=1h&g0.expr=istio_requests_total%7Bdestination_service%3D%22reviews.default.svc.cluster.local%22%2C%20destination_version%3D%22v1%22%7D&g0.tab=0](https://prometheus.mylabs.dev/graph?g0.range_input=1h&g0.expr=istio_requests_total%7Bdestination_service%3D%22reviews.default.svc.cluster.local%22%2C%20destination_version%3D%22v1%22%7D&g0.tab=0)
551 | 
552 |       ![Prometheus - istio_requests_total](./prometheus_istio_requests_total3.png
553 |       "Prometheus - istio_requests_total")
554 | 
555 |   * Rate of requests over the past 5 minutes to all instances of the productpage
556 |     service:
557 | 
558 |     * [https://prometheus.mylabs.dev/graph?g0.range_input=1h&g0.expr=rate(istio_requests_total%7Bdestination_service%3D~%22productpage.*%22%2C%20response_code%3D%22200%22%7D%5B5m%5D)&g0.tab=0](https://prometheus.mylabs.dev/graph?g0.range_input=1h&g0.expr=rate(istio_requests_total%7Bdestination_service%3D~%22productpage.*%22%2C%20response_code%3D%22200%22%7D%5B5m%5D)&g0.tab=0)
559 | 
560 |       ![Prometheus - istio_requests_total](./prometheus_istio_requests_total4.png
561 |       "Prometheus - istio_requests_total")
562 | 
563 | * [Grafana](https://grafana.com/):
564 | 
565 |   * [https://grafana.mylabs.dev](https://grafana.mylabs.dev)
566 | 
567 |   * Grafana -> Home -> Istio ->
568 | 
569 |     * Istio Performance Dashboard
570 | 
571 |       ![Grafana - Istio Performance Dashboard](./grafana_istio_performance_dashboard.png
572 |       "Grafana - Istio Performance Dashboard")
573 | 
574 |     * Istio Service Dashboard
575 | 
576 |       ![Grafana - Istio Service Dashboard](./grafana_istio_service_dashboard.png
577 |       "Grafana - Istio Service Dashboard")
578 | 
579 |     * Istio Workload Dashboard
580 | 
581 |       ![Grafana - Istio Workload Dashboard](./grafana_istio_workload_dashboard.png
582 |       "Grafana - Istio Workload Dashboard")
583 | 
584 |     * Istio Galley Dashboard
585 | 
586 |       ![Grafana - Galley Dashboard](./grafana_istio_galley_dashboard.png
587 |       "Grafana - Galley Dashboard")
588 | 
589 |     * Istio Mixer Dashboard
590 | 
591 |       ![Grafana - Mixer Dashboard](./grafana_istio_mixer_dashboard.png
592 |       "Grafana - Mixer Dashboard")
593 | 
594 |     * Istio Pilot Dashboard
595 | 
596 |       ![Grafana - Pilot Dashboard](./grafana_istio_pilot_dashboard.png
597 |       "Grafana - Pilot Dashboard")
598 | 
599 | ![Istio](../.vuepress/public/istio.svg "Istio")
600 | 


--------------------------------------------------------------------------------
/docs/part-04/bookinfo_v1_raiting.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/bookinfo_v1_raiting.png


--------------------------------------------------------------------------------
/docs/part-04/bookinfo_v1_v3_v2.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/bookinfo_v1_v3_v2.gif


--------------------------------------------------------------------------------
/docs/part-04/bookinfo_v2_raiting.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/bookinfo_v2_raiting.png


--------------------------------------------------------------------------------
/docs/part-04/bookinfo_v3_raiting.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/bookinfo_v3_raiting.png


--------------------------------------------------------------------------------
/docs/part-04/crt_sh.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/crt_sh.png


--------------------------------------------------------------------------------
/docs/part-04/grafana_istio_galley_dashboard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/grafana_istio_galley_dashboard.png


--------------------------------------------------------------------------------
/docs/part-04/grafana_istio_mixer_dashboard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/grafana_istio_mixer_dashboard.png


--------------------------------------------------------------------------------
/docs/part-04/grafana_istio_performance_dashboard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/grafana_istio_performance_dashboard.png


--------------------------------------------------------------------------------
/docs/part-04/grafana_istio_pilot_dashboard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/grafana_istio_pilot_dashboard.png


--------------------------------------------------------------------------------
/docs/part-04/grafana_istio_service_dashboard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/grafana_istio_service_dashboard.png


--------------------------------------------------------------------------------
/docs/part-04/grafana_istio_workload_dashboard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/grafana_istio_workload_dashboard.png


--------------------------------------------------------------------------------
/docs/part-04/istio_kiali_graph.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/istio_kiali_graph.gif


--------------------------------------------------------------------------------
/docs/part-04/jaeger.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/jaeger.png


--------------------------------------------------------------------------------
/docs/part-04/kiali.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/kiali.png


--------------------------------------------------------------------------------
/docs/part-04/kiali_ssl_certificate.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/kiali_ssl_certificate.png


--------------------------------------------------------------------------------
/docs/part-04/prometheus_istio_requests_total1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/prometheus_istio_requests_total1.png


--------------------------------------------------------------------------------
/docs/part-04/prometheus_istio_requests_total2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/prometheus_istio_requests_total2.png


--------------------------------------------------------------------------------
/docs/part-04/prometheus_istio_requests_total3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/prometheus_istio_requests_total3.png


--------------------------------------------------------------------------------
/docs/part-04/prometheus_istio_requests_total4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/prometheus_istio_requests_total4.png


--------------------------------------------------------------------------------
/docs/part-04/servicegraph_dotviz.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/servicegraph_dotviz.png


--------------------------------------------------------------------------------
/docs/part-04/servicegraph_istio_service_graph.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-04/servicegraph_istio_service_graph.png


--------------------------------------------------------------------------------
/docs/part-05/README.md:
--------------------------------------------------------------------------------
  1 | # Istio - Configuring Request Routing
  2 | 
  3 | [https://istio.io/docs/tasks/traffic-management/request-routing/](https://istio.io/docs/tasks/traffic-management/request-routing/)
  4 | 
  5 | This part shows you how to route requests dynamically to multiple versions
  6 | of a microservice.
  7 | 
  8 | ## Apply a virtual service
  9 | 
 10 | Apply and display the virtual services which will route all traffic to `v1` of each
 11 | microservice:
 12 | 
 13 | ```bash
 14 | kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml
 15 | kubectl get virtualservices -o yaml
 16 | ```
 17 | 
 18 | Output:
 19 | 
 20 | ```yaml
 21 | apiVersion: networking.istio.io/v1alpha3
 22 | kind: VirtualService
 23 | metadata:
 24 |   name: details
 25 |   ...
 26 | spec:
 27 |   hosts:
 28 |   - details
 29 |   http:
 30 |   - route:
 31 |     - destination:
 32 |         host: details
 33 |         subset: v1
 34 | ---
 35 | apiVersion: networking.istio.io/v1alpha3
 36 | kind: VirtualService
 37 | metadata:
 38 |   name: productpage
 39 |   ...
 40 | spec:
 41 |   gateways:
 42 |   - bookinfo-gateway
 43 |   - mesh
 44 |   hosts:
 45 |   - productpage
 46 |   http:
 47 |   - route:
 48 |     - destination:
 49 |         host: productpage
 50 |         subset: v1
 51 | ---
 52 | apiVersion: networking.istio.io/v1alpha3
 53 | kind: VirtualService
 54 | metadata:
 55 |   name: ratings
 56 |   ...
 57 | spec:
 58 |   hosts:
 59 |   - ratings
 60 |   http:
 61 |   - route:
 62 |     - destination:
 63 |         host: ratings
 64 |         subset: v1
 65 | ---
 66 | apiVersion: networking.istio.io/v1alpha3
 67 | kind: VirtualService
 68 | metadata:
 69 |   name: reviews
 70 |   ...
 71 | spec:
 72 |   hosts:
 73 |   - reviews
 74 |   http:
 75 |   - route:
 76 |     - destination:
 77 |         host: reviews
 78 |         subset: v1
 79 | ```
 80 | 
 81 | Open the Bookinfo site in your browser [http://mylabs.dev/productpage](http://mylabs.dev/productpage)
 82 | and notice that the reviews part of the page displays with **no rating stars**,
 83 | no matter how many times you refresh.
 84 | 
 85 | ![Bookinfo v1](./bookinfo_v1.jpg "Bookinfo v1")
 86 | 
 87 | ## Route based on user identity
 88 | 
 89 | [https://istio.io/docs/tasks/traffic-management/request-routing/#route-based-on-user-identity](https://istio.io/docs/tasks/traffic-management/request-routing/#route-based-on-user-identity)
 90 | 
 91 | All traffic from a user named `jason` will be routed to the service `reviews:v2`
 92 | by forwarding HTTP requests with custom end user header to the appropriate
 93 | reviews service.
 94 | 
 95 | Enable user-based routing:
 96 | 
 97 | ```bash
 98 | kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
 99 | kubectl get virtualservice reviews -o yaml
100 | ```
101 | 
102 | Output:
103 | 
104 | ```yaml
105 | apiVersion: networking.istio.io/v1alpha3
106 | kind: VirtualService
107 | metadata:
108 |   name: reviews
109 |   ...
110 | spec:
111 |   hosts:
112 |   - reviews
113 |   http:
114 |   - match:
115 |     - headers:
116 |         end-user:
117 |           exact: jason
118 |     route:
119 |     - destination:
120 |         host: reviews
121 |         subset: v2
122 |   - route:
123 |     - destination:
124 |         host: reviews
125 |         subset: v1
126 | ```
127 | 
128 | On the `/productpage` of the Bookinfo app, log in as user `jason` and refresh
129 | the browser. The **black star ratings** appear next to each review.
130 | 
131 | ![Bookinfo v2](./bookinfo_v2.jpg "Bookinfo v2")
132 | 
133 | Log in as another user (pick any name you wish) and refresh the browser. Now
134 | the **stars are gone**. This is because traffic is routed to `reviews:v1`
135 | for all users except `jason` user.
136 | 
137 | You can do the same with `user-agent header` or `URI` for example:
138 | 
139 | ```yaml
140 |   ...
141 |   http:
142 |     - match:
143 |       - headers:
144 |         user-agent:
145 |           regex: '.*Firefox.*'
146 |   ...
147 |   http:
148 |     - match:
149 |       - uri:
150 |         prefix: /api/v1
151 |   ...
152 | ```
153 | 
154 | ![Istio](../.vuepress/public/istio.svg "Istio")
155 | 


--------------------------------------------------------------------------------
/docs/part-05/bookinfo_v1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-05/bookinfo_v1.jpg


--------------------------------------------------------------------------------
/docs/part-05/bookinfo_v2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-05/bookinfo_v2.jpg


--------------------------------------------------------------------------------
/docs/part-06/README.md:
--------------------------------------------------------------------------------
  1 | # Istio - Injecting an HTTP delay fault
  2 | 
  3 | [https://istio.io/docs/tasks/traffic-management/fault-injection/#injecting-an-http-delay-fault](https://istio.io/docs/tasks/traffic-management/fault-injection/#injecting-an-http-delay-fault)
  4 | 
  5 | Inject a 7 seconds delay between the `reviews:v2` and ratings microservices for
  6 | user `jason`:
  7 | 
  8 | ```bash
  9 | kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml
 10 | kubectl get virtualservice ratings -o yaml
 11 | ```
 12 | 
 13 | Output:
 14 | 
 15 | ```yaml
 16 | apiVersion: networking.istio.io/v1alpha3
 17 | kind: VirtualService
 18 | metadata:
 19 |   name: ratings
 20 |   ...
 21 | spec:
 22 |   hosts:
 23 |   - ratings
 24 |   http:
 25 |   - fault:
 26 |       delay:
 27 |         fixedDelay: 7s
 28 |         percent: 100
 29 |     match:
 30 |     - headers:
 31 |         end-user:
 32 |           exact: jason
 33 |     route:
 34 |     - destination:
 35 |         host: ratings
 36 |         subset: v1
 37 |   - route:
 38 |     - destination:
 39 |         host: ratings
 40 |         subset: v1
 41 | ```
 42 | 
 43 | On the `/productpage`, log in as user `jason` and you should see:
 44 | 
 45 | ```text
 46 | Error fetching product reviews!
 47 | Sorry, product reviews are currently unavailable for this book.
 48 | ```
 49 | 
 50 | ![Bookinfo Injecting an HTTP delay fault](./bookinfo_injecting_http_delay_fault.gif
 51 | "Bookinfo Injecting an HTTP delay fault")
 52 | 
 53 | Open the Developer Tools menu (F12) -> Network tab - web page actually loads
 54 | in about 6 seconds.
 55 | 
 56 | ![Bookinfo Injecting an HTTP delay fault - Developer Tools](./bookinfo_injecting_http_delay_fault_developer_tools.png
 57 | "Bookinfo Injecting an HTTP delay fault - Developer Tools")
 58 | 
 59 | The following example introduces a **5 second delay** in **10%** of the requests
 60 | to the `ratings:v1` microservice:
 61 | 
 62 | ```yaml
 63 | apiVersion: networking.istio.io/v1alpha3
 64 | kind: VirtualService
 65 | metadata:
 66 |   name: ratings
 67 | spec:
 68 |   hosts:
 69 |   - ratings
 70 |   http:
 71 |   - fault:
 72 |       delay:
 73 |         percent: 10
 74 |         fixedDelay: 5s
 75 |     route:
 76 |     - destination:
 77 |         host: ratings
 78 |         subset: v1
 79 | ```
 80 | 
 81 | ## Injecting an HTTP abort fault
 82 | 
 83 | [https://istio.io/docs/tasks/traffic-management/fault-injection/#injecting-an-http-abort-fault](https://istio.io/docs/tasks/traffic-management/fault-injection/#injecting-an-http-abort-fault)
 84 | 
 85 | Let's introduce an HTTP abort to the ratings microservices for the test user `jason`.
 86 | 
 87 | Create a fault injection rule to send an HTTP abort for user `jason`:
 88 | 
 89 | ```bash
 90 | kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-abort.yaml
 91 | kubectl get virtualservice ratings -o yaml
 92 | ```
 93 | 
 94 | Output:
 95 | 
 96 | ```yaml
 97 | apiVersion: networking.istio.io/v1alpha3
 98 | kind: VirtualService
 99 | metadata:
100 |   name: ratings
101 |   ...
102 | spec:
103 |   hosts:
104 |   - ratings
105 |   http:
106 |   - fault:
107 |       abort:
108 |         httpStatus: 500
109 |         percent: 100
110 |     match:
111 |     - headers:
112 |         end-user:
113 |           exact: jason
114 |     route:
115 |     - destination:
116 |         host: ratings
117 |         subset: v1
118 |   - route:
119 |     - destination:
120 |         host: ratings
121 |         subset: v1
122 | ```
123 | 
124 | On the `/productpage`, log in as user `jason` - the page loads immediately
125 | and the product ratings not available message appears:
126 | `Ratings service is currently unavailable`
127 | 
128 | ![Bookinfo Injecting an HTTP abort fault](./bookinfo_injecting_http_abort_fault.gif
129 | "Bookinfo Injecting an HTTP abort fault")
130 | 
131 | Check the flows in Kiali graph, where you should see the **red** communication
132 | between `reviews:v2` and `ratings`.
133 | 
134 | ![Injecting an HTTP abort fault Kiali Graph](./istio_kiali_injecting_an_http_abort_fault.gif
135 | "Injecting an HTTP abort fault Kiali Graph")
136 | 
137 | The following example returns an **HTTP 400** error code for **10%** of the
138 | requests to the `ratings:v1` service:
139 | 
140 | ```yaml
141 | apiVersion: networking.istio.io/v1alpha3
142 | kind: VirtualService
143 | metadata:
144 |   name: ratings
145 | spec:
146 |   hosts:
147 |   - ratings
148 |   http:
149 |   - fault:
150 |       abort:
151 |         percent: 10
152 |         httpStatus: 400
153 |     route:
154 |     - destination:
155 |         host: ratings
156 |         subset: v1
157 | ```
158 | 
159 | ![Istio](../.vuepress/public/istio.svg "Istio")
160 | 


--------------------------------------------------------------------------------
/docs/part-06/bookinfo_injecting_http_abort_fault.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-06/bookinfo_injecting_http_abort_fault.gif


--------------------------------------------------------------------------------
/docs/part-06/bookinfo_injecting_http_delay_fault.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-06/bookinfo_injecting_http_delay_fault.gif


--------------------------------------------------------------------------------
/docs/part-06/bookinfo_injecting_http_delay_fault_developer_tools.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-06/bookinfo_injecting_http_delay_fault_developer_tools.png


--------------------------------------------------------------------------------
/docs/part-06/istio_kiali_injecting_an_http_abort_fault.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-06/istio_kiali_injecting_an_http_abort_fault.gif


--------------------------------------------------------------------------------
/docs/part-07/README.md:
--------------------------------------------------------------------------------
 1 | # Istio - Weight-based routing
 2 | 
 3 | [https://istio.io/docs/tasks/traffic-management/traffic-shifting/#apply-weight-based-routing](https://istio.io/docs/tasks/traffic-management/traffic-shifting/#apply-weight-based-routing)
 4 | 
 5 | In **Canary Deployments**, newer versions of services are incrementally rolled
 6 | out to users to minimize the risk and impact of any bugs introduced by the newer
 7 | version.
 8 | 
 9 | ![Traffic Management with Istio](https://raw.githubusercontent.com/istio/istio.io/7bf371365e4a16a9a13c0e79355fe1eac7f8f99f/content/docs/concepts/traffic-management/ServiceModel_Versions.svg?sanitize=true
10 | "Traffic Management with Istio")
11 | 
12 | Route a percentage of traffic to one service or another - send **%50**
13 | of traffic to `reviews:v1` and **%50** to `reviews:v3` and finally complete
14 | the migration by sending **%100** of traffic to `reviews:v3`.
15 | 
16 | Route all traffic to the `reviews:v1` version of each microservice:
17 | 
18 | ```bash
19 | kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml
20 | ```
21 | 
22 | Transfer **50%** of the traffic from `reviews:v1` to `reviews:v3`:
23 | 
24 | ```bash
25 | kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml
26 | kubectl get virtualservice reviews -o yaml
27 | ```
28 | 
29 | Output:
30 | 
31 | ```yaml
32 | apiVersion: networking.istio.io/v1alpha3
33 | kind: VirtualService
34 | metadata:
35 |   name: reviews
36 |   ...
37 | spec:
38 |   hosts:
39 |   - reviews
40 |   http:
41 |   - route:
42 |     - destination:
43 |         host: reviews
44 |         subset: v1
45 |       weight: 50
46 |     - destination:
47 |         host: reviews
48 |         subset: v3
49 |       weight: 50
50 | ```
51 | 
52 | Refresh the `/productpage` in your browser and you now see
53 | **red colored star** ratings approximately **50%** of the time.
54 | 
55 | Check the flows in Kiali graph, where only `reviews:{v1,v2}` are used:
56 | 
57 | ![Weight-based routing Kiali Graph](./istio_kiali_weight-based_routing.gif
58 | "Weight-based routing Kiali Graph")
59 | 
60 | Assuming you decide that the `reviews:v3` microservice is stable, you can
61 | route **100%** of the traffic to `reviews:v3` by applying this virtual service.
62 | 
63 | ```bash
64 | kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-v3.yaml
65 | kubectl get virtualservice reviews -o yaml
66 | ```
67 | 
68 | Output:
69 | 
70 | ```shell
71 | apiVersion: networking.istio.io/v1alpha3
72 | kind: VirtualService
73 | ...
74 | spec:
75 |   hosts:
76 |   - reviews
77 |   http:
78 |   - route:
79 |     - destination:
80 |         host: reviews
81 |         subset: v3
82 | ```
83 | 
84 | When you refresh the `/productpage` you will always see book reviews
85 | with **red colored star** ratings for **each** review.
86 | 
87 | ![Bookinfo v3](./bookinfo_v3.jpg "Bookinfo v3")
88 | 
89 | Kiali graph:
90 | 
91 | ![Kiali - Bookinfo v3](./istio_kiali_weight-based_routing-bookinfo_v3.gif
92 | "Kiali - Bookinfo v3")
93 | 
94 | ![Istio](../.vuepress/public/istio.svg "Istio")
95 | 


--------------------------------------------------------------------------------
/docs/part-07/bookinfo_v3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-07/bookinfo_v3.jpg


--------------------------------------------------------------------------------
/docs/part-07/istio_kiali_weight-based_routing-bookinfo_v3.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-07/istio_kiali_weight-based_routing-bookinfo_v3.gif


--------------------------------------------------------------------------------
/docs/part-07/istio_kiali_weight-based_routing.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruzickap/k8s-istio-webinar/1f5dd74ac457248216a53a592cc6b772683731f1/docs/part-07/istio_kiali_weight-based_routing.gif


--------------------------------------------------------------------------------
/docs/part-08/README.md:
--------------------------------------------------------------------------------
 1 | # Istio - Cleanup
 2 | 
 3 | ![Cleanup](https://raw.githubusercontent.com/aws-samples/eks-workshop/65b766c494a5b4f5420b2912d8373c4957163541/static/images/cleanup.svg?sanitize=true
 4 | "Cleanup")
 5 | 
 6 | -----
 7 | 
 8 | Remove the Bookinfo application and clean it up (delete the routing rules
 9 | and terminate the application pods):
10 | 
11 | ```bash
12 | # Clean everything - remove Bookinfo application and all Istio VirtualServices, Gateways, DestinationRules
13 | sed -i "/read -r NAMESPACE/d" samples/bookinfo/platform/kube/cleanup.sh
14 | samples/bookinfo/platform/kube/cleanup.sh
15 | ```
16 | 
17 | Output:
18 | 
19 | ```shell
20 | namespace ? [default] using NAMESPACE=default
21 | destinationrule.networking.istio.io "details" deleted
22 | destinationrule.networking.istio.io "productpage" deleted
23 | destinationrule.networking.istio.io "ratings" deleted
24 | destinationrule.networking.istio.io "reviews" deleted
25 | virtualservice.networking.istio.io "bookinfo" deleted
26 | virtualservice.networking.istio.io "details" deleted
27 | virtualservice.networking.istio.io "productpage" deleted
28 | virtualservice.networking.istio.io "ratings" deleted
29 | virtualservice.networking.istio.io "reviews" deleted
30 | gateway.networking.istio.io "bookinfo-gateway" deleted
31 | Application cleanup may take up to one minute
32 | service "details" deleted
33 | deployment.extensions "details-v1" deleted
34 | service "ratings" deleted
35 | deployment.extensions "ratings-v1" deleted
36 | service "reviews" deleted
37 | deployment.extensions "reviews-v1" deleted
38 | deployment.extensions "reviews-v2" deleted
39 | deployment.extensions "reviews-v3" deleted
40 | service "productpage" deleted
41 | deployment.extensions "productpage-v1" deleted
42 | Application cleanup successful
43 | ```
44 | 
45 | To remove Istio:
46 | 
47 | ```bash
48 | helm delete --purge istio
49 | helm delete --purge istio-init
50 | kubectl delete -f install/kubernetes/helm/istio-init/files
51 | kubectl label namespace default istio-injection-
52 | kubectl delete namespace istio-system
53 | ```
54 | 
55 | Output:
56 | 
57 | ```shell
58 | release "istio" deleted
59 | release "istio-init" deleted
60 | customresourcedefinition.apiextensions.k8s.io "virtualservices.networking.istio.io" deleted
61 | ...
62 | customresourcedefinition.apiextensions.k8s.io "challenges.certmanager.k8s.io" deleted
63 | namespace/default labeled
64 | namespace "istio-system" deleted
65 | ```
66 | 
67 | Clean AWS:
68 | 
69 | ```bash
70 | # aws route53 delete-hosted-zone --id $(aws route53 list-hosted-zones --query "HostedZones[?Name==\`${MY_DOMAIN}.\`].Id" --output text)
71 | aws iam detach-user-policy --user-name "${USER}-eks-cert-manager-route53" --policy-arn $(aws iam list-policies --query "Policies[?PolicyName==\`${USER}-AmazonRoute53Domains-cert-manager\`].{ARN:Arn}" --output text)
72 | aws iam delete-policy --policy-arn $(aws iam list-policies --query "Policies[?PolicyName==\`${USER}-AmazonRoute53Domains-cert-manager\`].{ARN:Arn}" --output text)
73 | aws iam delete-access-key --user-name ${USER}-eks-cert-manager-route53 --access-key-id $(aws iam list-access-keys --user-name ${USER}-eks-cert-manager-route53 --query "AccessKeyMetadata[].AccessKeyId" --output text)
74 | aws iam delete-user --user-name ${USER}-eks-cert-manager-route53
75 | ```
76 | 
77 | Remove EKS cluster:
78 | 
79 | ```bash
80 | eksctl delete cluster --name=${USER}-k8s-istio-webinar --wait
81 | ```
82 | 
83 | Output:
84 | 
85 | ```shell
86 | [ℹ]  using region eu-central-1
87 | [ℹ]  deleting EKS cluster "pruzicka-k8s-istio-webinar"
88 | [ℹ]  will delete stack "eksctl-pruzicka-k8s-istio-webinar-nodegroup-ng-5be027b5"
89 | [ℹ]  waiting for stack "eksctl-pruzicka-k8s-istio-webinar-nodegroup-ng-5be027b5" to get deleted
90 | [ℹ]  will delete stack "eksctl-pruzicka-k8s-istio-webinar-cluster"
91 | [ℹ]  waiting for stack "eksctl-pruzicka-k8s-istio-webinar-cluster" to get deleted
92 | [✔]  kubeconfig has been updated
93 | [✔]  the following EKS cluster resource(s) for "pruzicka-k8s-istio-webinar" will be deleted: cluster. If in doubt, check CloudFormation console
94 | ```
95 | 
96 | ![Istio](../.vuepress/public/istio.svg "Istio")
97 | 


--------------------------------------------------------------------------------
/files/aws_route53-dns_change.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "Comment": "A new record set for the zone.",
 3 |   "Changes": [
 4 |     {
 5 |       "Action": "UPSERT",
 6 |       "ResourceRecordSet": {
 7 |         "Name": "*.${MY_DOMAIN}.",
 8 |         "Type": "A",
 9 |         "AliasTarget": {
10 |           "HostedZoneId": "${CANONICAL_HOSTED_ZONE_NAME_ID}",
11 |           "DNSName": "dualstack.${LOADBALANCER_HOSTNAME}",
12 |           "EvaluateTargetHealth": false
13 |         }
14 |       }
15 |     },
16 |     {
17 |       "Action": "UPSERT",
18 |       "ResourceRecordSet": {
19 |         "Name": "${MY_DOMAIN}.",
20 |         "Type": "A",
21 |         "AliasTarget": {
22 |           "HostedZoneId": "${CANONICAL_HOSTED_ZONE_NAME_ID}",
23 |           "DNSName": "dualstack.${LOADBALANCER_HOSTNAME}",
24 |           "EvaluateTargetHealth": false
25 |         }
26 |       }
27 |     }
28 |   ]
29 | }
30 | 


--------------------------------------------------------------------------------
/files/cert-manager-letsencrypt-aws-route53-clusterissuer-certificate.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: aws-route53-secret-access-key-secret
 5 |   namespace: istio-system
 6 | data:
 7 |   secret-access-key: $EKS_CERT_MANAGER_ROUTE53_AWS_SECRET_ACCESS_KEY_BASE64
 8 | ---
 9 | apiVersion: certmanager.k8s.io/v1alpha1
10 | kind: ClusterIssuer
11 | metadata:
12 |   name: letsencrypt-staging-dns
13 |   namespace: istio-system
14 | spec:
15 |   acme:
16 |     # The ACME server URL
17 |     server: https://acme-staging-v02.api.letsencrypt.org/directory
18 |     # Email address used for ACME registration
19 |     email: petr.ruzicka@gmail.com
20 |     # Name of a secret used to store the ACME account private key
21 |     privateKeySecretRef:
22 |       name: letsencrypt-staging-dns
23 |     dns01:
24 |       # Here we define a list of DNS-01 providers that can solve DNS challenges
25 |       providers:
26 |         - name: aws-route53
27 |           route53:
28 |             accessKeyID: ${EKS_CERT_MANAGER_ROUTE53_AWS_ACCESS_KEY_ID}
29 |             region: eu-central-1
30 |             secretAccessKeySecretRef:
31 |               name: aws-route53-secret-access-key-secret
32 |               key: secret-access-key
33 | ---
34 | apiVersion: certmanager.k8s.io/v1alpha1
35 | kind: ClusterIssuer
36 | metadata:
37 |   name: letsencrypt-production-dns
38 |   namespace: istio-system
39 | spec:
40 |   acme:
41 |     # The ACME server URL
42 |     server: https://acme-v02.api.letsencrypt.org/directory
43 |     # Email address used for ACME registration
44 |     email: petr.ruzicka@gmail.com
45 |     # Name of a secret used to store the ACME account private key
46 |     privateKeySecretRef:
47 |       name: letsencrypt-production-dns
48 |     dns01:
49 |       # Here we define a list of DNS-01 providers that can solve DNS challenges
50 |       providers:
51 |         - name: aws-route53
52 |           route53:
53 |             accessKeyID: ${EKS_CERT_MANAGER_ROUTE53_AWS_ACCESS_KEY_ID}
54 |             region: eu-central-1
55 |             secretAccessKeySecretRef:
56 |               name: aws-route53-secret-access-key-secret
57 |               key: secret-access-key
58 | ---
59 | apiVersion: certmanager.k8s.io/v1alpha1
60 | kind: Certificate
61 | metadata:
62 |   name: ingress-cert-${LETSENCRYPT_ENVIRONMENT}
63 |   namespace: istio-system
64 | spec:
65 |   secretName: ingress-cert-${LETSENCRYPT_ENVIRONMENT}
66 |   issuerRef:
67 |     kind: ClusterIssuer
68 |     name: letsencrypt-${LETSENCRYPT_ENVIRONMENT}-dns
69 |   commonName: "*.${MY_DOMAIN}"
70 |   dnsNames:
71 |     - "*.${MY_DOMAIN}"
72 |     - ${MY_DOMAIN}
73 |   acme:
74 |     config:
75 |       - dns01:
76 |           provider: aws-route53
77 |         domains:
78 |           - "*.${MY_DOMAIN}"
79 |           - ${MY_DOMAIN}
80 | 


--------------------------------------------------------------------------------
/files/export_services_gateway.yaml:
--------------------------------------------------------------------------------
  1 | ---
  2 | ##################
  3 | # Grafana
  4 | ##################
  5 | ---
  6 | apiVersion: networking.istio.io/v1alpha3
  7 | kind: DestinationRule
  8 | metadata:
  9 |   name: grafana-destination-rule
 10 |   namespace: istio-system
 11 | spec:
 12 |   host: grafana.istio-system.svc.cluster.local
 13 |   trafficPolicy:
 14 |     tls:
 15 |       mode: DISABLE
 16 | ---
 17 | apiVersion: networking.istio.io/v1alpha3
 18 | kind: VirtualService
 19 | metadata:
 20 |   name: grafana-virtual-service
 21 |   namespace: istio-system
 22 | spec:
 23 |   hosts:
 24 |     - grafana.${MY_DOMAIN}
 25 |   gateways:
 26 |     - istio-autogenerated-k8s-ingress
 27 |   http:
 28 |     - route:
 29 |         - destination:
 30 |             host: grafana.istio-system.svc.cluster.local
 31 |             port:
 32 |               number: 3000
 33 | ---
 34 | apiVersion: networking.istio.io/v1alpha3
 35 | kind: Gateway
 36 | metadata:
 37 |   name: grafana-gateway
 38 |   namespace: istio-system
 39 | spec:
 40 |   selector:
 41 |     istio: ingressgateway
 42 |   servers:
 43 |     - port:
 44 |         number: 15031
 45 |         name: http2-grafana
 46 |         protocol: HTTP2
 47 |       hosts:
 48 |         - "*"
 49 | ---
 50 | apiVersion: networking.istio.io/v1alpha3
 51 | kind: VirtualService
 52 | metadata:
 53 |   name: grafana-vs
 54 |   namespace: istio-system
 55 | spec:
 56 |   hosts:
 57 |     - "*"
 58 |   gateways:
 59 |     - grafana-gateway
 60 |   http:
 61 |     - match:
 62 |         - port: 15031
 63 |       route:
 64 |         - destination:
 65 |             host: grafana.istio-system.svc.cluster.local
 66 |             port:
 67 |               number: 3000
 68 | 
 69 | ---
 70 | ##################
 71 | # Jaeger
 72 | ##################
 73 | ---
 74 | apiVersion: networking.istio.io/v1alpha3
 75 | kind: DestinationRule
 76 | metadata:
 77 |   name: jaeger-destination-rule
 78 |   namespace: istio-system
 79 | spec:
 80 |   host: tracing.istio-system.svc.cluster.local
 81 |   trafficPolicy:
 82 |     tls:
 83 |       mode: DISABLE
 84 | ---
 85 | apiVersion: networking.istio.io/v1alpha3
 86 | kind: VirtualService
 87 | metadata:
 88 |   name: jaeger-virtual-service
 89 |   namespace: istio-system
 90 | spec:
 91 |   hosts:
 92 |     - jaeger.${MY_DOMAIN}
 93 |   gateways:
 94 |     - istio-autogenerated-k8s-ingress
 95 |   http:
 96 |     - route:
 97 |         - destination:
 98 |             host: tracing.istio-system.svc.cluster.local
 99 |             port:
100 |               number: 80
101 | ---
102 | apiVersion: networking.istio.io/v1alpha3
103 | kind: Gateway
104 | metadata:
105 |   name: tracing-gateway
106 |   namespace: istio-system
107 | spec:
108 |   selector:
109 |     istio: ingressgateway
110 |   servers:
111 |     - port:
112 |         number: 15032
113 |         name: http2-tracing
114 |         protocol: HTTP2
115 |       hosts:
116 |         - "*"
117 | ---
118 | apiVersion: networking.istio.io/v1alpha3
119 | kind: VirtualService
120 | metadata:
121 |   name: tracing-vs
122 |   namespace: istio-system
123 | spec:
124 |   hosts:
125 |     - "*"
126 |   gateways:
127 |     - tracing-gateway
128 |   http:
129 |     - match:
130 |         - port: 15032
131 |       route:
132 |         - destination:
133 |             host: tracing.istio-system.svc.cluster.local
134 |             port:
135 |               number: 80
136 | 
137 | ---
138 | ##################
139 | # Kiali
140 | ##################
141 | ---
142 | apiVersion: networking.istio.io/v1alpha3
143 | kind: DestinationRule
144 | metadata:
145 |   name: kiali-destination-rule
146 |   namespace: istio-system
147 | spec:
148 |   host: kiali.istio-system.svc.cluster.local
149 |   trafficPolicy:
150 |     tls:
151 |       mode: DISABLE
152 | ---
153 | apiVersion: networking.istio.io/v1alpha3
154 | kind: VirtualService
155 | metadata:
156 |   name: kiali-virtual-service
157 |   namespace: istio-system
158 | spec:
159 |   hosts:
160 |     - kiali.${MY_DOMAIN}
161 |   gateways:
162 |     - istio-autogenerated-k8s-ingress
163 |   http:
164 |     - route:
165 |         - destination:
166 |             host: kiali.istio-system.svc.cluster.local
167 |             port:
168 |               number: 20001
169 | ---
170 | apiVersion: networking.istio.io/v1alpha3
171 | kind: Gateway
172 | metadata:
173 |   name: kiali-gateway
174 |   namespace: istio-system
175 | spec:
176 |   selector:
177 |     istio: ingressgateway
178 |   servers:
179 |     - port:
180 |         number: 15029
181 |         name: http2-kiali
182 |         protocol: HTTP2
183 |       hosts:
184 |         - "*"
185 | ---
186 | apiVersion: networking.istio.io/v1alpha3
187 | kind: VirtualService
188 | metadata:
189 |   name: kiali-vs
190 |   namespace: istio-system
191 | spec:
192 |   hosts:
193 |     - "*"
194 |   gateways:
195 |     - kiali-gateway
196 |   http:
197 |     - match:
198 |         - port: 15029
199 |       route:
200 |         - destination:
201 |             host: kiali.istio-system.svc.cluster.local
202 |             port:
203 |               number: 20001
204 | 
205 | ---
206 | ##################
207 | # Prometheus
208 | ##################
209 | ---
210 | apiVersion: networking.istio.io/v1alpha3
211 | kind: DestinationRule
212 | metadata:
213 |   name: prometheus-destination-rule
214 |   namespace: istio-system
215 | spec:
216 |   host: prometheus.istio-system.svc.cluster.local
217 |   trafficPolicy:
218 |     tls:
219 |       mode: DISABLE
220 | ---
221 | apiVersion: networking.istio.io/v1alpha3
222 | kind: VirtualService
223 | metadata:
224 |   name: prometheus-virtual-service
225 |   namespace: istio-system
226 | spec:
227 |   hosts:
228 |     - prometheus.${MY_DOMAIN}
229 |   gateways:
230 |     - istio-autogenerated-k8s-ingress
231 |   http:
232 |     - route:
233 |         - destination:
234 |             host: prometheus.istio-system.svc.cluster.local
235 |             port:
236 |               number: 9090
237 | ---
238 | apiVersion: networking.istio.io/v1alpha3
239 | kind: Gateway
240 | metadata:
241 |   name: prometheus-gateway
242 |   namespace: istio-system
243 | spec:
244 |   selector:
245 |     istio: ingressgateway
246 |   servers:
247 |     - port:
248 |         number: 15030
249 |         name: http2-prometheus
250 |         protocol: HTTP2
251 |       hosts:
252 |         - "*"
253 | ---
254 | apiVersion: networking.istio.io/v1alpha3
255 | kind: VirtualService
256 | metadata:
257 |   name: prometheus-vs
258 |   namespace: istio-system
259 | spec:
260 |   hosts:
261 |     - "*"
262 |   gateways:
263 |     - prometheus-gateway
264 |   http:
265 |     - match:
266 |         - port: 15030
267 |       route:
268 |         - destination:
269 |             host: prometheus.istio-system.svc.cluster.local
270 |             port:
271 |               number: 9090
272 | 
273 | ---
274 | ##################
275 | # Servicegraph
276 | ##################
277 | ---
278 | apiVersion: networking.istio.io/v1alpha3
279 | kind: DestinationRule
280 | metadata:
281 |   name: servicegraph-destination-rule
282 |   namespace: istio-system
283 | spec:
284 |   host: servicegraph.istio-system.svc.cluster.local
285 |   trafficPolicy:
286 |     tls:
287 |       mode: DISABLE
288 | ---
289 | apiVersion: networking.istio.io/v1alpha3
290 | kind: VirtualService
291 | metadata:
292 |   name: servicegraph-virtual-service
293 |   namespace: istio-system
294 | spec:
295 |   hosts:
296 |     - servicegraph.${MY_DOMAIN}
297 |   gateways:
298 |     - istio-autogenerated-k8s-ingress
299 |   http:
300 |     - route:
301 |         - destination:
302 |             host: servicegraph.istio-system.svc.cluster.local
303 |             port:
304 |               number: 8088
305 | 


--------------------------------------------------------------------------------
/files/route_53_change_policy.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "Version": "2012-10-17",
 3 |   "Statement": [
 4 |     {
 5 |       "Effect": "Allow",
 6 |       "Action": "route53:GetChange",
 7 |       "Resource": "arn:aws:route53:::change/*"
 8 |     },
 9 |     {
10 |       "Effect": "Allow",
11 |       "Action": "route53:ChangeResourceRecordSets",
12 |       "Resource": "arn:aws:route53:::hostedzone/*"
13 |     },
14 |     {
15 |       "Effect": "Allow",
16 |       "Action": "route53:ListHostedZonesByName",
17 |       "Resource": "*"
18 |     }
19 |   ]
20 | }
21 | 


--------------------------------------------------------------------------------
/lychee.toml:
--------------------------------------------------------------------------------
 1 | # https://lychee.cli.rs/#/usage/config
 2 | 
 3 | #############################  Cache  ###############################
 4 | 
 5 | # Enable link caching. This can be helpful to avoid checking the same links on
 6 | # multiple runs
 7 | cache = true
 8 | 
 9 | # Discard all cached requests older than this duration
10 | max_cache_age = "1d"
11 | 
12 | #############################  Runtime  #############################
13 | 
14 | # Maximum number of concurrent link checks
15 | max_concurrency = 128
16 | 
17 | #############################  Requests  ############################
18 | 
19 | # Comma-separated list of accepted status codes for valid links.
20 | accept = [999]
21 | 
22 | #############################  Exclusions  ##########################
23 | 
24 | # Exclude URLs and mail addresses from checking (supports regex)
25 | exclude = [
26 |   # returns 403 when accessed from GitHub Action
27 |   'stackoverflow\.com',
28 |   'stackexchange\.com',
29 |   # Ignore all URLs with '$' - BASH variable in URL
30 |   '\$',
31 |   # Ignore all URLs with '{ ... }' - BASH / Ansible variable in URL
32 |   '%7B.*%7D',
33 |   # Ignore all URLs which starts with 'file://'
34 |   'file://',
35 | ]
36 | 
37 | # Exclude these filesystem paths from getting checked
38 | exclude_path = [
39 |   "CHANGELOG.md",
40 |   "package-lock.json",
41 | ]
42 | 
43 | # Exclude all private IPs from checking.
44 | # Equivalent to setting `exclude_private`, `exclude_link_local`, and
45 | # `exclude_loopback` to true
46 | exclude_all_private = true
47 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "k8s-sockshop",
 3 |   "version": "0.0.1",
 4 |   "description": "Install services using Flux + Flagger + Istio + inside AKS cluster running in Azure",
 5 |   "author": "Petr Ruzicka <petr.ruzicka@gmail.com>",
 6 |   "license": "Apache-2.0",
 7 |   "homepage": "https://ruzickap.github.io/k8s-sockshop",
 8 |   "keywords": [
 9 |     "demo",
10 |     "flagger",
11 |     "flux",
12 |     "flux",
13 |     "kubernetes",
14 |     "presentation"
15 |   ],
16 |   "main": "index.js",
17 |   "repository": {
18 |     "type": "git",
19 |     "url": "git+https://github.com/ruzickap/k8s-sockshop.git"
20 |   },
21 |   "bugs": {
22 |     "url": "https://github.com/ruzickap/k8s-sockshop/issues"
23 |   },
24 |   "scripts": {
25 |     "dev": "vuepress dev docs",
26 |     "build": "vuepress build docs"
27 |   },
28 |   "dependencies": {
29 |     "@vuepress/plugin-back-to-top": "^1.9.10",
30 |     "@vuepress/plugin-medium-zoom": "^1.9.10",
31 |     "vuepress-plugin-reading-progress": "^1.0.10",
32 |     "vuepress-plugin-seo": "^0.2.0",
33 |     "vuepress-plugin-smooth-scroll": "^0.0.10",
34 |     "vuepress": "^1.9.10"
35 |   }
36 | }
37 | 


--------------------------------------------------------------------------------
/run-k8s-istio-webinar-full.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | set -eu
 4 | 
 5 | ################################################
 6 | # include the magic
 7 | ################################################
 8 | test -f ./demo-magic.sh || curl --silent https://raw.githubusercontent.com/paxtonhare/demo-magic/master/demo-magic.sh > demo-magic.sh
 9 | # shellcheck disable=SC1091
10 | . ./demo-magic.sh -n
11 | 
12 | ################################################
13 | # Configure the options
14 | ################################################
15 | 
16 | #
17 | # speed at which to simulate typing. bigger num = faster
18 | #
19 | export TYPE_SPEED=60
20 | 
21 | # Uncomment to run non-interactively
22 | export PROMPT_TIMEOUT=0
23 | 
24 | # No wait
25 | export NO_WAIT=false
26 | 
27 | #
28 | # custom prompt
29 | #
30 | # see http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/bash-prompt-escape-sequences.html for escape sequences
31 | #
32 | #DEMO_PROMPT="${GREEN}➜ ${CYAN}\W "
33 | export DEMO_PROMPT="${GREEN}➜ ${CYAN}$ "
34 | 
35 | # hide the evidence
36 | clear
37 | 
38 | ### Please run these commands before running the script
39 | 
40 | # mkdir /var/tmp/test && cd /var/tmp/test
41 | # docker run -it --rm -e USER="$USER" -v $HOME/.ssh:/root/.ssh:ro -v $HOME/.aws:/root/.aws -v $PWD:/mnt ubuntu
42 | # echo $(hostname -I) $(hostname) >> /etc/hosts
43 | 
44 | # export LETSENCRYPT_ENVIRONMENT="staging" # production
45 | # export MY_DOMAIN="mylabs.dev"
46 | 
47 | # apt-get update -qq && apt-get install -qq -y curl git pv > /dev/null
48 | # cd /mnt
49 | # git clone https://github.com/ruzickap/k8s-istio-webinar && cd k8s-istio-webinar
50 | # ./run-k8s-istio-webinar-full.sh
51 | 
52 | sed '/^## Configure AWS/,/^Create policy allowing the cert-manager to change Route 53 settings./d' docs/part-{01..08}/README.md |
53 |   sed -n "/^\`\`\`bash.*/,/^\`\`\`$/p;/^-----$/p" |
54 |   sed \
55 |     -e 's/^-----$/\np  ""\np  "################################################################################################### Press <ENTER> to continue"\nwait\n/' \
56 |     -e 's/^```bash.*/\npe '"'"'/' \
57 |     -e 's/^```$/'"'"'/' \
58 |     -e '/^sleep/d' \
59 |     > README.sh
60 | 
61 | # shellcheck disable=SC1091,SC1094
62 | source README.sh
63 | 


--------------------------------------------------------------------------------
/run-k8s-istio-webinar.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | set -eu
 4 | 
 5 | ################################################
 6 | # include the magic
 7 | ################################################
 8 | test -f ./demo-magic.sh || curl --silent https://raw.githubusercontent.com/paxtonhare/demo-magic/master/demo-magic.sh > demo-magic.sh
 9 | # shellcheck disable=SC1091
10 | . ./demo-magic.sh -n
11 | 
12 | ################################################
13 | # Configure the options
14 | ################################################
15 | 
16 | #
17 | # speed at which to simulate typing. bigger num = faster
18 | #
19 | export TYPE_SPEED=60
20 | 
21 | # Uncomment to run non-interactively
22 | export PROMPT_TIMEOUT=0
23 | 
24 | # No wait
25 | export NO_WAIT=false
26 | 
27 | #
28 | # custom prompt
29 | #
30 | # see http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/bash-prompt-escape-sequences.html for escape sequences
31 | #
32 | #DEMO_PROMPT="${GREEN}➜ ${CYAN}\W "
33 | export DEMO_PROMPT="${GREEN}➜ ${CYAN}$ "
34 | 
35 | # hide the evidence
36 | clear
37 | 
38 | ### Please run these commands before running the script
39 | 
40 | # mkdir /var/tmp/test && cd /var/tmp/test
41 | # docker run -it -rm -e USER="$USER" -v $HOME/.ssh:/root/.ssh:ro -v $PWD:/mnt ubuntu
42 | # echo $(hostname -I) $(hostname) >> /etc/hosts
43 | # git clone https://github.com/ruzickap/k8s-istio-webinar && cd k8s-istio-webinar
44 | 
45 | # export LETSENCRYPT_ENVIRONMENT="staging" # production
46 | # export MY_DOMAIN="mylabs.dev"
47 | # export EKS_CERT_MANAGER_ROUTE53_AWS_ACCESS_KEY_ID=$(awk -F\" "/AccessKeyId/ { print \$4 }" $HOME/.aws/${USER}-eks-cert-manager-route53-${MY_DOMAIN})
48 | # export EKS_CERT_MANAGER_ROUTE53_AWS_SECRET_ACCESS_KEY=$(awk -F\" "/SecretAccessKey/ { print \$4 }" $HOME/.aws/${USER}-eks-cert-manager-route53-${MY_DOMAIN})
49 | # eksctl utils write-kubeconfig --kubeconfig kubeconfig.conf --name=${USER}-k8s-istio-webinar
50 | # echo -e "\n${LETSENCRYPT_ENVIRONMENT} | ${MY_DOMAIN} | ${EKS_CERT_MANAGER_ROUTE53_AWS_ACCESS_KEY_ID} | ${EKS_CERT_MANAGER_ROUTE53_AWS_SECRET_ACCESS_KEY} |\n`kubectl --kubeconfig=./kubeconfig.conf cluster-info`"
51 | 
52 | # ./run-k8s-istio-webinar.sh
53 | 
54 | if [ -z "${EKS_CERT_MANAGER_ROUTE53_AWS_ACCESS_KEY_ID+x}" ] || [ -z "${EKS_CERT_MANAGER_ROUTE53_AWS_SECRET_ACCESS_KEY+x}" ]; then
55 |   echo "One of the mandatory variables 'EKS_CERT_MANAGER_ROUTE53_AWS_ACCESS_KEY_ID' or 'EKS_CERT_MANAGER_ROUTE53_AWS_SECRET_ACCESS_KEY' is not set !!"
56 |   exit 1
57 | fi
58 | 
59 | sed '/^## Prepare the local working environment/,/^Check if the new EKS cluster is available:/d' docs/part-{01..08}/README.md |
60 |   sed -n "/^\`\`\`bash.*/,/^\`\`\`$/p;/^-----$/p" |
61 |   sed \
62 |     -e 's/^-----$/\np  ""\np  "################################################################################################### Press <ENTER> to continue"\nwait\n/' \
63 |     -e 's/^```bash.*/\npe '"'"'/' \
64 |     -e 's/^```$/'"'"'/' \
65 |     -e '/^sleep/d' \
66 |     > README.sh
67 | 
68 | # shellcheck disable=SC1091,SC1094
69 | source README.sh
70 | 


--------------------------------------------------------------------------------
/tests/ci_test.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -eux
 2 | 
 3 | kubeadm-dind-cluster_install() {
 4 |   curl -Ls https://github.com/kubernetes-sigs/kubeadm-dind-cluster/releases/download/v0.1.0/dind-cluster-v1.13.sh --output dind-cluster.sh
 5 | 
 6 |   chmod +x dind-cluster.sh
 7 | 
 8 |   # start the cluster
 9 |   NUM_NODES=2 SKIP_DASHBOARD="true" SKIP_SNAPSHOT="true" ./dind-cluster.sh up
10 | 
11 |   # add kubectl directory to PATH
12 |   export PATH="$HOME/.kubeadm-dind-cluster:$PATH"
13 | }
14 | 
15 | sudo swapoff -a
16 | 
17 | # Find out latest kubernetes version
18 | KUBERNETES_VERSION=$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)
19 | export KUBERNETES_VERSION
20 | 
21 | # Download kubectl, which is a requirement for using minikube.
22 | curl -sLo kubectl "https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
23 | chmod +x kubectl
24 | sudo mv kubectl /usr/local/bin/
25 | 
26 | # Start kubernetes
27 | kubeadm-dind-cluster_install
28 | kubectl cluster-info
29 | 
30 | # Variables
31 | export LETSENCRYPT_ENVIRONMENT="staging" # production
32 | export MY_DOMAIN="mylabs.dev"
33 | 
34 | # Commands
35 | sed -n "/^\`\`\`bash$/,/^\`\`\`$/p" docs/part-{02..08}/README.md | sed "/^\`\`\`*/d" > README.sh
36 | # shellcheck disable=SC1091,SC1094
37 | source ./README.sh
38 | 
39 | # Istio + app cleanup
40 | NAMESPACE=default samples/bookinfo/platform/kube/cleanup.sh
41 | helm delete --purge istio
42 | helm delete --purge istio-init
43 | kubectl delete -f install/kubernetes/helm/istio-init/files
44 | kubectl delete namespace istio-system
45 | kubectl label namespace default istio-injection-
46 | 
47 | cd ../..
48 | rm -rf tmp
49 | 


--------------------------------------------------------------------------------