googlecloudplatform / istio-samples Goto Github PK

View Code? Open in Web Editor NEW

331.0 21.0 143.0 22.07 MB

Istio demos and sample applications for GCP

Home Page: https://cloud.google.com/istio

License: Apache License 2.0

Shell 83.87% Dockerfile 4.40% Python 4.11% Go 7.63%

istio-samples's Introduction

⛵️ istio-samples

This repository contains Google Cloud Platform demos and sample code for Istio.

⚠️ Note: These samples are last updated to the Istio 1.5 release, and are no longer under active development. See the Istio documentation for the most up-to-date examples. For Anthos Service Mesh (ASM) samples, see https://github.com/GoogleCloudPlatform/anthos-service-mesh-samples

Canary Deployments with Istio on GKE

Uses the Hipstershop sample app to demonstrate traffic splitting with Istio on GKE, and how to view Istio-generated metrics in Stackdriver.

Introduction to Istio Security

Provides an introduction to Istio service-to-service encryption (mutual TLS), end-user authentication (JSON Web Tokens), and service authorization (role-based access control).

Istio and Stackdriver

A deep-dive on how to use Stackdriver to monitor Istio services' health, analyze traces, and view logs.

Using a GCP Internal Load Balancer with Istio

Demonstrates how to connect GCE (VM-based) workloads to Istio services running in GKE, through a private internal load balancer on GCP.

Geo-Aware Istio Multicluster Ingress

Shows how to attach a global Anycast IP address to multiple Istio IngressGateways running in clusters across regions.

Integrating a Google Compute Engine VM with Istio

Demonstrates how to do Istio Mesh Expansion: the process of incorporating a GCE-based workload into an Istio mesh running in GKE.

Multicluster Istio- Single Control Plane

Introduces Multicluster Istio by uniting GKE workloads in two different clusters into a single Istio mesh.

Multicluster Istio- Dual Control Plane

Shows how to connect two separate GKE clusters, each with their own Istio control planes, into a single Gateway-connected mesh.

Virtual Machine Migration with Multicluster Istio

Demonstrates how to integrate an Istio-enabled VM into a multicluster mesh, then migrate traffic from the VM to GKE.

istio-samples's People

Contributors

Stargazers

Watchers

Forkers

dalavancloud pamir henrypan reachgopal ajayakumar-jayaraj mseravalli snavti guzmanelmalogoogle ychauwang mattiasgees jonsun-zhao sandeepk17 jbrook gsimonp mattnidz jijeesh rbrto blockspacer neoseele tjovicic chrislovett03 alphab18 sysbind y0zg timmehhh7 popsonebz juicycleff ronamosa gonac askmeegs arturrez jkantihub jorgonzalez marcelodevops akhimji houshym g2hybrid farioas jnedum matthis-wilh sreedharbabu anilkumarkoduri ravicm ashutoshudayasingh norseto ramguda mvpzone kadirroi calsaviour muxun ranparam01 umardx rahuldivgan justin-slowik arunkumarjca athreyapatel robotkaleng jwdavis coaic amit-gshe moule3053 nerusnayleinad alexhinds luis0livera swetasingh-tudip niaoshuai jayugi hudomju gyanks ecurydin anilmm2005 naddame isabella232 tmatsuo valery-barysok bcordobaq yeroha navinrio muskanmahajan37 ashwilliams ichandan16 briansu2004 j143 pradeep1278 truecii rakesh283343 dskliarov tomasbasham rk-gcp rajesh2k3 palaniappanrm pypwxh showerlee halvards sergeykanzhelev ekmixon pussinboots91 alainlompo wombolo renraju

istio-samples's Issues

I was going through the "AHYBRID060 Managing Policies and Security with Istio and Citadel" lab from Coursera specialization ("Hybrid Cloud Service Mesh with Anthos" course) and found out that it was broken. The problem is that the lab requires Hipstershop and it is not there in last version.

After some analysis, I've found out that the problem was generated by the commit 3f28696.

Getting the previous version solved my problem.

gsed is not available in cloud shell

Since this is GKE related, suggesting switching to sed since gsed isn't available in cloud shell by default

Dual Plane Readme - Missing underscores in PROJECT var

In https://github.com/GoogleCloudPlatform/istio-samples/blob/master/multicluster-gke/dual-control-plane/README.md the PROJECT variables should be PROJECT_1 & PROJECT_2 according to the code but are listed as PROJECT1 & PROJECT2 in the README

Problem trying to create a docker image

I was following this tutorial: https://cloud.google.com/istio/docs/prepare-app-for-istio, and in the step "Build the image using the Dockerfile and the environment variables that you defined previously:", I'm receiving one error:

Step 8/11 : COPY --from=builder /usr/local/lib/python3.7/ /usr/local/lib/python3.7/ COPY failed: stat /var/lib/docker/overlay2/5efac87e95d4a1da9d4b0e75469006d99900ec5e2fcaf340306e17013a7b99cd/merged/usr/local/lib/python3.7: no such file or directory

Path to the Dockerfile: /istio-samples/sample-apps/helloserver/server/Dockerfile

*This is my first time opening an issue, if there is something wrong or if some information is missing, please inform me and will be glad to provide.

500 error with dual-control-plane demo

I encountered the 500 Error described in the readme, despite being able to access services from either mesh.

kubectl -n cluster1 exec -it currencyservice-668f49f985-vr4b5 -c istio-proxy /bin/sh
$ ping frontend.hipster2.global                   
PING frontend.hipster2.global (127.255.0.5) 56(84) bytes of data.
64 bytes from 127.255.0.5: icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from 127.255.0.5: icmp_seq=2 ttl=64 time=0.048 ms
64 bytes from 127.255.0.5: icmp_seq=3 ttl=64 time=0.061 ms

kubectl -n cluster2 exec -it frontend-85d9fd86f8-j2t7h -c istio-proxy /bin/sh
$ ping currencyservice.hipster1.global
PING currencyservice.hipster1.global (127.255.0.4) 56(84) bytes of data.
64 bytes from 127.255.0.4: icmp_seq=1 ttl=64 time=0.023 ms
64 bytes from 127.255.0.4: icmp_seq=2 ttl=64 time=0.045 ms
64 bytes from 127.255.0.4: icmp_seq=3 ttl=64 time=0.051 ms
64 bytes from 127.255.0.4: icmp_seq=4 ttl=64 time=0.025 ms

There appears to be a networking issue associated with istio-egressgateway?

shiyghan@cs-6000-devshell-vm-ae6c0d48-5ff9-4513-a483-22a4c1fb4615:~$ istioctl proxy-status
NAME                                                   CDS                            LDS        EDS               RDS          PILOT                            VERSION
cartservice-57c6949b9-qxf9k.cluster2                   SYNCED                         SYNCED     SYNCED (50%)      SYNCED       istio-pilot-658f69f5dd-lnxnv     1.1.3
frontend-85d9fd86f8-mh7w4.cluster2                     SYNCED                         SYNCED     SYNCED (50%)      SYNCED       istio-pilot-658f69f5dd-lnxnv     1.1.3
istio-egressgateway-54bdd4f4bf-xdb8q.istio-system      STALE (Never Acknowledged)     SYNCED     SYNCED (100%)     NOT SENT     istio-pilot-658f69f5dd-lnxnv     1.1.3
istio-ingressgateway-589c9b9944-47fwj.istio-system     SYNCED                         SYNCED     SYNCED (100%)     SYNCED       istio-pilot-658f69f5dd-lnxnv     1.1.3
productcatalogservice-7b94dfb45c-2dmgp.cluster2        SYNCED                         SYNCED     SYNCED (50%)      SYNCED       istio-pilot-658f69f5dd-lnxnv     1.1.3
recommendationservice-656b857955-fthjd.cluster2        SYNCED                         SYNCED     SYNCED (50%)      SYNCED       istio-pilot-658f69f5dd-lnxnv     1.1.3

multicluster-gke single-control-plane example not working

Hey there,

I tried to get the multicluster-gke/single-control-plane example to work. Therefore I created two new clusters on gke and followed the commands from the scripts you provide. On the local cluster, where the control plane is located, everything seems to work fine.

> istioctl proxy-status
NAME                                                  CDS        LDS        EDS               RDS        PILOT                            VERSION
adservice-6cd6965787-4dq2l.default                    SYNCED     SYNCED     SYNCED (50%)      SYNCED     istio-pilot-5f4f6f6548-d7fzp     1.1.3
cartservice-6c94f4d84c-stvfb.default                  SYNCED     SYNCED     SYNCED (50%)      SYNCED     istio-pilot-5f4f6f6548-d7fzp     1.1.3
checkoutservice-6848667dd7-ddvx8.default              SYNCED     SYNCED     SYNCED (50%)      SYNCED     istio-pilot-5f4f6f6548-d7fzp     1.1.3
currencyservice-668f49f985-j9swk.default              SYNCED     SYNCED     SYNCED (50%)      SYNCED     istio-pilot-5f4f6f6548-d7fzp     1.1.3
emailservice-796bb9588b-xgz82.default                 SYNCED     SYNCED     SYNCED (50%)      SYNCED     istio-pilot-5f4f6f6548-d7fzp     1.1.3
frontend-74d8b56f7f-kqmdq.default                     SYNCED     SYNCED     SYNCED (50%)      SYNCED     istio-pilot-5f4f6f6548-d7fzp     1.1.3
istio-ingressgateway-d64bcfc89-6m88w.istio-system     SYNCED     SYNCED     SYNCED (100%)     SYNCED     istio-pilot-5f4f6f6548-d7fzp     1.1.3
loadgenerator-5cffbc4bfb-rn2tr.default                SYNCED     SYNCED     SYNCED (50%)      SYNCED     istio-pilot-5f4f6f6548-d7fzp     1.1.3
paymentservice-548657568f-cbkvz.default               SYNCED     SYNCED     SYNCED (50%)      SYNCED     istio-pilot-5f4f6f6548-d7fzp     1.1.3
productcatalogservice-7b94dfb45c-pcsnk.default        SYNCED     SYNCED     SYNCED (50%)      SYNCED     istio-pilot-5f4f6f6548-d7fzp     1.1.3
recommendationservice-85b8c8f599-kvmbx.default        SYNCED     SYNCED     SYNCED (50%)      SYNCED     istio-pilot-5f4f6f6548-d7fzp     1.1.3
shippingservice-5f5d75bf65-8lflg.default              SYNCED     SYNCED     SYNCED (50%)      SYNCED     istio-pilot-5f4f6f6548-d7fzp     1.1.3

On the remote cluster, I am facing failing readiness probes of the services (only the loadgenerator has no problems)

failed checking application ports. listeners="0.0.0.0:15090","10.19.250.43:443","10.19.244.86:31400","10.19.244.86:15032","10.19.248.183:6379","10.19.249.14:14267","10.19.249.203:15011","10.19.252.204:53","10.19.249.14:14268","10.19.243.215:443","10.19.244.86:443","10.19.244.86:15443","0.0.0.0:443","10.19.244.86:15029","10.19.253.21:16686","10.19.244.165:42422","10.19.246.111:80","10.19.244.86:15030","10.19.243.107:443","10.19.240.1:443","10.19.244.86:15020","10.19.244.86:15031","10.19.240.10:53","10.19.254.237:44134","0.0.0.0:9411","0.0.0.0:3550","0.0.0.0:15010","0.0.0.0:15004","0.0.0.0:8060","0.0.0.0:8088","0.0.0.0:7000","0.0.0.0:5000","0.0.0.0:80","0.0.0.0:7070","0.0.0.0:5050","0.0.0.0:9091","0.0.0.0:9555","0.0.0.0:3000","0.0.0.0:8080","0.0.0.0:50051","0.0.0.0:20001","0.0.0.0:9090","0.0.0.0:15014","0.0.0.0:9901","0.0.0.0:15001"
* envoy missing listener for inbound application port: 8080
2019-05-09T16:00:57.020138Z	info	Envoy proxy is NOT ready: 2 errors occurred:

I already tried to restart the pilot as suggested in this Istio Issue.

If I run istioctl proxy-status for services located on the remote I get a "Error: unable to retrieve proxy container name: unable to retrieve Pod: pods "recommendationservice-85b8c8f599-kvmbx" not found". However for local services I dont get any error message.

I am running out of ideas :(

[dualctrl] Use helm template for istio install

Currently the dual ctrl plane install uses helm install - switch to helm template.

https://github.com/GoogleCloudPlatform/istio-samples/blob/master/multicluster-gke/dual-control-plane/scripts/3-istio-install.sh#L21

multicluster-gke examples use basic authentication, which fails as of GKE 1.19

$ export PROJECT_ID=$(gcloud config get-value project)
$ git clone https://github.com/GoogleCloudPlatform/istio-samples.git
$ cd istio-samples/multicluster-gke/single-control-plane
~/istio-samples/multicluster-gke/single-control-plane$ bash scripts/1-cluster-create.sh
Updated property [core/project].
Creating cluster1...
WARNING: Warning: basic authentication is deprecated, and will be removed in GKE control plane versions 1.19 and newer. For a list of recommended authentication methods, see: https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication
WARNING: Starting in January 2021, clusters will use the Regular release channel by default when `--cluster-version`, `--release-channel`, `--no-enable-autoupgrade`, and `--no-enable-autorepair` flags are not specified.
WARNING: Starting with version 1.18, clusters will have shielded GKE nodes by default.
WARNING: The Pod address range limits the maximum size of the cluster. Please refer to https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr to learn how to optimize IP address allocation.
ERROR: (gcloud.container.clusters.create) ResponseError: code=400, message=Basic authentication was removed for GKE cluster versions >= 1.19. The cluster cannot be created with basic authentication enabled. Instructions for choosing an alternative authentication method can be found at: https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication.

Error when applying istio-stackdriver-metrics manifest

Hello,

I'm getting the following when trying to set up the Istio metrics for Stackdriver:

$ kubectl apply -n istio-system -f istio-stackdriver-metrics.yamlunable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "handler" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "rule" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "instance" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "instance" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "instance" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "instance" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "instance" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "instance" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "instance" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "instance" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "instance" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "instance" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "instance" in version "config.istio.io/v1alpha2"
unable to recognize "istio-stackdriver-metrics.yaml": no matches for kind "instance" in version "config.istio.io/v1alpha2"

I understand the mixer CRDs are disabled on newer versions of Istio, but it would be nice to specify this somewhere to understand what needs to be done to resolve the issue.

Thanks !

chore: snippet-bot full scan

snippet-bot scan result

Life is too short to manually check unmatched region tags.
Here is the result:

multicluster-gke/dual-control-plane/cluster1/deployments.yaml:53, tag istio_dual_control_plane_cluster1_deployment_emailservice doesn't have a matching start tag.
multicluster-gke/vm-migration/cluster1/deployments.yaml:53, tag istio_dual_control_plane_cluster1_deployment_emailservice doesn't have a matching start tag.

Report generated by snippet-bot.
If you find problems with this result, please file an issue at:
https://github.com/googleapis/repo-automation-bots/issues.

Istio metrics not available on stackdriver

Hi,

We are installing Istio manually on GKE cluster. We want the istio metrics on Stackdriver hence we are trying to use stackdriver adapter. Followed the steps provided in this page but the istio metrics data is not available on Stackdriver. Any help would be appreciated.