ISTIO: Istio and kind installations and Bookinfo application execution steps

What is istio:

Istio addresses the challenges developers and operators face with a distributed or microservices architecture. Whether you're building from scratch or migrating existing applications to cloud native, Istio can help.

Reference: https://istio.io/latest/about/service-mesh/

==

Install docker:

https://docs.docker.com/desktop/mac/install/

==

Create cluster using kind:

brew install kind

kind version

Demo file: https://github.com/ramanujadasu/istio-kind/blob/LearningMain/demo.yml

kind create cluster --config demo.yml --name cluster2

kind get clusters

Reference: https://kind.sigs.k8s.io/docs/user/quick-start/#installation

==

Checking cluster is installed successfully:

docker ps

==

Download Istio:

curl -L https://istio.io/downloadIstio | sh -

cd istio-1.13.2

export PATH=$PWD/bin:$PATH

==

Install Istio:

istioctl install --set profile=demo -y

kubectl label namespace default istio-injection=enabled

==

Modify the http2 and https ports:

Changes for http and https port info istio-ingressgateway:

kubectl edit service istio-ingressgateway -n istio-system

Update below nodeports: 

 - name: http2

    nodePort: 30080

    port: 80

    protocol: TCP

    targetPort: 8080

  - name: https

    nodePort: 30443

    port: 443

    protocol: TCP

    targetPort: 8443

==

Deploy the sample application:

kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml

kubectl get services

kubectl get pods

==

Verify everything is working correctly:

kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"

==

Open the application to outside traffic:

Associate this application with the Istio gateway:

kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

==

Ensure that there are no issues with the configuration:

istioctl analyze

==

Set Gateway:

export GATEWAY_URL=localhost:80

==

Open browser and test bellow URL:

http://localhost:80/productpage

Read more ...

ISTIO: View Dashboard usages

kubectl apply -f samples/addons

kubectl rollout status deployment/kiali -n istio-system

Kiali:

Kiali is a management console for Istio service mesh. Kiali can be quickly installed as an Istio add-on, or trusted as a part of your production environment. See below for more about what Kiali offers

istioctl dashboard kiali

http://localhost:20001/

Reference:

https://istio.io/latest/docs/tasks/observability/kiali/

https://kiali.io/

Open the terminal and run bellow command: 

for i in $(seq 1 100); do curl -s -o /dev/null "http://$GATEWAY_URL/productpage"; done

Now you can see the graphs: 

Reference: https://istio.io/latest/docs/setup/getting-started/

Prometheus:

Prometheus is an open source monitoring system and time series database. You can use Prometheus with Istio to record metrics that track the health of Istio and of applications within the service mesh. You can visualize metrics using tools like Grafana and Kiali.

istioctl dashboard prometheus

http://localhost:9090/

Reference:

https://istio.io/latest/docs/tasks/observability/metrics/using-istio-dashboard/

https://istio.io/latest/docs/tasks/observability/metrics/querying-metrics/

https://istio.io/latest/docs/ops/integrations/prometheus/

https://prometheus.io/

==

Jaeger:

It is open source, end-to-end distributed tracing and monitor and troubleshoot transactions in complex distributed systems

istioctl dash jaeger

http://localhost:16686/jaeger/search

https://www.jaegertracing.io/

==

Grafana:

istioctl d grafana

http://localhost:3000/?orgId=1

https://grafana.com/

==

Envoy:

istioctl d envoy productpage-v1-7ff6d55f74-pj8dm

https://istio.io/latest/docs/ops/diagnostic-tools/proxy-cmd/

http://localhost:15000/

==

Controlz:

istioctl d controlz istiod-699b647f8b-dgqw6

http://localhost:9876/metricz/

==

Zipkin:

Zipkin is a distributed tracing system. It helps gather timing data needed to troubleshoot latency problems in service architectures. Features include both the collection and lookup of this data.

istioctl dashboard zipkin

kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.13/samples/addons/extras/zipkin.yaml

References:
https://istio.io/latest/docs/ops/integrations/zipkin/#installation

https://istio.io/latest/docs/tasks/observability/distributed-tracing/zipkin/

https://istio.io/latest/docs/tasks/observability/distributed-tracing/mesh-and-proxy-config/#customizing-trace-sampling

Read more ...

ISTIO: Cleanup resources

Cleanup the resources:

Remove any kubectl port-forward processes that may be running:

killall kubectl

Cleanup the addons tools and istio-system namespace:

kubectl delete -f samples/addons

istioctl manifest generate --set profile=demo | kubectl delete --ignore-not-found=true -f -

istioctl tag remove default

kubectl delete namespace istio-system

kubectl label namespace default istio-injection-

Cleanup bookinfo:

samples/bookinfo/platform/kube/cleanup.sh

kubectl get virtualservices   #-- there should be no virtual services

kubectl get destinationrules  #-- there should be no destination rules

kubectl get gateway           #-- there should be no gateway

kubectl get pods              #-- the Bookinfo pods should be deleted

Reference:

https://istio.io/latest/docs/tasks/observability/metrics/using-istio-dashboard/

https://istio.io/latest/docs/examples/bookinfo/#cleanup

 

Read more ...

Pushing Images to artifactory or any location of docker environment

Skopeo is a tool for moving container images between different types of container storages. It allows you to copy container images between container registries like docker.io, quay.io, and your internal container registry or different types of storage on your local system.

Below are the steps to push or pull images from artifactory using skopeo instead of docker. Skopeo is just a cli and does not require any service/privilege. No change is needed on the docker or docker-desktop settings also.

Pre-Steps: Install skopeo

brew instal skopeo

Setup proxies if any issue with environment:

export http_proxy=<hostname>:<port>

export https_proxy=<hostname>:<port>

export no_proxy="io,com,org"

Login:

skopeo login --tls-verify=false -u USERNAME <repo-url>

Inspecting a repository

skopeo inspect --config docker://quay.io/podman/stable | json_pp

Copying images

Skopeo can copy container images between various storage mechanisms:

skopeo copy docker://<imagename:latest> docker://<imagename:latest>

ex: skopeo copy docker://registry.access.redhat.com/ubi8-init docker://reg.company.com/ubi-init

skopeo copy docker://registry.fedoraproject.org/fedora:latest  containers-storage:fedora

If any restrictions repo: skopeo copy --override-arch=amd64 --override-os=linux --dest-tls-verify=false docker-daemon:<imagename:latest> docker://<imagename:latest>

Deleting images from a registry:

skopeo delete docker://localhost:5000/<imagename:latest>

Reference:

https://www.redhat.com/en/blog/skopeo-10-released#:~:text=Skopeo%20is%20a%20tool%20for,storage%20on%20your%20local%20system

Read more ...

How to start couchdb instance in the docker container

We have different ways to connect couchdb in docker containers

>>> Using docker compose:

Step1:

create file docker-compose.yml::

version: '3'

services:

  couchserver:

    image: couchdb

    restart: always

    ports:

      - "5984:5984"

    environment:

      - COUCHDB_USER=admin

      - COUCHDB_PASSWORD=admin

    volumes:

        - ./dbdata:/opt/couchdb/data

Step2:

From the directory that contains your docker-compose.yml file, run:

docker-compose up -d

Step3:

Docker will pull your image and setup everything for you.

Soon as everything set, make sure your CouchDB container is up and running, but the following command:

docker ps

Step4:

Access CouchDB admin

In order to validate your working CouchDB install, head to http://localhost:5984/.

To access the CouchDB admin, head to http://localhost:5984/_utils/

=========================================

>>> Using Docker command:

Step1:

docker run -itd -p 25984:5984 -p 25986:5986 --name=couchdb2 \

-e NODENAME='couchdb-2.local.com' \

--mount 'source=volume-2,target=/opt/couchdb/data' \

couchdb:2.3.0

Step2:

curl -X GET http://localhost:25984

References:

https://medevel.com/tutorial-install-couchdb-with-docker/

https://medium.com/@singinjon/cluster-couchdb-2-and-docker-on-localhost-f0490649d960

Read more ...

How to specify ignore rules and exceptions from these rules for files and folder, that won’t be included in the build context in Docker(.dockerignore)

The .dockerignore file is the tool. It can help you to define the Docker build context you really need. Using this file, you can specify ignore rules and exceptions from these rules for files and folder, that won’t be included in the build context and thus won’t be packed into an archive and uploaded to the Docker server.

The .dockerignore file is similar to gitignore file. It is used by  the git tool. similarly to .gitignore file, it allows you to specify a pattern for files and folders that should be ignored by the Docker client when generating a build context. While .dockerignore file syntax used to describe ignore patterns is similar to .gitignore it’s not the same.

The .dockerignore pattern matching syntax is based on Go filepath.Match() function and includes some additions.

Here is he complete syntax for the .dockerignore:

Pattern:

{ term }
term:
'*' matches any sequence of non-Separator characters
'?' matches any single non-Separator character
'[' [ '^' ] { character-range } ']'
character class (must be non-empty)
c matches character c (c != '*', '?', '\\', '[')
'\\' c matches character c

character-range:
c matches character c (c != '\\', '-', ']')
'\\' c matches character c
lo '-' hi matches character c for lo <= c <= hi

additions:
'**' matches any number of directories (including zero)
'!' lines starting with ! (exclamation mark) can be used to make exceptions to exclusions
'#' lines starting with this character are ignored: use it for comments
________

Note: Using the ! character is pretty tricky. The combination of it and patterns before and after line with the ! character can be used to create more advanced rules.

Examples:

# ignore .git and .cache folders

.git

.cache

# ignore all *.class files in all folders, including build root

**/*.class

# ignore all markdown files (md) beside all README*.md other than README-secret.md

*.md

!README*.md

README-secret.md

Reference:

https://codefresh.io/docker-tutorial/not-ignore-dockerignore/

Read more ...