Last active
March 14, 2022 23:17
-
-
Save mandibuswell/8bb22679b496f070a0a289f8aae3d893 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#setting up | |
PROJECT = "user10" | |
oc project $PROJECT | |
git clone https://github.com/RedHatGov/service-mesh-workshop-code.git | |
cd service-mesh-workshop-code && git checkout workshop-stable | |
oc get pods -n $PROJECT-istio | |
#LAB 1 - deploying the microservice application Version1 | |
oc new-app -f ./config/app/boards-fromsource.yaml \ | |
-p APPLICATION_NAME=boards \ | |
-p NODEJS_VERSION_TAG=10 \ | |
-p GIT_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \ | |
-p GIT_BRANCH=workshop-stable \ | |
-p DATABASE_SERVICE_NAME=boards-mongodb \ | |
-p MONGODB_DATABASE=boardsDevelopment | |
oc new-app -f ./config/app/context-scraper-fromsource.yaml \ | |
-p APPLICATION_NAME=context-scraper \ | |
-p NODEJS_VERSION_TAG=10 \ | |
-p GIT_BRANCH=workshop-stable \ | |
-p GIT_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git | |
oc new-app -f ./config/app/app-ui-fromsource.yaml \ | |
-p APPLICATION_NAME=app-ui \ | |
-p NODEJS_VERSION_TAG=10 \ | |
-p GIT_BRANCH=workshop-stable \ | |
-p GIT_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \ | |
-e FAKE_USER=true | |
oc get pods --watch | |
#wait till pods are running | |
oc get pods -l app=app-ui -o jsonpath='{.items[*].spec.containers[*].name}{"\n"}' | |
#creating the istio gateway | |
oc create -f ./config/istio/gateway.yaml | |
GATEWAY_URL=$(oc get route istio-ingressgateway -n $PROJECT-istio --template='http://{{.spec.host}}') | |
echo $GATEWAY_URL | |
#Testing the application | |
#LAB 2 deploy the java user profile application using a build config. | |
oc new-app -f ./config/app/userprofile-build.yaml \ | |
-p APPLICATION_NAME=userprofile \ | |
-p APPLICATION_CODE_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \ | |
-p APPLICATION_CODE_BRANCH=workshop-stable \ | |
-p APP_VERSION_TAG=1.0 | |
oc start-build userprofile-1.0 -F | |
#wait till build complete | |
oc get is userprofile | |
USER_PROFILE_IMAGE_URI=$(oc get is userprofile --template='{{.status.dockerImageRepository}}') | |
echo $USER_PROFILE_IMAGE_URI | |
sed "s|%USER_PROFILE_IMAGE_URI%|$USER_PROFILE_IMAGE_URI|" ./config/app/userprofile-deploy-all.yaml | oc create -f - | |
oc get pods -l deploymentconfig=userprofile -o jsonpath='{.items[*].spec.containers[*].name}{"\n"}' | |
#test the application | |
echo $GATEWAY_URL | |
#sending Load | |
for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL; done | |
for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL/profile; done | |
#exploring KIALI | |
echo $(oc get route kiali -n $PROJECT-istio --template='https://{{.spec.host}}') | |
while true; do curl -s -o /dev/null $GATEWAY_URL; done | |
for ((i=1;i<=5;i++)); do curl -s -o /dev/null $GATEWAY_URL/profile; done | |
#LAB 3 | |
oc new-app -f ./config/app/userprofile-build.yaml \ | |
-p APPLICATION_NAME=userprofile \ | |
-p APPLICATION_CODE_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \ | |
-p APPLICATION_CODE_BRANCH=workshop-feature-update \ | |
-p APP_VERSION_TAG=2.0 | |
oc start-build userprofile-2.0 -F | |
USER_PROFILE_IMAGE_URI=$(oc get is userprofile --template='{{.status.dockerImageRepository}}') | |
echo $USER_PROFILE_IMAGE_URI | |
sed "s|%USER_PROFILE_IMAGE_URI%|$USER_PROFILE_IMAGE_URI|" ./config/app/userprofile-deploy-v2.yaml | oc create -f - | |
oc get pods -l deploymentconfig=userprofile --watch | |
#WAIT FOR PODS TO START | |
#send load explore Grafana | |
while true; do curl -s -o /dev/null $GATEWAY_URL; done | |
#send load to profile service in another tab | |
GATEWAY_URL=$(oc get route istio-ingressgateway -n $PROJECT-istio --template='http://{{.spec.host}}') | |
while true; do curl -s -o /dev/null $GATEWAY_URL/profile; done | |
#explore Jaeger | |
#confirm the podip of applications | |
oc get pods -l deploymentconfig=app-ui -o jsonpath='{.items[*].status.podIP}{"\n"}' | |
oc get pods -l deploymentconfig=boards -o jsonpath='{.items[*].status.podIP}{"\n"}' | |
#send load to profile service and debug the slowness | |
oc get pods -l deploymentconfig=userprofile,version=1.0 -o jsonpath='{.items[*].status.podIP}{"\n"}' | |
oc get pods -l deploymentconfig=userprofile,version=2.0 -o jsonpath='{.items[*].status.podIP}{"\n"}' | |
oc get pods -l deploymentconfig=userprofile,version=3.0 -o jsonpath='{.items[*].status.podIP}{"\n"}' | |
##LAB 4 | |
oc apply -f ./config/istio/virtual-service-userprofile-v1.yaml | |
for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL/profile; done | |
#deploy version 3 of service | |
oc new-app -f ./config/app/userprofile-build.yaml \ | |
-p APPLICATION_NAME=userprofile \ | |
-p APPLICATION_CODE_URI=https://github.com/RedHatGov/service-mesh-workshop-code.git \ | |
-p APPLICATION_CODE_BRANCH=workshop-feature-fix \ | |
-p APP_VERSION_TAG=3.0 | |
oc start-build userprofile-3.0 -F | |
USER_PROFILE_IMAGE_URI=$(oc get is userprofile --template='{{.status.dockerImageRepository}}') | |
echo $USER_PROFILE_IMAGE_URI | |
sed "s|%USER_PROFILE_IMAGE_URI%|$USER_PROFILE_IMAGE_URI|" ./config/app/userprofile-deploy-v3.yaml | oc create -f - | |
oc get pods -l deploymentconfig=userprofile --watch | |
#wait till pods are up | |
#traffic routing | |
oc apply -f ./config/istio/virtual-service-userprofile-90-10.yaml | |
oc apply -f ./config/istio/virtual-service-userprofile-50-50.yaml | |
oc apply -f ./config/istio/virtual-service-userprofile-v3.yaml | |
#fault injection | |
oc apply -f ./config/istio/virtual-service-userprofile-503.yaml | |
oc apply -f ./config/istio/virtual-service-userprofile-delay.yaml | |
#revert all traffic changes | |
oc apply -f ./config/istio/virtual-service-userprofile-v3.yaml | |
#circuit breaking | |
oc apply -f ./config/istio/destinationrule-circuitbreaking.yaml | |
oc apply -f ./config/istio/virtual-service-userprofile-50-50.yaml | |
#kill pod in another terminal | |
USERPROFILE_POD=$(oc get pod -l deploymentconfig=userprofile,version=3.0 -o jsonpath='{.items[0].metadata.name}') | |
oc exec $USERPROFILE_POD -- kill 1 | |
#Clean up | |
oc apply -f ./config/istio/destinationrules-all.yaml | |
oc apply -f ./config/istio/virtual-services-default.yaml | |
#LAB 5 | |
curl boards.user10:8080/shareditems | jq | |
oc create -f ./config/istio/peer-authentication-mtls.yaml | |
oc delete dr --all | |
oc create -f ./config/istio/destinationrule-mtls.yaml | |
curl boards.user10:8080/shareditems | jq | |
oc delete peerauthentication/default | |
oc delete dr --all | |
#SSO | |
oc apply -f ./config/sso/sso-keycloak.yaml | |
oc wait --for=condition=Ready pod/keycloak-0 --timeout=300s | |
oc label pod keycloak-0 maistra.io/expose-route=true | |
sed "s|%APP_URL%|$GATEWAY_URL|" ./config/sso/sso-realm.yaml | oc create -f - | |
oc apply -f ./config/sso/sso-user1.yaml | |
oc apply -f ./config/sso/sso-user2.yaml | |
echo $(oc get route keycloak --template='https://{{.spec.host}}') | |
echo $(oc get secret/credential-workshop-keycloak -o jsonpath="{.data.ADMIN_PASSWORD}") | base64 --decode && echo | |
#go to the SSO console, set passwords demo and illbeback, create cool-kids role add to terminator | |
SSO_SVC=$(oc get route keycloak --template='{{.spec.host}}') | |
oc set env dc/app-ui FAKE_USER=false SSO_SVC_HOST=$SSO_SVC | |
sed "s|%SSO_SVC%|$SSO_SVC|" ./config/istio/request-authentication-boards-jwt.yaml | oc apply -f - | |
sed "s|%SSO_SVC%|$SSO_SVC|" ./config/istio/serviceentry-keycloak.yaml | oc apply -f - | |
#lockdown for only the cool-kids | |
oc create -f ./config/istio/authorization-boards-shared-lockdown.yaml | |
#cleanup | |
oc delete authorizationpolicy/boards-shared-lockdown | |
oc delete requestauthentication/boards-jwt | |
oc delete serviceentry/keycloak-egress | |
#lockdown ingress and egress | |
oc describe cm/istio-workshop-install -n $PROJECT-istio | grep outboundTrafficPolicy -A 1 | |
curl context-scraper.$PROJECT:8080/scrape/custom_search?term==skynet | jq | |
#allow access to google | |
oc apply -f ./config/istio/serviceentry-googleapis.yaml | |
curl context-scraper.$PROJECT:8080/scrape/custom_search?term==skynet | jq | |
oc get dr | |
oc get vs | |
###COMMON COMMANDS | |
#setting the gateway URL when required (will work only after lab1 is complete but used throughout) | |
echo $GATEWAY_URL | |
GATEWAY_URL=$(oc get route istio-ingressgateway -n $PROJECT-istio --template='http://{{.spec.host}}') | |
#sending load | |
for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL; done | |
for ((i=1;i<=100;i++)); do curl -s -o /dev/null $GATEWAY_URL/profile; done | |
while true; do curl -s -o /dev/null $GATEWAY_URL; done | |
while true; do curl -s -o /dev/null $GATEWAY_URL/profile; done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment