- Practical Istio - Introduction
- Practical Istio - Private Kubernetes Deployment
- Practical Istio - Init & Install
- Practical Istio - Ingress Gateway
- Practical Istio - Virtual Services
In this post we're going to go through the orchestration of the resources needed to test out Istio. To do this nice and cleanly Deployment Manager templates will be used for the various pieces. The results should give us a private kubernetes deployment.
Note: More information about how the deployment manager templates from this repo work can be found in my other post Bootstrap GKE with Deployment Manager on GCP. Check out the original repository: https://github.com/t04glovern/gke-dm-bootstrap.
Below is the reference architecture for the GKE hosted Kubernetes network.
There’s a script within the root directory of the project called
deploy.sh that handles most of the resource creation for you given command line parameters.
The general structure is
./deploy.sh $project_id $resource $action where:
- project_id: Project ID retrieved from the previous step (mine was devopstar)
- resource: Lowercase name of the resource we want to deploy. You can find the yaml files referred to within the
- action: create or delete
An example of deployment of all the recommended infrastructure would be to run the following in order
./deploy.sh devopstar iam create ./deploy.sh devopstar network create ./deploy.sh devopstar cloud-router create ./deploy.sh devopstar gke create ./deploy.sh devopstar bastion create
Note: The region for deployment is set to
_australia-southeast1_ currently to cut down on variation within the templates and the guide. If you do want to change this you'll need to ensure the rest of the templates have their region changed also.
We need to copy all the resources from the repository up to the bastion server. This is because it is the only server that has permission to talk to Kubernetes from within our private network. Run the following command to SCP the
k8s directory onto the bastion server.
gcloud compute scp \ --recurse ./k8s* $PROJECT_ID-bastion:~/ \ --zone australia-southeast1-a
Next we can connect to the bastion server over SSH by running the following:
gcloud compute ssh $PROJECT_ID-bastion \ --project $PROJECT_ID \ --zone australia-southeast1-a
Finally, auth against the GKE instance from the bastion server by running the following:
gcloud container clusters get-credentials $PROJECT_ID-gke \ --project $PROJECT_ID \ --region australia-southeast1
Confirm that you have access to the cluster by running the following command and inspecting the output:
$ kubectl cluster-info # Kubernetes master is running at https://XXX.XXX.XXX.XXX
In the next section we'll be initialising and installing Istio onto our Kubernetes cluster.