Running Istio Service Mesh on OpenShift

sudo bash -c 'cat << EOF > /etc/origin/master/master-config.patch
admissionConfig:
pluginConfig:
MutatingAdmissionWebhook:
configuration:
apiVersion: apiserver.config.k8s.io/v1alpha1
kubeConfigFile: /dev/null
kind: WebhookAdmission
ValidatingAdmissionWebhook:
configuration:
apiVersion: apiserver.config.k8s.io/v1alpha1
kubeConfigFile: /dev/null
kind: WebhookAdmission
EOF'

sudo cp -p /etc/origin/master/master-config.yaml /etc/origin/master/master-config.yaml.prepatch
sudo bash -c 'oc ex config patch /etc/origin/master/master-config.yaml.prepatch -p "$(cat /etc/origin/master/master-config.patch)" > /etc/origin/master/master-config.yaml'
sudo su -
master-restart api
master-restart controllers
exit

sudo bash -c 'cat << EOF > /etc/sysctl.d/99-elasticsearch.conf
vm.max_map_count = 262144
EOF'

sudo sysctl vm.max_map_count=262144
oc new-project istio-operator
oc new-app -f https://raw.githubusercontent.com/Maistra/openshift-ansible/maistra-0.9/istio/istio_community_operator_template.yaml --param=OPENSHIFT_ISTIO_MASTER_PUBLIC_URL=<-master-public-hostname->
oc logs -n istio-operator $(oc -n istio-operator get pods -l name=istio-operator --output=jsonpath={.items..metadata.name})
cat << EOF >  ./istio-installation.yaml
apiVersion: "istio.openshift.com/v1alpha1"
kind: "Installation"
metadata:
name: "istio-installation"
namespace: istio-operator
EOF

oc create -n istio-operator -f ./istio-installation.yaml
oc get pods -n istio-system -w

# The installation of the core components is finished when you see:
...
openshift-ansible-istio-installer-job-cnw72 0/1 Completed 0 4m
bash <(curl -L https://git.io/getLatestKialiOperator)
oc get route -n istio-system -l app=kiali
$ oc get pods -n istio-system
NAME READY STATUS RESTARTS AGE
elasticsearch-0 1/1 Running 0 9m
grafana-74b5796d94-4ll5d 1/1 Running 0 9m
istio-citadel-db879c7f8-kfxfk 1/1 Running 0 11m
istio-egressgateway-6d78858d89-58lsd 1/1 Running 0 11m
istio-galley-6ff54d9586-8r7cl 1/1 Running 0 11m
istio-ingressgateway-5dcf9fdf4b-4fjj5 1/1 Running 0 11m
istio-pilot-7ccf64f659-ghh7d 2/2 Running 0 11m
istio-policy-6c86656499-v45zr 2/2 Running 3 11m
istio-sidecar-injector-6f696b8495-8qqjt 1/1 Running 0 11m
istio-telemetry-686f78b66b-v7ljf 2/2 Running 3 11m
jaeger-agent-k4tpz 1/1 Running 0 9m
jaeger-collector-64bc5678dd-wlknc 1/1 Running 0 9m
jaeger-query-776d4d754b-8z47d 1/1 Running 0 9m
kiali-5fd946b855-7lw2h 1/1 Running 0 2m
openshift-ansible-istio-installer-job-cnw72 0/1 Completed 0 13m
prometheus-75b849445c-l7rlr 1/1 Running 0 11m
# Create new project
oc new-project hipster-shop

# Set permissions to allow Istio to deploy the Envoy-Proxy side-car container
oc adm policy add-scc-to-user anyuid -z default -n hipster-shop
oc adm policy add-scc-to-user privileged -z default -n hipster-shop

# Create Hipster Shop deployments and Istio services
oc create -f https://raw.githubusercontent.com/berndonline/openshift-ansible/master/examples/istio-hipster-shop.yml
oc create -f https://raw.githubusercontent.com/berndonline/openshift-ansible/master/examples/istio-manifest.yml

# Wait and check that all pods are running before creating the load generator
oc get pods -n hipster-shop -w

# Create load generator deployment
oc create -f https://raw.githubusercontent.com/berndonline/openshift-ansible/master/examples/istio-loadgenerator.yml
[centos@ip-172-26-1-167 ~]$ oc get pods
NAME READY STATUS RESTARTS AGE
adservice-7894dbfd8c-g4m9v 2/2 Running 0 49m
cartservice-758d66c648-79fj4 2/2 Running 4 49m
checkoutservice-7b9dc8b755-h2b2v 2/2 Running 0 49m
currencyservice-7b5c5f48fc-gtm9x 2/2 Running 0 49m
emailservice-79578566bb-jvwbw 2/2 Running 0 49m
frontend-6497c5f748-5fc4f 2/2 Running 0 49m
loadgenerator-764c5547fc-sw6mg 2/2 Running 0 40m
paymentservice-6b989d657c-klp4d 2/2 Running 0 49m
productcatalogservice-5bfbf4c77c-cw676 2/2 Running 0 49m
recommendationservice-c947d84b5-svbk8 2/2 Running 0 49m
redis-cart-79d84748cf-cvg86 2/2 Running 0 49m
shippingservice-6ccb7d8ff7-66v8m 2/2 Running 0 49m
[centos@ip-172-26-1-167 ~]$
oc new-project myproject

oc adm policy add-scc-to-user anyuid -z default -n myproject
oc adm policy add-scc-to-user privileged -z default -n myproject

oc apply -n myproject -f https://raw.githubusercontent.com/Maistra/bookinfo/master/bookinfo.yaml
oc apply -n myproject -f https://raw.githubusercontent.com/Maistra/bookinfo/master/bookinfo-gateway.yaml
export GATEWAY_URL=$(oc get route -n istio-system istio-ingressgateway -o jsonpath='{.spec.host}')
curl -o /dev/null -s -w "%{http_code}\n" http://$GATEWAY_URL/productpage

curl -o destination-rule-all.yaml https://raw.githubusercontent.com/istio/istio/release-1.0/samples/bookinfo/networking/destination-rule-all.yaml
oc apply -f destination-rule-all.yaml

curl -o destination-rule-all-mtls.yaml https://raw.githubusercontent.com/istio/istio/release-1.0/samples/bookinfo/networking/destination-rule-all-mtls.yaml
oc apply -f destination-rule-all-mtls.yaml

oc get destinationrules -o yaml

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store