From 9478993bc9e064dc7b8e74aca268097bcfe3b359 Mon Sep 17 00:00:00 2001 From: Greg Bray Date: Thu, 16 Mar 2023 12:05:01 -0600 Subject: [PATCH] fixup pr comments --- hack/make-release-artifacts.sh | 6 ++--- .../components/service-mesh-istio/README.md | 25 ++++++------------- kustomize/kustomization.yaml | 1 - 3 files changed, 10 insertions(+), 22 deletions(-) diff --git a/hack/make-release-artifacts.sh b/hack/make-release-artifacts.sh index b793ebd8ec2..cff95d36651 100755 --- a/hack/make-release-artifacts.sh +++ b/hack/make-release-artifacts.sh @@ -46,7 +46,7 @@ EOF sed "$@" } -read_manifests() { +read_manifests_except_kustomization() { local dir dir="$1" @@ -61,7 +61,7 @@ read_manifests() { } mk_kubernetes_manifests() { - out_manifest="$(read_manifests "${SCRIPTDIR}/../kubernetes-manifests")" + out_manifest="$(read_manifests_except_kustomization "${SCRIPTDIR}/../kubernetes-manifests")" # replace "image" repo, tag for each service for dir in ./src/*/ @@ -88,7 +88,7 @@ mk_istio_manifests() { # This just copies the yaml from the component (excluding kustomization.yaml) # since there is no easy way to render individual kustomize component resources - read_manifests "${SCRIPTDIR}/../kustomize/components/service-mesh-istio/" + read_manifests_except_kustomization "${SCRIPTDIR}/../kustomize/components/service-mesh-istio/" echo '# [END servicemesh_release_istio_manifests_microservices_demo]' } diff --git a/kustomize/components/service-mesh-istio/README.md b/kustomize/components/service-mesh-istio/README.md index 12622367c44..063f8ccf2c4 100644 --- a/kustomize/components/service-mesh-istio/README.md +++ b/kustomize/components/service-mesh-istio/README.md @@ -1,6 +1,6 @@ # Istio Service Mesh -You can use [Istio](https://isito.io) to enable [service mesh features](https://cloud.google.com/service-mesh/docs/overview) such as traffic management, observability, and security. Istio can be provisioned using Anthos Service Mesh (ASM), the Open Source Software (OSS) istioctl tool, or via other Istio providers. You can then label individual namespaces for sidecar injection and configure an Istio gateway to replace the frontend-external load balancer. +You can use [Istio](https://istio.io) to enable [service mesh features](https://cloud.google.com/service-mesh/docs/overview) such as traffic management, observability, and security. Istio can be provisioned using Anthos Service Mesh (ASM), the Open Source Software (OSS) istioctl tool, or via other Istio providers. You can then label individual namespaces for sidecar injection and configure an Istio gateway to replace the frontend-external load balancer. # Provision a GKE Cluster @@ -42,16 +42,16 @@ gcloud container fleet memberships register ${CLUSTER_NAME} \ FLEET_PROJECT_NUMBER=$(gcloud projects describe ${PROJECT_ID} --format 'value(projectNumber)') # Apply mesh_id label to clusters that should be added to the service mesh gcloud container clusters update --project ${PROJECT_ID} ${CLUSTER_NAME} \ - --zone ${ZONE} --update-labels="mesh_id=proj-$FLEET_PROJECT_NUMBER" + --zone ${ZONE} --update-labels="mesh_id=proj-$FLEET_PROJECT_NUMBER" # Configure automatic control plane upgrades gcloud container fleet mesh update --project ${PROJECT_ID} \ - --management automatic \ - --memberships ${CLUSTER_NAME} + --management automatic \ + --memberships ${CLUSTER_NAME} # Configure Managed Data Plane (automatic restart of workloads when envoy sidecar is updated) kubectl annotate --overwrite namespace default \ - mesh.cloud.google.com/proxy='{"managed":"false"}' + mesh.cloud.google.com/proxy='{"managed":"false"}' # Enable sidecar injection for Kubernetes namespace where workload is deployed kubectl label namespace default istio-injection- istio.io/rev=asm-managed --overwrite @@ -81,7 +81,7 @@ gke-onlineboutique-c94d71e8-master gke-vpc INGRESS 1000 tcp:10250,tcp: # Update firewall rule (or create a new one) to allow webhook port 15017 gcloud compute firewall-rules update gke-onlineboutique-c94d71e8-master \ - --allow tcp:10250,tcp:443,tcp:15017 + --allow tcp:10250,tcp:443,tcp:15017 ``` # Deploy and Validate Online Boutique with `Istio` @@ -154,17 +154,6 @@ serviceentry.networking.istio.io/allow-egress-googleapis created virtualservice.networking.istio.io/frontend created ``` -## Deploy via `istio-manifests.yaml` - -Instead of using Kustomize you can just apply the static manifest from the [release](../../../release/) folder or it's full URL: -```bash -kubectl apply -f ./release/istio-manifests.yaml -# Or -kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/main/release/istio-manifests.yaml -``` - -_Note: The static manifest will not include other changes like creating individual service accounts or disabling the frondend-ingress load balancer._ - # Verify Online Boutique Deployment Run `kubectl get pods,gateway,svc` to see pods and gateway are in a healthy and ready state. @@ -209,7 +198,7 @@ Find the IP address of your Istio gateway and visit the application frontend in ```sh INGRESS_HOST="$(kubectl get gateway istio-gateway \ - -o jsonpath='{.status.addresses[*].value}')" + -o jsonpath='{.status.addresses[*].value}')" curl -v "http://$INGRESS_HOST" ``` diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml index a2b2a5281d5..c9c15a30d99 100644 --- a/kustomize/kustomization.yaml +++ b/kustomize/kustomization.yaml @@ -33,4 +33,3 @@ components: # - components/container-images-tag-suffix # - components/container-images-registry # - components/native-grpc-health-check -# - components/without-loadgenerator