etiennetremel / Istio Cross Namespace Canary Release Demo
Cross-namespace canary release using Kubernetes, Istio and Helm
Stars: ✭ 31
Projects that are alternatives of or similar to Istio Cross Namespace Canary Release Demo
Helmfiles
Comprehensive Distribution of Helmfiles for Kubernetes
Stars: ✭ 205 (+561.29%)
Mutual labels: makefile, helm
Build Harness
🤖Collection of Makefiles to facilitate building Golang projects, Dockerfiles, Helm charts, and more
Stars: ✭ 236 (+661.29%)
Mutual labels: makefile, helm
Helm Vsts Agent
Kubernetes Helm Chart for VSTS agent pool
Stars: ✭ 52 (+67.74%)
Mutual labels: makefile, helm
Kubernetes Cicd
Demonstration of a Kubernetes-centric CI/CD workflow
Stars: ✭ 54 (+74.19%)
Mutual labels: makefile, istio
jpetstore-kubernetes
Modernize and Extend: JPetStore on IBM Cloud Kubernetes Service
Stars: ✭ 21 (-32.26%)
Mutual labels: helm, istio
azure-container-labs
Azure Container Labs - AKS, ACR, ACI, Web App for Containers, etc under frequent update
Stars: ✭ 24 (-22.58%)
Mutual labels: helm, istio
k8s-istio-demo
Demo showing the capabilities of Istio
Stars: ✭ 22 (-29.03%)
Mutual labels: helm, istio
Helm Doc Zh Cn
Try to translate the helm official docs to Chinese. Helm官方文档中文翻译。如果大家觉得这个项目还可以,麻烦打一下右上角的Star按钮,谢谢。此网址查看更方便,欢迎大家提bug,
Stars: ✭ 319 (+929.03%)
Mutual labels: makefile, helm
Kubernetes Vagrant Centos Cluster
Setting up a distributed Kubernetes cluster along with Istio service mesh locally with Vagrant and VirtualBox, only PoC or Demo use.
Stars: ✭ 1,750 (+5545.16%)
Mutual labels: helm, istio
Istio Handbook
Istio Service Mesh Advanced Practical - Istio服务网格进阶实战 https://www.servicemesher.com/istio-handbook/
Stars: ✭ 1,646 (+5209.68%)
Mutual labels: makefile, istio
multitenant-microservices-demo
Full Isolation in Multi-Tenant SaaS with Kubernetes + Istio
Stars: ✭ 57 (+83.87%)
Mutual labels: helm, istio
K8s For Docker Desktop
为Docker Desktop for Mac/Windows开启Kubernetes和Istio。
Stars: ✭ 3,863 (+12361.29%)
Mutual labels: helm, istio
Istio Handbook
Istio Handbook - Istio Service Mesh Advanced Practical(Istio 服务网格进阶实战) - https://jimmysong.io/istio-handbook
Stars: ✭ 374 (+1106.45%)
Mutual labels: makefile, istio
Hubot Slack Docker
Docker container running Github Hubot.
Stars: ✭ 21 (-32.26%)
Mutual labels: makefile
Ariane Sdk
Ariane SDK containing RISC-V tools and Buildroot
Stars: ✭ 28 (-9.68%)
Mutual labels: makefile
Cross-namespace canary release using Kubernetes, Istio and Helm
Demo of a cross-namespace canary release using Istio service mesh with mutual TLS enabled and Helm charts. It makes use of the new Istio v1alpha3 routing API.
Overview
.
├── Makefile
├── istio.yaml // Istio chart configuration
├── nginx // nginx is used as an example of microservice
│ ├── Dockerfile
│ ├── charts
│ │ ├── templates
│ │ │ ├── _helpers.tpl
│ │ │ ├── deployment.yaml
│ │ │ └── service.yaml
│ │ ├── Chart.yaml
│ │ └── values.yaml
│ └── default.conf
├── services // all microservices should be defined in this directory as subchart
│ ├── Chart.yaml
│ ├── requirements.yaml
│ └── values.yaml
└── traffic-manager // chart with all the Istio configuration.
├── templates
│ ├── _helpers.tpl
│ ├── gateway.yaml // ingress configuration
│ └── virtualservice.yaml // routing
├── Chart.yaml
└── values.yaml
Getting started
Requirements
Play yourself
# start Minikube with necessary flags to get started with Istio mTLS and automatic sidecar injection
$ minikube start --kubernetes-version=v1.10.0 --memory 8192 --cpus 2
# install Tiller
$ kubectl apply -f ./tiller-rbac.yaml
$ helm init --service-account tiller --upgrade --wait
# install Istio with mTLS
$ make deployistio
# update Helm subcharts
$ cd services && helm dep update --skip-refresh && cd ../
# build nginx container which contains curl
# if using Istio with mTLS, we need to use curl to run the probe
# ref: https://github.com/istio/istio/issues/1194
$ make buildnginx
#
# Deploy services v1
#
# create namespace and enable automatic sidecar injection
$ kubectl create ns services-v1
$ kubectl label ns services-v1 istio-injection=enabled
$ helm upgrade -i services-v1 --namespace=services-v1 ./services
# deploy Istio routing via traffic manager
$ helm upgrade -i traffic-manager ./traffic-manager
# To test if the release was successful:
$ ingress_gateway=$(minikube service istio-ingressgateway -n istio-system --url | head -n1)
$ curl $ingress_gateway -H 'Host: search.local'
Host: search-77f9697d44-l8dtc
#
# Deploy services v2
#
$ kubectl create ns services-v2
$ kubectl label ns services-v2 istio-injection=enabled
$ helm upgrade -i services-v2 --namespace=services-v2 ./services
#
# Canary
#
# shift 10% of the traffic to services-v2
$ helm upgrade traffic-manager --set canary.enabled=true ./traffic-manager
$ ingress_gateway=$(minikube service istio-ingressgateway -n istio-system --url | head -n1)
$ while sleep 0.1; do curl $ingress_gateway -v -H 'Host: search.local'; done
Host: search-77f9697d44-l8dtc
Host: search-77f9697d44-l8dtc
Host: search-77f9697d44-l8dtc
Host: search-77f9697d44-l8dtc
Host: search-77f9697d44-l8dtc
Host: search-77f9697d44-l8dtc
Host: search-6b8cc5d6f7-pzwcb
Host: search-77f9697d44-l8dtc
Host: search-77f9697d44-l8dtc
#
# Full rollout
#
# when we are ready, shift 100%
$ helm upgrade traffic-manager \
--reset-values \
--set stable.serviceName=search.services-v2.svc.cluster.local \
./traffic-manager
#
# Rollback
#
# shift 100% traffic back to services-v1
$ helm upgrade traffic-manager \
--reset-values \
./traffic-manager
#
# Cleanup
#
$ helm del --purge services-v1
Access release based on Headers
If you want to run end-to-end tests against a new release in a "production" environment, you can configure Istio to match traffic based on HTTP Headers.
You can enable it in the traffic-manager values.yaml file. Then redeploy:
$ helm upgrade -i traffic-manager \
--set canary.enabled=true \
./traffic-manager
$ ingress_gateway=$(minikube service istio-ingressgateway -n istio-system --url | head -n1)
$ curl $ingress_gateway -v -H 'Host: proxy.local' -H 'X-Track: canary'
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].