This is just quick notes on what I recently tried on OpenShift v4.0 from try.openshift.com. OpenShift uses Maistra for installing the OpenShift Service Mesh via a Kuberetes operator. OCP4 (Cluster version is 4.0.0-0.9) makes creating OpenShift Cluster so easy!
Here are the steps I used:
- Install OpenShift. Please follow the instruction on try.openshift.com
- Create an istio-operator project:
-
oc new-project istio-operator -
oc process -f https://raw.githubusercontent.com/Maistra/openshift-ansible/maistra-0.9/istio/istio_community_operator_template.yaml | oc create -f -
-
- Create Custom Resource as the example below and save it as cr.yaml
-
apiVersion: "istio.openshift.com/v1alpha1" kind: "Installation" metadata: name: "istio-installation" namespace: istio-operator spec: istio: authentication: true prefix: docker.io/maistra jaeger: prefix: docker.io/jaegertracing kiali: username: admin password: admin prefix: docker.io/kiali
-
- Check if the operator is ready
-
oc logs <istio operator pod name> -n istio-operator
-
Output from logs: time="2019-04-05T06:52:41Z" level=info msg="Go Version: go1.11.5" time="2019-04-05T06:52:41Z" level=info msg="Go OS/Arch: linux/amd64" time="2019-04-05T06:52:41Z" level=info msg="operator-sdk Version: 0.0.5+git" time="2019-04-05T06:52:41Z" level=info msg="Metrics service istio-operator created" time="2019-04-05T06:52:41Z" level=info msg="Watching resource istio.openshift.com/v1alpha1, kind Installation, namespace istio-operator, resyncPeriod 0" time="2019-04-05T06:53:56Z" level=info msg="Installing istio for Installation istio-installation"
-
- Install OpenShift service mesh via operator using the cr.yaml that was created in step #3
-
oc create -f cr.yaml -n istio-operator
-
- Verify Service Mesh Installation
-
oc get pods -n istio-system
NAME READY STATUS RESTARTS AGE elasticsearch-0 1/1 Running 0 11h grafana-d5d978b4d-pj6wf 1/1 Running 0 11h istio-citadel-6f7fdc6685-vbx6n 1/1 Running 0 11h istio-egressgateway-5458749989-5xswb 1/1 Running 0 11h istio-galley-58bd6d9546-6nlhv 1/1 Running 0 11h istio-ingressgateway-77f9dc475b-6cx5x 1/1 Running 0 11h istio-pilot-6f5f59477c-7kzvr 2/2 Running 0 11h istio-policy-6c574bccd8-55wwx 2/2 Running 5 11h istio-sidecar-injector-7f866d4796-k6dqw 1/1 Running 0 11h istio-telemetry-54795dfc9c-d5cr4 2/2 Running 5 11h jaeger-agent-gsbk8 1/1 Running 0 11h jaeger-agent-lqmx4 1/1 Running 0 11h jaeger-agent-zsb9l 1/1 Running 0 11h jaeger-collector-668488cff9-24p9b 1/1 Running 0 11h jaeger-query-57f78497d5-7ttbw 1/1 Running 0 11h kiali-ddbf7d4d9-c54kf 1/1 Running 0 11h openshift-ansible-istio-installer-job-vpdrl 0/1 Completed 0 11h prometheus-b5fb89775-x4bzd 1/1 Running 0 11h
-
- Install the bookinfo application. Here are the steps that I used.
-
oc new-project bookinfo oc adm policy add-scc-to-user anyuid -z default -n bookinfo oc adm policy add-scc-to-user privileged -z default -n bookinfo oc apply -f bookinfo.yaml oc apply -f bookinfo-gateway-all.yaml oc apply -f destination-rule-all-mtls.yaml
- where you can find the yaml files from https://github.com/piggyvenus/ocp-istio-example/tree/master/istio-examples/bookinfo
-
- Access the bookinfo application
- To get the host for ingressgateway route:
-
oc get route -n istio-system istio-ingressgateway -o jsonpath='{.spec.host}' output: istio-ingressgateway-istio-system.apps.test3-0404.sc.ocpdemo.online
-
- To get the host for ingressgateway route:
-
- Go to your browser and use your ingressgateway host as the URL similar to the one shown below.
-
http://istio-ingressgateway-istio-system.apps.test3-0404.sc.ocpdemo.online/productpage
-
- Go to your browser and use your ingressgateway host as the URL similar to the one shown below.
Observability
- Kiali Console
- oc get route -n istio-system|grep kiali
- use the output of the host from kiali route to access the kiali console
- Jaegar:
-
jaeger-query-istio-system.apps.test3-0404.sc.ocpdemo.online
- use the output of the host from jaegar route to access the jaegar
-
OpenShift Lessons Learned 