danehans

The FederatedServiceEntry will allow egress to the global scope httpbin DNS names.

apiVersion: primitives.federation.k8s.io/v1alpha1
kind: FederatedServiceEntry
metadata:
  name: httpbin-ext
spec:
  template:
    spec:

danehans

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: istio-sidecar-injector
  namespace: istio-system
  labels:
    app: sidecarInjectorWebhook
    chart: sidecarInjectorWebhook-1.0.3
    release: istio
    heritage: Tiller

danehans

kubefed2 federate enable CustomResoureDefinition works with v0.0.3 but not master:

$ git checkout master
Switched to branch 'master'
Your branch is up-to-date with 'origin/master'.
$ git pull origin master
From https://github.com/kubernetes-sigs/federation-v2
 * branch              master     -> FETCH_HEAD
Already up-to-date.
(reverse-i-search)`docker.': ./scripts/deploy-federation.sh docker.io/danehans/federation-v2:test cluster2

danehans

root@dev:~/go/src/github.com/kubernetes-sigs/federation-v2# kubectl get federatedtypeconfigs -n federation-system
NAME                                             AGE
configmaps                                       48s
customresourcedefinitions.apiextensions.k8s.io   4s
deployments.apps                                 48s
ingresses.extensions                             48s
jobs.batch                                       48s
namespaces                                       47s
replicasets.apps                                 47s
secrets                                          47s

danehans

apiVersion: primitives.federation.k8s.io/v1alpha1
kind: FederatedCustomResourceDefinition
metadata:
  name: serviceentries.networking.istio.io
  annotations:
    "helm.sh/hook": crd-install
  labels:
    app: istio-pilot
spec:
  template:

danehans

Resource patch examples

kubectl patch virtualservice/ \
    --type=merge -p '{"spec":{"clusterNames": ["cluster1"]}}'

Update the placement for all bookinfo placement resources to use only cluster1.

kubectl patch federatedgatewayplacement/bookinfo-gateway --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedvirtualserviceplacement/bookinfo --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedserviceplacement/productpage --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'

danehans

Fedv2 GKE Deploy Steps on Mac OSX

Set envs

export ZONE1=us-west1-a
export ZONE2=us-west1-b

Create 2 clusters

danehans

I followed the steps in the nginx-ingress tutorial with one difference. I already had the nginx ingress controller deployed to my 2 k8s clusters using the official guide.

My Ingresses work by setting the host header for curl:

$ curl -I -HHost:nginx.external.daneyon.com http://35.233.196.28:30778
HTTP/1.1 200 OK
Server: nginx/1.15.3
Date: Wed, 03 Oct 2018 18:13:31 GMT
Content-Type: text/html

danehans

# After e2e test "Create". Notice that all the prop versions are correct:

$ kubectl get clusterpropagatedversion/clusterrole-test-crud-nfshf -o yaml
apiVersion: core.federation.k8s.io/v1alpha1
kind: ClusterPropagatedVersion
metadata:
  creationTimestamp: 2018-09-26T18:26:23Z
  generation: 1
  name: clusterrole-test-crud-nfshf
  resourceVersion: "112821"

danehans

The following use cases are in the context of a k8s operator managing a large number of k8s clusters:

1. I need the ability to use one tool/interface to install Istio to all/most clusters.
2. I need the ability to ensure the Istio installation is consistent across the clusters.
3. When a deviation is required, I need the ability to set cluster-specific overrides.
4. I need the ability to make a configuration change and have it propogated to all/most clusters. For example, I want to change the network port that Istio Galley listens on from the default (9093) to 9092.
5. I need the ability to update one or more images used by Istio containers for all/most clusters. For example: upggrade image: "docker.io/istio/galley:1.0.0" to image: "docker.io/istio/galley:1.0.1"