Created
January 23, 2021 01:18
-
-
Save nmittler/420f0d5cbf043aa603d31f8ef2109e0f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #HUB=gcr.io/istio-testing | |
| #TAG=latest | |
| echo "HUB=${HUB}" | |
| echo "TAG=${TAG}" | |
| # Delete Istio in this cluster | |
| kubectl delete ns istio-system sample --context=${CTX_CLUSTER1} --ignore-not-found & | |
| kubectl delete ns istio-system sample --context=${CTX_CLUSTER2} --ignore-not-found & | |
| wait | |
| echo "Configuring Trust..." | |
| mkdir -p certs | |
| pushd certs || exit | |
| make -f ../tools/certs/Makefile.selfsigned.mk root-ca | |
| make -f ../tools/certs/Makefile.selfsigned.mk cluster1-cacerts | |
| make -f ../tools/certs/Makefile.selfsigned.mk cluster2-cacerts | |
| kubectl --context="$CTX_CLUSTER1" create namespace istio-system | |
| kubectl --context="$CTX_CLUSTER2" create namespace istio-system | |
| kubectl --context="$CTX_CLUSTER1" create secret generic cacerts -n istio-system \ | |
| --from-file=cluster1/ca-cert.pem \ | |
| --from-file=cluster1/ca-key.pem \ | |
| --from-file=cluster1/root-cert.pem \ | |
| --from-file=cluster1/cert-chain.pem | |
| kubectl --context="$CTX_CLUSTER2" create secret generic cacerts -n istio-system \ | |
| --from-file=cluster2/ca-cert.pem \ | |
| --from-file=cluster2/ca-key.pem \ | |
| --from-file=cluster2/root-cert.pem \ | |
| --from-file=cluster2/cert-chain.pem | |
| popd || exit | |
| echo "Installing Istio on primary cluster..." | |
| cat <<EOF > cluster1.yaml | |
| apiVersion: install.istio.io/v1alpha1 | |
| kind: IstioOperator | |
| spec: | |
| values: | |
| global: | |
| meshID: mesh1 | |
| multiCluster: | |
| clusterName: cluster1 | |
| network: network1 | |
| EOF | |
| echo y | istioctl install --context="${CTX_CLUSTER1}" -f cluster1.yaml \ | |
| --charts manifests \ | |
| --set values.global.hub=$HUB \ | |
| --set values.global.tag=$TAG \ | |
| --set values.global.imagePullPolicy=Always | |
| echo "Installing eastwest gateway..." | |
| samples/multicluster/gen-eastwest-gateway.sh \ | |
| --mesh mesh1 --cluster cluster1 --network network1 | \ | |
| istioctl --context="${CTX_CLUSTER1}" install -y -f - | |
| echo "Exposing istiod..." | |
| kubectl apply --context="${CTX_CLUSTER1}" -f \ | |
| samples/multicluster/expose-istiod.yaml | |
| echo "Creating remote secret for cluster2 on cluster1..." | |
| istioctl x create-remote-secret \ | |
| --context="${CTX_CLUSTER2}" \ | |
| --name=cluster2 | \ | |
| kubectl apply -f - --context="${CTX_CLUSTER1}" | |
| echo "Waiting for eastwest gateway to get public IP" | |
| start_time=$(date +%s) | |
| end_time=$((start_time + 120)) | |
| export DISCOVERY_ADDRESS="" | |
| while true; do | |
| DISCOVERY_ADDRESS=$(kubectl \ | |
| --context="${CTX_CLUSTER1}" \ | |
| -n istio-system get svc istio-eastwestgateway \ | |
| -o jsonpath='{.status.loadBalancer.ingress[0].ip}') | |
| if [[ -z "$DISCOVERY_ADDRESS" ]]; then | |
| current_time=$(date +%s) | |
| if (( current_time > end_time )); then | |
| echo "Failed acquiring a public IP for the eastwestgateway after 120s" | |
| exit 1 | |
| fi | |
| sleep 1 | |
| else | |
| echo "Eastwest gateway is up! Address=${DISCOVERY_ADDRESS}" | |
| break | |
| fi | |
| done | |
| echo "Installing Istio on remote cluster..." | |
| cat <<EOF > cluster2.yaml | |
| apiVersion: install.istio.io/v1alpha1 | |
| kind: IstioOperator | |
| spec: | |
| profile: remote | |
| values: | |
| global: | |
| meshID: mesh1 | |
| multiCluster: | |
| clusterName: cluster2 | |
| network: network1 | |
| remotePilotAddress: ${DISCOVERY_ADDRESS} | |
| EOF | |
| echo y | istioctl install --context="${CTX_CLUSTER2}" -f cluster2.yaml \ | |
| --charts manifests \ | |
| --set values.global.hub=$HUB \ | |
| --set values.global.tag=$TAG \ | |
| --set values.global.imagePullPolicy=Always | |
| #### Install the Apps #### | |
| kubectl create --context="${CTX_CLUSTER1}" namespace sample | |
| kubectl create --context="${CTX_CLUSTER2}" namespace sample | |
| kubectl label --context="${CTX_CLUSTER1}" namespace sample \ | |
| istio-injection=enabled | |
| kubectl label --context="${CTX_CLUSTER2}" namespace sample \ | |
| istio-injection=enabled | |
| kubectl apply --context="${CTX_CLUSTER1}" \ | |
| -f samples/helloworld/helloworld.yaml \ | |
| -l service=helloworld -n sample | |
| kubectl apply --context="${CTX_CLUSTER2}" \ | |
| -f samples/helloworld/helloworld.yaml \ | |
| -l service=helloworld -n sample | |
| kubectl apply --context="${CTX_CLUSTER1}" \ | |
| -f samples/helloworld/helloworld.yaml \ | |
| -l version=v1 -n sample | |
| kubectl apply --context="${CTX_CLUSTER2}" \ | |
| -f samples/helloworld/helloworld.yaml \ | |
| -l version=v2 -n sample | |
| kubectl apply --context="${CTX_CLUSTER1}" \ | |
| -f samples/sleep/sleep.yaml -n sample | |
| kubectl apply --context="${CTX_CLUSTER2}" \ | |
| -f samples/sleep/sleep.yaml -n sample | |
| # Wait for a bit for the apps to start | |
| sleep 30 | |
| echo "Sending traffic from cluster $CTX_CLUSTER2" | |
| for i in {1..10}; do | |
| kubectl exec --context="${CTX_CLUSTER2}" -n sample -c sleep \ | |
| "$(kubectl get pod --context="${CTX_CLUSTER2}" -n sample -l \ | |
| app=sleep -o jsonpath='{.items[0].metadata.name}')" \ | |
| -- curl -sS helloworld.sample:5000/hello | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment