Created
August 17, 2018 05:27
-
-
Save tanmaybaranwal/de1a60576cde0f8ddbb247eab847de9c to your computer and use it in GitHub Desktop.
Istio Quickstart Deployment with Debian 9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {% set CLUSTER_NAME = env['deployment'] + '-' + env['name'] %} | |
| resources: | |
| - name: {{ properties['gkeClusterName'] }} | |
| type: container.v1.cluster | |
| properties: | |
| zone: {{ properties['zone'] }} | |
| cluster: | |
| name: {{ properties['gkeClusterName'] }} | |
| initialClusterVersion: 1.10.5 | |
| legacyAbac: | |
| enabled: false | |
| initialNodeCount: {{ properties['initialNodeCount'] }} | |
| nodeConfig: | |
| machineType: {{ properties["instanceType"] }} | |
| oauthScopes: | |
| - https://www.googleapis.com/auth/logging.write | |
| - https://www.googleapis.com/auth/monitoring | |
| - type: runtimeconfig.v1beta1.config | |
| name: {{ CLUSTER_NAME }}-config | |
| properties: | |
| config: {{ CLUSTER_NAME }}-config | |
| - type: runtimeconfig.v1beta1.waiter | |
| name: {{ CLUSTER_NAME }}-waiter | |
| metadata: | |
| dependsOn: | |
| - {{ CLUSTER_NAME }}-config | |
| properties: | |
| parent: $(ref.{{ CLUSTER_NAME }}-config.name) | |
| waiter: {{ CLUSTER_NAME }}-waiter | |
| timeout: 600s | |
| success: | |
| cardinality: | |
| path: /success | |
| number: 1 | |
| failure: | |
| cardinality: | |
| path: /failure | |
| number: 1 | |
| - name: {{ CLUSTER_NAME }}-vm | |
| type: compute.v1.instance | |
| metadata: | |
| dependsOn: | |
| - {{ properties['gkeClusterName'] }} | |
| properties: | |
| zone: {{ properties['zone'] }} | |
| machineType: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/zones/{{ properties["zone"] }}/machineTypes/{{ properties["instanceType"] }} | |
| tags: | |
| items: | |
| - istio-init | |
| serviceAccounts: | |
| - email: "default" | |
| scopes: | |
| - https://www.googleapis.com/auth/cloud-platform | |
| - https://www.googleapis.com/auth/compute | |
| - https://www.googleapis.com/auth/logging.write | |
| - https://www.googleapis.com/auth/monitoring | |
| - https://www.googleapis.com/auth/servicecontrol | |
| - https://www.googleapis.com/auth/service.management.readonly | |
| - https://www.googleapis.com/auth/userinfo.email | |
| networkInterfaces: | |
| - network: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/global/networks/default | |
| accessConfigs: | |
| - name: External NAT | |
| type: ONE_TO_ONE_NAT | |
| disks: | |
| - deviceName: boot | |
| type: PERSISTENT | |
| boot: true | |
| autoDelete: true | |
| initializeParams: | |
| diskName: {{ CLUSTER_NAME }}-vm-disk | |
| sourceImage: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-9 | |
| metadata: | |
| items: | |
| - key: startup-script | |
| value: | | |
| #!/bin/bash -x | |
| apt-get update && apt-get install -y git google-cloud-sdk curl kubectl | |
| export HOME=/root | |
| cd /root/ | |
| gcloud container clusters get-credentials {{ properties['gkeClusterName'] }} --zone {{ properties['zone'] }} | |
| kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account) | |
| wget https://github.com/istio/istio/releases/download/{{ properties['installIstioRelease'] }}/istio-{{ properties['installIstioRelease'] }}-linux.tar.gz | |
| tar xzf istio-{{ properties['installIstioRelease'] }}-linux.tar.gz | |
| wget -P /root/helm/ https://storage.googleapis.com/kubernetes-helm/helm-v2.9.1-linux-amd64.tar.gz | |
| tar xf /root/helm/helm-v2.9.1-linux-amd64.tar.gz -C /root/helm/ | |
| export PATH="$PATH:/root/istio-{{ properties['installIstioRelease'] }}/bin::/root/helm/linux-amd64/" | |
| cd /root/istio-{{ properties['installIstioRelease'] }} | |
| kubectl create ns istio-system | |
| ISTIO_OPTIONS=" --set global.proxy.image=proxyv2 " | |
| {% if properties['enableMutualTLS'] %} | |
| ISTIO_OPTIONS=$ISTIO_OPTIONS" --set global.mtls.enabled=true" | |
| {% endif %} | |
| {% if properties['enableAutomaticSidecarInjection'] %} | |
| ISTIO_OPTIONS=$ISTIO_OPTIONS" --set sidecar-injector.enabled=true" | |
| {% endif %} | |
| {% if properties['enableGrafana'] or properties['enablePrometheus'] %} | |
| ISTIO_OPTIONS=$ISTIO_OPTIONS" --set prometheus.enabled=true" | |
| {% endif %} | |
| {% if properties['enableGrafana'] %} | |
| ISTIO_OPTIONS=$ISTIO_OPTIONS" --set grafana.enabled=true" | |
| {% endif %} | |
| {% if properties['enableTracing'] %} | |
| ISTIO_OPTIONS=$ISTIO_OPTIONS" --set tracing.enabled=true " | |
| {% endif %} | |
| {% if properties['enableServiceGraph'] %} | |
| ISTIO_OPTIONS=$ISTIO_OPTIONS" --set servicegraph.enabled=true" | |
| {% endif %} | |
| helm template install/kubernetes/helm/istio --name istio --namespace istio-system $ISTIO_OPTIONS > istio.yaml | |
| kubectl apply -f istio.yaml | |
| kubectl label namespace default istio-injection=enabled | |
| sleep 150 | |
| kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml | |
| bin/istioctl create -f samples/bookinfo/networking/bookinfo-gateway.yaml | |
| gcloud beta runtime-config configs variables set success/{{ CLUSTER_NAME }}-waiter success --config-name $(ref.{{ CLUSTER_NAME }}-config.name) | |
| gcloud -q compute instances delete {{ CLUSTER_NAME }}-vm --zone {{ properties['zone'] }} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Run it as:
https://accounts.google.com/signin/v2/identifier?service=cloudconsole&continue=https://console.cloud.google.com/launcher/config?templateurl=https://gist.githubusercontent.com/tanmaybaranwal/de1a60576cde0f8ddbb247eab847de9c/raw/1571946c335fa9b8f7164f43b0b8beb26e79241c/istio-cluster.jinja&followup=https://console.cloud.google.com/launcher/config?templateurl=https://raw.githubusercontent.com/istio/istio/master/install/gcp/deployment_manager/istio-cluster.jinja&flowName=GlifWebSignIn&flowEntry=ServiceLogin