Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/jetstack/fleetops-gke-ambient


https://github.com/jetstack/fleetops-gke-ambient

Last synced: 11 months ago
JSON representation

Awesome Lists containing this project

README 

          
# Istio Ambient on GKE



## Deploy cluster



```sh

make cluster

```



## Install Istio with ambient mode



By default in GKE, only kube-system has a defined ResourceQuota for the node-critical class. istio-cni and ztunnel both require the node-critical class, check the [docs](https://istio.io/latest/docs/ambient/install/platform-prerequisites/#google-kubernetes-engine-gke)



Create ResourceQuota into istio-system namespace:



```sh

kubectl create namespace istio-system

cat < /dev/null || \

  { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v1.1.0" | kubectl apply -f -; }

```



Enable waypoint proxy



```sh

istioctl x waypoint apply --enroll-namespace -n bank-of-ambient --wait

```



Validate a Pod and a Gateway is created for waypoint proxy



```sh

kubectl get pods -n bank-of-ambient

kubectl get gtw -n bank-of-ambient

```



Autorization policy



```sh

kubectl apply -f L7-policy.yaml

```



Verify the new waypoint proxy is enforcing the authorization policy:



```sh

export SLEEP_POD=$(kubectl get pods -n bank-of-ambient -l app=sleep -o 'jsonpath={.items[0].metadata.name}')

kubectl exec -it $SLEEP_POD -n bank-of-ambient -- curl frontend -X DELETE

```



## Performance testing



We will use [Fortio](https://fortio.org/), which is a load testing tool developed by Istio.



```sh

kubectl apply -f fortio.yaml

```



Launch Fortio web interface to configure and perform latency tests:



```sh

kubectl port-forward svc/fortio 8080:8080

```



ISTIO_INGRESS=34.147.178.37

bank of sidecar IP: 34.105.185.155