Initial commit

Author: evil-kekc

.gitignore

@@ -0,0 +1,4 @@
+.idea
+.venv
+*__pycache__/
+istio-1.25.0/

Makefile

@@ -0,0 +1,25 @@
+.PHONY: start-minikube
+start-minikube:
+	@minikube start --driver=docker --cpus 8 --memory 8G --addons=metrics-server
+
+.PHONY: install-istio
+install-istio:
+	@istioctl install -f patches/tracing.yaml --skip-confirmation
+	@kubectl apply -f patches/telemetry.yaml
+	@kubectl label namespace default istio-injection=enabled --overwrite
+	@kubectl apply \
+		-f https://raw.githubusercontent.com/istio/istio/release-1.25/samples/addons/prometheus.yaml \
+		-f https://raw.githubusercontent.com/istio/istio/release-1.25/samples/addons/kiali.yaml \
+		-f https://raw.githubusercontent.com/istio/istio/release-1.25/samples/addons/grafana.yaml \
+		-f https://raw.githubusercontent.com/istio/istio/release-1.25/samples/addons/jaeger.yaml
+	@kubectl apply -k patches
+	@kubectl rollout restart deployment -n istio-system grafana
+	@kubectl rollout restart deployment -n istio-system kiali
+
+.PHONY: create-python-app
+create-python-app:
+	@kubectl apply -k python-app/k8s
+
+.PHONY: test-python-app
+test-python-app:
+	@./tests/h2load.sh

README.md

@@ -0,0 +1,148 @@
+# Python Flask App with Istio Integration
+
+This project is a simple Flask web application deployed in Kubernetes using Istio for traffic management and monitoring.
+
+## Project Structure
+
+---
+
+```text
+├── Makefile
+├── README.md
+├── kustomization.yaml
+├── patches
+│   ├── grafana-cm.yaml
+│   └── kustomization.yaml
+├── python-app
+│   ├── Dockerfile
+│   ├── app.py
+│   ├── k8s
+│   │   ├── base
+│   │   │   ├── app-service.yaml
+│   │   │   ├── ingressgateway-istio.yaml
+│   │   │   ├── kustomization.yaml
+│   │   │   ├── v1
+│   │   │   │   └── app-deployment-v1.yaml
+│   │   │   ├── v2
+│   │   │   │   └── app-deployment-v2.yaml
+│   │   │   └── v3
+│   │   │       └── app-deployment-v3.yaml
+│   │   ├── destination-rule.yaml
+│   │   ├── kustomization.yaml
+│   │   ├── security
+│   │   │   ├── auth-policy.yaml
+│   │   │   ├── kustomization.yaml
+│   │   │   └── peer-authentication.yaml
+│   │   └── vs.yaml
+│   └── templates
+│       └── index.html
+└── tests
+    └── h2load.sh
+```
+
+- `app.py` - Main Flask application file.
+- `Dockerfile` - Docker image for the application.
+- `templates/index.html` - HTML template for the homepage.
+- `Makefile` - Automation scripts for tasks like starting Minikube, installing Istio, and deploying the app.
+- `k8s/` - Kubernetes manifests for deploying the application.
+- `tests/h2load.sh` - Script for performance testing.
+- `patches` - Patch `ConfigMap` to access grafana dashboard using istio `VirtualService`.
+
+## Requirements
+
+---
+
+- [Python 3.11](https://www.python.org/downloads/release/python-3110/)
+- [Docker](https://www.docker.com/)
+- [Minikube](https://minikube.sigs.k8s.io/docs/)
+- [Istio](https://istio.io/)
+- [Kubernetes CLI](https://kubernetes.io/docs/reference/kubectl/) (`kubectl`)
+- [Istio CLI](https://istio.io/latest/docs/ops/diagnostic-tools/istioctl/) (`istioctl`)
+
+## Installation and Usage
+
+---
+
+### 1. Start Minikube
+```bash
+make start-minikube
+```
+
+### 2. Install Istio
+```bash
+make install-istio
+```
+
+### 3. Build Docker Image (optional)
+
+You can build the Docker image for the application using the provided Dockerfile. The Dockerfile is located in the `python-app` directory.
+```bash
+docker build -t istio-python-app:latest python-app/
+docker tag istio-python-app:latest <your-registry>/istio-python-app:latest
+docker push <your-registry>/istio-python-app:latest
+```
+
+And then change the image name in the [deployments](./python-app/k8s/base) files located in `python-app/k8s/base/` (`v1`, `v2`, `v3` folders) to match your registry.
+
+### 4. Deploy the Application to Kubernetes
+```bash
+make create-python-app
+```
+    
+### 5. Forward istio-ingressgateway port
+```bash
+kubectl port-forward -n istio-system service/istio-ingressgateway 8080:80
+```
+
+
+## Accessing the Application
+
+---
+
+After deployment, the application will be accessible via the Istio Ingress Gateway. To get access by URL add the following into the `/etc/hosts` file:
+
+```text
+127.0.0.1       example.local
+```
+
+Then, you can access the application using the following URL:
+
+```text
+http://example.local:8080/app
+```
+
+To access the grafana dashboard you can use the following URL:
+
+```text
+http://example.local:8080/grafana
+```
+
+To access the Kiali dashboard, you can use the following URL:
+
+```text
+http://example.local:8080/kiali
+```
+
+You can also access to the API endpoint using the following command:
+
+```bash
+curl -H "Authorization: Bearer my-static-token-123" http://example.local:8080/app/api
+```
+
+## Testing the application
+
+---
+
+To test the application, you can use the `h2load.sh` script located in the `tests` directory. This script uses `h2load` to perform load testing on the application.
+Use the following command to run the test:
+
+```bash
+make test-python-app
+```
+
+## Monitoring
+
+---
+
+- **[Prometheus](https://istio.io/latest/docs/ops/integrations/prometheus/)**: Application metrics.
+- **[Kiali](https://istio.io/latest/docs/ops/integrations/kiali/)**: Visualization of network traffic.

kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - python-app/k8s

patches/grafana-cm.yaml

@@ -0,0 +1,66 @@
+# Source: grafana/templates/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana
+  namespace: istio-system
+  labels:
+    helm.sh/chart: grafana-8.6.3
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/version: "11.3.1"
+data:
+  grafana.ini: |
+    [analytics]
+    check_for_updates = true
+    [grafana_net]
+    url = https://grafana.net
+    [log]
+    mode = console
+    [paths]
+    data = /var/lib/grafana/
+    logs = /var/log/grafana
+    plugins = /var/lib/grafana/plugins
+    provisioning = /etc/grafana/provisioning
+    [server]
+    domain = ''
+    root_url = %(protocol)s://%(domain)s:%(http_port)s/grafana/
+    serve_from_sub_path = true
+  datasources.yaml: |
+    apiVersion: 1
+    datasources:
+    - access: proxy
+      editable: true
+      isDefault: true
+      jsonData:
+        timeInterval: 15s
+      name: Prometheus
+      orgId: 1
+      type: prometheus
+      url: http://prometheus:9090
+    - access: proxy
+      editable: true
+      isDefault: false
+      jsonData:
+        timeInterval: 5s
+      name: Loki
+      orgId: 1
+      type: loki
+      url: http://loki:3100
+  dashboardproviders.yaml: |
+    apiVersion: 1
+    providers:
+    - disableDeletion: false
+      folder: istio
+      name: istio
+      options:
+        path: /var/lib/grafana/dashboards/istio
+      orgId: 1
+      type: file
+    - disableDeletion: false
+      folder: istio
+      name: istio-services
+      options:
+        path: /var/lib/grafana/dashboards/istio-services
+      orgId: 1
+      type: file

patches/kiali-cm.yaml

@@ -0,0 +1,127 @@
+---
+# Source: kiali-server/templates/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kiali
+  namespace: "istio-system"
+  labels:
+    helm.sh/chart: kiali-server-2.5.0
+    app: kiali
+    app.kubernetes.io/name: kiali
+    app.kubernetes.io/instance: kiali
+    version: "v2.5.0"
+    app.kubernetes.io/version: "v2.5.0"
+    app.kubernetes.io/part-of: "kiali"
+data:
+  config.yaml: |
+    additional_display_details:
+    - annotation: kiali.io/api-spec
+      icon_annotation: kiali.io/api-type
+      title: API Documentation
+    auth:
+      openid: {}
+      openshift:
+        client_id_prefix: kiali
+      strategy: anonymous
+    clustering:
+      autodetect_secrets:
+        enabled: true
+        label: kiali.io/multiCluster=true
+      clusters: []
+    deployment:
+      additional_service_yaml: {}
+      affinity:
+        node: {}
+        pod: {}
+        pod_anti: {}
+      cluster_wide_access: true
+      configmap_annotations: {}
+      custom_envs: []
+      custom_secrets: []
+      dns:
+        config: {}
+        policy: ""
+      host_aliases: []
+      hpa:
+        api_version: autoscaling/v2
+        spec: {}
+      image_digest: ""
+      image_name: quay.io/kiali/kiali
+      image_pull_policy: IfNotPresent
+      image_pull_secrets: []
+      image_version: v2.5
+      ingress:
+        additional_labels: {}
+        class_name: nginx
+        override_yaml:
+          metadata: {}
+      ingress_enabled: false
+      instance_name: kiali
+      logger:
+        log_format: text
+        log_level: info
+        sampler_rate: "1"
+        time_field_format: 2006-01-02T15:04:05Z07:00
+      namespace: istio-system
+      node_selector: {}
+      pod_annotations: {}
+      pod_labels:
+        sidecar.istio.io/inject: "false"
+      priority_class_name: ""
+      probes:
+        liveness:
+          initial_delay_seconds: 5
+          period_seconds: 30
+        readiness:
+          initial_delay_seconds: 5
+          period_seconds: 30
+        startup:
+          failure_threshold: 6
+          initial_delay_seconds: 30
+          period_seconds: 10
+      remote_cluster_resources_only: false
+      replicas: 1
+      resources:
+        limits:
+          memory: 1Gi
+        requests:
+          cpu: 10m
+          memory: 64Mi
+      secret_name: kiali
+      security_context: {}
+      service_annotations: {}
+      service_type: ""
+      tolerations: []
+      topology_spread_constraints: []
+      version_label: v2.5.0
+      view_only_mode: false
+    external_services:
+      custom_dashboards:
+        enabled: true
+      istio:
+        root_namespace: istio-system
+      tracing:
+        enabled: true
+        internal_url: "http://tracing.istio-system:16685/jaeger"
+        use_grpc: true
+        external_url: "http://localhost:16686"
+    identity:
+      cert_file: ""
+      private_key_file: ""
+    istio_namespace: istio-system
+    kiali_feature_flags:
+      disabled_features: []
+      validations:
+        ignore:
+        - KIA1301
+    login_token:
+      signing_key: CHANGEME00000000
+    server:
+      observability:
+        metrics:
+          enabled: true
+          port: 9090
+      port: 20001
+      web_root: /kiali
+...

patches/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: istio-system
+
+resources:
+  - grafana-cm.yaml
+  - kiali-cm.yaml