Create OCI Service Mesh for VueJS SPA, NodeJS microservices and Autonomous Database using OCI Cloud Shell and kubectl
Have Oracle Oracle Kubernetes Engine (OKE) cluster up and running with kubectl access from OCI Cloud shell
Install Oracle Services Operator for Kubernetes (OSOK) to your OKE cluster, see https://github.com/oracle/oci-service-operator/blob/main/docs/installation.md#install-operator-sdk
Open Cloud shell from OCI Console
Run
git clone https://github.com/oracle-devrel/arch-oci-mesh.git cd arch-oci-mesh
Run
export mesh_name=pricing export mesh_compartment=ocid1.compartment.oc1.. export ca_ocid=ocid1.certificateauthority.oc1.eu-amsterdam-1.amaaaa... export ocir=<YOUR REGION OCIR HERE>/<YOUR TENANCY NAME HERE> e.g. ams.ocir.io/frsxwtjslf75 export dns_domain=<YOUR MESH DNS DOMAIN HERE> e.g. mymesh.mysite.com
Check out mesh documentation for setting up the CA.
Note: Run Cloud shell in the same region as the <YOUR REGION OCIR HERE> above.
To use image repos in OCIR images run
export docker_username='<YOUR TENANCY NAME HERE>/oracleidentitycloudservice/<YOUR USER NAME HERE>'
export docker_password='<YOUR ACCESS TOKEN HERE>'
docker login ${ocir} -u ${docker_username} -p ${docker_password}
This will also later create ocirsecret for OKE to access the image repos when deploying the services.
Run sh create_atp.sh pricemeshdb <YOUR ADB PASSWORD HERE>
e.g. sh create_atp.sh pricemeshdb RockenRoll321#!
<YOUR ADB PASSWORD HERE> needs to be a valid Autonomous database password, see here for details.
Test your ADB instance is alive and accessible:
kubectl get AutonomousDatabases -n ${mesh_name}
Run
oci artifacts container repository create -c ${mesh_compartment} --display-name ${mesh_name}-homesvc
oci artifacts container repository create -c ${mesh_compartment} --display-name ${mesh_name}-pricesvc
Additonally use --is-public flag in the statements above if you want to use public repos.
Build will build and push 2 microservices, home and price.
home is the application's Homepage that has two versions, v1 and v2 that will be load balanced by the mesh with 20/80 rule later. v1 is a static homepage and v2 is a dynamic one that will then access prices from Autonomous Database using price service with JSON.
Before building services download https://download.oracle.com/otn_software/linux/instantclient/217000/instantclient-basic-linux.x64-21.7.0.0.0dbru.zip to this project's root directory.
e.g. wget https://download.oracle.com/otn_software/linux/instantclient/217000/instantclient-basic-linux.x64-21.7.0.0.0dbru.zip
This is needed for the NodeJS oracledb library to access the Autonomous database from the price microservice.
Run sh build_services.sh pricemeshdb <YOUR ADB PASSWORD HERE>
e.g. sh build_services.sh pricemeshdb RockenRoll321#!
Run sh deploy_services.sh
View the deployments created kubectl get deployments -n ${mesh_name} -o wide
View services created kubectl get services -n ${mesh_name}
Run sh meshify_app.sh
Monitor pods being updated - this will take several minutes to happen
kubectl get pods -n ${mesh_name} --watch
View services being updated kubectl get services -n ${mesh_name} --watch
Note: Accessing mesh via OCI DNS requires a valid registered domain in order to be functional. Use the local configuration option instead if such is not available.
By default DNS zone will run in the same compartment as the mesh. However, if you want to specify another compartment for the DSN, run
export dns_compartment=ocid1.compartment.oc1..
Pick up the LodBalancer EXTERNAL-IP addresses and them to DNS Zone by running
kubectl get services -n ${mesh_name}
Then create/update DNS by running
sh update_dns.sh home <YOUR REGION HERE> mesh-ingress-ip sh update_dns.sh admin <YOUR REGION HERE> mesh-ingress-admin-ip
e.g.
sh update_dns.sh home eu-amsterdam-1 158.101.210.63 sh update_dns.sh admin eu-amsterdam-1 158.101.211.252
Alternatively open your local /etc/hosts file and add the following to acesss the mesh (example)
158.101.210.63 home.mymesh.mysite.com 158.101.211.252 admin.mymesh.mysite.com
Create Logging Dynamic Group and the Log Object
Monitoring pods and services will be created in monitoring namespace
export log_object_ocid=ocid1.log.oc1.eu-amsterdam-1.amaaaa..... export logging_dynamicgroup_ocid=ocid1.dynamicgroup.oc1..
Run sh create_monitoring.sh
Note: Log object above is expected to run in the same region you used in earlier steps.
Monitor services being created kubectl get services -n monitoring --watch
Once the Grafana EXTERNAL-IP shows up, copy it and open in browser to monitor the mesh using Grafana.
Access the home.<YOUR MESH DNS DOMAIN HERE> e.g. home.mymesh.mysite.com from browser.
Reload the page multiple times to see traffic split happening by the 20/80 rule to the homepage.
View Grafana for the same.
Access "price admin" of price microservice from the Admin -link on the homepage.
Admin user is priceadmin and password is <YOUR ADB PASSWORD> e.g.
RockenRoll321#!. Edit prices and options and then save and reload the homepage to see the values on Homepage chancing.
To test changes in home routing first run
sh update_home_routing.sh 100 0
Wait for a while and see traffic going to static homepage (v1) only. You can also view this from the mesh config on Cloud UI.
Note: The sum of the given routing values needs to be 100
Then run
sh update_home_routing.sh 20 80
Wait for a while and see traffic going back to both static (v1) and dynamic (v2) homepage with the 20/80 split.
See the traffic split to change in Grafana:
Install kubeshark locally from https://kubeshark.co/
Start capturing traffic and visit localhost:8899 to view real time streaming traffic:
kubeshark tap -n <YOUR MESH NAME HERE>
e.g.
kubeshark tap -n pricing
Navigate to your local browser for the Kubeshark views like the service map:
Note: OCI Service Mesh OKE cluster access with kubectl need to be setup locally for the Kubeshark accesss
OKE cluster with kubectl access in Cloud Shell
https://github.com/oracle/oci-service-operator/blob/main/docs/installation.md#install-operator-sdk
This project is open source. Please submit your contributions by forking this repository and submitting a pull request! Oracle appreciates any contributions that are made by the open source community.
Copyright (c) 2024 Oracle and/or its affiliates.
Licensed under the Universal Permissive License (UPL), Version 1.0.
See LICENSE for more details.
ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK.