Terraform v0.14.3
GKE 1.16.15-gke.4901
How is GKE and its Istio and Metering integrating with Google Cloud's operations suite (formerly Stackdriver) - Monitoring, Logging, Trace and Debugger.
We observe to implementing rocketChat. So, it's two part of GKE. free Istio. Rocket chat.
Install Terraform, kubectl, istionctl and Helm.
But you can deploy https://github.com/r-mamchur/GCE_desktop_vm, there is everything.
Terraform deploy infrascrukture - GKE cluster and BigQuery Dataset for it.
(Dataset is need for Metering Cluster )
kube-conf will be genereted by terraform from template. It allows access to the cluster (with kubectl, istioctl and helm).
Copy it to $HONE/.kube/config or add --kubeconfig="<Path>/kube-conf" to command line.
Add a namespace label to instruct Istio to automatically inject Envoy sidecar proxies when you deploy your application later:
kubectl label namespace default istio-injection=enabled
Rocket Chat with Helm.
WARNING: This chart is deprecated
Chart Version 3.6.0
Current Version 3.10.3
Details:
https://docs.rocket.chat/installation/automation-tools/helm-chart
https://github.com/helm/charts/tree/master/stable/rocketchat
helm repo add stable https://charts.helm.sh/stable
helm install rocket stable/rocketchat \
--set replicaCount=2 \
--set mongodb.mongodbUsername=rocketchat,mongodb.mongodbPassword=changeme,mongodb.mongodbDatabase=rocketchat,mongodb.mongodbRootPassword=root-changeme \
--kubeconfig="./kube-conf"
Open the application to outside traffic.
# Get IP
export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway \
-o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo $INGRESS_HOST
# Generate server certificat and key
openssl req -newkey rsa:2048 -sha256 -nodes -keyout ./server.key \
-out ./server.crt -x509 -days 365 \
-subj "/C=UA/ST=Prykarpattia/L=Ivano-Frankivsk/O=Rohy i kopyta Inc./OU=Camel/CN=$INGRESS_HOST/[email protected]"
# Configure a ingress gateway (TLS and not) and VirtualService
kubectl apply -f GW_VS.yaml --kubeconfig=./kube-confVerify external access at $INGRESS_HOST (http and https).
$ istioctl analyze
Warning [IST0002] (CustomResourceDefinition clusterrbacconfigs.rbac.istio.io) Deprecated: Custom resource type rbac.istio.io ClusterRbacConfig is removed
Warning [IST0002] (CustomResourceDefinition rbacconfigs.rbac.istio.io) Deprecated: Custom resource type rbac.istio.io RbacConfig is removed
Warning [IST0002] (CustomResourceDefinition servicerolebindings.rbac.istio.io) Deprecated: Custom resource type rbac.istio.io ServiceRoleBinding is removed
Warning [IST0002] (CustomResourceDefinition serviceroles.rbac.istio.io) Deprecated: Custom resource type rbac.istio.io ServiceRole is removed" Anthos Service Mesh or open source Istio are better options for production workloads."
- Gateway didn't take up
server certificate.