Demos used in On.NET show
Watch https://youtu.be/zW4INO353Xg for details.
Navigate to the microservices folder in a CLI. Then run the command tye run. If you're new to Tye, checkout the getting started guide first.
Open microservices/frontend/Startup.cs and uncomment the following code from the ConfigureServices method:
// // uncomment the code below for handling partial failures in code
// .AddPolicyHandler(GetRetryPolicy())
// .AddPolicyHandler(GetCircuitBreakerPolicy());
// Run the sample again using tye run.
Samples covers both Linkerd and Istio configurations. The instructions are detailed out below.
First, deploy the application and its dependencies to Kubernetes before the services can be meshed. Redis
Run the following command from CLI:
kubectl apply -f https://raw.githubusercontent.com/dotnet/tye/master/docs/tutorials/hello-tye/redis.yaml
Zipkin
Run the following command from CLI:
kubectl apply -f https://raw.githubusercontent.com/dotnet/tye/master/docs/recipes/zipkin.yaml
Check the status using the command kubectl get po
➜ microservices git:(main) ✗ kubectl get po
NAME READY STATUS RESTARTS AGE
redis-57455cbdbf-8czhg 1/1 Running 0 15s
zipkin-6cf9b865d-h6s4v 1/1 Running 0 5s
Note: Do not uncomment the code shown earlier. The resiliency will be handled in the service mesh.
Run the following command from the CLI and provide your dockerhub/acr details for Container Registry.
tye deploy -i
You'll be prompted for the connection string for redis.
Validating Secrets...
Enter the connection string to use for service 'redis':
Enter the following to use instance that you just deployed:
redis:6379
tye deploy will create kubernetes secret to store the connection string.
Validating Secrets...
Enter the connection string to use for service 'redis': redis:6379
Created secret 'binding-production-redis-secret'.
Tye will prompt for the zipkin URI. If you've followed these basic instructions, then use http://zipkin:9411.
If you're new to tye, checkout the guide Getting started with Deployment
Check the status using the command kubectl get po
➜ microservices git:(main) ✗ kubectl get po
NAME READY STATUS RESTARTS AGE
backend-86b455fcc9-njj5p 2/2 Running 0 5m7s
frontend-df8546cb7-dg4xd 2/2 Running 0 5m7s
redis-57455cbdbf-8czhg 1/1 Running 0 9m21s
zipkin-6cf9b865d-h6s4v 1/1 Running 0 9m11s
Test the deployment using the following command:
kubectl port-forward svc/frontend 3000:80
Open, http://localhost:3000/ and checkout the page. Refresh a couple of times to see the error pop up randomly.
Download and install the Linkerd CLI from the release page and add it to the PATH.
linkerd check --pre
On success, you should get a result like this:
➜ microservices git:(main) ✗ linkerd check --pre
kubernetes-api
--------------
√ can initialize the client
√ can query the Kubernetes API
kubernetes-version
------------------
√ is running the minimum Kubernetes API version
√ is running the minimum kubectl version
pre-kubernetes-setup
--------------------
√ control plane namespace does not already exist
√ can create non-namespaced resources
√ can create ServiceAccounts
√ can create Services
√ can create Deployments
√ can create CronJobs
√ can create ConfigMaps
√ can create Secrets
√ can read Secrets
√ can read extension-apiserver-authentication configmap
√ no clock skew detected
pre-kubernetes-capability
-------------------------
√ has NET_ADMIN capability
√ has NET_RAW capability
linkerd-version
---------------
√ can determine the latest version
‼ cli is up-to-date
is running version 20.12.1 but the latest edge version is 20.12.3
see https://linkerd.io/checks/#l5d-version-cli for hints
Run the following command to install Linkerd onto the cluster:
linkerd install | kubectl apply -f -
and verify with the following command:
kubectl -n linkerd get deploy
You'll see a response like this:
➜ microservices git:(main) ✗ kubectl -n linkerd get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
linkerd-controller 1/1 1 1 2m48s
linkerd-destination 1/1 1 1 2m48s
linkerd-grafana 1/1 1 1 2m47s
linkerd-identity 1/1 1 1 2m48s
linkerd-prometheus 1/1 1 1 2m47s
linkerd-proxy-injector 1/1 1 1 2m47s
linkerd-sp-validator 1/1 1 1 2m47s
linkerd-tap 1/1 1 1 2m47s
Run the following command to see the linkerd dashboard
linkerd dashboard &
Linkerd service mesh is an opt-in feature. You can configure the services that you like to add to the mesh. Since our services were deployed using Tye, we didn't have to work with Kubernetes deployment files. Hence we will use the following commands to extract the deployments and inject Linkerd annotations and redploy them onto the cluster.
Run the following commands one by one:
kubectl get deploy frontend -o yaml | linkerd inject - | kubectl apply -f -
kubectl get deploy backend -o yaml | linkerd inject - | kubectl apply -f -
kubectl get deploy zipkin -o yaml | linkerd inject - | kubectl apply -f -
kubectl get deploy redis -o yaml | linkerd inject - | kubectl apply -f -
Navigate to Linkerd Dashboard, and ensure the services are meshed.
Navigate to servicemesh\linkerd folder and run the following command from the CLI:
kubectl apply -f .\backendServiceProfile.yaml
Forward port to your frontend service and navigate to the site to see the partial failures go away.
If you wish to use Istio instead of Linkerd, the following section will guide you install Istio as the service mesh and to configure resliency.
Download and install the istioctl from the release page and add it to the PATH.
istioctl x precheck
On success, you should get a result like this:
➜ Source istioctl x precheck
Checking the cluster to make sure it is ready for Istio installation...
#1. Kubernetes-api
-----------------------
Can initialize the Kubernetes client.
Can query the Kubernetes API Server.
#2. Kubernetes-version
-----------------------
Istio is compatible with Kubernetes: v1.18.8.
#3. Istio-existence
-----------------------
Istio will be installed in the istio-system namespace.
#4. Kubernetes-setup
-----------------------
Can create necessary Kubernetes configurations: Namespace,ClusterRole,ClusterRoleBinding,CustomResourceDefinition,Role,ServiceAccount,Service,Deployments,ConfigMap.
#5. SideCar-Injector
-----------------------
This Kubernetes cluster supports automatic sidecar injection. To enable automatic sidecar injection see https://istio.io/v1.8/docs/setup/additional-setup/sidecar-injection/#deploying-an-app
-----------------------
Install Pre-Check passed! The cluster is ready for Istio installation.
Run the following command to install Istio onto the cluster with default config profile:
istioctl install --set profile=default
On success, you should get a result like this:
➜ Source istioctl install --set profile=default
This will install the Istio default profile with ["Istio core" "Istiod" "Ingress gateways"] components into the cluster. Proceed? (y/N) y
Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/v1.8/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for details.
✔ Istio core installed
✔ Istiod installed
✔ Ingress gateways installed
✔ Installation complete
More about Installation Configure Profiles, check the documentation
Check the installation status with the following command:
kubectl -n istio-system get pods
Resulting to:
➜ Source kubectl -n istio-system get pods
NAME READY STATUS RESTARTS AGE
istio-ingressgateway-77bcf54747-24nvh 1/1 Running 0 3m22s
istiod-66bcf5d94f-s22s7 1/1 Running 0 3m40s
You can configure the services that you like to add to the mesh. Since our services were deployed using Tye, we didn't have to work with Kubernetes deployment files. Hence we will use the following commands to extract the deployments and inject Istio annotations and redploy them onto the cluster.
Run the following commands one by one:
kubectl get deploy backend -o yaml | istioctl kube-inject -f - | kubectl apply -f -
kubectl get deploy frontend -o yaml | istioctl kube-inject -f - | kubectl apply -f -
kubectl get deploy redis -o yaml | istioctl kube-inject -f - | kubectl apply -f -
kubectl get deploy zipkin -o yaml | istioctl kube-inject -f - | kubectl apply -f -
Navigate to servicemesh\istio folder and run the following command from the CLI:
kubectl apply -f .\backendVirtualService.yaml
To install a Kiali dashboard, along with Prometheus, Grafana, and Jaeger, run the following commands:
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.8/samples/addons/prometheus.yaml
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.8/samples/addons/grafana.yaml
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.8/samples/addons/jaeger.yaml
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.8/samples/addons/kiali.yaml
To run the dashboard, run these commands:
kubectl rollout status deployment/kiali -n istio-system
istioctl dashboard kiali
Forward port to your frontend service and navigate to the site to see the partial failures go away.
That's it!