Update kuma tutorial for learnings

ranjith-ka · Apr 8, 2024 · 11f5e11 · 11f5e11
1 parent 231ac29
commit 11f5e11
Show file tree

Hide file tree

Showing 8 changed files with 123 additions and 24 deletions.
diff --git a/Makefile b/Makefile
@@ -213,13 +213,19 @@ kafka-ui:
 	@helm repo add kafka-ui https://provectus.github.io/kafka-ui-charts
 	@helm install kafka-ui -f minikube/kafka/kafka-ui.yaml kafka-ui/kafka-ui
 
+kuma:
+	@kumactl install control-plane | kubectl apply -f -
+	@kubectl apply -f minikube/kuma/demo.yaml
+	@kubectl apply -f minikube/kuma/kuma-ingress.yaml
+	@helm install -f minikube/nginx/values.yaml nginx ingress-nginx/ingress-nginx
+
 kuma-global:
 	@helm repo add kuma https://kumahq.github.io/charts
 	@helm install --create-namespace --namespace kuma-system kuma-global -f minikube/kuma/global.yaml kuma/kuma
 
 kuma-cp:
 	@helm repo add kuma https://kumahq.github.io/charts
-	@helm install --namespace kuma-system kuma-cp -f minikube/kuma/cp.yaml kuma/kuma
+	@helm install  kuma-cp -f minikube/kuma/cp.yaml kuma/kuma
 
 metallb::
 	@kubectl get configmap kube-proxy -n kube-system -o yaml | sed -e "s/strictARP: false/strictARP: true/" | kubectl apply -f - -n kube-system

diff --git a/minikube/kuma/Readme.md b/minikube/kuma/Readme.md
@@ -0,0 +1,5 @@
+# Kuma
+
+Need to look into those features to enable the Service Mesh things.
+
+<https://kuma.io/features>
diff --git a/minikube/kuma/Tutorial/02_kuma_production.md b/minikube/kuma/Tutorial/02_kuma_production.md
@@ -82,4 +82,3 @@ Kuma - being an application that wants to improve the underlying connectivity be
     5683: gRPC Intercommunication CP server used internally by Kuma to communicate between CP instances.
     5685: the Kuma Discovery Service port, leveraged in multi-zone deployments.
 
-//TODO
diff --git a/minikube/kuma/Tutorial/03_deployments.md b/minikube/kuma/Tutorial/03_deployments.md
@@ -1,20 +1,47 @@
 # Kuma Deployments
 
-    ```bash
-    $ helm install --namespace kuma-system --set "controlPlane.mode=zone" kuma kuma/kuma
-    ```
+Follow the documents for installting the kuma control plane
 
-## Single-zone deployment
+```bash
+make kuma
+```
 
-### Deploy a single-zone control plane
+This will install the kuma in local with only control plan configuration, there is no global zone config settings.
 
-Default helm chart will install the single-zone control plane.
+## Zone Ingress
 
-    ```bash
-    $ helm install --create-namespace --namespace kuma-system \
-    --set "controlPlane.mode=zone" \
-    kuma kuma/kuma
+- All requests that are sent from one zone to another will be directed to the proper instance by the Zone Ingress.
+- Because ZoneIngress uses Service Name Indication (SNI) to route traffic, mTLS is required to do cross zone communication.
 
-    $ make kuma
-    ```
+> **Note:** You shouldn't run zoneEgress when running the CP in global
 
+
+
+## Zone Egress
+
+ZoneEgress proxy is used when it is required to isolate outgoing traffic (to services in other zones or external services in the local zone). and you want to achieve isolation of outgoing traffic (to services in other zones or external services in the local zone), you can use ZoneEgress proxy.
+
+TODO to test for routing the traffic via Egress
+
+```yaml
+echo "apiVersion: kuma.io/v1alpha1
+kind: Mesh
+metadata:
+  name: default
+spec:
+  routing:
+    zoneEgress: true
+  mtls: # mTLS is required to use ZoneEgress
+    [...]" | kubectl apply -f -
+```
+
+### Configure zone proxy authentication
+
+To obtain a configuration from the control plane, a zone proxy (zone ingress / zone egress) must authenticate itself. There are several authentication methods available.
+
+```bash
+export ADMIN_TOKEN=$(kubectl get secrets -n kuma-system admin-user-token -ojson | jq -r .data.value | base64 -d)
+kumactl config control-planes add --name=kind --headers "authorization=Bearer $ADMIN_TOKEN" --address=http://kuma.example.com --overwrite
+```
+
+### Mesh Secrets
diff --git a/minikube/kuma/cp.yaml b/minikube/kuma/cp.yaml
@@ -3,10 +3,8 @@ egress:
   enabled: true
 controlPlane:
   mode: zone  ## To setup control plane as global
-  zone: zone-1 ## To setup control plane as zone
+  zone: myzone ## To setup control plane as zone
   kdsGlobalAddress: grpcs://kuma-global-zone-sync:5685
   tls:
     kdsZoneClient:
-      skipVerify: true
-ingress:
-  enabled: true
+      skipVerify: true
diff --git a/minikube/kuma/demo.yaml b/minikube/kuma/demo.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kuma-demo
+  labels:
+    kuma.io/sidecar-injection: enabled
+    kuma.io/mesh: ranjithka
+---
+apiVersion: kuma.io/v1alpha1
+kind: Mesh
+metadata:
+  name: ranjithka
+---
+apiVersion: kuma.io/v1alpha1
+kind: Mesh
+metadata:
+  name: ranjithka # change to `default` to apply for default mesh
+spec:
+  mtls:
+    enabledBackend: ca-1
+    backends:
+      - name: ca-1
+        type: builtin
+        dpCert:
+          rotation:
+            expiration: 1d
+        conf:
+          caCert:
+            RSAbits: 2048
+            expiration: 10y
diff --git a/minikube/kuma/global.yaml b/minikube/kuma/global.yaml
@@ -1,12 +1,12 @@
 ### To enable Egress
-# egress:
-#   enabled: true
+egress:
+  enabled: true
 controlPlane:
-  mode: global  ## To setup control plane as global
+  mode: zone  ## To setup control plane as global replace sone with `global`
   service:
-    type: LoadBalancer
+    type: ClusterIP
   ingress:
-    enabled: false
+    enabled: true
     ingressClassName: dev-nginx
     hostname: kuma.example.com
     annotations:
@@ -23,4 +23,4 @@ controlPlane:
       nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
     path: /
   globalZoneSyncService:
-    type: LoadBalancer
+    type: ClusterIP
diff --git a/minikube/kuma/kuma-ingress.yaml b/minikube/kuma/kuma-ingress.yaml
@@ -0,0 +1,34 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kuma
+  namespace: kuma-system  # Added namespace
+  labels:
+    app.kubernetes.io/name: kuma
+    app.kubernetes.io/app: kuma-control-plane
+    app.kubernetes.io/instance: kuma-control-plane
+    app.kubernetes.io/managed-by: ranjith-ka
+  annotations:
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/enable-rewrite-log: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/http2-push-preload: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: 8k
+    nginx.ingress.kubernetes.io/proxy-buffer-size: 8k
+    nginx.ingress.kubernetes.io/proxy-buffering: "on"
+    nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "180"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "180"
+spec:
+  ingressClassName: dev-nginx
+  rules:
+    - host: "kuma.example.com"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: kuma-control-plane
+                port:
+                  number: 5681