thoraxe / lab-ossm Goto Github PK
View Code? Open in Web Editor NEWA homeroom-based workshop for Red Hat OpenShift Service Mesh
License: Apache License 2.0
A homeroom-based workshop for Red Hat OpenShift Service Mesh
License: Apache License 2.0
Problem 1:
Before Starting Section -
In the previous lab, the destination rule for the recommendation was deleted so when the user runs
oc -n user1-tutorial get istio-io
It won't include the destination rule like the guide says
Problem 2:
Rate Limiting Section -
The istio resources are created in the -scmp folder, rather than the -tutorial folder and as a result the lab doesn't work. For example, the current script for user1 is
sed -e "s/USERNAME/$JUPYTERHUB_USER/" /opt/app-root/workshop/content/src/istiofiles/recommendation_rate_limit.yml \
| oc create -n user1-smcp -f -
it should be
sed -e "s/USERNAME/$JUPYTERHUB_USER/" /opt/app-root/workshop/content/src/istiofiles/recommendation_rate_limit.yml \
| oc create -n user1-tutorial -f -
Whilst working through Kiali’s View of Jaeger Distributed Tracing - I don't see the Distributed Tracing
option available.
Also receive the following from the Message Center
[1]
Steps taken
Attempted to remedy issue by restarting stack - issue continues.
[1]
Could not fetch Jaeger info. Turning off Jaeger integration., Info: [ Jaeger URL in cluster is not set in Kiali configuration ]
10/28/20198:12:35 PM```
It takes an appreciable amount of time for changes to be introduced that may cause a user to question whether what he or she has done is working. It would be helpful to estimate how long changes take when it is mentioned that changes will take a while. An example from the Mutual TLS section is below:
Note: It may take some time before the mesh begins to enforce the policy. If *you do not see the expected behaviors, wait a few more moments and then try *again. Patience is a virtue.
There are also sections like Routing that don't warn the user of that changes will take appreciable time to take affect. The workshop should always warn the user in this case.
When trying to create ACLs in whitelisting step, listchecker and listentry CRDs are not found.
Issue:
$ oc apply -f lab-ossm/workshop/content/src/istiofiles/acl-whitelist.yml
rule.config.istio.io/checktorecommendation created
unable to recognize "lab-ossm/workshop/content/src/istiofiles/acl-whitelist.yml": no matches for kind "listchecker" in version "config.istio.io/v1alpha2"
unable to recognize "lab-ossm/workshop/content/src/istiofiles/acl-whitelist.yml": no matches for kind "listentry" in version "config.istio.io/v1alpha2"
Excpecting:
listchecker and listentry created. Or adapt acl-whitelist.yml according to any new CRDs ?
Environment:
OCP 4.4
I Couldn't delete virtsvc and dest rules in the "Retries, Timeouts and Circuit Breaking " lab
[user5:~] $ oc delete -n user1-tutorial virtualservice.networking.istio.io/recommendation destinationrule.networking.istio.io/recommendation
Error from server (Forbidden): virtualservices.networking.istio.io "recommendation" is forbidden: User "user5" cannot delete resource "virtualservices" in API group "networking.istio.io" in the namespace "user1-tutorial" Error from server (Forbidden): destinationrules.networking.istio.io "recommendation" is forbidden: User "user5" cannot delete resource "destinationrules" in API group "networking.istio.io" in the namespace "user1-tutorial"
^ Note that I'm user5
trying to delete objects in the user1-tutorial
namespace. There might be a "user1-tutorial" hard-coded somewhere.
There are several mentions of Istio in the lab. We should replace these with ServiceMesh.
In the "Rate Limiting" lab, I was unable to "create" the new object.
[user5:~] $ oc create -n user5-tutorial -f /opt/app-root/workshop/content/src/istiofiles/destination-rule.yml
Error from server (AlreadyExists): error when creating "/opt/app-root/workshop/content/src/istiofiles/destination-rule.yml": destinationrules.networking.istio.io "recommendation" already exists
[user5:~] $ oc replace -n user5-tutorial -f /opt/app-root/workshop/content/src/istiofiles/destination-rule.yml
destinationrule.networking.istio.io/recommendation replaced
Might be related to #11
Link to external information on Jaeger in Kiali module or provide more detailed description on what it is.
Mention what a Canary Release is or provide a link to what it is in the routing module.
In the "Retries, Timeouts and Circuit Breaking" lab It tells you to create something that's already there.
[user5:~] $ oc create -n user5-tutorial -f /opt/app-root/workshop/content/src/istiofiles/virtual-service-recommendation-split.yml
virtualservice.networking.istio.io/recommendation created
Error from server (AlreadyExists): error when creating "/opt/app-root/workshop/content/src/istiofiles/virtual-service-recommendation-split.yml": destinationrules.networking.istio.io "recommendation" already exists
This is not a fatal error, but users might be confused. Might make a note about which "errors' are safe to ignore.
FWIW, I just used oc replace -n userX-tutorial -f ...
to proceed without the warning.
I'll fix this. Just tracking broken labs with GitHub issues.
The rate limiting lab is currently broken. Executing
sed -e "s/USERNAME/$JUPYTERHUB_USER/" /opt/app-root/workshop/content/src/istiofiles/recommendation_rate_limit.yml | oc apply -n opentlc-mgr-smcp -f -
Yields:
quotaspec.config.istio.io/request-count unchanged
quotaspecbinding.config.istio.io/request-count unchanged
rule.config.istio.io/quota unchanged
unable to recognize "STDIN": no matches for kind "memquota" in version "config.istio.io/v1alpha2"
unable to recognize "STDIN": no matches for kind "quota" in version "config.istio.io/v1alpha2"
I tried deploying the workshop myself, using the scripts in the .workshop/scripts
directory, but ended up with a deployment that was broken in multiple ways:
%username%
apparently wasn't set; I just saw an empty string being inserted in the chapters, breaking all oc
commandsMaybe I was just holding this wrong? Is there even a way to deploy the full thing from just this repo?
The workshop has the following text:
Looking at the Kiali graph, a lock is now present on the graph of communication between customer and preference, indicating that this communication is secured via mTLS.
I follow the instructions but never actually see the lock display in Kiali's Graph section.
In the intro section, microservices is repeated in the background section as shown in the text below:
This proxy intercepts all network communication between your microservices microservices, and is configured and managed using Istio’s control plane functionality — not your application code!
Description part
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: recommendation
spec:
host: recommendation
subsets:
- labels:
version: v1
name: version-v1
- labels:
version: v2
name: version-v2
- labels:
version: v3
name: version-v3
has to be:
real script part
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: recommendation
namespace: user1-tutorial
spec:
host: recommendation
subsets:
- labels:
version: v1
name: v1
- labels:
version: v2
name: v2
- labels:
version: v3
name: v3
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.