kpt

Infrastructure management tool

Previouskms NextHybrid cloud with Anthos

Last updated 3 years ago

Was this helpful?

1 export CLUSTER_NAME=gke 2 export CLUSTER_ZONE=us-central1-b 3 export GCLOUD_PROJECT=$(gcloud config get-value project) 4 gcloud container clusters get-credentials $CLUSTER_NAME --zone $CLUSTER_ZONE --project $GCLOUD_PROJECT 5 gcloud container clusters list 6 kubectl get pods -n istio-system 7 kubectl get service -n istio-system 8 kubectl get service -n asm-system 9 kubectl get pods 10 kubectl get services 11 sudo apt install siege 12 kubectl svc describe istio-ingressgateway 13 kubectl describe svc istio-ingressgateway 14 kubectl describe svc istio-ingressgateway -n istio-system 15 export GATEWAY_URL=$(kubectl get svc istio-ingressgateway \ 16 -o=jsonpath='{.status.loadBalancer.ingress[0].ip}' -n istio-system) 17 echo The gateway address is $GATEWAY_URL 18 export CLUSTER_NAME=gke 19 export CLUSTER_ZONE=us-central1-b 20 export GCLOUD_PROJECT=$(gcloud config get-value project) 21 gcloud container clusters get-credentials $CLUSTER_NAME --zone $CLUSTER_ZONE --project $GCLOUD_PROJECT 22 export GATEWAY_URL=$(kubectl get svc istio-ingressgateway \ 23 -o=jsonpath='{.status.loadBalancer.ingress[0].ip}' -n istio-system) 24 kubectl describe svc gateway 25 kubectl describe svc gateway -n istio-system 26 kubectl describe svc gateway -n bookinfo-gateway 27 kubectl describe gateway bookinfo-gateway 28 kubectl desribe virtualservices bookinfo 29 kubectl describe virtualservices bookinfo 30 kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>" 31 curl -I http://${GATEWAY_URL}/productpage 32 kubectl get virtualservices 33 kubectl describe virtualservices 34 kubectl get destinationrules 35 kubectl get destination-rules 119 cat <<EOF > /tmp/config-management.yaml apiVersion: configmanagement.gke.io/v1 kind: ConfigManagement metadata: name: config-management spec: clusterName: kpt-tutorial git: syncRepo: ssh://${EMAIL}@source.developers.google.com:2022/p/${PROJECT}/r/config-management syncBranch: main secretType: ssh EOF 120 kubectl -n config-management-system apply -f /tmp/config-management.yaml 121 nomos status --contexts=$(kubectl config current-context) 122 cd ~ 123 kpt pkg get https://github.com/GoogleCloudPlatform/anthos-security-blueprints.git/restricting-traffic/default-deny ./ 124 mkdir -p ~/config-management/namespaces/default 125 cat >> ~/config-management/namespaces/default/namespace.yaml <<EOF apiVersion: v1 kind: Namespace metadata: name: default EOF 126 kpt fn source default-deny/ | kpt fn run --image=gcr.io/kpt-functions/annotate-config -- annotation_name=anthos-security-blueprint annotation_value=restricting-traffic | kpt fn sink ~/config-management/namespaces/default/ 127 cat config-management/namespaces/default/default-deny.yaml 128 cd ~/config-management/ 129 git add namespaces/default/ 130 git commit -m "Default deny" 131 git push 132 kubectl get networkpolicies 133 kubectl -n default run -i --tty --rm test --image=busybox --restart=Never -- sh 134 wget --timeout=3 https://${KUBERNETES_SERVICE_HOST} 135 gcloud source repos delete config-management --quiet 136 gcloud container clusters delete kpt-tutorial --async --quiet --zone=us-central1-a 137 history