depaula/workshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(aula-14): adicionar Istio Traffic Splitting com canary deployment

Browse Source 
- Instala Istio (base + istiod + ingressgateway)
- Configura Kiali e Jaeger para observabilidade
- Deploy de app-backend v1 e v2 com traffic splitting 90/10
- Integra com Victoria Metrics da aula-12
- Inclui teste-stress.sh para validar distribuição de tráfego
- Tráfego externo passa pelo Istio Gateway via NGINX Ingress
This commit is contained in:
ArgoCD Setup
2026-01-24 07:40:51 -03:00
parent 3e53328214
commit 3860809e5c
22 changed files with 1545 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
aula-14/k8s/deployment-v1.yaml Normal file
View File

@@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-backend-v1
namespace: istio
labels:
app: app-backend
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: app-backend
version: v1
template:
metadata:
labels:
app: app-backend
version: v1
spec:
imagePullSecrets:
- name: regcred
containers:
- name: app-backend
image: ${REGISTRY_HOST}/${REGISTRY_PROJECT}/app-backend:v1
imagePullPolicy: Always
ports:
- containerPort: 3000
env:
- name: MAX_REQUESTS
value: "100"
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
livenessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 3
periodSeconds: 3
failureThreshold: 2
terminationGracePeriodSeconds: 10

53
aula-14/k8s/deployment-v2.yaml Normal file
View File

@@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-backend-v2
namespace: istio
labels:
app: app-backend
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: app-backend
version: v2
template:
metadata:
labels:
app: app-backend
version: v2
spec:
imagePullSecrets:
- name: regcred
containers:
- name: app-backend
image: ${REGISTRY_HOST}/${REGISTRY_PROJECT}/app-backend:v2
imagePullPolicy: Always
ports:
- containerPort: 3000
env:
- name: MAX_REQUESTS
value: "100"
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
livenessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 3
periodSeconds: 3
failureThreshold: 2
terminationGracePeriodSeconds: 10

14
aula-14/k8s/destination-rule.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: app-backend
namespace: istio
spec:
host: app-backend
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2

15
aula-14/k8s/gateway.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: app-gateway
namespace: istio
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "${APP_HOST}"

23
aula-14/k8s/ingress-app.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-backend
namespace: istio-system
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/upstream-vhost: "${APP_HOST}"
${TLS_ANNOTATION}
spec:
ingressClassName: nginx
${TLS_CONFIG}
rules:
- host: ${APP_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80

25
aula-14/k8s/ingress-jaeger.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jaeger
namespace: istio-system
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
${TLS_ANNOTATION}
spec:
ingressClassName: nginx
${TLS_CONFIG}
rules:
- host: ${JAEGER_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tracing
port:
number: 80

25
aula-14/k8s/ingress-kiali.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kiali
namespace: istio-system
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
${TLS_ANNOTATION}
spec:
ingressClassName: nginx
${TLS_CONFIG}
rules:
- host: ${KIALI_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kiali
port:
number: 20001

9
aula-14/k8s/namespace.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: Namespace
metadata:
name: istio
labels:
istio-injection: enabled
# Istio sidecar requer NET_ADMIN e NET_RAW capabilities
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

14
aula-14/k8s/service.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: app-backend
namespace: istio
labels:
app: app-backend
spec:
ports:
- port: 80
targetPort: 3000
name: http
selector:
app: app-backend

22
aula-14/k8s/virtual-service.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: app-backend
namespace: istio
spec:
hosts:
- app-backend
- "${APP_HOST}"
gateways:
- app-gateway
- mesh
http:
- route:
- destination:
host: app-backend
subset: v1
weight: 90
- destination:
host: app-backend
subset: v2
weight: 10