Open in app

Sign in

Write

Sign in

Install and Test OpenShift Service Mesh on IBM System Z/LinuxONE Part III: Much Ado about Bookinfo!

cfillekes
OpenShift on Z
Published in
9 min readJan 24, 2022

Introduction

This is Part III of a 3-part illustrated quick-start guide to installing and validating OpenShift Service Mesh on an IBM System Z/LinuxONE server. We urge you to delve into the great detail in the official Red Hat documentation on Service Mesh for your installed version of OpenShift as you work through this illustrated quick start guide.

Part I: Installation covered how to install OpenShift Service Mesh and configure it for installation of the bookinfo suite of example microservices.

Part II: Build Bookinfo from source provided instructions to build the bookinfo example images, and push them up to the container registry of your choice. This step is necessary for IBM System Z/LinuxONE and Power servers, because pre-built

In Part III: Much Ado about Bookinfo, we use the these two elements, the installed operator and the example micro-services suite container images we built, to complete a full OpenShift Service Mesh micro-services deployment. We take a look at the

Recap

First, let’s take a look at the Service Mesh Operators as we installed them in Part I:

Now let’s look at them today. In the WebConsole, switch to Project istio-system, then navigate to the ‘Installed Operators’ as ‘Administrator’:

So! Looks like we’re getting automatic updates — OSSM is already up to version 2.0.5! It will be further along when you run these tests.

This microscopic control over which operators are receiving automatic updates, and which ones are updated manually is a primary benefit the Operator Lifecycle Management (OLM) framework.

Now let’s take a look at the details of the Service Mesh Membership roll. First navigate into the Red Hat OpenShift Service Mesh operator as it is installed in the istio-system project by clicking on the ‘Red Hat OpenShift Service Mesh’ link in the lower left-hand corner of the white panel to get here:

Additionally, you can switch to the Developer->istio-system->Topology view in WebConsole to see a more graphical representation of the pods and configurations established when you installed the Service Mesh, Kiali and Jaeger OpenShift Operators in project istio-system:

Create the Bookinfo project namespace

In your WebConsole Administrative View, navigate to Projects and click on the big blue button in the upper right-hand corner labelled “New Project”:

Or, from the command line interface:

$ oc new-project bookinfo

First, let’s make double-check the bookinfo images in the registry that we’re going to be referencing in our deployments. First, navigate into the git repository we cloned in Part II, then into the directory where the deployment yaml files live:

$ cd maistra-test-tool
$ cd tests/samples/bookinfo/platform/kube/

If you don’t already have skopeo and jq installed on your system, install them now:

$ sudo yum install skopeo jq

Skopeo provides a range of ways to inspect the full details of an image manifest whether it lives in a registry or locally on disk, plus ways of copying images from one registry to another; jq of course is a great json processor to sort through any kind of verbose json output on the command-line.

Now we can check that all of the images referenced in the deployment yaml files are available:

$ for i in `grep 'image:' *.yaml | awk '{print $3}'`
> do 
> skopeo inspect  docker://${i} | jq '{Name, Tag, Architecture}'
> done

which should tell you something like:

{
  "Name": "quay.io/zaccelerator/examples-bookinfo-mongodb",
  "Tag": "2.0.3",
  "Architecture": "s390x"
}
{
  "Name": "quay.io/zaccelerator/examples-bookinfo-details-v2",
  "Tag": "2.0.3",
  "Architecture": "s390x"
}
{
  "Name": "quay.io/zaccelerator/examples-bookinfo-details-v1",
  "Tag": "2.0.3",
  "Architecture": "s390x"
}
{
  "Name": "quay.io/zaccelerator/examples-bookinfo-mysqldb",
  "Tag": "2.0.3",
  "Architecture": "s390x"
}...

Yea, unto 15 bookinfo example image repositories.

What this is telling you (if there are no errors) is that all of the tagged images referenced in your bookinfo deployment yaml scripts are present in the registry you pushed them to in Part II, and that you have read access to them.

Some errors you might encounter here might have to do with authenticating to your registry, in which case you can put your username and password to your registry in the skopeo inspect command with either the --authfile or --creds flags in the command-line, or with a previous skopeo login.

Alternatively, you can log in to your registry in your browser and inspect the tags of all 15 bookinfo image repositories there:

and from there click through to view their tags, and visually compare them with every reference in the deployment yaml files:

A couple CLI commands is a lot easier, but it’s good to have a variety of sources of information on the images you’re building micro-service deployments with.

Now we are ready to deploy our first Service Mesh deployment using the bookinfo suite of micro-services. It must be mentioned here that bookinfo is community-provided example code, not supported by Red Hat or IBM.

Deployment of The Bookinfo Microservices Example

Preliminaries

First, make sure you are in the bookinfo project/namespace:

[root@bosz15_l22 ~]# oc project bookinfo
Now using project "bookinfo" on server "https://api.your-cluster-name.your-domain-name.com:6443".

Authenticate to your image registry & create a pull secret

If you’ve got stashed your bookinfo images in a private registry, you’ll also need a pull secret that will authenticate elements of your project with the registry in order to pull container images and install them in this workspace. There are about a dozen different ways of doing this. The most restrictive and granular is to assign that pull secret to the specification of each image you are going to pull, e.g. if you go to your account settings in quay.io:

and clicking on ‘Generate Encrypted Password’ will bring up many different options for authenticating to the quay.io, including defining a secret within Kubernetes, the system OpenShift 4.x is based on.

After creating the pull secret with kubectl create or oc create you can apply it to individual pods in your deployment yaml files and apply them, or you can link it to the default service account in your bookinfo namespace with

oc secrets link default <name-of-secret> --for=pull

Now, in your maistra-test-tool directory, navigate down to where the bookinfo deployment yaml scripts are, and deploy bookinfo.yaml

# cd tests/samples/bookinfo/platform/kube/
# oc create -f bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created

At this juncture, you might want to watch oc get all until you see that all the pods are up and running. If they don’t come up within about a minute, and if they error out, use oc get events --sort-by='{.lastTimestamp}' to start investigating why.

# oc get pods
NAME                              READY   STATUS    RESTARTS   AGE
details-v1-668c5bf9d4-kgz72       2/2     Running   0          4m1s
productpage-v1-644ff86b46-bbzq2   2/2     Running   0          4m
ratings-v1-8577d9f4cb-c6j2m       2/2     Running   0          4m
reviews-v1-5fbcf96f8-hvd6x        2/2     Running   0          4m
reviews-v2-869d647b48-jsb99       2/2     Running   0          4m1s
reviews-v3-5c855df978-g5xhc       2/2     Running   0          4m1s

Now is a good time to fire up your WebConsole Developer view, and navigate to the bookinfo project:

Each little circle represents a deployment, which in turn may consist of a replica set of your microservices

This is also a good time to check the condition of your Service Mesh Membership Roll (smmr) configuration:

# oc get smmr -n istio-system
NAME      READY   STATUS       AGE
default   3/3     Configured   1d

Deploy the Bookinfo ingress gateway

Now navigate to the part of the deployment scripts tree that contains the networking configurations. First create the istio gateway:

# cd ../../networking
# oc apply -f bookinfo-gateway.yaml
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created

At this point you will want to retrieve the GATEWAY_URL for your microservices and set an environment variable for future use:

export GATEWAY_URL=$(oc -n istio-system get route istio-ingressgateway -o jsonpath='{.spec.host}')

Now check that it’s running locally with curl:

curl -o /dev/null -s -w "%{http_code}\n" "http://$GATEWAY_URL/productpage"
200

200 is of course the http_code for ‘OK’. If you get 400 or 404, make sure that port 80 is open on your local firewall. This isn’t all that exciting, so if the spirit moves you, you can yum install emacs then bring up emacs in ‘eww’ mode with alt-x eww , enter the URL as directed to see:

Once you are convinced the web page is accessible on your cluster’s hypervisor or bastion, now make sure you can route to it to your favorite browser. In an ideal world, the cluster environment should provide a DNS name service and routing, but if not, you can always add the text contained in the environment variable $GATEWAY_URL to your /etc/hosts file along with the IP number of the cluster.

Behold! The Bookinfo application

Bookinfo Product Page with No Star Ratings
Bookinfo Product Page with Black Star Ratings
Bookinfo Product Page with Red Star Ratings

Accessing the Kiali UI

Kiali is an application that you optionally deployed with the Service Mesh operator when you set up your control plane in Part I.

export KIALI_URL=$(oc -n istio-system get route kiali -o jsonpath='{.spec.host}')

This will tell you what URL to contact the Kiali application as installed in your cluster and specifically configured in istio-system.

When you get to Kiali for the bookinfo microservices suite you’re running with OpenShift Service Mesh, you’ll initially find that it tells you the graph is empty!

Click on “Display Idle Nodes” and fiddle with the layout parameters to see all the pods deployed in the bookinfo application:

Let’s first explain what these things are. First is your ‘productpage’ which has an external route associated with it. The rest are the various microservices your bookinfo.yaml file established. This graph will only display the connections among your microservices. This will tell you which microservices have recently activated and carried traffic. In order to generate some traffic for them, there is a fancy traffic generator available, but I usually ust generate some traffic with

for i in `seq 1000`
 do 
 curl -o /dev/null -s -w "%{http_code}\n    \
 "http://$GATEWAY_URL/productpage"
done

Now your Kiali page should show the connections between your microservices, because you have just generated some traffic through all of them. Where the graph splits is where your bookinfo.yaml file has indicated that may call any number of different services.

Additional Resources

Kiali Project is a Medium Blog that has the latest information on all the different things you can do with the Kiali Observability Platform.

Service Mesh
Maistra
Kiali
Ibm Z
Openshift 4

--

--

cfillekes
OpenShift on Z

Written by cfillekes

20 Followers
Editor for

Red Hat Partner Engineer at IBM; Openshift on System Z/Linux One

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams