Anthos ona AWS in now GA an Anthos on Azure is in a preview. GKE on AWS is a simplified installation of the Admin control plane. It uses AWS Elastic Compute Cloud (EC2), Elastic Block Storage (EBS), and Elastic Load Balancer (ELB) services. The bellow diagrams shows high level architecture. The deployment is done using Terraforms.

The details about architecture you can found here: https://cloud.google.com/anthos/gke/docs/aws/concepts/architecture

The installation process can be found her: https://cloud.google.com/anthos/gke/docs/aws/how-to/prerequisites

Note: the docs are still pending update as it shows „Beta”

The war between Anthos and VMware Tanzu is getting more exciting to watch :).

There are some revolutionary features coming to GKE-OP:

• A new installer helps you create and prepare the admin workstation.
• In bundled load balancing mode, GKE on-prem provides and manages the Seesaw load balancer.
• The Authentication Plugin for Anthos has been integrated into and replaced with the Google Cloud command-line interface, which improves the authentication process and provides the user consent flow through gcloud commands.
• vSphere credential rotation is enabled. Users can now use Solution User Certificates to authenticate to GKE deployed on-prem.
• Preview Feature: Introducing User cluster Nodepools.
• gkectl automatically uses the proxy URL from config.yaml to configure the proxy on the admin workstation.

Full list of features is available here:

https://cloud.google.com/anthos/gke/docs/on-prem/release-notes

In the follow up post we will have a closer look at those new features!

To backup your Anthos GKE-OP cluster Google provides a nice script you can schedule to run as a crone job.

https://cloud.google.com/gke-on-prem/docs/how-to/backing-up

The only problem is that it misses last line where you actually copy the snapshot of the admin cluster ETCD database.

Add the bellow line to make it work:

kubectl --kubeconfig=${ADMIN_CLUSTER_KUBECONFIG} cp kube-system/${admin_etcd}:admin_snapshot.db $BACKUP_DIR/

Once added it work like a charm 🙂


ubuntu@admin-workstation2:~/backup$ ls
admin_snapshot.db gke-03-usercluster01_snapshot.db pki

In the output you might see some errors related to the issue I explained here: https://gcpfellow.com/2020/02/04/anthos-1-x-issue-when-running-sudo-commands/ but you can ignore it

When you login to GKE-OP nodes and try to run sudo command you will get the following warning:

sudo: unable to resolve host [nodename]

Your command will still execute but will show this warning. It is related to Ubuntu OS settings. To resolve it add the following line into the /etc/hosts file on the node:

127.0.0.1 [node-name]

Hope this will be solved soon as Google has already identified this issue. I guess they will add the record in the provisioning process for the nodes.

THIS ARTICLE IS STILL UNDER DEVELOPMENT

GKE-OP 1.1.2 supports open source Istio version 1.1.13. To perform the installation you require a user cluster to be installed and validated. The procedure of installation can be found here: https://archive.istio.io/v1.1/docs/setup/kubernetes/install/helm/

In this article we will show hot to install Istio and a simple microservice application. We will generate some traffic to that application and visualise the flows with Kiali.

The high level steps are as follows:

• install Helm
• deploy Istio CRDs
• deploy Istio
• expose Telemetry services
• install BookInfo application

All the steps are performed from the Admin workstation

Installing Helm

Download Helm running:

curl  https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz --output helm-v2.16.1-linux-amd64.tar.gz

Unzip it, move to the bin folder and see if you can check the version

tar -zxvf helm-v2.16.1-linux-amd64.tar.gz

mv linux-amd64/helm /usr/local/bin/helm

Helm version

Install CRDs

helm template install/kubernetes/helm/istio-init --name istio-init --namespace istio-system | kubectl apply -f -

Setup Kiali password

KIALI_USERNAME=$(read -p 'Kiali Username: ' uval && echo -n $uval | base64)

KIALI_PASSPHRASE=$(read -sp 'Kiali Passphrase: ' pval && echo -n $pval | base64)

when prompted pass the username and password

cat <<EOF | kubectl apply -f –

apiVersion: v1

kind: Secret

metadata:

  name: kiali

  namespace: $NAMESPACE

  labels:

    app: kiali

type: Opaque

data:

  username: $KIALI_USERNAME

  passphrase: $KIALI_PASSPHRASE

EOF

Install Istio using the the demo pattern – this icludes Kiali, Grafana and Jeagger.

helm template install/kubernetes/helm/istio --name istio --namespace istio-system \ --values install/kubernetes/helm/istio/values-istio-demo.yaml | kubectl apply -f -

Check that services are running

kubectl get service -n istio-system

kubectl get pods -n istio-system

Edit the Istio ingress gateway to assing IP address the Istio Gateway.

kubectl edit svc -n istio-system istio-ingressgateway

add

spec:

 loadBalancerIP: <IP_Address>

Check that IP is assigned

kubectl get service -n istio-system

Expose Kiali service

For reference you can use: https://istio.io/docs/tasks/observability/gateways/

cat <<EOF | kubectl apply -f –

apiVersion: networking.istio.io/v1alpha3

kind: Gateway

metadata:

  name: kiali-gateway

  namespace: istio-system

spec:

  selector:

    istio: ingressgateway

  servers:

  – port:

      number: 15029

      name: http-kiali

      protocol: HTTP

    hosts:

    – „*”

—

apiVersion: networking.istio.io/v1alpha3

kind: VirtualService

metadata:

  name: kiali-vs

  namespace: istio-system

spec:

  hosts:

  – „*”

  gateways:

  – kiali-gateway

  http:

  – match:

    – port: 15029

    route:

    – destination:

        host: kiali

        port:

          number: 20001

—

apiVersion: networking.istio.io/v1alpha3

kind: DestinationRule

metadata:

  name: kiali

  namespace: istio-system

spec:

  host: kiali

  trafficPolicy:

    tls:

      mode: DISABLE

—

EOF

Connect to Kiali http://172.16.15.111:15029/kiali/

Deploy the application

kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)

watch kubectl get pods

kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml