initial commit

7e074e84 · Josh Wolf · 7e074e84 · 7e074e84 · 7e074e84 · 7e074e84
Commit 7e074e84 authored Nov 19, 2020 by Josh Wolf
7 changed files
--- a/README.md
+++ b/README.md
+# Istio Controlplane
+
+A simple chart wrapper around `IstioOperator` custom resource.
+
+## Pre-Requisites
+
+This chart requires the Istio Operator to be deployed beforehand.  You can use [BigBang]() or the standalone [istio-operator](https://repo1.dsop.io/platform-one/big-bang/apps/core/istio-operator) chart.
+
+## Iron Bank
+
+You can `pull` the registry1 image(s) [here](https://registry1.dsop.io/harbor/projects/3/repositories/opensource%2Fistio-1.7%2Fpilot-1.7) and view the container approval [here](https://ironbank.dsop.io/ironbank/repomap/opensource/istio-1.7).
\ No newline at end of file
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
+apiVersion: v2
+name: istio
+version: 0.0.2
\ No newline at end of file
--- a/chart/templates/controlplane.yaml
+++ b/chart/templates/controlplane.yaml
+apiVersion: install.istio.io/v1alpha1
+kind: IstioOperator
+metadata:
+  name: istiocontrolplane
+  namespace: {{ .Release.Namespace }}
+spec:
+  profile: {{ .Values.profile }}
+  hub: {{ .Values.hub }}
+  tag: {{ .Values.tag }}
+
+  components:
+    ingressGateways:
+      - name: istio-ingressgateway
+        namespace: {{ .Release.Namespace }}
+        enabled: true
+        k8s:
+          hpaSpec:
+            minReplicas: {{ .Values.ingressGateway.minReplicas }}
+            maxReplicas: {{ .Values.ingressGateway.maxReplicas }}
+            metrics:
+              - type: Resource
+                resource:
+                  name: cpu
+                  targetAverageUtilization: 60
+            scaleTargetRef:
+              apiVersion: apps/v1
+              kind: Deployment
+              name: istio-ingressgateway
+          strategy:
+            rollingUpdate:
+              maxSurge: 100%
+              maxUnavailable: 25%
+          serviceAnnotations:
+            {{- toYaml .Values.ingressGateway.serviceAnnotations | nindent 14 }}
+      {{- range .Values.extraIngressGateways }}
+      - name: {{ .name }}
+        enabled: true
+        k8s:
+          hpaSpec:
+            minReplicas: {{ .k8s.hpaSpec.minReplicas }}
+            maxReplicas: {{ .k8s.hpaSpec.maxReplicas }}
+            metrics:
+              - type: Resource
+                resource:
+                  name: cpu
+                  targetAverageUtilization: 60
+            scaleTargetRef:
+              apiVersion: apps/v1
+              kind: Deployment
+              name: {{ .name }}
+          strategy:
+            rollingUpdate:
+              maxSurge: 100%
+              maxUnavailable: 25%
+          serviceAnnotations:
+            {{- toYaml .k8s.serviceAnnotations | nindent 14 }}
+  {{- end }}
+
+  addonComponents:
+    kiali:
+      enabled: {{ .Values.kiali.enabled }}
+    tracing:
+      enabled: {{ .Values.tracing.enabled }}
+
+  meshConfig:
+    accessLogFile: /dev/stdout
+
+  values:
+    global:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    kiali:
+      image: {{ .Values.kiali.image.name }}
+      hub: {{ .Values.kiali.image.hub }}
+      tag: {{ .Values.kiali.image.tag }}
+
+      dashboard:
+        auth:
+          strategy: {{ .Values.kiali.dashboard.auth.strategy }}
+
+    sidecarInjectorWebhook:
+      rewriteAppHTTPProbe: true
+
+      neverInjectSelector:
+        - matchExpressions:
+            - key: app.kubernetes.io/component
+              operator: In
+              values: [fluentd-configcheck]
+
+    tracing:
+      jaeger:
+        image: {{ .Values.tracing.image.name }}
+        hub: {{ .Values.tracing.image.hub }}
+        tag: {{ .Values.tracing.image.tag}}
--- a/chart/templates/gateway.yaml
+++ b/chart/templates/gateway.yaml
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: main
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - port:
+      name: http
+      protocol: HTTP
+      number: 80
+    hosts:
+    - "*"
+    tls:
+      httpsRedirect: true
+  - port:
+      name: https
+      protocol: HTTPS
+      number: 443
+    hosts:
+    - "*.{{ .Values.hostname }}"
+    tls:
+      credentialName: {{ .Values.tls.credentialName }}
+      mode: {{ .Values.tls.mode }}
+  {{- range .Values.extraServers }}
+  - port:
+      {{- if eq .port.name "https" }}
+      {{- fail "The port name must be unique" }}
+      {{- end }}
+      name: {{ required "A valid port name is required!" .port.name }}
+      protocol: {{ .port.protocol | default "HTTPS" }}
+      number: {{ .port.number | default 443 }}
+    {{- range .hosts }}
+    hosts:
+      - {{ tpl . $ | quote }}
+    {{- end }}
+    tls:
+      credentialName: {{ required "A valid credential name is required!" .tls.credentialName }}
+      mode: {{ .tls.mode | default "SIMPLE" }}
+  {{- end }}
\ No newline at end of file
--- a/chart/templates/jaeger-vs.yaml
+++ b/chart/templates/jaeger-vs.yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: jaeger
+  namespace: {{ .Release.Namespace }}
+spec:
+  hosts:
+  - "jaeger.{{ .Values.hostname }}"
+  gateways:
+  - main.{{ .Release.Namespace }}.svc.cluster.local
+  http:
+  - route:
+    - destination:
+        port:
+          number: 16686
+        host: jaeger-query.{{ .Release.Namespace }}.svc.cluster.local
--- a/chart/templates/kiali-vs.yaml
+++ b/chart/templates/kiali-vs.yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: kiali
+  namespace: {{ .Release.Namespace }}
+spec:
+  hosts:
+  - "kiali.{{ .Values.hostname }}"
+  gateways:
+  - main.{{ .Release.Namespace }}.svc.cluster.local
+  http:
+  - route:
+    - destination:
+        port:
+          number: 20001
+        host: kiali.{{ .Release.Namespace }}.svc.cluster.local
--- a/chart/values.yaml
+++ b/chart/values.yaml
+# The istio profile to use
+profile: default
+
+# The hub to use for the image (note: the image is built as ".Values.hub/<component>:.Values.tag"
+hub: registry1.dsop.io/ironbank/opensource/istio
+
+# The tag to use for the image
+tag: 1.7.3
+
+# The hostname to use for the default gateway
+hostname: bigbang.dev
+
+imagePullSecrets:
+  []
+#  - private-registry
+
+tls:
+  credentialName: wildcard-cert
+  mode: SIMPLE
+
+extraServers:
+  []
+# Example below of complete values capable of being set
+# NOTE: hosts[] is capable of dynamic templating from the .Values context
+#  - port:
+#      name: https-other                          # required: must not be equal to "http"
+#      protocol: HTTPS
+#      number: 443
+#    hosts:
+#      - "*.sub.{{ .Values.hostname }}"
+#    tls:
+#      credentialName: "another-credential"       # required
+#      mode: SIMPLE
+
+ingressGateway:
+  minReplicas: 1
+  maxReplicas: 5
+  serviceAnnotations:
+    {}
+#    service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+#    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+
+extraIngressGateways:
+  []
+# Complete example of an additional ingressgateway defined below
+#  - name: private-ingressgateway
+#    k8s:
+#      hpaSpec:
+#        minReplicas: 1
+#        maxReplicas: 3
+#      serviceAnnotations:
+#        service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+
+kiali:
+  enabled: true
+
+  image:
+    name: kiali
+    hub: registry1.dsop.io/ironbank/opensource/kiali
+    tag: v1.23.0
+
+  dashboard:
+    auth:
+      strategy: ""
+
+tracing:
+  enabled: true
+
+  image:
+    name: all-in-one
+    hub: registry1.dsop.io/ironbank/opensource/jaegertracing
+    tag: 1.19.2
\ No newline at end of file