Migrate Istio completely (#7)

Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/7
2023-02-19 10:18:26 +00:00
parent de6599ac2b
commit 18109afec3
9 changed files with 97 additions and 3 deletions
--- a/badhouseplants/values/values.istio-gateway.yaml
+++ b/badhouseplants/values/values.istio-gateway.yaml
@@ -0,0 +1,31 @@
+---
+service:
+  type: LoadBalancer
+  ports:
+    - name: minecraft
+      port: 25565
+      protocol: TCP
+      targetPort: 25565
+    - name: ssh-gitea
+      port: 22
+      protocol: TCP
+      targetPort: 22
+    - name: http2
+      port: 80
+      protocol: TCP
+      targetPort: 80
+    - name: https
+      port: 443
+      protocol: TCP
+      targetPort: 443
+    - name: tcp
+      port: 1194
+      protocol: TCP
+      targetPort: 1194
+resources:
+  requests:
+    cpu: 100m
+    memory: 128Mi
+  limits:
+    cpu: 200m
+    memory: 1024Mi
--- a/badhouseplants/values/values.istiod.yaml
+++ b/badhouseplants/values/values.istiod.yaml
@@ -0,0 +1,7 @@
+---
+pilot:
+  resources:
+    requests:
+      cpu: 50m
+      memory: 2048Mi
+
--- a/badhouseplants/values/values.openvpn.yaml
+++ b/badhouseplants/values/values.openvpn.yaml
@@ -1,3 +1,4 @@
+---
 storageClassName: longhorn
 openvpn:
  server: "tcp://195.201.250.50:1194"
--- a/bin/migrate.sh
+++ b/bin/migrate.sh
@@ -1,3 +1,3 @@
 #kubectl get all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings -l app.kubernetes.io/managed-by=Helm -l app.kubernetes.io/instance=cert-manager -A --no-headers --output  custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name | while read -r var1 var2; do kubectl annotate $var1 $var2 "meta.helm.sh/release-namespace"="cert-manager" "meta.helm.sh/release-name"="cert-manager" --overwrite; done

-kubectl get sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istio-base -A --no-headers --output  custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istio-base" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done
+kubectl get EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istiod -A --no-headers --output  custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istiod" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done
--- a/etersoft/values/values.istio-gateway.yaml
+++ b/etersoft/values/values.istio-gateway.yaml
@@ -0,0 +1,17 @@
+---
+service:
+  type: LoadBalancer
+  ports:
+  - name: status-port
+    port: 15021
+    protocol: TCP
+    targetPort: 15021
+  - name: http2
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  - name: https
+    port: 443
+    protocol: TCP
+    targetPort: 443
+
--- a/etersoft/values/values.istiod.yaml
+++ b/etersoft/values/values.istiod.yaml
@@ -0,0 +1,7 @@
+---
+pilot:
+  resources:
+    requests:
+      cpu: 50m
+      memory: 256Mi
+
--- a/etersoft/values/values.openvpn.yaml
+++ b/etersoft/values/values.openvpn.yaml
@@ -1,3 +1,4 @@
+---
 storageClassName: microk8s-hostpath
 openvpn:
  server: "tcp://91.232.225.63:1194"
--- a/helmfile.yaml
+++ b/helmfile.yaml
@@ -16,6 +16,16 @@ releases:
    namespace: istio-system
    createNamespace: false
  
+  - <<: *istio-gateway
+    installed: true
+    namespace: istio-system
+    createNamespace: false
+
+  - <<: *istiod
+    installed: true
+    namespace: istio-system
+    createNamespace: false
+
  - <<: *cert-manager 
    installed: true
    namespace: cert-manager
--- a/releases.yaml
+++ b/releases.yaml
@@ -37,13 +37,33 @@ templates:
    set: 
      - name: installCRDs
        value: true
-
+  # ----------------------------
+  # -- Istio
+  # ----------------------------
+  istio-version:
+    version: 1.16.1
  istio-base: &istio-base
    name: istio-base
    chart: istio/base
-    version: 1.16.1
    inherit: 
      - template: crd-management-hook
+      - template: istio-version
+
+  istio-gateway: &istio-gateway
+    name: istio-gateway
+    chart: istio/gateway
+    values:
+      - "{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml"
+    inherit:
+      - template: istio-version
+
+  istiod: &istiod
+    name: istiod
+    chart: istio/istiod
+    values:
+      - "{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml"
+    inherit:
+      - template: istio-version

  openvpn: &openvpn
    name: openvpn