From 18109afec3397278e52646fdd72789962803f9cf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 19 Feb 2023 10:18:26 +0000 Subject: [PATCH] Migrate Istio completely (#7) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/7 --- .../values/values.istio-gateway.yaml | 31 +++++++++++++++++++ badhouseplants/values/values.istiod.yaml | 7 +++++ badhouseplants/values/values.openvpn.yaml | 1 + bin/migrate.sh | 2 +- etersoft/values/values.istio-gateway.yaml | 17 ++++++++++ etersoft/values/values.istiod.yaml | 7 +++++ etersoft/values/values.openvpn.yaml | 1 + helmfile.yaml | 10 ++++++ releases.yaml | 24 ++++++++++++-- 9 files changed, 97 insertions(+), 3 deletions(-) create mode 100644 badhouseplants/values/values.istio-gateway.yaml create mode 100644 badhouseplants/values/values.istiod.yaml create mode 100644 etersoft/values/values.istio-gateway.yaml create mode 100644 etersoft/values/values.istiod.yaml diff --git a/badhouseplants/values/values.istio-gateway.yaml b/badhouseplants/values/values.istio-gateway.yaml new file mode 100644 index 0000000..b698e06 --- /dev/null +++ b/badhouseplants/values/values.istio-gateway.yaml @@ -0,0 +1,31 @@ +--- +service: + type: LoadBalancer + ports: + - name: minecraft + port: 25565 + protocol: TCP + targetPort: 25565 + - name: ssh-gitea + port: 22 + protocol: TCP + targetPort: 22 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + - name: tcp + port: 1194 + protocol: TCP + targetPort: 1194 +resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 200m + memory: 1024Mi diff --git a/badhouseplants/values/values.istiod.yaml b/badhouseplants/values/values.istiod.yaml new file mode 100644 index 0000000..546495b --- /dev/null +++ b/badhouseplants/values/values.istiod.yaml @@ -0,0 +1,7 @@ +--- +pilot: + resources: + requests: + cpu: 50m + memory: 2048Mi + diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index 5fddee6..80b2be6 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -1,3 +1,4 @@ +--- storageClassName: longhorn openvpn: server: "tcp://195.201.250.50:1194" diff --git a/bin/migrate.sh b/bin/migrate.sh index 42d3d2c..b9ef8a9 100755 --- a/bin/migrate.sh +++ b/bin/migrate.sh @@ -1,3 +1,3 @@ #kubectl get all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings -l app.kubernetes.io/managed-by=Helm -l app.kubernetes.io/instance=cert-manager -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name | while read -r var1 var2; do kubectl annotate $var1 $var2 "meta.helm.sh/release-namespace"="cert-manager" "meta.helm.sh/release-name"="cert-manager" --overwrite; done -kubectl get sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istio-base -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istio-base" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done +kubectl get EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istiod -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istiod" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done diff --git a/etersoft/values/values.istio-gateway.yaml b/etersoft/values/values.istio-gateway.yaml new file mode 100644 index 0000000..58caaaf --- /dev/null +++ b/etersoft/values/values.istio-gateway.yaml @@ -0,0 +1,17 @@ +--- +service: + type: LoadBalancer + ports: + - name: status-port + port: 15021 + protocol: TCP + targetPort: 15021 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + diff --git a/etersoft/values/values.istiod.yaml b/etersoft/values/values.istiod.yaml new file mode 100644 index 0000000..036279e --- /dev/null +++ b/etersoft/values/values.istiod.yaml @@ -0,0 +1,7 @@ +--- +pilot: + resources: + requests: + cpu: 50m + memory: 256Mi + diff --git a/etersoft/values/values.openvpn.yaml b/etersoft/values/values.openvpn.yaml index 2b0c78d..9173f4b 100644 --- a/etersoft/values/values.openvpn.yaml +++ b/etersoft/values/values.openvpn.yaml @@ -1,3 +1,4 @@ +--- storageClassName: microk8s-hostpath openvpn: server: "tcp://91.232.225.63:1194" diff --git a/helmfile.yaml b/helmfile.yaml index 1973e67..76299d8 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -16,6 +16,16 @@ releases: namespace: istio-system createNamespace: false + - <<: *istio-gateway + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istiod + installed: true + namespace: istio-system + createNamespace: false + - <<: *cert-manager installed: true namespace: cert-manager diff --git a/releases.yaml b/releases.yaml index f5a4e94..d6cbb12 100644 --- a/releases.yaml +++ b/releases.yaml @@ -37,13 +37,33 @@ templates: set: - name: installCRDs value: true - + # ---------------------------- + # -- Istio + # ---------------------------- + istio-version: + version: 1.16.1 istio-base: &istio-base name: istio-base chart: istio/base - version: 1.16.1 inherit: - template: crd-management-hook + - template: istio-version + + istio-gateway: &istio-gateway + name: istio-gateway + chart: istio/gateway + values: + - "{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml" + inherit: + - template: istio-version + + istiod: &istiod + name: istiod + chart: istio/istiod + values: + - "{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml" + inherit: + - template: istio-version openvpn: &openvpn name: openvpn