badhouseplants/k8s-cluster-config
Archived
4
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Activity

Migrate Istio completely (#7)

Browse Source 
Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/7
This commit is contained in:
Nikolai Rodionov 2023-02-19 10:18:26 +00:00
parent de6599ac2b
commit 18109afec3
9 changed files with 97 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
badhouseplants/values/values.istio-gateway.yaml Normal file
View File

@ -0,0 +1,31 @@
---
service:
type: LoadBalancer
ports:
- name: minecraft
port: 25565
protocol: TCP
targetPort: 25565
- name: ssh-gitea
port: 22
protocol: TCP
targetPort: 22
- name: http2
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
- name: tcp
port: 1194
protocol: TCP
targetPort: 1194
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 200m
memory: 1024Mi

7
badhouseplants/values/values.istiod.yaml Normal file
View File

@ -0,0 +1,7 @@
---
pilot:
resources:
requests:
cpu: 50m
memory: 2048Mi

1
badhouseplants/values/values.openvpn.yaml
View File

@ -1,3 +1,4 @@
---
storageClassName: longhorn storageClassName: longhorn
openvpn: openvpn:
server: "tcp://195.201.250.50:1194" server: "tcp://195.201.250.50:1194"

2
bin/migrate.sh
View File

@ -1,3 +1,3 @@
#kubectl get all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings -l app.kubernetes.io/managed-by=Helm -l app.kubernetes.io/instance=cert-manager -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name | while read -r var1 var2; do kubectl annotate $var1 $var2 "meta.helm.sh/release-namespace"="cert-manager" "meta.helm.sh/release-name"="cert-manager" --overwrite; done #kubectl get all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings -l app.kubernetes.io/managed-by=Helm -l app.kubernetes.io/instance=cert-manager -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name | while read -r var1 var2; do kubectl annotate $var1 $var2 "meta.helm.sh/release-namespace"="cert-manager" "meta.helm.sh/release-name"="cert-manager" --overwrite; done
kubectl get sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istio-base -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istio-base" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done kubectl get EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istiod -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istiod" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done

17
etersoft/values/values.istio-gateway.yaml Normal file
View File

@ -0,0 +1,17 @@
---
service:
type: LoadBalancer
ports:
- name: status-port
port: 15021
protocol: TCP
targetPort: 15021
- name: http2
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443

7
etersoft/values/values.istiod.yaml Normal file
View File

@ -0,0 +1,7 @@
---
pilot:
resources:
requests:
cpu: 50m
memory: 256Mi

1
etersoft/values/values.openvpn.yaml
View File

@ -1,3 +1,4 @@
---
storageClassName: microk8s-hostpath storageClassName: microk8s-hostpath
openvpn: openvpn:
server: "tcp://91.232.225.63:1194" server: "tcp://91.232.225.63:1194"

10
helmfile.yaml
View File

@ -16,6 +16,16 @@ releases:
namespace: istio-system namespace: istio-system
createNamespace: false createNamespace: false
- <<: *istio-gateway
installed: true
namespace: istio-system
createNamespace: false
- <<: *istiod
installed: true
namespace: istio-system
createNamespace: false
- <<: *cert-manager - <<: *cert-manager
installed: true installed: true
namespace: cert-manager namespace: cert-manager

24
releases.yaml
View File

@ -37,13 +37,33 @@ templates:
set: set:
- name: installCRDs - name: installCRDs
value: true value: true
# ----------------------------
# -- Istio
# ----------------------------
istio-version:
version: 1.16.1
istio-base: &istio-base istio-base: &istio-base
name: istio-base name: istio-base
chart: istio/base chart: istio/base
version: 1.16.1
inherit: inherit:
- template: crd-management-hook - template: crd-management-hook
- template: istio-version
istio-gateway: &istio-gateway
name: istio-gateway
chart: istio/gateway
values:
- "{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml"
inherit:
- template: istio-version
istiod: &istiod
name: istiod
chart: istio/istiod
values:
- "{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml"
inherit:
- template: istio-version
openvpn: &openvpn openvpn: &openvpn
name: openvpn name: openvpn