aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPramod <pramod.raghavendra.jayathirth@intel.com>2019-05-31 17:44:59 -0700
committerMarco Platania <platania@research.att.com>2019-08-27 12:37:35 +0000
commit37c3190380ac16eddd0534ac108b396a374a6ad9 (patch)
treeee13b9d44df211390ffd561e6a7af8abae53f249
parentde82cc4d161f0010135ddcb4581f4864ea4c85e1 (diff)
Helm Chart for Istio with SDS
Helm is installed using the Istio operator Secret Discovery Service - SDS is used in Istio for identity provisioning and Certificate rotation Issue-ID: ONAPARC-504 Signed-off-by: Pramod <pramod.raghavendra.jayathirth@intel.com> Change-Id: I4cabd26ccefbbb87ef02cba58e17b5c4a9ef0e34
-rw-r--r--vnfs/DAaaS/deploy/00-init/istio/README.md7
-rw-r--r--vnfs/DAaaS/deploy/00-init/istio/istio-instance/.helmignore22
-rw-r--r--vnfs/DAaaS/deploy/00-init/istio/istio-instance/Chart.yaml22
-rw-r--r--vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/_helpers.tpl63
-rw-r--r--vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/istio-sds.yaml50
-rw-r--r--vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml40
6 files changed, 201 insertions, 3 deletions
diff --git a/vnfs/DAaaS/deploy/00-init/istio/README.md b/vnfs/DAaaS/deploy/00-init/istio/README.md
index 58d2a639..74b0e5f7 100644
--- a/vnfs/DAaaS/deploy/00-init/istio/README.md
+++ b/vnfs/DAaaS/deploy/00-init/istio/README.md
@@ -1,4 +1,3 @@
-
/*
* Copyright 2019 Intel Corporation, Inc
*
@@ -17,7 +16,9 @@
# Instructions to Install Istio ServiceMesh
-# a. Install Istio Operator's helm chart
-# NOTE - Istio Operator is useful for maintainence and Upgrade to Istio versions
+# Step 1 - Install Istio Operator's helm chart
helm install --name=istio-operator --namespace=istio-system istio-operator
+
+# Step 2 - Add the helm chart to install Istio in sds configuration
+helm install istio-instance --name istio --namespace istio-system
diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/.helmignore b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/.helmignore
new file mode 100644
index 00000000..50af0317
--- /dev/null
+++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/Chart.yaml b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/Chart.yaml
new file mode 100644
index 00000000..ca2ff626
--- /dev/null
+++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/Chart.yaml
@@ -0,0 +1,22 @@
+
+#/*
+# * Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Istio
+name: istio-instance
+version: 0.1.0
diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/_helpers.tpl b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/_helpers.tpl
new file mode 100644
index 00000000..c2e7c701
--- /dev/null
+++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/_helpers.tpl
@@ -0,0 +1,63 @@
+#/*
+# * Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "Chart-name.name" -}}
+{{- default .Chart.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "istio.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "istio.chart" -}}
+{{- .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified configmap name.
+*/}}
+{{- define "istio.configmap.fullname" -}}
+{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Configmap checksum.
+*/}}
+{{- define "istio.configmap.checksum" -}}
+{{- print $.Template.BasePath "/configmap.yaml" | sha256sum -}}
+{{- end -}}
+
diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/istio-sds.yaml b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/istio-sds.yaml
new file mode 100644
index 00000000..8c440a4e
--- /dev/null
+++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/istio-sds.yaml
@@ -0,0 +1,50 @@
+
+
+#/*Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+apiVersion: istio.banzaicloud.io/v1beta1
+kind: Istio
+metadata:
+ labels:
+ controller-tools.k8s.io: "1.0"
+ name: {{ .Values.metadata.name }}
+spec:
+ version: {{ .Values.spec.version | quote }}
+ mtls: {{ .Values.spec.mtls }}
+ autoInjectionNamespaces: {{- range .Values.spec.autoInjectionNamespaces }}
+ - {{ . | quote }}
+ {{- end }}
+ sds:
+ enabled: {{ .Values.spec.sds.enabled }}
+ udsPath: {{ .Values.spec.sds.udsPath | quote }}
+ useTrustworthyJwt: {{ .Values.spec.sds.useTrustworthyJwt }}
+ useNormalJwt: {{ .Values.spec.sds.useNormalJwt }}
+ gateways:
+ enabled: {{ .Values.spec.gateways.enabled }}
+ ingress:
+ enabled: {{ .Values.spec.gateways.ingress.enabled }}
+ sds:
+ enabled: {{ .Values.spec.gateways.ingress.sds.enabled }}
+ image: {{ .Values.spec.gateways.ingress.sds.image | quote }}
+ resources: {}
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+ # limits:
+ # cpu: 2000m
+ # memory: 1024Mi
+ nodeAgent:
+ enabled: {{ .Values.spec.nodeAgent.enabled }}
+ image: {{ .Values.spec.nodeAgent.image | quote }}
diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml
new file mode 100644
index 00000000..93363613
--- /dev/null
+++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml
@@ -0,0 +1,40 @@
+
+#/*
+# * Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+#Declare variables to be pssed into your Istio SDS template file.
+
+metadata:
+ name: "istio-sample"
+spec:
+ version: "1.2.2"
+ mtls: true
+ autoInjectionNamespaces:
+ - ""
+ sds:
+ enabled: true
+ udsPath: "unix:/var/run/sds/uds_path"
+ useTrustworthyJwt: false
+ useNormalJwt: true
+ gateways:
+ enabled: false
+ ingress:
+ enabled: false
+ sds:
+ enabled: false
+ image: "docker.io/istio/node-agent-k8s:1.2.2"
+ nodeAgent:
+ enabled: true
+ image : "docker.io/istio/node-agent-k8s:1.2.2"