diff options
author | Pramod <pramod.raghavendra.jayathirth@intel.com> | 2019-05-31 17:44:59 -0700 |
---|---|---|
committer | Marco Platania <platania@research.att.com> | 2019-08-27 12:37:35 +0000 |
commit | 37c3190380ac16eddd0534ac108b396a374a6ad9 (patch) | |
tree | ee13b9d44df211390ffd561e6a7af8abae53f249 /vnfs/DAaaS/deploy/00-init/istio | |
parent | de82cc4d161f0010135ddcb4581f4864ea4c85e1 (diff) |
Helm Chart for Istio with SDS
Helm is installed using the Istio operator
Secret Discovery Service - SDS is used in Istio
for identity provisioning and Certificate rotation
Issue-ID: ONAPARC-504
Signed-off-by: Pramod <pramod.raghavendra.jayathirth@intel.com>
Change-Id: I4cabd26ccefbbb87ef02cba58e17b5c4a9ef0e34
Diffstat (limited to 'vnfs/DAaaS/deploy/00-init/istio')
6 files changed, 201 insertions, 3 deletions
diff --git a/vnfs/DAaaS/deploy/00-init/istio/README.md b/vnfs/DAaaS/deploy/00-init/istio/README.md index 58d2a639..74b0e5f7 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/README.md +++ b/vnfs/DAaaS/deploy/00-init/istio/README.md @@ -1,4 +1,3 @@ - /* * Copyright 2019 Intel Corporation, Inc * @@ -17,7 +16,9 @@ # Instructions to Install Istio ServiceMesh -# a. Install Istio Operator's helm chart -# NOTE - Istio Operator is useful for maintainence and Upgrade to Istio versions +# Step 1 - Install Istio Operator's helm chart helm install --name=istio-operator --namespace=istio-system istio-operator + +# Step 2 - Add the helm chart to install Istio in sds configuration +helm install istio-instance --name istio --namespace istio-system diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/.helmignore b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/Chart.yaml b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/Chart.yaml new file mode 100644 index 00000000..ca2ff626 --- /dev/null +++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/Chart.yaml @@ -0,0 +1,22 @@ + +#/* +# * Copyright 2019 Intel Corporation, Inc +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# */ + +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Istio +name: istio-instance +version: 0.1.0 diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/_helpers.tpl b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/_helpers.tpl new file mode 100644 index 00000000..c2e7c701 --- /dev/null +++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/_helpers.tpl @@ -0,0 +1,63 @@ +#/* +# * Copyright 2019 Intel Corporation, Inc +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# */ + + +{{/* +Expand the name of the chart. +*/}} +{{- define "Chart-name.name" -}} +{{- default .Chart.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "istio.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "istio.chart" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified configmap name. +*/}} +{{- define "istio.configmap.fullname" -}} +{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Configmap checksum. +*/}} +{{- define "istio.configmap.checksum" -}} +{{- print $.Template.BasePath "/configmap.yaml" | sha256sum -}} +{{- end -}} + diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/istio-sds.yaml b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/istio-sds.yaml new file mode 100644 index 00000000..8c440a4e --- /dev/null +++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/istio-sds.yaml @@ -0,0 +1,50 @@ + + +#/*Copyright 2019 Intel Corporation, Inc +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# */ +apiVersion: istio.banzaicloud.io/v1beta1 +kind: Istio +metadata: + labels: + controller-tools.k8s.io: "1.0" + name: {{ .Values.metadata.name }} +spec: + version: {{ .Values.spec.version | quote }} + mtls: {{ .Values.spec.mtls }} + autoInjectionNamespaces: {{- range .Values.spec.autoInjectionNamespaces }} + - {{ . | quote }} + {{- end }} + sds: + enabled: {{ .Values.spec.sds.enabled }} + udsPath: {{ .Values.spec.sds.udsPath | quote }} + useTrustworthyJwt: {{ .Values.spec.sds.useTrustworthyJwt }} + useNormalJwt: {{ .Values.spec.sds.useNormalJwt }} + gateways: + enabled: {{ .Values.spec.gateways.enabled }} + ingress: + enabled: {{ .Values.spec.gateways.ingress.enabled }} + sds: + enabled: {{ .Values.spec.gateways.ingress.sds.enabled }} + image: {{ .Values.spec.gateways.ingress.sds.image | quote }} + resources: {} + # requests: + # cpu: 100m + # memory: 128Mi + # limits: + # cpu: 2000m + # memory: 1024Mi + nodeAgent: + enabled: {{ .Values.spec.nodeAgent.enabled }} + image: {{ .Values.spec.nodeAgent.image | quote }} diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml new file mode 100644 index 00000000..93363613 --- /dev/null +++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml @@ -0,0 +1,40 @@ + +#/* +# * Copyright 2019 Intel Corporation, Inc +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# */ +#Declare variables to be pssed into your Istio SDS template file. + +metadata: + name: "istio-sample" +spec: + version: "1.2.2" + mtls: true + autoInjectionNamespaces: + - "" + sds: + enabled: true + udsPath: "unix:/var/run/sds/uds_path" + useTrustworthyJwt: false + useNormalJwt: true + gateways: + enabled: false + ingress: + enabled: false + sds: + enabled: false + image: "docker.io/istio/node-agent-k8s:1.2.2" + nodeAgent: + enabled: true + image : "docker.io/istio/node-agent-k8s:1.2.2" |