From a4af64eb53ee405bd4265a835742a6dff6bd6716 Mon Sep 17 00:00:00 2001 From: NimRegev Date: Tue, 15 Nov 2022 14:36:41 +0200 Subject: [PATCH 1/7] Update requirements.md Updated Istio configuration: Virtual Service and WorkflowTemplate configurations --- _docs/runtime/requirements.md | 54 +++++++++++++++++++++++++++++++++-- 1 file changed, 51 insertions(+), 3 deletions(-) diff --git a/_docs/runtime/requirements.md b/_docs/runtime/requirements.md index c87f8308..6952d44d 100644 --- a/_docs/runtime/requirements.md +++ b/_docs/runtime/requirements.md @@ -186,6 +186,7 @@ The table below lists the specific configuration requirements for Codefresh. |Valid TLS certificate| | |TCP support | | |Cluster routing service | _After_ installing hybrid runtime | +|Annotation in WorkflowTemplate | | {::nomarkdown}
@@ -216,13 +217,58 @@ Configure the ingress controller to handle TCP requests. #### Cluster routing service > The cluster routing service must be configured _after_ installing the hybrid runtime. -Configure the `VirtualService` to route traffic to the `app-proxy` and `webhook` services, as in the examples below. +Based on the runtime version, you need to configure a single or different `VirtualService` resources for these services: + +##### Runtime version 0.0.543 or higher +Configure a single `VirtualService` resource to route traffic to the `app-proxy`, `webhook`, and `workflow` services, as in the examples below. + +```yaml +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + namespace: pov-codefresh-istio-runtime # replace with your runtime name + name: internal-router +spec: + hosts: + - pov-codefresh-istio-runtime.sales-dev.codefresh.io # replace with your host name + gateways: + - istio-system/internal-router + http: + - match: + - uri: + prefix: /webhooks + route: + - destination: + host: internal-router + port: + number: 80 + - match: + - uri: + prefix: /app-proxy + route: + - destination: + host: internal-router + port: + number: 80 + - match: + - uri: + prefix: /workflows + route: + - destination: + host: internal-router + port: + number: 80 +``` + +##### Runtime version 0.0.542 or lower + +Configure two different `VirtualService` resources, to route traffic to the `app-proxy` and to the `webhook` services, as in the examples below. {::nomarkdown}
{:/} -**`VirtualService` example for `app-proxy`:** +**`VirtualService` example for `app-proxy`:** ```yaml apiVersion: networking.istio.io/v1alpha3 @@ -249,7 +295,7 @@ spec:
{:/} -**`VirtualService` example for `webhook`:** +**`VirtualService` example for `webhook`:** ```yaml apiVersion: networking.istio.io/v1alpha3 @@ -272,6 +318,8 @@ spec: port: number: 80 ``` + +#### Annotation in WorkflowTemplate {::nomarkdown}

{:/} From 65e6c4736a2530c5ccbfbb9f043571e47dcac3a3 Mon Sep 17 00:00:00 2001 From: NimRegev Date: Tue, 15 Nov 2022 14:37:32 +0200 Subject: [PATCH 2/7] Update requirements.md Added WorkflowTemplate configuration for Istio --- _docs/runtime/requirements.md | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/_docs/runtime/requirements.md b/_docs/runtime/requirements.md index 6952d44d..fdfb631f 100644 --- a/_docs/runtime/requirements.md +++ b/_docs/runtime/requirements.md @@ -186,7 +186,7 @@ The table below lists the specific configuration requirements for Codefresh. |Valid TLS certificate| | |TCP support | | |Cluster routing service | _After_ installing hybrid runtime | -|Annotation in WorkflowTemplate | | +|Add annotation WorkflowTemplate for application hold | | {::nomarkdown}
@@ -320,6 +320,31 @@ spec: ``` #### Annotation in WorkflowTemplate +Configure the `WorkflowTemplate` to wait until the proxy has started to prevent connection refused errors. + +Add `metadata.annotations.proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'`, as in the example below. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: istio-slack.0.0.7 +spec: + entrypoint: send-to-slack + templates: + - name: send-to-slack + serviceAccountName: istio-slack.0.0.7 + metadata: + annotations: + proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }' + retryStrategy: + limit: '3' + retryPolicy: 'Always' + backoff: + duration: '5s' +... +``` + {::nomarkdown}

{:/} From 9d6ca9c460165143d288e95e4464203c790b3501 Mon Sep 17 00:00:00 2001 From: NimRegev Date: Thu, 17 Nov 2022 08:58:48 +0200 Subject: [PATCH 3/7] Update istio configuration Added virtual service example for runtime 0.0. 543 and higher --- _docs/runtime/requirements.md | 33 ++++----------------------------- 1 file changed, 4 insertions(+), 29 deletions(-) diff --git a/_docs/runtime/requirements.md b/_docs/runtime/requirements.md index fdfb631f..1f79b327 100644 --- a/_docs/runtime/requirements.md +++ b/_docs/runtime/requirements.md @@ -186,7 +186,6 @@ The table below lists the specific configuration requirements for Codefresh. |Valid TLS certificate| | |TCP support | | |Cluster routing service | _After_ installing hybrid runtime | -|Add annotation WorkflowTemplate for application hold | | {::nomarkdown}
@@ -220,7 +219,7 @@ Configure the ingress controller to handle TCP requests. Based on the runtime version, you need to configure a single or different `VirtualService` resources for these services: ##### Runtime version 0.0.543 or higher -Configure a single `VirtualService` resource to route traffic to the `app-proxy`, `webhook`, and `workflow` services, as in the examples below. +Configure a single `VirtualService` resource to route traffic to the `app-proxy`, `webhook`, and `workflow` services, as in the example below. ```yaml apiVersion: networking.istio.io/v1alpha3 @@ -232,7 +231,7 @@ spec: hosts: - pov-codefresh-istio-runtime.sales-dev.codefresh.io # replace with your host name gateways: - - istio-system/internal-router + - istio-system/internal-router # replace with your gateway name http: - match: - uri: @@ -280,7 +279,7 @@ spec: hosts: - my.support.cf-cd.com # replace with your host name gateways: - - my-gateway + - my-gateway # replace with your host name http: - match: - uri: @@ -307,7 +306,7 @@ spec: hosts: - my.support.cf-cd.com # replace with your host name gateways: - - my-gateway + - my-gateway # replace with your host name http: - match: - uri: @@ -319,31 +318,7 @@ spec: number: 80 ``` -#### Annotation in WorkflowTemplate -Configure the `WorkflowTemplate` to wait until the proxy has started to prevent connection refused errors. -Add `metadata.annotations.proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'`, as in the example below. - -```yaml -apiVersion: argoproj.io/v1alpha1 -kind: WorkflowTemplate -metadata: - name: istio-slack.0.0.7 -spec: - entrypoint: send-to-slack - templates: - - name: send-to-slack - serviceAccountName: istio-slack.0.0.7 - metadata: - annotations: - proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }' - retryStrategy: - limit: '3' - retryPolicy: 'Always' - backoff: - duration: '5s' -... -``` {::nomarkdown}

From 113045c9b3ab5e87e5d6dbce3d1b85d1642963fa Mon Sep 17 00:00:00 2001 From: NimRegev Date: Thu, 17 Nov 2022 09:04:39 +0200 Subject: [PATCH 4/7] Update requirements.md --- _docs/runtime/requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_docs/runtime/requirements.md b/_docs/runtime/requirements.md index 1f79b327..77f5a46f 100644 --- a/_docs/runtime/requirements.md +++ b/_docs/runtime/requirements.md @@ -261,7 +261,7 @@ spec: ##### Runtime version 0.0.542 or lower -Configure two different `VirtualService` resources, to route traffic to the `app-proxy` and to the `webhook` services, as in the examples below. +Configure two different `VirtualService` resources, one to route traffic to the `app-proxy`, and the second to route traffic to the `webhook` services, as in the examples below. {::nomarkdown}
From 82517a8268099794d63915109c56b7190d813596 Mon Sep 17 00:00:00 2001 From: NimRegev Date: Sun, 20 Nov 2022 11:36:33 +0200 Subject: [PATCH 5/7] Update requirements.md Added note on webhook - to be clarified with Yarik --- _docs/runtime/requirements.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/_docs/runtime/requirements.md b/_docs/runtime/requirements.md index 77f5a46f..f8499f4d 100644 --- a/_docs/runtime/requirements.md +++ b/_docs/runtime/requirements.md @@ -294,7 +294,9 @@ spec:
{:/} -**`VirtualService` example for `webhook`:** +**`VirtualService` example for `webhook`:** + +> Configure a `webhook` for each event defined in the event source. ```yaml apiVersion: networking.istio.io/v1alpha3 @@ -306,7 +308,7 @@ spec: hosts: - my.support.cf-cd.com # replace with your host name gateways: - - my-gateway # replace with your host name + - my-gateway # replace with your gateway name http: - match: - uri: From af6f86a3f20f68b6b39e11cb004eb1f55b0a1b81 Mon Sep 17 00:00:00 2001 From: NimRegev Date: Tue, 22 Nov 2022 09:09:48 +0200 Subject: [PATCH 6/7] Update requirements.md --- _docs/runtime/requirements.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/_docs/runtime/requirements.md b/_docs/runtime/requirements.md index f8499f4d..484404f3 100644 --- a/_docs/runtime/requirements.md +++ b/_docs/runtime/requirements.md @@ -296,7 +296,7 @@ spec: **`VirtualService` example for `webhook`:** -> Configure a `webhook` for each event defined in the event source. +> Configure a `webhook` URI for each event-source. ```yaml apiVersion: networking.istio.io/v1alpha3 @@ -312,10 +312,10 @@ spec: http: - match: - uri: - prefix: /webhooks/test-runtime3/push-github # replace `test-runtime3` with your runtime name + prefix: /webhooks/test-runtime3/push-github # replace `test-runtime3` with your runtime name, and `push-github' with the name of the event source route: - destination: - host: push-github-eventsource-svc + host: push-github-eventsource-svc # replace `push-github' with the name of the event source port: number: 80 ``` From 3dd6cc0a7eb7265a012e46b4394cdb5413cdcc43 Mon Sep 17 00:00:00 2001 From: NimRegev Date: Tue, 22 Nov 2022 09:24:56 +0200 Subject: [PATCH 7/7] Update requirements.md --- _docs/runtime/requirements.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/_docs/runtime/requirements.md b/_docs/runtime/requirements.md index 484404f3..b93780c1 100644 --- a/_docs/runtime/requirements.md +++ b/_docs/runtime/requirements.md @@ -296,7 +296,7 @@ spec: **`VirtualService` example for `webhook`:** -> Configure a `webhook` URI for each event-source. +> Configure a `uri.prefix` and `destination.host` for each event-source if you have more than one. ```yaml apiVersion: networking.istio.io/v1alpha3 @@ -312,10 +312,18 @@ spec: http: - match: - uri: - prefix: /webhooks/test-runtime3/push-github # replace `test-runtime3` with your runtime name, and `push-github' with the name of the event source + prefix: /webhooks/test-runtime3/push-github # replace `test-runtime3` with your runtime name, and `push-github` with the name of your event source route: - destination: - host: push-github-eventsource-svc # replace `push-github' with the name of the event source + host: push-github-eventsource-svc # replace `push-github' with the name of your event source + port: + number: 80 + - match: + - uri: + prefix: /webhooks/test-runtime3/cypress-docker-images-push # replace `test-runtime3` with your runtime name, and `cypress-docker-images-push` with the name of your event source + route: + - destination: + host: cypress-docker-images-push-eventsource-svc # replace `cypress-docker-images-push` with the name of your event source port: number: 80 ```