Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Hans Kristian Flaatten
committed
Apr 30, 2020
1 parent
e7eb287
commit 6cd0928
Showing
25 changed files
with
914 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Patterns to ignore when building packages. | ||
# This supports shell glob matching, relative path matching, and | ||
# negation (prefixed with !). Only one pattern per line. | ||
.DS_Store | ||
# Common VCS dirs | ||
.git/ | ||
.gitignore | ||
.bzr/ | ||
.bzrignore | ||
.hg/ | ||
.hgignore | ||
.svn/ | ||
# Common backup files | ||
*.swp | ||
*.bak | ||
*.tmp | ||
*~ | ||
# Various IDEs | ||
.project | ||
.idea/ | ||
*.tmproj | ||
.vscode/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
apiVersion: v1 | ||
appVersion: "1.5.1" | ||
description: A Helm chart for installing Istio on AKS | ||
name: istio-aks | ||
version: 1.0.2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
{{/* vim: set filetype=mustache: */}} | ||
{{/* | ||
Expand the name of the chart. | ||
*/}} | ||
{{- define "istio-gke.name" -}} | ||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create a default fully qualified app name. | ||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||
If release name contains chart name it will be used as a full name. | ||
*/}} | ||
{{- define "istio-gke.fullname" -}} | ||
{{- if .Values.fullnameOverride -}} | ||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} | ||
{{- else -}} | ||
{{- $name := default .Chart.Name .Values.nameOverride -}} | ||
{{- if contains $name .Release.Name -}} | ||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}} | ||
{{- else -}} | ||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create chart name and version as used by the chart label. | ||
*/}} | ||
{{- define "istio-gke.chart" -}} | ||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,184 @@ | ||
apiVersion: istio.banzaicloud.io/v1beta1 | ||
kind: Istio | ||
metadata: | ||
name: {{ include "istio-gke.fullname" . }} | ||
labels: | ||
controller-tools.k8s.io: "1.0" | ||
app.kubernetes.io/name: {{ include "istio-gke.name" . }} | ||
helm.sh/chart: {{ include "istio-gke.chart" . }} | ||
app.kubernetes.io/instance: {{ .Release.Name }} | ||
app.kubernetes.io/managed-by: {{ .Release.Service }} | ||
spec: | ||
version: "{{ .Values.istio.version }}" | ||
meshPolicy: | ||
mtlsMode: {{ .Values.istio.meshPolicy.mtlsMode }} | ||
autoMtls: {{ .Values.istio.autoMtls }} | ||
includeIPRanges: "*" | ||
excludeIPRanges: "" | ||
autoInjectionNamespaces: | ||
{{- toYaml .Values.istio.autoInjectionNamespaces | nindent 4 }} | ||
controlPlaneSecurityEnabled: false | ||
mountMtlsCerts: false | ||
# priorityClassName: system-cluster-critical | ||
defaultResources: | ||
requests: | ||
cpu: 10m | ||
mixerlessTelemetry: | ||
enabled: true | ||
sds: | ||
enabled: {{ .Values.istio.sds.enabled }} | ||
istiod: | ||
enabled: true | ||
pilot: | ||
enabled: true | ||
image: "docker.io/istio/pilot:{{ .Values.istio.version }}" | ||
replicaCount: 1 | ||
minReplicas: 1 | ||
maxReplicas: 5 | ||
traceSampling: 1.0 | ||
resources: | ||
requests: | ||
cpu: 500m | ||
memory: 2048Mi | ||
certProvider: "istiod" | ||
citadel: | ||
enabled: {{ .Values.istio.citadel.enabled }} | ||
caSecretName: istio-ca-secret | ||
image: "docker.io/istio/citadel:{{ .Values.istio.version }}" | ||
galley: | ||
enabled: false | ||
image: "docker.io/istio/galley:{{ .Values.istio.version }}" | ||
replicaCount: 1 | ||
enableServiceDiscovery: false | ||
enableAnalysis: false | ||
gateways: | ||
enabled: {{ .Values.istio.gateways.enabled }} | ||
ingress: | ||
enabled: {{ .Values.istio.gateways.ingress.enabled }} | ||
replicaCount: 1 | ||
minReplicas: 1 | ||
maxReplicas: 5 | ||
serviceType: "LoadBalancer" | ||
loadBalancerIP: {{ .Values.istio.gateways.ingress.loadBalancerIP }} | ||
serviceAnnotations: {} | ||
serviceLabels: {} | ||
ports: | ||
- port: 15020 | ||
targetPort: 15020 | ||
name: status-port | ||
- port: 80 | ||
targetPort: 80 | ||
name: http2 | ||
- port: 443 | ||
targetPort: 443 | ||
name: https | ||
- port: 15443 | ||
targetPort: 15443 | ||
name: tls | ||
resources: | ||
requests: | ||
cpu: 100m | ||
memory: 128Mi | ||
limits: | ||
cpu: 2000m | ||
memory: 1024Mi | ||
egress: | ||
enabled: {{ .Values.istio.gateways.egress.enabled }} | ||
replicaCount: 1 | ||
minReplicas: 1 | ||
maxReplicas: 5 | ||
serviceType: "ClusterIP" | ||
serviceAnnotations: {} | ||
serviceLabels: {} | ||
ports: | ||
- port: 80 | ||
targetPort: 80 | ||
name: http2 | ||
- port: 443 | ||
targetPort: 443 | ||
name: https | ||
- port: 15443 | ||
targetPort: 15443 | ||
name: tls | ||
resources: | ||
requests: | ||
cpu: 100m | ||
memory: 128Mi | ||
limits: | ||
cpu: 2000m | ||
memory: 256Mi | ||
k8singress: | ||
enabled: {{ .Values.istio.gateways.k8singress.enabled }} | ||
policy: | ||
enabled: {{ .Values.istio.policy.enabled }} | ||
image: "docker.io/istio/mixer:{{ .Values.istio.version }}" | ||
replicaCount: 1 | ||
minReplicas: 1 | ||
maxReplicas: 5 | ||
telemetry: | ||
enabled: false | ||
image: "docker.io/istio/mixer:{{ .Values.istio.version }}" | ||
replicaCount: 1 | ||
minReplicas: 1 | ||
maxReplicas: 5 | ||
sidecarInjector: | ||
enabled: {{ .Values.istio.sidecarInjector.enabled }} | ||
image: "docker.io/istio/sidecar_injector:{{ .Values.istio.version }}" | ||
replicaCount: 1 | ||
rewriteAppHTTPProbe: {{ .Values.istio.sidecarInjector.rewriteAppHTTPProbe }} | ||
autoInjectionPolicyEnabled: {{ .Values.istio.sidecarInjector.autoInjectionPolicyEnabled }} | ||
init: | ||
resources: | ||
requests: | ||
cpu: 10m | ||
memory: 10Mi | ||
limits: | ||
cpu: 100m | ||
memory: 50Mi | ||
nodeAgent: | ||
enabled: false | ||
image: "docker.io/istio/node-agent-k8s:{{ .Values.istio.version }}" | ||
proxy: | ||
image: "docker.io/istio/proxyv2:{{ .Values.istio.version }}" | ||
accessLogFile: "/dev/stdout" | ||
accessLogFormat: "" | ||
accessLogEncoding: "TEXT" | ||
enableCoreDump: false | ||
resources: | ||
requests: | ||
cpu: 100m | ||
memory: 128Mi | ||
limits: | ||
cpu: 2000m | ||
memory: 1024Mi | ||
proxyInit: | ||
image: "docker.io/istio/proxyv2:{{ .Values.istio.version }}" | ||
defaultPodDisruptionBudget: | ||
enabled: true | ||
outboundTrafficPolicy: | ||
mode: ALLOW_ANY | ||
tracing: | ||
enabled: {{ .Values.istio.tracing.enabled }} | ||
tracer: {{ .Values.istio.tracing.tracer }} | ||
zipkin: | ||
address: zipkin.istio-system:9411 | ||
datadog: | ||
address: $(HOST_IP):8126 | ||
lightstep: | ||
address: lightstep-satellite.lightstep:9292 | ||
accessToken: <access-token> | ||
secure: true | ||
cacertPath: /etc/lightstep/cacert.pem | ||
localityLB: | ||
enabled: false | ||
# distribute: | ||
# - from: "us-central1/*" | ||
# to: | ||
# "us-central1/*": 80 | ||
# "us-central2/*": 20 | ||
# failover: | ||
# - from: us-east | ||
# to: eu-west | ||
# - from: us-west | ||
# to: us-east | ||
jwtPolicy: "first-party-jwt" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
# Default values for istio-gke. | ||
# This is a YAML-formatted file. | ||
# Declare variables to be passed into your templates. | ||
|
||
istio: | ||
version: 1.5.1 | ||
|
||
meshPolicy: | ||
mtlsMode: PERMISSIVE | ||
|
||
autoInjectionNamespaces: | ||
- default | ||
|
||
autoMtls: true | ||
|
||
sds: | ||
enabled: true | ||
|
||
sidecarInjector: | ||
enabled: true | ||
|
||
rewriteAppHTTPProbe: true | ||
autoInjectionPolicyEnabled: true | ||
|
||
citadel: | ||
enabled: true | ||
|
||
gateways: | ||
enabled: true | ||
egress: | ||
enabled: true | ||
sds: | ||
enabled: true | ||
serviceType: "ClusterIP" | ||
ingress: | ||
enabled: true | ||
serviceType: "LoadBalancer" | ||
loadBalancerIP: "" | ||
k8singress: | ||
enabled: false | ||
|
||
policy: | ||
enabled: true | ||
|
||
tracing: | ||
enabled: false | ||
tracer: zipkin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,72 @@ | ||
resource "azurerm_resource_group" "aks" { | ||
resource "azurerm_resource_group" "example" { | ||
name = "aks-demo" | ||
location = "West Europe" | ||
} | ||
|
||
resource "azurerm_container_registry" "example" { | ||
name = "evryflaatten" | ||
location = azurerm_resource_group.example.location | ||
resource_group_name = azurerm_resource_group.example.name | ||
sku = "Premium" | ||
admin_enabled = true | ||
} | ||
|
||
resource "azurerm_kubernetes_cluster" "example" { | ||
name = "aks-demo" | ||
location = azurerm_resource_group.example.location | ||
resource_group_name = azurerm_resource_group.example.name | ||
dns_prefix = "aksdemo" | ||
|
||
#network_profile { | ||
# network_plugin = "kubenet" | ||
# network_policy = "calico" | ||
#} | ||
|
||
default_node_pool { | ||
name = "default" | ||
type = "VirtualMachineScaleSets" | ||
vm_size = "Standard_D2_v2" | ||
|
||
enable_auto_scaling = true | ||
max_count = 10 | ||
min_count = 1 | ||
} | ||
|
||
identity { | ||
type = "SystemAssigned" | ||
} | ||
|
||
tags = { | ||
Environment = "Production" | ||
} | ||
} | ||
|
||
output "host" { | ||
value = azurerm_kubernetes_cluster.example.kube_config.0.host | ||
sensitive = true | ||
} | ||
|
||
output "username" { | ||
value = azurerm_kubernetes_cluster.example.kube_config.0.username | ||
sensitive = true | ||
} | ||
|
||
output "password" { | ||
value = azurerm_kubernetes_cluster.example.kube_config.0.password | ||
sensitive = true | ||
} | ||
|
||
output "client_certificate" { | ||
value = azurerm_kubernetes_cluster.example.kube_config.0.client_certificate | ||
sensitive = true | ||
} | ||
|
||
output "client_key" { | ||
value = azurerm_kubernetes_cluster.example.kube_config.0.client_key | ||
sensitive = true | ||
} | ||
|
||
output "cluster_ca_certificate" { | ||
value = azurerm_kubernetes_cluster.example.kube_config.0.cluster_ca_certificate | ||
sensitive = true | ||
} |
Oops, something went wrong.