Permalink
Browse files

Ingress cleanups (#7222)

* Ingress and gateway updates

* Add gateways

* Remove the old ingress chart

* Don't configure https port automatically

* Remove for now the istio services ingress, roll back the old ingress.

* Really add back the ingress chart

* Add preinstall annotations and move CRDs (CRDs are not specific to pilot, but istio general)

* Add missing files (autoscaler for pilot as well, seems I missed it)

* Attempt to fix failing auth server

* use http2

* Move back crds to pilot, helm doesn't like them in templates

* use crd-install hook, up helm, more logs to debug failing test

* helm version is in 2 places

* Bump helm to 2.9.1

* Use pre-install

* Let's try CRDs without dry-run

* Helm crd creation fixes

* Autoscale doesn't work well with the default 0.1 alloc - causing test failures

* Fix failing test

* Broken build with attempt to support testing multiple helm versions

* More attempts to get CRDs working in all cases

- revert using pre-init for security - it doesn't help and it's not
cleaned on delete. System eventually recovers.

- switch test to helm 2.9 - we should test with released version
Do the crd install ahead of time.

- added explicit control for CRD inclusion, so helm template with
pre-2.10 works as before. When using kubectl apply it is safe to have
the crds included (but still better to apply them before install)

- update dep to avoid lint failure

* Prow uses different base dir

* Bad conflict resolution
  • Loading branch information...
costinm committed Jul 24, 2018
1 parent 7eb1bea commit 6bc7939142ec2aa5b6684619f3b44894c2a1699b

Some generated files are not rendered by default. Learn more.

Oops, something went wrong.
@@ -35,8 +35,6 @@ GO_TOP=$(cd $(dirname $0)/../../../..; pwd)

export OUT_DIR=${OUT_DIR:-${GO_TOP}/out}

HELM_VER=v2.7.2

export GOPATH=${GOPATH:-$GO_TOP}
# Normally set by Makefile
export ISTIO_BIN=${ISTIO_BIN:-${GOPATH}/bin}
@@ -35,7 +35,12 @@ GO_TOP=$(cd $(dirname $0)/../../../..; pwd)

export OUT_DIR=${OUT_DIR:-${GO_TOP}/out}

HELM_VER=v2.7.2
# Current version is 2.9.1, with 2.10RC available
# 2.7.2 was released in Nov 2017.
# 2.10 adds proper support for CRD - we will test with it
# For pre-2.10,
HELM_VER=${HELM_VER:-v2.9.1}
#HELM_VER=${HELM_VER:-v2.10.0-rc.1}

export GOPATH=${GOPATH:-$GO_TOP}
# Normally set by Makefile
@@ -64,12 +69,14 @@ export GOOS=${GOOS:-${LOCAL_OS}}
export ISTIO_OUT=${ISTIO_OUT:-${ISTIO_BIN}}

# install helm if not present, it must be the local version.
if [ ! -f ${ISTIO_OUT}/helm ] ; then
if [ ! -f ${ISTIO_OUT}/version.helm.${HELM_VER} ] ; then
TD=$(mktemp -d)
# Install helm. Please keep it in sync with .circleci
cd ${TD} && \
curl -Lo ${TD}/helm.tgz https://storage.googleapis.com/kubernetes-helm/helm-${HELM_VER}-${LOCAL_OS}-amd64.tar.gz && \
tar xfz helm.tgz && \
mv ${LOCAL_OS}-amd64/helm ${ISTIO_OUT}/helm && \
rm -rf ${TD}
mv ${LOCAL_OS}-amd64/helm ${ISTIO_OUT}/helm-${HELM_VER} && \
cp ${ISTIO_OUT}/helm-${HELM_VER} ${ISTIO_OUT}/helm && \
rm -rf ${TD} && \
touch ${ISTIO_OUT}/version.helm.${HELM_VER}
fi
@@ -2,7 +2,7 @@ apiVersion: v1
name: istio
version: 1.0.0
appVersion: 1.0.0
tillerVersion: ">=2.7.2"
tillerVersion: ">=2.7.2-0"
description: Helm chart for all istio components
keywords:
- istio
@@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusterissuers.certmanager.k8s.io
annotations:
"helm.sh/hook": crd-install
labels:
app: certmanager
spec:
@@ -16,6 +18,8 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: issuers.certmanager.k8s.io
annotations:
"helm.sh/hook": crd-install
labels:
app: certmanager
spec:
@@ -30,6 +34,8 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: certificates.certmanager.k8s.io
annotations:
"helm.sh/hook": crd-install
labels:
app: certmanager
spec:
@@ -17,7 +17,7 @@ spec:
- type: Resource
resource:
name: cpu
targetAverageUtilization: 55
targetAverageUtilization: 60
---
{{- end }}
{{- end }}
@@ -0,0 +1,19 @@
{{- if .Values.autoscaleMin }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: istio-pilot
spec:
maxReplicas: {{ .Values.autoscaleMax }}
minReplicas: {{ .Values.autoscaleMin }}
scaleTargetRef:
apiVersion: apps/v1beta1
kind: Deployment
name: istio-pilot
metrics:
- type: Resource
resource:
name: cpu
targetAverageUtilization: 55
---
{{- end }}

This file was deleted.

Oops, something went wrong.
@@ -1,3 +1,31 @@
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: istio-autogenerated-k8s-ingress
namespace: istio-system
spec:
selector:
istio: {{ .Values.global.ingressSelector }}
servers:
- port:
number: 80
protocol: HTTP2
name: http
hosts:
- "*"
{{ if .Values.global.ingressHttps }}
- port:
number: 443
protocol: HTTPS
name: https-default
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingress-certs/tls.crt
privateKey: /etc/istio/ingress-certs/tls.key
hosts:
- "*"
{{ end }}
---
{{- if .Values.global.meshExpansion }}
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
@@ -43,7 +71,4 @@ spec:
name: tcp-citadel
hosts:
- "*"



{{- end }}
@@ -33,7 +33,7 @@ data:
{{- if .Values.ingress.enabled }}
# This is the ingress service name, update if you used a different name
ingressService: istio-ingress
ingressService: istio-{{ .Values.global.ingressSelector }}
{{- end }}
# Unix Domain Socket through which envoy communicates with NodeAgent SDS to get
Oops, something went wrong.

0 comments on commit 6bc7939

Please sign in to comment.