Full RawVM - Istio running on prem/on raw vms without k8s #541

ldemailly · 2017-08-07T18:24:00Z

This is to track the follow up work from 0.2's #357 where the full istio stack runs on raw vm and not just the sidecar

ldemailly · 2017-08-07T18:27:05Z

Sidecar (envoy) + iptables script : done in 0.2
Mixer, already runs on rawvm ( https://github.com/istio/istio/blob/master/devel/README.md#collection-of-scripts-and-notes-for-developing-for-istio ) but would neeed
Mixer packaging/integration with rawvm builds
Pilot
Galley (k8s api server standalone)
Some ingress?
RawVM registration of services/VMs.
Consul integration

andraxylia · 2017-09-28T23:53:08Z

The work for 0.2 is done, can you update the epic with the issues/PRs, and either close it or move it to 0.3 if there are items left?

ldemailly · 2017-09-29T00:14:51Z

it's already on 0.3 since it was created - again this is about no k8s at all

* Updating pipeline version bazel.updateBazelRc used to make the workspace dirty, which means that all binary created per jenkins were marked as modified per build_stamp.sh * Use same label date in docker image for both hub Former-commit-id: 2cf9e62a91a0d22102c33ea70f78fcade6be4805

* Updating pipeline version bazel.updateBazelRc used to make the workspace dirty, which means that all binary created per jenkins were marked as modified per build_stamp.sh * Use same label date in docker image for both hub Former-commit-id: 7b726aa4897dc1beed8ae49bbe5628bb466d4223

* first pass https for egress external services * switched to service.External() for external checks, go fmt's, added .External() to conversion tests * unit test fixes for .golden files * removed duplicate logic check * formatting fixes * created egress specific cluster ssl context

costinm · 2018-02-22T18:06:50Z

It appears people in community managed to validate this, and I don't expect additional work on this area until after 1.0, it can be reopen if there is interest.

* update for telemetryv2 * add gen * add gen

…r IDs (istio#230) (istio#541) Squashed commit, incorporates changes from: * MAISTRA-551 Run sidecar with a dynamically-determined runAsUser ID * MAISTRA-611 Partial injection of just the annotation and runAsUser id * MAISTRA-668 Fix expected output of webhook injection The sidecar injector now sets the securityContext.runAsUser field regardless if it is specified in the sidecar template or not. This is to allow the sidecar template to not include the field, which is required to ensure that istioctl kube-inject outputs manifests that pass the SCC admission controller (if the runAsUser is specified, the SCC controller will reject the pod, as the uid won't be in the proper range). The sidecar injector then injects the correct runAsUser id even if it isn't specified in the template. * MAISTRA-1751: Set securityContext.fsGroup to comply with restricted SCC (istio#256) This is a rewrite of 46f0f4a for the Maistra 2.1 / Istio 1.8 rebase. * MAISTRA-2452 Apply dynamically-determined user ID to the istio-validation init container Co-authored-by: Marko Lukša <marko.luksa@gmail.com> Co-authored-by: Brad Ison <bison@coreos.com> Co-authored-by: Brian Avery <bavery@redhat.com> Co-authored-by: Marko Lukša <marko.luksa@gmail.com> Co-authored-by: Brad Ison <bison@coreos.com>

…IDs (istio#689) * [proxy-uid] MAISTRA-551: Run sidecars with dynamically-determined user IDs (istio#230) (istio#541) Squashed commit, incorporates changes from: * MAISTRA-551 Run sidecar with a dynamically-determined runAsUser ID * MAISTRA-611 Partial injection of just the annotation and runAsUser id * MAISTRA-668 Fix expected output of webhook injection The sidecar injector now sets the securityContext.runAsUser field regardless if it is specified in the sidecar template or not. This is to allow the sidecar template to not include the field, which is required to ensure that istioctl kube-inject outputs manifests that pass the SCC admission controller (if the runAsUser is specified, the SCC controller will reject the pod, as the uid won't be in the proper range). The sidecar injector then injects the correct runAsUser id even if it isn't specified in the template. * MAISTRA-1751: Set securityContext.fsGroup to comply with restricted SCC (istio#256) This is a rewrite of 46f0f4a for the Maistra 2.1 / Istio 1.8 rebase. * MAISTRA-2452 Apply dynamically-determined user ID to the istio-validation init container Co-authored-by: Marko Lukša <marko.luksa@gmail.com> Co-authored-by: Brad Ison <bison@coreos.com> Co-authored-by: Brian Avery <bavery@redhat.com> Co-authored-by: Marko Lukša <marko.luksa@gmail.com> Co-authored-by: Brad Ison <bison@coreos.com> * [maistra-2.3] OSSM-1847 ensure ProxyUID and ProxyGID are initialized when using gat… (istio#618) * OSSM-1847 ensure ProxyUID and ProxyGID are initialized when using gateway injection template Signed-off-by: rcernich <rcernich@redhat.com> * do not default ProxyUID and ProxyGID for gateways Signed-off-by: rcernich <rcernich@redhat.com> * initialize ProxyGID appropriately for gateway injection Signed-off-by: rcernich <rcernich@redhat.com> Signed-off-by: rcernich <rcernich@redhat.com> Co-authored-by: rcernich <rcernich@redhat.com> * fix(gen): runs make gen * chore: combines cni plugins golden files gen into one invocation Signed-off-by: rcernich <rcernich@redhat.com> Co-authored-by: Jacek Ewertowski <jewertow@redhat.com> Co-authored-by: Brian Avery <bavery@redhat.com> Co-authored-by: Marko Lukša <marko.luksa@gmail.com> Co-authored-by: Brad Ison <bison@coreos.com> Co-authored-by: maistra-bot <57098434+maistra-bot@users.noreply.github.com> Co-authored-by: rcernich <rcernich@redhat.com> [maistra-2.4] OSSM-2324 Ensure ProxyUID and ProxyGID are never nil (istio#703) * OSSM-2324 Ensure ProxyUID and ProxyGID are never nil If they are nil, Helm renders them as "nil" (with quotes), which the YAML parser can't parse as a float. * Remove redundant loop Co-authored-by: Marko Lukša <marko.luksa@gmail.com>

ldemailly added this to the Istio 0.3 milestone Aug 7, 2017

ldemailly added the Epic label Aug 7, 2017

ldemailly mentioned this issue Aug 7, 2017

Raw VM support #357

Closed

rshriram added the area/environments label Aug 17, 2017

ldemailly added the e2e & integration label Aug 17, 2017

costinm self-assigned this Aug 29, 2017

geeknoid added area/test and release and removed area/test and release e2e & integration labels Jan 26, 2018

ldemailly removed this from the Istio 0.3 milestone Jan 30, 2018

ldemailly changed the title ~~Full RawVM (0.3) - Istio running on prem/on raw vms without k8s~~ Full RawVM - Istio running on prem/on raw vms without k8s Jan 30, 2018

costinm closed this as completed Feb 22, 2018

rshriram pushed a commit to rshriram/istio that referenced this issue Jul 31, 2018

Make MCP protos to use gogo. (istio#541)

1503a62

howardjohn pushed a commit to howardjohn/istio that referenced this issue Jan 12, 2020

update for telemetryv2 (istio#541)

6b0187f

* update for telemetryv2 * add gen * add gen

howardjohn pushed a commit to howardjohn/istio that referenced this issue Jan 12, 2020

Update binary output path (istio#541)

7cfffde

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Full RawVM - Istio running on prem/on raw vms without k8s #541

Full RawVM - Istio running on prem/on raw vms without k8s #541

ldemailly commented Aug 7, 2017

ldemailly commented Aug 7, 2017 •

edited

Loading

andraxylia commented Sep 28, 2017

ldemailly commented Sep 29, 2017

costinm commented Feb 22, 2018

Full RawVM - Istio running on prem/on raw vms without k8s #541

Full RawVM - Istio running on prem/on raw vms without k8s #541

Comments

ldemailly commented Aug 7, 2017

ldemailly commented Aug 7, 2017 • edited Loading

andraxylia commented Sep 28, 2017

ldemailly commented Sep 29, 2017

costinm commented Feb 22, 2018

ldemailly commented Aug 7, 2017 •

edited

Loading