Skip to content
An operator for syncing Cloud Map data into Istio
Branch: master
Clone or download
liamawhite Add configurable region support (#22)
* Add configurable region support

- Adds ability to configure region via config map
- Tidies up some hardcoding around Cloud Map pre-release obsfucation and limitations

* address pr review
Latest commit e3c9523 Dec 21, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
cmd/istio-cloud-map Add configurable region support (#22) Dec 21, 2018
demo Add synchronizer to complete initial functionality (#11) Nov 28, 2018
docker s/Route53/CloudMap/g (#15) Nov 29, 2018
kubernetes Add configurable region support (#22) Dec 21, 2018
pkg Add configurable region support (#22) Dec 21, 2018
.gitignore
Gopkg.lock Update to use newly release SDK for CloudMap (#18) Nov 29, 2018
Gopkg.toml Update to use newly release SDK for CloudMap (#18) Nov 29, 2018
LICENSE fix the gitignore which had a binary cat'd in to it, clean up history… Aug 3, 2018
Makefile Update to use newly release SDK for CloudMap (#18) Nov 29, 2018
README.md Add configurable region support (#22) Dec 21, 2018

README.md

Istio Cloud Map Operator

This repo contains an operator for syncing Cloud Map data into Istio by pushing ServiceEntry CRDs to the Kube API server.

Deploying to your Kubernetes cluster

  1. Create an AWS IAM identity with read access to AWS Cloud Map for the operator to use.
  2. Create a Kubernetes secret with the Access Key ID and Secret Access Key of the identity you just created in the namespace you want to deploy the Istio Cloud Map Operator:
apiVersion: v1
kind: Secret
metadata:
  name: aws-credz
  namespace: istio-system
type: Opaque
data:
  access-key-id: <base64-encoded-IAM-access-key-id>
  secret-access-key: <base64-encoded-IAM-secret-access-key>
  1. Edit the aws-config config map in kubernetes/deployment.yaml to choose the AWS Cloud Map region to sync with.
  2. Deploy the Istio Cloud Map Operator:
$ kubectl apply -f kubernetes/rbac.yaml -f kubernetes/deployment.yaml
  1. Verify that your ServiceEntries have been populated with the information in Cloud Map; there should be one ServiceEntry for every service in Cloud Map:
$ kubectl get serviceentries
NAME                                       CREATED AT
cloudmap-dev.null.demo.tetrate.io          17h
cloudmap-test-server.cloudmap.tetrate.io   17h
$ kubectl get serviceentries cloudmap-test-server.cloudmap.tetrate.io -o yaml
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: cloudmap-test-server.cloudmap.tetrate.io
  namespace: default
spec:
  addresses:
  - 172.31.37.168
  endpoints:
  - address: 172.31.37.168
    ports:
      http: 80
      https: 443
  hosts:
  - test-server.cloudmap.tetrate.io
  ports:
  - name: http
    number: 80
    protocol: HTTP
  - name: https
    number: 443
    protocol: HTTPS
  resolution: STATIC

Note: If you need to be able to resolve your services via DNS (as opposed to making the requests to a random IP and setting the Host header), either enable DNS propagation in your VPC peering configuration or install the Istio CoreDNS plugin.

Building

Build with the makefile by:

make deps # only needs to be done once
make      # or `make build`

Run with

make run

And produce docker containers via:

make docker-build
make docker-push

You can override the hub and tag using the CONTAINER_REGISTRY and CONTAINER_TAG environment variables:

env CONTAINER_REGISTRY=gcr.io/tetratelabs CONTAINER_TAG=v0.1 \
    make docker-push

Alternatively, just use go:

dep ensure
go build -o istio-cloud-map github.com/tetratelabs/istio-cloud-map/cmd/istio-cloud-map

Running Locally

To run locally:

make run
# or
make docker-run

or via go:

go build -o istio-cloud-map github.com/tetratelabs/istio-cloud-map/cmd/istio-cloud-map
./istio-cloud-map serve --kube-config ~/.kube/config

In particular the controller needs its --kube-config flag set to talk to the remote API server. If no flag is set, the controller assumes it is deployed into a Kubernetes cluster and attempts to contact the API server directly.

You can’t perform that action at this time.