diff --git a/istio-multicluster-servicemesh/2-bookinfo-destinationrule/destination-rule-all.yaml b/istio-multicluster-servicemesh/2-bookinfo-destinationrule/destination-rule-all.yaml deleted file mode 100644 index 96be699..0000000 --- a/istio-multicluster-servicemesh/2-bookinfo-destinationrule/destination-rule-all.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: productpage -spec: - host: productpage - subsets: - - name: v1 - labels: - version: v1 ---- -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: reviews -spec: - host: reviews - subsets: - - name: v1 - labels: - version: v1 - - name: v2 - labels: - version: v2 - - name: v3 - labels: - version: v3 ---- -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: ratings -spec: - host: ratings - subsets: - - name: v1 - labels: - version: v1 - - name: v2 - labels: - version: v2 - - name: v2-mysql - labels: - version: v2-mysql - - name: v2-mysql-vm - labels: - version: v2-mysql-vm ---- -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: details -spec: - host: details - subsets: - - name: v1 - labels: - version: v1 - - name: v2 - labels: - version: v2 ---- diff --git a/istio-multicluster-servicemesh/3-bookinfo-virtualservices-all-v1/virtual-service-all-v1.yaml b/istio-multicluster-servicemesh/3-bookinfo-virtualservices-all-v1/virtual-service-all-v1.yaml deleted file mode 100644 index 6811e31..0000000 --- a/istio-multicluster-servicemesh/3-bookinfo-virtualservices-all-v1/virtual-service-all-v1.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: productpage -spec: - hosts: - - productpage - http: - - route: - - destination: - host: productpage - subset: v1 ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: reviews -spec: - hosts: - - reviews - http: - - route: - - destination: - host: reviews - subset: v1 ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: ratings -spec: - hosts: - - ratings - http: - - route: - - destination: - host: ratings - subset: v1 ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: details -spec: - hosts: - - details - http: - - route: - - destination: - host: details - subset: v1 ---- diff --git a/istio-multicluster-servicemesh/4-bookinfo-virtualservices-v2-test/virtual-service-reviews-test-v2.yaml b/istio-multicluster-servicemesh/4-bookinfo-virtualservices-v2-test/virtual-service-reviews-test-v2.yaml deleted file mode 100644 index ea07efb..0000000 --- a/istio-multicluster-servicemesh/4-bookinfo-virtualservices-v2-test/virtual-service-reviews-test-v2.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: reviews -spec: - hosts: - - reviews - http: - - match: - - headers: - end-user: - exact: jason - route: - - destination: - host: reviews - subset: v2 - - route: - - destination: - host: reviews - subset: v1 diff --git a/istio-multicluster-servicemesh/5-bookinfo-virtualservice-50-v3/virtual-service-reviews-50-v3.yaml b/istio-multicluster-servicemesh/5-bookinfo-virtualservice-50-v3/virtual-service-reviews-50-v3.yaml deleted file mode 100644 index aad8c31..0000000 --- a/istio-multicluster-servicemesh/5-bookinfo-virtualservice-50-v3/virtual-service-reviews-50-v3.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: reviews -spec: - hosts: - - reviews - http: - - route: - - destination: - host: reviews - subset: v1 - weight: 50 - - destination: - host: reviews - subset: v3 - weight: 50 diff --git a/istio-multicluster-servicemesh/6-bookinfo-virtualservices-all-v3/virtual-service-reviews-v3.yaml b/istio-multicluster-servicemesh/6-bookinfo-virtualservices-all-v3/virtual-service-reviews-v3.yaml deleted file mode 100644 index 5da999d..0000000 --- a/istio-multicluster-servicemesh/6-bookinfo-virtualservices-all-v3/virtual-service-reviews-v3.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: reviews -spec: - hosts: - - reviews - http: - - route: - - destination: - host: reviews - subset: v3 diff --git a/istio-multicluster-servicemesh/1-bookinfo-gateway/bookinfo-gateway.yaml b/istio-multicluster-servicemesh/bookinfo-gateway/bookinfo-gateway.yaml similarity index 100% rename from istio-multicluster-servicemesh/1-bookinfo-gateway/bookinfo-gateway.yaml rename to istio-multicluster-servicemesh/bookinfo-gateway/bookinfo-gateway.yaml diff --git a/istio-multicluster-servicemesh/bookinfo-gateway/namespace.yaml b/istio-multicluster-servicemesh/bookinfo-gateway/namespace.yaml new file mode 100644 index 0000000..2231a30 --- /dev/null +++ b/istio-multicluster-servicemesh/bookinfo-gateway/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-apps + labels: + istio-injection: enabled diff --git a/istio-multicluster-servicemesh/bookinfo-mc1/bookinfo-mc1.yaml b/istio-multicluster-servicemesh/bookinfo-mc1/bookinfo-mc1.yaml index a08e92c..2f0e996 100644 --- a/istio-multicluster-servicemesh/bookinfo-mc1/bookinfo-mc1.yaml +++ b/istio-multicluster-servicemesh/bookinfo-mc1/bookinfo-mc1.yaml @@ -1,31 +1,3 @@ -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################################################## -# This file defines the services, service accounts, and deployments for the Bookinfo sample. -# -# To apply all 4 Bookinfo services, their corresponding service accounts, and deployments: -# -# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -# -# Alternatively, you can deploy any resource separately: -# -# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l service=reviews # reviews Service -# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l account=reviews # reviews ServiceAccount -# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l app=reviews,version=v3 # reviews-v3 Deployment -################################################################################################## - ################################################################################################## # Details service ################################################################################################## diff --git a/istio-multicluster-servicemesh/bookinfo-mc1/namespace.yaml b/istio-multicluster-servicemesh/bookinfo-mc1/namespace.yaml new file mode 100644 index 0000000..2231a30 --- /dev/null +++ b/istio-multicluster-servicemesh/bookinfo-mc1/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-apps + labels: + istio-injection: enabled diff --git a/istio-multicluster-servicemesh/bookinfo-mc1/networkattachmentdefinition.yaml b/istio-multicluster-servicemesh/bookinfo-mc1/networkattachmentdefinition.yaml new file mode 100644 index 0000000..50c077b --- /dev/null +++ b/istio-multicluster-servicemesh/bookinfo-mc1/networkattachmentdefinition.yaml @@ -0,0 +1,4 @@ +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: istio-cni diff --git a/istio-multicluster-servicemesh/bookinfo-mc2/bookinfo-mc2.yaml b/istio-multicluster-servicemesh/bookinfo-mc2/bookinfo-mc2.yaml index f41efe9..1eba1ec 100644 --- a/istio-multicluster-servicemesh/bookinfo-mc2/bookinfo-mc2.yaml +++ b/istio-multicluster-servicemesh/bookinfo-mc2/bookinfo-mc2.yaml @@ -1,31 +1,3 @@ -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################################################## -# This file defines the services, service accounts, and deployments for the Bookinfo sample. -# -# To apply all 4 Bookinfo services, their corresponding service accounts, and deployments: -# -# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -# -# Alternatively, you can deploy any resource separately: -# -# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l service=reviews # reviews Service -# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l account=reviews # reviews ServiceAccount -# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l app=reviews,version=v3 # reviews-v3 Deployment -################################################################################################## - ################################################################################################## # Ratings service ################################################################################################## diff --git a/istio-multicluster-servicemesh/bookinfo-mc2/namespace.yaml b/istio-multicluster-servicemesh/bookinfo-mc2/namespace.yaml new file mode 100644 index 0000000..2231a30 --- /dev/null +++ b/istio-multicluster-servicemesh/bookinfo-mc2/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-apps + labels: + istio-injection: enabled diff --git a/istio-multicluster-servicemesh/bookinfo-mc2/networkattachmentdefinition.yaml b/istio-multicluster-servicemesh/bookinfo-mc2/networkattachmentdefinition.yaml new file mode 100644 index 0000000..50c077b --- /dev/null +++ b/istio-multicluster-servicemesh/bookinfo-mc2/networkattachmentdefinition.yaml @@ -0,0 +1,4 @@ +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: istio-cni diff --git a/istio-multicluster-servicemesh/istio-operator-gw/istio-ingressgateway-route.yaml b/istio-multicluster-servicemesh/istio-gateway/istio-ingressgateway-route.yaml similarity index 91% rename from istio-multicluster-servicemesh/istio-operator-gw/istio-ingressgateway-route.yaml rename to istio-multicluster-servicemesh/istio-gateway/istio-ingressgateway-route.yaml index 264e161..92c4ad0 100644 --- a/istio-multicluster-servicemesh/istio-operator-gw/istio-ingressgateway-route.yaml +++ b/istio-multicluster-servicemesh/istio-gateway/istio-ingressgateway-route.yaml @@ -5,7 +5,6 @@ metadata: app: istio-ingressgateway istio: ingressgateway name: ingressgateway - namespace: istio-apps spec: port: targetPort: http2 diff --git a/istio-multicluster-servicemesh/istio-gateway/istio-operator.yaml b/istio-multicluster-servicemesh/istio-gateway/istio-operator.yaml new file mode 100644 index 0000000..49ccbf5 --- /dev/null +++ b/istio-multicluster-servicemesh/istio-gateway/istio-operator.yaml @@ -0,0 +1,32 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +metadata: + name: istio-ingress +spec: + profile: empty + components: + ingressGateways: + - name: ingressgateway + namespace: istio-apps + enabled: true + label: + istio: ingressgateway + k8s: + service: + ports: + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + values: + gateways: + istio-ingressgateway: + injectionTemplate: gateway diff --git a/istio-multicluster-servicemesh/istio-gateway/namespace.yaml b/istio-multicluster-servicemesh/istio-gateway/namespace.yaml new file mode 100644 index 0000000..2231a30 --- /dev/null +++ b/istio-multicluster-servicemesh/istio-gateway/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-apps + labels: + istio-injection: enabled diff --git a/istio-multicluster-servicemesh/istio-gateway/networkattachmentdefinition.yaml b/istio-multicluster-servicemesh/istio-gateway/networkattachmentdefinition.yaml new file mode 100644 index 0000000..50c077b --- /dev/null +++ b/istio-multicluster-servicemesh/istio-gateway/networkattachmentdefinition.yaml @@ -0,0 +1,4 @@ +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: istio-cni diff --git a/istio-multicluster-servicemesh/istio-operator-hub/istio-operator.yaml b/istio-multicluster-servicemesh/istio-multicluster-hub/istio-operator.yaml similarity index 93% rename from istio-multicluster-servicemesh/istio-operator-hub/istio-operator.yaml rename to istio-multicluster-servicemesh/istio-multicluster-hub/istio-operator.yaml index c594520..b97c4cb 100644 --- a/istio-multicluster-servicemesh/istio-operator-hub/istio-operator.yaml +++ b/istio-multicluster-servicemesh/istio-multicluster-hub/istio-operator.yaml @@ -1,7 +1,7 @@ apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: - name: istio-hub + name: istio-controlplane-hub namespace: istio-system spec: profile: empty @@ -62,8 +62,11 @@ spec: operatorManageWebhooks: true meshID: mesh1 multiCluster: - clusterName: mcscluster1 + clusterName: local-cluster network: network1 + tracer: + zipkin: + address: zipkin.istio-system.svc.clusterset.local:9411 cni: cniBinDir: /var/lib/cni/bin cniConfDir: /etc/cni/multus/net.d diff --git a/istio-multicluster-servicemesh/istio-operator-hub/istiod-serrviceexport.yaml b/istio-multicluster-servicemesh/istio-multicluster-hub/istiod-serrviceexport.yaml similarity index 81% rename from istio-multicluster-servicemesh/istio-operator-hub/istiod-serrviceexport.yaml rename to istio-multicluster-servicemesh/istio-multicluster-hub/istiod-serrviceexport.yaml index 8cabc47..fb73161 100644 --- a/istio-multicluster-servicemesh/istio-operator-hub/istiod-serrviceexport.yaml +++ b/istio-multicluster-servicemesh/istio-multicluster-hub/istiod-serrviceexport.yaml @@ -3,3 +3,5 @@ kind: ServiceExport metadata: name: istiod namespace: istio-system + labels: + app: istiod diff --git a/istio-multicluster-servicemesh/istio-multicluster-hub/jeager-route.yaml b/istio-multicluster-servicemesh/istio-multicluster-hub/jeager-route.yaml new file mode 100644 index 0000000..2dad450 --- /dev/null +++ b/istio-multicluster-servicemesh/istio-multicluster-hub/jeager-route.yaml @@ -0,0 +1,15 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: jeager + namespace: istio-system + labels: + app: jaeger +spec: + to: + kind: Service + name: tracing + weight: 100 + port: + targetPort: http-query + wildcardPolicy: None diff --git a/istio-multicluster-servicemesh/istio-multicluster-hub/jeager-serviceexport.yaml b/istio-multicluster-servicemesh/istio-multicluster-hub/jeager-serviceexport.yaml new file mode 100644 index 0000000..dbe10d6 --- /dev/null +++ b/istio-multicluster-servicemesh/istio-multicluster-hub/jeager-serviceexport.yaml @@ -0,0 +1,7 @@ +apiVersion: multicluster.x-k8s.io/v1alpha1 +kind: ServiceExport +metadata: + name: zipkin + namespace: istio-system + labels: + app: jaeger diff --git a/istio-multicluster-servicemesh/istio-multicluster-hub/jeager.yaml b/istio-multicluster-servicemesh/istio-multicluster-hub/jeager.yaml new file mode 100644 index 0000000..cc8a02a --- /dev/null +++ b/istio-multicluster-servicemesh/istio-multicluster-hub/jeager.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jaeger + namespace: istio-system + labels: + app: jaeger +spec: + selector: + matchLabels: + app: jaeger + template: + metadata: + labels: + app: jaeger + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" + spec: + containers: + - name: jaeger + image: "docker.io/jaegertracing/all-in-one:1.23" + env: + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + - name: COLLECTOR_ZIPKIN_HOST_PORT + value: ":9411" + - name: MEMORY_MAX_TRACES + value: "50000" + - name: QUERY_BASE_PATH + value: /jaeger + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 + volumeMounts: + - name: data + mountPath: /badger + resources: + requests: + cpu: 10m + volumes: + - name: data + emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: istio-system + labels: + app: jaeger +spec: + type: ClusterIP + ports: + - name: http-query + port: 80 + protocol: TCP + targetPort: 16686 + # Note: Change port name if you add '--query.grpc.tls.enabled=true' + - name: grpc-query + port: 16685 + protocol: TCP + targetPort: 16685 + selector: + app: jaeger +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + labels: + name: zipkin + name: zipkin + namespace: istio-system +spec: + ports: + - port: 9411 + targetPort: 9411 + name: http-query + selector: + app: jaeger +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: istio-system + labels: + app: jaeger +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + - port: 9411 + targetPort: 9411 + name: http-zipkin + selector: + app: jaeger diff --git a/istio-multicluster-servicemesh/istio-multicluster-hub/kiali-configmap.yaml b/istio-multicluster-servicemesh/istio-multicluster-hub/kiali-configmap.yaml new file mode 100644 index 0000000..e0215c2 --- /dev/null +++ b/istio-multicluster-servicemesh/istio-multicluster-hub/kiali-configmap.yaml @@ -0,0 +1,81 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: kiali + app.kubernetes.io/instance: kiali + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kiali + app.kubernetes.io/part-of: kiali + app.kubernetes.io/version: v1.38.0 + helm.sh/chart: kiali-server-1.38.0 + version: v1.38.0 + name: kiali + namespace: istio-system +data: + config.yaml: | + auth: + openid: {} + openshift: + client_id_prefix: kiali + strategy: anonymous + deployment: + accessible_namespaces: + - '**' + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + hpa: + api_version: autoscaling/v2beta2 + spec: {} + image_name: quay.io/kiali/kiali + image_pull_policy: Always + image_pull_secrets: [] + image_version: v1.38 + ingress_enabled: false + instance_name: kiali + logger: + log_format: text + log_level: info + sampler_rate: "1" + time_field_format: 2006-01-02T15:04:05Z07:00 + namespace: istio-system + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: + sidecar.istio.io/inject: "false" + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: kiali + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.38.0 + view_only_mode: false + external_services: + prometheus: + thanos_proxy: + enabled: true + url: "http://observability-thanos-query-frontend.open-cluster-management-observability.svc.cluster.local:9090" + grafana: + in_cluster_url: "http://grafana.open-cluster-management-observability.svc.cluster.local:3001" + tracing: + in_cluster_url: "http://tracing.istio-system:16685/jaeger" + custom_dashboards: + enabled: true + identity: + cert_file: "" + private_key_file: "" + istio_namespace: istio-system + login_token: + signing_key: CHANGEME + server: + metrics_enabled: true + metrics_port: 9090 + port: 20001 + web_root: /kiali diff --git a/istio-multicluster-servicemesh/istio-multicluster-hub/kiali-route.yaml b/istio-multicluster-servicemesh/istio-multicluster-hub/kiali-route.yaml new file mode 100644 index 0000000..7e7e120 --- /dev/null +++ b/istio-multicluster-servicemesh/istio-multicluster-hub/kiali-route.yaml @@ -0,0 +1,15 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: kiali + namespace: istio-system + labels: + app: kiali +spec: + to: + kind: Service + name: kiali + weight: 100 + port: + targetPort: http + wildcardPolicy: None diff --git a/istio-multicluster-servicemesh/istio-multicluster-hub/kiali.yaml b/istio-multicluster-servicemesh/istio-multicluster-hub/kiali.yaml new file mode 100644 index 0000000..4a59c9e --- /dev/null +++ b/istio-multicluster-servicemesh/istio-multicluster-hub/kiali.yaml @@ -0,0 +1,423 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kiali + namespace: istio-system + labels: + helm.sh/chart: kiali-server-1.38.0 + app: kiali + app.kubernetes.io/name: kiali + app.kubernetes.io/instance: kiali + version: "v1.38.0" + app.kubernetes.io/version: "v1.38.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: "kiali" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kiali-viewer + labels: + helm.sh/chart: kiali-server-1.38.0 + app: kiali + app.kubernetes.io/name: kiali + app.kubernetes.io/instance: kiali + version: "v1.38.0" + app.kubernetes.io/version: "v1.38.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: "kiali" +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - pods/log + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - namespaces + - pods + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kiali + labels: + helm.sh/chart: kiali-server-1.38.0 + app: kiali + app.kubernetes.io/name: kiali + app.kubernetes.io/instance: kiali + version: "v1.38.0" + app.kubernetes.io/version: "v1.38.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: "kiali" +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - pods/log + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - namespaces + - pods + - replicationcontrollers + - services + verbs: + - get + - list + - watch + - patch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - patch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + - patch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch + - patch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kiali + labels: + helm.sh/chart: kiali-server-1.38.0 + app: kiali + app.kubernetes.io/name: kiali + app.kubernetes.io/instance: kiali + version: "v1.38.0" + app.kubernetes.io/version: "v1.38.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: "kiali" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kiali +subjects: +- kind: ServiceAccount + name: kiali + namespace: istio-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kiali-controlplane + namespace: istio-system + labels: + helm.sh/chart: kiali-server-1.38.0 + app: kiali + app.kubernetes.io/name: kiali + app.kubernetes.io/instance: kiali + version: "v1.38.0" + app.kubernetes.io/version: "v1.38.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: "kiali" +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kiali-controlplane + namespace: istio-system + labels: + helm.sh/chart: kiali-server-1.38.0 + app: kiali + app.kubernetes.io/name: kiali + app.kubernetes.io/instance: kiali + version: "v1.38.0" + app.kubernetes.io/version: "v1.38.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: "kiali" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kiali-controlplane +subjects: +- kind: ServiceAccount + name: kiali + namespace: istio-system +--- +apiVersion: v1 +kind: Service +metadata: + name: kiali + namespace: istio-system + labels: + helm.sh/chart: kiali-server-1.38.0 + app: kiali + app.kubernetes.io/name: kiali + app.kubernetes.io/instance: kiali + version: "v1.38.0" + app.kubernetes.io/version: "v1.38.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: "kiali" + annotations: +spec: + ports: + - name: http + protocol: TCP + port: 20001 + - name: http-metrics + protocol: TCP + port: 9090 + selector: + app.kubernetes.io/name: kiali + app.kubernetes.io/instance: kiali +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kiali + namespace: istio-system + labels: + helm.sh/chart: kiali-server-1.38.0 + app: kiali + app.kubernetes.io/name: kiali + app.kubernetes.io/instance: kiali + version: "v1.38.0" + app.kubernetes.io/version: "v1.38.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: "kiali" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kiali + app.kubernetes.io/instance: kiali + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: kiali + labels: + helm.sh/chart: kiali-server-1.38.0 + app: kiali + app.kubernetes.io/name: kiali + app.kubernetes.io/instance: kiali + version: "v1.38.0" + app.kubernetes.io/version: "v1.38.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: "kiali" + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9090" + kiali.io/dashboards: go,kiali + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: kiali + containers: + - image: "quay.io/kiali/kiali:v1.38" + imagePullPolicy: Always + name: kiali + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + ports: + - name: api-port + containerPort: 20001 + - name: http-metrics + containerPort: 9090 + readinessProbe: + httpGet: + path: /kiali/healthz + port: api-port + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: /kiali/healthz + port: api-port + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "info" + - name: LOG_FORMAT + value: "text" + - name: LOG_TIME_FIELD_FORMAT + value: "2006-01-02T15:04:05Z07:00" + - name: LOG_SAMPLER_RATE + value: "1" + volumeMounts: + - name: kiali-configuration + mountPath: "/kiali-configuration" + - name: kiali-cert + mountPath: "/kiali-cert" + - name: kiali-secret + mountPath: "/kiali-secret" + - name: kiali-cabundle + mountPath: "/kiali-cabundle" + volumes: + - name: kiali-configuration + configMap: + name: kiali + - name: kiali-cert + secret: + secretName: istio.kiali-service-account + optional: true + - name: kiali-secret + secret: + secretName: kiali + optional: true + - name: kiali-cabundle + configMap: + name: kiali-cabundle + optional: true diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster/namespace.yaml b/istio-multicluster-servicemesh/istio-multicluster-hub/namespace.yaml similarity index 55% rename from subscriptions/istio-multicluster-servicemesh/istio-multicluster/namespace.yaml rename to istio-multicluster-servicemesh/istio-multicluster-hub/namespace.yaml index f394e91..c1dc305 100644 --- a/subscriptions/istio-multicluster-servicemesh/istio-multicluster/namespace.yaml +++ b/istio-multicluster-servicemesh/istio-multicluster-hub/namespace.yaml @@ -2,3 +2,5 @@ apiVersion: v1 kind: Namespace metadata: name: istio-system + labels: + topology.istio.io/network: network1 diff --git a/istio-multicluster-servicemesh/istio-operator-mc2/istiooperator.yaml b/istio-multicluster-servicemesh/istio-multicluster-remote/istiooperator.yaml similarity index 82% rename from istio-multicluster-servicemesh/istio-operator-mc2/istiooperator.yaml rename to istio-multicluster-servicemesh/istio-multicluster-remote/istiooperator.yaml index 5f793ef..e492817 100644 --- a/istio-multicluster-servicemesh/istio-operator-mc2/istiooperator.yaml +++ b/istio-multicluster-servicemesh/istio-multicluster-remote/istiooperator.yaml @@ -1,7 +1,7 @@ apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: - name: istio-mc2 + name: istio-controlplane-remote namespace: istio-system spec: profile: external @@ -23,12 +23,15 @@ spec: configCluster: true meshID: mesh1 multiCluster: - clusterName: mcsdemo2 + clusterName: managedcluster network: network1 + tracer: + zipkin: + address: zipkin.istio-system.svc.clusterset.local:9411 pilot: configMap: true istiodRemote: - injectionURL: https://istiod.istio-system.svc.clusterset.local:443/inject/:ENV:cluster=mcsdemo2:ENV:net=network1 + injectionURL: https://istiod.istio-system.svc.clusterset.local:443/inject/:ENV:cluster=managedcluster:ENV:net=network1 base: validationURL: https://istiod.istio-system.svc.clusterset.local:443/validate cni: diff --git a/istio-multicluster-servicemesh/istio-multicluster-remote/namespace.yaml b/istio-multicluster-servicemesh/istio-multicluster-remote/namespace.yaml new file mode 100644 index 0000000..c1dc305 --- /dev/null +++ b/istio-multicluster-servicemesh/istio-multicluster-remote/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-system + labels: + topology.istio.io/network: network1 diff --git a/istio-multicluster-servicemesh/istio-operator-gw/istio-operator.yaml b/istio-multicluster-servicemesh/istio-operator-gw/istio-operator.yaml deleted file mode 100644 index e94308c..0000000 --- a/istio-multicluster-servicemesh/istio-operator-gw/istio-operator.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -metadata: - name: istio-ingress - namespace: istio-apps -spec: - profile: empty - components: - ingressGateways: - - name: ingressgateway - namespace: istio-apps - enabled: true - label: - istio: ingressgateway - values: - gateways: - istio-ingressgateway: - injectionTemplate: gateway diff --git a/istio-multicluster-servicemesh/istio-operator-mc1/istiooperator.yaml b/istio-multicluster-servicemesh/istio-operator-mc1/istiooperator.yaml deleted file mode 100644 index 7de93c6..0000000 --- a/istio-multicluster-servicemesh/istio-operator-mc1/istiooperator.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -metadata: - name: istio-mc1 - namespace: istio-system -spec: - profile: external - components: - base: - enabled: true - cni: - enabled: true - namespace: kube-system - k8s: - overlays: - - kind: DaemonSet - name: istio-cni-node - patches: - - path: spec.template.spec.containers[0].securityContext.privileged - value: true - values: - global: - configCluster: true - meshID: mesh1 - multiCluster: - clusterName: mcsdemo1 - network: network1 - pilot: - configMap: true - istiodRemote: - injectionURL: https://istiod.istio-system.svc.clusterset.local:443/inject/:ENV:cluster=mcsdemo1:ENV:net=network1 - base: - validationURL: https://istiod.istio-system.svc.clusterset.local:443/validate - cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - excludeNamespaces: - - istio-system - - kube-system - logLevel: info - sidecarInjectorWebhook: - injectedAnnotations: - k8s.v1.cni.cncf.io/networks: istio-cni diff --git a/subscriptions/istio-multicluster-servicemesh/README.md b/subscriptions/istio-multicluster-servicemesh/README.md index 885134c..6381290 100644 --- a/subscriptions/istio-multicluster-servicemesh/README.md +++ b/subscriptions/istio-multicluster-servicemesh/README.md @@ -2,28 +2,41 @@ The home for istio multicluster service mesh Applications, based on the open-clutser-management.io Subscription, Channel and Placement API -## Requirements +## Prerequisites -- `open-cluster-management.io` or Red Hat Advanced Cluster Management for Kubernetes v2.3+ -- `submariner-addon` enabled for the connected clusters(`local-cluster`, `mcsdemo1` and `mcsdemo2`) in the mesh in managedclusterset named `mcsm-demo`. +- Red Hat Advanced Cluster Management for Kubernetes v2.3+ is installed +- Create managedclusterset named `mcsm` and enable `submariner-addon` for the connected clusters(`local-cluster`, `mcsmtest1` and `mcsmtest1`). +- Add `anyuid` SCC to the service accounts in `istio-operator` `istio-system` and `istio-apps` namespaces for the connected clusters by the following commands: -# How to use + ``` + oc adm policy add-scc-to-group anyuid system:serviceaccounts:istio-operator + oc adm policy add-scc-to-group anyuid system:serviceaccounts:istio-system + oc adm policy add-scc-to-group anyuid system:serviceaccounts:istio-apps + ``` -1. Replace the `` in `subscriptions/istio-multicluster-servicemesh/istio-operator/channel.yaml` and then deploy the `istio-operator` Application: +# Usage + +1. Install istio operator by deploying the `istio-operator` Application: ``` oc apply -k subscriptions/istio-multicluster-servicemesh/istio-operator ``` -> Note: this is broken now, please use `istio-operator` helm chart to install it in each clusters. +2. Install the istio control plane in hub cluster by deploying the `istio-multicluster-hub` Application: + +``` +oc apply -k subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub +``` -2. Deploy the `istio-multicluster` Application: +3. Install the istio remote control plane configurations in managed clusters by deploying the `istio-multicluster-remote` Application: ``` -oc apply -k subscriptions/istio-multicluster-servicemesh/istio-multicluster +oc apply -k subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote ``` -3. Create remote secret for the central plane to access kube-apiserver of the managedclusters(`mcsdemo1` and `mcsdemo2`): +4. Create remote secret for the central plane to access kube-apiserver of the managedclusters(`mcsmtest1` and `mcsmtest2`): + +> Note: make sure export the following three environment variables `CTX_HUB_CLUSTER`, `CTX_MC1_CLUSTER` and `CTX_MC2_CLUSTER` be the kubernetes context of the connected clusters. ``` ISTIO_READER_SRT_NAME_FOR_MC1=$(oc --context=${CTX_MC1_CLUSTER} -n istio-system get serviceaccount/istiod -o jsonpath='{.secrets}' | jq -r '.[] | select(.name | test ("istiod-token-")).name') @@ -37,47 +50,18 @@ istioctl x create-remote-secret --context=${CTX_MC2_CLUSTER} --name=${MC2_CLUSTE --create-service-account=false | oc --context=${CTX_HUB_CLUSTER} apply -f - ``` -4. Patch the kube-apiserver of the managedclusters(`mcsdemo1` and `mcsdemo2`) due to a submariner [known issue](https://github.com/submariner-io/submariner/issues/1421). +5. Patch the kube-apiserver of the managedclusters(`mcsmtest1` and `mcsmtest2`) due to a submariner [known issue](https://github.com/submariner-io/submariner/issues/1421). -5. Create `istio-apps` namespace in in managedclusters(`mcsdemo1` and `mcsdemo2`) with istio sidecar injection label and also create `networkattachmentdefinition` for istio-cni. +6. Install the istio ingressgateway in managed cluster `mcsmtest1` by deploying the `istio-gateway` Application: ``` -oc --context=${CTX_MC1_CLUSTER} create ns istio-apps -oc --context=${CTX_MC1_CLUSTER} label ns istio-apps istio-injection=enabled - -oc --context=${CTX_MC2_CLUSTER} create ns istio-apps -oc --context=${CTX_MC2_CLUSTER} label ns istio-apps istio-injection=enabled - -cat < istio-cni-NetworkAttachmentDefinition.yaml -apiVersion: "k8s.cni.cncf.io/v1" -kind: NetworkAttachmentDefinition -metadata: - name: istio-cni -EOF - -oc --context=${CTX_MC1_CLUSTER} -n istio-apps apply -f istio-cni-NetworkAttachmentDefinition.yaml -oc --context=${CTX_MC2_CLUSTER} -n istio-apps apply -f istio-cni-NetworkAttachmentDefinition.yaml - -oc --context=${CTX_MC1_CLUSTER} adm policy add-scc-to-group anyuid system:serviceaccounts:istio-apps -oc --context=${CTX_MC2_CLUSTER} adm policy add-scc-to-group anyuid system:serviceaccounts:istio-apps +oc apply -k subscriptions/istio-multicluster-servicemesh/istio-gateway ``` -> Note: this step is just workaround and will not be needed in future. - -6. Deploy the `bookinfo` Application: +7. Install the `bookinfo` application by deploying the `bookinfo` Application: ``` oc apply -k subscriptions/istio-multicluster-servicemesh/bookinfo ``` -7. Apply the `bookinfo-gateway` in Hub cluster and access the bookinfo from the following URL: - -``` -oc --context=${CTX_MC1_CLUSTER} -n istio-apps apply -f 1-bookinfo-gateway -GATEWAY_URL=$(oc --context=${CTX_MC1_CLUSTER} -n istio-apps get route ingressgateway -o jsonpath="{.spec.host}") -echo "http://${GATEWAY_URL}/productpage" -``` - -8. Then you can deploy the istio configuration under `[1-6]-bookinfo-*` directories to validate the istio functions. - -> Note: the number prefix is the apply order. +8. Access the bookinfo application with your browser via the route of the istio ingressgateway. diff --git a/subscriptions/istio-multicluster-servicemesh/bookinfo/application.yaml b/subscriptions/istio-multicluster-servicemesh/bookinfo/application.yaml index e11e6f8..4570c43 100644 --- a/subscriptions/istio-multicluster-servicemesh/bookinfo/application.yaml +++ b/subscriptions/istio-multicluster-servicemesh/bookinfo/application.yaml @@ -5,11 +5,11 @@ metadata: namespace: istio-apps spec: componentKinds: - - group: apps.open-cluster-management.io - kind: Subscription + - group: apps.open-cluster-management.io + kind: Subscription selector: matchExpressions: - - key: app - operator: In - values: - - bookinfo + - key: app + operator: In + values: + - bookinfo diff --git a/subscriptions/istio-multicluster-servicemesh/bookinfo/channel.yaml b/subscriptions/istio-multicluster-servicemesh/bookinfo/channel.yaml index 4a047e5..9b65641 100644 --- a/subscriptions/istio-multicluster-servicemesh/bookinfo/channel.yaml +++ b/subscriptions/istio-multicluster-servicemesh/bookinfo/channel.yaml @@ -5,4 +5,4 @@ metadata: namespace: istio-apps spec: type: GitHub - pathname: https://github.com/open-cluster-management/application-samples.git \ No newline at end of file + pathname: https://github.com/open-cluster-management/application-samples.git diff --git a/subscriptions/istio-multicluster-servicemesh/bookinfo/kustomization.yaml b/subscriptions/istio-multicluster-servicemesh/bookinfo/kustomization.yaml index 6741f81..d8d3316 100644 --- a/subscriptions/istio-multicluster-servicemesh/bookinfo/kustomization.yaml +++ b/subscriptions/istio-multicluster-servicemesh/bookinfo/kustomization.yaml @@ -1,6 +1,5 @@ resources: - namespace.yaml - channel.yaml -- placement.yaml - subscription.yaml - application.yaml diff --git a/subscriptions/istio-multicluster-servicemesh/bookinfo/namespace.yaml b/subscriptions/istio-multicluster-servicemesh/bookinfo/namespace.yaml index 8ea0b5e..2231a30 100644 --- a/subscriptions/istio-multicluster-servicemesh/bookinfo/namespace.yaml +++ b/subscriptions/istio-multicluster-servicemesh/bookinfo/namespace.yaml @@ -2,3 +2,5 @@ apiVersion: v1 kind: Namespace metadata: name: istio-apps + labels: + istio-injection: enabled diff --git a/subscriptions/istio-multicluster-servicemesh/bookinfo/placement.yaml b/subscriptions/istio-multicluster-servicemesh/bookinfo/placement.yaml deleted file mode 100644 index bb3e10f..0000000 --- a/subscriptions/istio-multicluster-servicemesh/bookinfo/placement.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: bookinfo-mc1-placement - namespace: istio-apps - labels: - app: bookinfo -spec: - clusterReplicas: 1 - clusterSelector: - matchLabels: - name: mcsdemo1 ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: bookinfo-mc2-placement - namespace: istio-apps - labels: - app: bookinfo -spec: - clusterReplicas: 1 - clusterSelector: - matchLabels: - name: mcsdemo2 diff --git a/subscriptions/istio-multicluster-servicemesh/bookinfo/subscription.yaml b/subscriptions/istio-multicluster-servicemesh/bookinfo/subscription.yaml index bcd122d..7a756e1 100644 --- a/subscriptions/istio-multicluster-servicemesh/bookinfo/subscription.yaml +++ b/subscriptions/istio-multicluster-servicemesh/bookinfo/subscription.yaml @@ -11,10 +11,9 @@ metadata: spec: channel: istio-apps/istio-bookinfo-channel placement: - placementRef: - name: bookinfo-mc1-placement - kind: PlacementRule - group: apps.open-cluster-management.io + local: false + clusters: + - name: mcsmtest1 --- apiVersion: apps.open-cluster-management.io/v1 kind: Subscription @@ -29,25 +28,21 @@ metadata: spec: channel: istio-apps/istio-bookinfo-channel placement: - placementRef: - name: bookinfo-mc2-placement - kind: PlacementRule - group: apps.open-cluster-management.io + local: false + clusters: + - name: mcsmtest2 --- apiVersion: apps.open-cluster-management.io/v1 kind: Subscription metadata: - name: istio-ingressgateway-subscription + name: bookinfo-gateway-subscription namespace: istio-apps labels: app: bookinfo annotations: - apps.open-cluster-management.io/github-path: istio-multicluster-servicemesh/istio-operator-gw + apps.open-cluster-management.io/github-path: istio-multicluster-servicemesh/bookinfo-gateway apps.open-cluster-management.io/github-branch: main spec: channel: istio-apps/istio-bookinfo-channel placement: - placementRef: - name: bookinfo-mc1-placement - kind: PlacementRule - group: apps.open-cluster-management.io + local: true diff --git a/subscriptions/istio-multicluster-servicemesh/istio-gateway/application.yaml b/subscriptions/istio-multicluster-servicemesh/istio-gateway/application.yaml new file mode 100644 index 0000000..159812b --- /dev/null +++ b/subscriptions/istio-multicluster-servicemesh/istio-gateway/application.yaml @@ -0,0 +1,15 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + name: istio-gateway + namespace: istio-apps +spec: + componentKinds: + - group: apps.open-cluster-management.io + kind: Subscription + selector: + matchExpressions: + - key: app + operator: In + values: + - istio-gateway diff --git a/subscriptions/istio-multicluster-servicemesh/istio-gateway/channel.yaml b/subscriptions/istio-multicluster-servicemesh/istio-gateway/channel.yaml new file mode 100644 index 0000000..06c33a6 --- /dev/null +++ b/subscriptions/istio-multicluster-servicemesh/istio-gateway/channel.yaml @@ -0,0 +1,8 @@ +apiVersion: apps.open-cluster-management.io/v1 +kind: Channel +metadata: + name: istio-gateway-channel + namespace: istio-apps +spec: + type: GitHub + pathname: https://github.com/open-cluster-management/application-samples.git diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster/kustomization.yaml b/subscriptions/istio-multicluster-servicemesh/istio-gateway/kustomization.yaml similarity index 82% rename from subscriptions/istio-multicluster-servicemesh/istio-multicluster/kustomization.yaml rename to subscriptions/istio-multicluster-servicemesh/istio-gateway/kustomization.yaml index 6741f81..d8d3316 100644 --- a/subscriptions/istio-multicluster-servicemesh/istio-multicluster/kustomization.yaml +++ b/subscriptions/istio-multicluster-servicemesh/istio-gateway/kustomization.yaml @@ -1,6 +1,5 @@ resources: - namespace.yaml - channel.yaml -- placement.yaml - subscription.yaml - application.yaml diff --git a/subscriptions/istio-multicluster-servicemesh/istio-gateway/namespace.yaml b/subscriptions/istio-multicluster-servicemesh/istio-gateway/namespace.yaml new file mode 100644 index 0000000..2231a30 --- /dev/null +++ b/subscriptions/istio-multicluster-servicemesh/istio-gateway/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-apps + labels: + istio-injection: enabled diff --git a/subscriptions/istio-multicluster-servicemesh/istio-gateway/subscription.yaml b/subscriptions/istio-multicluster-servicemesh/istio-gateway/subscription.yaml new file mode 100644 index 0000000..82fdac9 --- /dev/null +++ b/subscriptions/istio-multicluster-servicemesh/istio-gateway/subscription.yaml @@ -0,0 +1,16 @@ +apiVersion: apps.open-cluster-management.io/v1 +kind: Subscription +metadata: + name: istio-gateway-subscription + namespace: istio-apps + labels: + app: istio-gateway + annotations: + apps.open-cluster-management.io/github-path: istio-multicluster-servicemesh/istio-gateway + apps.open-cluster-management.io/github-branch: main +spec: + channel: istio-apps/istio-gateway-channel + placement: + local: false + clusters: + - name: mcsmtest1 diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster/application.yaml b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/application.yaml similarity index 59% rename from subscriptions/istio-multicluster-servicemesh/istio-multicluster/application.yaml rename to subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/application.yaml index 3a590aa..7c06ade 100644 --- a/subscriptions/istio-multicluster-servicemesh/istio-multicluster/application.yaml +++ b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/application.yaml @@ -1,15 +1,15 @@ apiVersion: app.k8s.io/v1beta1 kind: Application metadata: - name: istio-multicluster + name: istio-multicluster-hub namespace: istio-system spec: componentKinds: - - group: apps.open-cluster-management.io - kind: Subscription + - group: apps.open-cluster-management.io + kind: Subscription selector: matchExpressions: - key: app operator: In values: - - istio-multicluster + - istio-multicluster-hub diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster/channel.yaml b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/channel.yaml similarity index 83% rename from subscriptions/istio-multicluster-servicemesh/istio-multicluster/channel.yaml rename to subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/channel.yaml index 9e2b89c..e9e42a8 100644 --- a/subscriptions/istio-multicluster-servicemesh/istio-multicluster/channel.yaml +++ b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/channel.yaml @@ -1,7 +1,7 @@ apiVersion: apps.open-cluster-management.io/v1 kind: Channel metadata: - name: istio-multicluster-channel + name: istio-multicluster-hub-channel namespace: istio-system spec: type: GitHub diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/kustomization.yaml b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/kustomization.yaml new file mode 100644 index 0000000..d8d3316 --- /dev/null +++ b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- namespace.yaml +- channel.yaml +- subscription.yaml +- application.yaml diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/namespace.yaml b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/namespace.yaml new file mode 100644 index 0000000..c1dc305 --- /dev/null +++ b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-system + labels: + topology.istio.io/network: network1 diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/subscription.yaml b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/subscription.yaml new file mode 100644 index 0000000..98d908a --- /dev/null +++ b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-hub/subscription.yaml @@ -0,0 +1,14 @@ +apiVersion: apps.open-cluster-management.io/v1 +kind: Subscription +metadata: + name: istio-multicluster-hub-subscription + namespace: istio-system + labels: + app: istio-multicluster-hub + annotations: + apps.open-cluster-management.io/github-path: istio-multicluster-servicemesh/istio-multicluster-hub + apps.open-cluster-management.io/github-branch: main +spec: + channel: istio-system/istio-multicluster-hub-channel + placement: + local: true diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/application.yaml b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/application.yaml new file mode 100644 index 0000000..a002007 --- /dev/null +++ b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/application.yaml @@ -0,0 +1,15 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + name: istio-multicluster-remote + namespace: istio-multicluster-remote-app +spec: + componentKinds: + - group: apps.open-cluster-management.io + kind: Subscription + selector: + matchExpressions: + - key: app + operator: In + values: + - istio-multicluster-remote diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/channel.yaml b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/channel.yaml new file mode 100644 index 0000000..91a40b7 --- /dev/null +++ b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/channel.yaml @@ -0,0 +1,8 @@ +apiVersion: apps.open-cluster-management.io/v1 +kind: Channel +metadata: + name: istio-multicluster-remote-channel + namespace: istio-multicluster-remote-app +spec: + pathname: https://morvencao.github.io/helm-charts + type: HelmRepo diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/kustomization.yaml b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/kustomization.yaml new file mode 100644 index 0000000..d8d3316 --- /dev/null +++ b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- namespace.yaml +- channel.yaml +- subscription.yaml +- application.yaml diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/namespace.yaml b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/namespace.yaml new file mode 100644 index 0000000..c30a5db --- /dev/null +++ b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-multicluster-remote-app diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/subscription.yaml b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/subscription.yaml new file mode 100644 index 0000000..fedd0e9 --- /dev/null +++ b/subscriptions/istio-multicluster-servicemesh/istio-multicluster-remote/subscription.yaml @@ -0,0 +1,45 @@ +apiVersion: apps.open-cluster-management.io/v1 +kind: Subscription +metadata: + name: istio-multicluster-remote-subscription-1 + namespace: istio-multicluster-remote-app + labels: + app: istio-multicluster-remote +spec: + channel: istio-multicluster-remote-app/istio-multicluster-remote-channel + packageFilter: + version: 1.0.0 + packageOverrides: + - packageAlias: istio-multicluster-remote + packageName: istio-multicluster-remote + packageOverrides: + - path: spec + value: + clusterName: mcsmtest1 + placement: + local: false + clusters: + - name: mcsmtest1 +--- +apiVersion: apps.open-cluster-management.io/v1 +kind: Subscription +metadata: + name: istio-multicluster-remote-subscription-2 + namespace: istio-multicluster-remote-app + labels: + app: istio-multicluster-remote +spec: + channel: istio-multicluster-remote-app/istio-multicluster-remote-channel + packageFilter: + version: 1.0.0 + packageOverrides: + - packageAlias: istio-multicluster-remote + packageName: istio-multicluster-remote + packageOverrides: + - path: spec + value: + clusterName: mcsmtest2 + placement: + local: false + clusters: + - name: mcsmtest2 diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster/placement.yaml b/subscriptions/istio-multicluster-servicemesh/istio-multicluster/placement.yaml deleted file mode 100644 index f0e586c..0000000 --- a/subscriptions/istio-multicluster-servicemesh/istio-multicluster/placement.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: istio-hub-placement - namespace: istio-system - labels: - app: istio-multicluster -spec: - clusterReplicas: 1 - clusterSelector: - matchLabels: - local-cluster: 'true' ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: istio-mc1-placement - namespace: istio-system - labels: - app: istio-multicluster -spec: - clusterReplicas: 1 - clusterSelector: - matchLabels: - name: mcsdemo1 ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: istio-mc2-placement - namespace: istio-system - labels: - app: istio-multicluster -spec: - clusterReplicas: 1 - clusterSelector: - matchLabels: - name: mcsdemo2 diff --git a/subscriptions/istio-multicluster-servicemesh/istio-multicluster/subscription.yaml b/subscriptions/istio-multicluster-servicemesh/istio-multicluster/subscription.yaml deleted file mode 100644 index bb861f8..0000000 --- a/subscriptions/istio-multicluster-servicemesh/istio-multicluster/subscription.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apps.open-cluster-management.io/v1 -kind: Subscription -metadata: - name: istio-hub-subscription - namespace: istio-system - labels: - app: istio-multicluster - annotations: - apps.open-cluster-management.io/github-path: istio-multicluster-servicemesh/istio-operator-hub - apps.open-cluster-management.io/github-branch: main -spec: - channel: istio-system/istio-multicluster-channel - placement: - placementRef: - name: istio-hub-placement - kind: PlacementRule - group: apps.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: Subscription -metadata: - name: istio-mc1-subscription - namespace: istio-system - labels: - app: istio-multicluster - annotations: - apps.open-cluster-management.io/github-path: istio-multicluster-servicemesh/istio-operator-mc1 - apps.open-cluster-management.io/github-branch: main -spec: - channel: istio-system/istio-multicluster-channel - placement: - placementRef: - name: istio-mc1-placement - kind: PlacementRule - group: apps.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: Subscription -metadata: - name: istio-mc2-subscription - namespace: istio-system - labels: - app: istio-multicluster - annotations: - apps.open-cluster-management.io/github-path: istio-multicluster-servicemesh/istio-operator-mc2 - apps.open-cluster-management.io/github-branch: main -spec: - channel: istio-system/istio-multicluster-channel - placement: - placementRef: - name: istio-mc2-placement - kind: PlacementRule - group: apps.open-cluster-management.io - diff --git a/subscriptions/istio-multicluster-servicemesh/istio-operator/application.yaml b/subscriptions/istio-multicluster-servicemesh/istio-operator/application.yaml index 3110c42..2f7e2f2 100644 --- a/subscriptions/istio-multicluster-servicemesh/istio-operator/application.yaml +++ b/subscriptions/istio-multicluster-servicemesh/istio-operator/application.yaml @@ -5,8 +5,8 @@ metadata: namespace: istio-operator-app spec: componentKinds: - - group: apps.open-cluster-management.io - kind: Subscription + - group: apps.open-cluster-management.io + kind: Subscription descriptor: {} selector: matchExpressions: diff --git a/subscriptions/istio-multicluster-servicemesh/istio-operator/channel.yaml b/subscriptions/istio-multicluster-servicemesh/istio-operator/channel.yaml index 7244a79..750c1ad 100644 --- a/subscriptions/istio-multicluster-servicemesh/istio-operator/channel.yaml +++ b/subscriptions/istio-multicluster-servicemesh/istio-operator/channel.yaml @@ -4,5 +4,5 @@ metadata: name: istio-operator-channel namespace: istio-operator-app spec: - pathname: + pathname: https://morvencao.github.io/helm-charts type: HelmRepo diff --git a/subscriptions/istio-multicluster-servicemesh/istio-operator/placement.yaml b/subscriptions/istio-multicluster-servicemesh/istio-operator/placement.yaml index 4f59dba..e307bab 100644 --- a/subscriptions/istio-multicluster-servicemesh/istio-operator/placement.yaml +++ b/subscriptions/istio-multicluster-servicemesh/istio-operator/placement.yaml @@ -8,4 +8,4 @@ metadata: spec: clusterSelector: matchLabels: - cluster.open-cluster-management.io/clusterset: mcsm-demo + cluster.open-cluster-management.io/clusterset: mcsm diff --git a/subscriptions/istio-multicluster-servicemesh/istio-operator/subscription.yaml b/subscriptions/istio-multicluster-servicemesh/istio-operator/subscription.yaml index c5d36ef..92184c2 100644 --- a/subscriptions/istio-multicluster-servicemesh/istio-operator/subscription.yaml +++ b/subscriptions/istio-multicluster-servicemesh/istio-operator/subscription.yaml @@ -9,13 +9,15 @@ spec: name: istio-operator channel: istio-operator-app/istio-operator-channel packageFilter: - version: 1.11.3 + version: 1.11.4 packageOverrides: - packageAlias: istio-operator packageName: istio-operator packageOverrides: - path: spec value: + hub: docker.io/morvencao + tag: 1.11.4 watchedNamespaces: "istio-system,istio-apps" placement: placementRef: