Skip to content

Commit

Permalink
Add istio make commands
Browse files Browse the repository at this point in the history
Add istio makefile with targets to help install/uninstall istio using
istoctl. The default is to install it in it's own namespace
`istio-system` since this is more likely how it will be deployed in a
real world scenario. The install is also using the `default` profile
which installs an ingress controller into the istio namespace
`istio-ingressgateway`. Any example port-forward commands need to point
to this ingress service:

```
kubectl port-forward -n istio-system service/istio-ingressgateway 9080:80
```

A temporary patch for the istio install and make targets to configure a
hard coded kuadrant/authorino setup for dev/test purposes is also added.
These are triggered using seperate make targets `istio-install-with-patch`
and `post-deploy-hacks` and will be removed once the operator itself has
taken over the responsibility of creating/configuring these resources.
  • Loading branch information
mikenairn committed Jan 28, 2022
1 parent 5aa0c78 commit 63d1722
Show file tree
Hide file tree
Showing 7 changed files with 99 additions and 1 deletion.
6 changes: 6 additions & 0 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,9 @@ jobs:
- name: Run make install
run: |
make install
- name: Run make istio-install
run: |
make istio-install
- name: Load test image
run: |
kind load docker-image ${{ env.TEST_IMG }} --name ${{ env.KIND_CLUSTER_NAME }}
Expand All @@ -73,6 +76,9 @@ jobs:
- name: Wait for deployment
run: |
kubectl -n kuadrant-system wait --timeout=300s --for=condition=Available deployments --all
- name: Run make istio-install-with-patch
run: |
make istio-install-with-patch
# Note: This doesn't run any actual tests yet!
- name: Run make undeploy
run: |
Expand Down
11 changes: 11 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,7 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified
deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
$(KUSTOMIZE) build config/deploy | kubectl apply -f -
${MAKE} post-deploy-hacks

undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/deploy | kubectl delete -f -
Expand All @@ -190,10 +191,20 @@ uninstall-olm:

deploy-olm: ## Deploy controller to the K8s cluster specified in ~/.kube/config using OLM catalog image.
$(KUSTOMIZE) build config/deploy/olm | kubectl apply -f -
${MAKE} post-deploy-hacks

undeploy-olm: ## Undeploy controller from the K8s cluster specified in ~/.kube/config using OLM catalog image.
$(KUSTOMIZE) build config/deploy/olm | kubectl delete -f -

#This target is temporary to aid dev/test of the operator. Eventually it will be the responsibility of the
# operator itself to create/configure these things as part of the reconciliation of a kuadrant CR.
post-deploy-hacks:
# Wait for deployment to complete
timeout 60s bash -c 'until kubectl -n kuadrant-system get deployments/kuadrant-operator-controller-manager; do sleep 10; done;'
kubectl -n kuadrant-system wait --timeout=300s --for=condition=Available deployments --all
kubectl apply -f config/dependencies/istio/default-gateway.yaml -n kuadrant-system
kubectl apply -f config/dependencies/authorino/authorino.yaml -n kuadrant-system

CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
controller-gen: ## Download controller-gen locally if necessary.
$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/[email protected])
Expand Down
14 changes: 14 additions & 0 deletions config/dependencies/authorino/authorino.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: operator.authorino.kuadrant.io/v1beta1
kind: Authorino
metadata:
name: authorino
namespace: kuadrant-system
spec:
replicas: 1
clusterWide: false
listener:
tls:
enabled: false
oidcServer:
tls:
enabled: false
15 changes: 15 additions & 0 deletions config/dependencies/istio/default-gateway.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kuadrant-gateway
namespace: kuadrant-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
9 changes: 9 additions & 0 deletions config/dependencies/istio/patches/istio-externalProvider.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
meshConfig:
extensionProviders:
- name: "kuadrant-authorization"
envoyExtAuthzGrpc:
service: "authorino-authorino-authorization.kuadrant-system.svc.cluster.local"
port: 50051
42 changes: 42 additions & 0 deletions make/istio.mk
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@

##@ Istio

## Targets to help install and configure istio

ISTIO_PATCHES_DIR = config/dependencies/istio/patches
ISTIO_NAMESPACE = istio-system
ISTIO_INSTALL_OPTIONS ?= --set profile=default \
--set values.gateways.istio-ingressgateway.autoscaleEnabled=false \
--set values.pilot.autoscaleEnabled=false \
--set values.global.istioNamespace=$(ISTIO_NAMESPACE)

# istioctl tool
ISTIOCTL=$(shell pwd)/bin/istioctl
ISTIOVERSION = 1.12.1
$(ISTIOCTL):
mkdir -p $(PROJECT_PATH)/bin
$(eval TMP := $(shell mktemp -d))
cd $(TMP); curl -sSL https://istio.io/downloadIstio | ISTIO_VERSION=$(ISTIOVERSION) sh -
cp $(TMP)/istio-$(ISTIOVERSION)/bin/istioctl ${ISTIOCTL}
-rm -rf $(TMP)

.PHONY: istioctl
istioctl: $(ISTIOCTL) ## Download istioctl locally if necessary.

.PHONY: istio-install
istio-install: istioctl ## Install istio.
$(ISTIOCTL) install -y $(ISTIO_INSTALL_OPTIONS)

#Note: This target is here temporarily to aid dev/test of the operator. Eventually it will be the responsibility of the
# operator itself to configure istio as part of the reconciliation of a kuadrant CR.
.PHONY: istio-install-with-patch
istio-install-with-patch: istioctl ## Install istio with patch to add authorino auth extension.
$(ISTIOCTL) install -y $(ISTIO_INSTALL_OPTIONS) -f $(ISTIO_PATCHES_DIR)/istio-externalProvider.yaml

.PHONY: istio-uninstall
istio-uninstall: istioctl ## Uninstall istio.
$(ISTIOCTL) x uninstall -y --purge

.PHONY: istio-verify-install
istio-verify-install: istioctl ## Verify istio installation.
$(ISTIOCTL) verify-install -i $(ISTIO_NAMESPACE)
3 changes: 2 additions & 1 deletion make/kind.mk
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,10 @@ kind-delete-cluster: ## Delete the "kuadrant-local" kind cluster.

.PHONY: kind-create-kuadrant-cluster
kind-create-kuadrant-cluster: export IMG := quay.io/kuadrant/kuadrant-operator:dev
kind-create-kuadrant-cluster: kind-create-cluster ## Create a kind cluster with kuadrant deployed.
kind-create-kuadrant-cluster: kind-create-cluster istio-install ## Create a kind cluster with kuadrant deployed.
$(MAKE) docker-build
$(KIND) load docker-image $(IMG) --name $(KIND_CLUSTER_NAME)
$(MAKE) install
$(MAKE) deploy
kubectl -n kuadrant-system wait --timeout=300s --for=condition=Available deployments --all
$(MAKE) istio-install-with-patch

0 comments on commit 63d1722

Please sign in to comment.