Skip to content

Commit

Permalink
feat: update Istio ambient
Browse files Browse the repository at this point in the history
- Chapter名変更(istio-ambientmesh -> istio-ambient-mode)
- Helm chart version更新
- Helm values変更
- Image更新
- waypoint proxy設定変更
Himalayan-wildcat committed Oct 20, 2024
1 parent b5b06fa commit db0a27d
Showing 38 changed files with 876 additions and 708 deletions.
837 changes: 837 additions & 0 deletions chapter_istio-ambient-mode/README.md

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -9,8 +9,6 @@ apiVersion: v1
kind: Pod
metadata:
labels:
app: curl-allow
version: v1
content: layer4-authz
prometheus-monitor-ignore: ""
name: curl-allow
Original file line number Diff line number Diff line change
@@ -9,8 +9,6 @@ apiVersion: v1
kind: Pod
metadata:
labels:
app: curl-deny
version: v1
content: layer4-authz
prometheus-monitor-ignore: ""
name: curl-deny
Original file line number Diff line number Diff line change
@@ -3,14 +3,14 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: false
metadata:
labels:
content: layer7-authz
name: curl
---
apiVersion: v1
kind: Pod
metadata:
labels:
app: curl
version: v1
content: layer7-authz
prometheus-monitor-ignore: ""
name: curl
Original file line number Diff line number Diff line change
@@ -11,9 +11,10 @@ releases:
chart: istio-official/base
version: 1.23.2
- name: istiod
namespace: istio-system
chart: istio-official/istiod
version: 1.23.2
namespace: istio-system
createNamespace: true
wait: true
values:
- values/istiod.values.yaml
Original file line number Diff line number Diff line change
@@ -2,16 +2,12 @@ global:
imagePullPolicy: IfNotPresent
logAsJson: true
cni:
logLevel: info
resources:
requests:
cpu: 200m
memory: 256Mi
limits:
cpu: 200m
memory: 256Mi
privileged: true
ambient:
enabled: true
excludeNamespaces:
- kube-system
Original file line number Diff line number Diff line change
@@ -19,15 +19,9 @@ pilot:
cpu: 100m
memory: 128Mi
env:
VERIFY_CERTIFICATE_AT_CLIENT: "true"
ENABLE_AUTO_SNI: "true"
PILOT_ENABLE_HBONE: "true"
CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel"
PILOT_ENABLE_AMBIENT_CONTROLLERS: "true"
# cf.) https://istio.io/latest/docs/reference/commands/pilot-discovery/#envvars
PILOT_ENABLE_AMBIENT: "true"
meshConfig:
defaultConfig:
proxyMetadata:
ISTIO_META_ENABLE_HBONE: "true"
defaultProviders:
metrics:
- prometheus
Original file line number Diff line number Diff line change
@@ -29,5 +29,12 @@ external_services:
tracing:
enabled: false
server:
port: 28080
metrics_enabled: false
node_port: 32766
observability:
metrics:
enabled: false
# 新しいsigning_keyが毎apply/syncで作成されてしまうことが原因で、
# kialiのhelm versionが毎回更新される(pod)が毎回再作成されることを
# 回避するために、ダミー用のsigning_keyを指定する。
login_token:
signing_key: "dummy key"
Original file line number Diff line number Diff line change
@@ -14,6 +14,7 @@ prometheusOperator:
memory: 256Mi
prometheus:
prometheusSpec:
logFormat: json
resources:
requests:
cpu: 250m
Original file line number Diff line number Diff line change
@@ -11,4 +11,6 @@ resources:
limits:
cpu: 100m
memory: 84Mi
env:
LOG_FORMAT: json
imagePullPolicy: IfNotPresent
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
13 changes: 13 additions & 0 deletions chapter_istio-ambient-mode/kind/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: istio-ambient
nodes:
- role: control-plane
image: kindest/node:v1.31.0@sha256:53df588e04085fd41ae12de0c3fe4c72f7013bba32a20e7325357a1ac94ba865
extraPortMappings:
- containerPort: 32766
hostPort: 28080
listenAddress: "0.0.0.0"
protocol: TCP
- role: worker
image: kindest/node:v1.31.0@sha256:53df588e04085fd41ae12de0c3fe4c72f7013bba32a20e7325357a1ac94ba865
Original file line number Diff line number Diff line change
@@ -6,9 +6,10 @@ metadata:
labels:
content: layer7-authz
spec:
selector:
matchLabels:
istio.io/gateway-name: handson
targetRefs:
- kind: Service
group: ""
name: handson
action: DENY
rules:
- from:
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
apiVersion: gateway.networking.k8s.io/v1beta1
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
annotations:
istio.io/for-service-account: handson-blue
labels:
istio.io/waypoint-for: service
app.kubernetes.io/component: waypoint-proxy
name: handson
name: waypoint
spec:
gatewayClassName: istio-waypoint
listeners:
663 changes: 0 additions & 663 deletions chapter_istio-ambientmesh/README.md

This file was deleted.

Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file removed chapter_istio-ambientmesh/image/kiali-overview.png
Binary file not shown.
17 changes: 0 additions & 17 deletions chapter_istio-ambientmesh/kind/config.yaml

This file was deleted.

0 comments on commit db0a27d

Please sign in to comment.