From f76b7f1a43c710caf8455b3d8e166306871218d4 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Tue, 19 Sep 2023 15:02:37 -0400 Subject: [PATCH 1/2] fix: Use namespace resource to share across `istio` charts to avoid conflicts --- patterns/istio/README.md | 6 ++++++ patterns/istio/main.tf | 44 +++++++++++++++++++++++----------------- 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/patterns/istio/README.md b/patterns/istio/README.md index 9c7433c5b7..6d69ad81be 100644 --- a/patterns/istio/README.md +++ b/patterns/istio/README.md @@ -16,6 +16,12 @@ concepts. See [here](https://aws-ia.github.io/terraform-aws-eks-blueprints/getting-started/#prerequisites) for the prerequisites and steps to deploy this pattern. +Once the resources have been provisioned, you will need to replace the `istio-ingress` pods due to a [`istiod` dependency issue](https://github.com/istio/istio/issues/35789). Use the following command to perform a rolling restart of the `istio-ingress` pods: + +```sh +kubectl rollout restart deployment istio-ingress -n istio-ingress +``` + ### Observability Add-ons Use the following code snippet to add the Istio Observability Add-ons on the EKS diff --git a/patterns/istio/main.tf b/patterns/istio/main.tf index b9e4ba1da1..d320257c18 100644 --- a/patterns/istio/main.tf +++ b/patterns/istio/main.tf @@ -58,12 +58,20 @@ module "eks" { cluster_version = "1.27" cluster_endpoint_public_access = true + cluster_addons = { + coredns = {} + kube-proxy = {} + vpc-cni = { + preserve = true + } + } + vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets eks_managed_node_groups = { initial = { - instance_types = ["m5.large"] + instance_types = ["m5.xlarge"] min_size = 1 max_size = 5 @@ -99,6 +107,12 @@ module "eks" { # EKS Blueprints Addons ################################################################################ +resource "kubernetes_namespace_v1" "istio_system" { + metadata { + name = "istio-system" + } +} + module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" version = "~> 1.0" @@ -108,32 +122,24 @@ module "eks_blueprints_addons" { cluster_version = module.eks.cluster_version oidc_provider_arn = module.eks.oidc_provider_arn - eks_addons = { - coredns = {} - vpc-cni = {} - kube-proxy = {} - } - # This is required to expose Istio Ingress Gateway enable_aws_load_balancer_controller = true helm_releases = { istio-base = { - chart = "base" - version = local.istio_chart_version - repository = local.istio_chart_url - name = "istio-base" - namespace = "istio-system" - create_namespace = true + chart = "base" + version = local.istio_chart_version + repository = local.istio_chart_url + name = "istio-base" + namespace = kubernetes_namespace_v1.istio_system.metadata[0].name } istiod = { - chart = "istiod" - version = local.istio_chart_version - repository = local.istio_chart_url - name = "istiod" - namespace = "istio-system" - create_namespace = false + chart = "istiod" + version = local.istio_chart_version + repository = local.istio_chart_url + name = "istiod" + namespace = kubernetes_namespace_v1.istio_system.metadata[0].name set = [ { From dbbd43d028e98fb917c3e178f30208f2e487b747 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Tue, 19 Sep 2023 16:08:38 -0400 Subject: [PATCH 2/2] fix: Reduce number of nodes and node size back down --- patterns/istio/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/patterns/istio/main.tf b/patterns/istio/main.tf index d320257c18..76a38c8ac9 100644 --- a/patterns/istio/main.tf +++ b/patterns/istio/main.tf @@ -71,11 +71,11 @@ module "eks" { eks_managed_node_groups = { initial = { - instance_types = ["m5.xlarge"] + instance_types = ["m5.large"] min_size = 1 max_size = 5 - desired_size = 3 # When < 3, the coredns add-on ends up in a degraded state + desired_size = 2 } }