From 7390eb5263839c0b06c913d618057027aada3b43 Mon Sep 17 00:00:00 2001 From: Seungkyu Ahn Date: Sat, 12 Mar 2022 14:14:47 +0900 Subject: [PATCH] upgrade istio 1.13.1 --- templates/argo-cd/create-app-wftpl.yaml | 3 + .../remove-servicemesh-all-wftpl.yaml | 23 +++- templates/decapod-apps/service-mesh-wf.yaml | 108 ++++++++++++++---- 3 files changed, 105 insertions(+), 29 deletions(-) diff --git a/templates/argo-cd/create-app-wftpl.yaml b/templates/argo-cd/create-app-wftpl.yaml index 1632f63..d472b0e 100644 --- a/templates/argo-cd/create-app-wftpl.yaml +++ b/templates/argo-cd/create-app-wftpl.yaml @@ -23,6 +23,9 @@ spec: - name: target_cluster # set to site_name by default - name: namespace activeDeadlineSeconds: 900 + retryStrategy: + limit: 3 + retryPolicy: "Always" container: name: 'create' image: docker.io/sktcloud/argocd-cli:v2.2.5 diff --git a/templates/decapod-apps/remove-servicemesh-all-wftpl.yaml b/templates/decapod-apps/remove-servicemesh-all-wftpl.yaml index b10084c..dddb88b 100644 --- a/templates/decapod-apps/remove-servicemesh-all-wftpl.yaml +++ b/templates/decapod-apps/remove-servicemesh-all-wftpl.yaml @@ -26,11 +26,15 @@ spec: template: DeleteAppsByLabel - - name: delete-namespace - template: delete-namespace + template: delete-namespace-list arguments: parameters: - - name: namespace - value: istio-system + - name: list + value: | + [ + { "namespace": "istio-ingress" }, + { "namespace": "istio-system" } + ] #========================================================= # Template Definition @@ -234,8 +238,8 @@ spec: fi kubectl $kube_params delete ns ${NAMESPACE} - log "INFO" "${NAMESPACE} successfully deleted." + env: - name: NAMESPACE value: '{{inputs.parameters.namespace}}' @@ -243,3 +247,14 @@ spec: retryStrategy: limit: 2 + - name: delete-namespace-list + inputs: + parameters: + - name: list + steps: + - - name: delete-namespace + template: delete-namespace + arguments: + parameters: + - {name: namespace, value: "{{item.namespace}}"} + withParam: "{{inputs.parameters.list}}" diff --git a/templates/decapod-apps/service-mesh-wf.yaml b/templates/decapod-apps/service-mesh-wf.yaml index 62168c3..007ba0a 100644 --- a/templates/decapod-apps/service-mesh-wf.yaml +++ b/templates/decapod-apps/service-mesh-wf.yaml @@ -26,7 +26,18 @@ spec: #========================================================= - name: deploy-start steps: - - - name: create-eck-secret + - - name: create-namespace-list + template: create-namespace-list + arguments: + parameters: + - name: list + value: | + [ + { "namespace": "istio-system", "label": "name=lma" }, + { "namespace": "istio-ingress", "label": "istio-injection=enabled" } + ] + + - - name: create-eck-secret-certs template: copy-eck-secret arguments: parameters: @@ -36,7 +47,7 @@ spec: value: lma - name: target_namespace value: istio-system - + - - name: deploy template: deploy @@ -49,7 +60,7 @@ spec: - name: deploy dag: tasks: - - name: istio-operator + - name: istio-base templateRef: name: create-application template: installApps @@ -58,10 +69,9 @@ spec: - name: list value: | [ - { "app_group": "service-mesh", "path": "istio-operator-crds", "namespace": "istio-operator", "target_cluster": "" }, - { "app_group": "service-mesh", "path": "istio-operator", "namespace": "istio-operator", "target_cluster": "" } + { "app_group": "service-mesh", "path": "istio-base", "namespace": "istio-system", "target_cluster": "" } ] - - name: istio-controlplane + - name: istiod templateRef: name: create-application template: installApps @@ -70,11 +80,11 @@ spec: - name: list value: | [ - { "app_group": "service-mesh", "path": "servicemesh-controlplane", "namespace": "istio-system", "target_cluster": "" } + { "app_group": "service-mesh", "path": "istiod", "namespace": "istio-system", "target_cluster": "" } ] dependencies: - - istio-operator - - name: istio-gateway + - istio-base + - name: istio-ingress-gateway templateRef: name: create-application template: installApps @@ -83,10 +93,10 @@ spec: - name: list value: | [ - { "app_group": "service-mesh", "path": "servicemesh-gateway", "namespace": "istio-system", "target_cluster": "" } + { "app_group": "service-mesh", "path": "istio-ingress-gateway", "namespace": "istio-ingress", "target_cluster": "" } ] dependencies: - - istio-controlplane + - istiod - name: jaeger-kiali-operator templateRef: name: create-application @@ -102,7 +112,7 @@ spec: { "app_group": "service-mesh", "path": "kiali-operator", "namespace": "istio-system", "target_cluster": "" } ] dependencies: - - istio-controlplane + - istiod - name: servicemesh-jaeger-kiali-resource templateRef: name: create-application @@ -131,7 +141,64 @@ spec: { "app_group": "service-mesh", "path": "servicemesh-prometheusrule", "namespace": "istio-system", "target_cluster": "" } ] dependencies: - - jaeger-kiali-operator + - servicemesh-jaeger-kiali-resource + + - name: create-namespace + inputs: + parameters: + - name: namespace + value: "" + - name: label + value: "" + container: + name: create-namespace + image: 'k8s.gcr.io/hyperkube:v1.18.6' + command: + - /bin/bash + - '-c' + - | + function log() { + level=$1 + msg=$2 + date=$(date '+%F %H:%M:%S') + echo "[$date] $level $msg" + } + + kube_params="" + if [[ -n "{{workflow.parameters.cluster_id}}" ]]; then + kube_secret=$(kubectl get secret -n {{workflow.parameters.cluster_id}} {{workflow.parameters.cluster_id}}-kubeconfig -o jsonpath="{.data.value}" | base64 -d) + echo -e "kube_secret:\n$kube_secret" | head -n 5 + cat <<< "$kube_secret" > /etc/kubeconfig + kube_params+="--kubeconfig=/etc/kubeconfig" + fi + + kubectl $kube_params get ns ${NAMESPACE} + if [[ $? =~ 1 ]]; then + kubectl $kube_params create ns ${NAMESPACE} + kubectl $kube_params label ns ${NAMESPACE} ${LABEL} + log "INFO" "${NAMESPACE} successfully created." + fi + env: + - name: NAMESPACE + value: '{{inputs.parameters.namespace}}' + - name: LABEL + value: '{{inputs.parameters.label}}' + activeDeadlineSeconds: 900 + retryStrategy: + limit: 2 + + - name: create-namespace-list + inputs: + parameters: + - name: list + steps: + - - name: create-namespace + template: create-namespace + arguments: + parameters: + - {name: namespace, value: "{{item.namespace}}"} + - {name: label, value: "{{item.label}}"} + withParam: "{{inputs.parameters.list}}" - name: copy-eck-secret inputs: @@ -164,20 +231,12 @@ spec: kube_params+="--kubeconfig=/etc/kubeconfig" fi - kubectl $kube_params get ns ${TARGET_NAMESPACE} - if [[ $? =~ 1 ]]; then - kubectl $kube_params create ns ${TARGET_NAMESPACE} - kubectl $kube_params label ns ${TARGET_NAMESPACE} name=lma - log "INFO" "${TARGET_NAMESPACE} successfully created." - fi - - kubectl $kube_params get secret ${SECRET_NAME} - if [[ $? =~ 1 ]]; then - kubectl $kube_params get secret ${SECRET_NAME} -n ${SOURCE_NAMESPACE} -o yaml \ + kubectl $kube_params delete secret ${SECRET_NAME} -n ${TARGET_NAMESPACE} || true + kubectl $kube_params get secret ${SECRET_NAME} -n ${SOURCE_NAMESPACE} -o yaml \ | grep -v '^\s*namespace:\s' \ | kubectl $kube_params apply -n ${TARGET_NAMESPACE} -f - log "INFO" "${SECRET_NAME} successfully created." - fi + env: - name: SECRET_NAME value: '{{inputs.parameters.secret_name}}' @@ -212,7 +271,6 @@ spec: envFrom: - secretRef: name: decapod-argocd-config - resources: {} activeDeadlineSeconds: 900 retryStrategy: limit: 2