wip

k8s/helm/deploy-all-istio.ps1

@@ -20,7 +20,7 @@ $dns = $externalDns
 
 # Instalamos Istio
 # Specify the Istio version that will be leveraged throughout these instructions
-$ISTIO_VERSION="1.0.6"
+$ISTIO_VERSION="1.1.1"
 
 # Windows
 $ProgressPreference = 'SilentlyContinue'; 
@@ -28,7 +28,7 @@ $ProgressPreference = 'SilentlyContinue';
 Invoke-WebRequest -URI "https://github.com/istio/istio/releases/download/$ISTIO_VERSION/istio-$ISTIO_VERSION-win.zip" -OutFile "istio-$ISTIO_VERSION.zip"
 Remove-Item istio-$ISTIO_VERSION -Recurse -ErrorAction Ignore
 Expand-Archive -Path "istio-$ISTIO_VERSION.zip" -DestinationPath .
-
+Pause
 if($installIstioOnSystem -eq $true) {
     New-Item -ItemType Directory -Force -Path "C:\Program Files\Istio"
     mv ./istio-$ISTIO_VERSION/bin/istioctl.exe "C:\Program Files/Istio/"
@@ -49,7 +49,7 @@ kubectl -n istio-system create secret generic kiali --from-literal=username=$kia
 
 
 Write-Host "Deploying Istio in the cluster" -ForegroundColor Green
-helm install istio-$ISTIO_VERSION/install/kubernetes/helm/istio --wait --name istio --namespace istio-system --set global.controlPlaneSecurityEnabled=true --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true 
+helm install istio-$ISTIO_VERSION/install/kubernetes/helm/istio --wait --name istio --namespace istio-system --set global.mtls.enabled=false --set global.controlPlaneSecurityEnabled=false --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true 
 
 Write-Host "Setting Up Gateway"
 kubectl delete gateway istio-autogenerated-k8s-ingress -n istio-system
@@ -84,7 +84,7 @@ $charts = ("eshop-common", "apigwmm", "apigwms", "apigwwm", "apigwws", "basket-a
 if ($deployInfrastructure) {
     foreach ($infra in $infras) {
         Write-Host "Installing infrastructure: $infra" -ForegroundColor Green
-        helm install --values app.yaml --values inf.yaml --set app.name=$appName --set inf.k8s.dns=$externalDns --name="$appName-$infra" $infra     
+        helm install --values app.yaml --values inf.yaml --set app.name=$appName --set inf.k8s.dns=$externalDns --name="$appName-$infra" $infra 
     }
 }
 

k8s/helm/istio/dnsExternalNames/externaltcpconnections.yml

@@ -0,0 +1,96 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: basket-data
+spec:
+  hosts:
+  - basket-data
+  ports:
+  - name: tcp
+    number: 6379
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: keystore-data
+spec:
+  hosts:
+  - keystore-data
+  ports:
+  - name: tcp
+    number: 6379
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: nosql-data
+spec:
+  hosts:
+  - nosql-data
+  ports:
+  - name: tcp
+    number: 27017
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: rabbitmq
+spec:
+  hosts:
+  - rabbitmq
+  ports:
+  - name: tcp
+    number: 5672
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: sql-data
+spec:
+  hosts:
+  - sql-data
+  ports:
+  - name: tcp
+    number: 1433
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: "networking.istio.io/v1alpha3"
+kind: "DestinationRule"
+metadata:
+  name: external
+  namespace: default
+spec:
+  host: "*.eshop-infra.svc.cluster.local"
+  trafficPolicy:
+    tls:
+      mode: DISABLE
+---
+apiVersion: "networking.istio.io/v1alpha3"
+kind: "DestinationRule"
+metadata:
+  name: externalsql2
+  namespace: default
+spec:
+  host: "sql-data"
+  trafficPolicy:
+    tls:
+      mode: DISABLE
+---
+apiVersion: "networking.istio.io/v1alpha3"
+kind: DestinationRule
+metadata:
+ name: "disable-tls"
+spec:
+ host: "*"
+ trafficPolicy:
+   tls:
+     mode: DISABLE

k8s/helm/istio/dnsExternalNames/sidecar.yml

@@ -0,0 +1,20 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Sidecar
+metadata:
+  name: sidecarconf
+  namespace: default
+spec:
+  ingress:
+  - port:
+      number: 6379
+      protocol: TCP
+      name: redisingress
+  egress:
+  - hosts:
+    - "default/*"
+  - port:
+      number: 6379
+      protocol: TCP
+      name: redisegress
+    hosts:
+    - "default/*"

k8s/helm/istio/dnsExternalNames/webmvcservices.yml

@@ -0,0 +1,56 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: basket-data
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: basket-data.eshop-infra.svc.cluster.local
+  ports:
+  - port: 6379
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: keystore-data
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: keystore-data.eshop-infra.svc.cluster.local
+  ports:
+  - port: 6379
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: nosql-data
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: nosql-data.eshop-infra.svc.cluster.local
+  ports:
+  - port: 27017
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: rabbitmq
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: rabbitmq.eshop-infra.svc.cluster.local
+  ports:
+  - port: 5672
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: sql-data
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: sql-data.eshop-infra.svc.cluster.local
+  ports:
+  - port: 1433
+
+

k8s/helm/istio/gateway.yml

@@ -12,4 +12,69 @@ spec:
       name: http
       protocol: HTTP
     hosts:
-    - "*"
+    - "*"
+  - port:
+      number: 6379
+      name: redis
+      protocol: TCP
+    hosts:
+    - "*"
+  - port:
+      number: 27017
+      name: mongo
+      protocol: TCP
+    hosts:
+    - "*"
+  - port:
+      number: 5672
+      name: rabbitmq
+      protocol: TCP
+    hosts:
+    - "*"
+  - port:
+      number: 1433
+      name: sql
+      protocol: TCP
+    hosts:
+    - "*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: istio-egressgateway
+spec:
+  selector:
+    istio: egressgateway
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+    - "*"
+  - port:
+      number: 6379
+      name: redis
+      protocol: TCP
+    hosts:
+    - "basket-data.default.svc.cluster.local"
+    - "keystore-data.default.svc.cluster.local"
+  - port:
+      number: 27017
+      name: mongo
+      protocol: TCP
+    hosts:
+    -  "nosql-data.default.svc.cluster.local"
+  - port:
+      number: 5672
+      name: rabbitmq
+      protocol: TCP
+    hosts:
+    - "rabbitmq.default.svc.cluster.local"
+  - port:
+      number: 1433
+      name: sql
+      protocol: TCP
+    hosts:
+    - "sql-data.default.svc.cluster.local"
+

k8s/helm/istio/virtualservices.yml

@@ -56,4 +56,52 @@ spec:
     - destination:
         port:
           number: 80
-        host: identity
+        host: identity
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: basket-data-storage-dr
+spec:
+  host: basket-data.default.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: keystore-data-dr
+spec:
+  host: keystore-data.default.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: basket-data-vs
+spec:
+  hosts:
+  - basket-data
+  tcp:
+    route:
+    - destination:
+        host: basket-data.default.svc.cluster.local
+        port:
+          number: 6379
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: keystore-data-vs
+spec:
+  hosts:
+  - keystore-data
+  tcp:
+    route:
+    - destination:
+        host: keystore-data.default.svc.cluster.local
+        port:
+          number: 6379