From 36fce8584bee24e382105d11730316f4479c6a89 Mon Sep 17 00:00:00 2001
From: jmanuelcorral <jcorral@plainconcepts.com>
Date: Wed, 10 Apr 2019 12:09:20 +0200
Subject: [PATCH] wip

---
 k8s/helm/deploy-all-istio.ps1                 |   8 +-
 .../externaltcpconnections.yml                |  96 ++++++++++++++++++
 .../istio/dnsExternalNames/istioconfig.yml    | Bin 0 -> 7198 bytes
 k8s/helm/istio/dnsExternalNames/sidecar.yml   |  20 ++++
 .../istio/dnsExternalNames/webmvcservices.yml |  56 ++++++++++
 k8s/helm/istio/gateway.yml                    |  67 +++++++++++-
 k8s/helm/istio/virtualservices.yml            |  50 ++++++++-
 7 files changed, 291 insertions(+), 6 deletions(-)
 create mode 100644 k8s/helm/istio/dnsExternalNames/externaltcpconnections.yml
 create mode 100644 k8s/helm/istio/dnsExternalNames/istioconfig.yml
 create mode 100644 k8s/helm/istio/dnsExternalNames/sidecar.yml
 create mode 100644 k8s/helm/istio/dnsExternalNames/webmvcservices.yml

diff --git a/k8s/helm/deploy-all-istio.ps1 b/k8s/helm/deploy-all-istio.ps1
index 6ee8a9572..eb1c6af56 100644
--- a/k8s/helm/deploy-all-istio.ps1
+++ b/k8s/helm/deploy-all-istio.ps1
@@ -20,7 +20,7 @@ $dns = $externalDns
 
 # Instalamos Istio
 # Specify the Istio version that will be leveraged throughout these instructions
-$ISTIO_VERSION="1.0.6"
+$ISTIO_VERSION="1.1.1"
 
 # Windows
 $ProgressPreference = 'SilentlyContinue'; 
@@ -28,7 +28,7 @@ $ProgressPreference = 'SilentlyContinue';
 Invoke-WebRequest -URI "https://github.com/istio/istio/releases/download/$ISTIO_VERSION/istio-$ISTIO_VERSION-win.zip" -OutFile "istio-$ISTIO_VERSION.zip"
 Remove-Item istio-$ISTIO_VERSION -Recurse -ErrorAction Ignore
 Expand-Archive -Path "istio-$ISTIO_VERSION.zip" -DestinationPath .
-
+Pause
 if($installIstioOnSystem -eq $true) {
     New-Item -ItemType Directory -Force -Path "C:\Program Files\Istio"
     mv ./istio-$ISTIO_VERSION/bin/istioctl.exe "C:\Program Files/Istio/"
@@ -49,7 +49,7 @@ kubectl -n istio-system create secret generic kiali --from-literal=username=$kia
 
 
 Write-Host "Deploying Istio in the cluster" -ForegroundColor Green
-helm install istio-$ISTIO_VERSION/install/kubernetes/helm/istio --wait --name istio --namespace istio-system --set global.controlPlaneSecurityEnabled=true --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true 
+helm install istio-$ISTIO_VERSION/install/kubernetes/helm/istio --wait --name istio --namespace istio-system --set global.mtls.enabled=false --set global.controlPlaneSecurityEnabled=false --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true 
 
 Write-Host "Setting Up Gateway"
 kubectl delete gateway istio-autogenerated-k8s-ingress -n istio-system
@@ -84,7 +84,7 @@ $charts = ("eshop-common", "apigwmm", "apigwms", "apigwwm", "apigwws", "basket-a
 if ($deployInfrastructure) {
     foreach ($infra in $infras) {
         Write-Host "Installing infrastructure: $infra" -ForegroundColor Green
-        helm install --values app.yaml --values inf.yaml --set app.name=$appName --set inf.k8s.dns=$externalDns --name="$appName-$infra" $infra     
+        helm install --values app.yaml --values inf.yaml --set app.name=$appName --set inf.k8s.dns=$externalDns --name="$appName-$infra" $infra 
     }
 }
 
diff --git a/k8s/helm/istio/dnsExternalNames/externaltcpconnections.yml b/k8s/helm/istio/dnsExternalNames/externaltcpconnections.yml
new file mode 100644
index 000000000..5cd57dfb3
--- /dev/null
+++ b/k8s/helm/istio/dnsExternalNames/externaltcpconnections.yml
@@ -0,0 +1,96 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: basket-data
+spec:
+  hosts:
+  - basket-data
+  ports:
+  - name: tcp
+    number: 6379
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: keystore-data
+spec:
+  hosts:
+  - keystore-data
+  ports:
+  - name: tcp
+    number: 6379
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: nosql-data
+spec:
+  hosts:
+  - nosql-data
+  ports:
+  - name: tcp
+    number: 27017
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: rabbitmq
+spec:
+  hosts:
+  - rabbitmq
+  ports:
+  - name: tcp
+    number: 5672
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: sql-data
+spec:
+  hosts:
+  - sql-data
+  ports:
+  - name: tcp
+    number: 1433
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: "networking.istio.io/v1alpha3"
+kind: "DestinationRule"
+metadata:
+  name: external
+  namespace: default
+spec:
+  host: "*.eshop-infra.svc.cluster.local"
+  trafficPolicy:
+    tls:
+      mode: DISABLE
+---
+apiVersion: "networking.istio.io/v1alpha3"
+kind: "DestinationRule"
+metadata:
+  name: externalsql2
+  namespace: default
+spec:
+  host: "sql-data"
+  trafficPolicy:
+    tls:
+      mode: DISABLE
+---
+apiVersion: "networking.istio.io/v1alpha3"
+kind: DestinationRule
+metadata:
+ name: "disable-tls"
+spec:
+ host: "*"
+ trafficPolicy:
+   tls:
+     mode: DISABLE
\ No newline at end of file
diff --git a/k8s/helm/istio/dnsExternalNames/istioconfig.yml b/k8s/helm/istio/dnsExternalNames/istioconfig.yml
new file mode 100644
index 0000000000000000000000000000000000000000..611eb38edfa0ce0d99b3abe441681c73245a7078
GIT binary patch
literal 7198
zcmb`MZBJWA5QX=1rT&MjAhn6qV33kZ<r{*eMG7ejBz;k&2#g7+eyeSu^vAb7&mM-|
zwQ;|+vhd5jduPv_IWs%E{QcKynx?DtAq~<j&Gl`P#%U*Y=_YNbFVh$4Je{V6{&w=O
zPIpEcJ5QH+)RVNKE62LB(C0!|2l~8_m7!jfbSsPF^jX(#WMigZr|C?07`4!S-e>8$
z`hBi3^J>&I+qz2qbf?k%JVQVIrZJr?aV=&&)RTY6(kyMJkD7Jk0WqlG%Fg0`o=e#W
zFP<<z*0Bd#aCiE(c=&#npPK0%EVFFoTw?;ieO{iu_2a1WVz2T6rZ0qMs2K+t^(yjU
zcOajFy%XU$73yHuSc;`U*P`h3)FAzy`Nl)DU+kE-_49x>;swt2Sh3mHTywqN$oJ3b
zb>_3geIWLyvPJ~KLKLhN`?8F@w%Ca;Y#MKUr=1JDAJdc6lZppYU@y;fu4k_`BX{h<
zsvr9rKh13QvsMPOfVGiOT4SBQp_yyF2l7{GU%7y_GOk3MIL?HEcWm)IDx0L|Sy@AU
zN9CK%ow=?s4!$<^?M7oZ^*78ja~-|I2S|sqyq#XAExleWA$g~<q2Lw^c}|Y-s!?H`
zT#Y>Wzp<J3uJOL`^;-Urk3Z@@nygXcDL&tdkx=o4G6@FpVXSxfAgi3&WGPppT9gR2
z^P@(`30vqDJ7c}5AJiPKkw@qbtLNfBJV7^P;kD2$8pKvhouRjSnmI0I4~Ch=-ngQW
z6Q{CPyy7lO9_u;grD84ng)+E1&S*oUrE<Ukb+@l~yc+0Ri`4g*>seig*T)E57aw6I
zn0c@7<W8p?naE#aOFWMCi+WyGkeRMrE4$&P<_Mo|bnmX=6+cFLU1$4|t&aJXJi`jL
zAKrFlHJCZhxf*P6or=J!(PcDususkbdhZo&rq5A2Q9V0W#Jlu9E5&;0XGJWO$)k)O
z_G`ToLox|m`0b27%`u#aF?gVMaF<_b(Dj*Em0HQXpq%T;xe)MvBrfqYs$JBz@a6|0
zy47<R8KbK|_=fkj_c9|M%2ti|m1Z&9JP8^rl}IgfL&Qd!VU=fRhS5@gjDhZfOc@IK
zUB*q#nrF|9ns*{ra%oR<jP?6UG2F=`YqTFV`$oP>4I_ppX-~{7>)ibfQNI%6LH0bd
zdLfnudZEhN`>*snss`QCG-sHVW_#ag1ldbQQXd|-G{3JC%edQ2JZX>-({0sqb7SA&
z#@{xwr@P|vgS7ot9<u_WrC0L*BpvA5_gPhpeEe0cb?GO?1;tb0h!J_XtPA+DF22^7
z;MZ}v*0X3aSaz*M>-0^oSkC(3vtDgjZzrk{?(>K?eJA6=6gbV6=UY~OPb1N3Pfx|#
z+Ecv3Ze+%C1kUm-^rv?#+0+vUbKU8QiCANMiZZyEFW3m%MSrg1Q$0P94Z4oiwS~Hj
z4&6tXA-ZR3P0^sUXc=|8PVEUFNZk>v_7{bNP!Bl*M(jkzA$D|OM3xx2PbL#>msOK^
zbXgr#6<BfKMh0~HwXB%pN5pVL;~bUf5nH{*Dod@QM<lyg)##o0esPb+S;w4oo2>R$
z9;3ZRgN`a|28qqNxV5VG#aFG@vcqBAi-(HDuc@9v!D#YWzSBPv(OX?vwL{L1)@E(+
z&T8UysgAx^UuVlzo|E<2tHznev(B}Zx~(5(!0|(Ih5b$aBI51|yuw7h>&Oswo~Pqs
z?V$s4mjKg_G5!}cXr=B|tUe+a`;~dKw!F)A>LBsCCro(9jKu9$?{vI1C(ei(BRsSS
z9%rG%eM1%x<cW6#%LvF`syG=mXs}*o1r|TLjCx<T3VO%vt!gm7#7eLlLyxN?Qv2j=
zT#v8T3%Ukr%j-PrW2Rhio}6d3Gs<I8Kbm)rJ44uKffSWlJL@<*QEhyuZv5x;i>h(W
z7x8POjnc|!^f75z{V&|qmcdc;;yoMQdZ&es&?&X7tm4Z&dF7_cdDWmQ2OD+OJ&;dz
z#HcLPlbYd(e(bd7Sy#+hS5)xON5$?UDxUR69}%knb8vPt&QbLpdP&z~M-ogmPIp5^
ziFDg^-%~}Oo-2H7BVFt7-#8{q?N7ZHqbqo*S-ui>ltt})Oas(1pSslXsTtl=P93FB
z>SO3=KIzwfI?R2InWHYV7PC5VmOu{Idj{7PkkR*A>2T;wG~2CK&B-d8Fm2AsF4XR9
zIaFlvlA5<#Rq$`QGvzGEy9)2#Kv&mk)>QW|tT!<FR8L^3bRb@TQR}lN^0jKbR=Y!E
zhh$~eon)s>rjiyF4)W<nUsvpJs1}6Agx8!`L_cBsZLj91(VzF$Fz(scDYc*L605c|
zgYoCW3<}#YV^5_fl*Y(Qja>-Ij{2~=JEL!fnQ{`crTfpaZTy)?G0|DpTB8!4s`p{t
za~<e6+=9jY!ezwY`zr5$>dNj@QJ?8q0|oK?0rQ<KF4UcT*4%i0Eo_|sOq$-3^DBCs
zxvoy+G1aXg;A&xOGxIVML+iK>jnI8qd+zUi+EVmUV!Znhi_ot3B|c}`s%m1*=dp0o
zxwuL=Zp=p|^SLe2KqK?)6Q`N<^)2gTaWWDs_#Am_i}W0Hn?*D2SnsQk@+j{rZnMX9
zm9}-MPtIM~MYpxkodW9!9=KX;>DyC{t#_r*RB`HBVfCU}6hz(Q`StUbIv?jrUEa68
z&$AYMoJBZV1?S_u5}C&%QsewpJWqAb;rw#<=B@#&oUOSdV9to?pVc!cqO5$(S>Hv$
z&LC<<eS*1@zEfwttyfrWckPFY_CkNGF*RPFx}X;BvvyK(&`QaJ)x9_SfwBToNnM5N
zS{C{&YGQxSxIv|fR&hrUBX;lckQY>Kl-=$l4s}X%qQ7088-3C@PLCe<z2(&F7)otx
zZ>RN;_0Fe}(djUAjH9n(Wo5-@XBM;hL>*6j27M<?Z4_(9>j?56BG345k&Scbm+Hx|
zWOe!6d{48+>CK_oo#qifS0?|6V*NiRpQn}Bo(KV>omKqj0L_u_Xf<#XH!21FNgD;9
z+we^BE1se{bGGGdZO1&9Qa6=Po9Ww!Ss0H3>7zl-*&$DX(U~)A#u7pD$*0k+{lF0C
z0FU1#%0t!0H=1EAUKvHrCoVljb6f9Wfm+JRG+fo^AZ;GHo<u}g&p4;3$Aj!2<;k_%

literal 0
HcmV?d00001

diff --git a/k8s/helm/istio/dnsExternalNames/sidecar.yml b/k8s/helm/istio/dnsExternalNames/sidecar.yml
new file mode 100644
index 000000000..617fca4ed
--- /dev/null
+++ b/k8s/helm/istio/dnsExternalNames/sidecar.yml
@@ -0,0 +1,20 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Sidecar
+metadata:
+  name: sidecarconf
+  namespace: default
+spec:
+  ingress:
+  - port:
+      number: 6379
+      protocol: TCP
+      name: redisingress
+  egress:
+  - hosts:
+    - "default/*"
+  - port:
+      number: 6379
+      protocol: TCP
+      name: redisegress
+    hosts:
+    - "default/*"
\ No newline at end of file
diff --git a/k8s/helm/istio/dnsExternalNames/webmvcservices.yml b/k8s/helm/istio/dnsExternalNames/webmvcservices.yml
new file mode 100644
index 000000000..e0f2c14f0
--- /dev/null
+++ b/k8s/helm/istio/dnsExternalNames/webmvcservices.yml
@@ -0,0 +1,56 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: basket-data
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: basket-data.eshop-infra.svc.cluster.local
+  ports:
+  - port: 6379
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: keystore-data
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: keystore-data.eshop-infra.svc.cluster.local
+  ports:
+  - port: 6379
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: nosql-data
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: nosql-data.eshop-infra.svc.cluster.local
+  ports:
+  - port: 27017
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: rabbitmq
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: rabbitmq.eshop-infra.svc.cluster.local
+  ports:
+  - port: 5672
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: sql-data
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: sql-data.eshop-infra.svc.cluster.local
+  ports:
+  - port: 1433
+
+
diff --git a/k8s/helm/istio/gateway.yml b/k8s/helm/istio/gateway.yml
index fbc61dadd..bed8c7240 100644
--- a/k8s/helm/istio/gateway.yml
+++ b/k8s/helm/istio/gateway.yml
@@ -12,4 +12,69 @@ spec:
       name: http
       protocol: HTTP
     hosts:
-    - "*"
\ No newline at end of file
+    - "*"
+  - port:
+      number: 6379
+      name: redis
+      protocol: TCP
+    hosts:
+    - "*"
+  - port:
+      number: 27017
+      name: mongo
+      protocol: TCP
+    hosts:
+    - "*"
+  - port:
+      number: 5672
+      name: rabbitmq
+      protocol: TCP
+    hosts:
+    - "*"
+  - port:
+      number: 1433
+      name: sql
+      protocol: TCP
+    hosts:
+    - "*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: istio-egressgateway
+spec:
+  selector:
+    istio: egressgateway
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+    - "*"
+  - port:
+      number: 6379
+      name: redis
+      protocol: TCP
+    hosts:
+    - "basket-data.default.svc.cluster.local"
+    - "keystore-data.default.svc.cluster.local"
+  - port:
+      number: 27017
+      name: mongo
+      protocol: TCP
+    hosts:
+    -  "nosql-data.default.svc.cluster.local"
+  - port:
+      number: 5672
+      name: rabbitmq
+      protocol: TCP
+    hosts:
+    - "rabbitmq.default.svc.cluster.local"
+  - port:
+      number: 1433
+      name: sql
+      protocol: TCP
+    hosts:
+    - "sql-data.default.svc.cluster.local"
+
diff --git a/k8s/helm/istio/virtualservices.yml b/k8s/helm/istio/virtualservices.yml
index e01f4678f..13b600dcf 100644
--- a/k8s/helm/istio/virtualservices.yml
+++ b/k8s/helm/istio/virtualservices.yml
@@ -56,4 +56,52 @@ spec:
     - destination:
         port:
           number: 80
-        host: identity
\ No newline at end of file
+        host: identity
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: basket-data-storage-dr
+spec:
+  host: basket-data.default.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: keystore-data-dr
+spec:
+  host: keystore-data.default.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: basket-data-vs
+spec:
+  hosts:
+  - basket-data
+  tcp:
+    route:
+    - destination:
+        host: basket-data.default.svc.cluster.local
+        port:
+          number: 6379
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: keystore-data-vs
+spec:
+  hosts:
+  - keystore-data
+  tcp:
+    route:
+    - destination:
+        host: keystore-data.default.svc.cluster.local
+        port:
+          number: 6379
\ No newline at end of file