wip

2019-04-10 12:09:20 +02:00 · 2019-04-10 12:09:20 +02:00 · 36fce8584b
commit 36fce8584b
parent cc8715c3c9
7 changed files with 291 additions and 6 deletions
--- a/k8s/helm/deploy-all-istio.ps1
+++ b/k8s/helm/deploy-all-istio.ps1
@ -20,7 +20,7 @@ $dns = $externalDns

 # Instalamos Istio
 # Specify the Istio version that will be leveraged throughout these instructions
-$ISTIO_VERSION="1.0.6"
+$ISTIO_VERSION="1.1.1"

 # Windows
 $ProgressPreference = 'SilentlyContinue'; 
@ -28,7 +28,7 @@ $ProgressPreference = 'SilentlyContinue';
 Invoke-WebRequest -URI "https://github.com/istio/istio/releases/download/$ISTIO_VERSION/istio-$ISTIO_VERSION-win.zip" -OutFile "istio-$ISTIO_VERSION.zip"
 Remove-Item istio-$ISTIO_VERSION -Recurse -ErrorAction Ignore
 Expand-Archive -Path "istio-$ISTIO_VERSION.zip" -DestinationPath .
-
+Pause
 if($installIstioOnSystem -eq $true) {
    New-Item -ItemType Directory -Force -Path "C:\Program Files\Istio"
    mv ./istio-$ISTIO_VERSION/bin/istioctl.exe "C:\Program Files/Istio/"
@ -49,7 +49,7 @@ kubectl -n istio-system create secret generic kiali --from-literal=username=$kia


 Write-Host "Deploying Istio in the cluster" -ForegroundColor Green
-helm install istio-$ISTIO_VERSION/install/kubernetes/helm/istio --wait --name istio --namespace istio-system --set global.controlPlaneSecurityEnabled=true --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true 
+helm install istio-$ISTIO_VERSION/install/kubernetes/helm/istio --wait --name istio --namespace istio-system --set global.mtls.enabled=false --set global.controlPlaneSecurityEnabled=false --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true 

 Write-Host "Setting Up Gateway"
 kubectl delete gateway istio-autogenerated-k8s-ingress -n istio-system
--- a/k8s/helm/istio/dnsExternalNames/externaltcpconnections.yml
+++ b/k8s/helm/istio/dnsExternalNames/externaltcpconnections.yml
@ -0,0 +1,96 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: basket-data
+spec:
+  hosts:
+  - basket-data
+  ports:
+  - name: tcp
+    number: 6379
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: keystore-data
+spec:
+  hosts:
+  - keystore-data
+  ports:
+  - name: tcp
+    number: 6379
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: nosql-data
+spec:
+  hosts:
+  - nosql-data
+  ports:
+  - name: tcp
+    number: 27017
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: rabbitmq
+spec:
+  hosts:
+  - rabbitmq
+  ports:
+  - name: tcp
+    number: 5672
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: sql-data
+spec:
+  hosts:
+  - sql-data
+  ports:
+  - name: tcp
+    number: 1433
+    protocol: tcp
+  location: MESH_EXTERNAL
+---
+apiVersion: "networking.istio.io/v1alpha3"
+kind: "DestinationRule"
+metadata:
+  name: external
+  namespace: default
+spec:
+  host: "*.eshop-infra.svc.cluster.local"
+  trafficPolicy:
+    tls:
+      mode: DISABLE
+---
+apiVersion: "networking.istio.io/v1alpha3"
+kind: "DestinationRule"
+metadata:
+  name: externalsql2
+  namespace: default
+spec:
+  host: "sql-data"
+  trafficPolicy:
+    tls:
+      mode: DISABLE
+---
+apiVersion: "networking.istio.io/v1alpha3"
+kind: DestinationRule
+metadata:
+ name: "disable-tls"
+spec:
+ host: "*"
+ trafficPolicy:
+   tls:
+     mode: DISABLE
--- a/k8s/helm/istio/dnsExternalNames/istioconfig.yml
+++ b/k8s/helm/istio/dnsExternalNames/istioconfig.yml
--- a/k8s/helm/istio/dnsExternalNames/sidecar.yml
+++ b/k8s/helm/istio/dnsExternalNames/sidecar.yml
@ -0,0 +1,20 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Sidecar
+metadata:
+  name: sidecarconf
+  namespace: default
+spec:
+  ingress:
+  - port:
+      number: 6379
+      protocol: TCP
+      name: redisingress
+  egress:
+  - hosts:
+    - "default/*"
+  - port:
+      number: 6379
+      protocol: TCP
+      name: redisegress
+    hosts:
+    - "default/*"
--- a/k8s/helm/istio/dnsExternalNames/webmvcservices.yml
+++ b/k8s/helm/istio/dnsExternalNames/webmvcservices.yml
@ -0,0 +1,56 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: basket-data
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: basket-data.eshop-infra.svc.cluster.local
+  ports:
+  - port: 6379
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: keystore-data
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: keystore-data.eshop-infra.svc.cluster.local
+  ports:
+  - port: 6379
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: nosql-data
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: nosql-data.eshop-infra.svc.cluster.local
+  ports:
+  - port: 27017
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: rabbitmq
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: rabbitmq.eshop-infra.svc.cluster.local
+  ports:
+  - port: 5672
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: sql-data
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: sql-data.eshop-infra.svc.cluster.local
+  ports:
+  - port: 1433
+
+
--- a/k8s/helm/istio/gateway.yml
+++ b/k8s/helm/istio/gateway.yml
@ -13,3 +13,68 @@ spec:
      protocol: HTTP
    hosts:
    - "*"
+  - port:
+      number: 6379
+      name: redis
+      protocol: TCP
+    hosts:
+    - "*"
+  - port:
+      number: 27017
+      name: mongo
+      protocol: TCP
+    hosts:
+    - "*"
+  - port:
+      number: 5672
+      name: rabbitmq
+      protocol: TCP
+    hosts:
+    - "*"
+  - port:
+      number: 1433
+      name: sql
+      protocol: TCP
+    hosts:
+    - "*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: istio-egressgateway
+spec:
+  selector:
+    istio: egressgateway
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+    - "*"
+  - port:
+      number: 6379
+      name: redis
+      protocol: TCP
+    hosts:
+    - "basket-data.default.svc.cluster.local"
+    - "keystore-data.default.svc.cluster.local"
+  - port:
+      number: 27017
+      name: mongo
+      protocol: TCP
+    hosts:
+    -  "nosql-data.default.svc.cluster.local"
+  - port:
+      number: 5672
+      name: rabbitmq
+      protocol: TCP
+    hosts:
+    - "rabbitmq.default.svc.cluster.local"
+  - port:
+      number: 1433
+      name: sql
+      protocol: TCP
+    hosts:
+    - "sql-data.default.svc.cluster.local"
+
--- a/k8s/helm/istio/virtualservices.yml
+++ b/k8s/helm/istio/virtualservices.yml
@ -57,3 +57,51 @@ spec:
        port:
          number: 80
        host: identity
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: basket-data-storage-dr
+spec:
+  host: basket-data.default.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: keystore-data-dr
+spec:
+  host: keystore-data.default.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: basket-data-vs
+spec:
+  hosts:
+  - basket-data
+  tcp:
+    route:
+    - destination:
+        host: basket-data.default.svc.cluster.local
+        port:
+          number: 6379
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: keystore-data-vs
+spec:
+  hosts:
+  - keystore-data
+  tcp:
+    route:
+    - destination:
+        host: keystore-data.default.svc.cluster.local
+        port:
+          number: 6379