From 13b8cea6a6c7fcd659171aede55cfa6b7922a057 Mon Sep 17 00:00:00 2001 From: Piotr Date: Fri, 30 Oct 2020 21:31:44 +0100 Subject: [PATCH] Istio 1.7 support (#30) * Istio 1.7 support --- .github/workflows/app-connector-e2e-k3s.yml | 4 ++++ config-istio-nodeport.yaml | 21 ++--------------- config-istio.yaml | 17 -------------- download-kyma-charts.sh | 10 +++++---- ingress-dns-cert/templates/certificate.yaml | 15 +++++++++++-- install-istio.sh | 6 ++--- install-kyma-gardener.sh | 6 +++++ install-kyma.sh | 25 ++++++++++++--------- 8 files changed, 48 insertions(+), 56 deletions(-) create mode 100755 install-kyma-gardener.sh diff --git a/.github/workflows/app-connector-e2e-k3s.yml b/.github/workflows/app-connector-e2e-k3s.yml index 4246f6e..9175232 100644 --- a/.github/workflows/app-connector-e2e-k3s.yml +++ b/.github/workflows/app-connector-e2e-k3s.yml @@ -2,8 +2,12 @@ name: Tests on k3s on: push: + branches: + - main pull_request: types: [opened, synchronize, reopened] + branches: + - main schedule: - cron: '0 * * * *' # every hour diff --git a/config-istio-nodeport.yaml b/config-istio-nodeport.yaml index d13f7e0..2cb0f39 100644 --- a/config-istio-nodeport.yaml +++ b/config-istio-nodeport.yaml @@ -1,27 +1,10 @@ apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec: - addonComponents: - grafana: - enabled: false - istiocoredns: - enabled: false - kiali: - enabled: false - prometheus: - enabled: false - tracing: - enabled: false components: - citadel: - enabled: false - cni: - enabled: false egressGateways: - enabled: false name: istio-egressgateway - galley: - enabled: false ingressGateways: - enabled: true k8s: @@ -44,10 +27,10 @@ spec: nodePort: 30002 - name: http2 port: 80 - targetPort: 80 + targetPort: 8080 nodePort: 30000 - name: https port: 443 - targetPort: 443 + targetPort: 8443 nodePort: 30001 name: istio-ingressgateway diff --git a/config-istio.yaml b/config-istio.yaml index 669c927..d14e75b 100644 --- a/config-istio.yaml +++ b/config-istio.yaml @@ -1,24 +1,7 @@ apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec: - addonComponents: - grafana: - enabled: false - istiocoredns: - enabled: false - kiali: - enabled: false - prometheus: - enabled: false - tracing: - enabled: false components: - citadel: - enabled: false - cni: - enabled: false egressGateways: - enabled: false name: istio-egressgateway - galley: - enabled: false \ No newline at end of file diff --git a/download-kyma-charts.sh b/download-kyma-charts.sh index cec84b4..b11da1a 100755 --- a/download-kyma-charts.sh +++ b/download-kyma-charts.sh @@ -1,5 +1,7 @@ -curl -s https://codeload.github.com/kyma-project/kyma/zip/master --output kyma-master.zip -unzip -qq kyma-master.zip kyma-master/resources/* +REPO=${1:-kyma-project/kyma} +BRANCH=${2:-master} +curl -s https://codeload.github.com/${REPO}/zip/${BRANCH} --output kyma-src.zip +unzip --qq -d ./tmp kyma-src.zip rm -rf ./resources -mv kyma-master/resources . -rm -Rf ./kyma-master* +mv ./tmp/*/resources ./ +rm -rf ./tmp diff --git a/ingress-dns-cert/templates/certificate.yaml b/ingress-dns-cert/templates/certificate.yaml index 48e9101..ce81279 100644 --- a/ingress-dns-cert/templates/certificate.yaml +++ b/ingress-dns-cert/templates/certificate.yaml @@ -1,4 +1,4 @@ -{{ if eq .Values.global.ingress.domainName "local.kyma.dev" }} +{{- if eq .Values.global.ingress.domainName "local.kyma.dev" }} --- apiVersion: v1 kind: Secret @@ -10,4 +10,15 @@ metadata: data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURQVENDQWlXZ0F3SUJBZ0lSQVByWW0wbGhVdUdkeVNCTHo4d3g5VGd3RFFZSktvWklodmNOQVFFTEJRQXcKTURFVk1CTUdBMVVFQ2hNTVkyVnlkQzF0WVc1aFoyVnlNUmN3RlFZRFZRUURFdzVzYjJOaGJDMXJlVzFoTFdSbApkakFlRncweU1EQTNNamt3T1RJek5UTmFGdzB6TURBM01qY3dPVEl6TlROYU1EQXhGVEFUQmdOVkJBb1RER05sCmNuUXRiV0Z1WVdkbGNqRVhNQlVHQTFVRUF4TU9iRzlqWVd3dGEzbHRZUzFrWlhZd2dnRWlNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDemE4VEV5UjIyTFRKN3A2aXg0M2E3WTVVblovRkNicGNOQkdEbQpxaDRiRGZLcjFvMm1CYldWdUhDbTVBdTBkeHZnbUdyd0tvZzJMY0N1bEd5UXVlK1JLQ0RIVFBJVjdqZEJwZHJhCkNZMXQrNjlJMkJWV0xiblFNVEZmOWw3Vy8yZFFFU0ExZHZQajhMZmlrcEQvUEQ5ekdHR0FQa2hlenVNRU80dUwKaUxXSloyYmpYK1dtaGZXb0lrOG5oak5YNVBFN2l4alMvNnB3QU56eXk2NW95NDJPaHNuYXlDR1grbmhFVk5SRApUejEraEMvdjJaOS9lRG1OdHdjT1hJSk4relZtUTJ4VHh2Sm0rbDUwYzlnenZTY3YzQXg0dUJsOTk3UnVlcUszCmdZMVRmVklFQ0FOTE9hb29jRG5kcW1FY1lBb25SeGJKK0M2U1RJYlhuUVAyMmYxQkFnTUJBQUdqVWpCUU1BNEcKQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBVEFNQmdOVkhSTUJBZjhFQWpBQQpNQnNHQTFVZEVRUVVNQktDRUNvdWJHOWpZV3d1YTNsdFlTNWtaWFl3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCCkFBUnVOd0VadW1PK2h0dDBZSWpMN2VmelA3UjllK2U4NzJNVGJjSGtyQVhmT2hvQWF0bkw5cGhaTHhKbVNpa1IKY0tJYkJneDM3RG5ka2dPY3doNURTT2NrdHBsdk9sL2NwMHMwVmFWbjJ6UEk4Szk4L0R0bEU5bVAyMHRLbE90RwpaYWRhdkdrejhXbDFoRzhaNXdteXNJNWlEZHNpajVMUVJ6Rk04YmRGUUJiRGkxbzRvZWhIRTNXbjJjU3NTUFlDCkUxZTdsM00ySTdwQ3daT2lFMDY1THZEeEszWFExVFRMR2oxcy9hYzRNZUxCaXlEN29qb25MQmJNYXRiaVJCOUIKYlBlQS9OUlBaSHR4TDArQ2Nvb1JndmpBNEJMNEtYaFhxZHZzTFpiQWlZc0xTWk0yRHU0ZWZ1Q25SVUh1bW1xNQpVNnNOOUg4WXZxaWI4K3B1c0VpTUttND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBczJ2RXhNa2R0aTB5ZTZlb3NlTjJ1Mk9WSjJmeFFtNlhEUVJnNXFvZUd3M3lxOWFOCnBnVzFsYmh3cHVRTHRIY2I0SmhxOENxSU5pM0FycFJza0xudmtTZ2d4MHp5RmU0M1FhWGEyZ21OYmZ1dlNOZ1YKVmkyNTBERXhYL1plMXY5blVCRWdOWGJ6NC9DMzRwS1EvencvY3hoaGdENUlYczdqQkR1TGk0aTFpV2RtNDEvbApwb1gxcUNKUEo0WXpWK1R4TzRzWTB2K3FjQURjOHN1dWFNdU5qb2JKMnNnaGwvcDRSRlRVUTA4OWZvUXY3OW1mCmYzZzVqYmNIRGx5Q1RmczFaa05zVThieVp2cGVkSFBZTTcwbkw5d01lTGdaZmZlMGJucWl0NEdOVTMxU0JBZ0QKU3ptcUtIQTUzYXBoSEdBS0owY1d5Zmd1a2t5RzE1MEQ5dG45UVFJREFRQUJBb0lCQUJwVmYvenVFOWxRU3UrUgpUUlpHNzM5VGYybllQTFhtYTI4eXJGSk90N3A2MHBwY0ZGQkEyRVVRWENCeXFqRWpwa2pSdGlobjViUW1CUGphCnVoQ0g2ZHloU2laV2FkWEVNQUlIcU5hRnZtZGRJSDROa1J3aisvak5yNVNKSWFSbXVqQXJRMUgxa3BockZXSkEKNXQwL1o0U3FHRzF0TnN3TGk1QnNlTy9TOGVvbnJ0Q3gzSmxuNXJYdUIzT1hSQnMyVGV6dDNRRlBEMEJDY2c3cgpBbEQrSDN6UjE0ZnBLaFVvb0J4S0VacmFHdmpwVURFeThSSy9FemxaVzBxMDB1b2NhMWR0c0s1V1YxblB2aHZmCjBONGRYaUxuOE5xY1k0c0RTMzdhMWhYV3VJWWpvRndZa0traFc0YS9LeWRKRm5acmlJaDB0ZU81Q0I1ZnpaVnQKWklOYndyMENnWUVBd0gzeksvRTdmeTVpd0tJQnA1M0YrUk9GYmo1a1Y3VUlkY0RIVjFveHhIM2psQzNZUzl0MQo3Wk9UUHJ6eGZ4VlB5TVhnOEQ1clJybkFVQk43cE5xeWxHc3FMOFA1dnZlbVNwOGNKU0REQWN4RFlqeEJLams5CldtOXZnTGpnaERSUFN1Um50QXNxQVVqcWhzNmhHUzQ4WUhMOVI2QlI5dmY2U2xWLzN1NWMvTXNDZ1lFQTdwM1UKRDBxcGNlM1liaiszZmppVWFjcTRGcG9rQmp1MTFVTGNvREUydmZFZUtEQldsM3BJaFNGaHYvbnVqaUg2WWJpWApuYmxKNVRlSnI5RzBGWEtwcHNLWW9vVHFkVDlKcFp2QWZGUzc2blZZaUJvMHR3VzhwMGVCS3QyaUFyejRYRmxUCnpRSnNOS1dsRzBzdGJmSzNqdUNzaWJjYTBUd09lbTdSdjdHV0dLTUNnWUJjZmFoVVd1c2RweW9vS1MvbVhEYisKQVZWQnJaVUZWNlVpLzJoSkhydC9FSVpEY3V2Vk56UW8zWm9Jc1R6UXRXcktxOW56VmVxeDV4cnkzd213SXExZwpCMFlVQVhTRlAvV1ZNWEtTbkhWVzdkRUs2S3pmSHZYTitIRjVSbHdLNmgrWGVyd2hsS093VGxyeVAyTEUrS1JtCks1cHJ5aXJZSWpzUGNKbXFncG9IbFFLQmdCVWVFcTVueFNjNERYZDBYQ0Rua1BycjNlN2lKVjRIMnNmTTZ3bWkKVVYzdUFPVTlvZXcxL2tVSjkwU3VNZGFTV3o1YXY5Qk5uYVNUamJQcHN5NVN2NERxcCtkNksrWEVmQmdUK0swSQpNcmxGT1ZpU09TZ1pjZUM4QzBwbjR2YXJFcS9abC9rRXhkN0M2aUhJUFhVRmpna3ZDUllIQm5DT0NCbjl4TUphClRSWlJBb0dBWS9QYSswMFo1MHYrUU40cVhlRHFrS2FLZU80OFUzOHUvQUJMeGFMNHkrZkJpUStuaXh5ZFUzOCsKYndBR3JtMzUvSU5VRTlkWE44d21XRUlXVUZ3YVR2dHY5NXBpcWNKL25QZkFiY2pDeU8wU3BJWCtUYnFRSkljbgpTVjlrKzhWUFNiRUJ5YXRKVTdIQ3FaNUNTWEZuUnRNanliaWNYYUFKSWtBQm4zVjJ3OFk9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== -{{ end }} +{{- end }} + +{{- if .Values.global.environment.gardener }} +apiVersion: cert.gardener.cloud/v1alpha1 +kind: Certificate +metadata: + name: kyma-gateway-cert + namespace: istio-system +spec: + commonName: "*.{{ .Values.global.ingress.domainName }}" + secretName: "kyma-gateway-certs" +{{- end }} diff --git a/install-istio.sh b/install-istio.sh index 13d8924..a2ce577 100755 --- a/install-istio.sh +++ b/install-istio.sh @@ -2,7 +2,7 @@ set -e # Instal istio -if [[ ! -f istio-1.5.10/bin/istioctl ]]; then - curl -sL https://istio.io/downloadIstio | ISTIO_VERSION=1.5.10 sh - +if [[ ! -f istio-1.7.4/bin/istioctl ]]; then + curl -sL https://istio.io/downloadIstio | ISTIO_VERSION=1.7.4 sh - fi -istio-1.5.10/bin/istioctl manifest apply --set profile=demo $@ \ No newline at end of file +istio-1.7.4/bin/istioctl install --set profile=demo $@ \ No newline at end of file diff --git a/install-kyma-gardener.sh b/install-kyma-gardener.sh new file mode 100755 index 0000000..14ee363 --- /dev/null +++ b/install-kyma-gardener.sh @@ -0,0 +1,6 @@ +export KYMA_DOMAIN=$(kubectl get cm shoot-info -n kube-system -ojsonpath='{.data.domain}') +export REGISTRY_VALUES="dockerRegistry.enableInternal=true" +export REGISTRY_IP=127.0.0.1 +export GARDENER=true + +./install-kyma.sh \ No newline at end of file diff --git a/install-kyma.sh b/install-kyma.sh index f32ed7c..a7f1d5d 100755 --- a/install-kyma.sh +++ b/install-kyma.sh @@ -2,11 +2,14 @@ set -o errexit SECONDS=0 -export DOMAIN=local.kyma.dev -export OVERRIDES=global.isLocalEnv=false,global.ingress.domainName=$DOMAIN,global.environment.gardener=false,global.domainName=$DOMAIN,global.tlsCrt=ZHVtbXkK +GARDENER=${GARDENER:-false} +export DOMAIN=${KYMA_DOMAIN:-local.kyma.dev} +export OVERRIDES=global.isLocalEnv=false,global.ingress.domainName=$DOMAIN,global.environment.gardener=$GARDENER,global.domainName=$DOMAIN,global.tlsCrt=ZHVtbXkK export ORY=global.ory.hydra.persistence.enabled=false,global.ory.hydra.persistence.postgresql.enabled=false,hydra.hydra.autoMigrate=false,hydra.deployment.resources.requests.cpu=10m,oathkeeper.deployment.resources.requests.cpu=10m # export REGISTRY_VALUES="dockerRegistry.username=$REGISTRY_USER,dockerRegistry.password=$REGISTRY_PASS,dockerRegistry.enableInternal=false,dockerRegistry.serverAddress=ghcr.io,dockerRegistry.registryAddress=ghcr.io/$REGISTRY_USER" -export REGISTRY_VALUES="dockerRegistry.enableInternal=false,dockerRegistry.serverAddress=registry.localhost:5000,dockerRegistry.registryAddress=registry.localhost:5000" +if [[ -z $REGISTRY_VALUES ]]; then + export REGISTRY_VALUES="dockerRegistry.enableInternal=false,dockerRegistry.serverAddress=registry.localhost:5000,dockerRegistry.registryAddress=registry.localhost:5000" +fi # Wait until number of background jobs is less than $1, try every $2 second(s) function waitForJobs() { @@ -45,8 +48,8 @@ set +e rm resources/core/charts/gateway/templates/kyma-gateway-certs.yaml # apiserver-proxy dependencies are not required (cannot be disabled by values yet): -rm resources/apiserver-proxy/requirements.yaml -rm -R resources/apiserver-proxy/charts +# rm resources/apiserver-proxy/requirements.yaml +# rm -R resources/apiserver-proxy/charts set -e @@ -94,23 +97,23 @@ kubectl -n kube-system patch cm coredns --patch "$(cat coredns-patch.yaml)" kubectl apply -f resources/cluster-essentials/files -n kyma-system helm_install pod-preset resources/cluster-essentials/charts/pod-preset kyma-system helm_install testing resources/testing kyma-system - -helm_install ingress-dns-cert ingress-dns-cert istio-system --set $OVERRIDES & +helm_install ingress-dns-cert ingress-dns-cert istio-system --set global.ingress.domainName=$DOMAIN,global.environment.gardener=$GARDENER & helm_install dex resources/dex kyma-system --set $OVERRIDES --set resources.requests.cpu=10m & helm_install ory resources/ory kyma-system --set $OVERRIDES --set $ORY & helm_install api-gateway resources/api-gateway kyma-system --set $OVERRIDES --set deployment.resources.requests.cpu=10m & helm_install rafter resources/rafter kyma-system --set $OVERRIDES & + helm_install service-catalog resources/service-catalog kyma-system --set $OVERRIDES --set catalog.webhook.resources.requests.cpu=10m,catalog.controllerManager.resources.requests.cpu=10m & helm_install service-catalog-addons resources/service-catalog-addons kyma-system --set $OVERRIDES & -helm_install helm-broker resources/helm-broker kyma-system --set $OVERRIDES & +# helm_install helm-broker resources/helm-broker kyma-system --set $OVERRIDES & -helm_install core resources/core kyma-system --set $OVERRIDES& +helm_install core resources/core kyma-system --set $OVERRIDES & helm_install console resources/console kyma-system --set $OVERRIDES & helm_install cluster-users resources/cluster-users kyma-system --set $OVERRIDES & -helm_install apiserver-proxy resources/apiserver-proxy kyma-system --set $OVERRIDES & -helm_install serverless resources/serverless kyma-system --set $REGISTRY_VALUES & +# helm_install apiserver-proxy resources/apiserver-proxy kyma-system --set $OVERRIDES & +helm_install serverless resources/serverless kyma-system --set $REGISTRY_VALUES,global.ingress.domainName=$DOMAIN & helm_install logging resources/logging kyma-system --set $OVERRIDES & helm_install tracing resources/tracing kyma-system --set $OVERRIDES &