From 02e783b8e66075e04e98df236a5064fc9fd96f54 Mon Sep 17 00:00:00 2001 From: Rafael Laszlo <rlacko99@gmail.com> Date: Fri, 19 Nov 2021 22:32:44 +0100 Subject: [PATCH] Add base istio config --- ansible/k8s/components/istio/README.md | 6 ++ .../istio/istio-https-redirecter.yaml | 17 +++++ ansible/k8s/components/istio/istio.yaml | 76 +++++++++++++++++++ 3 files changed, 99 insertions(+) create mode 100644 ansible/k8s/components/istio/README.md create mode 100644 ansible/k8s/components/istio/istio-https-redirecter.yaml create mode 100644 ansible/k8s/components/istio/istio.yaml diff --git a/ansible/k8s/components/istio/README.md b/ansible/k8s/components/istio/README.md new file mode 100644 index 0000000..f37e4fb --- /dev/null +++ b/ansible/k8s/components/istio/README.md @@ -0,0 +1,6 @@ +```bash +kubectl get deployment -n istio-operator istio-operator || istioctl operator init +kubectl apply -f istio.yaml +kubectl apply -f istio-https-redirecter.yaml +``` + diff --git a/ansible/k8s/components/istio/istio-https-redirecter.yaml b/ansible/k8s/components/istio/istio-https-redirecter.yaml new file mode 100644 index 0000000..9130bdd --- /dev/null +++ b/ansible/k8s/components/istio/istio-https-redirecter.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: http-redirect-gw + namespace: istio-system +spec: + selector: + istio: ingressgateway + servers: + - hosts: + - '*' + port: + name: http + number: 80 + protocol: HTTP + tls: + httpsRedirect: true diff --git a/ansible/k8s/components/istio/istio.yaml b/ansible/k8s/components/istio/istio.yaml new file mode 100644 index 0000000..7f50ab4 --- /dev/null +++ b/ansible/k8s/components/istio/istio.yaml @@ -0,0 +1,76 @@ +--- +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: istio-prio +value: 2000 +--- +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +metadata: + namespace: istio-system + name: main-istiocontrolplane +spec: + hub: docker.io/querycapistio + profile: default + components: + pilot: + k8s: + priorityClassName: istio-prio + ingressGateways: + - name: istio-ingressgateway + enabled: true + k8s: + replicaCount: 2 + priorityClassName: istio-prio + service: + type: LoadBalancer + loadBalancerIP: 192.168.44.1 + ports: + - port: 80 + name: http2 + targetPort: 8080 + - port: 443 + name: https + targetPort: 8443 + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 + - amd64 + - ppc64le + - s390x + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 2 + preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 + - weight: 2 + preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - weight: 2 + preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - ppc64le + - weight: 2 + preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - s390x -- GitLab