mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
Merge pull request #59378 from ostromart/istio_addon_ostromart
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add code and yaml for Istio as an addon This commit adds the following: - YAML for istio components to the addons directory (versions with and without auth) - logic to copy the appropriate YAML file into the addons manager dir, depending on ENABLE_ISTIO and ISTIO_AUTH_TYPE env vars - changes to addon manager script which allow plugins to exist in namespace other than kube-system. This is needed for Istio functionality - additional initialization for Istio in addon manager. This has been manually tested - e2e tests are in progress but require additional code to enable istio in tests. See: - https://github.com/istio/istio/pull/2841 - https://github.com/kubernetes/test-infra/pull/6612 **What this PR does / why we need it**: Allow [Istio](https://istio.io/) to be installed as an addon. This simplifies the Istio setup process on k8s and GKE. Istio team is trying to make it easier for end users to get to a basic functional installation. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
This commit is contained in:
commit
a6b8c06380
@ -107,7 +107,7 @@ function create_resource_from_string() {
|
||||
local -r config_name=$4;
|
||||
local -r namespace=$5;
|
||||
while [ ${tries} -gt 0 ]; do
|
||||
echo "${config_string}" | ${KUBECTL} ${KUBECTL_OPTS} --namespace="${namespace}" apply -f - && \
|
||||
echo "${config_string}" | ${KUBECTL} ${KUBECTL_OPTS} apply -f - && \
|
||||
log INFO "== Successfully started ${config_name} in namespace ${namespace} at $(date -Is)" && \
|
||||
return 0;
|
||||
let tries=tries-1;
|
||||
@ -124,12 +124,12 @@ function reconcile_addons() {
|
||||
# Filter out `configured` message to not noisily log.
|
||||
# `created`, `pruned` and errors will be logged.
|
||||
log INFO "== Reconciling with deprecated label =="
|
||||
${KUBECTL} ${KUBECTL_OPTS} apply --namespace=${SYSTEM_NAMESPACE} -f ${ADDON_PATH} \
|
||||
${KUBECTL} ${KUBECTL_OPTS} apply -f ${ADDON_PATH} \
|
||||
-l ${CLUSTER_SERVICE_LABEL}=true,${ADDON_MANAGER_LABEL}!=EnsureExists \
|
||||
--prune=true --recursive | grep -v configured
|
||||
|
||||
log INFO "== Reconciling with addon-manager label =="
|
||||
${KUBECTL} ${KUBECTL_OPTS} apply --namespace=${SYSTEM_NAMESPACE} -f ${ADDON_PATH} \
|
||||
${KUBECTL} ${KUBECTL_OPTS} apply -f ${ADDON_PATH} \
|
||||
-l ${CLUSTER_SERVICE_LABEL}!=true,${ADDON_MANAGER_LABEL}=Reconcile \
|
||||
--prune=true --recursive | grep -v configured
|
||||
|
||||
@ -139,7 +139,7 @@ function reconcile_addons() {
|
||||
function ensure_addons() {
|
||||
# Create objects already exist should fail.
|
||||
# Filter out `AlreadyExists` message to not noisily log.
|
||||
${KUBECTL} ${KUBECTL_OPTS} create --namespace=${SYSTEM_NAMESPACE} -f ${ADDON_PATH} \
|
||||
${KUBECTL} ${KUBECTL_OPTS} create -f ${ADDON_PATH} \
|
||||
-l ${ADDON_MANAGER_LABEL}=EnsureExists --recursive 2>&1 | grep -v AlreadyExists
|
||||
|
||||
log INFO "== Kubernetes addon ensure completed at $(date -Is) =="
|
||||
|
2185
cluster/addons/istio/auth/istio-auth.yaml
Normal file
2185
cluster/addons/istio/auth/istio-auth.yaml
Normal file
File diff suppressed because it is too large
Load Diff
2185
cluster/addons/istio/noauth/istio.yaml
Normal file
2185
cluster/addons/istio/noauth/istio.yaml
Normal file
File diff suppressed because it is too large
Load Diff
@ -2238,6 +2238,13 @@ EOF
|
||||
local -r metadata_proxy_yaml="${dst_dir}/metadata-proxy/gce/metadata-proxy.yaml"
|
||||
update-prometheus-to-sd-parameters ${metadata_proxy_yaml}
|
||||
fi
|
||||
if [[ "${ENABLE_ISTIO:-}" == "true" ]]; then
|
||||
if [[ "${ISTIO_AUTH_TYPE:-}" == "MUTUAL_TLS" ]]; then
|
||||
setup-addon-manifests "addons" "istio/auth"
|
||||
else
|
||||
setup-addon-manifests "addons" "istio/noauth"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Place addon manager pod manifest.
|
||||
cp "${src_dir}/kube-addon-manager.yaml" /etc/kubernetes/manifests
|
||||
|
Loading…
Reference in New Issue
Block a user