Skip to content

Commit

Permalink
add istio addon for minikube
Browse files Browse the repository at this point in the history
  • Loading branch information
@fenglixa
fenglixa committed Dec 23, 2019
1 parent cf50577 commit 44511a9
Show file tree
Hide file tree
Showing 5 changed files with 311 additions and 0 deletions.
12 changes: 12 additions & 0 deletions cmd/minikube/cmd/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,18 @@ var settings = []Setting{
validations: []setFn{IsValidAddon},
callbacks: []setFn{EnableOrDisableAddon},
},
{
name: "istio-provisioner",
set: SetBool,
validations: []setFn{IsValidAddon},
callbacks: []setFn{EnableOrDisableAddon},
},
{
name: "istio",
set: SetBool,
validations: []setFn{IsValidAddon},
callbacks: []setFn{EnableOrDisableAddon},
},
{
name: "addon-manager",
set: SetBool,
Expand Down
2 changes: 2 additions & 0 deletions deploy/addons/addon-manager.yaml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ spec:
value: "5"
- name: ADDON_MANAGER_LEADER_ELECTION
value: "false"
- name: KUBECTL_EXTRA_PRUNE_WHITELIST
value: install.istio.io/v1alpha2/IstioControlPlane
imagePullPolicy: IfNotPresent
resources:
requests:
Expand Down
271 changes: 271 additions & 0 deletions deploy/addons/istio-provisioner/istio-operator.yaml.tmpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,271 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: istio-operator
labels:
kubernetes.io/minikube-addons: istio
addonmanager.kubernetes.io/mode: EnsureExists
...
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: istiocontrolplanes.install.istio.io
labels:
kubernetes.io/minikube-addons: istio
addonmanager.kubernetes.io/mode: EnsureExists
spec:
group: install.istio.io
names:
kind: IstioControlPlane
listKind: IstioControlPlaneList
plural: istiocontrolplanes
singular: istiocontrolplane
shortNames:
- icp
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
spec:
description: 'Specification of the desired state of the istio control plane resource.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
status:
description: 'Status describes each of istio control plane component status at the current time.
0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
More info: https://github.com/istio/operator/blob/master/pkg/apis/istio/v1alpha2/v1alpha2.pb.html &
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
versions:
- name: v1alpha2
served: true
storage: true
...
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: istio-operator
name: istio-operator
labels:
kubernetes.io/minikube-addons: istio
addonmanager.kubernetes.io/mode: EnsureExists
...
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: istio-operator
labels:
kubernetes.io/minikube-addons: istio
addonmanager.kubernetes.io/mode: EnsureExists
rules:
# istio groups
- apiGroups:
- authentication.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- config.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- install.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- networking.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- rbac.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- security.istio.io
resources:
- '*'
verbs:
- '*'
# k8s groups
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions.apiextensions.k8s.io
- customresourcedefinitions
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- daemonsets
- deployments
- deployments/finalizers
- ingresses
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
verbs:
- '*'
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- events
- namespaces
- pods
- persistentvolumeclaims
- secrets
- services
- serviceaccounts
verbs:
- '*'
...
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: istio-operator
labels:
kubernetes.io/minikube-addons: istio
addonmanager.kubernetes.io/mode: EnsureExists
subjects:
- kind: ServiceAccount
name: istio-operator
namespace: istio-operator
roleRef:
kind: ClusterRole
name: istio-operator
apiGroup: rbac.authorization.k8s.io
...
---
apiVersion: v1
kind: Service
metadata:
namespace: istio-operator
labels:
name: istio-operator
kubernetes.io/minikube-addons: istio
addonmanager.kubernetes.io/mode: EnsureExists
name: istio-operator-metrics
spec:
ports:
- name: http-metrics
port: 8383
targetPort: 8383
selector:
name: istio-operator
...
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: istio-operator
name: istio-operator
labels:
kubernetes.io/minikube-addons: istio
addonmanager.kubernetes.io/mode: Reconcile
spec:
replicas: 1
selector:
matchLabels:
name: istio-operator
template:
metadata:
labels:
name: istio-operator
kubernetes.io/minikube-addons: istio
addonmanager.kubernetes.io/mode: EnsureExists
spec:
serviceAccountName: istio-operator
containers:
- name: istio-operator
image: docker.io/istio/operator:1.4.0
command:
- istio-operator
- server
imagePullPolicy: Always
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
env:
- name: WATCH_NAMESPACE
value: ""
- name: LEADER_ELECTION_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "istio-operator"
...
10 changes: 10 additions & 0 deletions deploy/addons/istio/istio-default-profile.yaml.tmpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: install.istio.io/v1alpha2
kind: IstioControlPlane
metadata:
namespace: istio-operator
name: example-istiocontrolplane
labels:
kubernetes.io/minikube-addons: istio
addonmanager.kubernetes.io/mode: Reconcile
spec:
profile: default
16 changes: 16 additions & 0 deletions pkg/minikube/assets/addons.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,22 @@ var Addons = map[string]*Addon{
"0640",
true),
}, false, "ingress"),
"istio-provisioner": NewAddon([]*BinAsset{
MustBinAsset(
"deploy/addons/istio-provisioner/istio-operator.yaml.tmpl",
vmpath.GuestAddonsDir,
"istio-operator.yaml",
"0640",
true),
}, true, "istio-provisioner"),
"istio": NewAddon([]*BinAsset{
MustBinAsset(
"deploy/addons/istio/istio-default-profile.yaml.tmpl",
vmpath.GuestAddonsDir,
"istio-default-profile.yaml",
"0640",
false),
}, false, "istio"),
"metrics-server": NewAddon([]*BinAsset{
MustBinAsset(
"deploy/addons/metrics-server/metrics-apiservice.yaml.tmpl",
Expand Down

0 comments on commit 44511a9

Please sign in to comment.