idk i brought Istio and some other things

2023-04-08 18:41:41 +01:00
parent 4e9641201d
commit a924d8ba91
37 changed files with 2002 additions and 44 deletions
--- a/Istio/tmp/ingress.yaml
+++ b/Istio/tmp/ingress.yaml
@ -0,0 +1,63 @@
+## https://istio.io/latest/docs/setup/additional-setup/gateway/#deploying-a-gateway
+#apiVersion: v1
+#kind: Service
+#metadata:
+#  name: istio-ingressgateway2
+#  namespace: istio-ingress
+#spec:
+#  type: LoadBalancer
+#  selector:
+#    istio: ingressgateway
+#  ports:
+#    - port: 80
+#      name: http
+#    - port: 443
+#      name: https
+#---
+#apiVersion: apps/v1
+#kind: Deployment
+#metadata:
+#  name: istio-ingressgateway2
+#  namespace: istio-ingress
+#spec:
+#  selector:
+#    matchLabels:
+#      istio: ingressgateway
+#  template:
+#    metadata:
+#      annotations:
+#        # Select the gateway injection template (rather than the default sidecar template)
+#        inject.istio.io/templates: gateway
+#      labels:
+#        # Set a unique label for the gateway. This is required to ensure Gateways can select this workload
+#        istio: ingressgateway
+#        # Enable gateway injection. If connecting to a revisioned control plane, replace with "istio.io/rev: revision-name"
+#        sidecar.istio.io/inject: "true"
+#    spec:
+#      containers:
+#        - name: istio-proxy
+#          image: auto # The image will automatically update each time the pod starts.
+#---
+## Set up roles to allow reading credentials for TLS
+#apiVersion: rbac.authorization.k8s.io/v1
+#kind: Role
+#metadata:
+#  name: istio-ingressgateway2-sds
+#  namespace: istio-ingress
+#rules:
+#  - apiGroups: [""]
+#    resources: ["secrets"]
+#    verbs: ["get", "watch", "list"]
+#---
+#apiVersion: rbac.authorization.k8s.io/v1
+#kind: RoleBinding
+#metadata:
+#  name: istio-ingressgateway2-sds
+#  namespace: istio-ingress
+#roleRef:
+#  apiGroup: rbac.authorization.k8s.io
+#  kind: Role
+#  name: istio-ingressgateway2-sds
+#subjects:
+#  - kind: ServiceAccount
+#    name: default
--- a/Istio/tmp/tmp.txt
+++ b/Istio/tmp/tmp.txt
@ -0,0 +1,29 @@
+https://medium.com/@dinup24/expose-apps-on-private-network-through-istio-ingress-gateway-7dcb8a16d5bc
+
+
+cat << EOF > istio-operator.yaml
+apiVersion: install.istio.io/v1alpha1
+kind: IstioOperator
+metadata:
+  namespace: istio-system
+  name: istio-operator
+spec:
+  profile: default
+  components:
+    ingressGateways:
+      - name: istio-ingressgateway
+        enabled: true
+      - namespace: istio-system
+        name: istio-ingressgateway-private
+        enabled: true
+        k8s:
+          serviceAnnotations:
+            service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: "private"
+  values:
+    gateways:
+      istio-ingressgateway:
+        sds:
+          enabled: true
+EOF
+
+istioctl manifest apply -f istio-operator.yaml