From f1a860f97bc5f07e85c3847aa68ae0937c8c3036 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 17 Apr 2023 11:10:48 +0200 Subject: [PATCH] refactor(istio-resource): Move all istio resource to helmfile --- badhouseplants/values/values.argocd.yaml | 14 ++++++++ badhouseplants/values/values.drone.yaml | 13 +++++++ badhouseplants/values/values.funkwhale.yaml | 14 ++++++++ badhouseplants/values/values.gitea.yaml | 38 +++++++-------------- badhouseplants/values/values.minecraft.yaml | 14 ++++++++ badhouseplants/values/values.minio.yaml | 14 ++++++++ badhouseplants/values/values.nrodionov.yaml | 15 ++++++++ badhouseplants/values/values.openvpn.yaml | 15 ++++++++ bin/migrate.sh | 2 +- common/values.istio.yaml | 36 +++++++++++++++++++ etersoft/values/values.minio.yaml | 19 +++++++++++ etersoft/values/values.openvpn.yaml | 15 ++++++++ releases.yaml | 12 +++++++ 13 files changed, 195 insertions(+), 26 deletions(-) create mode 100644 common/values.istio.yaml diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 41fcc9c..72462af 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -1,4 +1,18 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: argocd-http + gateway: badhouseplants-net + kind: http + hostname: argo.badhouseplants.net + service: argocd-server + port: 80 + controller: resources: limits: diff --git a/badhouseplants/values/values.drone.yaml b/badhouseplants/values/values.drone.yaml index b3dc07e..c668910 100644 --- a/badhouseplants/values/values.drone.yaml +++ b/badhouseplants/values/values.drone.yaml @@ -1,3 +1,16 @@ +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: drone-http + gateway: badhouseplants-net + kind: http + hostname: drone.badhouseplants.net + service: drone + port: 8080 env: DRONE_SERVER_HOST: drone.badhouseplants.net DRONE_SERVER_PROTO: https diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 2a71c46..5cb7632 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -1,4 +1,18 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: funkwhale-http + gateway: badhouseplants-net + kind: http + hostname: funkwhale.badhouseplants.net + service: funkwhale + port: 80 + replicaCount: 1 celery: worker: diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 0d3b2cb..835afe5 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -1,37 +1,25 @@ --- -ns: - enabled: true - name: gitea-service +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ istio: enabled: true istio: - name: gitea-http + kind: http gateway: badhouseplants-net hostname: git.badhouseplants.net service: gitea-http port: 3000 - templates: - - | - {{ range .Values.istio }} - apiVersion: networking.istio.io/v1beta1 - kind: VirtualService - metadata: - name: {{ .name }} - spec: - gateways: - - "istio-system/{{ .gateway }}" - hosts: - - {{ .hostname }} - http: - - match: - - uri: - prefix: / - route: - - destination: - host: {{ .service }} - port: - number: {{ .port }} - {{ end }} + - name: gitea-ssh + kind: tcp + gateway: badhouseplants-ssh + hostname: "*" + port_match: 22 + service: gitea-ssh + port: 22 + replicaCount: 1 clusterDomain: cluster.local diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 9967b1a..c61691f 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -10,6 +10,20 @@ service-account: app: minecraft-minecraft-metrics endpoints: port: metrics +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: minecraft-tcp + gateway: badhouseplants-minecraft + kind: tcp + port_match: 25565 + host: "*" + service: minecraft-minecraft + port: 25565 # -------------------------------------------------- # -- Main values # -------------------------------------------------- diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index e39bc4e..91ac710 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -1,4 +1,18 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: nrodionov-http + gateway: nrodionov-info + kind: http + hostname: dev.nrodionov.info + service: nrodionov-wordpress + port: 8080 + rootUser: 'overlord' replicas: 1 mode: standalone diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index ba5f50d..055bfff 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -1,3 +1,18 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: minio-http + gateway: badhouseplants-net + kind: http + hostname: minio.badhouseplants.net + service: minio-console + port: 9001 + wordpressBlogName: Николай Николаевич Родионов wordpressUsername: admin wordpressFirstName: Nikolai diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index 80b2be6..b2206a5 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -1,4 +1,19 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: openvpn-tcp + gateway: badhouseplants-vpn + kind: tcp + port_match: 1194 + host: "*" + service: openvpn + port: 1194 + storageClassName: longhorn openvpn: server: "tcp://195.201.250.50:1194" diff --git a/bin/migrate.sh b/bin/migrate.sh index cfcd410..fb4989b 100755 --- a/bin/migrate.sh +++ b/bin/migrate.sh @@ -3,4 +3,4 @@ argo_instance=$1 helm_name=$2 helm_ns=$3 -kubectl get CustomResourceDefinition,PersistentVolumeClaim,EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=$argo_instance -l helm.sh/chart=longhorn-1.4.0 -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="$helm_ns" "meta.helm.sh/release-name"="$helm_name" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done +kubectl get CustomResourceDefinition,PersistentVolumeClaim,EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=$argo_instance -l helm.sh/chart=longhorn-1.4.0 -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namewspace"="$helm_ns" "meta.helm.sh/release-name"="$helm_name" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done diff --git a/common/values.istio.yaml b/common/values.istio.yaml new file mode 100644 index 0000000..0b353c0 --- /dev/null +++ b/common/values.istio.yaml @@ -0,0 +1,36 @@ +--- +istio: + templates: + - | + {{ range .Values.istio }} + --- + apiVersion: networking.istio.io/v1beta1 + kind: VirtualService + metadata: + name: {{ .name }} + spec: + gateways: + - "istio-system/{{ .gateway }}" + hosts: + - {{ .hostname | quote }} + {{- if eq .kind "http" }} + http: + - match: + - uri: + prefix: / + route: + - destination: + host: {{ .service }} + port: + number: {{ .port }} + {{- else if eq .kind "tcp" }} + tcp: + - match: + - port: {{ .port_match }} + route: + - destination: + host: {{ .service }} + port: + number: {{ .port }} + {{ end }} + {{ end }} diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index 0162fae..f090b2d 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -1,4 +1,23 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: minio-http + gateway: badhouseplants-net + kind: http + hostname: min.e.badhouseplants.net + service: minio-console + port: 9001 + - name: s3-http + gateway: badhouseplants-net + kind: http + hostname: s3.e.badhouseplants.net + service: minio + port: 9000 rootUser: 'overlord' replicas: 1 mode: standalone diff --git a/etersoft/values/values.openvpn.yaml b/etersoft/values/values.openvpn.yaml index f389024..be04091 100644 --- a/etersoft/values/values.openvpn.yaml +++ b/etersoft/values/values.openvpn.yaml @@ -1,4 +1,19 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: openvpn-tcp + gateway: etersoft-vp + kind: tcp + port_match: 1194 + host: "*" + service: openvpn + port: 1194 + storageClassName: microk8s-hostpath openvpn: server: "tcp://91.232.225.63:1194" diff --git a/releases.yaml b/releases.yaml index a52b383..857d4d8 100644 --- a/releases.yaml +++ b/releases.yaml @@ -92,6 +92,7 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource # ---------------------------- # -- Istio # ---------------------------- @@ -130,6 +131,8 @@ templates: version: 1.0.3 inherit: - template: default-env-values + - template: ext-istio-resource + drone: &drone name: drone @@ -138,6 +141,7 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource drone-runner-kube: &drone-runner-kube name: drone-runner-kube @@ -154,6 +158,8 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource + minio: &minio name: minio @@ -162,6 +168,8 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource + minecraft: &minecraft name: minecraft @@ -169,6 +177,8 @@ templates: version: 4.7.3 inherit: - template: default-env-values + - template: ext-istio-resource + gitea: &gitea name: gitea @@ -186,3 +196,5 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource +