Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(istio): re-onboard + upgrade + split #843

Merged
merged 18 commits into from
Sep 12, 2023
Merged

feat(istio): re-onboard + upgrade + split #843

merged 18 commits into from
Sep 12, 2023

Conversation

davidspek
Copy link
Contributor

@davidspek davidspek commented Sep 11, 2023

Summary

This PR upgrades our Istio installation and migrates it from the Operator installation mechanism to the (new) Helm charts. It also splits the installation of the control plane (istio discovery), ingress (istio-ingress) and optional CNI plugin (istio-cni) into separate applications to follow security best practices. Similarly and to improve user clarity and maintainability the Kiali installation is split into a separate application.

Test Plan

Checklist

  • No images hosted from dockerhub
  • Are dashboards present to understand the health of the application. There must be at least 1 of these
    • all databases should have dashboards
    • ideally also have at least cpu/mem utilization dashboards for webserver tier of the app
    • you can use plural from-grafana to convert a grafana dashboard found via google to our CRD
  • Are scaling runbooks present
    • all databases must have scaling runbooks
    • you can use the charts in pluralsh/module-library to accelerate this
  • do you need to add config overlays?
    • inputing secrets
    • configuring autoscaling
  • If there’s a web-facing component to the app, we need to support OIDC authentication and setting up private networks if no authentication option is viable
  • All major clouds must be supported
    • Azure
    • AWS
    • GCP

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

Signed-off-by: David van der Spek <[email protected]>
Signed-off-by: David van der Spek <[email protected]>
Signed-off-by: David van der Spek <[email protected]>
Signed-off-by: David van der Spek <[email protected]>
Signed-off-by: David van der Spek <[email protected]>
Signed-off-by: David van der Spek <[email protected]>
Signed-off-by: David van der Spek <[email protected]>
Signed-off-by: David van der Spek <[email protected]>
Signed-off-by: David van der Spek <[email protected]>
Signed-off-by: David van der Spek <[email protected]>
Signed-off-by: David van der Spek <[email protected]>
@davidspek davidspek marked this pull request as ready for review September 12, 2023 12:09
Signed-off-by: David van der Spek <[email protected]>
Copy link
Collaborator

@rauerhans rauerhans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, mostly, see the ref incorrect providers in desc.
Other than that, is there nothing in one of these apps, that is dependent on one of the others, or is it all completely independent, yet they work seemlessly together?

@@ -0,0 +1,17 @@
name: istio-cni-gcp
description: Installs istio-cni on an aws eks cluster
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gcp gke

@@ -0,0 +1,17 @@
name: istio-cni-azure
description: Installs istio-cni on an aws eks cluster
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

azure aks

@@ -0,0 +1,15 @@
name: istio-ingress-azure
description: Installs istio-ingress on an aws eks cluster
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.

@@ -0,0 +1,15 @@
name: istio-ingress-gcp
description: Installs istio-ingress on an aws eks cluster
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.

@@ -0,0 +1,28 @@
name: kiali-azure
description: Installs kiali on an aws eks cluster
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.

@@ -0,0 +1,28 @@
name: kiali-gcp
description: Installs kiali on an aws eks cluster
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.

Signed-off-by: David van der Spek <[email protected]>
@davidspek davidspek merged commit 7bbc2f3 into main Sep 12, 2023
@davidspek davidspek deleted the istio-refresh branch September 12, 2023 13:09
@plural-bot
Copy link
Contributor

🎉 This PR is included in version 1.0.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@plural-bot
Copy link
Contributor

🎉 This PR is included in version 1.0.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@plural-bot
Copy link
Contributor

🎉 This PR is included in version 1.14.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@davidspek davidspek restored the istio-refresh branch December 19, 2023 14:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants