├── .gitignore ├── chapter1 ├── app │ ├── back │ │ ├── Dockerfile │ │ ├── back.py │ │ └── requirements.txt │ ├── data │ │ ├── Dockerfile │ │ ├── import.sh │ │ └── mydatabase.sql │ ├── docker-compose.yml │ └── front │ │ ├── Dockerfile │ │ ├── front.py │ │ ├── requirements.txt │ │ └── templates │ │ ├── index.html │ │ └── layout.html └── app_v2 │ ├── back │ ├── Dockerfile │ ├── back.py │ └── requirements.txt │ ├── data │ ├── Dockerfile │ ├── import.sh │ └── mydatabase.sql │ ├── docker-compose.yml │ └── kompose_output │ ├── back-deployment.yaml │ ├── back-service.yaml │ ├── data-deployment.yaml │ └── myapp-networkpolicy.yaml ├── chapter10 ├── canary │ └── quotes │ │ ├── back_v1 │ │ ├── Dockerfile │ │ ├── back.py │ │ ├── back.yaml │ │ └── requirements.txt │ │ ├── back_v2 │ │ ├── Dockerfile │ │ ├── back.py │ │ ├── back.yaml │ │ └── requirements.txt │ │ ├── data.yaml │ │ ├── ingress.yaml │ │ └── service.yaml ├── ingress │ ├── back.yaml │ ├── data.yaml │ ├── ingress1.yaml │ └── ingress2.yaml ├── istio-1.4.2 │ ├── LICENSE │ ├── README.md │ ├── bin │ │ └── istioctl │ ├── install │ │ ├── README.md │ │ ├── consul │ │ │ ├── README.md │ │ │ └── consul_config │ │ │ │ ├── agent-loglevel.json │ │ │ │ ├── agent.json │ │ │ │ ├── disable_update_check.json │ │ │ │ └── server.json │ │ ├── gcp │ │ │ ├── README.md │ │ │ └── bootstrap │ │ │ │ └── gcp_envoy_bootstrap.json │ │ └── kubernetes │ │ │ ├── README.md │ │ │ ├── global-default-sidecar-scope.yaml │ │ │ ├── helm │ │ │ ├── README.md │ │ │ ├── helm-service-account.yaml │ │ │ ├── istio-cni │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── _labels.tpl │ │ │ │ │ └── istio-cni.yaml │ │ │ │ ├── values.yaml │ │ │ │ └── values_gke.yaml │ │ │ ├── istio-init │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── files │ │ │ │ │ ├── crd-10.yaml │ │ │ │ │ ├── crd-11.yaml │ │ │ │ │ ├── crd-14.yaml │ │ │ │ │ ├── crd-certmanager-10.yaml │ │ │ │ │ └── crd-certmanager-11.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap-crd-10.yaml │ │ │ │ │ ├── configmap-crd-11.yaml │ │ │ │ │ ├── configmap-crd-14.yaml │ │ │ │ │ ├── configmap-crd-certmanager-10.yaml │ │ │ │ │ ├── configmap-crd-certmanager-11.yaml │ │ │ │ │ ├── job-crd-10.yaml │ │ │ │ │ ├── job-crd-11.yaml │ │ │ │ │ ├── job-crd-14.yaml │ │ │ │ │ ├── job-crd-certmanager-10.yaml │ │ │ │ │ ├── job-crd-certmanager-11.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ └── values.yaml │ │ │ └── istio │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── charts │ │ │ │ ├── certmanager │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── issuer.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── rbac.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── galley │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ └── validatingwebhookconfiguration.yaml.tpl │ │ │ │ │ └── values.yaml │ │ │ │ ├── gateways │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── preconfigured.yaml │ │ │ │ │ │ ├── role.yaml │ │ │ │ │ │ ├── rolebindings.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── grafana │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── dashboards │ │ │ │ │ │ ├── citadel-dashboard.json │ │ │ │ │ │ ├── galley-dashboard.json │ │ │ │ │ │ ├── istio-mesh-dashboard.json │ │ │ │ │ │ ├── istio-performance-dashboard.json │ │ │ │ │ │ ├── istio-service-dashboard.json │ │ │ │ │ │ ├── istio-workload-dashboard.json │ │ │ │ │ │ ├── mixer-dashboard.json │ │ │ │ │ │ └── pilot-dashboard.json │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── configmap-custom-resources.yaml │ │ │ │ │ │ ├── configmap-dashboards.yaml │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── create-custom-resources-job.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── grafana-ports-mtls.yaml │ │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── tests │ │ │ │ │ │ │ └── test-grafana-connection.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── istiocoredns │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── kiali │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── demosecret.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ └── tests │ │ │ │ │ │ │ └── test-kiali-connection.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── mixer │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── config.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── nodeagent │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── daemonset.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── pilot │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── meshexpansion.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── prometheus │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebindings.yaml │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ └── tests │ │ │ │ │ │ │ └── test-prometheus-connection.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── security │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── create-custom-resources-job.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── enable-mesh-mtls.yaml │ │ │ │ │ │ ├── enable-mesh-permissive.yaml │ │ │ │ │ │ ├── meshexpansion.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ └── tests │ │ │ │ │ │ │ └── test-citadel-connection.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── sidecarInjectorWebhook │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── tracing │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ ├── deployment-jaeger.yaml │ │ │ │ │ ├── deployment-zipkin.yaml │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── service-jaeger.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── tests │ │ │ │ │ │ └── test-tracing-connection.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── example-values │ │ │ │ ├── README.md │ │ │ │ ├── values-istio-dns-cert.yaml │ │ │ │ ├── values-istio-example-sds-vault.yaml │ │ │ │ ├── values-istio-gateways.yaml │ │ │ │ ├── values-istio-googleca.yaml │ │ │ │ ├── values-istio-meshexpansion-gateways.yaml │ │ │ │ └── values-istio-multicluster-gateways.yaml │ │ │ │ ├── files │ │ │ │ └── injection-template.yaml │ │ │ │ ├── requirements.yaml │ │ │ │ ├── templates │ │ │ │ ├── NOTES.txt │ │ │ │ ├── _affinity.tpl │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── _podDisruptionBudget.tpl │ │ │ │ ├── clusterrole.yaml │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ ├── configmap.yaml │ │ │ │ ├── endpoints.yaml │ │ │ │ ├── install-custom-resources.sh.tpl │ │ │ │ ├── service.yaml │ │ │ │ ├── serviceaccount.yaml │ │ │ │ └── sidecar-injector-configmap.yaml │ │ │ │ ├── test-values │ │ │ │ ├── README.md │ │ │ │ ├── values-e2e.yaml │ │ │ │ ├── values-istio-auth-mcp.yaml │ │ │ │ ├── values-istio-auth-multicluster.yaml │ │ │ │ ├── values-istio-auth-non-mcp.yaml │ │ │ │ ├── values-istio-auth-sds.yaml │ │ │ │ ├── values-istio-auth.yaml │ │ │ │ ├── values-istio-dns-cert.yaml │ │ │ │ ├── values-istio-mcp.yaml │ │ │ │ ├── values-istio-multicluster-split-horizon.yaml │ │ │ │ ├── values-istio-multicluster.yaml │ │ │ │ ├── values-istio-non-mcp.yaml │ │ │ │ ├── values-istio-one-namespace-auth.yaml │ │ │ │ ├── values-istio-one-namespace-trust-domain.yaml │ │ │ │ ├── values-istio-one-namespace.yaml │ │ │ │ └── values-istio.yaml │ │ │ │ ├── values-istio-demo.yaml │ │ │ │ ├── values-istio-minimal.yaml │ │ │ │ ├── values-istio-remote.yaml │ │ │ │ ├── values-istio-sds-auth-control-plane-auth-disabled.yaml │ │ │ │ ├── values-istio-sds-auth.yaml │ │ │ │ └── values.yaml │ │ │ ├── istio-demo.yaml │ │ │ ├── mesh-expansion.yaml │ │ │ ├── namespace.yaml │ │ │ └── operator │ │ │ ├── charts │ │ │ ├── base │ │ │ │ ├── Chart.yaml │ │ │ │ ├── files │ │ │ │ │ ├── crd-10.yaml │ │ │ │ │ ├── crd-11.yaml │ │ │ │ │ ├── crd-14.yaml │ │ │ │ │ ├── crd-certmanager-10.yaml │ │ │ │ │ └── crd-certmanager-11.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── crds.yaml │ │ │ │ │ ├── endpoints.yaml │ │ │ │ │ ├── namespaces.yaml │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ └── services.yaml │ │ │ │ └── values.yaml │ │ │ ├── gateways │ │ │ │ ├── istio-egress │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── preconfigured.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── istio-ingress │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── templates │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ ├── addongateway.yaml │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ ├── certificate.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── gateway.yaml │ │ │ │ │ ├── hosts.yaml │ │ │ │ │ ├── meshexpansion.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── preconfigured.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebindings.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ └── sidecar.yaml │ │ │ │ │ └── values.yaml │ │ │ ├── istio-cni │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap-cni.yaml │ │ │ │ │ ├── daemonset.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ └── values.yaml │ │ │ ├── istio-control │ │ │ │ ├── istio-autoinject │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── files │ │ │ │ │ │ └── injection-template.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ └── sidecar-injector-configmap.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── istio-config │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── OWNERS │ │ │ │ │ ├── README.md │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── configmap-envoy.yaml │ │ │ │ │ │ ├── configmap-mesh.yaml │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ └── validatingwebhookconfiguration.yaml.tpl │ │ │ │ │ └── values.yaml │ │ │ │ └── istio-discovery │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── metadata-exchange-v2.yaml │ │ │ │ │ ├── stats-filter-v2.yaml │ │ │ │ │ ├── templates │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap-envoy.yaml │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── enable-mesh-mtls.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ └── telemetryv2.yaml │ │ │ │ │ └── values.yaml │ │ │ ├── istio-policy │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── config.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ └── values.yaml │ │ │ ├── istio-telemetry │ │ │ │ ├── grafana │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── dashboards │ │ │ │ │ │ ├── citadel-dashboard.json │ │ │ │ │ │ ├── galley-dashboard.json │ │ │ │ │ │ ├── istio-mesh-dashboard.json │ │ │ │ │ │ ├── istio-performance-dashboard.json │ │ │ │ │ │ ├── istio-service-dashboard.json │ │ │ │ │ │ ├── istio-workload-dashboard.json │ │ │ │ │ │ ├── mixer-dashboard.json │ │ │ │ │ │ └── pilot-dashboard.json │ │ │ │ │ ├── fix_datasources.sh │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── configmap-dashboards.yaml │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── grafana-policy.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── tests │ │ │ │ │ │ │ └── test-grafana-connection.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── kiali │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── demosecret.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── mixer-telemetry │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── config.yaml │ │ │ │ │ │ ├── configmap-envoy.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ └── stackdriver.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── prometheus-operator │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── prometheus.yaml │ │ │ │ │ │ └── servicemonitors.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── prometheus │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebindings.yaml │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ └── tests │ │ │ │ │ │ │ └── test-prometheus-connection.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── tracing │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ ├── deployment-jaeger.yaml │ │ │ │ │ ├── deployment-opencensus.yaml │ │ │ │ │ ├── deployment-zipkin.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── service-jaeger.yaml │ │ │ │ │ └── service.yaml │ │ │ │ │ └── values.yaml │ │ │ ├── istiocoredns │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ └── values.yaml │ │ │ └── security │ │ │ │ ├── certmanager │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── issuer.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── rbac.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ └── values.yaml │ │ │ │ ├── citadel │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ └── values.yaml │ │ │ │ └── nodeagent │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ ├── _affinity.tpl │ │ │ │ ├── clusterrole.yaml │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ ├── daemonset.yaml │ │ │ │ └── serviceaccount.yaml │ │ │ │ └── values.yaml │ │ │ ├── deploy │ │ │ ├── clusterrole.yaml │ │ │ ├── clusterrole_binding.yaml │ │ │ ├── crds │ │ │ │ ├── istio_v1alpha2_istiocontrolplane_cr.yaml │ │ │ │ └── istio_v1alpha2_istiocontrolplane_crd.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ ├── operator.yaml │ │ │ ├── service.yaml │ │ │ └── service_account.yaml │ │ │ ├── examples │ │ │ ├── multicluster │ │ │ │ ├── values-istio-multicluster-gateways.yaml │ │ │ │ └── values-istio-multicluster-primary.yaml │ │ │ └── vm │ │ │ │ ├── values-istio-meshexpansion-gateways.yaml │ │ │ │ └── values-istio-meshexpansion.yaml │ │ │ ├── profiles │ │ │ ├── default.yaml │ │ │ ├── demo.yaml │ │ │ ├── minimal.yaml │ │ │ ├── remote.yaml │ │ │ └── sds.yaml │ │ │ └── versions.yaml │ ├── manifest.yaml │ ├── samples │ │ ├── README.md │ │ ├── bookinfo │ │ │ ├── README.md │ │ │ ├── networking │ │ │ │ ├── bookinfo-gateway.yaml │ │ │ │ ├── certmanager-gateway.yaml │ │ │ │ ├── destination-rule-all-mtls.yaml │ │ │ │ ├── destination-rule-all.yaml │ │ │ │ ├── destination-rule-reviews.yaml │ │ │ │ ├── egress-rule-google-apis.yaml │ │ │ │ ├── fault-injection-details-v1.yaml │ │ │ │ ├── virtual-service-all-v1.yaml │ │ │ │ ├── virtual-service-details-v2.yaml │ │ │ │ ├── virtual-service-ratings-db.yaml │ │ │ │ ├── virtual-service-ratings-mysql-vm.yaml │ │ │ │ ├── virtual-service-ratings-mysql.yaml │ │ │ │ ├── virtual-service-ratings-test-abort.yaml │ │ │ │ ├── virtual-service-ratings-test-delay.yaml │ │ │ │ ├── virtual-service-reviews-50-v3.yaml │ │ │ │ ├── virtual-service-reviews-80-20.yaml │ │ │ │ ├── virtual-service-reviews-90-10.yaml │ │ │ │ ├── virtual-service-reviews-jason-v2-v3.yaml │ │ │ │ ├── virtual-service-reviews-test-v2.yaml │ │ │ │ ├── virtual-service-reviews-v2-v3.yaml │ │ │ │ └── virtual-service-reviews-v3.yaml │ │ │ ├── platform │ │ │ │ ├── consul │ │ │ │ │ ├── README.md │ │ │ │ │ ├── bookinfo.yaml │ │ │ │ │ ├── cleanup.sh │ │ │ │ │ ├── destination-rule-all.yaml │ │ │ │ │ ├── virtual-service-all-v1.yaml │ │ │ │ │ ├── virtual-service-ratings-test-abort.yaml │ │ │ │ │ ├── virtual-service-ratings-test-delay.yaml │ │ │ │ │ ├── virtual-service-reviews-50-v3.yaml │ │ │ │ │ ├── virtual-service-reviews-test-v2.yaml │ │ │ │ │ ├── virtual-service-reviews-v2-v3.yaml │ │ │ │ │ └── virtual-service-reviews-v3.yaml │ │ │ │ └── kube │ │ │ │ │ ├── README.md │ │ │ │ │ ├── bookinfo-certificate.yaml │ │ │ │ │ ├── bookinfo-db.yaml │ │ │ │ │ ├── bookinfo-details-v2.yaml │ │ │ │ │ ├── bookinfo-details.yaml │ │ │ │ │ ├── bookinfo-ingress.yaml │ │ │ │ │ ├── bookinfo-mysql.yaml │ │ │ │ │ ├── bookinfo-ratings-discovery.yaml │ │ │ │ │ ├── bookinfo-ratings-v2-mysql-vm.yaml │ │ │ │ │ ├── bookinfo-ratings-v2-mysql.yaml │ │ │ │ │ ├── bookinfo-ratings-v2.yaml │ │ │ │ │ ├── bookinfo-ratings.yaml │ │ │ │ │ ├── bookinfo-reviews-v2.yaml │ │ │ │ │ ├── bookinfo.yaml │ │ │ │ │ ├── cleanup.sh │ │ │ │ │ ├── productpage-nodeport.yaml │ │ │ │ │ └── rbac │ │ │ │ │ ├── details-reviews-policy-permissive.yaml │ │ │ │ │ ├── details-reviews-policy.yaml │ │ │ │ │ ├── mongodb-policy.yaml │ │ │ │ │ ├── namespace-policy.yaml │ │ │ │ │ ├── productpage-policy.yaml │ │ │ │ │ ├── ratings-policy.yaml │ │ │ │ │ ├── rbac-config-ON.yaml │ │ │ │ │ ├── rbac-config-on-mongodb.yaml │ │ │ │ │ ├── rbac-config-on-permissive.yaml │ │ │ │ │ └── rbac-permissive-telemetry.yaml │ │ │ ├── policy │ │ │ │ ├── mixer-rule-deny-ip-crd.yaml │ │ │ │ ├── mixer-rule-deny-ip.yaml │ │ │ │ ├── mixer-rule-deny-label-crd.yaml │ │ │ │ ├── mixer-rule-deny-label.yaml │ │ │ │ ├── mixer-rule-deny-serviceaccount.yaml │ │ │ │ ├── mixer-rule-deny-whitelist-crd.yaml │ │ │ │ ├── mixer-rule-deny-whitelist.yaml │ │ │ │ ├── mixer-rule-ingress-denial.yaml │ │ │ │ ├── mixer-rule-kubernetesenv-telemetry.yaml │ │ │ │ ├── mixer-rule-productpage-ratelimit-crd.yaml │ │ │ │ ├── mixer-rule-productpage-ratelimit.yaml │ │ │ │ ├── mixer-rule-productpage-redis-quota-fixed-window.yaml │ │ │ │ ├── mixer-rule-productpage-redis-quota-rolling-window.yaml │ │ │ │ ├── mixer-rule-ratings-denial.yaml │ │ │ │ ├── mixer-rule-ratings-ratelimit.yaml │ │ │ │ ├── mixer-rule-ratings-redis-quota-fixed-window.yaml │ │ │ │ ├── mixer-rule-ratings-redis-quota-rolling-window.yaml │ │ │ │ ├── prometheus-adapter-deployment.yaml │ │ │ │ └── prometheus-oop-rule.yaml │ │ │ ├── src │ │ │ │ ├── mongodb │ │ │ │ │ └── ratings_data.json │ │ │ │ ├── productpage │ │ │ │ │ ├── requirements.txt │ │ │ │ │ └── test-requirements.txt │ │ │ │ └── ratings │ │ │ │ │ └── package.json │ │ │ ├── swagger.yaml │ │ │ └── telemetry │ │ │ │ ├── fluentd-istio-crd.yaml │ │ │ │ ├── fluentd-istio.yaml │ │ │ │ ├── log-entry-crd.yaml │ │ │ │ ├── log-entry.yaml │ │ │ │ ├── metrics-crd.yaml │ │ │ │ ├── metrics.yaml │ │ │ │ ├── tcp-metrics-crd.yaml │ │ │ │ └── tcp-metrics.yaml │ │ ├── certs │ │ │ ├── README.md │ │ │ ├── ca-cert.pem │ │ │ ├── ca-key.pem │ │ │ ├── cert-chain.pem │ │ │ └── root-cert.pem │ │ ├── custom-bootstrap │ │ │ ├── README.md │ │ │ ├── custom-bootstrap.yaml │ │ │ └── example-app.yaml │ │ ├── external │ │ │ ├── README.md │ │ │ ├── aptget.yaml │ │ │ ├── github.yaml │ │ │ └── pypi.yaml │ │ ├── fortio │ │ │ └── stackdriver.yaml │ │ ├── health-check │ │ │ ├── liveness-command.yaml │ │ │ ├── liveness-http-same-port.yaml │ │ │ └── liveness-http.yaml │ │ ├── helloworld │ │ │ ├── README.md │ │ │ ├── helloworld-gateway.yaml │ │ │ ├── helloworld.yaml │ │ │ └── src │ │ │ │ └── requirements.txt │ │ ├── httpbin │ │ │ ├── README.md │ │ │ ├── httpbin-gateway.yaml │ │ │ ├── httpbin-nodeport.yaml │ │ │ ├── httpbin-vault.yaml │ │ │ ├── httpbin.yaml │ │ │ ├── policy │ │ │ │ ├── keyval-template.yaml │ │ │ │ └── keyval.yaml │ │ │ └── sample-client │ │ │ │ └── fortio-deploy.yaml │ │ ├── https │ │ │ ├── default.conf │ │ │ └── nginx-app.yaml │ │ ├── kubernetes-blog │ │ │ ├── bookinfo-ratings.yaml │ │ │ ├── bookinfo-reviews-v2.yaml │ │ │ └── bookinfo-v1.yaml │ │ ├── multicluster │ │ │ └── README.md │ │ ├── operator │ │ │ ├── pilot-advanced-override.yaml │ │ │ ├── pilot-k8s.yaml │ │ │ ├── sds-policy-off.yaml │ │ │ ├── sds.yaml │ │ │ ├── trafficManagement-namespace.yaml │ │ │ ├── values-global.yaml │ │ │ └── values-pilot.yaml │ │ ├── rawvm │ │ │ └── README.md │ │ ├── security │ │ │ └── psp │ │ │ │ ├── all-pods-psp.yaml │ │ │ │ └── citadel-agent-psp.yaml │ │ ├── sleep │ │ │ ├── README.md │ │ │ ├── policy │ │ │ │ ├── sni-serviceaccount.yaml │ │ │ │ └── sni-wikipedia.yaml │ │ │ ├── sleep-vault.yaml │ │ │ ├── sleep.yaml │ │ │ └── telemetry │ │ │ │ └── sni-logging.yaml │ │ ├── tcp-echo │ │ │ ├── README.md │ │ │ ├── tcp-echo-20-v2.yaml │ │ │ ├── tcp-echo-all-v1.yaml │ │ │ ├── tcp-echo-services.yaml │ │ │ └── tcp-echo.yaml │ │ └── websockets │ │ │ ├── README.md │ │ │ ├── app.yaml │ │ │ └── route.yaml │ └── tools │ │ ├── _istioctl │ │ ├── convert_RbacConfig_to_ClusterRbacConfig.sh │ │ ├── dump_kubernetes.sh │ │ ├── istioctl.bash │ │ └── packaging │ │ └── common │ │ └── istio-iptables.sh └── terraform │ ├── auth │ └── serviceaccount.json │ ├── gke.tf │ ├── provider.tf │ └── versions.tf ├── chapter11 ├── metrics1.txt └── metrics2.txt ├── chapter2 └── example1 │ ├── Dockerfile │ └── index.html ├── chapter3 └── app │ ├── back.yaml │ ├── back │ ├── Dockerfile │ ├── back.py │ ├── back.yaml │ └── requirements.txt │ └── data │ ├── Dockerfile │ ├── import.sh │ └── mydatabase.sql ├── chapter4 ├── back.yaml ├── data.yaml └── secrets │ ├── back.yaml │ ├── data.yaml │ ├── key.txt │ └── secrets.yaml ├── chapter5 └── terraform │ ├── allenv │ ├── auth │ │ └── serviceaccount.json │ ├── main.tf │ ├── production.tfvars │ ├── testing.tf │ └── testing.tfvars │ ├── noenv │ ├── auth │ │ └── serviceaccount.json │ ├── gke.tf │ └── provider.tf │ ├── production │ ├── auth │ │ └── serviceaccount.json │ └── main.tf │ └── testing │ ├── auth │ └── serviceaccount.json │ ├── main.tf │ └── variables.tf ├── chapter6 ├── ansible │ ├── group_vars │ │ ├── all.yaml │ │ └── frontened.yaml │ ├── host_vars │ │ └── localhost.yaml │ ├── hosts.yaml │ ├── production.yaml │ ├── roles │ │ └── common │ │ │ ├── tasks │ │ │ ├── custom.yaml │ │ │ ├── hostname.yaml │ │ │ ├── main.yaml │ │ │ └── success.yaml │ │ │ └── templates │ │ │ └── test.j2 │ ├── site.yaml │ └── testing.yaml ├── playbooks │ └── my_playbook.yaml └── terraform │ ├── host_vars │ └── localhost.yaml │ ├── plan │ ├── auth │ │ └── serviceaccount.json │ ├── env.tfvars │ ├── main.tf │ └── variables.tf │ ├── roles │ └── common │ │ ├── tasks │ │ ├── main.yaml │ │ └── tfvars.yaml │ │ └── templates │ │ └── tfvars.j2 │ └── site.yaml ├── chapter7 ├── first_chart │ └── quotes │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── back.yaml │ │ └── data.yaml │ │ └── values.yaml ├── get_helm.sh ├── managing_configurations │ └── quotes │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── back.yaml │ │ └── data.yaml │ │ └── values.yaml ├── managing_environments │ ├── 1 │ │ ├── .gitignore │ │ └── quotes │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── helm_vars │ │ │ ├── .sops.yaml │ │ │ └── secrets.yaml │ │ │ ├── templates │ │ │ ├── back.yaml │ │ │ ├── data.yaml │ │ │ └── secrets.yaml │ │ │ ├── values-production.yaml │ │ │ └── values-testing.yaml │ └── 2 │ │ ├── .gitignore │ │ └── quotes │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── helm_vars │ │ ├── .sops.yaml │ │ └── secrets.yaml │ │ ├── templates │ │ ├── _helpers.tpl │ │ ├── back.yaml │ │ ├── data.yaml │ │ └── secrets.yaml │ │ └── values.yaml ├── managing_secrets │ ├── .gitignore │ └── quotes │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── helm_vars │ │ ├── .sops.yaml │ │ └── secrets.yaml │ │ ├── templates │ │ ├── back.yaml │ │ ├── data.yaml │ │ └── secrets.yaml │ │ └── values.yaml ├── quotes │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── back.yaml │ │ └── data.yaml │ └── values.yaml └── terraform │ ├── auth │ └── serviceaccount.json │ ├── gke.tf │ └── provider.tf ├── chapter8 ├── ingress_with_static_ip │ └── helm │ │ └── quotes │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── back.yaml │ │ ├── data.yaml │ │ └── ingress.yaml │ │ └── values.yaml ├── ingress_without_static_ip │ └── helm │ │ └── quotes │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── back.yaml │ │ ├── data.yaml │ │ └── ingress.yaml │ │ └── values.yaml └── terraform │ ├── auth │ └── serviceaccount.json │ ├── gke.tf │ └── provider.tf ├── chapter9 ├── helm │ └── quotes │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── ambassador-service.yaml │ │ ├── back.yaml │ │ ├── data.yaml │ │ └── ingress.yaml │ │ └── values.yaml └── terraform │ ├── auth │ └── serviceaccount.json │ ├── gke.tf │ └── provider.tf └── quotes.sql /.gitignore: -------------------------------------------------------------------------------- 1 | auth/* 2 | .terraform/* 3 | -------------------------------------------------------------------------------- /chapter1/app/back/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use an official Python runtime as an image 2 | FROM python:3.6 3 | 4 | # The EXPOSE instruction indicates the ports on which a container will listen for connections 5 | EXPOSE 3000 6 | 7 | # Sets the working directory for following COPY 8 | WORKDIR /app 9 | 10 | # Add the requirements to the container then install needed packages specified in the same file 11 | COPY requirements.txt /app 12 | RUN pip install -r requirements.txt 13 | 14 | # Add the API file app.py then run it when the container launches 15 | COPY back.py /app 16 | CMD python back.py 17 | -------------------------------------------------------------------------------- /chapter1/app/back/requirements.txt: -------------------------------------------------------------------------------- 1 | asn1crypto==0.24.0 2 | cffi==1.11.5 3 | Click==7.0 4 | cryptography==2.4.1 5 | Flask==1.0.2 6 | Flask-SQLAlchemy==2.3.2 7 | idna==2.7 8 | itsdangerous==1.1.0 9 | Jinja2==2.10 10 | MarkupSafe==1.1.0 11 | pycparser==2.19 12 | PyMySQL==0.9.2 13 | six==1.11.0 14 | SQLAlchemy==1.2.14 15 | Werkzeug==0.14.1 16 | -------------------------------------------------------------------------------- /chapter1/app/data/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM mysql:5.7 2 | EXPOSE 3306 3 | -------------------------------------------------------------------------------- /chapter1/app/data/import.sh: -------------------------------------------------------------------------------- 1 | mysql -uroot -proot mydatabase < /tmp/mydatabase.sql 2 | -------------------------------------------------------------------------------- /chapter1/app/front/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.6 2 | EXPOSE 3001 3 | WORKDIR /app 4 | COPY requirements.txt /app 5 | RUN pip install -r requirements.txt 6 | COPY . /app 7 | CMD python front.py 8 | -------------------------------------------------------------------------------- /chapter1/app/front/front.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, flash, redirect, render_template, request, session, abort 2 | import requests, json 3 | 4 | app = Flask(__name__) 5 | 6 | @app.route('/hello/') 7 | def hello(name): 8 | r = requests.get('http://api:3000/api/v1/get-quote') 9 | q = json.loads(r.text) 10 | q = q['random_quote'] 11 | return render_template('index.html', quote = q, name = name) 12 | 13 | 14 | 15 | if __name__ == "__main__": 16 | app.run(host='0.0.0.0', port=3001, debug=True) 17 | -------------------------------------------------------------------------------- /chapter1/app/front/requirements.txt: -------------------------------------------------------------------------------- 1 | asn1crypto==0.24.0 2 | certifi==2018.10.15 3 | cffi==1.11.5 4 | chardet==3.0.4 5 | Click==7.0 6 | cryptography==2.4.1 7 | Flask==1.0.2 8 | Flask-SQLAlchemy==2.3.2 9 | get==1.0.3 10 | idna==2.7 11 | itsdangerous==1.1.0 12 | Jinja2==2.10 13 | MarkupSafe==1.1.0 14 | post==1.0.2 15 | public==2.0.1 16 | pycparser==2.19 17 | PyMySQL==0.9.2 18 | query-string==1.0.2 19 | requests==2.20.1 20 | six==1.11.0 21 | SQLAlchemy==1.2.14 22 | urllib3==1.24.1 23 | Werkzeug==0.14.1 24 | -------------------------------------------------------------------------------- /chapter1/app/front/templates/index.html: -------------------------------------------------------------------------------- 1 | {% extends "layout.html" %} 2 | {% block body %} 3 | 4 |
5 |

Hello {{name}}!

6 |

This quote is for you...

7 |

8 | {{ quote }} 9 |

10 | 11 |
12 | 13 | 14 | 15 |
16 |
This page calls the API container (GET) to get a random quote each time.
If you would like to post a new quote use:
curl -X POST http://0.0.0.0:3000/api/v1/set-quote?quote="insert quote here"
17 |
18 | {% endblock %} 19 | -------------------------------------------------------------------------------- /chapter1/app/front/templates/layout.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | Website 4 | 18 | 19 | 20 | 21 | {% block body %}{% endblock %} 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /chapter1/app_v2/back/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use an official Python runtime as an image 2 | FROM python:3.6 3 | 4 | # The EXPOSE instruction indicates the ports on which a container will listen for connections 5 | EXPOSE 3000 6 | 7 | # Sets the working directory for following COPY 8 | WORKDIR /app 9 | 10 | # Add the requirements to the container then install needed packages specified in the same file 11 | COPY requirements.txt /app 12 | RUN pip install -r requirements.txt 13 | 14 | # Add the API file app.py then run it when the container launches 15 | COPY back.py /app 16 | CMD python back.py 17 | -------------------------------------------------------------------------------- /chapter1/app_v2/back/requirements.txt: -------------------------------------------------------------------------------- 1 | asn1crypto==0.24.0 2 | cffi==1.11.5 3 | Click==7.0 4 | cryptography==2.4.1 5 | Flask==1.0.2 6 | Flask-SQLAlchemy==2.3.2 7 | idna==2.7 8 | itsdangerous==1.1.0 9 | Jinja2==2.10 10 | MarkupSafe==1.1.0 11 | pycparser==2.19 12 | PyMySQL==0.9.2 13 | six==1.11.0 14 | SQLAlchemy==1.2.14 15 | Werkzeug==0.14.1 16 | -------------------------------------------------------------------------------- /chapter1/app_v2/data/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM mysql:5.7 2 | EXPOSE 3306 3 | -------------------------------------------------------------------------------- /chapter1/app_v2/data/import.sh: -------------------------------------------------------------------------------- 1 | mysql -uroot -proot mydatabase < /tmp/mydatabase.sql 2 | -------------------------------------------------------------------------------- /chapter1/app_v2/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | 4 | back: 5 | image: eon01/quotes-back:v1 6 | ports: 7 | - "3000:3000" 8 | networks: 9 | - myapp 10 | 11 | data: 12 | image: eon01/quotes-data:v1 13 | environment: 14 | MYSQL_DATABASE: "mydatabase" 15 | MYSQL_PASSWORD: "root" 16 | MYSQL_ROOT_PASSWORD: "root" 17 | MYSQL_ALLOW_EMPTY_PASSWORD: "yes" 18 | networks: 19 | - myapp 20 | 21 | networks: 22 | myapp: 23 | -------------------------------------------------------------------------------- /chapter1/app_v2/kompose_output/back-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | kompose.cmd: kompose convert -f docker-compose.yml 6 | kompose.version: 1.20.0 (f3d54d784) 7 | creationTimestamp: null 8 | labels: 9 | io.kompose.service: back 10 | name: back 11 | spec: 12 | ports: 13 | - name: "3000" 14 | port: 3000 15 | targetPort: 3000 16 | selector: 17 | io.kompose.service: back 18 | status: 19 | loadBalancer: {} 20 | -------------------------------------------------------------------------------- /chapter1/app_v2/kompose_output/myapp-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: NetworkPolicy 3 | metadata: 4 | creationTimestamp: null 5 | name: myapp 6 | spec: 7 | ingress: 8 | - from: 9 | - podSelector: 10 | matchLabels: 11 | io.kompose.network/myapp: "true" 12 | podSelector: 13 | matchLabels: 14 | io.kompose.network/myapp: "true" 15 | -------------------------------------------------------------------------------- /chapter10/canary/quotes/back_v1/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use an official Python runtime as an image 2 | FROM python:3.6 3 | 4 | # The EXPOSE instruction indicates the ports on which a container will listen for connections 5 | EXPOSE 3000 6 | 7 | # Sets the working directory for following COPY 8 | WORKDIR /app 9 | 10 | # Add the requirements to the container then install needed packages specified in the same file 11 | COPY requirements.txt /app 12 | RUN pip install -r requirements.txt 13 | 14 | # Add the API file app.py then run it when the container launches 15 | COPY back.py /app 16 | CMD python back.py 17 | -------------------------------------------------------------------------------- /chapter10/canary/quotes/back_v1/requirements.txt: -------------------------------------------------------------------------------- 1 | asn1crypto==0.24.0 2 | cffi==1.11.5 3 | Click==7.0 4 | cryptography==2.4.1 5 | Flask==1.0.2 6 | Flask-SQLAlchemy==2.3.2 7 | idna==2.7 8 | itsdangerous==1.1.0 9 | Jinja2==2.10 10 | MarkupSafe==1.1.0 11 | pycparser==2.19 12 | PyMySQL==0.9.2 13 | six==1.11.0 14 | SQLAlchemy==1.2.14 15 | Werkzeug==0.14.1 16 | -------------------------------------------------------------------------------- /chapter10/canary/quotes/back_v2/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use an official Python runtime as an image 2 | FROM python:3.6 3 | 4 | # The EXPOSE instruction indicates the ports on which a container will listen for connections 5 | EXPOSE 3000 6 | 7 | # Sets the working directory for following COPY 8 | WORKDIR /app 9 | 10 | # Add the requirements to the container then install needed packages specified in the same file 11 | COPY requirements.txt /app 12 | RUN pip install -r requirements.txt 13 | 14 | # Add the API file app.py then run it when the container launches 15 | COPY back.py /app 16 | CMD python back.py 17 | -------------------------------------------------------------------------------- /chapter10/canary/quotes/back_v2/requirements.txt: -------------------------------------------------------------------------------- 1 | asn1crypto==0.24.0 2 | cffi==1.11.5 3 | Click==7.0 4 | cryptography==2.4.1 5 | Flask==1.0.2 6 | Flask-SQLAlchemy==2.3.2 7 | idna==2.7 8 | itsdangerous==1.1.0 9 | Jinja2==2.10 10 | MarkupSafe==1.1.0 11 | pycparser==2.19 12 | PyMySQL==0.9.2 13 | six==1.11.0 14 | SQLAlchemy==1.2.14 15 | Werkzeug==0.14.1 16 | -------------------------------------------------------------------------------- /chapter10/canary/quotes/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: back-service 6 | labels: 7 | app: back 8 | spec: 9 | ports: 10 | - name: http 11 | port: 80 12 | targetPort: 3000 13 | selector: 14 | app: back 15 | -------------------------------------------------------------------------------- /chapter10/ingress/back.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app: back 6 | name: back 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: back 12 | template: 13 | metadata: 14 | labels: 15 | app: back 16 | spec: 17 | containers: 18 | - image: eon01/quotes-back:v1 19 | name: back 20 | ports: 21 | - containerPort: 3000 22 | name: http 23 | env: 24 | - name: SQLALCHEMY_DATABASE_URI 25 | value: "mysql+pymysql://root:root@data:3306/mydatabase" 26 | --- 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | name: back-service 31 | labels: 32 | app: back 33 | spec: 34 | ports: 35 | - name: http 36 | port: 80 37 | targetPort: 3000 38 | selector: 39 | app: back 40 | -------------------------------------------------------------------------------- /chapter10/ingress/ingress1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: Gateway 4 | metadata: 5 | name: quotes-gateway 6 | namespace: istio-system 7 | spec: 8 | selector: 9 | istio: ingressgateway 10 | servers: 11 | - port: 12 | number: 80 13 | name: http 14 | protocol: HTTP 15 | hosts: 16 | - "*" 17 | --- 18 | apiVersion: networking.istio.io/v1alpha3 19 | kind: VirtualService 20 | metadata: 21 | name: quotes-virtual-service 22 | namespace: istio-system 23 | spec: 24 | hosts: 25 | - "*" 26 | gateways: 27 | - quotes-gateway 28 | http: 29 | - route: 30 | - destination: 31 | host: back-service.default.svc.cluster.local 32 | -------------------------------------------------------------------------------- /chapter10/ingress/ingress2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: Gateway 4 | metadata: 5 | name: quotes-gateway 6 | namespace: istio-system 7 | spec: 8 | selector: 9 | istio: ingressgateway 10 | servers: 11 | - port: 12 | number: 80 13 | name: http 14 | protocol: HTTP 15 | hosts: 16 | - "*" 17 | --- 18 | apiVersion: networking.istio.io/v1alpha3 19 | kind: VirtualService 20 | metadata: 21 | name: quotes-virtual-service 22 | namespace: istio-system 23 | spec: 24 | hosts: 25 | - "*" 26 | gateways: 27 | - quotes-gateway 28 | http: 29 | - match: 30 | - uri: 31 | prefix: /api/v1/get-quote 32 | - uri: 33 | prefix: /healthz 34 | route: 35 | - destination: 36 | port: 37 | number: 80 38 | host: back-service.default.svc.cluster.local 39 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/bin/istioctl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eon01/LearnKubernetesByBuilding10Projects/b5336932a30bb30391748403c063a90546032217/chapter10/istio-1.4.2/bin/istioctl -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/consul/README.md: -------------------------------------------------------------------------------- 1 | # Install Istio with Consul in a simple Docker Compose setup 2 | 3 | The install file `istio.yaml` deploys Istio Pilot, Consul, Registrator, and 4 | the Istio API server with etcd as Docker containers. 5 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/consul/consul_config/agent-loglevel.json: -------------------------------------------------------------------------------- 1 | { 2 | "log_level": "INFO" 3 | } -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/consul/consul_config/agent.json: -------------------------------------------------------------------------------- 1 | { 2 | "client_addr": "0.0.0.0", 3 | "leave_on_terminate": true, 4 | "dns_config": { 5 | "allow_stale": true, 6 | "max_stale": "1s" 7 | } 8 | } -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/consul/consul_config/disable_update_check.json: -------------------------------------------------------------------------------- 1 | { 2 | "disable_update_check": true 3 | } -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/consul/consul_config/server.json: -------------------------------------------------------------------------------- 1 | { 2 | "ui": true, 3 | "dns_config": { 4 | "allow_stale": false 5 | } 6 | } -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/gcp/README.md: -------------------------------------------------------------------------------- 1 | # Google Cloud Platform Installation 2 | 3 | This directory contains contributed solutions for installing Istio that are 4 | specific to Google Cloud Platform. 5 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/README.md: -------------------------------------------------------------------------------- 1 | # Install Istio on an existing Kubernetes cluster 2 | 3 | Please follow the installation instructions on [istio.io](https://istio.io/docs/setup/kubernetes/). 4 | 5 | If you want to install Istio using the istio/istio repository instead of downloading a release, 6 | refer to the [developer wiki](https://github.com/istio/istio/wiki) for instructions. 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/global-default-sidecar-scope.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: istio-config 5 | --- 6 | apiVersion: networking.istio.io/v1alpha3 7 | kind: Sidecar 8 | metadata: 9 | name: default-sidecar-scope 10 | namespace: istio-config 11 | spec: 12 | egress: 13 | # If this config is applied, sidecars will only be able to talk to 14 | # other services in the same namespace, in addition to istio-telemetry 15 | # and istio-policy 16 | - hosts: 17 | - "./*" 18 | - "istio-system/istio-telemetry.istio-system.svc.cluster.local" 19 | - "istio-system/istio-policy.istio-system.svc.cluster.local" 20 | --- 21 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/README.md: -------------------------------------------------------------------------------- 1 | # Installation using Helm 2 | 3 | Please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/). 4 | 5 | ## Development 6 | 7 | Future development for the installer is taking place on [istio/installer](https://github.com/istio/installer). Please add new features to that repository, as only bug fixes will be allowed here. -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/helm-service-account.yaml: -------------------------------------------------------------------------------- 1 | # Create a service account for Helm and grant the cluster admin role. 2 | # It is assumed that helm should be installed with this service account 3 | # (tiller). 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: tiller 8 | namespace: kube-system 9 | --- 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: ClusterRoleBinding 12 | metadata: 13 | name: tiller 14 | roleRef: 15 | apiGroup: rbac.authorization.k8s.io 16 | kind: ClusterRole 17 | name: cluster-admin 18 | subjects: 19 | - kind: ServiceAccount 20 | name: tiller 21 | namespace: kube-system 22 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio-cni/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-cni 3 | version: 1.4.2 4 | appVersion: 1.4.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for istio-cni components 7 | keywords: 8 | - istio-cni 9 | - istio 10 | sources: 11 | - http://github.com/istio/cni 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio-cni/templates/_labels.tpl: -------------------------------------------------------------------------------- 1 | {{- define "common_labels" }} 2 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 3 | release: {{ .Release.Name }} 4 | version: {{ .Chart.Version }} 5 | heritage: {{ .Release.Service }} 6 | {{- end }} 7 | 8 | {{- define "common_template_labels" }} 9 | version: {{ .Chart.Version }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio-cni/values_gke.yaml: -------------------------------------------------------------------------------- 1 | hub: docker.io/istio 2 | tag: 1.4.2 3 | pullPolicy: Always 4 | 5 | logLevel: info 6 | 7 | # Configuration file to insert istio-cni plugin configuration 8 | # by default this will be the first file found in the cni-conf-dir 9 | # Example 10 | # cniConfFileName: 10-calico.conflist 11 | 12 | # CNI bin and conf dir override settings 13 | # defaults: 14 | cniBinDir: /home/kubernetes/bin 15 | cniConfDir: /etc/cni/net.d 16 | 17 | excludeNamespaces: 18 | - istio-system 19 | 20 | # Custom annotations on pod level, if you need them 21 | podAnnotations: {} 22 | 23 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio-init/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-init 3 | version: 1.4.2 4 | appVersion: 1.4.2 5 | tillerVersion: ">=2.7.2-0" 6 | description: Helm chart to initialize Istio CRDs 7 | keywords: 8 | - istio 9 | - crd 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio-init/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istio-init-{{ .Release.Namespace }} 5 | labels: 6 | app: istio-init 7 | istio: init 8 | rules: 9 | - apiGroups: ["apiextensions.k8s.io"] 10 | resources: ["customresourcedefinitions"] 11 | verbs: ["create", "get", "list", "watch", "patch"] 12 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio-init/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-init-admin-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | app: istio-init 7 | istio: init 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: istio-init-{{ .Release.Namespace }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: istio-init-service-account 15 | namespace: {{ .Release.Namespace }} 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio-init/templates/configmap-crd-10.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | namespace: {{ .Release.Namespace }} 5 | name: istio-crd-10 6 | data: 7 | crd-10.yaml: |- 8 | {{.Files.Get "files/crd-10.yaml" | printf "%s" | indent 4}} 9 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio-init/templates/configmap-crd-11.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | namespace: {{ .Release.Namespace }} 5 | name: istio-crd-11 6 | data: 7 | crd-11.yaml: |- 8 | {{.Files.Get "files/crd-11.yaml" | printf "%s" | indent 4}} 9 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio-init/templates/configmap-crd-14.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | namespace: {{ .Release.Namespace }} 5 | name: istio-crd-14 6 | data: 7 | crd-14.yaml: |- 8 | {{.Files.Get "files/crd-14.yaml" | printf "%s" | indent 4}} 9 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio-init/templates/configmap-crd-certmanager-10.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.certmanager.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | namespace: {{ .Release.Namespace }} 6 | name: istio-crd-certmanager-10 7 | data: 8 | crd-certmanager-10.yaml: |- 9 | {{.Files.Get "files/crd-certmanager-10.yaml" | printf "%s" | indent 4}} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio-init/templates/configmap-crd-certmanager-11.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.certmanager.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | namespace: {{ .Release.Namespace }} 6 | name: istio-crd-certmanager-11 7 | data: 8 | crd-certmanager-11.yaml: |- 9 | {{.Files.Get "files/crd-certmanager-11.yaml" | printf "%s" | indent 4}} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio-init/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-init-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: istio-init 14 | istio: init 15 | 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio-init/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | # Default hub for Istio images. 3 | # Releases are published to docker hub under 'istio' project. 4 | # Dev builds from prow are on gcr.io 5 | hub: docker.io/istio 6 | 7 | # Default tag for Istio images. 8 | tag: 1.4.2 9 | 10 | # imagePullPolicy is applied to istio control plane components. 11 | # local tests require IfNotPresent, to avoid uploading to dockerhub. 12 | # TODO: Switch to Always as default, and override in the local tests. 13 | imagePullPolicy: IfNotPresent 14 | 15 | certmanager: 16 | enabled: false 17 | 18 | job: 19 | resources: 20 | requests: 21 | cpu: 10m 22 | memory: 50Mi 23 | limits: 24 | cpu: 100m 25 | memory: 200Mi 26 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio 3 | version: 1.4.2 4 | appVersion: 1.4.2 5 | tillerVersion: ">=2.7.2-0" 6 | description: Helm chart for all istio components 7 | keywords: 8 | - istio 9 | - security 10 | - sidecarInjectorWebhook 11 | - mixer 12 | - pilot 13 | - galley 14 | sources: 15 | - http://github.com/istio/istio 16 | engine: gotpl 17 | icon: https://istio.io/favicons/android-192x192.png 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/certmanager/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: certmanager 4 | version: 1.4.2 5 | appVersion: 0.6.2 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/certmanager/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | certmanager has been deployed successfully! 2 | 3 | More information on the different types of issuers and how to configure them 4 | can be found in our documentation: 5 | 6 | https://cert-manager.readthedocs.io/en/latest/reference/issuers.html -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/certmanager/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: certmanager 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: certmanager 14 | chart: {{ template "certmanager.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/galley/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: galley 3 | version: 1.4.2 4 | appVersion: 1.4.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for galley deployment 7 | keywords: 8 | - istio 9 | - galley 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/galley/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-galley-admin-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "galley.name" . }} 7 | chart: {{ template "galley.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: istio-galley-{{ .Release.Namespace }} 14 | subjects: 15 | - kind: ServiceAccount 16 | name: istio-galley-service-account 17 | namespace: {{ .Release.Namespace }} 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/galley/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-galley-configuration 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "galley.name" . }} 8 | chart: {{ template "galley.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: galley 12 | data: 13 | {{- if .Values.global.configValidation }} 14 | validatingwebhookconfiguration.yaml: |- 15 | {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} 16 | {{- end}} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/galley/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-galley 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "galley.name" . }} 9 | chart: {{ template "galley.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | istio: galley 13 | spec: 14 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 15 | {{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} 16 | {{- end }} 17 | selector: 18 | matchLabels: 19 | app: {{ template "galley.name" . }} 20 | release: {{ .Release.Name }} 21 | istio: galley 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/galley/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istio-galley 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "galley.name" . }} 8 | chart: {{ template "galley.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: galley 12 | spec: 13 | ports: 14 | - port: 443 15 | name: https-validation 16 | - port: {{ .Values.global.monitoringPort }} 17 | name: http-monitoring 18 | - port: 9901 19 | name: grpc-mcp 20 | selector: 21 | istio: galley 22 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/galley/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-galley-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "galley.name" . }} 14 | chart: {{ template "galley.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/gateways/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: gateways 3 | version: 1.4.2 4 | appVersion: 1.4.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for deploying Istio gateways 7 | keywords: 8 | - istio 9 | - ingressgateway 10 | - egressgateway 11 | - gateways 12 | sources: 13 | - http://github.com/istio/istio 14 | engine: gotpl 15 | icon: https://istio.io/favicons/android-192x192.png 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/gateways/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key, $spec := .Values }} 2 | {{- if ne $key "enabled" }} 3 | {{- if $spec.enabled }} 4 | {{- if ($spec.sds) and (eq $spec.sds.enabled true) }} 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: Role 7 | metadata: 8 | name: {{ $key }}-sds 9 | namespace: {{ $spec.namespace | default $.Release.Namespace }} 10 | rules: 11 | - apiGroups: [""] 12 | resources: ["secrets"] 13 | verbs: ["get", "watch", "list"] 14 | --- 15 | {{- end }} 16 | {{- end }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/gateways/templates/rolebindings.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key, $spec := .Values }} 2 | {{- if ne $key "enabled" }} 3 | {{- if $spec.enabled }} 4 | {{- if ($spec.sds) and (eq $spec.sds.enabled true) }} 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: RoleBinding 7 | metadata: 8 | name: {{ $key }}-sds 9 | namespace: {{ $spec.namespace | default $.Release.Namespace }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: Role 13 | name: {{ $key }}-sds 14 | subjects: 15 | - kind: ServiceAccount 16 | name: {{ $key }}-service-account 17 | --- 18 | {{- end }} 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/gateways/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key, $spec := .Values }} 2 | {{- if ne $key "enabled" }} 3 | {{- if $spec.enabled }} 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | {{- if $.Values.global.imagePullSecrets }} 7 | imagePullSecrets: 8 | {{- range $.Values.global.imagePullSecrets }} 9 | - name: {{ . }} 10 | {{- end }} 11 | {{- end }} 12 | metadata: 13 | name: {{ $key }}-service-account 14 | namespace: {{ $spec.namespace | default $.Release.Namespace }} 15 | labels: 16 | app: {{ $spec.labels.app }} 17 | chart: {{ template "gateway.chart" $ }} 18 | heritage: {{ $.Release.Service }} 19 | release: {{ $.Release.Name }} 20 | --- 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | 25 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/grafana/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: grafana 4 | version: 1.4.2 5 | appVersion: 1.4.2 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/grafana/templates/configmap-custom-resources.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-grafana-custom-resources 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "grafana.name" . }} 8 | chart: {{ template "grafana.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: grafana 12 | data: 13 | custom-resources.yaml: |- 14 | {{- include "grafana-default.yaml.tpl" . | indent 4}} 15 | run.sh: |- 16 | {{- include "install-custom-resources.sh.tpl" . | indent 4}} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/grafana/templates/configmap-dashboards.yaml: -------------------------------------------------------------------------------- 1 | {{- $files := .Files }} 2 | {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} 3 | {{- $filename := trimSuffix (ext $path) (base $path) }} 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: istio-grafana-configuration-dashboards-{{ $filename }} 8 | namespace: {{ $.Release.Namespace }} 9 | labels: 10 | app: {{ template "grafana.name" $ }} 11 | chart: {{ template "grafana.chart" $ }} 12 | heritage: {{ $.Release.Service }} 13 | release: {{ $.Release.Name }} 14 | istio: grafana 15 | data: 16 | {{ base $path }}: '{{ $files.Get $path }}' 17 | --- 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/grafana/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-grafana 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "grafana.name" . }} 8 | chart: {{ template "grafana.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: grafana 12 | data: 13 | {{- if .Values.datasources }} 14 | {{- range $key, $value := .Values.datasources }} 15 | {{ $key }}: | 16 | {{ toYaml $value | indent 4 }} 17 | {{- end -}} 18 | {{- end -}} 19 | 20 | {{- if .Values.dashboardProviders }} 21 | {{- range $key, $value := .Values.dashboardProviders }} 22 | {{ $key }}: | 23 | {{ toYaml $value | indent 4 }} 24 | {{- end -}} 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/grafana/templates/grafana-ports-mtls.yaml: -------------------------------------------------------------------------------- 1 | {{ define "grafana-default.yaml.tpl" }} 2 | apiVersion: authentication.istio.io/v1alpha1 3 | kind: Policy 4 | metadata: 5 | name: grafana-ports-mtls-disabled 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "grafana.name" . }} 9 | chart: {{ template "grafana.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | targets: 14 | - name: grafana 15 | ports: 16 | - number: {{ .Values.service.externalPort }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/grafana/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.persist }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: istio-grafana-pvc 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "grafana.name" . }} 9 | chart: {{ template "grafana.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | storageClassName: {{ .Values.storageClassName }} 14 | accessModes: 15 | - {{ .Values.accessMode }} 16 | resources: 17 | requests: 18 | storage: 5Gi 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/istiocoredns/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Istio CoreDNS provides DNS resolution for services in multicluster setups. 3 | name: istiocoredns 4 | version: 1.4.2 5 | appVersion: 0.1 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/istiocoredns/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istiocoredns 5 | labels: 6 | app: {{ template "istiocoredns.name" . }} 7 | chart: {{ template "istiocoredns.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | rules: 11 | - apiGroups: ["networking.istio.io"] 12 | resources: ["*"] 13 | verbs: ["get", "watch", "list"] 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/istiocoredns/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "istiocoredns.name" . }} 7 | chart: {{ template "istiocoredns.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: istiocoredns 14 | subjects: 15 | - kind: ServiceAccount 16 | name: istiocoredns-service-account 17 | namespace: {{ .Release.Namespace }} 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/istiocoredns/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istiocoredns 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "istiocoredns.name" . }} 8 | chart: {{ template "istiocoredns.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | selector: 13 | app: istiocoredns 14 | ports: 15 | - name: dns 16 | port: 53 17 | protocol: UDP 18 | - name: dns-tcp 19 | port: 53 20 | protocol: TCP 21 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/istiocoredns/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istiocoredns-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "istiocoredns.name" . }} 14 | chart: {{ template "istiocoredns.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/kiali/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. 3 | name: kiali 4 | version: 1.9.0 5 | appVersion: 1.9.0 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/kiali/templates/demosecret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.createDemoSecret }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ .Values.dashboard.secretName }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "kiali.name" . }} 9 | chart: {{ template "kiali.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | type: Opaque 13 | data: 14 | username: YWRtaW4= # admin 15 | passphrase: YWRtaW4= # admin 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/kiali/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kiali 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "kiali.name" . }} 8 | chart: {{ template "kiali.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | ports: 13 | - name: http-kiali 14 | protocol: TCP 15 | port: 20001 16 | selector: 17 | app: kiali 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/kiali/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: kiali-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "kiali.name" . }} 14 | chart: {{ template "kiali.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/mixer/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: mixer 3 | version: 1.4.2 4 | appVersion: 1.4.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for mixer deployment 7 | keywords: 8 | - istio 9 | - mixer 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/mixer/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "mixer.name" . }} 8 | chart: {{ template "mixer.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: istio-mixer-{{ .Release.Namespace }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: istio-mixer-service-account 18 | namespace: {{ .Release.Namespace }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/mixer/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | {{- if .Values.global.imagePullSecrets }} 5 | imagePullSecrets: 6 | {{- range .Values.global.imagePullSecrets }} 7 | - name: {{ . }} 8 | {{- end }} 9 | {{- end }} 10 | metadata: 11 | name: istio-mixer-service-account 12 | namespace: {{ .Release.Namespace }} 13 | labels: 14 | app: {{ template "mixer.name" . }} 15 | chart: {{ template "mixer.chart" . }} 16 | heritage: {{ .Release.Service }} 17 | release: {{ .Release.Name }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/nodeagent/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: nodeagent 3 | version: 1.4.2 4 | appVersion: 1.4.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for nodeagent deployment 7 | keywords: 8 | - istio 9 | - nodeagent 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/nodeagent/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istio-nodeagent-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "nodeagent.name" . }} 7 | chart: {{ template "nodeagent.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | rules: 11 | - apiGroups: [""] 12 | resources: ["configmaps"] 13 | verbs: ["get"] 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/nodeagent/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-nodeagent-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "nodeagent.name" . }} 7 | chart: {{ template "nodeagent.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: istio-nodeagent-{{ .Release.Namespace }} 14 | subjects: 15 | - kind: ServiceAccount 16 | name: istio-nodeagent-service-account 17 | namespace: {{ .Release.Namespace }} 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/nodeagent/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-nodeagent-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "nodeagent.name" . }} 14 | chart: {{ template "nodeagent.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/pilot/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: pilot 3 | version: 1.4.2 4 | appVersion: 1.4.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for pilot deployment 7 | keywords: 8 | - istio 9 | - pilot 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/pilot/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-pilot-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "pilot.name" . }} 7 | chart: {{ template "pilot.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: istio-pilot-{{ .Release.Namespace }} 14 | subjects: 15 | - kind: ServiceAccount 16 | name: istio-pilot-service-account 17 | namespace: {{ .Release.Namespace }} 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/pilot/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.jwksResolverExtraRootCA }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: istio-jwks-extra-cacerts 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "pilot.name" . }} 9 | chart: {{ template "pilot.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | data: 13 | extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/pilot/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-pilot 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "pilot.name" . }} 9 | chart: {{ template "pilot.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | istio: pilot 13 | spec: 14 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 15 | {{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} 16 | {{- end }} 17 | selector: 18 | matchLabels: 19 | app: {{ template "pilot.name" . }} 20 | release: {{ .Release.Name }} 21 | istio: pilot 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/pilot/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istio-pilot 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "pilot.name" . }} 8 | chart: {{ template "pilot.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: pilot 12 | spec: 13 | ports: 14 | - port: 15010 15 | name: grpc-xds # direct 16 | - port: 15011 17 | name: https-xds # mTLS 18 | - port: 8080 19 | name: http-legacy-discovery # direct 20 | - port: {{ .Values.global.monitoringPort }} 21 | name: http-monitoring 22 | selector: 23 | istio: pilot 24 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/pilot/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-pilot-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "pilot.name" . }} 14 | chart: {{ template "pilot.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/prometheus/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: prometheus 4 | version: 1.4.2 5 | appVersion: 2.8.0 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/prometheus/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: prometheus-{{ .Release.Namespace }} 5 | labels: 6 | app: prometheus 7 | chart: {{ template "prometheus.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | rules: 11 | - apiGroups: [""] 12 | resources: 13 | - nodes 14 | - services 15 | - endpoints 16 | - pods 17 | - nodes/proxy 18 | verbs: ["get", "list", "watch"] 19 | - apiGroups: [""] 20 | resources: 21 | - configmaps 22 | verbs: ["get"] 23 | - nonResourceURLs: ["/metrics"] 24 | verbs: ["get"] 25 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/prometheus/templates/clusterrolebindings.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: prometheus-{{ .Release.Namespace }} 5 | labels: 6 | app: prometheus 7 | chart: {{ template "prometheus.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: prometheus-{{ .Release.Namespace }} 14 | subjects: 15 | - kind: ServiceAccount 16 | name: prometheus 17 | namespace: {{ .Release.Namespace }} 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/prometheus/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: prometheus 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: prometheus 14 | chart: {{ template "prometheus.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/security/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: security 3 | version: 1.4.2 4 | appVersion: 1.4.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for istio authentication 7 | keywords: 8 | - istio 9 | - security 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/security/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istio-citadel-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "security.name" . }} 7 | chart: {{ template "security.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | rules: 11 | - apiGroups: [""] 12 | resources: ["configmaps"] 13 | verbs: ["create", "get", "update"] 14 | - apiGroups: [""] 15 | resources: ["secrets"] 16 | verbs: ["create", "get", "watch", "list", "update", "delete"] 17 | - apiGroups: [""] 18 | resources: ["serviceaccounts", "services", "namespaces"] 19 | verbs: ["get", "watch", "list"] 20 | - apiGroups: ["authentication.k8s.io"] 21 | resources: ["tokenreviews"] 22 | verbs: ["create"] 23 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/security/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-citadel-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "security.name" . }} 7 | chart: {{ template "security.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: istio-citadel-{{ .Release.Namespace }} 14 | subjects: 15 | - kind: ServiceAccount 16 | name: istio-citadel-service-account 17 | namespace: {{ .Release.Namespace }} 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/security/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-security-custom-resources 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "security.name" . }} 8 | chart: {{ template "security.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: citadel 12 | data: 13 | custom-resources.yaml: |- 14 | {{- if .Values.global.mtls.enabled }} 15 | {{- include "security-default.yaml.tpl" . | indent 4}} 16 | {{- else }} 17 | {{- include "security-permissive.yaml.tpl" . | indent 4}} 18 | {{- end }} 19 | run.sh: |- 20 | {{- include "install-custom-resources.sh.tpl" . | indent 4}} 21 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/security/templates/enable-mesh-permissive.yaml: -------------------------------------------------------------------------------- 1 | {{- define "security-permissive.yaml.tpl" }} 2 | # Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. 3 | apiVersion: "authentication.istio.io/v1alpha1" 4 | kind: "MeshPolicy" 5 | metadata: 6 | name: "default" 7 | labels: 8 | app: {{ template "security.name" . }} 9 | chart: {{ template "security.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | peers: 14 | - mtls: 15 | mode: PERMISSIVE 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/security/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-citadel 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "security.name" . }} 9 | chart: {{ template "security.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | istio: citadel 13 | spec: 14 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 15 | {{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} 16 | {{- end }} 17 | selector: 18 | matchLabels: 19 | app: {{ template "security.name" . }} 20 | release: {{ .Release.Name }} 21 | istio: citadel 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/security/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | # we use the normal name here (e.g. 'prometheus') 5 | # as grafana is configured to use this as a data source 6 | name: istio-citadel 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | app: {{ template "security.name" . }} 10 | chart: {{ template "security.chart" . }} 11 | heritage: {{ .Release.Service }} 12 | release: {{ .Release.Name }} 13 | istio: citadel 14 | spec: 15 | ports: 16 | - name: grpc-citadel 17 | port: 8060 18 | targetPort: 8060 19 | protocol: TCP 20 | - name: http-monitoring 21 | port: {{ .Values.global.monitoringPort }} 22 | selector: 23 | istio: citadel 24 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/security/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-citadel-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "security.name" . }} 14 | chart: {{ template "security.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: sidecarInjectorWebhook 3 | version: 1.4.2 4 | appVersion: 1.4.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for sidecar injector webhook deployment 7 | keywords: 8 | - istio 9 | - sidecarInjectorWebhook 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istio-sidecar-injector-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "sidecar-injector.name" . }} 7 | chart: {{ template "sidecar-injector.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | istio: sidecar-injector 11 | rules: 12 | - apiGroups: [""] 13 | resources: ["configmaps"] 14 | verbs: ["get", "list", "watch"] 15 | {{- if not .Values.global.operatorManageWebhooks }} 16 | - apiGroups: ["admissionregistration.k8s.io"] 17 | resources: ["mutatingwebhookconfigurations"] 18 | verbs: ["get", "list", "watch", "patch"] 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "sidecar-injector.name" . }} 7 | chart: {{ template "sidecar-injector.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | istio: sidecar-injector 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: istio-sidecar-injector-{{ .Release.Namespace }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: istio-sidecar-injector-service-account 18 | namespace: {{ .Release.Namespace }} 19 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-sidecar-injector 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "sidecar-injector.name" . }} 9 | release: {{ .Release.Name }} 10 | istio: sidecar-injector 11 | spec: 12 | {{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} 13 | selector: 14 | matchLabels: 15 | app: {{ template "sidecar-injector.name" . }} 16 | release: {{ .Release.Name }} 17 | istio: sidecar-injector 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istio-sidecar-injector 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "sidecar-injector.name" . }} 8 | chart: {{ template "sidecar-injector.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: sidecar-injector 12 | spec: 13 | ports: 14 | - port: 443 15 | name: https-inject 16 | - port: {{ .Values.global.monitoringPort }} 17 | name: http-monitoring 18 | selector: 19 | istio: sidecar-injector 20 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-sidecar-injector-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "sidecar-injector.name" . }} 14 | chart: {{ template "sidecar-injector.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | istio: sidecar-injector 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/tracing/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: tracing 4 | version: 1.4.2 5 | appVersion: 1.5.1 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/charts/tracing/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.provider "jaeger" }} 2 | {{- if .Values.jaeger.persist }} 3 | kind: PersistentVolumeClaim 4 | apiVersion: v1 5 | metadata: 6 | name: istio-jaeger-pvc 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | app: jaeger 10 | chart: {{ template "tracing.chart" . }} 11 | heritage: {{ .Release.Service }} 12 | release: {{ .Release.Name }} 13 | spec: 14 | storageClassName: {{ .Values.jaeger.storageClassName }} 15 | accessModes: 16 | - {{ .Values.jaeger.accessMode }} 17 | resources: 18 | requests: 19 | storage: 5Gi 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/example-values/README.md: -------------------------------------------------------------------------------- 1 | # Example Values 2 | 3 | These files provide various example values for different Istio setups. 4 | 5 | To use them, [read the docs](https://istio.io/docs/setup/kubernetes/helm-install/) and add the flag `--values example-file.yaml`. 6 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/example-values/values-istio-dns-cert.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | certificates: 3 | - secretName: dns.istio-galley-service-account 4 | dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] 5 | - secretName: dns.istio-sidecar-injector-service-account 6 | dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/example-values/values-istio-meshexpansion-gateways.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | # Provides dns resolution for global services 3 | podDNSSearchNamespaces: 4 | - global 5 | 6 | multiCluster: 7 | enabled: true 8 | 9 | controlPlaneSecurityEnabled: true 10 | meshExpansion: 11 | enabled: true 12 | 13 | # Multicluster with gateways requires a root CA 14 | # Cluster local CAs are bootstrapped with the root CA. 15 | security: 16 | selfSigned: false 17 | 18 | # Provides dns resolution for service entries of form 19 | # name.namespace.global 20 | istiocoredns: 21 | enabled: true 22 | 23 | gateways: 24 | istio-egressgateway: 25 | enabled: true 26 | env: 27 | # Needed to route traffic via egress gateway if desired. 28 | ISTIO_META_REQUESTED_NETWORK_VIEW: "external" 29 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/templates/_podDisruptionBudget.tpl: -------------------------------------------------------------------------------- 1 | {{- define "podDisruptionBudget.spec" }} 2 | minAvailable: 1 3 | {{- end }} 4 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: istio-reader 5 | rules: 6 | - apiGroups: [''] 7 | resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] 8 | verbs: ['get', 'watch', 'list'] 9 | - apiGroups: ["extensions", "apps"] 10 | resources: ["replicasets"] 11 | verbs: ["get", "list", "watch"] 12 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-multi 5 | labels: 6 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: istio-reader 11 | subjects: 12 | - kind: ServiceAccount 13 | name: istio-multi 14 | namespace: {{ .Release.Namespace }} 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: istio-multi 5 | namespace: {{ .Release.Namespace }} 6 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/test-values/README.md: -------------------------------------------------------------------------------- 1 | # Test Values 2 | 3 | These files are intended to be used to install Istio for E2E tests. 4 | 5 | The rendered files can be generated with `make generate_e2e_yaml`. 6 | 7 | These files will all have `values-e2e.yaml` applied to them *first*, so if there are settings there that should not be included in the test the must be overridden. 8 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/test-values/values-istio-auth-mcp.yaml: -------------------------------------------------------------------------------- 1 | # This is used to generate istio-auth.yaml with MCP enabled 2 | global: 3 | # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are 4 | # propagated, not recommended for tests. 5 | controlPlaneSecurityEnabled: true 6 | 7 | mtls: 8 | # Default setting for service-to-service mtls. Can be set explicitly using 9 | # destination rules or service annotations. 10 | enabled: true 11 | 12 | ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. 13 | # imagePullSecrets: 14 | # - name: "private-registry-key" 15 | 16 | useMCP: true 17 | 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/test-values/values-istio-auth-non-mcp.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | mtls: 3 | enabled: true 4 | 5 | controlPlaneSecurityEnabled: true 6 | 7 | useMCP: false 8 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/test-values/values-istio-auth-sds.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | controlPlaneSecurityEnabled: true 3 | 4 | mtls: 5 | # Default setting for service-to-service mtls. Can be set explicitly using 6 | # destination rules or service annotations. 7 | enabled: true 8 | 9 | sds: 10 | enabled: true 11 | udsPath: "unix:/var/run/sds/uds_path" 12 | token: 13 | aud: "istio-ca" 14 | 15 | proxy: 16 | enableCoreDump: true 17 | 18 | nodeagent: 19 | enabled: true 20 | image: node-agent-k8s 21 | env: 22 | CA_PROVIDER: "Citadel" 23 | CA_ADDR: "istio-citadel:8060" 24 | VALID_TOKEN: true 25 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/test-values/values-istio-auth.yaml: -------------------------------------------------------------------------------- 1 | # This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 2 | # or v2/alpha3 with 'gradual migration' (using env variable at inject time). 3 | global: 4 | # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are 5 | # propagated, not recommended for tests. 6 | controlPlaneSecurityEnabled: true 7 | 8 | mtls: 9 | # Default setting for service-to-service mtls. Can be set explicitly using 10 | # destination rules or service annotations. 11 | enabled: true 12 | ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. 13 | # imagePullSecrets: 14 | # - name: "private-registry-key" 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/test-values/values-istio-dns-cert.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | certificates: 3 | - dnsNames: [istio-pilot.istio-system.svc, istio-pilot.istio-system] 4 | - secretName: dns.istio-galley-service-account 5 | dnsNames: [istio-galley.istio-system.svc, istio-galley.istio-system] 6 | - secretName: dns.istio-sidecar-injector-service-account 7 | dnsNames: [istio-sidecar-injector.istio-system.svc, istio-sidecar-injector.istio-system] 8 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/test-values/values-istio-mcp.yaml: -------------------------------------------------------------------------------- 1 | # This is used to generate istio.yaml with MCP enabled 2 | global: 3 | # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are 4 | # propagated, not recommended for tests. 5 | controlPlaneSecurityEnabled: false 6 | 7 | mtls: 8 | # Default setting for service-to-service mtls. Can be set explicitly using 9 | # destination rules or service annotations. 10 | enabled: false 11 | 12 | ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. 13 | # imagePullSecrets: 14 | # - name: "private-registry-key" 15 | 16 | useMCP: true 17 | 18 | 19 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/test-values/values-istio-multicluster-split-horizon.yaml: -------------------------------------------------------------------------------- 1 | # This is used to generate istio-multicluster-split-horizon.yaml, used for CI/CD. 2 | global: 3 | controlPlaneSecurityEnabled: true 4 | mtls: 5 | enabled: true 6 | proxy: 7 | accessLogFile: "/dev/stdout" 8 | outboundTrafficPolicy: 9 | mode: ALLOW_ANY 10 | meshExpansion: 11 | enabled: true 12 | meshNetworks: 13 | network2: 14 | endpoints: 15 | - fromRegistry: N2_REGISTRY_TOKEN 16 | gateways: 17 | - address: 0.0.0.0 18 | port: 443 19 | security: 20 | selfSigned: false 21 | gateways: 22 | istio-egressgateway: 23 | enabled: false 24 | 25 | 26 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/test-values/values-istio-non-mcp.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | useMCP: false 3 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/test-values/values-istio-one-namespace-auth.yaml: -------------------------------------------------------------------------------- 1 | # This is used to generate istio.yaml used for deprecated CI/CD testing. 2 | global: 3 | # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are 4 | # propagated, not recommended for tests. 5 | controlPlaneSecurityEnabled: true 6 | 7 | mtls: 8 | # Default setting for service-to-service mtls. Can be set explicitly using 9 | # destination rules or service annotations. 10 | enabled: true 11 | 12 | ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. 13 | # imagePullSecrets: 14 | # - name: "private-registry-key" 15 | 16 | # Restrict the applications in one namespace the controller manages 17 | oneNamespace: true 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/test-values/values-istio-one-namespace-trust-domain.yaml: -------------------------------------------------------------------------------- 1 | # This is used to generate istio.yaml used for deprecated CI/CD testing. 2 | global: 3 | # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are 4 | # propagated, not recommended for tests. 5 | controlPlaneSecurityEnabled: true 6 | 7 | mtls: 8 | # Default setting for service-to-service mtls. Can be set explicitly using 9 | # destination rules or service annotations. 10 | enabled: true 11 | 12 | # Default is 10s second 13 | refreshInterval: 1s 14 | 15 | # The trust domain corresponds to the trust root of a system 16 | trustDomain: test.local 17 | 18 | # Restrict the applications in one namespace the controller manages 19 | oneNamespace: true 20 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/test-values/values-istio-one-namespace.yaml: -------------------------------------------------------------------------------- 1 | # This is used to generate istio.yaml used for deprecated CI/CD testing. 2 | global: 3 | # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are 4 | # propagated, not recommended for tests. 5 | controlPlaneSecurityEnabled: false 6 | 7 | mtls: 8 | # Default setting for service-to-service mtls. Can be set explicitly using 9 | # destination rules or service annotations. 10 | enabled: false 11 | 12 | ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry. 13 | # imagePullSecrets: 14 | # - name: "private-registry-key" 15 | 16 | # Restrict the applications in one namespace the controller manages 17 | oneNamespace: true 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/test-values/values-istio.yaml: -------------------------------------------------------------------------------- 1 | 2 | # This is used to generate istio.yaml for automated CI/CD test, using v1/alpha1 3 | # or v2/alpha3 with 'gradual migration' (using env variable at inject time). 4 | # global: 5 | ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. 6 | # imagePullSecrets: 7 | # - name: "private-registry-key" 8 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/values-istio-sds-auth-control-plane-auth-disabled.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | controlPlaneSecurityEnabled: false 3 | 4 | mtls: 5 | # Default setting for service-to-service mtls. Can be set explicitly using 6 | # destination rules or service annotations. 7 | enabled: true 8 | 9 | sds: 10 | enabled: true 11 | udsPath: "unix:/var/run/sds/uds_path" 12 | token: 13 | aud: "istio-ca" 14 | 15 | nodeagent: 16 | enabled: true 17 | image: node-agent-k8s 18 | env: 19 | CA_PROVIDER: "Citadel" 20 | CA_ADDR: "istio-citadel:8060" 21 | VALID_TOKEN: true 22 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/helm/istio/values-istio-sds-auth.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | controlPlaneSecurityEnabled: true 3 | 4 | mtls: 5 | # Default setting for service-to-service mtls. Can be set explicitly using 6 | # destination rules or service annotations. 7 | enabled: true 8 | 9 | sds: 10 | enabled: true 11 | udsPath: "unix:/var/run/sds/uds_path" 12 | token: 13 | aud: "istio-ca" 14 | 15 | nodeagent: 16 | enabled: true 17 | image: node-agent-k8s 18 | env: 19 | CA_PROVIDER: "Citadel" 20 | CA_ADDR: "istio-citadel:8060" 21 | VALID_TOKEN: true 22 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: istio-system 5 | labels: 6 | istio-injection: disabled 7 | --- 8 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/base/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: base 3 | version: 1.1.0 4 | tillerVersion: ">=2.7.2" 5 | description: Helm chart for deploying Istio base components 6 | keywords: 7 | - istio 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - files/crd-10.yaml 6 | - files/crd-11.yaml 7 | - files/crd-14.yaml 8 | - files/crd-certmanager-10.yaml 9 | - files/crd-certmanager-11.yaml 10 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/base/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.clusterResources }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: istio-reader-{{ .Release.Namespace }} 6 | labels: 7 | app: istio-reader 8 | release: {{ .Release.Name }} 9 | rules: 10 | - apiGroups: 11 | - "config.istio.io" 12 | - "rbac.istio.io" 13 | - "security.istio.io" 14 | - "networking.istio.io" 15 | - "authentication.istio.io" 16 | resources: ["*"] 17 | verbs: ["get", "list", "watch"] 18 | - apiGroups: [""] 19 | resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers"] 20 | verbs: ["get", "list", "watch"] 21 | - apiGroups: ["apps"] 22 | resources: ["replicasets"] 23 | verbs: ["get", "list", "watch"] 24 | --- 25 | {{ end }} 26 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/base/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.clusterResources }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: istio-reader-{{ .Release.Namespace }} 6 | labels: 7 | app: istio-reader 8 | release: {{ .Release.Name }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: istio-reader-{{ .Release.Namespace }} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: istio-reader-service-account 16 | namespace: {{ .Release.Namespace }} 17 | --- 18 | {{ end }} 19 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/base/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{ .Files.Get "files/crd-10.yaml" }} 2 | {{ .Files.Get "files/crd-11.yaml" }} 3 | {{ .Files.Get "files/crd-14.yaml" }} 4 | {{- if .Values.certmanager }} 5 | {{- if .Values.certmanager.enabled }} 6 | {{ .Files.Get "files/crd-certmanager-10.yaml" }} 7 | {{ .Files.Get "files/crd-certmanager-11.yaml" }} 8 | {{- end }} 9 | {{- end }} 10 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/base/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.clusterResources }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | {{- if .Values.global.imagePullSecrets }} 5 | imagePullSecrets: 6 | {{- range .Values.global.imagePullSecrets }} 7 | - name: {{ . }} 8 | {{- end }} 9 | {{- end }} 10 | metadata: 11 | name: istio-reader-service-account 12 | namespace: {{ .Release.Namespace }} 13 | labels: 14 | app: istio-reader 15 | release: {{ .Release.Name }} 16 | --- 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/base/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eon01/LearnKubernetesByBuilding10Projects/b5336932a30bb30391748403c063a90546032217/chapter10/istio-1.4.2/install/kubernetes/operator/charts/base/values.yaml -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/gateways/istio-egress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-egress 3 | version: 1.1.0 4 | tillerVersion: ">=2.7.2" 5 | description: Helm chart for deploying Istio gateways 6 | keywords: 7 | - istio 8 | - egressgateway 9 | - gateways 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/gateways/istio-egress/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-egressgateway 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: istio-egressgateway 9 | istio: egressgateway 10 | release: {{ .Release.Name }} 11 | spec: 12 | minAvailable: 1 13 | selector: 14 | matchLabels: 15 | app: istio-egressgateway 16 | istio: egressgateway 17 | release: {{ .Release.Name }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/gateways/istio-egress/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{ $gateway := index .Values "gateways" "istio-egressgateway" }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: istio-egressgateway 6 | namespace: {{ .Release.Namespace }} 7 | annotations: 8 | {{- range $key, $val := $gateway.serviceAnnotations }} 9 | {{ $key }}: {{ $val | quote }} 10 | {{- end }} 11 | labels: 12 | app: istio-egressgateway 13 | release: {{ .Release.Name }} 14 | istio: egressgateway 15 | spec: 16 | type: ClusterIP 17 | selector: 18 | app: istio-egressgateway 19 | ports: 20 | {{- range $key, $val := $gateway.ports }} 21 | - 22 | {{- range $pkey, $pval := $val }} 23 | {{ $pkey}}: {{ $pval }} 24 | {{- end }} 25 | {{- end }} 26 | --- 27 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/gateways/istio-ingress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-ingress 3 | version: 1.1.0 4 | tillerVersion: ">=2.7.2" 5 | description: Helm chart for deploying Istio gateways 6 | keywords: 7 | - istio 8 | - ingressgateway 9 | - gateways 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/gateways/istio-ingress/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: ingressgateway 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: istio-ingressgateway 9 | release: {{ .Release.Name }} 10 | istio: ingressgateway 11 | spec: 12 | minAvailable: 1 13 | selector: 14 | matchLabels: 15 | app: istio-ingressgateway 16 | release: {{ .Release.Name }} 17 | istio: ingressgateway 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/gateways/istio-ingress/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{ $gateway := index .Values "gateways" "istio-ingressgateway" }} 2 | {{- if $gateway.sds.enabled }} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: Role 5 | metadata: 6 | name: istio-ingressgateway-sds 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | release: {{ .Release.Name }} 10 | rules: 11 | - apiGroups: [""] 12 | resources: ["secrets"] 13 | verbs: ["get", "watch", "list"] 14 | --- 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/gateways/istio-ingress/templates/rolebindings.yaml: -------------------------------------------------------------------------------- 1 | {{ $gateway := index .Values "gateways" "istio-ingressgateway" }} 2 | {{- if $gateway.sds.enabled }} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: istio-ingressgateway-sds 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: Role 13 | name: istio-ingressgateway-sds 14 | subjects: 15 | - kind: ServiceAccount 16 | name: istio-ingressgateway-service-account 17 | --- 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/gateways/istio-ingress/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-ingressgateway-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: istio-ingressgateway 14 | release: {{ .Release.Name }} 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/gateways/istio-ingress/templates/sidecar.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Sidecar 3 | metadata: 4 | name: default 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | release: {{ .Release.Name }} 8 | spec: 9 | egress: 10 | - hosts: 11 | - "*/*" 12 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-cni/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-cni 3 | version: 1.1.0 4 | description: Helm chart for istio-cni components 5 | keywords: 6 | - istio-cni 7 | - istio 8 | sources: 9 | - http://github.com/istio/cni 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-cni/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istio-cni 5 | labels: 6 | app: istio-cni 7 | release: {{ .Release.Name }} 8 | rules: 9 | - apiGroups: [""] 10 | resources: 11 | - pods 12 | - nodes 13 | verbs: 14 | - get 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-cni/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-cni 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: istio-cni 14 | release: {{ .Release.Name }} 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-autoinject/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-autoinject 3 | version: 1.1.0 4 | appVersion: 1.1.0 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for sidecar injector webhook deployment 7 | keywords: 8 | - istio 9 | - sidecarInjectorWebhook 10 | - autoinject 11 | sources: 12 | - http://github.com/istio/istio 13 | engine: gotpl 14 | icon: https://istio.io/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-autoinject/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istio-sidecar-injector-{{ .Release.Namespace }} 5 | labels: 6 | app: sidecar-injector 7 | release: {{ .Release.Name }} 8 | istio: sidecar-injector 9 | rules: 10 | - apiGroups: [""] 11 | resources: ["configmaps"] 12 | resourceNames: ["istio-sidecar-injector"] 13 | verbs: ["get", "list", "watch"] 14 | {{- if not .Values.global.operatorManageWebhooks }} 15 | - apiGroups: ["admissionregistration.k8s.io"] 16 | resources: ["mutatingwebhookconfigurations"] 17 | resourceNames: ["istio-sidecar-injector", "istio-sidecar-injector-{{.Release.Namespace}}"] 18 | verbs: ["get", "list", "watch", "patch"] 19 | {{- end }} -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-autoinject/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | app: sidecar-injector 7 | release: {{ .Release.Name }} 8 | istio: sidecar-injector 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: istio-sidecar-injector-{{ .Release.Namespace }} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: istio-sidecar-injector-service-account 16 | namespace: {{ .Release.Namespace }} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-autoinject/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-sidecar-injector 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: sidecar-injector 9 | release: {{ .Release.Name }} 10 | istio: sidecar-injector 11 | spec: 12 | minAvailable: 1 13 | selector: 14 | matchLabels: 15 | app: sidecar-injector 16 | release: {{ .Release.Name }} 17 | istio: sidecar-injector 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-autoinject/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istio-sidecar-injector 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: sidecarInjectorWebhook 8 | release: {{ .Release.Name }} 9 | istio: sidecar-injector 10 | spec: 11 | ports: 12 | - port: 443 13 | targetPort: 9443 14 | selector: 15 | istio: sidecar-injector 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-autoinject/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-sidecar-injector-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: sidecarInjectorWebhook 14 | release: {{ .Release.Name }} 15 | istio: sidecar-injector 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-config/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-config 3 | version: 1.1.0 4 | appVersion: 1.1.0 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for galley deployment 7 | keywords: 8 | - istio 9 | - galley 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-config/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - cmluciano 3 | - geeknoid 4 | - ozevren 5 | - ayj 6 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-config/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-galley-admin-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | release: {{ .Release.Name }} 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: istio-galley-{{ .Release.Namespace }} 11 | subjects: 12 | - kind: ServiceAccount 13 | name: istio-galley-service-account 14 | namespace: {{ .Release.Namespace }} 15 | --- 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-config/templates/configmap-mesh.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-mesh-galley 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | release: {{ .Release.Name }} 8 | data: 9 | mesh: |- 10 | {{ toYaml .Values.galley.mesh | indent 4 }} 11 | --- 12 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-config/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-galley-configuration 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | release: {{ .Release.Name }} 8 | data: 9 | {{- if .Values.global.configValidation }} 10 | validatingwebhookconfiguration.yaml: |- 11 | {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} 12 | {{- end}} 13 | --- 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-config/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-galley 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: galley 9 | release: {{ .Release.Name }} 10 | istio: galley 11 | spec: 12 | minAvailable: 1 13 | selector: 14 | matchLabels: 15 | app: galley 16 | release: {{ .Release.Name }} 17 | istio: galley 18 | --- 19 | 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-config/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istio-galley 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: galley 8 | istio: galley 9 | release: {{ .Release.Name }} 10 | spec: 11 | ports: 12 | - port: 443 13 | name: https-validation 14 | targetPort: 9443 15 | - port: 15014 16 | name: http-monitoring 17 | - port: 9901 18 | name: grpc-mcp 19 | - port: 15019 20 | name: grpc-tls-mcp 21 | selector: 22 | istio: galley 23 | --- 24 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-config/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-galley-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: galley 14 | release: {{ .Release.Name }} 15 | --- 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-discovery/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-discovery 3 | version: 1.1.0 4 | appVersion: 1.1.0 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for istio control plane 7 | keywords: 8 | - istio 9 | sources: 10 | - http://github.com/istio/istio 11 | engine: gotpl 12 | icon: https://istio.io/favicons/android-192x192.png 13 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-discovery/NOTES.txt: -------------------------------------------------------------------------------- 1 | Minimal control plane for Istio. Pilot and mesh config are included. 2 | 3 | MCP and injector should optionally be installed in the same namespace. Alternatively remote 4 | address of an MCP server can be set. 5 | 6 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-discovery/templates/_helpers.tpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eon01/LearnKubernetesByBuilding10Projects/b5336932a30bb30391748403c063a90546032217/chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-discovery/templates/_helpers.tpl -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-discovery/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.clusterResources }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: istio-pilot-{{ .Release.Namespace }} 6 | labels: 7 | app: pilot 8 | release: {{ .Release.Name }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: istio-pilot-{{ .Release.Namespace }} 13 | subjects: 14 | - kind: ServiceAccount 15 | name: istio-pilot-service-account 16 | namespace: {{ .Release.Namespace }} 17 | --- 18 | {{ end }} 19 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-discovery/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-pilot{{ .Values.version }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: pilot 9 | release: {{ .Release.Name }} 10 | istio: pilot 11 | spec: 12 | minAvailable: 1 13 | selector: 14 | matchLabels: 15 | app: pilot 16 | {{- if ne .Values.version ""}} 17 | version: {{ .Values.version }} 18 | {{- end }} 19 | release: {{ .Release.Name }} 20 | istio: pilot 21 | --- 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-discovery/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istio-pilot{{ .Values.version }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: pilot 8 | release: {{ .Release.Name }} 9 | istio: pilot 10 | spec: 11 | ports: 12 | - port: 15010 13 | name: grpc-xds # direct 14 | - port: 15011 15 | name: https-xds # mTLS 16 | - port: 8080 17 | name: http-legacy-discovery # direct 18 | - port: 15014 19 | name: http-monitoring 20 | selector: 21 | {{- if ne .Values.version ""}} 22 | app: pilot 23 | version: {{ .Values.version }} 24 | {{ else }} 25 | istio: pilot 26 | {{- end }} 27 | --- 28 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-discovery/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.clusterResources }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | {{- if .Values.global.imagePullSecrets }} 5 | imagePullSecrets: 6 | {{- range .Values.global.imagePullSecrets }} 7 | - name: {{ . }} 8 | {{- end }} 9 | {{- end }} 10 | metadata: 11 | name: istio-pilot-service-account 12 | namespace: {{ .Release.Namespace }} 13 | labels: 14 | app: pilot 15 | release: {{ .Release.Name }} 16 | --- 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-control/istio-discovery/templates/telemetryv2.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.telemetry.enabled .Values.telemetry.v2.enabled }} 2 | {{ .Files.Get "metadata-exchange-v2.yaml" }} 3 | --- 4 | {{ .Files.Get "stats-filter-v2.yaml" }} 5 | {{- end }} -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-policy/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-policy 3 | version: 1.1.0 4 | appVersion: 1.1.0 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for mixer policy deployment 7 | keywords: 8 | - istio 9 | - mixer 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-policy/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istio-policy 5 | labels: 6 | release: {{ .Release.Name }} 7 | app: istio-policy 8 | rules: 9 | - apiGroups: ["config.istio.io"] # istio CRD watcher 10 | resources: ["*"] 11 | verbs: ["create", "get", "list", "watch", "patch"] 12 | - apiGroups: ["apiextensions.k8s.io"] 13 | resources: ["customresourcedefinitions"] 14 | verbs: ["get", "list", "watch"] 15 | - apiGroups: [""] 16 | resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] 17 | verbs: ["get", "list", "watch"] 18 | - apiGroups: ["extensions", "apps"] 19 | resources: ["replicasets"] 20 | verbs: ["get", "list", "watch"] 21 | --- 22 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-policy/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-policy-admin-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | app: istio-policy 7 | release: {{ .Release.Name }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: istio-policy 12 | subjects: 13 | - kind: ServiceAccount 14 | name: istio-policy-service-account 15 | namespace: {{ .Release.Namespace }} 16 | --- 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-policy/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-policy 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: policy 9 | release: {{ .Release.Name }} 10 | istio: mixer 11 | istio-mixer-type: policy 12 | spec: 13 | minAvailable: 1 14 | selector: 15 | matchLabels: 16 | app: policy 17 | release: {{ .Release.Name }} 18 | istio: mixer 19 | istio-mixer-type: policy 20 | --- 21 | 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-policy/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istio-policy 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: mixer 8 | istio: mixer 9 | release: {{ .Release.Name }} 10 | spec: 11 | ports: 12 | - name: grpc-mixer 13 | port: 9091 14 | - name: grpc-mixer-mtls 15 | port: 15004 16 | - name: http-policy-monitoring 17 | port: 15014 18 | selector: 19 | istio: mixer 20 | istio-mixer-type: policy 21 | {{- if .Values.mixer.policy.sessionAffinityEnabled }} 22 | sessionAffinity: ClientIP 23 | {{- end }} 24 | --- 25 | 26 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-policy/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-policy-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: istio-policy 14 | release: {{ .Release.Name }} 15 | --- 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/grafana/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: grafana 4 | version: 1.1.0 5 | appVersion: 1.1.0 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/grafana/templates/configmap-dashboards.yaml: -------------------------------------------------------------------------------- 1 | {{- $files := .Files }} 2 | {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} 3 | {{- $filename := trimSuffix (ext $path) (base $path) }} 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: istio-grafana-configuration-dashboards-{{ $filename }} 8 | namespace: {{ $.Release.Namespace }} 9 | labels: 10 | app: grafana 11 | release: {{ $.Release.Name }} 12 | istio: grafana 13 | data: 14 | {{ base $path }}: '{{ $files.Get $path }}' 15 | --- 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/grafana/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-grafana 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: grafana 8 | release: {{ .Release.Name }} 9 | istio: grafana 10 | data: 11 | {{- if .Values.grafana.datasources }} 12 | {{- range $key, $value := .Values.grafana.datasources }} 13 | {{ $key }}: | 14 | {{ toYaml $value | indent 4 }} 15 | {{- end -}} 16 | {{- end -}} 17 | 18 | {{- if .Values.grafana.dashboardProviders }} 19 | {{- range $key, $value := .Values.grafana.dashboardProviders }} 20 | {{ $key }}: | 21 | {{ toYaml $value | indent 4 }} 22 | {{- end -}} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/grafana/templates/grafana-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: authentication.istio.io/v1alpha1 2 | kind: Policy 3 | metadata: 4 | name: grafana-ports-mtls-disabled 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: grafana 8 | release: {{ .Release.Name }} 9 | spec: 10 | targets: 11 | - name: grafana 12 | ports: 13 | - number: {{ .Values.grafana.service.externalPort }} 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/grafana/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.grafana.persist }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: istio-grafana-pvc 6 | labels: 7 | app: grafana 8 | release: {{ .Release.Name }} 9 | spec: 10 | storageClassName: {{ .Values.grafana.storageClassName }} 11 | accessModes: 12 | - {{ .Values.grafana.accessMode }} 13 | resources: 14 | requests: 15 | storage: 5Gi 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/kiali/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. 3 | name: kiali 4 | version: 1.9.0 5 | appVersion: 1.9.0 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/kiali/templates/demosecret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kiali.createDemoSecret }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ .Values.kiali.dashboard.secretName }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: kiali 9 | release: {{ .Release.Name }} 10 | type: Opaque 11 | data: 12 | username: YWRtaW4= # admin 13 | passphrase: YWRtaW4= # admin 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/kiali/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kiali 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: kiali 8 | release: {{ .Release.Name }} 9 | spec: 10 | ports: 11 | - name: http-kiali 12 | protocol: TCP 13 | port: 20001 14 | selector: 15 | app: kiali 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/kiali/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: kiali-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: kiali 14 | release: {{ .Release.Name }} 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/mixer-telemetry/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: mixer-telemetry 3 | version: 1.1.0 4 | appVersion: 1.1.0 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for mixer deployment 7 | keywords: 8 | - istio 9 | - mixer 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/mixer-telemetry/templates/autoscale.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.mixer.telemetry.autoscaleMin }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: istio-telemetry 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: mixer 9 | release: {{ .Release.Name }} 10 | spec: 11 | maxReplicas: {{ .Values.mixer.telemetry.autoscaleMax }} 12 | minReplicas: {{ .Values.mixer.telemetry.autoscaleMin }} 13 | scaleTargetRef: 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | name: istio-telemetry 17 | metrics: 18 | - type: Resource 19 | resource: 20 | name: cpu 21 | targetAverageUtilization: {{ .Values.mixer.telemetry.cpu.targetAverageUtilization }} 22 | --- 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/mixer-telemetry/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | app: istio-telemetry 7 | release: {{ .Release.Name }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: istio-mixer-{{ .Release.Namespace }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: istio-mixer-service-account 15 | namespace: {{ .Release.Namespace }} 16 | --- 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/mixer-telemetry/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-telemetry 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: telemetry 9 | release: {{ .Release.Name }} 10 | istio: mixer 11 | istio-mixer-type: telemetry 12 | spec: 13 | minAvailable: 1 14 | selector: 15 | matchLabels: 16 | app: telemetry 17 | release: {{ .Release.Name }} 18 | istio: mixer 19 | istio-mixer-type: telemetry 20 | --- 21 | 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/mixer-telemetry/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istio-telemetry 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: mixer 8 | istio: mixer 9 | release: {{ .Release.Name }} 10 | spec: 11 | ports: 12 | - name: grpc-mixer 13 | port: 9091 14 | - name: grpc-mixer-mtls 15 | port: 15004 16 | - name: http-monitoring 17 | port: 15014 18 | - name: prometheus 19 | port: 42422 20 | selector: 21 | istio: mixer 22 | istio-mixer-type: telemetry 23 | {{- if .Values.mixer.telemetry.sessionAffinityEnabled }} 24 | sessionAffinity: ClientIP 25 | {{- end }} 26 | --- 27 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/mixer-telemetry/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-mixer-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: istio-telemetry 14 | release: {{ .Release.Name }} 15 | --- 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/prometheus-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: prometheus-operator 4 | version: 1.1.0 5 | appVersion: 2.3.1 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/prometheus/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: prometheus 4 | version: 1.1.0 5 | appVersion: 2.8.0 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/prometheus/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: prometheus-{{ .Release.Namespace }} 5 | labels: 6 | app: prometheus 7 | release: {{ .Release.Name }} 8 | rules: 9 | - apiGroups: [""] 10 | resources: 11 | - nodes 12 | - services 13 | - endpoints 14 | - pods 15 | - nodes/proxy 16 | verbs: ["get", "list", "watch"] 17 | - apiGroups: [""] 18 | resources: 19 | - configmaps 20 | verbs: ["get"] 21 | - nonResourceURLs: ["/metrics"] 22 | verbs: ["get"] 23 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/prometheus/templates/clusterrolebindings.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: prometheus-{{ .Release.Namespace }} 5 | labels: 6 | app: prometheus 7 | release: {{ .Release.Name }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: prometheus-{{ .Release.Namespace }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: prometheus 15 | namespace: {{ .Release.Namespace }} 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/prometheus/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: prometheus 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: prometheus 14 | release: {{ .Release.Name }} 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/tracing/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for tracing 3 | name: tracing 4 | version: 1.1.0 5 | appVersion: 1.5.1 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istio-telemetry/tracing/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.tracing.provider "jaeger" }} 2 | {{- if .Values.tracing.jaeger.persist }} 3 | kind: PersistentVolumeClaim 4 | apiVersion: v1 5 | metadata: 6 | name: istio-jaeger-pvc 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | app: {{ .Values.tracing.provider }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | storageClassName: {{ .Values.tracing.jaeger.storageClassName }} 13 | accessModes: 14 | - {{ .Values.tracing.jaeger.accessMode }} 15 | resources: 16 | requests: 17 | storage: 5Gi 18 | {{- end }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istiocoredns/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Istio CoreDNS provides DNS resolution for services in multicluster setups. 3 | name: istiocoredns 4 | version: 1.1.0 5 | appVersion: 0.1 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istiocoredns/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istiocoredns 5 | labels: 6 | app: istiocoredns 7 | release: {{ .Release.Name }} 8 | rules: 9 | - apiGroups: ["networking.istio.io"] 10 | resources: ["*"] 11 | verbs: ["get", "watch", "list"] 12 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istiocoredns/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | app: istiocoredns 7 | release: {{ .Release.Name }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: istiocoredns 12 | subjects: 13 | - kind: ServiceAccount 14 | name: istiocoredns-service-account 15 | namespace: {{ .Release.Namespace }} 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istiocoredns/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istiocoredns 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: istiocoredns 8 | release: {{ .Release.Name }} 9 | spec: 10 | selector: 11 | app: istiocoredns 12 | ports: 13 | - name: dns 14 | port: 53 15 | protocol: UDP 16 | - name: dns-tcp 17 | port: 53 18 | protocol: TCP 19 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/istiocoredns/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istiocoredns-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: istiocoredns 14 | release: {{ .Release.Name }} 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/certmanager/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: certmanager 4 | version: 1.1.0 5 | appVersion: 0.6.2 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/certmanager/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | certmanager has been deployed successfully! 2 | 3 | More information on the different types of issuers and how to configure them 4 | can be found in our documentation: 5 | 6 | https://cert-manager.readthedocs.io/en/latest/reference/issuers.html -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/certmanager/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: certmanager 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: certmanager 9 | release: {{ .Release.Name }} 10 | {{- if .Values.certmanager.podLabels }} 11 | {{ toYaml .Values.certmanager.podLabels | indent 4 }} 12 | {{- end }} 13 | spec: 14 | minAvailable: 1 15 | selector: 16 | matchLabels: 17 | app: certmanager 18 | release: {{ .Release.Name }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/certmanager/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: certmanager 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: certmanager 14 | release: {{ .Release.Name }} 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/citadel/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: citadel 3 | version: 1.1.0 4 | appVersion: 1.1.0 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for istio authentication 7 | keywords: 8 | - istio 9 | - security 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/citadel/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | This template contains the 'singleton' part of Istio. 2 | 3 | All other components support multiple instances (profiles) running in parallel. 4 | 5 | For upgrade purpose, this component should run in istio-system - where the existing mesh certificates are stored. 6 | Will install a new deployment of Citadel, using 1.1 - it can run in parallel with the old-style install of either 1.0 7 | or 1.1. 8 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/citadel/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.clusterResources }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: istio-citadel-{{ .Release.Namespace }} 6 | labels: 7 | app: citadel 8 | release: {{ .Release.Name }} 9 | rules: 10 | - apiGroups: [""] 11 | resources: ["configmaps"] 12 | verbs: ["create", "get", "update"] 13 | - apiGroups: [""] 14 | resources: ["secrets"] 15 | verbs: ["create", "get", "watch", "list", "update", "delete"] 16 | - apiGroups: [""] 17 | resources: ["serviceaccounts", "services", "namespaces"] 18 | verbs: ["get", "watch", "list"] 19 | - apiGroups: ["authentication.k8s.io"] 20 | resources: ["tokenreviews"] 21 | verbs: ["create"] 22 | 23 | --- 24 | {{ end }} 25 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/citadel/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.clusterResources }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: istio-citadel-{{ .Release.Namespace }} 6 | labels: 7 | release: {{ .Release.Name }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: istio-citadel-{{ .Release.Namespace }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: istio-citadel-service-account 15 | namespace: {{ .Release.Namespace }} 16 | --- 17 | {{- end}} 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/citadel/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-citadel 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: security 9 | istio: citadel 10 | release: {{ .Release.Name }} 11 | spec: 12 | minAvailable: 1 13 | selector: 14 | matchLabels: 15 | app: citadel 16 | istio: citadel 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/citadel/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | # Must match the certificate, this is used in the node agent in same namespace. 5 | name: istio-citadel 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: security 9 | istio: citadel 10 | release: {{ .Release.Name }} 11 | 12 | spec: 13 | ports: 14 | - name: grpc-citadel 15 | port: 8060 16 | targetPort: 8060 17 | protocol: TCP 18 | - name: http-monitoring 19 | port: 15014 20 | selector: 21 | app: citadel 22 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/citadel/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: istio-citadel-service-account 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: security 8 | release: {{ .Release.Name }} 9 | {{- if .Values.global.imagePullSecrets }} 10 | spec: 11 | imagePullSecrets: 12 | {{- range .Values.global.imagePullSecrets }} 13 | - name: {{ . }} 14 | {{- end }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/nodeagent/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: nodeagent 3 | version: 1.1.0 4 | appVersion: 1.1.0 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for nodeagent deployment 7 | keywords: 8 | - istio 9 | - nodeagent 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/nodeagent/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istio-nodeagent-{{ .Release.Namespace }} 5 | labels: 6 | app: istio-nodeagent 7 | release: {{ .Release.Name }} 8 | rules: 9 | - apiGroups: [""] 10 | resources: ["configmaps"] 11 | verbs: ["get"] 12 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/nodeagent/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-nodeagent-{{ .Release.Namespace }} 5 | labels: 6 | app: istio-nodeagent 7 | release: {{ .Release.Name }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: istio-nodeagent-{{ .Release.Namespace }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: istio-nodeagent-service-account 15 | namespace: {{ .Release.Namespace }} 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/charts/security/nodeagent/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-nodeagent-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: istio-nodeagent 14 | release: {{ .Release.Name }} 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/deploy/clusterrole_binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: istio-operator 6 | subjects: 7 | - kind: ServiceAccount 8 | name: istio-operator 9 | namespace: istio-operator 10 | roleRef: 11 | kind: ClusterRole 12 | name: istio-operator 13 | apiGroup: rbac.authorization.k8s.io 14 | ... 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/deploy/crds/istio_v1alpha2_istiocontrolplane_cr.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: install.istio.io/v1alpha2 3 | kind: IstioControlPlane 4 | metadata: 5 | namespace: istio-operator 6 | name: example-istiocontrolplane 7 | spec: 8 | profile: demo 9 | ... 10 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/deploy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | namespace: istio-operator 3 | resources: 4 | - crds/istio_v1alpha2_istiocontrolplane_crd.yaml 5 | - namespace.yaml 6 | - clusterrole.yaml 7 | - clusterrole_binding.yaml 8 | - service_account.yaml 9 | - operator.yaml 10 | - service.yaml 11 | ... 12 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/deploy/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: istio-operator 6 | ... 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/deploy/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | namespace: istio-operator 6 | labels: 7 | name: istio-operator 8 | name: istio-operator-metrics 9 | spec: 10 | ports: 11 | - name: http-metrics 12 | port: 8383 13 | targetPort: 8383 14 | selector: 15 | name: istio-operator 16 | ... 17 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/deploy/service_account.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | namespace: istio-operator 6 | name: istio-operator 7 | ... 8 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/examples/vm/values-istio-meshexpansion-gateways.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha2 2 | kind: IstioControlPlane 3 | spec: 4 | values: 5 | global: 6 | multiCluster: 7 | enabled: true 8 | 9 | meshExpansion: 10 | enabled: true 11 | 12 | controlPlaneSecurityEnabled: true 13 | 14 | # Multicluster with gateways requires a root CA 15 | # Cluster local CAs are bootstrapped with the root CA. 16 | security: 17 | selfSigned: false 18 | 19 | # Provides dns resolution for service entries of form 20 | # name.namespace.global 21 | istiocoredns: 22 | enabled: true 23 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/examples/vm/values-istio-meshexpansion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha2 2 | kind: IstioControlPlane 3 | spec: 4 | values: 5 | global: 6 | meshExpansion: 7 | enabled: true 8 | 9 | controlPlaneSecurityEnabled: true 10 | 11 | # Multicluster with gateways requires a root CA 12 | # Cluster local CAs are bootstrapped with the root CA. 13 | security: 14 | selfSigned: false 15 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/profiles/minimal.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha2 2 | kind: IstioControlPlane 3 | spec: 4 | policy: 5 | enabled: false 6 | 7 | telemetry: 8 | enabled: false 9 | 10 | security: 11 | enabled: false 12 | 13 | configManagement: 14 | enabled: false 15 | 16 | autoInjection: 17 | enabled: false 18 | 19 | gateways: 20 | enabled: false 21 | 22 | values: 23 | global: 24 | useMCP: false 25 | controlPlaneSecurityEnabled: false 26 | proxy: 27 | envoyStatsd: 28 | enabled: false 29 | host: 30 | port: 31 | mtls: 32 | auto: false 33 | 34 | pilot: 35 | sidecar: false 36 | useMCP: false 37 | 38 | prometheus: 39 | enabled: false 40 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/profiles/remote.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha2 2 | kind: IstioControlPlane 3 | spec: 4 | trafficManagement: 5 | enabled: false 6 | 7 | policy: 8 | enabled: false 9 | 10 | telemetry: 11 | enabled: false 12 | 13 | configManagement: 14 | enabled: false 15 | 16 | autoInjection: 17 | enabled: false 18 | 19 | gateways: 20 | enabled: true 21 | components: 22 | egressGateway: 23 | enabled: false 24 | 25 | values: 26 | pilot: 27 | configSource: 28 | subscribedResources: 29 | 30 | security: 31 | createMeshPolicy: false 32 | 33 | prometheus: 34 | enabled: false 35 | 36 | global: 37 | istioRemote: true 38 | enableTracing: false 39 | network: "" 40 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/profiles/sds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha2 2 | kind: IstioControlPlane 3 | spec: 4 | security: 5 | components: 6 | nodeAgent: 7 | enabled: true 8 | values: 9 | global: 10 | controlPlaneSecurityEnabled: true 11 | mtls: 12 | enabled: true 13 | sds: 14 | enabled: true 15 | udsPath: "unix:/var/run/sds/uds_path" 16 | token: 17 | aud: "istio-ca" 18 | nodeagent: 19 | image: node-agent-k8s 20 | env: 21 | CA_PROVIDER: "Citadel" 22 | CA_ADDR: "istio-citadel:8060" 23 | VALID_TOKEN: true 24 | 25 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/install/kubernetes/operator/versions.yaml: -------------------------------------------------------------------------------- 1 | - operatorVersion: 1.3.0 2 | supportedIstioVersions: 1.3.0 3 | recommendedIstioVersions: 1.3.0 4 | - operatorVersion: 1.3.1 5 | supportedIstioVersions: ">=1.3.0,<=1.3.1" 6 | recommendedIstioVersions: 1.3.1 7 | - operatorVersion: 1.3.2 8 | supportedIstioVersions: ">=1.3.0,<=1.3.2" 9 | recommendedIstioVersions: 1.3.2 10 | - operatorVersion: 1.3.3 11 | supportedIstioVersions: ">=1.3.0,<=1.3.3" 12 | recommendedIstioVersions: 1.3.3 13 | - operatorVersion: 1.4.0 14 | supportedIstioVersions: ">=1.3.3, <1.6" 15 | recommendedIstioVersions: 1.4.0 16 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/README.md: -------------------------------------------------------------------------------- 1 | # Istio Samples 2 | 3 | This directory contains sample applications highlighting various Istio features. 4 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/certmanager-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: cert-manager-gateway 5 | namespace: istio-system 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | number: 80 12 | name: http 13 | protocol: HTTP 14 | hosts: 15 | - "*" 16 | --- 17 | apiVersion: networking.istio.io/v1alpha3 18 | kind: VirtualService 19 | metadata: 20 | name: cert-manager 21 | namespace: istio-system 22 | spec: 23 | hosts: 24 | - "*" 25 | gateways: 26 | - cert-manager-gateway 27 | http: 28 | - match: 29 | - uri: 30 | prefix: /.well-known/acme-challenge/ 31 | route: 32 | - destination: 33 | host: cert-manager-resolver 34 | port: 35 | number: 8089 36 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/destination-rule-reviews.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: reviews 5 | spec: 6 | host: reviews 7 | trafficPolicy: 8 | loadBalancer: 9 | simple: RANDOM 10 | subsets: 11 | - name: v1 12 | labels: 13 | version: v1 14 | - name: v2 15 | labels: 16 | version: v2 17 | - name: v3 18 | labels: 19 | version: v3 20 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/fault-injection-details-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: details 5 | spec: 6 | hosts: 7 | - details 8 | http: 9 | - fault: 10 | abort: 11 | httpStatus: 555 12 | percent: 100 13 | route: 14 | - destination: 15 | host: details 16 | subset: v1 17 | - route: 18 | - destination: 19 | host: details 20 | subset: v1 21 | --- 22 | apiVersion: networking.istio.io/v1alpha3 23 | kind: DestinationRule 24 | metadata: 25 | name: details 26 | spec: 27 | host: details 28 | subsets: 29 | - name: v1 30 | labels: 31 | version: v1 -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/virtual-service-details-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: details 5 | spec: 6 | hosts: 7 | - details 8 | http: 9 | - route: 10 | - destination: 11 | host: details 12 | subset: v2 13 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/virtual-service-ratings-db.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v3 13 | --- 14 | apiVersion: networking.istio.io/v1alpha3 15 | kind: VirtualService 16 | metadata: 17 | name: ratings 18 | spec: 19 | hosts: 20 | - ratings 21 | http: 22 | - route: 23 | - destination: 24 | host: ratings 25 | subset: v2 26 | --- 27 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/virtual-service-ratings-mysql-vm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v3 13 | --- 14 | apiVersion: networking.istio.io/v1alpha3 15 | kind: VirtualService 16 | metadata: 17 | name: ratings 18 | spec: 19 | hosts: 20 | - ratings 21 | http: 22 | - route: 23 | - destination: 24 | host: ratings 25 | subset: v2-mysql-vm 26 | --- 27 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/virtual-service-ratings-mysql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v3 13 | --- 14 | apiVersion: networking.istio.io/v1alpha3 15 | kind: VirtualService 16 | metadata: 17 | name: ratings 18 | spec: 19 | hosts: 20 | - ratings 21 | http: 22 | - route: 23 | - destination: 24 | host: ratings 25 | subset: v2-mysql 26 | --- 27 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/virtual-service-ratings-test-abort.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: ratings 5 | spec: 6 | hosts: 7 | - ratings 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | fault: 14 | abort: 15 | percentage: 16 | value: 100.0 17 | httpStatus: 500 18 | route: 19 | - destination: 20 | host: ratings 21 | subset: v1 22 | - route: 23 | - destination: 24 | host: ratings 25 | subset: v1 26 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: ratings 5 | spec: 6 | hosts: 7 | - ratings 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | fault: 14 | delay: 15 | percentage: 16 | value: 100.0 17 | fixedDelay: 7s 18 | route: 19 | - destination: 20 | host: ratings 21 | subset: v1 22 | - route: 23 | - destination: 24 | host: ratings 25 | subset: v1 26 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v1 13 | weight: 50 14 | - destination: 15 | host: reviews 16 | subset: v3 17 | weight: 50 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/virtual-service-reviews-80-20.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v1 13 | weight: 80 14 | - destination: 15 | host: reviews 16 | subset: v2 17 | weight: 20 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/virtual-service-reviews-90-10.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v1 13 | weight: 90 14 | - destination: 15 | host: reviews 16 | subset: v2 17 | weight: 10 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | route: 14 | - destination: 15 | host: reviews 16 | subset: v2 17 | - route: 18 | - destination: 19 | host: reviews 20 | subset: v3 21 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | route: 14 | - destination: 15 | host: reviews 16 | subset: v2 17 | - route: 18 | - destination: 19 | host: reviews 20 | subset: v1 21 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/virtual-service-reviews-v2-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v2 13 | weight: 50 14 | - destination: 15 | host: reviews 16 | subset: v3 17 | weight: 50 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/networking/virtual-service-reviews-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v3 13 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/consul/virtual-service-ratings-test-abort.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: ratings 5 | spec: 6 | hosts: 7 | - ratings.service.consul 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | fault: 14 | abort: 15 | percentage: 16 | value: 100.0 17 | httpStatus: 500 18 | route: 19 | - destination: 20 | host: ratings.service.consul 21 | subset: v1 22 | - route: 23 | - destination: 24 | host: ratings.service.consul 25 | subset: v1 26 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/consul/virtual-service-ratings-test-delay.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: ratings 5 | spec: 6 | hosts: 7 | - ratings.service.consul 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | fault: 14 | delay: 15 | percentage: 16 | value: 100.0 17 | fixedDelay: 7s 18 | route: 19 | - destination: 20 | host: ratings.service.consul 21 | subset: v1 22 | - route: 23 | - destination: 24 | host: ratings.service.consul 25 | subset: v1 26 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/consul/virtual-service-reviews-50-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews.service.consul 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews.service.consul 12 | subset: v1 13 | weight: 50 14 | - destination: 15 | host: reviews.service.consul 16 | subset: v3 17 | weight: 50 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/consul/virtual-service-reviews-test-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews.service.consul 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | route: 14 | - destination: 15 | host: reviews.service.consul 16 | subset: v2 17 | - route: 18 | - destination: 19 | host: reviews.service.consul 20 | subset: v1 21 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/consul/virtual-service-reviews-v2-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews.service.consul 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews.service.consul 12 | subset: v2 13 | weight: 50 14 | - destination: 15 | host: reviews.service.consul 16 | subset: v3 17 | weight: 50 18 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/consul/virtual-service-reviews-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews.service.consul 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews.service.consul 12 | subset: v3 13 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/kube/README.md: -------------------------------------------------------------------------------- 1 | See the [Bookinfo guide](https://istio.io/docs/guides/bookinfo.html) in Istio 2 | docs for instructions on how to run this demo application. 3 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/kube/rbac/details-reviews-policy-permissive.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ServiceRole 3 | metadata: 4 | name: details-reviews-viewer 5 | namespace: default 6 | spec: 7 | rules: 8 | - services: ["details.default.svc.cluster.local", "reviews.default.svc.cluster.local"] 9 | methods: ["GET"] 10 | --- 11 | apiVersion: "rbac.istio.io/v1alpha1" 12 | kind: ServiceRoleBinding 13 | metadata: 14 | name: bind-details-reviews 15 | namespace: default 16 | spec: 17 | subjects: 18 | - user: "cluster.local/ns/default/sa/bookinfo-productpage" 19 | roleRef: 20 | kind: ServiceRole 21 | name: "details-reviews-viewer" 22 | mode: PERMISSIVE 23 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/kube/rbac/details-reviews-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ServiceRole 3 | metadata: 4 | name: details-reviews-viewer 5 | namespace: default 6 | spec: 7 | rules: 8 | - services: ["details.default.svc.cluster.local", "reviews.default.svc.cluster.local"] 9 | methods: ["GET"] 10 | --- 11 | apiVersion: "rbac.istio.io/v1alpha1" 12 | kind: ServiceRoleBinding 13 | metadata: 14 | name: bind-details-reviews 15 | namespace: default 16 | spec: 17 | subjects: 18 | - user: "cluster.local/ns/default/sa/bookinfo-productpage" 19 | roleRef: 20 | kind: ServiceRole 21 | name: "details-reviews-viewer" 22 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/kube/rbac/mongodb-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ServiceRole 3 | metadata: 4 | name: mongodb-viewer 5 | namespace: default 6 | spec: 7 | rules: 8 | - services: ["mongodb.default.svc.cluster.local"] 9 | constraints: 10 | - key: "destination.port" 11 | values: ["27017"] 12 | --- 13 | apiVersion: "rbac.istio.io/v1alpha1" 14 | kind: ServiceRoleBinding 15 | metadata: 16 | name: bind-mongodb-viewer 17 | namespace: default 18 | spec: 19 | subjects: 20 | - user: "cluster.local/ns/default/sa/bookinfo-ratings-v2" 21 | roleRef: 22 | kind: ServiceRole 23 | name: "mongodb-viewer" 24 | --- 25 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/kube/rbac/namespace-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ServiceRole 3 | metadata: 4 | name: service-viewer 5 | namespace: default 6 | spec: 7 | rules: 8 | - services: ["*"] 9 | methods: ["GET"] 10 | constraints: 11 | - key: "destination.labels[app]" 12 | values: ["productpage", "details", "reviews", "ratings"] 13 | --- 14 | apiVersion: "rbac.istio.io/v1alpha1" 15 | kind: ServiceRoleBinding 16 | metadata: 17 | name: bind-service-viewer 18 | namespace: default 19 | spec: 20 | subjects: 21 | - properties: 22 | source.namespace: "istio-system" 23 | - properties: 24 | source.namespace: "default" 25 | roleRef: 26 | kind: ServiceRole 27 | name: "service-viewer" 28 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/kube/rbac/productpage-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ServiceRole 3 | metadata: 4 | name: productpage-viewer 5 | namespace: default 6 | spec: 7 | rules: 8 | - services: ["productpage.default.svc.cluster.local"] 9 | methods: ["GET"] 10 | --- 11 | apiVersion: "rbac.istio.io/v1alpha1" 12 | kind: ServiceRoleBinding 13 | metadata: 14 | name: bind-productpage-viewer 15 | namespace: default 16 | spec: 17 | subjects: 18 | - user: "*" 19 | roleRef: 20 | kind: ServiceRole 21 | name: "productpage-viewer" 22 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/kube/rbac/ratings-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ServiceRole 3 | metadata: 4 | name: ratings-viewer 5 | namespace: default 6 | spec: 7 | rules: 8 | - services: ["ratings.default.svc.cluster.local"] 9 | methods: ["GET"] 10 | --- 11 | apiVersion: "rbac.istio.io/v1alpha1" 12 | kind: ServiceRoleBinding 13 | metadata: 14 | name: bind-ratings 15 | namespace: default 16 | spec: 17 | subjects: 18 | - user: "cluster.local/ns/default/sa/bookinfo-reviews" 19 | roleRef: 20 | kind: ServiceRole 21 | name: "ratings-viewer" 22 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/kube/rbac/rbac-config-ON.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ClusterRbacConfig 3 | metadata: 4 | name: default 5 | spec: 6 | mode: 'ON_WITH_INCLUSION' 7 | inclusion: 8 | namespaces: ["default"] 9 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/kube/rbac/rbac-config-on-mongodb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ClusterRbacConfig 3 | metadata: 4 | name: default 5 | spec: 6 | mode: 'ON_WITH_INCLUSION' 7 | inclusion: 8 | services: ["mongodb.default.svc.cluster.local"] 9 | --- 10 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/platform/kube/rbac/rbac-config-on-permissive.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ClusterRbacConfig 3 | metadata: 4 | name: default 5 | spec: 6 | mode: 'ON_WITH_INCLUSION' 7 | inclusion: 8 | namespaces: ["default"] 9 | enforcement_mode: PERMISSIVE 10 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/policy/mixer-rule-deny-label-crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "config.istio.io/v1alpha2" 2 | kind: denier 3 | metadata: 4 | name: denyreviewsv3handler 5 | spec: 6 | status: 7 | code: 7 8 | message: Not allowed 9 | --- 10 | apiVersion: "config.istio.io/v1alpha2" 11 | kind: checknothing 12 | metadata: 13 | name: denyreviewsv3request 14 | spec: 15 | --- 16 | apiVersion: "config.istio.io/v1alpha2" 17 | kind: rule 18 | metadata: 19 | name: denyreviewsv3 20 | spec: 21 | match: destination.labels["app"] == "ratings" && source.labels["app"]=="reviews" && source.labels["version"] == "v3" 22 | actions: 23 | - handler: denyreviewsv3handler.denier 24 | instances: [ denyreviewsv3request.checknothing ] 25 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/policy/mixer-rule-deny-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "config.istio.io/v1alpha2" 2 | kind: handler 3 | metadata: 4 | name: denyreviewsv3handler 5 | spec: 6 | compiledAdapter: denier 7 | params: 8 | status: 9 | code: 7 10 | message: Not allowed 11 | --- 12 | apiVersion: "config.istio.io/v1alpha2" 13 | kind: instance 14 | metadata: 15 | name: denyreviewsv3request 16 | spec: 17 | compiledTemplate: checknothing 18 | --- 19 | apiVersion: "config.istio.io/v1alpha2" 20 | kind: rule 21 | metadata: 22 | name: denyreviewsv3 23 | spec: 24 | match: destination.labels["app"] == "ratings" && source.labels["app"]=="reviews" && source.labels["version"] == "v3" 25 | actions: 26 | - handler: denyreviewsv3handler 27 | instances: [ denyreviewsv3request ] 28 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/policy/mixer-rule-deny-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "config.istio.io/v1alpha2" 2 | kind: handler 3 | metadata: 4 | name: denyproductpagehandler 5 | spec: 6 | compiledAdapter: denier 7 | params: 8 | status: 9 | code: 7 10 | message: Not allowed 11 | --- 12 | apiVersion: "config.istio.io/v1alpha2" 13 | kind: instance 14 | metadata: 15 | name: denyproductpagerequest 16 | spec: 17 | compiledTemplate: checknothing 18 | --- 19 | apiVersion: "config.istio.io/v1alpha2" 20 | kind: rule 21 | metadata: 22 | name: denyproductpage 23 | spec: 24 | match: destination.labels["app"] == "details" && source.user == "cluster.local/ns/default/sa/bookinfo-productpage" 25 | actions: 26 | - handler: denyproductpagehandler 27 | instances: [ denyproductpagerequest ] 28 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/policy/mixer-rule-deny-whitelist-crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.istio.io/v1alpha2 2 | kind: listchecker 3 | metadata: 4 | name: whitelist 5 | spec: 6 | # providerUrl: ordinarily black and white lists are maintained 7 | # externally and fetched asynchronously using the providerUrl. 8 | overrides: ["v1", "v2"] # overrides provide a static list 9 | blacklist: false 10 | --- 11 | apiVersion: config.istio.io/v1alpha2 12 | kind: listentry 13 | metadata: 14 | name: appversion 15 | spec: 16 | value: source.labels["version"] 17 | --- 18 | apiVersion: config.istio.io/v1alpha2 19 | kind: rule 20 | metadata: 21 | name: checkversion 22 | spec: 23 | match: destination.labels["app"] == "ratings" 24 | actions: 25 | - handler: whitelist.listchecker 26 | instances: 27 | - appversion.listentry 28 | --- 29 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/policy/mixer-rule-ingress-denial.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "config.istio.io/v1alpha2" 2 | kind: handler 3 | metadata: 4 | name: handler 5 | namespace: istio-system 6 | spec: 7 | compiledAdapter: denier 8 | params: 9 | status: 10 | code: 7 11 | message: Not allowed 12 | --- 13 | apiVersion: "config.istio.io/v1alpha2" 14 | kind: instance 15 | metadata: 16 | name: denyrequest 17 | namespace: istio-system 18 | spec: 19 | compiledTemplate: checknothing 20 | --- 21 | apiVersion: "config.istio.io/v1alpha2" 22 | kind: rule 23 | metadata: 24 | name: denyingress 25 | namespace: istio-system 26 | spec: 27 | match: (source.labels["istio"] | "") == "ingressgateway" && (request.headers["x-user"] | "") == "john" 28 | actions: 29 | - handler: handler 30 | instances: [ denyrequest ] 31 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/src/mongodb/ratings_data.json: -------------------------------------------------------------------------------- 1 | {rating: 5} 2 | {rating: 4} 3 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/src/productpage/requirements.txt: -------------------------------------------------------------------------------- 1 | certifi==2019.3.9 2 | chardet==3.0.4 3 | Click==7.0 4 | contextlib2==0.5.5 5 | dominate==2.3.5 6 | Flask==1.0.2 7 | Flask-Bootstrap==3.3.7.1 8 | Flask-JSON==0.3.3 9 | future==0.17.1 10 | futures==3.1.1 11 | gevent==1.4.0 12 | greenlet==0.4.15 13 | idna==2.8 14 | itsdangerous==1.1.0 15 | jaeger-client==3.13.0 16 | Jinja2==2.10.1 17 | json2html==1.2.1 18 | MarkupSafe==0.23 19 | nose==1.3.7 20 | opentracing==1.2.2 21 | opentracing-instrumentation==2.4.3 22 | requests==2.21.0 23 | simplejson==3.16.0 24 | six==1.12.0 25 | threadloop==1.0.2 26 | thrift==0.11.0 27 | tornado==4.5.3 28 | urllib3==1.24.2 29 | visitor==0.1.3 30 | Werkzeug==0.15.5 31 | wrapt==1.11.1 32 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/src/productpage/test-requirements.txt: -------------------------------------------------------------------------------- 1 | requests-mock==1.5.2 2 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/bookinfo/src/ratings/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "scripts": { 3 | "start": "node ratings.js" 4 | }, 5 | "dependencies": { 6 | "httpdispatcher": "1.0.0", 7 | "mongodb": "^2.2.31", 8 | "mysql": "^2.15.0" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/custom-bootstrap/custom-bootstrap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-custom-bootstrap-config 5 | namespace: default 6 | data: 7 | custom_bootstrap.json: | 8 | { 9 | "tracing": { 10 | "http": { 11 | "name": "envoy.zipkin", 12 | "config": { 13 | "collector_cluster": "zipkin", 14 | "collector_endpoint": "/api/v1/spans/custom", 15 | "trace_id_128bit": "true" 16 | } 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/custom-bootstrap/example-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: helloworld-v1 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: helloworld 10 | version: v1 11 | template: 12 | metadata: 13 | annotations: 14 | sidecar.istio.io/bootstrapOverride: "istio-custom-bootstrap-config" 15 | labels: 16 | app: helloworld 17 | version: v1 18 | spec: 19 | containers: 20 | - name: helloworld 21 | image: docker.io/istio/examples-helloworld-v1 22 | resources: 23 | requests: 24 | cpu: "100m" 25 | imagePullPolicy: IfNotPresent 26 | ports: 27 | - containerPort: 5000 28 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/external/aptget.yaml: -------------------------------------------------------------------------------- 1 | # This ServiceEntry exposes the hosts needed for installing packages with apt-get. 2 | # After applying this file, Istio-enabled pods (configured apt-get) be able to execute 3 | # `apt-get upgrade` and `apt-get install`. If this is not installed you may get 4 | # "404 Not Found" 5 | 6 | apiVersion: networking.istio.io/v1alpha3 7 | kind: ServiceEntry 8 | metadata: 9 | name: make-aptget-work 10 | spec: 11 | hosts: 12 | - deb.debian.org 13 | - cdn-fastly.deb.debian.org 14 | - security.debian.org 15 | - archive.ubuntu.com 16 | - security.ubuntu.com 17 | ports: 18 | - number: 80 19 | name: http 20 | protocol: HTTP 21 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/helloworld/helloworld-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: helloworld-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway # use istio default controller 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "*" 15 | --- 16 | apiVersion: networking.istio.io/v1alpha3 17 | kind: VirtualService 18 | metadata: 19 | name: helloworld 20 | spec: 21 | hosts: 22 | - "*" 23 | gateways: 24 | - helloworld-gateway 25 | http: 26 | - match: 27 | - uri: 28 | exact: /hello 29 | route: 30 | - destination: 31 | host: helloworld 32 | port: 33 | number: 5000 34 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/helloworld/src/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | flask 3 | flask_json 4 | flask_bootstrap 5 | json2html 6 | simplejson 7 | gevent 8 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/httpbin/httpbin-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: httpbin-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "*" 15 | --- 16 | apiVersion: networking.istio.io/v1alpha3 17 | kind: VirtualService 18 | metadata: 19 | name: httpbin 20 | spec: 21 | hosts: 22 | - "*" 23 | gateways: 24 | - httpbin-gateway 25 | http: 26 | - route: 27 | - destination: 28 | host: httpbin 29 | port: 30 | number: 8000 31 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/https/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 443 ssl; 3 | 4 | root /usr/share/nginx/html; 5 | index index.html; 6 | 7 | server_name localhost; 8 | ssl_certificate /etc/nginx/ssl/tls.crt; 9 | ssl_certificate_key /etc/nginx/ssl/tls.key; 10 | } 11 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/operator/pilot-k8s.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha2 2 | kind: IstioControlPlane 3 | spec: 4 | trafficManagement: 5 | components: 6 | pilot: 7 | k8s: 8 | resources: 9 | requests: 10 | cpu: 1000m # override from default 500m 11 | memory: 4096Mi # ... default 2048Mi 12 | hpaSpec: 13 | maxReplicas: 10 # ... default 5 14 | minReplicas: 2 # ... default 1 15 | nodeSelector: 16 | master: "true" 17 | tolerations: 18 | - key: dedicated 19 | operator: Exists 20 | effect: NoSchedule 21 | - key: CriticalAddonsOnly 22 | operator: Exists 23 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/operator/sds-policy-off.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha2 2 | kind: IstioControlPlane 3 | spec: 4 | profile: sds 5 | policy: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/operator/sds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha2 2 | kind: IstioControlPlane 3 | spec: 4 | profile: sds 5 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/operator/trafficManagement-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha2 2 | kind: IstioControlPlane 3 | spec: 4 | trafficManagement: 5 | components: 6 | namespace: istio-control-custom 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/operator/values-global.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha2 2 | kind: IstioControlPlane 3 | spec: 4 | values: 5 | global: 6 | logging: 7 | level: "default:warning" # override from info 8 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/operator/values-pilot.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha2 2 | kind: IstioControlPlane 3 | spec: 4 | values: 5 | pilot: 6 | traceSampling: 0.1 # override from 1.0 7 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/websockets/app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: tornado 5 | labels: 6 | app: tornado 7 | spec: 8 | ports: 9 | - port: 8888 10 | name: http 11 | selector: 12 | app: tornado 13 | --- 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | metadata: 17 | name: tornado 18 | spec: 19 | replicas: 1 20 | selector: 21 | matchLabels: 22 | app: tornado 23 | version: v1 24 | template: 25 | metadata: 26 | labels: 27 | app: tornado 28 | version: v1 29 | spec: 30 | containers: 31 | - name: tornado 32 | image: hiroakis/tornado-websocket-example 33 | imagePullPolicy: IfNotPresent 34 | ports: 35 | - containerPort: 8888 36 | --- 37 | -------------------------------------------------------------------------------- /chapter10/istio-1.4.2/samples/websockets/route.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: tornado-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "*" 15 | --- 16 | apiVersion: networking.istio.io/v1alpha3 17 | kind: VirtualService 18 | metadata: 19 | name: tornado 20 | spec: 21 | hosts: 22 | - "*" 23 | gateways: 24 | - tornado-gateway 25 | http: 26 | - match: 27 | - uri: 28 | prefix: / 29 | route: 30 | - destination: 31 | host: tornado 32 | weight: 100 33 | -------------------------------------------------------------------------------- /chapter10/terraform/auth/serviceaccount.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "service_account", 3 | "project_id": "", 4 | "private_key_id": "", 5 | "private_key": "", 6 | "client_email": "", 7 | "client_id": "", 8 | "auth_uri": "https://accounts.google.com/o/oauth2/auth", 9 | "token_uri": "https://oauth2.googleapis.com/token", 10 | "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 11 | "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/terraform%40mykubernetesproject-002.iam.gserviceaccount.com" 12 | } 13 | -------------------------------------------------------------------------------- /chapter10/terraform/gke.tf: -------------------------------------------------------------------------------- 1 | resource "google_container_cluster" "primary" { 2 | provider = "google-beta" 3 | name = "mycluster" 4 | network = "default" 5 | location = "europe-west1" 6 | initial_node_count = 1 7 | 8 | addons_config { 9 | istio_config { 10 | disabled = false 11 | auth = "AUTH_NONE" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /chapter10/terraform/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google-beta" { 2 | credentials = file("./auth/serviceaccount.json") 3 | project = "mykubernetesproject-002" 4 | region = "europe-west1" 5 | } 6 | 7 | -------------------------------------------------------------------------------- /chapter10/terraform/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /chapter2/example1/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM busybox 2 | ADD index.html /www/index.html 3 | EXPOSE 8000 4 | CMD httpd -p 8000 -h /www; tail -f /dev/null 5 | -------------------------------------------------------------------------------- /chapter2/example1/index.html: -------------------------------------------------------------------------------- 1 | Okay 2 | -------------------------------------------------------------------------------- /chapter3/app/back/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use an official Python runtime as an image 2 | FROM python:3.6 3 | 4 | # The EXPOSE instruction indicates the ports on which a container will listen for connections 5 | EXPOSE 3000 6 | 7 | # Sets the working directory for following COPY 8 | WORKDIR /app 9 | 10 | # Add the requirements to the container then install needed packages specified in the same file 11 | COPY requirements.txt /app 12 | RUN pip install -r requirements.txt 13 | 14 | # Add the API file app.py then run it when the container launches 15 | COPY back.py /app 16 | CMD python back.py 17 | -------------------------------------------------------------------------------- /chapter3/app/back/back.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app: api 6 | name: api 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: api 12 | template: 13 | metadata: 14 | labels: 15 | app: api 16 | spec: 17 | containers: 18 | - image: eon01/quotes-back:v1 19 | name: api 20 | ports: 21 | - containerPort: 3000 22 | name: http 23 | env: 24 | - name: SQLALCHEMY_DATABASE_URI 25 | value: "mysql+pymysql://root:root@data:3306/mydatabase" 26 | --- 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | name: api 31 | labels: 32 | app: api 33 | spec: 34 | type: LoadBalancer 35 | ports: 36 | - port: 80 37 | targetPort: 3000 38 | selector: 39 | app: api 40 | -------------------------------------------------------------------------------- /chapter3/app/back/requirements.txt: -------------------------------------------------------------------------------- 1 | asn1crypto==0.24.0 2 | cffi==1.11.5 3 | Click==7.0 4 | cryptography==2.4.1 5 | Flask==1.0.2 6 | Flask-SQLAlchemy==2.3.2 7 | idna==2.7 8 | itsdangerous==1.1.0 9 | Jinja2==2.10 10 | MarkupSafe==1.1.0 11 | pycparser==2.19 12 | PyMySQL==0.9.2 13 | six==1.11.0 14 | SQLAlchemy==1.2.14 15 | Werkzeug==0.14.1 16 | -------------------------------------------------------------------------------- /chapter3/app/data/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM mysql:5.7 2 | EXPOSE 3306 3 | -------------------------------------------------------------------------------- /chapter3/app/data/import.sh: -------------------------------------------------------------------------------- 1 | mysql -uroot -proot mydatabase < /tmp/mydatabase.sql 2 | -------------------------------------------------------------------------------- /chapter4/secrets/key.txt: -------------------------------------------------------------------------------- 1 | xHahaa2&2 -------------------------------------------------------------------------------- /chapter4/secrets/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: api-secrets 5 | type: Opaque 6 | data: 7 | mysql-root-password: cm9vdA== 8 | mysql-database: bXlkYXRhYmFzZQ== 9 | mysql-user: cm9vdA== 10 | mysql-password: cm9vdA== 11 | -------------------------------------------------------------------------------- /chapter5/terraform/allenv/auth/serviceaccount.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "service_account", 3 | "project_id": "", 4 | "private_key_id": "", 5 | "private_key": "", 6 | "client_email": "", 7 | "client_id": "", 8 | "auth_uri": "https://accounts.google.com/o/oauth2/auth", 9 | "token_uri": "https://oauth2.googleapis.com/token", 10 | "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 11 | "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/terraform%40mykubernetesproject-002.iam.gserviceaccount.com" 12 | } 13 | -------------------------------------------------------------------------------- /chapter5/terraform/allenv/main.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file(var.credentials)}" 3 | project = "${var.project}" 4 | region = "${var.region}" 5 | } 6 | 7 | resource "google_container_cluster" "primary" { 8 | name = "${var.cluster_name}" 9 | network = "${var.network}" 10 | location = "${var.region}" 11 | initial_node_count = "${var.initial_node_count}" 12 | } 13 | 14 | resource "google_container_node_pool" "primary_preemptible_nodes" { 15 | name = "${var.node_name}" 16 | location = "${var.region}" 17 | cluster = google_container_cluster.primary.name 18 | node_count = "${var.node_count}" 19 | 20 | node_config { 21 | preemptible = "${var.preemptible}" 22 | machine_type = "${var.machine_type}" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /chapter5/terraform/allenv/production.tfvars: -------------------------------------------------------------------------------- 1 | credentials = "auth/serviceaccount.json" 2 | project = "mykubernetesproject-002" 3 | region = "europe-west1" 4 | cluster_name = "my-production-cluster" 5 | network = "default" 6 | initial_node_count = 1 7 | node_name = "my-node-pool" 8 | node_count = 3 9 | preemptible = false 10 | machine_type = "n1-standard-1 11 | -------------------------------------------------------------------------------- /chapter5/terraform/allenv/testing.tfvars: -------------------------------------------------------------------------------- 1 | credentials = "auth/serviceaccount.json" 2 | project = "mykubernetesproject-002" 3 | region = "europe-west1" 4 | cluster_name = "my-testing-cluster" 5 | network = "default" 6 | initial_node_count = 1 7 | node_name = "my-node-pool" 8 | node_count = 2 9 | preemptible = true 10 | machine_type = "f1-micro" 11 | -------------------------------------------------------------------------------- /chapter5/terraform/noenv/auth/serviceaccount.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "service_account", 3 | "project_id": "", 4 | "private_key_id": "", 5 | "private_key": "", 6 | "client_email": "", 7 | "client_id": "", 8 | "auth_uri": "https://accounts.google.com/o/oauth2/auth", 9 | "token_uri": "https://oauth2.googleapis.com/token", 10 | "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 11 | "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/terraform%40mykubernetesproject-002.iam.gserviceaccount.com" 12 | } 13 | -------------------------------------------------------------------------------- /chapter5/terraform/noenv/gke.tf: -------------------------------------------------------------------------------- 1 | resource "google_container_cluster" "primary" { 2 | name = "mycluster" 3 | network = "default" 4 | location = "europe-west1" 5 | initial_node_count = 1 6 | } 7 | -------------------------------------------------------------------------------- /chapter5/terraform/noenv/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file("./auth/serviceaccount.json")}" 3 | project = "mykubernetesproject-002" 4 | region = "europe-west1" 5 | } 6 | -------------------------------------------------------------------------------- /chapter5/terraform/production/auth/serviceaccount.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "service_account", 3 | "project_id": "", 4 | "private_key_id": "", 5 | "private_key": "", 6 | "client_email": "", 7 | "client_id": "", 8 | "auth_uri": "https://accounts.google.com/o/oauth2/auth", 9 | "token_uri": "https://oauth2.googleapis.com/token", 10 | "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 11 | "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/terraform%40mykubernetesproject-002.iam.gserviceaccount.com" 12 | } 13 | -------------------------------------------------------------------------------- /chapter5/terraform/production/main.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file("auth/serviceaccount.json")}" 3 | project = "mykubernetesproject-002" 4 | region = "europe-west1" 5 | } 6 | 7 | resource "google_container_cluster" "primary" { 8 | name = "my-production-cluster" 9 | network = "default" 10 | location = "europe-west1" 11 | initial_node_count = 1 12 | } 13 | 14 | resource "google_container_node_pool" "primary_preemptible_nodes" { 15 | name = "my-node-pool" 16 | location = "europe-west1" 17 | cluster = google_container_cluster.primary.name 18 | node_count = 3 19 | 20 | node_config { 21 | preemptible = false 22 | machine_type = "n1-standard-1" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /chapter5/terraform/testing/auth/serviceaccount.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "service_account", 3 | "project_id": "", 4 | "private_key_id": "", 5 | "private_key": "", 6 | "client_id": "", 7 | "auth_uri": "https://accounts.google.com/o/oauth2/auth", 8 | "token_uri": "https://oauth2.googleapis.com/token", 9 | "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 10 | "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/terraform%40mykubernetesproject-002.iam.gserviceaccount.com" 11 | } 12 | -------------------------------------------------------------------------------- /chapter5/terraform/testing/main.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file(var.credentials)}" 3 | project = "${var.project}" 4 | region = "${var.region}" 5 | } 6 | 7 | resource "google_container_cluster" "primary" { 8 | name = "${var.cluster_name}" 9 | network = "${var.network}" 10 | location = "${var.region}" 11 | initial_node_count = "${var.initial_node_count}" 12 | } 13 | 14 | resource "google_container_node_pool" "primary_preemptible_nodes" { 15 | name = "${var.node_name}" 16 | location = "${var.region}" 17 | cluster = google_container_cluster.primary.name 18 | node_count = "${var.node_count}" 19 | 20 | node_config { 21 | preemptible = "${var.preemptible}" 22 | machine_type = "${var.machine_type}" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /chapter6/ansible/group_vars/all.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # my_var: my_value 3 | -------------------------------------------------------------------------------- /chapter6/ansible/group_vars/frontened.yaml: -------------------------------------------------------------------------------- 1 | # This is an example. 2 | ntp_server: 192.168.1.33 3 | -------------------------------------------------------------------------------- /chapter6/ansible/host_vars/localhost.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | my_var: my_value 3 | 4 | other_variables: 5 | production: 6 | my_var: production_value 7 | testing: 8 | my_var: testing_value 9 | -------------------------------------------------------------------------------- /chapter6/ansible/hosts.yaml: -------------------------------------------------------------------------------- 1 | [frontend] 2 | frontend-[1:6].site.com 3 | -------------------------------------------------------------------------------- /chapter6/ansible/production.yaml: -------------------------------------------------------------------------------- 1 | productionserver 2 | -------------------------------------------------------------------------------- /chapter6/ansible/roles/common/tasks/custom.yaml: -------------------------------------------------------------------------------- 1 | - copy: 2 | content: "{{ my_var }}" 3 | dest: /tmp/custom.txt 4 | -------------------------------------------------------------------------------- /chapter6/ansible/roles/common/tasks/hostname.yaml: -------------------------------------------------------------------------------- 1 | - copy: 2 | content: "{{ lookup('env','HOSTNAME') }}" 3 | dest: /tmp/hostname.txt 4 | -------------------------------------------------------------------------------- /chapter6/ansible/roles/common/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the file '/tmp/test.txt' containing "success" 3 | import_tasks: success.yaml 4 | 5 | - name: Create the file '/tmp/hostname.txt' containing the hostname 6 | import_tasks: hostname.yaml 7 | 8 | - name: Create the file '/tmp/custom.txt' containing a custom value that we define 9 | import_tasks: custom.yaml 10 | 11 | - name: Template a file to /tmp/test.conf 12 | template: 13 | src: templates/test.j2 14 | dest: /tmp/test.conf 15 | -------------------------------------------------------------------------------- /chapter6/ansible/roles/common/tasks/success.yaml: -------------------------------------------------------------------------------- 1 | - copy: 2 | content: "success" 3 | dest: /tmp/test.txt 4 | -------------------------------------------------------------------------------- /chapter6/ansible/roles/common/templates/test.j2: -------------------------------------------------------------------------------- 1 | In this file we are going to replace -> {{ my_var }} <- by its value. 2 | 3 | In this file we are going to replace -> {{ other_variables['%s' | format(env)].my_var }} <- by its value. 4 | -------------------------------------------------------------------------------- /chapter6/ansible/site.yaml: -------------------------------------------------------------------------------- 1 | - name: apply common configuration to all nodes 2 | # hosts: all 3 | 4 | hosts: localhost 5 | connection: local 6 | roles: 7 | - common 8 | -------------------------------------------------------------------------------- /chapter6/ansible/testing.yaml: -------------------------------------------------------------------------------- 1 | testingserver 2 | -------------------------------------------------------------------------------- /chapter6/playbooks/my_playbook.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: This is a basic example that create a file with its content 3 | 4 | hosts: localhost 5 | 6 | vars: 7 | my_var: "my_value" 8 | 9 | tasks: 10 | - name: Create the file '/tmp/test.txt' containing "success". 11 | copy: 12 | content: "success" 13 | dest: /tmp/test.txt 14 | 15 | - name: Create the file '/tmp/hostname.txt' containing the hostname. 16 | copy: 17 | content: "{{ lookup('env','HOSTNAME') }}" 18 | dest: /tmp/hostname.txt 19 | 20 | - name: Create the file '/tmp/custom.txt' containing a custom value that we define. 21 | copy: 22 | content: "{{ my_var }}" 23 | dest: /tmp/custom.txt 24 | -------------------------------------------------------------------------------- /chapter6/terraform/plan/auth/serviceaccount.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "service_account", 3 | "project_id": "", 4 | "private_key_id": "", 5 | "private_key": "", 6 | "client_email": "", 7 | "client_id": "", 8 | "auth_uri": "https://accounts.google.com/o/oauth2/auth", 9 | "token_uri": "https://oauth2.googleapis.com/token", 10 | "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 11 | "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/terraform%40mykubernetesproject-002.iam.gserviceaccount.com" 12 | } 13 | -------------------------------------------------------------------------------- /chapter6/terraform/plan/env.tfvars: -------------------------------------------------------------------------------- 1 | credentials = "auth/serviceaccount.json" 2 | project = "mykubernetesproject-002" 3 | region = "europe-west1" 4 | cluster_name = "my-testing-cluster" 5 | network = "default" 6 | initial_node_count = 1 7 | node_name = "my-node-pool" 8 | node_count = 1 9 | preemptible = true 10 | machine_type = "f1-micro" 11 | bucket = "terraform-testing-786e92c2f4aef17b414fa346d270773b" 12 | -------------------------------------------------------------------------------- /chapter6/terraform/plan/variables.tf: -------------------------------------------------------------------------------- 1 | variable "credentials" { 2 | } 3 | 4 | variable "project" { 5 | } 6 | 7 | variable "region" { 8 | } 9 | 10 | variable "cluster_name" { 11 | } 12 | 13 | variable "network" { 14 | } 15 | 16 | variable "initial_node_count" { 17 | } 18 | 19 | variable "node_name" { 20 | } 21 | 22 | variable "node_count" { 23 | } 24 | 25 | variable "preemptible" { 26 | } 27 | 28 | variable "machine_type" { 29 | } 30 | 31 | variable "bucket" { 32 | } 33 | -------------------------------------------------------------------------------- /chapter6/terraform/roles/common/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: configure tfvars 2 | import_tasks: tfvars.yaml 3 | -------------------------------------------------------------------------------- /chapter6/terraform/roles/common/templates/tfvars.j2: -------------------------------------------------------------------------------- 1 | credentials = "{{ terraform['%s' | format(env)].credentials }}" 2 | project = "{{ terraform['%s' | format(env)].project }}" 3 | region = "{{ terraform['%s' | format(env)].region }}" 4 | cluster_name = "{{ terraform['%s' | format(env)].cluster_name }}" 5 | network = "{{ terraform['%s' | format(env)].network }}" 6 | initial_node_count = {{ terraform['%s' | format(env)].initial_node_count }} 7 | node_name = "{{ terraform['%s' | format(env)].node_name }}" 8 | node_count = {{ terraform['%s' | format(env)].node_count }} 9 | preemptible = {{ terraform['%s' | format(env)].preemptible }} 10 | machine_type = "{{ terraform['%s' | format(env)].machine_type }}" 11 | bucket = "{{ terraform['%s' | format(env)].bucket }}" 12 | -------------------------------------------------------------------------------- /chapter6/terraform/site.yaml: -------------------------------------------------------------------------------- 1 | - name: apply common configuration to all nodes 2 | # hosts: all 3 | 4 | hosts: localhost 5 | connection: local 6 | roles: 7 | - common 8 | -------------------------------------------------------------------------------- /chapter7/first_chart/quotes/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /chapter7/first_chart/quotes/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: My First Helm Chart - Quotes API 3 | name: quotes 4 | type: application 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /chapter7/first_chart/quotes/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eon01/LearnKubernetesByBuilding10Projects/b5336932a30bb30391748403c063a90546032217/chapter7/first_chart/quotes/values.yaml -------------------------------------------------------------------------------- /chapter7/managing_configurations/quotes/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /chapter7/managing_configurations/quotes/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: My First Helm Chart - Quotes API 3 | name: quotes 4 | type: application 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /chapter7/managing_environments/1/.gitignore: -------------------------------------------------------------------------------- 1 | *.yaml.dec 2 | -------------------------------------------------------------------------------- /chapter7/managing_environments/1/quotes/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /chapter7/managing_environments/1/quotes/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: My First Helm Chart - Quotes API 3 | name: quotes 4 | type: application 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /chapter7/managing_environments/1/quotes/helm_vars/.sops.yaml: -------------------------------------------------------------------------------- 1 | creation_rules: 2 | - pgp: "94346D4E056C5FEAAC79C729EA72447AE3DF747F" 3 | -------------------------------------------------------------------------------- /chapter7/managing_environments/1/quotes/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | labels: 5 | app: "{{ .Release.Name }}" 6 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 7 | release: "{{ .Release.Name }}" 8 | heritage: "{{ .Release.Service }}" 9 | name: "{{ .Values.data.name }}-secret" 10 | type: Opaque 11 | data: 12 | mysql_password: "{{ .Values.mysql_password | quote }}" 13 | mysql_root_password: "{{ .Values.mysql_root_password | quote }}" 14 | -------------------------------------------------------------------------------- /chapter7/managing_environments/2/.gitignore: -------------------------------------------------------------------------------- 1 | *.yaml.dec 2 | -------------------------------------------------------------------------------- /chapter7/managing_environments/2/quotes/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /chapter7/managing_environments/2/quotes/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: My First Helm Chart - Quotes API 3 | name: quotes 4 | type: application 5 | version: 0.1.0 6 | templates: 7 | - _helpers.tpl 8 | -------------------------------------------------------------------------------- /chapter7/managing_environments/2/quotes/helm_vars/.sops.yaml: -------------------------------------------------------------------------------- 1 | creation_rules: 2 | - pgp: "94346D4E056C5FEAAC79C729EA72447AE3DF747F" 3 | -------------------------------------------------------------------------------- /chapter7/managing_environments/2/quotes/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* Returns the size of Mysql disk */}} 2 | {{- define "quotes.mysql_disk_size" }} 3 | {{- if eq .Values.global.env "prod" }} 4 | storage: 100Gi 5 | {{- else }} 6 | storage: 1Gi 7 | {{- end }} 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /chapter7/managing_environments/2/quotes/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | labels: 5 | app: "{{ .Release.Name }}" 6 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 7 | release: "{{ .Release.Name }}" 8 | heritage: "{{ .Release.Service }}" 9 | name: "{{ .Values.data.name }}-secret" 10 | type: Opaque 11 | data: 12 | mysql_password: "{{ .Values.mysql_password | quote }}" 13 | mysql_root_password: "{{ .Values.mysql_root_password | quote }}" 14 | -------------------------------------------------------------------------------- /chapter7/managing_secrets/.gitignore: -------------------------------------------------------------------------------- 1 | *.yaml.dec 2 | -------------------------------------------------------------------------------- /chapter7/managing_secrets/quotes/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /chapter7/managing_secrets/quotes/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: My First Helm Chart - Quotes API 3 | name: quotes 4 | type: application 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /chapter7/managing_secrets/quotes/helm_vars/.sops.yaml: -------------------------------------------------------------------------------- 1 | creation_rules: 2 | - pgp: "94346D4E056C5FEAAC79C729EA72447AE3DF747F" 3 | -------------------------------------------------------------------------------- /chapter7/managing_secrets/quotes/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | labels: 5 | app: "{{ .Release.Name }}" 6 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 7 | release: "{{ .Release.Name }}" 8 | heritage: "{{ .Release.Service }}" 9 | name: "{{ .Values.data.name }}-secret" 10 | type: Opaque 11 | data: 12 | mysql_password: "{{ .Values.mysql_password | quote }}" 13 | mysql_root_password: "{{ .Values.mysql_root_password | quote }}" 14 | -------------------------------------------------------------------------------- /chapter7/quotes/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /chapter7/quotes/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: My First Helm Chart - Quotes API 3 | name: quotes 4 | type: application 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /chapter7/quotes/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eon01/LearnKubernetesByBuilding10Projects/b5336932a30bb30391748403c063a90546032217/chapter7/quotes/values.yaml -------------------------------------------------------------------------------- /chapter7/terraform/auth/serviceaccount.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "service_account", 3 | "project_id": "", 4 | "private_key_id": "", 5 | "private_key": "", 6 | "client_email": "", 7 | "client_id": "", 8 | "auth_uri": "https://accounts.google.com/o/oauth2/auth", 9 | "token_uri": "https://oauth2.googleapis.com/token", 10 | "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 11 | "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/terraform%40mykubernetesproject-002.iam.gserviceaccount.com" 12 | } 13 | -------------------------------------------------------------------------------- /chapter7/terraform/gke.tf: -------------------------------------------------------------------------------- 1 | resource "google_container_cluster" "primary" { 2 | name = "mycluster" 3 | network = "default" 4 | location = "europe-west1" 5 | initial_node_count = 1 6 | } 7 | -------------------------------------------------------------------------------- /chapter7/terraform/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file("./auth/serviceaccount.json")}" 3 | project = "mykubernetesproject-002" 4 | region = "europe-west1" 5 | } 6 | -------------------------------------------------------------------------------- /chapter8/ingress_with_static_ip/helm/quotes/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /chapter8/ingress_with_static_ip/helm/quotes/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: My First Helm Chart - Quotes API 3 | name: quotes 4 | type: application 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /chapter8/ingress_with_static_ip/helm/quotes/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: {{ .Values.ingress.name }} 5 | annotations: 6 | nginx.ingress.kubernetes.io/rewrite-target: /$1 7 | kubernetes.io/ingress.global-static-ip-name: {{ .Values.ingress.global_static_ip_name | quote }} 8 | spec: 9 | rules: 10 | {{- range .Values.ingress.spec.rules }} 11 | - host: {{ .host }} 12 | http: 13 | paths: 14 | {{- range .http.paths }} 15 | - path: {{ .path }} 16 | backend: 17 | serviceName: {{ .backend.serviceName }} 18 | servicePort: {{ .backend.servicePort }} 19 | {{- end }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /chapter8/ingress_without_static_ip/helm/quotes/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /chapter8/ingress_without_static_ip/helm/quotes/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: My First Helm Chart - Quotes API 3 | name: quotes 4 | type: application 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /chapter8/ingress_without_static_ip/helm/quotes/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: {{ .Values.ingress.name }} 5 | annotations: 6 | nginx.ingress.kubernetes.io/rewrite-target: /$1 7 | spec: 8 | rules: 9 | {{- range .Values.ingress.spec.rules }} 10 | - host: {{ .host }} 11 | http: 12 | paths: 13 | {{- range .http.paths }} 14 | - path: {{ .path }} 15 | backend: 16 | serviceName: {{ .backend.serviceName }} 17 | servicePort: {{ .backend.servicePort }} 18 | {{- end }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /chapter8/terraform/auth/serviceaccount.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "service_account", 3 | "project_id": "", 4 | "private_key_id": "", 5 | "private_key": "", 6 | "client_email": "", 7 | "client_id": "", 8 | "auth_uri": "https://accounts.google.com/o/oauth2/auth", 9 | "token_uri": "https://oauth2.googleapis.com/token", 10 | "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 11 | "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/terraform%40mykubernetesproject-002.iam.gserviceaccount.com" 12 | } 13 | -------------------------------------------------------------------------------- /chapter8/terraform/gke.tf: -------------------------------------------------------------------------------- 1 | resource "google_container_cluster" "primary" { 2 | name = "mycluster" 3 | network = "default" 4 | location = "europe-west1" 5 | initial_node_count = 1 6 | } 7 | -------------------------------------------------------------------------------- /chapter8/terraform/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file("./auth/serviceaccount.json")}" 3 | project = "mykubernetesproject-002" 4 | region = "europe-west1" 5 | } 6 | -------------------------------------------------------------------------------- /chapter9/helm/quotes/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /chapter9/helm/quotes/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: My First Helm Chart - Quotes API 3 | name: quotes 4 | type: application 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /chapter9/helm/quotes/templates/ambassador-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: ambassador 6 | spec: 7 | type: LoadBalancer 8 | externalTrafficPolicy: Cluster 9 | ports: 10 | - port: 80 11 | protocol: TCP 12 | targetPort: 8080 13 | selector: 14 | service: ambassador 15 | loadBalancerIP: 34.77.129.24 #change me 16 | -------------------------------------------------------------------------------- /chapter9/helm/quotes/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: extensions/v1beta1 2 | # kind: Ingress 3 | # metadata: 4 | # name: {{ .Values.ingress.name }} 5 | # annotations: 6 | # nginx.ingress.kubernetes.io/rewrite-target: /$1 7 | # kubernetes.io/ingress.global-static-ip-name: {{ .Values.ingress.global_static_ip_name | quote }} 8 | # spec: 9 | # rules: 10 | # {{- range .Values.ingress.spec.rules }} 11 | # - host: {{ .host }} 12 | # http: 13 | # paths: 14 | # {{- range .http.paths }} 15 | # - path: {{ .path }} 16 | # backend: 17 | # serviceName: {{ .backend.serviceName }} 18 | # servicePort: {{ .backend.servicePort }} 19 | # {{- end }} 20 | # {{- end }} 21 | -------------------------------------------------------------------------------- /chapter9/terraform/auth/serviceaccount.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "service_account", 3 | "project_id": "", 4 | "private_key_id": "", 5 | "private_key": "", 6 | "client_email": "", 7 | "client_id": "", 8 | "auth_uri": "https://accounts.google.com/o/oauth2/auth", 9 | "token_uri": "https://oauth2.googleapis.com/token", 10 | "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 11 | "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/terraform%40mykubernetesproject-002.iam.gserviceaccount.com" 12 | } 13 | -------------------------------------------------------------------------------- /chapter9/terraform/gke.tf: -------------------------------------------------------------------------------- 1 | resource "google_container_cluster" "primary" { 2 | name = "mycluster" 3 | network = "default" 4 | location = "europe-west1" 5 | initial_node_count = 1 6 | } 7 | -------------------------------------------------------------------------------- /chapter9/terraform/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file("./auth/serviceaccount.json")}" 3 | project = "mykubernetesproject-002" 4 | region = "europe-west1" 5 | } 6 | -------------------------------------------------------------------------------- /quotes.sql: -------------------------------------------------------------------------------- 1 | use mydatabase; 2 | CREATE TABLE `quotes` (`quote` varchar(255) NOT NULL,`id` int(11) NOT NULL AUTO_INCREMENT,PRIMARY KEY (`id`),UNIQUE KEY `id_UNIQUE` (`id`),UNIQUE KEY `quote_UNIQUE` (`quote`)) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=latin1; 3 | INSERT INTO `quotes` VALUES ('Do not stop when you are tired. STOP when you are DONE. --Unknown',4),('Every great story on the planet happened when someone decided not to give up, but kept going no matter what. -- Spryte Loriano',3),('Hard work beats talent when talent does not work hard. --Tim Notke',1),('Life is 10% what happens to you and 90% how you react to it. -- Charles R. Swindoll',5),('test',6),('When you want to succeed as bad as you want to breathe then you will be successful. --Eric Thomas',2); 4 | --------------------------------------------------------------------------------