From eedff24c4ea13653c723d0990951047b6e3b34a0 Mon Sep 17 00:00:00 2001 From: Gordon Byers Date: Wed, 7 Jun 2023 10:07:02 +0100 Subject: [PATCH] Istio service mesh (#590) * istio swap for osm * spelling * case issue * fixing failed deploy --- ...servicemesh.json => istioServiceMesh.json} | 6 ++--- bicep/main.bicep | 24 ++++++++++++++++--- cspell.json | 1 + helper/src/components/addonsTab.js | 15 +++++++++--- helper/src/components/deployTab.js | 2 +- helper/src/config.json | 2 +- 6 files changed, 39 insertions(+), 11 deletions(-) rename .github/workflows_dep/regressionparams/{openservicemesh.json => istioServiceMesh.json} (69%) diff --git a/.github/workflows_dep/regressionparams/openservicemesh.json b/.github/workflows_dep/regressionparams/istioServiceMesh.json similarity index 69% rename from .github/workflows_dep/regressionparams/openservicemesh.json rename to .github/workflows_dep/regressionparams/istioServiceMesh.json index ae4e3ff3f..94909b8b2 100644 --- a/.github/workflows_dep/regressionparams/openservicemesh.json +++ b/.github/workflows_dep/regressionparams/istioServiceMesh.json @@ -3,10 +3,10 @@ "contentVersion": "1.0.0.0", "parameters": { "resourceName": { - "value": "az-k8s-osmd" + "value": "az-k8s-ist" }, - "openServiceMeshAddon" : { - "value" : true + "serviceMeshProfile" : { + "value" : "Istio" } } } diff --git a/bicep/main.bicep b/bicep/main.bicep index 510068810..abe68b04e 100644 --- a/bicep/main.bicep +++ b/bicep/main.bicep @@ -1094,7 +1094,6 @@ param warIngressNginx bool = false @description('The name of the NEW resource group to create the AKS cluster managed resources in') param managedNodeResourceGroup string = '' - // Preview feature requires: az feature register --namespace "Microsoft.ContainerService" --name "NRGLockdownPreview" @allowed([ 'ReadOnly' @@ -1103,6 +1102,25 @@ param managedNodeResourceGroup string = '' @description('The restriction level applied to the cluster node resource group') param restrictionLevelNodeResourceGroup string = 'Unrestricted' +@allowed(['', 'Istio']) +@description('The service mesh profile to use') +param serviceMeshProfile string = '' + +@description('The ingress gateway to use for the Istio service mesh') +param istioIngressGatewayMode string = '' + +var serviceMeshProfileObj = { + istio: { + components: { + ingressGateways: empty(istioIngressGatewayMode) ? null : [{ + enabled: true + mode: istioIngressGatewayMode + }] + } + } + mode: 'Istio' +} + @description('System Pool presets are derived from the recommended system pool specs') var systemPoolPresets = { CostOptimised : { @@ -1159,7 +1177,6 @@ var systemPoolBase = { var agentPoolProfiles = JustUseSystemPool ? array(systemPoolBase) : concat(array(union(systemPoolBase, SystemPoolType=='Custom' && SystemPoolCustomPreset != {} ? SystemPoolCustomPreset : systemPoolPresets[SystemPoolType]))) - output userNodePoolName string = nodePoolName output systemNodePoolName string = JustUseSystemPool ? nodePoolName : 'npsystem' @@ -1312,7 +1329,8 @@ var aksProperties = union({ aksOutboundTrafficType == 'managedNATGateway' ? managedNATGatewayProfile : {}, defenderForContainers && createLaw ? azureDefenderSecurityProfile : {}, keyVaultKmsCreateAndPrereqs || !empty(keyVaultKmsByoKeyId) ? azureKeyVaultKms : {}, -!empty(managedNodeResourceGroup) ? { nodeResourceGroup: managedNodeResourceGroup} : {} +!empty(managedNodeResourceGroup) ? { nodeResourceGroup: managedNodeResourceGroup} : {}, +!empty(serviceMeshProfile) ? { serviceMeshProfile: serviceMeshProfileObj } : {} ) resource aks 'Microsoft.ContainerService/managedClusters@2023-03-02-preview' = { diff --git a/cspell.json b/cspell.json index e3fbf8bd5..89648d69f 100644 --- a/cspell.json +++ b/cspell.json @@ -71,6 +71,7 @@ "ilbsub", "Inconsolata", "initializr", + "Istio", "jsondecode", "jsonencode", "Jumpboxes", diff --git a/helper/src/components/addonsTab.js b/helper/src/components/addonsTab.js index e5879aa8b..12cb73785 100644 --- a/helper/src/components/addonsTab.js +++ b/helper/src/components/addonsTab.js @@ -505,10 +505,19 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray }) { - updateFn("openServiceMeshAddon", v)} label="Install the Open Service Mesh AddOn" /> + updateFn("serviceMeshProfile", v ? "Istio" : "")} + label="Install the Istio Service Mesh AddOn (Preview)" /> + { + addons.serviceMeshProfile && + ( ) + } diff --git a/helper/src/components/deployTab.js b/helper/src/components/deployTab.js index 78f15cb5c..d064a8592 100644 --- a/helper/src/components/deployTab.js +++ b/helper/src/components/deployTab.js @@ -81,7 +81,7 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray, ...( addons.createAksMetricAlerts !== defaults.addons.createAksMetricAlerts && {createAksMetricAlerts: addons.createAksMetricAlerts }) }), ...(addons.networkPolicy !== "none" && !net.ebpfDataplane && { networkPolicy: addons.networkPolicy }), - ...(defaults.addons.openServiceMeshAddon !== addons.openServiceMeshAddon && {openServiceMeshAddon: addons.openServiceMeshAddon }), + ...(defaults.addons.serviceMeshProfile !== addons.serviceMeshProfile && {serviceMeshProfile: addons.serviceMeshProfile }), ...(addons.azurepolicy !== "none" && { azurepolicy: addons.azurepolicy }), ...(addons.azurepolicy !== "none" && addons.azurePolicyInitiative !== defaults.addons.azurePolicyInitiative && { azurePolicyInitiative: addons.azurePolicyInitiative }), ...(net.networkPlugin !== defaults.net.networkPlugin && {networkPlugin: net.networkPlugin}), diff --git a/helper/src/config.json b/helper/src/config.json index 48774b2e1..5cd4842de 100644 --- a/helper/src/config.json +++ b/helper/src/config.json @@ -71,7 +71,7 @@ "fluxGitOpsAddon": false, "networkPolicy": "none", "kedaAddon": false, - "openServiceMeshAddon": false, + "serviceMeshProfile": "", "blobCSIDriver": false, "fileCSIDriver": true, "diskCSIDriver": true,