kustomize

kubeflow/kfapp/kustomize/istio/base/README.md

@@ -0,0 +1,7 @@
+# Manifest for Istio in Kubeflow
+
+- `install` dir contains the manifest to install Istio
+- kf-istio-resources.yaml has
+  - Gateway for routing
+  - VirtualService for Grafana
+  - ServiceEntry and VirtualService for egress traffic

kubeflow/kfapp/kustomize/istio/base/kf-istio-resources.yaml

@@ -0,0 +1,110 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: kubeflow-gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+    - "*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: grafana-vs
+spec:
+  hosts:
+  - "*"
+  gateways:
+  - "kubeflow-gateway"
+  http:
+  - match:
+    - uri:
+        prefix: "/istio/grafana/"
+      method:
+        exact: "GET"
+    rewrite:
+      uri: "/"
+    route:
+    - destination:
+        host: "grafana.istio-system.svc.cluster.local"
+        port:
+          number: 3000
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: google-api-entry
+spec:
+  hosts:
+  - www.googleapis.com
+  ports:
+  - number: 443
+    name: https
+    protocol: HTTPS
+  resolution: DNS
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: google-api-vs
+spec:
+  hosts:
+  - www.googleapis.com
+  tls:
+  - match:
+    - port: 443
+      sni_hosts:
+      - www.googleapis.com
+    route:
+    - destination:
+        host: www.googleapis.com
+        port:
+          number: 443
+      weight: 100
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: google-storage-api-entry
+spec:
+  hosts:
+  - storage.googleapis.com
+  ports:
+  - number: 443
+    name: https
+    protocol: HTTPS
+  resolution: DNS
+  location: MESH_EXTERNAL
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: google-storage-api-vs
+spec:
+  hosts:
+  - storage.googleapis.com
+  tls:
+  - match:
+    - port: 443
+      sni_hosts:
+      - storage.googleapis.com
+    route:
+    - destination:
+        host: storage.googleapis.com
+        port:
+          number: 443
+      weight: 100
+---
+apiVersion: rbac.istio.io/v1alpha1
+kind: ClusterRbacConfig
+metadata:
+  name: default
+spec:
+  mode: $(clusterRbacConfig)

kubeflow/kfapp/kustomize/istio/base/kustomization.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- kf-istio-resources.yaml
+namespace: kubeflow
+configMapGenerator:
+- name: istio-parameters
+  env: params.env
+vars:
+- name: clusterRbacConfig
+  objref:
+    kind: ConfigMap
+    name: istio-parameters
+    apiVersion: v1
+  fieldref:
+    fieldpath: data.clusterRbacConfig
+configurations:
+ - params.yaml

kubeflow/kfapp/kustomize/istio/base/params.env

@@ -0,0 +1 @@
+clusterRbacConfig=OFF

kubeflow/kfapp/kustomize/istio/base/params.yaml

@@ -0,0 +1,3 @@
+varReference:
+- path: spec/mode
+  kind: ClusterRbacConfig