aws-quickstart · shapirov103 · Feb 28, 2024 · Feb 13, 2024 · Feb 13, 2024 · Feb 13, 2024
@@ -43,6 +43,8 @@ The framework currently supports the following add-ons.
 | [`IstioBaseAddOn`](./istio-base.md)                                  | Adds support for Istio base chart to the EKS cluster. | ✅ | ✅ |
 | [`InstanaAddOn`](./instana-addon.md)                                  | Adds the IBM® [Instana®](https://www.ibm.com/products/instana) [Agent Operator](https://github.com/instana/instana-agent-operator) to the EKS cluster. | ✅ | ✅ |
 | [`IstioControlPlaneAddOn`](./istio-control-plane.md)                | Installs Istio Control Plane addon to the EKS cluster. | ✅ | ✅ |
+| [`IstioCniAddOn`](./istio-cni.md)                | Installs Istio Cni Plugin addon to the EKS cluster. | ✅ | ✅ |
+| [`IstioIngressGatewayAddOn`](./istio-ingress-gateway.md)                | Installs Istio Ingress Gateway Plugin to the EKS cluster. | ✅ | ✅ |
 | [`JupyterHubAddOn`](./jupyterhub.md)                                   | Adds [JupyterHub](https://zero-to-jupyterhub.readthedocs.io/en/latest/#) support for AWS to the cluster.                               | ✅ | ✅ |
 | [`Kasten-K10AddOn`](./kasten-k10.md)                          | Kasten K10 add-on installs Kasten K10 into your Amazon EKS cluster. | ✅ | 
 | [`KedaAddOn`](./keda.md)                                      | Installs [Keda](https://github.com/kedacore/keda) into EKS cluster. | ✅ | ✅ |

@@ -0,0 +1,61 @@
+# Istio Cni Add-on
+
+Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. The Istio CNI plugin performs the Istio mesh pod traffic redirection in the Kubernetes pod lifecycle’s network setup phase, thereby removing the requirement for the NET_ADMIN and NET_RAW capabilities for users deploying pods into the Istio mesh. 
+
+***IMPORTANT***:
+
+1. This add-on depends on [Istio Base](istio-base.md) and [istio Control Plane](istio-control-plane.md) Add-ons for cluster-wide resources and CRDs.
+
+***Istio Base add-on and Istio Control Plane addon-on must be present in add-on array*** and ***must be in add-on array before the Istio Cni add-on*** for it to work, as shown in below example. Otherwise will run into error `Assertion failed: Missing a dependency for IstioBaseAddOn`.
+
+## Usage
+
+Add the following as an add-on to your main.ts file to add Istio Control Plane to your cluster
+
+```typescript
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import * as blueprints from '@aws-quickstart/eks-blueprints';
+
+const app = new cdk.App();
+
+const istioBase = new blueprints.addons.IstioBaseAddOn();
+const istioControlPlane = new blueprints.addons.IstioControlPlaneAddOn()
+const istioCni = new blueprints.addons.IstioCniAddOn()
+
+const addOns: Array<blueprints.ClusterAddOn> = [ istioBase, istioControlPlane, istioCni ];
+
+const blueprint = blueprints.EksBlueprint.builder()
+  .version("auto")
+  .addOns(...addOns)
+  .build(app, 'my-stack-name');
+```
+
+To validate that installation is successful run the following command:
+
+```bash
+$ kubectl get all -n istio-system
+NAME                                  READY   STATUS    RESTARTS   AGE
+pod/istio-cni-node-6w5fb              1/1     Running   0          4m25s
+pod/istio-cni-node-nbwbn              1/1     Running   0          4m25s
+pod/istiod-6c7b79d8cc-mwk4c           1/1     Running   0          4m43s
+
+NAME                     TYPE           CLUSTER-IP       EXTERNAL-IP                                                              PORT(S)                                      AGE
+service/istiod           ClusterIP      172.20.237.63    <none>                                                                   15010/TCP,15012/TCP,443/TCP,15014/TCP        4m43s
+
+NAME                            DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
+daemonset.apps/istio-cni-node   2         2         2       2            2           kubernetes.io/os=linux   4m25s
+
+NAME                             READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/istiod           1/1     1            1           4m43s
+
+NAME                                        DESIRED   CURRENT   READY   AGE
+replicaset.apps/istiod-6c7b79d8cc           1         1         1       4m43s
+
+NAME                                                 REFERENCE                   TARGETS   MINPODS   MAXPODS   REPLICAS   AGE
+horizontalpodautoscaler.autoscaling/istiod           Deployment/istiod           0%/80%    1         5         1          4m43s
+```
+
+## Functionality
+
+1. Installs Istio CNI plugin performs the Istio mesh pod traffic redirection in the Kubernetes pod lifecycle’s network setup.
@@ -0,0 +1,61 @@
+# Istio Ingress Gateway Add-on
+
+Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. An Ingress gateway is a load balancer that handles incoming HTTP and HTTPS traffic to the mesh. It can be used to expose services to the internet, or to enable communication between services within the mesh. Istio Ingress Gateway Add-on installs Istio Ingress Gateway implementing a Kubernetes gateway resource and a set of Envoy proxy instances.
+
+***IMPORTANT***:
+
+1. This add-on depends on [Istio Base](istio-base.md) and [istio Control Plane](istio-control-plane.md) Add-ons for cluster-wide resources and CRDs.
+
+***Istio Base add-on and Istio Control Plane addon-on must be present in add-on array*** and ***must be in add-on array before the Istio Ingress Gateway add-on*** for it to work, as shown in below example. Otherwise will run into error `Assertion failed: Missing a dependency for IstioBaseAddOn`.
+
+## Usage
+
+Add the following as an add-on to your main.ts file to add Istio Control Plane to your cluster
+
+```typescript
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import * as blueprints from '@aws-quickstart/eks-blueprints';
+
+const app = new cdk.App();
+
+const istioBase = new blueprints.addons.IstioBaseAddOn();
+const istioControlPlane = new blueprints.addons.IstioControlPlaneAddOn()
+const istioIngressGateway = new blueprints.addons.IstioIngressGatewayAddOn()
+
+const addOns: Array<blueprints.ClusterAddOn> = [ istioBase, istioControlPlane, istioIngressGateway ];
+
+const blueprint = blueprints.EksBlueprint.builder()
+  .version("auto")
+  .addOns(...addOns)
+  .build(app, 'my-stack-name');
+```
+
+To validate that installation is successful run the following command:
+
+```bash
+$ kubectl get all -n istio-system
+NAME                                  READY   STATUS    RESTARTS   AGE
+pod/ingressgateway-686c75b54c-qgmd4   1/1     Running   0          4m25s
+pod/istiod-6c7b79d8cc-mwk4c           1/1     Running   0          4m43s
+
+NAME                     TYPE           CLUSTER-IP       EXTERNAL-IP                                                              PORT(S)                                      AGE
+service/ingressgateway   LoadBalancer   172.20.141.148   a2b87c2b0a6d64bfe9e99b29308ae0ad-449071982.us-east-1.elb.amazonaws.com   15021:30586/TCP,80:32662/TCP,443:30891/TCP   4m25s
+service/istiod           ClusterIP      172.20.237.63    <none>                                                                   15010/TCP,15012/TCP,443/TCP,15014/TCP        4m43s
+
+NAME                             READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/ingressgateway   1/1     1            1           4m25s
+deployment.apps/istiod           1/1     1            1           4m43s
+
+NAME                                        DESIRED   CURRENT   READY   AGE
+replicaset.apps/ingressgateway-686c75b54c   1         1         1       4m25s
+replicaset.apps/istiod-6c7b79d8cc           1         1         1       4m43s
+
+NAME                                                 REFERENCE                   TARGETS   MINPODS   MAXPODS   REPLICAS   AGE
+horizontalpodautoscaler.autoscaling/ingressgateway   Deployment/ingressgateway   2%/80%    1         5         1          4m25s
+horizontalpodautoscaler.autoscaling/istiod           Deployment/istiod           0%/80%    1         5         1          4m43s
+```
+
+## Functionality
+
+1. Istio Ingress Gateway Add-on installs Istio Ingress Gateway implementing a Kubernetes gateway resource and a set of Envoy proxy instances.
@@ -77,6 +77,8 @@ export default class BlueprintConstruct {
             // new blueprints.addons.CloudWatchInsights(),
             new blueprints.addons.IstioBaseAddOn(),
             new blueprints.addons.IstioControlPlaneAddOn(),
+            new blueprints.addons.IstioCniAddon(),
+            new blueprints.addons.IstioIngressGatewayAddon(),
             new blueprints.addons.CalicoOperatorAddOn(),
             new blueprints.addons.MetricsServerAddOn(),
             new blueprints.addons.SecretsStoreAddOn(),

@@ -46,8 +46,10 @@ export * from './keda';
 export * from './kubevious';
 export * from './ebs-csi-driver';
 export * from './efs-csi-driver';
-export * from './istio-base';
-export * from './istio-control-plane';
+export * from './istio-addons/istio-base';
+export * from './istio-addons/istio-control-plane';
+export * from './istio-addons/istio-cni';
+export * from './istio-addons/istio-ingress-gateway';
 export * from './knative-operator';
 export * from './jupyterhub';
 export * from './emr-on-eks';

@@ -0,0 +1,27 @@
+import { Construct } from 'constructs';
+import { ClusterInfo } from "../../spi";
+import { HelmAddOn, HelmAddOnProps } from "../helm-addon";
+import { dependable, supportsALL } from '../../utils';
+
+const defaultProps: HelmAddOnProps = {
+    name: 'istio-cni',
+    release: 'cni',
+    namespace: 'istio-system',
+    chart: 'cni',
+    version: "1.20.1",
+    repository: 'https://istio-release.storage.googleapis.com/charts',
+    values: {}, 
+};
+
+@supportsALL
+export class IstioCniAddon extends HelmAddOn {
+
+    constructor() {
+        super({...defaultProps});
+    }
+    @dependable('IstioBaseAddOn','IstioControlPlaneAddOn')
+    deploy(clusterInfo: ClusterInfo): void | Promise<Construct> {
+        const chart = this.addHelmChart(clusterInfo, this.props.values);
+        return Promise.resolve(chart);
+    }
+}
@@ -3,7 +3,7 @@ import merge from "ts-deepmerge";
 import { ClusterInfo } from "../../spi";
 import { HelmAddOn, HelmAddOnUserProps } from "../helm-addon";
 import { dependable, supportsALL } from '../../utils';
-import { ValuesSchema } from "./values";
+import { ValuesSchema } from "./istio-control-plane-values";
 
 export interface IstioControlPlaneAddOnProps extends HelmAddOnUserProps {
     values?: ValuesSchema

@@ -0,0 +1,27 @@
+import { Construct } from 'constructs';
+import { ClusterInfo } from "../../spi";
+import { HelmAddOn, HelmAddOnProps } from "../helm-addon";
+import { dependable, supportsALL } from '../../utils';
+
+const defaultProps: HelmAddOnProps = {
+    name: 'istio-ingressgateway',
+    release: 'ingressgateway',
+    namespace: 'istio-system',
+    chart: 'gateway',
+    version: "1.20.1",
+    repository: 'https://istio-release.storage.googleapis.com/charts',
+    values: {},
+};
+
+@supportsALL
+export class IstioIngressGatewayAddon extends HelmAddOn {
+
+    constructor() { 
+        super({...defaultProps});
+    }
+    @dependable('IstioBaseAddOn','IstioControlPlaneAddOn')
+    deploy(clusterInfo: ClusterInfo): void | Promise<Construct> {
+        const chart = this.addHelmChart(clusterInfo, this.props.values);
+        return Promise.resolve(chart);
+    }
+}
@@ -54,6 +54,8 @@ nav:
     - IBM Instana: 'addons/instana-addon.md'
     - Istio Base: 'addons/istio-base.md'
     - Istio Control Plane: 'addons/istio-control-plane.md'
+    - Istio CNI: 'addons/istio-cni.md'
+    - Istio Ingress Gateway: 'addons/istio-ingress-gateway.md'
     - JupyterHub: 'addons/jupyterhub.md'
     - Karpenter: 'addons/karpenter.md'
     - Kasten: 'addons/kasten-k10.md'