Skip to content

An operator for syncing Cloud Map data into Istio

License

Notifications You must be signed in to change notification settings

forkkit/istio-cloud-map

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Istio Cloud Map Operator

This repo contains an operator for syncing Cloud Map data into Istio by pushing ServiceEntry CRDs to the Kube API server.

Deploying to your Kubernetes cluster

  1. Create an AWS IAM identity with read access to AWS Cloud Map for the operator to use.
  2. Create a Kubernetes secret with the Access Key ID and Secret Access Key of the identity you just created in the namespace you want to deploy the Istio Cloud Map Operator:
apiVersion: v1
kind: Secret
metadata:
  name: aws-credz
  namespace: istio-system
type: Opaque
data:
  access-key-id: <base64-encoded-IAM-access-key-id>
  secret-access-key: <base64-encoded-IAM-secret-access-key>
  1. Edit the aws-config config map in kubernetes/deployment.yaml to choose the AWS Cloud Map region to sync with.
  2. Deploy the Istio Cloud Map Operator:
$ kubectl apply -f kubernetes/rbac.yaml -f kubernetes/deployment.yaml
  1. Verify that your ServiceEntries have been populated with the information in Cloud Map; there should be one ServiceEntry for every service in Cloud Map:
$ kubectl get serviceentries
NAME                                       CREATED AT
cloudmap-dev.null.demo.tetrate.io          17h
cloudmap-test-server.cloudmap.tetrate.io   17h
$ kubectl get serviceentries cloudmap-test-server.cloudmap.tetrate.io -o yaml
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: cloudmap-test-server.cloudmap.tetrate.io
  namespace: default
spec:
  addresses:
  - 172.31.37.168
  endpoints:
  - address: 172.31.37.168
    ports:
      http: 80
      https: 443
  hosts:
  - test-server.cloudmap.tetrate.io
  ports:
  - name: http
    number: 80
    protocol: HTTP
  - name: https
    number: 443
    protocol: HTTPS
  resolution: STATIC

Note: If you need to be able to resolve your services via DNS (as opposed to making the requests to a random IP and setting the Host header), either enable DNS propagation in your VPC peering configuration or install the Istio CoreDNS plugin.

Building

Build with the makefile by:

make deps # only needs to be done once
make      # or `make build`

Run with

make run

And produce docker containers via:

make docker-build
make docker-push

You can override the hub and tag using the CONTAINER_REGISTRY and CONTAINER_TAG environment variables:

env CONTAINER_REGISTRY=gcr.io/tetratelabs CONTAINER_TAG=v0.1 \
    make docker-push

Alternatively, just use go:

dep ensure
go build -o istio-cloud-map github.com/tetratelabs/istio-cloud-map/cmd/istio-cloud-map

Running Locally

To run locally:

make run
# or
make docker-run

or via go:

go build -o istio-cloud-map github.com/tetratelabs/istio-cloud-map/cmd/istio-cloud-map
./istio-cloud-map serve --kube-config ~/.kube/config

In particular the controller needs its --kube-config flag set to talk to the remote API server. If no flag is set, the controller assumes it is deployed into a Kubernetes cluster and attempts to contact the API server directly.

About

An operator for syncing Cloud Map data into Istio

Resources

License

Stars

Watchers

Forks

Packages

No packages published