Add istio release scripts

b789e338 · Daishan · c434c574 · b789e338 · b789e338 · b789e338
Commit b789e338 authored Jan 02, 2020 by Daishan
Showing with 94 additions and 0 deletions

istio-service-rbac.yaml scripts/istio/istio-service-rbac.yaml +30 -0

istio-values.yaml scripts/istio/istio-values.yaml +0 -0

update-istio-release scripts/update-istio-release +64 -0

No files found.
--- a/scripts/istio/istio-service-rbac.yaml
+++ b/scripts/istio/istio-service-rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: istio-service-reader
+rules:
+  - apiGroups: [""]
+    resources: ["services/proxy"]
+    resourceNames: ["http:kiali:20001", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"]
+    verbs: ["get", "watch", "list"]
+---
+{{- if .Values.global.members }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: read-istio-service
+  namespace: {{ .Release.Namespace }}
+subjects:
+  {{- range $member := .Values.global.members }}
+  - kind: {{ $member.kind }}
+    name: {{ $member.name }}
+    apiGroup: rbac.authorization.k8s.io
+  {{- end }}
+roleRef:
+  kind: Role
+  name: istio-service-reader
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
\ No newline at end of file
--- a/scripts/istio/istio-values.yaml
+++ b/scripts/istio/istio-values.yaml
--- a/scripts/update-istio-release
+++ b/scripts/update-istio-release
+#!/usr/bin/env bash
+set -e
+# Script to update istio release. This script will download istio and istio-init and combine them into a single rancher chart
+# To use this script, run
+#
+# ./scripts/update-istio ${istio_version}
+#
+# For example, to update istio 1.4.2, run
+#
+# ./scripts/update-istio 1.4.2
+#
+# To just copy vanilla istio helm charts, run
+# VANILLA=true ./scripts/update-istio-release 1.4.2
+# ./
+# Requirement: yq(https://github.com/mikefarah/yq)
+# Download istio release
+mkdir -p charts/rancher-istio/${1}
+curl -sL https://storage.googleapis.com/istio-release/releases/${1}/charts/istio-${1}.tgz | tar xvzf - -C charts/rancher-istio/${1} --strip 1
+if [[ -n "$VANILLA" ]]; then
+  exit 0
+fi
+# Configure istio-init CRD
+# The following script downloads istio-init CRD helm charts, extract these into CRD templates and adds crd-install hooks.
+mkdir -p charts/rancher-istio/${1}/charts/istio-init
+curl -sL https://storage.googleapis.com/istio-release/releases/${1}/charts/istio-init-${1}.tgz | tar xvzf - -C charts/rancher-istio/${1}/charts/istio-init --strip 1
+for file in charts/rancher-istio/${1}/charts/istio-init/files/*
+do
+sed -i '$d' ${file}
+yq w -d'*' ${file} metadata.annotations\[helm.sh/hook\] crd-install > charts/rancher-istio/${1}/templates/${file##*/}
+done
+for file in charts/rancher-istio/${1}/templates/crd-certmanager-*.yaml
+do
+content=$(cat $file)
+cat > ${file} << EOF
+{{- if .Values.certmanager.enabled }}
+$content
+{{- end }}
+EOF
+done
+rm -r charts/rancher-istio/${1}/charts/istio-init
+# Add question.yaml
+cat > charts/rancher-istio/${1}/questions.yaml << EOF
+labels:
+  rancher.istio.v${1}: ${1}
+rancher_min_version: 2.3.0-rc1
+EOF
+# Replace the name of the chart
+sed -i 's/name: istio/name: rancher-istio/g' charts/rancher-istio/${1}/Chart.yaml
+# Replace istio kubectl images
+sed -i 's/"{{ .Values.global.hub }}\/kubectl:{{ .Values.global.tag }}"/"{{ .Values.global.hub }}\/istio-kubectl:{{ .Values.global.tag }}"/g' charts/rancher-istio/${1}/charts/security/templates/*.yaml
+# Istio-values.yaml is rancher specific customization yaml
+cat ./scripts/istio/istio-values.yaml > charts/rancher-istio/${1}/values.yaml
+cat ./scripts/istio/istio-service-rbac.yaml > charts/rancher-istio/${1}/templates/istio-service-rbac.yaml
\ No newline at end of file