From c3cb9e394dfc27fc5f6137f94ca1012dc03c1dde Mon Sep 17 00:00:00 2001 From: stefanprodan Date: Thu, 20 Feb 2020 17:49:34 +0200 Subject: [PATCH] Add docs for Istio multi-cluster setup - add istio.kubeconfig options to Helm chart - rename command flag to kubeconfig-service-mesh --- charts/flagger/README.md | 2 ++ charts/flagger/templates/deployment.yaml | 10 +++++----- charts/flagger/values.yaml | 9 ++++++++- cmd/flagger/main.go | 8 ++++---- .../install/flagger-install-on-kubernetes.md | 16 ++++++++++++++++ 5 files changed, 35 insertions(+), 10 deletions(-) diff --git a/charts/flagger/README.md b/charts/flagger/README.md index 88015f9e3..f17900d62 100644 --- a/charts/flagger/README.md +++ b/charts/flagger/README.md @@ -103,6 +103,8 @@ Parameter | Description | Default `affinity` | Node/pod affinities | None `nodeSelector` | Node labels for pod assignment | `{}` `tolerations` | List of node taints to tolerate | `[]` +`istio.kubeconfig.secretName` | The name of the Kubernetes secret containing the Istio shared control plane kubeconfig | None +`istio.kubeconfig.key` | The name of Kubernetes secret data key that contains the Istio control plane kubeconfig | `kubeconfig` Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade`. For example, diff --git a/charts/flagger/templates/deployment.yaml b/charts/flagger/templates/deployment.yaml index ed3e992d9..f5c264a4d 100644 --- a/charts/flagger/templates/deployment.yaml +++ b/charts/flagger/templates/deployment.yaml @@ -43,10 +43,10 @@ spec: - name: {{ .Values.image.pullSecret }} {{- end }} volumes: - {{- if .Values.kubeconfigHost }} + {{- if .Values.istio.kubeconfig.secretName }} - name: kubeconfig secret: - secretName: "{{ .Values.kubeconfigHost }}" + secretName: "{{ .Values.istio.kubeconfig.secretName }}" {{- end }} containers: - name: flagger @@ -54,7 +54,7 @@ spec: readOnlyRootFilesystem: true runAsUser: 10001 volumeMounts: - {{- if .Values.kubeconfigHost }} + {{- if .Values.istio.kubeconfig.secretName }} - name: kubeconfig mountPath: "/tmp/istio-host" {{- end }} @@ -101,8 +101,8 @@ spec: {{- if .Values.eventWebhook }} - -event-webhook={{ .Values.eventWebhook }} {{- end }} - {{- if .Values.kubeconfigHost }} - - -kubeconfig-host=/tmp/istio-host/kubeconfig + {{- if .Values.istio.kubeconfig.secretName }} + - -kubeconfig-service-mesh=/tmp/istio-host/{{ .Values.istio.kubeconfig.key }} {{- end }} livenessProbe: exec: diff --git a/charts/flagger/values.yaml b/charts/flagger/values.yaml index 927fe54f9..3746659e8 100644 --- a/charts/flagger/values.yaml +++ b/charts/flagger/values.yaml @@ -103,4 +103,11 @@ prometheus: # to be used with ingress controllers install: false -kubeconfigHost: "" +# Istio multi-cluster service mesh (shared control plane single-network) +# https://istio.io/docs/setup/install/multicluster/shared-vpn/ +istio: + kubeconfig: + # istio.kubeconfig.secretName: The name of the secret containing the Istio control plane kubeconfig + secretName: "" + # istio.kubeconfig.key: The name of secret data key that contains the Istio control plane kubeconfig + key: "kubeconfig" diff --git a/cmd/flagger/main.go b/cmd/flagger/main.go index a9f271d01..05f1e0aa0 100644 --- a/cmd/flagger/main.go +++ b/cmd/flagger/main.go @@ -58,7 +58,7 @@ var ( leaderElectionNamespace string enableConfigTracking bool ver bool - kubeconfigHost string + kubeconfigServiceMesh string ) func init() { @@ -84,7 +84,7 @@ func init() { flag.StringVar(&leaderElectionNamespace, "leader-election-namespace", "kube-system", "Namespace used to create the leader election config map.") flag.BoolVar(&enableConfigTracking, "enable-config-tracking", true, "Enable secrets and configmaps tracking.") flag.BoolVar(&ver, "version", false, "Print version") - flag.StringVar(&kubeconfigHost, "kubeconfig-host", "", "Path to a kubeconfig for host cluster. Only required if cluster has a host cluster.") + flag.StringVar(&kubeconfigServiceMesh, "kubeconfig-service-mesh", "", "Path to a kubeconfig for the service mesh control plane cluster.") } func main() { @@ -124,8 +124,8 @@ func main() { logger.Fatalf("Error building flagger clientset: %s", err.Error()) } - //if host kube config is there than this should be spawned with host kubeconfig - cfgHost, err := clientcmd.BuildConfigFromFlags(masterURL, kubeconfigHost) + // use a remote cluster for routing if a service mesh kubeconfig is specified + cfgHost, err := clientcmd.BuildConfigFromFlags(masterURL, kubeconfigServiceMesh) if err != nil { logger.Fatalf("Error building host kubeconfig: %v", err) } diff --git a/docs/gitbook/install/flagger-install-on-kubernetes.md b/docs/gitbook/install/flagger-install-on-kubernetes.md index 129d76b6e..e6188f389 100644 --- a/docs/gitbook/install/flagger-install-on-kubernetes.md +++ b/docs/gitbook/install/flagger-install-on-kubernetes.md @@ -30,6 +30,22 @@ helm upgrade -i flagger flagger/flagger \ --set metricsServer=http://prometheus:9090 ``` +For Istio multi-cluster shared control plane you can install Flagger on each remote cluster and set the +Istio control plane host cluster kubeconfig: + +```bash +helm upgrade -i flagger flagger/flagger \ +--namespace=istio-system \ +--set crd.create=false \ +--set meshProvider=istio \ +--set metricsServer=http://istio-cluster-prometheus:9090 \ +--set istio.kubeconfig.secretName=istio-kubeconfig \ +--set istio.kubeconfig.key=kubeconfig +``` + +Note that the Istio control plane kubeconfig must be stored in a Kubernetes secret with a data key named `kubeconfig`. +For more details on how to configure the kubeconfig read the [Istio docs](https://istio.io/docs/setup/install/multicluster/shared-vpn/#credentials). + Deploy Flagger for Linkerd: ```bash