diff --git a/cmd/minikube/cmd/config/config.go b/cmd/minikube/cmd/config/config.go index d15b7a43b7..34579142a9 100644 --- a/cmd/minikube/cmd/config/config.go +++ b/cmd/minikube/cmd/config/config.go @@ -147,6 +147,18 @@ var settings = []Setting{ validations: []setFn{IsValidAddon}, callbacks: []setFn{EnableOrDisableAddon}, }, + { + name: "istio-provisioner", + set: SetBool, + validations: []setFn{IsValidAddon}, + callbacks: []setFn{EnableOrDisableAddon}, + }, + { + name: "istio", + set: SetBool, + validations: []setFn{IsValidAddon}, + callbacks: []setFn{EnableOrDisableAddon}, + }, { name: "addon-manager", set: SetBool, diff --git a/cmd/minikube/cmd/config/util.go b/cmd/minikube/cmd/config/util.go index 56afdcbb4d..dc8d9e88bb 100644 --- a/cmd/minikube/cmd/config/util.go +++ b/cmd/minikube/cmd/config/util.go @@ -32,6 +32,7 @@ import ( "k8s.io/minikube/pkg/minikube/machine" "k8s.io/minikube/pkg/minikube/out" "k8s.io/minikube/pkg/minikube/storageclass" + pkgutil "k8s.io/minikube/pkg/util" ) // defaultStorageClassProvisioner is the name of the default storage class provisioner @@ -125,6 +126,16 @@ func EnableOrDisableAddon(name string, val string) error { return nil } + if name == "istio" && enable { + minMem := 8192 + minCpus := 4 + memorySizeMB := pkgutil.CalculateSizeInMB(viper.GetString("memory")) + cpuCount := viper.GetInt("cpus") + if memorySizeMB < minMem || cpuCount < minCpus { + out.WarningT("Enable istio needs {{.minMem}} MB of memory and {{.minCpus}} CPUs.", out.V{"minMem": minMem, "minCpus": minCpus}) + } + } + // TODO(r2d4): config package should not reference API, pull this out api, err := machine.NewAPIClient() if err != nil { diff --git a/deploy/addons/addon-manager.yaml.tmpl b/deploy/addons/addon-manager.yaml.tmpl index 469fa1a783..7dc07dcdaa 100644 --- a/deploy/addons/addon-manager.yaml.tmpl +++ b/deploy/addons/addon-manager.yaml.tmpl @@ -33,6 +33,8 @@ spec: value: "5" - name: ADDON_MANAGER_LEADER_ELECTION value: "false" + - name: KUBECTL_EXTRA_PRUNE_WHITELIST + value: install.istio.io/v1alpha2/IstioControlPlane imagePullPolicy: IfNotPresent resources: requests: diff --git a/deploy/addons/istio-provisioner/istio-operator.yaml.tmpl b/deploy/addons/istio-provisioner/istio-operator.yaml.tmpl new file mode 100644 index 0000000000..0ac264461f --- /dev/null +++ b/deploy/addons/istio-provisioner/istio-operator.yaml.tmpl @@ -0,0 +1,271 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: istio-operator + labels: + kubernetes.io/minikube-addons: istio + addonmanager.kubernetes.io/mode: EnsureExists +... +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: istiocontrolplanes.install.istio.io + labels: + kubernetes.io/minikube-addons: istio + addonmanager.kubernetes.io/mode: EnsureExists +spec: + group: install.istio.io + names: + kind: IstioControlPlane + listKind: IstioControlPlaneList + plural: istiocontrolplanes + singular: istiocontrolplane + shortNames: + - icp + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: 'Specification of the desired state of the istio control plane resource. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + status: + description: 'Status describes each of istio control plane component status at the current time. + 0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING. + More info: https://github.com/istio/operator/blob/master/pkg/apis/istio/v1alpha2/v1alpha2.pb.html & + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + versions: + - name: v1alpha2 + served: true + storage: true +... +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: istio-operator + name: istio-operator + labels: + kubernetes.io/minikube-addons: istio + addonmanager.kubernetes.io/mode: EnsureExists +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: istio-operator + labels: + kubernetes.io/minikube-addons: istio + addonmanager.kubernetes.io/mode: EnsureExists +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +... +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-operator + labels: + kubernetes.io/minikube-addons: istio + addonmanager.kubernetes.io/mode: EnsureExists +subjects: +- kind: ServiceAccount + name: istio-operator + namespace: istio-operator +roleRef: + kind: ClusterRole + name: istio-operator + apiGroup: rbac.authorization.k8s.io +... +--- +apiVersion: v1 +kind: Service +metadata: + namespace: istio-operator + labels: + name: istio-operator + kubernetes.io/minikube-addons: istio + addonmanager.kubernetes.io/mode: EnsureExists + name: istio-operator-metrics +spec: + ports: + - name: http-metrics + port: 8383 + targetPort: 8383 + selector: + name: istio-operator +... +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: istio-operator + name: istio-operator + labels: + kubernetes.io/minikube-addons: istio + addonmanager.kubernetes.io/mode: Reconcile +spec: + replicas: 1 + selector: + matchLabels: + name: istio-operator + template: + metadata: + labels: + name: istio-operator + kubernetes.io/minikube-addons: istio + addonmanager.kubernetes.io/mode: EnsureExists + spec: + serviceAccountName: istio-operator + containers: + - name: istio-operator + image: docker.io/istio/operator:1.4.0 + command: + - istio-operator + - server + imagePullPolicy: Always + resources: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi + env: + - name: WATCH_NAMESPACE + value: "" + - name: LEADER_ELECTION_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "istio-operator" +... diff --git a/deploy/addons/istio/README.md b/deploy/addons/istio/README.md new file mode 100644 index 0000000000..45e2f3562b --- /dev/null +++ b/deploy/addons/istio/README.md @@ -0,0 +1,26 @@ +## istio Addon +[istio](https://istio.io/docs/setup/getting-started/) - Cloud platforms provide a wealth of benefits for the organizations that use them. + +### Enabling istio +Propose to startup minikube with at least 8192 MB of memory and 4 CPUs to enable istio. +To enable this addon, simply run: + +```shell script +minikube addons enable istio +``` + +In a minute or so istio default components will be installed into your cluster. You could run `kubectl get po -n istio-system` to see the progress for istio installation. + +### Testing installation + +```shell script +kubectl get po -n istio-system +``` + +If everything went well you shouldn't get any errors about istio being installed in your cluster. If you haven't deployed any releases `kubectl get po -n istio-system` won't return anything. + +### Deprecation of istio +To disable this addon, simply run: +```shell script +minikube addons disable istio +``` diff --git a/deploy/addons/istio/istio-default-profile.yaml.tmpl b/deploy/addons/istio/istio-default-profile.yaml.tmpl new file mode 100644 index 0000000000..036c6f31dd --- /dev/null +++ b/deploy/addons/istio/istio-default-profile.yaml.tmpl @@ -0,0 +1,10 @@ +apiVersion: install.istio.io/v1alpha2 +kind: IstioControlPlane +metadata: + namespace: istio-operator + name: example-istiocontrolplane + labels: + kubernetes.io/minikube-addons: istio + addonmanager.kubernetes.io/mode: Reconcile +spec: + profile: default diff --git a/deploy/addons/layouts/istio/single.html b/deploy/addons/layouts/istio/single.html new file mode 100644 index 0000000000..620f9d82b6 --- /dev/null +++ b/deploy/addons/layouts/istio/single.html @@ -0,0 +1,5 @@ +{{ define "main" }} +
+ {{ .Render "content" }} +
+{{ end }} \ No newline at end of file diff --git a/pkg/minikube/assets/addons.go b/pkg/minikube/assets/addons.go index 9184ec1d6b..94d7e92009 100644 --- a/pkg/minikube/assets/addons.go +++ b/pkg/minikube/assets/addons.go @@ -190,6 +190,22 @@ var Addons = map[string]*Addon{ "0640", true), }, false, "ingress"), + "istio-provisioner": NewAddon([]*BinAsset{ + MustBinAsset( + "deploy/addons/istio-provisioner/istio-operator.yaml.tmpl", + vmpath.GuestAddonsDir, + "istio-operator.yaml", + "0640", + true), + }, true, "istio-provisioner"), + "istio": NewAddon([]*BinAsset{ + MustBinAsset( + "deploy/addons/istio/istio-default-profile.yaml.tmpl", + vmpath.GuestAddonsDir, + "istio-default-profile.yaml", + "0640", + false), + }, false, "istio"), "metrics-server": NewAddon([]*BinAsset{ MustBinAsset( "deploy/addons/metrics-server/metrics-apiservice.yaml.tmpl", diff --git a/site/config.toml b/site/config.toml index 2fb52f416b..53f04cb0ce 100644 --- a/site/config.toml +++ b/site/config.toml @@ -40,6 +40,9 @@ blog = "/:section/:year/:month/:day/:slug/" [[module.mounts]] source = "../deploy/addons/helm-tiller/" target = "content/helm-tiller/" + [[module.mounts]] + source = "../deploy/addons/istio/" + target = "content/istio/" [[module.mounts]] source = "../deploy/addons/ingress-dns/" target = "content/ingress-dns/" diff --git a/site/content/en/docs/Tasks/addons.md b/site/content/en/docs/Tasks/addons.md index 8a490185c3..9cecd406bd 100644 --- a/site/content/en/docs/Tasks/addons.md +++ b/site/content/en/docs/Tasks/addons.md @@ -23,6 +23,7 @@ minikube has a set of built-in addons that, when enabled, can be used within Kub * [storage-provisioner-gluster](../../../storage-provisioner-gluster/readme) * [helm-tiller](../../../helm-tiller/readme) * [ingress-dns](../../../ingress-dns/readme) +* [istio](../../../istio/readme) ## Listing available addons @@ -40,6 +41,8 @@ Example output: - dashboard: enabled - efk: disabled - ingress: disabled +- istio: disabled +- istio-provisioner: enabled - default-storageclass: enabled - storage-provisioner: enabled - storage-provisioner-gluster: disabled