istio ingressgateway ^#8

By istio-charmers
stable, candidate, beta, edge

Supports: kubernetes

Deploy this charm on Kubernetes with the CLI. Find out how by reading the docs.

Description

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection.

Open: Istio is being developed and maintained as open-source software. We encourage contributions and feedback from the community at-large.

Platform-independent: Istio is not targeted at any specific deployment environment. During the initial stages of development, Istio will support Kubernetes-based deployments. However, Istio is being built to enable rapid and easy adaptation to other environments.

Service mesh: Istio is designed to manage communications between microservices and applications. Without requiring changes to the underlying services, Istio provides automated baseline traffic resilience, service metrics collection, distributed tracing, traffic encryption, protocol upgrades, and advanced routing functionality for all service-to-service communication.

For more detail, please see: https://istio.io/docs/concepts/what-is-istio/

Docker Resource Layer

This layer provides an interface for dealing with charm resources that are Docker images.

Usage

Using this layer generally consists of the following steps:

Call layer.docker_resource.fetch(resource_name)
Wait for layer.docker-resource.{resource_name}.available
Call layer.docker_resource.get_info(resource_name)

Alternatively, a resource can be marked with auto-fetch: true in its definition in metadata.yaml, in which case it will automatically have fetch() called on it, if it is of type docker. That way, you can skip the first step and remove the need for an additional handler.

Example

Given a Kubernetes charm with the following resource definition in the metadata.yaml file:

name: my-charm
resources:
  my-resource:
    type: oci-image
    auto-fetch: true
    description: "The image for this charm"

The charm would then use the follow reactive code to use the Docker image resource:

from charms.reactive import when, when_not

from charms import layer


@when('layer.docker-resource.my-resource.available')
@when_not('charm.my-charm.started')
def start_container():
    layer.status.maintenance('configuring container')
    image_info = layer.docker-resource.get_info('my-resource')
    layer.caas_base.pod_spec_set({
        'containers': [
            {
                'name': 'my-service',
                'imageDetails': {
                    'imagePath': image_info.registry_path,
                    'username': image_info.username,
                    'password': image_info.password,
                },
                'ports': [
                    {
                        'name': 'service',
                        'containerPort': 80,
                    },
                ],
            },
        ],
    })
    layer.status.maintenance('creating container')

Reference

Methods

The methods available are:

charms.layer.docker-resource.fetch(resource_name) Request that the given Docker image resource be fetched and validated.
charms.layer.docker-resource.get_info(resource_name) Return the image info object for the given resource.

Image Info Object

The image info object returned by get_info(resource_name) is a DockerImageInfo instance which has the following properties:

image_info.registry_path This is the fully qualified registry path for the image. This will generally point to the controller or charm store, but may point directly to an external registry.
image_info.username The username needed to access the image on the registry, if any.
image_info.password The password needed to access the image on the registry, if any.

Reactive Flags

The flags set by this layer are:

layer.docker-resource.{resource_name}.fetched Set as soon as the given resource has been requested by the fetch method.
layer.docker-resource.{resource_name}.available Set when the given resource has been downloaded and is available.
layer.docker-resource.{resource_name}.failed Set when the given resource failed to download.

Status Messages

This layer will automatically set a maintenance status message while fetching each resource, and a blocked status message if one or more resources fail to be fetched. The statuses will be set using layer:status to handle conflict resolution.

You can disable automatic status messages from this layer by changing the layer option set-status to false in your layer.yaml.

Configuration

citadel-grpc-port: (int) Citadel GRPC server; 8060
dns-tls-port: (int) DNS (TLS); 853
grafana-port: (int) Grafana User Interface; 15031
http-port: (int) HTTP; 80
https-port: (int) Webhooks; 443
kiali-port: (int) Kiali User Interface; 15029
log-level: (string) Istio logging level; default:info
prometheus-port: (int) Prometheus User Interface; 15030
proxy-admin-port: (string) Envoy admin port (commands/diagnostics); 15000
status-port: (int) Health checks; 15020
tls-port: (int) Ingress / Egress (SNI); 15443
tracing-port: (int) Tracing User Interface; 15032
xds-ca-port-legacy: (int) xDS (various discovery services) and CA services (TLS) [legacy]; 15011