istio ingressgateway #8
Deploy this charm on Kubernetes with the CLI. Find out how by reading the docs.
Description
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection.
Open: Istio is being developed and maintained as open-source software. We encourage contributions and feedback from the community at-large.
Platform-independent: Istio is not targeted at any specific deployment environment. During the initial stages of development, Istio will support Kubernetes-based deployments. However, Istio is being built to enable rapid and easy adaptation to other environments.
Service mesh: Istio is designed to manage communications between microservices and applications. Without requiring changes to the underlying services, Istio provides automated baseline traffic resilience, service metrics collection, distributed tracing, traffic encryption, protocol upgrades, and advanced routing functionality for all service-to-service communication.
For more detail, please see: https://istio.io/docs/concepts/what-is-istio/
- Tags:
- service-mesh ›
- ingress ›
Docker Resource Layer
This layer provides an interface for dealing with charm resources that are Docker images.
Usage
Using this layer generally consists of the following steps:
- Call
layer.docker_resource.fetch(resource_name)
- Wait for
layer.docker-resource.{resource_name}.available
- Call
layer.docker_resource.get_info(resource_name)
Alternatively, a resource can be marked with auto-fetch: true
in its
definition in metadata.yaml
, in which case it will automatically have
fetch()
called on it, if it is of type docker
. That way, you can
skip the first step and remove the need for an additional handler.
Example
Given a Kubernetes charm with the following resource definition in the
metadata.yaml
file:
name: my-charm
resources:
my-resource:
type: oci-image
auto-fetch: true
description: "The image for this charm"
The charm would then use the follow reactive code to use the Docker image resource:
from charms.reactive import when, when_not
from charms import layer
@when('layer.docker-resource.my-resource.available')
@when_not('charm.my-charm.started')
def start_container():
layer.status.maintenance('configuring container')
image_info = layer.docker-resource.get_info('my-resource')
layer.caas_base.pod_spec_set({
'containers': [
{
'name': 'my-service',
'imageDetails': {
'imagePath': image_info.registry_path,
'username': image_info.username,
'password': image_info.password,
},
'ports': [
{
'name': 'service',
'containerPort': 80,
},
],
},
],
})
layer.status.maintenance('creating container')
Reference
Methods
The methods available are:
-
charms.layer.docker-resource.fetch(resource_name)
Request that the given Docker image resource be fetched and validated. -
charms.layer.docker-resource.get_info(resource_name)
Return the image info object for the given resource.
Image Info Object
The image info object returned by get_info(resource_name)
is a DockerImageInfo
instance which has the following properties:
-
image_info.registry_path
This is the fully qualified registry path for the image. This will generally point to the controller or charm store, but may point directly to an external registry. -
image_info.username
The username needed to access the image on the registry, if any. -
image_info.password
The password needed to access the image on the registry, if any.
Reactive Flags
The flags set by this layer are:
-
layer.docker-resource.{resource_name}.fetched
Set as soon as the given resource has been requested by thefetch
method. -
layer.docker-resource.{resource_name}.available
Set when the given resource has been downloaded and is available. -
layer.docker-resource.{resource_name}.failed
Set when the given resource failed to download.
Status Messages
This layer will automatically set a maintenance status message while fetching
each resource, and a blocked status message if one or more resources fail to
be fetched. The statuses will be set using layer:status
to handle conflict
resolution.
You can disable automatic status messages from this layer by changing the layer
option set-status
to false
in your layer.yaml
.
Configuration
- citadel-grpc-port
- (int) Citadel GRPC server
- 8060
- dns-tls-port
- (int) DNS (TLS)
- 853
- grafana-port
- (int) Grafana User Interface
- 15031
- http-port
- (int) HTTP
- 80
- https-port
- (int) Webhooks
- 443
- kiali-port
- (int) Kiali User Interface
- 15029
- log-level
- (string) Istio logging level
- default:info
- prometheus-port
- (int) Prometheus User Interface
- 15030
- proxy-admin-port
- (string) Envoy admin port (commands/diagnostics)
- 15000
- status-port
- (int) Health checks
- 15020
- tls-port
- (int) Ingress / Egress (SNI)
- 15443
- tracing-port
- (int) Tracing User Interface
- 15032
- xds-ca-port-legacy
- (int) xDS (various discovery services) and CA services (TLS) [legacy]
- 15011