added istio, kiali and others

README.md

@@ -1,2 +1,4 @@
 # istio-project
 The Project is focus on implementing different use-case for istio
+
+For cert-maneger to work correctly `--set meshConfig.ingressSelector=istio-gateway --set meshConfig.ingressService=istio-gateway` to be able to resolve http01 challenge from lets-encrypt

client.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: backend
+  labels:
+    istio-injection: enabled
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: client
+  namespace: backend
+spec:
+  containers:
+    - name: client
+      image: curlimages/curl:latest
+      command: ["/bin/sh", "-c", "--"]
+      args: ["while true; do sleep 30; done;"]

istio-base.yaml

@@ -0,0 +1,40 @@
+global:
+
+  # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace
+  # to use for pulling any images in pods that reference this ServiceAccount.
+  # Must be set for any cluster configured with private docker registry.
+  imagePullSecrets: []
+
+  # Used to locate istiod.
+  istioNamespace: istio-system
+
+  istiod:
+    enableAnalysis: false
+
+  configValidation: true
+  externalIstiod: false
+  remotePilotAddress: ""
+
+  # Platform where Istio is deployed. Possible values are: "openshift", "gcp".
+  # An empty value means it is a vanilla Kubernetes distribution, therefore no special
+  # treatment will be considered.
+  platform: ""
+
+  # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
+  # This is intended only for use with external istiod.
+  ipFamilyPolicy: ""
+  ipFamilies: []
+
+base:
+  # Used for helm2 to add the CRDs to templates.
+  enableCRDTemplates: false
+
+  # Validation webhook configuration url
+  # For example: https://$remotePilotAddress:15017/validate
+  validationURL: ""
+
+  # For istioctl usage to disable istio config crds in base
+  enableIstioConfigCRDs: true
+
+defaultRevision: "default"
+

istio-gateway.yaml

@@ -0,0 +1,149 @@
+# Name allows overriding the release name. Generally this should not be set
+name: ""
+# revision declares which revision this gateway is a part of
+revision: ""
+
+# Controls the spec.replicas setting for the Gateway deployment if set.
+# Otherwise defaults to Kubernetes Deployment default (1).
+replicaCount:
+
+kind: Deployment
+
+rbac:
+  # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed
+  # when using http://gateway-api.org/.
+  enabled: true
+
+serviceAccount:
+  # If set, a service account will be created. Otherwise, the default is used
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set, the release name is used
+  name: ""
+
+podAnnotations:
+  prometheus.io/port: "15020"
+  prometheus.io/scrape: "true"
+  prometheus.io/path: "/stats/prometheus"
+  inject.istio.io/templates: "gateway"
+  sidecar.istio.io/inject: "true"
+
+# Define the security context for the pod.
+# If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443.
+# On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl.
+securityContext: ~
+containerSecurityContext: ~
+
+service:
+  # Type of service. Set to "None" to disable the service entirely
+  type: LoadBalancer
+  ports:
+  - name: status-port
+    port: 15021
+    protocol: TCP
+    targetPort: 15021
+  - name: http2
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  - name: https
+    port: 443
+    protocol: TCP
+    targetPort: 443
+  annotations: {}
+  loadBalancerIP: ""
+  loadBalancerSourceRanges: []
+  externalTrafficPolicy: ""
+  externalIPs: []
+  ipFamilyPolicy: ""
+  ipFamilies: []
+
+resources:
+  requests:
+    cpu: 100m
+    memory: 128Mi
+  limits:
+    cpu: 2000m
+    memory: 1024Mi
+
+autoscaling:
+  enabled: true
+  minReplicas: 1
+  maxReplicas: 5
+  targetCPUUtilizationPercentage: 80
+  autoscaleBehavior: {}
+
+# Pod environment variables
+env: {}
+
+# Labels to apply to all resources
+labels: {}
+
+# Annotations to apply to all resources
+annotations: {}
+
+nodeSelector: {}
+
+tolerations: []
+
+topologySpreadConstraints: []
+
+affinity: {}
+
+# If specified, the gateway will act as a network gateway for the given network.
+networkGateway: ""
+
+# Specify image pull policy if default behavior isn't desired.
+# Default behavior: latest images will be Always else IfNotPresent
+imagePullPolicy: ""
+
+imagePullSecrets: []
+
+# This value is used to configure a Kubernetes PodDisruptionBudget for the gateway.
+#
+# By default, the `podDisruptionBudget` is disabled (set to `{}`),
+# which means that no PodDisruptionBudget resource will be created.
+#
+# To enable the PodDisruptionBudget, configure it by specifying the
+# `minAvailable` or `maxUnavailable`. For example, to set the
+# minimum number of available replicas to 1, you can update this value as follows:
+#
+# podDisruptionBudget:
+#   minAvailable: 1
+#
+# Or, to allow a maximum of 1 unavailable replica, you can set:
+#
+# podDisruptionBudget:
+#   maxUnavailable: 1
+#
+# You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`.
+# For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows:
+#
+# podDisruptionBudget:
+#   minAvailable: 1
+#   unhealthyPodEvictionPolicy: AlwaysAllow
+#
+# To disable the PodDisruptionBudget, you can leave it as an empty object `{}`:
+#
+# podDisruptionBudget: {}
+#
+podDisruptionBudget: {}
+
+terminationGracePeriodSeconds: 30
+
+# A list of `Volumes` added into the Gateway Pods. See
+# https://kubernetes.io/docs/concepts/storage/volumes/.
+volumes: []
+
+# A list of `VolumeMounts` added into the Gateway Pods. See
+# https://kubernetes.io/docs/concepts/storage/volumes/.
+volumeMounts: []
+
+# Configure this to a higher priority class in order to make sure your Istio gateway pods
+# will not be killed because of low priority class.
+# Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
+# for more detail.
+priorityClassName: ""
+