components: Add istio-operator

[surajssd]

Fixes #687

---

Usage

Install using lokoctl component apply experimental-istio-operator:

Then to test it on an app, clone this repo and goto configs/bookinfo dir and run following commands:

kubectl create ns bookinfo
kubectl label namespace bookinfo istio-injection=enabled
helm install bookinfo --namespace bookinfo .

---

TODOs

Test:

• See if the pod installs correctly.
• Check the metrics collected are available in Prometheus.
• Decide on docs.

Other:

• How do we qualify this component as experimental? (Although this is not a blocker for this PR).
• Are there any other configs to expose to the user?
• Add istio dashboards if any.

[ipochi]

docs are going in a separate PR ?

[invidian]

In general LGTM, except the comment. Also e2e tests needs to be added.

[surajssd]

We have decided to name this component experimental-istio-operator.

[surajssd]

cc: @invidian @ipochi @iaguis PTAL.

[invidian]

@surajssd do you mind rebasing before I review (to get rid of fixup commits)?

[surajssd]

@invidian done :-)

[surajssd]

@invidian PTAL.

[invidian]

Overall things looks OK to me, however, I would re-organize and improve commit messages, as there is a lot of things going in regards to how we manage the namespaces for the components, which seems like something, which should be definitely described with the reasoning behind. It could even be done in separate pull request to simplify and separate the review comments.

@surajssd can we move changes related to Helm and other components into separate PR, as they are not related to istio-operator (though I'm aware that this PR, so istio-operator depends on those changes).

[invidian]

What does this Example mean here?

[surajssd]

Good question. I am not sure what they mean. It is a remnant of the copy-paste of the skeleton from other components.

[surajssd]

Overall things looks OK to me, however, I would re-organize and improve commit messages, as there is a lot of things going in regards to how we manage the namespaces for the components, which seems like something, which should be definitely described with the reasoning behind. It could even be done in separate pull request to simplify and separate the review comments.

I think I can elaborate on the commits but creating a new PR will only prolong this work.

[ipochi]

Lovely work @surajssd 🎉

Generally LGTM.

Please take a look into creating a separate PR for allowing helm to create release namespace.

[ipochi]

@surajssd On second thoughts, its better not use the helm feature install.CreateNamespace = true

All it does is create a namespace object on the fly and seeing that we have a use case where we patch the namespace with labels, it becomes a two step operation.

I would rather use the existing code to create/update the release namespace and not depend on helm for it.

[surajssd]

@ipochi @invidian this is open for review again PTAL.

[invidian]

https://yard.lokomotive-k8s.net/builds/26675

TestAllNamespacesHaveNameLabels: namespaces_labels_test.go:50: expected "istio-system", got: ""

Ugh, it seems the test needs to be modified...

[invidian]

Just some nits, otherwise LGTM. The only missing bit is, that either the e2e test needs to be modified or we need to add a lokomotive name label to the istio namespace (the latter is definitely easier).

[invidian]

LGTM

[invidian]

LGTM

[knrt10]

Nice, another component. Great work @surajssd

Re requesting review

[surajssd]

Something is wrong with the istio release bundle, which is downloaded from https://github.com/istio/istio/releases/tag/1.7.0 :

$ ll
drwxr-x---@   - surajd 22 Aug  0:30 istio-1.7.0/
.rw-rw-r--@ 47M surajd 22 Aug  6:30 istio-1.7.0-linux-amd64.tar.gz

The image tag is latest ?

$ cat istio-1.7.0/manifests/charts/istio-operator/values.yaml 
hub: gcr.io/istio-testing
tag: latest

operatorNamespace: istio-operator

# Used to replace istioNamespace to support operator watch multiple namespaces.
watchedNamespaces: istio-system
waitForResourcesTimeout: 300s

# Used for helm2 to add the CRDs to templates.
enableCRDTemplates: false

# revision for the operator resources
revision: ""

# Operator resource defaults
operator:
  resources:
    limits:
      cpu: 200m
      memory: 256Mi
    requests:
      cpu: 50m
      memory: 128Mi

[invidian]

The image tag is latest ?

@surajssd this is for the operator image, but yeah, it's weird that they don't pin the version. Using "testing" image registry is weird too (gcr.io/istio-testing) 😄

I'll open an upstream issue about it, but I don't think this should block merging this PR.

EDIT: Created istio/istio#26920.

[sdake]

@invidian looks like an interesting project. Please note in the pending Istio 1.8, there is a make target that generates a proper manifest using helm template for the operator:

make gen-kustomize : https://github.com/istio/istio/blob/master/Makefile.core.mk#L364-L365

The pending 1.8 manifest is in a lot better shape than what was shipped in Istio 1.6 👍 Although what you have should be fine.

Thanks for adopting Istio in your project and reporting the pinning defect.

Cheers,
-steve