Istio installed

ansible/roles/openshift/tasks/main.yml

@@ -2,7 +2,10 @@
 
 - block:
   - name: Post installation bespoking
-    include: postinstall.yml
+    include: "{{ item }}"
+    loop:
+      - postinstall.yml
+      - servicemesh.yml
 
   environment:
     PATH: "{{ ansible_env.PATH }}:/usr/local/bin/"

ansible/roles/openshift/tasks/servicemesh.yml

@@ -0,0 +1,60 @@
+---
+- name: Backup master config file
+  copy:
+    src: /etc/origin/master/master-config.yaml
+    dest: /etc/origin/master/master-config.yaml.prepatch
+    remote_src: yes
+
+- name: Patch and enable new config master-config
+  shell: oc ex config patch /etc/origin/master/master-config.yaml.prepatch -p "$(cat /vagrant/ansible/roles/openshift/templates/{{ item }})" > /etc/origin/master/master-config.yaml
+  loop:
+    - master-config.patch
+
+- name: Reboot services
+  command: /usr/local/bin/master-restart "{{ item }}"
+  loop:
+     - api
+     - controllers
+
+- name: Create config file for elasticsearch
+  file: 
+    dest: /etc/sysctl.d/99-elasticsearch.conf
+    state: touch
+
+- name: Add configuration
+  lineinfile:
+    dest: /etc/sysctl.d/99-elasticsearch.conf
+    line: vm.max_map_count = 262144
+
+- name: Set new value for max count
+  command: sysctl vm.max_map_count=262144
+
+- name: Login with cluster-admin
+  shell: oc login -u system:admin
+  retries: 10
+  delay: 5
+  register: task_result
+  until: task_result.rc == 0
+
+- name: Give cluster-admin role to user admin
+  shell: oc adm policy add-cluster-role-to-user cluster-admin admin
+
+- name: Login with cluster-admin
+  shell: oc login -u admin -p admin
+  retries: 10
+  delay: 5
+  register: task_result
+  until: task_result.rc == 0
+
+- name: Create new project
+  shell: oc new-project istio-operator
+
+- name: Create istio operator
+  shell: oc new-app -f "{{ item }}" --param=OPENSHIFT_ISTIO_MASTER_PUBLIC_URL={{ master_route }}.{{ machine_ip }}.nip.io:8443
+  loop: 
+    - /vagrant/ansible/roles/openshift/templates/istio_operator.yaml
+
+- name: Deploy the Istio service mesh
+  shell: oc create -f "{{ item }}"
+  loop:
+    - /vagrant/ansible/roles/openshift/templates/cr_full.yaml

ansible/roles/openshift/templates/cr_full.yaml

@@ -0,0 +1,29 @@
+apiVersion: "istio.openshift.com/v1alpha1"
+kind: "Installation"
+metadata:
+  name: "istio-installation"
+  namespace: istio-operator
+spec:
+  deployment_type: origin
+  istio:
+    authentication: true
+    community: false
+    prefix: maistra/
+    version: 0.6.0
+  jaeger:
+    prefix: jaegertracing/
+    version: 1.8
+    elasticsearch_memory: 1Gi
+  kiali:
+    username: admin
+    password: admin
+    prefix: kiali/
+    version: v0.11.0
+  launcher:
+    openshift:
+      user: admin
+      password: admin
+    catalog:
+      filter: booster.mission.metadata.istio
+      branch: v71
+      repo: https://github.com/fabric8-launcher/launcher-booster-catalog.git

ansible/roles/openshift/templates/istio_operator.yaml

@@ -0,0 +1,138 @@
+apiVersion: v1
+kind: Template
+metadata:
+  name: istio-operator-job
+parameters:
+- displayName: Master Public URL
+  description: The public URL for master
+  name: OPENSHIFT_ISTIO_MASTER_PUBLIC_URL
+  value: https://127.0.0.1:8443
+- displayName: OpenShift Release
+  description: The version of the OpenShift release.
+  name: OPENSHIFT_RELEASE
+  value: v3.11.0
+  required: true
+- displayName: Istio Operator Namespace
+  description: The namespace for the Istio operator
+  name: OPENSHIFT_ISTIO_OPERATOR_NAMESPACE
+  value: istio-operator
+  required: true
+- displayName: Default Prefix
+  description: The default image prefix for istio deployments
+  name: OPENSHIFT_ISTIO_PREFIX
+  value: maistra/
+- displayName: Default Version
+  description: The default image version for istio deployments
+  name: OPENSHIFT_ISTIO_VERSION
+  value: 0.6.0
+- displayName: Default Deployment Type
+  description: The default deployment type for istio deployments
+  name: OPENSHIFT_DEPLOYMENT_TYPE
+  value: origin
+objects:
+- kind: CustomResourceDefinition
+  apiVersion: apiextensions.k8s.io/v1beta1
+  metadata:
+    name: installations.istio.openshift.com
+  spec:
+    group: istio.openshift.com
+    names:
+      kind: Installation
+      plural: installations
+      singular: installation
+    scope: Namespaced
+    version: v1alpha1
+- kind: Role
+  apiVersion: rbac.authorization.k8s.io/v1
+  metadata:
+    name: istio-operator
+  rules:
+  - apiGroups:
+    - istio.openshift.com
+    resources:
+    - "*"
+    verbs:
+    - "*"
+  - apiGroups:
+    - ""
+    resources:
+    - pods
+    - services
+    - endpoints
+    - persistentvolumeclaims
+    - events
+    - configmaps
+    - secrets
+    - securitycontextconstraints
+    verbs:
+    - "*"
+  - apiGroups:
+    - apps
+    resources:
+    - deployments
+    - daemonsets
+    - replicasets
+    - statefulsets
+    verbs:
+    - "*"
+- kind: RoleBinding
+  apiVersion: rbac.authorization.k8s.io/v1
+  metadata:
+    name: default-account-istio-operator
+  subjects:
+  - kind: ServiceAccount
+    namespace: ${OPENSHIFT_ISTIO_OPERATOR_NAMESPACE}
+    name: default
+  roleRef:
+    kind: Role
+    name: istio-operator
+    apiGroup: rbac.authorization.k8s.io
+- kind: ClusterRoleBinding
+  apiVersion: rbac.authorization.k8s.io/v1
+  metadata:
+    name: default-account-istio-operator-cluster-role-binding
+  subjects:
+  - kind: ServiceAccount
+    namespace: ${OPENSHIFT_ISTIO_OPERATOR_NAMESPACE}
+    name: default
+  roleRef:
+    kind: ClusterRole
+    name: cluster-admin
+    apiGroup: rbac.authorization.k8s.io
+- kind: Deployment
+  apiVersion: apps/v1
+  metadata:
+    name: istio-operator
+    namespace: ${OPENSHIFT_ISTIO_OPERATOR_NAMESPACE}
+  spec:
+    replicas: 1
+    selector:
+      matchLabels:
+        name: istio-operator
+    template:
+      metadata:
+        labels:
+          name: istio-operator
+      spec:
+        containers:
+          - name: istio-operator
+            image: ${OPENSHIFT_ISTIO_PREFIX}istio-operator-centos7:${OPENSHIFT_ISTIO_VERSION}
+            ports:
+            - containerPort: 60000
+              name: metrics
+            command:
+            - istio-operator
+            args:
+            - "--release=${OPENSHIFT_RELEASE}"
+            - "--masterPublicURL=${OPENSHIFT_ISTIO_MASTER_PUBLIC_URL}"
+            - "--istioPrefix=${OPENSHIFT_ISTIO_PREFIX}"
+            - "--istioVersion=${OPENSHIFT_ISTIO_VERSION}"
+            - "--deploymentType=${OPENSHIFT_DEPLOYMENT_TYPE}"
+            imagePullPolicy: IfNotPresent
+            env:
+              - name: WATCH_NAMESPACE
+                valueFrom:
+                  fieldRef:
+                    fieldPath: metadata.namespace
+              - name: OPERATOR_NAME
+                value: "istio-operator"

ansible/roles/openshift/templates/master-config.patch

@@ -0,0 +1,12 @@
+admissionConfig:
+  pluginConfig:
+    MutatingAdmissionWebhook:
+      configuration:
+        apiVersion: apiserver.config.k8s.io/v1alpha1
+        kubeConfigFile: /dev/null
+        kind: WebhookAdmission
+    ValidatingAdmissionWebhook:
+      configuration:
+        apiVersion: apiserver.config.k8s.io/v1alpha1
+        kubeConfigFile: /dev/null
+        kind: WebhookAdmission