From 37c3190380ac16eddd0534ac108b396a374a6ad9 Mon Sep 17 00:00:00 2001
From: Pramod <pramod.raghavendra.jayathirth@intel.com>
Date: Fri, 31 May 2019 17:44:59 -0700
Subject: [PATCH] Helm Chart for Istio with SDS

Helm is installed using the Istio operator
Secret Discovery Service - SDS is used in Istio
for identity provisioning and Certificate rotation

Issue-ID: ONAPARC-504

Signed-off-by: Pramod <pramod.raghavendra.jayathirth@intel.com>
Change-Id: I4cabd26ccefbbb87ef02cba58e17b5c4a9ef0e34
---
 vnfs/DAaaS/deploy/00-init/istio/README.md          |  7 +--
 .../00-init/istio/istio-instance/.helmignore       | 22 ++++++++
 .../deploy/00-init/istio/istio-instance/Chart.yaml | 22 ++++++++
 .../istio/istio-instance/templates/_helpers.tpl    | 63 ++++++++++++++++++++++
 .../istio/istio-instance/templates/istio-sds.yaml  | 50 +++++++++++++++++
 .../00-init/istio/istio-instance/values.yaml       | 40 ++++++++++++++
 6 files changed, 201 insertions(+), 3 deletions(-)
 create mode 100644 vnfs/DAaaS/deploy/00-init/istio/istio-instance/.helmignore
 create mode 100644 vnfs/DAaaS/deploy/00-init/istio/istio-instance/Chart.yaml
 create mode 100644 vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/_helpers.tpl
 create mode 100644 vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/istio-sds.yaml
 create mode 100644 vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml

diff --git a/vnfs/DAaaS/deploy/00-init/istio/README.md b/vnfs/DAaaS/deploy/00-init/istio/README.md
index 58d2a639..74b0e5f7 100644
--- a/vnfs/DAaaS/deploy/00-init/istio/README.md
+++ b/vnfs/DAaaS/deploy/00-init/istio/README.md
@@ -1,4 +1,3 @@
-
 /*
  * Copyright 2019 Intel Corporation, Inc
  *
@@ -17,7 +16,9 @@
 
 # Instructions to Install Istio ServiceMesh
 
-# a. Install Istio Operator's helm chart
-# NOTE - Istio Operator is useful for maintainence and Upgrade to Istio versions
+# Step 1 - Install Istio Operator's helm chart
 
 helm install --name=istio-operator --namespace=istio-system istio-operator
+
+# Step 2 - Add the helm chart to install Istio in sds configuration
+helm install istio-instance --name istio --namespace istio-system
diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/.helmignore b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/.helmignore
new file mode 100644
index 00000000..50af0317
--- /dev/null
+++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/Chart.yaml b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/Chart.yaml
new file mode 100644
index 00000000..ca2ff626
--- /dev/null
+++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/Chart.yaml
@@ -0,0 +1,22 @@
+
+#/*
+# * Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# *     http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Istio
+name: istio-instance
+version: 0.1.0
diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/_helpers.tpl b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/_helpers.tpl
new file mode 100644
index 00000000..c2e7c701
--- /dev/null
+++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/_helpers.tpl
@@ -0,0 +1,63 @@
+#/*
+# * Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# *     http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "Chart-name.name" -}}
+{{- default .Chart.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "istio.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "istio.chart" -}}
+{{- .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified configmap name.
+*/}}
+{{- define "istio.configmap.fullname" -}}
+{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Configmap checksum.
+*/}}
+{{- define "istio.configmap.checksum" -}}
+{{- print $.Template.BasePath "/configmap.yaml" | sha256sum -}}
+{{- end -}}
+
diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/istio-sds.yaml b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/istio-sds.yaml
new file mode 100644
index 00000000..8c440a4e
--- /dev/null
+++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/templates/istio-sds.yaml
@@ -0,0 +1,50 @@
+
+
+#/*Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# *     http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+apiVersion: istio.banzaicloud.io/v1beta1
+kind: Istio
+metadata:
+  labels:
+    controller-tools.k8s.io: "1.0"
+  name: {{ .Values.metadata.name }}
+spec:
+  version: {{ .Values.spec.version | quote }}
+  mtls: {{ .Values.spec.mtls }}
+  autoInjectionNamespaces: {{- range .Values.spec.autoInjectionNamespaces }}
+  - {{ . | quote  }}
+  {{- end }}
+  sds:
+    enabled: {{ .Values.spec.sds.enabled }}
+    udsPath: {{ .Values.spec.sds.udsPath | quote }}
+    useTrustworthyJwt: {{ .Values.spec.sds.useTrustworthyJwt }}
+    useNormalJwt: {{ .Values.spec.sds.useNormalJwt }}
+  gateways:
+    enabled: {{ .Values.spec.gateways.enabled }}
+    ingress:
+      enabled: {{ .Values.spec.gateways.ingress.enabled }}
+      sds:
+        enabled: {{ .Values.spec.gateways.ingress.sds.enabled }}
+        image: {{ .Values.spec.gateways.ingress.sds.image | quote }}
+        resources: {}
+        #  requests:
+        #    cpu: 100m
+        #    memory: 128Mi
+        #  limits:
+        #    cpu: 2000m
+        #    memory: 1024Mi
+  nodeAgent:
+    enabled: {{ .Values.spec.nodeAgent.enabled }}
+    image: {{ .Values.spec.nodeAgent.image | quote }}
diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml
new file mode 100644
index 00000000..93363613
--- /dev/null
+++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml
@@ -0,0 +1,40 @@
+
+#/*
+# * Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# *     http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+#Declare variables to be pssed into your Istio SDS template file.
+
+metadata:
+  name: "istio-sample"
+spec:
+  version: "1.2.2"
+  mtls: true
+  autoInjectionNamespaces:
+  - ""
+  sds:
+    enabled: true
+    udsPath: "unix:/var/run/sds/uds_path"
+    useTrustworthyJwt: false
+    useNormalJwt: true
+  gateways:
+    enabled: false
+    ingress:
+      enabled: false
+      sds:
+        enabled: false
+        image: "docker.io/istio/node-agent-k8s:1.2.2"
+  nodeAgent:
+    enabled: true
+    image : "docker.io/istio/node-agent-k8s:1.2.2"
-- 
2.16.6