refactor: do not use templates/istio/istio-operator-values.yaml and set necessary values in the eks-istio.tf file (#214)

Author: mglotov

terraform/layer2-k8s/eks-istio.tf

@@ -4,33 +4,120 @@ locals {
     enabled       = local.helm_releases[index(local.helm_releases.*.id, "istio-operator")].enabled
     chart         = local.helm_releases[index(local.helm_releases.*.id, "istio-operator")].chart
     repository    = local.helm_releases[index(local.helm_releases.*.id, "istio-operator")].repository
-    chart_version = local.helm_releases[index(local.helm_releases.*.id, "istio-operator")].version
+    chart_version = local.helm_releases[index(local.helm_releases.*.id, "istio-operator")].chart_version
     namespace     = local.helm_releases[index(local.helm_releases.*.id, "istio-operator")].namespace
   }
   istio_operator_resources = {
     name          = local.helm_releases[index(local.helm_releases.*.id, "istio-operator-resources")].id
     enabled       = local.helm_releases[index(local.helm_releases.*.id, "istio-operator-resources")].enabled
     chart         = local.helm_releases[index(local.helm_releases.*.id, "istio-operator-resources")].chart
     repository    = local.helm_releases[index(local.helm_releases.*.id, "istio-operator-resources")].repository
-    chart_version = local.helm_releases[index(local.helm_releases.*.id, "istio-operator-resources")].version
+    chart_version = local.helm_releases[index(local.helm_releases.*.id, "istio-operator-resources")].chart_version
     namespace     = local.helm_releases[index(local.helm_releases.*.id, "istio-operator-resources")].namespace
   }
   istio_resources = {
     name          = local.helm_releases[index(local.helm_releases.*.id, "istio-resources")].id
     enabled       = local.helm_releases[index(local.helm_releases.*.id, "istio-resources")].enabled
     chart         = local.helm_releases[index(local.helm_releases.*.id, "istio-resources")].chart
     repository    = local.helm_releases[index(local.helm_releases.*.id, "istio-resources")].repository
-    chart_version = local.helm_releases[index(local.helm_releases.*.id, "istio-resources")].version
+    chart_version = local.helm_releases[index(local.helm_releases.*.id, "istio-resources")].chart_version
     namespace     = local.helm_releases[index(local.helm_releases.*.id, "istio-resources")].namespace
   }
   kiali_server = {
     name          = local.helm_releases[index(local.helm_releases.*.id, "kiali")].id
     enabled       = local.helm_releases[index(local.helm_releases.*.id, "kiali")].enabled
     chart         = local.helm_releases[index(local.helm_releases.*.id, "kiali")].chart
     repository    = local.helm_releases[index(local.helm_releases.*.id, "kiali")].repository
-    chart_version = local.helm_releases[index(local.helm_releases.*.id, "kiali")].version
+    chart_version = local.helm_releases[index(local.helm_releases.*.id, "kiali")].chart_version
     namespace     = local.helm_releases[index(local.helm_releases.*.id, "kiali")].namespace
   }
+  istio_operator_values                 = <<VALUES
+hub: docker.io/istio
+tag: 1.8.1
+operatorNamespace: istio-operator
+watchedNamespaces: istio-system
+VALUES
+  istio_operator_default_profile_values = <<VALUES
+istioOperator:
+  components:
+    pilot:
+      k8s:
+        resources:
+          requests:
+            cpu: "500m"
+            memory: "2Gi"
+          limits:
+            cpu: "500m"
+            memory: "2Gi"
+    ingressGateways:
+    - name: istio-ingressgateway
+      enabled: true
+      k8s:
+        serviceAnnotations:
+          service.beta.kubernetes.io/aws-load-balancer-internal: "true" #Internal LB will be run
+        service:
+          ports:
+            - port: 15021
+              targetPort: 15021
+              name: status-port
+              protocol: TCP
+            - port: 5100
+              targetPort: 5100
+              name: grpc
+              protocol: TCP
+    egressGateways:
+    - name: istio-egressgateway
+      enabled: false
+  meshConfig:
+    defaultConfig:
+      holdApplicationUntilProxyStarts: true
+      proxyStatsMatcher:
+        inclusionRegexps:
+          - .*circuit_breakers.*
+        inclusionPrefixes:
+          - upstream_rq_retry
+          - upstream_cx
+    # accessLogFile: /dev/stdout  #Uncomment this if you want to get Envoy logs
+
+  values:
+    global:
+      proxy:
+        # This controls the default 'policy' in the sidecar injector.
+        autoInject: disabled # we don't inject sidecar by default even if namespace is annotated.
+    sidecarInjectorWebhook:
+      injectedAnnotations:
+        cluster-autoscaler.kubernetes.io/safe-to-evict: true # https://github.com/kubeflow/pipelines/issues/4530
+VALUES
+  istio_resources_values                = <<VALUES
+# We create istio resource 'Gateway' with name 'ingress-gateway' and open port 5100 for all vhosts. This configuration is related to istio-ingressgateway settings
+ingressGateway:
+  enabled: true
+  servers:
+  - port:
+      number: 5100
+      name: grpc
+      protocol: GRPC
+    hosts:
+    - "*"
+VALUES
+  kiali_server_values                   = <<VALUES
+nameOverride: "kiali"
+fullnameOverride: "kiali"
+external_services:
+  custom_dashboards:
+    enabled: true
+  prometheus:
+    url: http://kube-prometheus-stack-prometheus.monitoring:9090
+    custom_metrics_url: http://kube-prometheus-stack-prometheus.monitoring:9090
+  grafana:
+    url: http://kube-prometheus-stack-grafana.monitoring
+  namespace_label: kubernetes_namespace
+server:
+  port: 20001
+  metrics_enabled: true
+  metrics_port: 9090
+  web_root: ""
+VALUES
 }
 
 module "istio_system_namespace" {
@@ -57,7 +144,7 @@ resource "helm_release" "istio_operator" {
   max_history = var.helm_release_history_size
 
   values = [
-    file("${path.module}/templates/istio/istio-operator-values.yaml")
+    local.istio_operator_values
   ]
 
 }
@@ -73,7 +160,7 @@ resource "helm_release" "istio_operator_resources" {
   max_history = var.helm_release_history_size
 
   values = [
-    file("${path.module}/templates/istio/istio-resources-values.yaml")
+    local.istio_operator_default_profile_values
   ]
 
   depends_on = [helm_release.istio_operator, helm_release.prometheus_operator]
@@ -98,7 +185,7 @@ resource "helm_release" "istio_resources" {
   max_history = var.helm_release_history_size
 
   values = [
-    file("${path.module}/templates/istio/istio-resources-values.yaml")
+    local.istio_resources_values
   ]
 
   depends_on = [time_sleep.wait_10_seconds]
@@ -115,7 +202,7 @@ resource "helm_release" "kiali" {
   max_history = var.helm_release_history_size
 
   values = [
-    file("${path.module}/templates/istio/istio-kiali-values.yaml")
+    local.kiali_server_values
   ]
 
   depends_on = [helm_release.istio_operator, helm_release.prometheus_operator]

terraform/layer2-k8s/helm-releases.yaml

@@ -75,19 +75,19 @@ releases:
     enabled: false
     chart: ../../helm-charts/istio/istio-operator
     repository:
-    version:
+    chart_version:
     namespace:
   - id: istio-operator-resources
     enabled: false
     chart: ../../helm-charts/istio/istio-operator-resources
     repository: 
-    version:
+    chart_version:
     namespace: istio-system
   - id: istio-resources
     enabled: false
     chart: ../../helm-charts/istio/istio-resources
     repository:
-    version: 
+    chart_version: 
     namespace: istio-system
   - id: keda
     enabled: false
@@ -99,7 +99,7 @@ releases:
     enabled: false
     chart: kiali-server
     repository: https://kiali.org/helm-charts
-    version: 1.36
+    chart_version: 1.36
     namespace: kiali
   - id: kube-prometheus-stack
     enabled: true