-
Notifications
You must be signed in to change notification settings - Fork 1
/
charmcraft.yaml
121 lines (108 loc) · 4.73 KB
/
charmcraft.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# Copyright 2024 Canonical Ltd.
# See LICENSE file for licensing details.
name: istio-k8s
type: charm
title: Istio
summary: A Juju charm to operate an Istio service mesh
description: |
istio-core deploys and manages the control plane of an Istio service mesh on Kubernetes,
enabling configuring and managing Istio through Juju.
config:
options:
ambient:
type: boolean
default: true
description: >
Enable Istio's ambient mode. See https://istio.io/latest/docs/ambient/overview/ for details.
auto-allow-waypoint-policy:
type: boolean
default: true
description: >
For workloads on an ambient mesh with traffic routed through a waypoint, that traffic passing through the
waypoint to the workload can be controlled by L4 authorization policies like any other traffic. This generally
means that, to allow traffic from a waypoint to a workload, users must create L4 authorization policies between
the waypoint and the workload.
If this option is set to true, Istio will create synthetic authorization policies allowing waypoints to
communicate with their workloads automatically.
If this option is set to false, users must create L4 authorization policies between waypoints and the workloads.
See [PILOT_AUTO_ALLOW_WAYPOINT_POLICY]https://istio.io/latest/docs/reference/commands/pilot-discovery/#envvars
for more detail.
cni-bin-dir:
type: string
default: '/var/snap/microk8s/current/opt/cni/bin'
description: >
Path to CNI binaries. This path depends on the Kubernetes installation, for example:
* microk8s (default): /var/snap/microk8s/current/opt/cni/bin
* many other Kubernetes installations: /opt/cni/bin
Refer to https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/
and https://istio.io/latest/docs/ambient/install/platform-prerequisites/
for information to find out the correct path for your Kubernetes installation.
cni-conf-dir:
type: string
default: '/var/snap/microk8s/current/args/cni-network'
description: >
Path to conflist files describing the CNI configuration. This path depends on the Kubernetes installation, for example:
* microk8s (default): /var/snap/microk8s/current/args/cni-network
* many other Kubernetes installations: /etc/cni/net.d
Refer to https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/
and https://istio.io/latest/docs/ambient/install/platform-prerequisites/
for information to find out the correct path for your Kubernetes installation.
assumes:
- k8s-api
bases:
- build-on:
- name: ubuntu
channel: "22.04"
architectures: ["amd64"]
run-on:
- name: ubuntu
channel: "22.04"
architectures: ["amd64"]
- build-on:
- name: ubuntu
channel: "22.04"
architectures: ["arm64"]
run-on:
- name: ubuntu
channel: "22.04"
architectures: ["arm64"]
containers:
metrics-proxy:
resource: metrics-proxy-image
provides:
metrics-endpoint:
interface: prometheus_scrape
grafana-dashboard:
interface: grafana_dashboard
requires:
charm-tracing:
interface: tracing
limit: 1
description: |
Enables sending charm traces to a distributed tracing backend, such as Tempo.
workload-tracing:
interface: tracing
limit: 1
description: |
Enables sending workload traces from on-mesh workloads to a distributed tracing backend, such as Tempo.
In ambient mode, traces are generated at the L7 layer by a waypoint proxy. To enable this, you must deploy
the waypoint proxy charm (i.e https://github.com/canonical/istio-beacon-k8s-operator) with --model-on-mesh=true
to collect traces for all workloads on the mesh. Alternatively, if you prefer to limit tracing to specific workloads,
you can relate the beacon charm to a particular charm instead of applying --model-on-mesh=true to the entire model.
parts:
charm:
plugin: charm
# include rustc and cargo to compile pydantic
build-packages: [git, rustc, cargo]
charm-binary-python-packages: ["pydantic>=2", "cryptography", "jsonschema", "opentelemetry-exporter-otlp-proto-http==1.21.0"]
istioctl:
plugin: dump
source: https://github.com/istio/istio/releases/download/1.23.1/istioctl-1.23.1-linux-amd64.tar.gz
source-type: tar
resources:
metrics-proxy-image:
type: oci-image
description: Metrics Proxy OCI image
# TODO: change below to point at the correct image once metrics-proxy rock is onboarded
# see: https://github.com/canonical/oci-factory/issues/268
upstream-source: docker.io/ibraaoad/metrics-proxy:v0.1.0