Merge branch 'main' of https://github.com/ImMnan/Helm-crane-blazemeter

Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: blazemeter-crane
-description: A Helm chart for Blazemeter crane private location engine deployment. Version 0.1.2 has support for CA_bundle configuration.
+description: A Helm chart for Blazemeter crane private location engine deployment.
 keywords:
   - crane
   - Blazemeter
@@ -14,10 +14,12 @@ keywords:
   - Auto scalling
   - CA_Bundle
   - Proxy-configurations
+  - Istio
+  - Ingress
 
 type: application
 
-version: 0.1.3
+version: 1.0.0
 
 maintainers: 
   - name: Manan Patel

README.md

@@ -1,6 +1,6 @@
 # Helm for Blazemeter Private Location
 
-[Download the latest Chart](https://github.com/ImMnan/Helm-crane-blazemeter/releases/download/0.1.3/blazemeter-crane-0.1.3.tgz)
+[Download the latest Chart](https://github.com/ImMnan/Helm-crane-blazemeter/releases/download/1.0.0/blazemeter-crane-1.0.0.tgz)
 
 Deploy Blazemeter private location engine to your Kubernetes cluster using HELM chart. Plus the chart allows to make advanced configurations if required. 
 
@@ -37,7 +37,7 @@ To start with, Blazemeter user will need Harbour_ID, Ship_ID & Auth_token from B
 
 - Pull/Download the chart - tar file from the github repository 
 
-  [Download the latest Chart](https://github.com/ImMnan/Helm-crane-blazemeter/releases/download/0.1.3/blazemeter-crane-0.1.3.tgz)
+  [Download the latest Chart](https://github.com/ImMnan/Helm-crane-blazemeter/releases/download/1.0.0/blazemeter-crane-1.0.0.tgz)
 
 - Untar the chart
 ```bash
@@ -122,7 +122,7 @@ deployment:
   name: crane
   namespace: "bm"
 ```
-#### [4.5] Deplouying Non_provoledge container - NON_ROOT deployment. 
+#### [4.5] Deploying Non_provoledge container - NON_ROOT deployment. 
 - If you plan to deploy the Blazemeter crane as a non_Priviledged installation, make changes to this part of the `values` file.
 ```YAML
 non_privilege_container:
@@ -132,7 +132,19 @@ non_privilege_container:
 ```
 Change the `use` to `yes` and this will automatically run the deployment and consecutive pods as Non_root/Non_priviledge.
 
-#### [4.6] Verify if everything is setup correctly
+#### [4.5] Installing Istio based crane for mock service deployment within the k8s cluster. 
+- If this OPL/Private location is going to run mock services, make changes to this part of the `values` file.
+```yaml
+istio_ingress: 
+  use: no
+  credentialName: "wildcard-credential"
+  web_expose_subdomain: "mydomain.local"
+  pre_pulling: "true" 
+  istio_gateway_name: "bzm-gateway"
+```
+Change the `use` to `yes` and this will automatically setup istio-ingress for this installation. Which will allow outside traffic to access the mock-service pod. However, make sure istio is already installed and configured as per the [Blazemeter guide](https://help.blazemeter.com/docs/guide/private-locations-install-blazemeter-agent-for-kubernetes-for-mock-services.html?tocpath=Private%20Locations%7CInstallation%20of%20Private%20Locations%7C_____6) 
+
+#### [4.7] Verify if everything is setup correctly
 - Once the values are updated, please verify if the values are correctly used in the helm chart:
 
 ```
@@ -166,6 +178,7 @@ Therefore, ***always go with Node autoscalling***
 
 ## [8.0] Changelog:
 
+- 1.0.0 - Now supports mock service deployment to this kubernetes based crane installation
 - 0.1.3 - Supports configuration for non_proviledge container deployment, also added a license 
 - 0.1.2 - Supports Proxy, CA_certs as an additional configuration of Blazemeter crane deployment
 - 0.1.1 - Support proxy as an additional configurable aspect of Blazemeter crane deployment

templates/bzm-gateway.yaml

@@ -0,0 +1,34 @@
+{{ if .Values.istio_ingress.use }}
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: {{ .Values.istio_ingress.istio_gateway_name }}
+  namespace : {{ .Values.deployment.namespace }}
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - port:
+      number: 80
+      name: http-80
+      protocol: HTTP
+    hosts:
+    - "*"
+  - port:
+      number: 443
+      name: https-443
+      protocol: HTTPS
+    tls:
+      mode: PASSTHROUGH
+    hosts:
+    - "*"
+  - port:
+      number: 15443
+      name: https-15443
+      protocol: HTTPS
+    tls:
+      mode: SIMPLE
+      credentialName: {{ .Values.istio_ingress.credentialName }}
+    hosts:
+    - "*"
+{{ end }}

templates/configmap.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ .Release.Name }}-configmap
-  namespace: bm
+  namespace: {{ .Values.deployment.namespace }}
 data:
   certificate.crt: |-
 {{ .Files.Get "certificate.crt" | indent 4 }}

templates/crane.yaml

@@ -57,6 +57,22 @@ spec:
         - name: KUBERNETES_CA_BUNDLE_MOUNT
           value: REQUESTS_CA_BUNDLE={{ .Release.Name }}-configmap=certificate.crt:AWS_CA_BUNDLE={{ .Release.Name }}-configmap=certificate.crt
         {{- end -}}
+        {{ if .Values.istio_ingress.use }}
+        - name: KUBERNETES_WEB_EXPOSE_TYPE
+          value: ISTIO
+        - name: KUBERNETES_WEB_EXPOSE_SUB_DOMAIN
+          value: {{ .Values.istio_ingress.web_expose_subdomain | quote }}
+        - name: KUBERNETES_WEB_EXPOSE_TLS_SECRET_NAME
+          value: {{ .Values.istio_ingress.credentialName | quote }}
+        - name: KUBERNETES_SERVICE_USE_TYPE
+          value: CLUSTERIP
+        - name: KUBERNETES_USE_PRE_PULLING
+          value: {{ .Values.istio_ingress.pre_pulling | quote }}
+        - name: KUBERNETES_SERVICES_BLOCKING_GET
+          value: "true"
+        - name: KUBERNETES_ISTIO_GATEWAY_NAME
+          value: {{ .Values.istio_ingress.istio_gateway_name | quote }}
+        {{- end -}}
         {{ if .Values.non_privilege_container.use }}
         - name: INHERIT_RUNNING_USER_AND_GROUP
           value: 'true'

templates/rbac-cluster.yaml

@@ -7,7 +7,6 @@ rules:
   resources: ["nodes"]
   verbs: ["get", "list", "update", "watch", "patch"]
 
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -20,4 +19,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: {{ template "blazemeter-crane.serviceAccountName" . }}
-  namespace: {{ .Values.deployment.namespace }}
+  namespace: {{ .Values.deployment.namespace -}}

templates/rbac-ns.yaml

@@ -13,8 +13,12 @@ rules:
 - apiGroups: ["extensions", "apps", ""] # leave empty string for core
   resources: ["pods", "services", "endpoints", "daemonsets", "pods/*", "pods/exec", "deployments", "replicasets", "ingresses", "deployments/scale"]
   verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection", "createcollection"]
-
-
+{{ if .Values.istio_ingress.use }} 
+# this is for istio ingress for mock services
+- apiGroups: ["networking.istio.io"]
+  resources: ["destinationrules", "virtualservices", "gateways"]
+  verbs: ["get", "list", "create", "delete", "patch", "update"]
+{{ end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

values.yaml

@@ -5,8 +5,8 @@ deployment:
 
 matches:
   crane: "ready"
-  role: "role-crane"
-  clusterrole: "cluster-role-crane"
+  role: "roleCrane"
+  clusterrole: "cluster-roleCrane"
 
 serviceAccount:
   # Specifies whether a ServiceAccount should be created, currently BM OPLs in Kubernetes only supports default service account.
@@ -15,9 +15,9 @@ serviceAccount:
   name: 
 
 env:
-  authtoken: "sfbwig"
-  harbour_id: "lkndvoehrgo"
-  ship_id: "kjdf2397rknfdl"
+  authtoken: "AuthToken"
+  harbour_id: "HarbouId"
+  ship_id: "ShidId"
   docker_regirstry: "gcr.io/verdant-bulwark-278"
   auto_update: "'true'"
   image: "gcr.io/verdant-bulwark-278/blazemeter/crane:latest-master"
@@ -53,3 +53,15 @@ non_privilege_container:
   runAsUser: 1337
 
 restartPolicy: "Always"
+
+# Use Istio-Ingress if this Private location is going to run mock-services
+# Follow this guide till you have created a secret in istio-system namespace called wildcard-credential.
+# https://guide.blazemeter.com/hc/en-us/articles/20206158935953-Installing-a-BlazeMeter-Agent-for-Kubernetes-Mock-Services#h_01F68B8GZSBKE9A9G7TMK105F7
+
+istio_ingress: 
+  use: no
+  credentialName: "wildcard-credential"
+  web_expose_subdomain: "mydomain.local"
+  pre_pulling: "true" 
+  istio_gateway_name: "bzm-gateway"
+