Add istio sample

hyperv-k8s.ps1

@@ -616,7 +616,7 @@ switch -regex ($args) {
     $oldPath = (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).Path
     $newPath = "$oldPath;C:\kubectl;C:\git\bin;C:\docker;C:\qemu-img"    
     Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH -Value $newPath
-    $env:Path = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path", "User") 
+    $env:Path = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path", "User")
   }
   ^Show-Config$ {
     Write-Output "   version: $version"

k8s/istio/README.md

@@ -0,0 +1,38 @@
+# Download isito
+```powershell
+Invoke-WebRequest -Uri 'https://github.com/istio/istio/releases/download/1.11.1/istio-1.11.1-win.zip' -OutFile 'C:\istio.zip'
+Expand-Archive -LiteralPath 'C:\istio.zip' -DestinationPath C:\
+Remove-Item 'C:\istio.zip'
+```
+
+# Add to PATH
+```powershell 
+$oldPath = (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).Path
+$newPath = "$oldPath;C:\istio-1.11.1\bin"    
+Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH -Value $newPath
+$env:Path = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path", "User")
+```
+
+# Determining the ingress IP and ports
+
+```powershell
+$INGRESS_HOST = (kubectl -n istio-system get service istio-ingressgateway -o json | ConvertFrom-Json).status.loadBalancer.ingress[0].ip
+$INGRESS_PORT = ((kubectl -n istio-system get service istio-ingressgateway -o json | ConvertFrom-Json).spec.ports | where {
+ $_.name -eq "http2" }).port
+$SECURE_INGRESS_PORT = ((kubectl -n istio-system get service istio-ingressgateway -o json | ConvertFrom-Json).spec.ports | where {
+ $_.name -eq "https" }).port
+```
+
+# Install istio addons
+
+```powershell
+cd C:\istio-1.11.1
+kubectl apply -f samples/addons
+kubectl apply -f https://raw.githubusercontent.com/nvtienanh/hyperv-k8s/main/k8s/istio/istio-services-node-port.yaml
+```
+
+# NetNatStaticMapping
+
+```powershell
+Add-NetNatStaticMapping -ExternalIPAddress "0.0.0.0/24" -ExternalPort 30002 -Protocol TCP -InternalIPAddress "10.10.0.10" -InternalPort 32493,32494,32495,32496 -NatName KubeNatNet
+```

k8s/istio/istio-services-node-port.yaml

@@ -0,0 +1,83 @@
+#Grafana
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: grafana
+    release: istio
+  name: grafana-np
+  namespace: istio-system
+spec:
+  ports:
+  - name: http
+    nodePort: 32493
+    port: 3000
+    protocol: TCP
+    targetPort: 3000
+  selector:
+    app: grafana
+  sessionAffinity: None
+  type: NodePort
+---
+#prometheus
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: prometheus
+    release: istio
+  name: prometheus-np
+  namespace: istio-system
+spec:
+  ports:
+  - name: http
+    nodePort: 32494
+    port: 9090
+    protocol: TCP
+    targetPort: 9090
+  selector:
+    app: prometheus
+  sessionAffinity: None
+  type: NodePort
+---
+#jaeger
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: jaeger
+    release: istio
+  name: tracing-np
+  namespace: istio-system
+spec:
+  ports:
+  - name: http-tracing
+    nodePort: 32495
+    port: 80
+    protocol: TCP
+    targetPort: 16686
+  selector:
+    app: jaeger
+  sessionAffinity: None
+  type: NodePort
+---
+#kiali
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: kiali
+    release: istio
+  name: kiali-np
+  namespace: istio-system
+spec:
+  ports:
+  - name: http-kiali
+    nodePort: 32496
+    port: 20001
+    protocol: TCP
+    targetPort: 20001
+  selector:
+    app: kiali
+  sessionAffinity: None
+  type: NodePort

k8s/letsencrypt-issuer/cluster-issuer.yaml

@@ -0,0 +1,49 @@
+# Dev ClusterIssue
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-dev
+spec:
+  selfSigned: {}
+---
+
+# Staging ClusterIssue
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: [email protected]
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
+
+# Production ClusterIssue
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: [email protected]
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: nginx