From 3cfa3512e66eaf6748a3aca51a89435e9e7f1297 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Fri, 21 Aug 2020 14:17:47 +0100 Subject: [PATCH] Switch istio ingress to http healthchecks, more tuning --- .../templates/ingress-gateway.yaml | 2 ++ .../templates/istio-private-ingress.yaml | 29 +++++++++++-------- charts/kubezero-istio/templates/istio.yaml | 9 ++++-- 3 files changed, 26 insertions(+), 14 deletions(-) diff --git a/charts/kubezero-istio/templates/ingress-gateway.yaml b/charts/kubezero-istio/templates/ingress-gateway.yaml index f183be0..63b9de4 100644 --- a/charts/kubezero-istio/templates/ingress-gateway.yaml +++ b/charts/kubezero-istio/templates/ingress-gateway.yaml @@ -29,6 +29,7 @@ spec: serverCertificate: /etc/istio/ingressgateway-certs/tls.crt credentialName: public-ingress-cert +{{- if .Values.ingress.private.enabled }} --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway @@ -78,3 +79,4 @@ spec: protocol: TCP hosts: - "*" +{{- end }} diff --git a/charts/kubezero-istio/templates/istio-private-ingress.yaml b/charts/kubezero-istio/templates/istio-private-ingress.yaml index 40b753e..7966539 100644 --- a/charts/kubezero-istio/templates/istio-private-ingress.yaml +++ b/charts/kubezero-istio/templates/istio-private-ingress.yaml @@ -80,6 +80,11 @@ spec: values: istio-private-ingressgateway type: {{ default "NodePort" .Values.ingress.type }} ports: + - name: http-status + port: 15021 + {{- if eq .Values.ingress.type "NodePort" }} + nodePort: 31021 + {{- end }} - name: http2 port: 80 {{- if eq .Values.ingress.type "NodePort" }} @@ -90,31 +95,31 @@ spec: {{- if eq .Values.ingress.type "NodePort" }} nodePort: 31443 {{- end }} - - name: amqp - port: 5672 - {{- if eq .Values.ingress.type "NodePort" }} - nodePort: 30672 - {{- end }} - - name: amqps - port: 5671 - {{- if eq .Values.ingress.type "NodePort" }} - nodePort: 30671 - {{- end }} - name: fluentd-forward port: 24224 {{- if eq .Values.ingress.type "NodePort" }} nodePort: 31224 {{- end }} + - name: amqps + port: 5671 + {{- if eq .Values.ingress.type "NodePort" }} + nodePort: 31671 + {{- end }} + - name: amqp + port: 5672 + {{- if eq .Values.ingress.type "NodePort" }} + nodePort: 31672 + {{- end }} sds: enabled: true image: node-agent-k8s resources: limits: - cpu: 2000m + #cpu: 2000m memory: 1024Mi requests: cpu: 100m - memory: 128Mi + memory: 64Mi secretVolumes: - mountPath: /etc/istio/ingressgateway-certs name: ingressgateway-certs diff --git a/charts/kubezero-istio/templates/istio.yaml b/charts/kubezero-istio/templates/istio.yaml index 25a26f4..50831ae 100644 --- a/charts/kubezero-istio/templates/istio.yaml +++ b/charts/kubezero-istio/templates/istio.yaml @@ -49,11 +49,11 @@ spec: {{- end }} resources: limits: - cpu: 2000m + # cpu: 2000m memory: 1024Mi requests: cpu: 100m - memory: 128Mi + memory: 64Mi strategy: rollingUpdate: maxSurge: 100% @@ -112,6 +112,11 @@ spec: values: istio-ingressgateway type: {{ default "NodePort" .Values.ingress.type }} ports: + - name: http-status + port: 15021 + {{- if eq .Values.ingress.type "NodePort" }} + nodePort: 30021 + {{- end }} - name: http2 port: 80 {{- if eq .Values.ingress.type "NodePort" }}