Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Istio Crypto Scheduled Workflow #79

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
374 changes: 374 additions & 0 deletions .github/workflows/CryptoMB-design.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,374 @@
name: CryptoMB-TLS-handshake-acceleration-for-Istio
services:
example-istiocontrolplane:
name: example-istiocontrolplane
type: IstioOperator
apiVersion: install.istio.io/v1alpha1
namespace: istio-system
model: istio-base
version: 1.16.0
settings:
spec:
components:
egress Gateways:
- enabled: true
name: istio-egressgateway
ingress Gateways:
- enabled: true
k8s:
pod Annotations:
proxy.istio.io/config: |
privateKeyProvider:
cryptomb:
pollDelay: 10ms
name: istio-ingressgateway
profile: demo
traits:
meshmap:
edges: []
id: 0a9190c6-3b94-4497-9b5e-0e26e26a3f4a
label: example-istiocontrolplane
meshmodel-metadata:
isCustomResource: true
isNamespaced: true
primaryColor: '#326CE5'
secondaryColor: '#7aa1f0'
shape: circle
svgColor: ui/public/static/img/meshmodels/kubernetes/color/apiservice-color.svg
svgWhite: ui/public/static/img/meshmodels/kubernetes/white/apiservice-white.svg
position:
posX: 448.11615449152737
posY: 115.57287677378196
istio-operator-btexb:
name: istio-operator
type: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
model: kubernetes
settings:
rules:
- api Groups:
- authentication.istio.io
resources:
- '*'
verbs:
- '*'
- api Groups:
- config.istio.io
resources:
- '*'
verbs:
- '*'
- api Groups:
- install.istio.io
resources:
- '*'
verbs:
- '*'
- api Groups:
- networking.istio.io
resources:
- '*'
verbs:
- '*'
- api Groups:
- security.istio.io
resources:
- '*'
verbs:
- '*'
- api Groups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- '*'
- api Groups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions.apiextensions.k8s.io
- customresourcedefinitions
verbs:
- '*'
- api Groups:
- apps
- extensions
resources:
- daemonsets
- deployments
- deployments/finalizers
- replicasets
verbs:
- '*'
- api Groups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- '*'
- api Groups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- update
- api Groups:
- policy
resources:
- poddisruptionbudgets
verbs:
- '*'
- api Groups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
verbs:
- '*'
- api Groups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
- api Groups:
- ""
resources:
- configmaps
- endpoints
- events
- namespaces
- pods
- pods/proxy
- pods/portforward
- persistentvolumeclaims
- secrets
- services
- serviceaccounts
- resourcequotas
verbs:
- '*'
traits:
meshmap:
edges: []
id: f9e95f4b-ffef-4523-917c-1442bb59b53b
label: istio-operator
meshmodel-metadata:
genealogy: ""
isCustomResource: false
isNamespaced: false
logoURL: Created by Lee
model: kubernetes
modelDisplayName: Kubernetes
primaryColor: '#326CE5'
published: true
secondaryColor: '#7aa1f0'
shape: round-rectangle
styleOverrides: '{"height":"22px","width":"16px","padding":"6px"}'
subCategory: Scheduling & Orchestration
svgColor: ui/public/static/img/meshmodels/kubernetes/color/clusterrole-color.svg
svgComplete: ""
svgWhite: ui/public/static/img/meshmodels/kubernetes/white/clusterrole-white.svg
position:
posX: 671.5732114890026
posY: 194.95822565413835
istio-operator-danjd:
name: istio-operator
type: Service
apiVersion: v1
namespace: istio-operator
model: kubernetes
settings:
spec:
ports:
- name: http-metrics
port: 80
protocol: TCP
target Port: 8383
selector:
name: istio-operator
traits:
meshmap:
edges: []
id: d24ca3fc-fb37-40d6-86b7-a2665b24f120
label: istio-operator
meshmodel-metadata:
genealogy: ""
isCustomResource: false
isNamespaced: true
logoURL: https://github.com/cncf/artwork/blob/master/projects/kubernetes/icon/white/kubernetes-icon-white.svg
model: kubernetes
modelDisplayName: Kubernetes
primaryColor: '#326CE5'
published: true
secondaryColor: '#7aa1f0'
shape: round-triangle
styleOverrides: '{"height":16,"width":17,"padding":12,"background-fit":"none","background-position-y":4.5}'
subCategory: Scheduling & Orchestration
svgColor: ui/public/static/img/meshmodels/kubernetes/color/apiservice-color.svg
svgComplete: ""
svgWhite: ui/public/static/img/meshmodels/kubernetes/white/apiservice-white.svg
position:
posX: 484.9355395872588
posY: 168.2587641981373
istio-operator-gblro:
name: istio-operator
type: Deployment
apiVersion: apps/v1
namespace: istio-operator
model: kubernetes
settings:
spec:
replicas: 1
revision History Limit: 10
selector:
match Labels:
name: istio-operator
template:
metadata:
annotations:
prometheus.io/port: "15014"
prometheus.io/scrape: "true"
labels:
name: istio-operator
spec:
containers:
- command:
- operator
- server
- --monitoring-host=127.0.0.1
- --monitoring-port=15014
env:
- name: WATCH_NAMESPACE
value: istio-system
- name: LEADER_ELECTION_NAMESPACE
value: istio-operator
- name: POD_NAME
value From:
field Ref:
field Path: metadata.name
- name: OPERATOR_NAME
value: istio-operator
- name: WAIT_FOR_RESOURCES_TIMEOUT
value: 300s
- name: REVISION
value: ""
image: docker.io/istio/operator:1.18.0
name: istio-operator
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
security Context:
allow Privilege Escalation: false
capabilities:
drop:
- ALL
privileged: false
read Only Root Filesystem: true
run As Group: 1337
run As Non Root: true
run As User: 1337
service Account Name: istio-operator
traits:
meshmap:
edges: []
id: 8e79be8c-da6a-49fe-8bc2-6decf12fd7c1
label: istio-operator
meshmodel-metadata:
genealogy: parent
isCustomResource: false
isNamespaced: true
logoURL: Created by Lee
model: kubernetes
modelDisplayName: Kubernetes
primaryColor: '#326CE5'
published: true
secondaryColor: '#7aa1f0'
shape: round-pentagon
styleOverrides: '{"background-image":"none","border-width":2,"background-opacity":0.5}'
subCategory: Scheduling & Orchestration
svgColor: ui/public/static/img/meshmodels/kubernetes/color/deployment-color.svg
svgComplete: ui/public/static/img/meshmodels/kubernetes/complete/deployment-complete.svg
svgWhite: ui/public/static/img/meshmodels/kubernetes/color/deployment-color.svg
position:
posX: 492.1229787505797
posY: 234.6048777043293
istio-operator-ioxyg:
name: istio-operator
type: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
namespace: istio-operator
model: kubernetes
settings:
role Ref:
api Group: rbac.authorization.k8s.io
kind: ClusterRole
name: istio-operator
subjects:
- kind: ServiceAccount
name: istio-operator
namespace: istio-operator
traits:
meshmap:
edges: []
id: c3ad3045-b7a5-4b15-bafc-55ad9cc2bce6
label: istio-operator
meshmodel-metadata:
genealogy: ""
isCustomResource: false
isNamespaced: false
logoURL: Created by Lee
model: kubernetes
modelDisplayName: Kubernetes
primaryColor: '#326CE5'
published: true
secondaryColor: '#7aa1f0'
shape: round-rectangle
styleOverrides: '{"height":"22px","width":"16px","padding":"6px", "z-index":9999}'
subCategory: Scheduling & Orchestration
svgColor: ui/public/static/img/meshmodels/kubernetes/color/clusterrolebinding-color.svg
svgComplete: ""
svgWhite: ui/public/static/img/meshmodels/kubernetes/white/clusterrolebinding-white.svg
position:
posX: 583.5433705937176
posY: 276.8033383692807
istio-operator-kgmgw:
name: istio-operator
type: ServiceAccount
apiVersion: v1
namespace: istio-operator
model: kubernetes
traits:
meshmap:
edges: []
id: 9240267f-d393-4c5d-bdf9-596bacf0ebf0
label: istio-operator
meshmodel-metadata:
genealogy: ""
isCustomResource: false
isNamespaced: true
logoURL: https://github.com/cncf/artwork/blob/master/projects/kubernetes/icon/white/kubernetes-icon-white.svg
model: kubernetes
modelDisplayName: Kubernetes
primaryColor: '#326CE5'
published: true
secondaryColor: '#7aa1f0'
shape: round-rectangle
styleOverrides: ""
subCategory: Scheduling & Orchestration
svgColor: ui/public/static/img/meshmodels/kubernetes/color/serviceaccount-color.svg
svgComplete: ""
svgWhite: ui/public/static/img/meshmodels/kubernetes/color/serviceaccount-color.svg
position:
posX: 561.5
posY: 194.5
Loading