Merge pull request #47 from ContainerSolutions/pr42

Pr42

Author: ianmiell

.github/workflows/test.yml

@@ -13,6 +13,7 @@ jobs:
         run: |
            curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar -zxf -
            sudo mv kubeconform /usr/local/bin
+           kubeconform -v
       - name: check all yaml
         run: |
           ./bin/test.sh | tee -a apply.txt

.yamllint

@@ -5,6 +5,9 @@ yaml-files:
   - '*.yml'
   - '.yamllint'
 
+ignore: |
+  .github/
+
 rules:
   braces: enable
   brackets: enable

Istio/DestinationRule/circuit-breaker.yaml

@@ -8,8 +8,8 @@ spec:
   host: service-a
   trafficPolicy:
     outlierDetection:
-      consecutive5xxErrors: 7 # Default 5
-      interval: 5m # Interval over which errors are counted and compared to the threshold. This is a periodic check, not a rolling one.
-      baseEjectionTime: 10s # Initial period for which the endpoint is ejected from the endpoint pool. Repeated ejections are longer each time. Default 30s
-      maxEjectionPercent: 50 # Max % of endpoints that can ejected from the endpoint pool. Default 10
-      minHealthPercent: 50 # Min % of endpoints in the endpoint pool that must be healthy for circuit-breaking to activate. Default 0
+      consecutive5xxErrors: 7  # Default 5
+      interval: 5m  # Interval over which errors are counted and compared to the threshold. This is a periodic check, not a rolling one.
+      baseEjectionTime: 10s  # Initial period for which the endpoint is ejected from the endpoint pool. Repeated ejections are longer each time. Default 30s
+      maxEjectionPercent: 50  # Max % of endpoints that can ejected from the endpoint pool. Default 10
+      minHealthPercent: 50  # Min % of endpoints in the endpoint pool that must be healthy for circuit-breaking to activate. Default 0

Istio/DestinationRule/connection-pool-settings.yaml

@@ -10,12 +10,12 @@ spec:
   trafficPolicy:
     connectionPool:
       tcp:
-        maxConnections: 100 # Default 4bn
-        connectTimeout: 50ms # Default 10s
-        tcpKeepalive: # TCP-level keepalives ie SO_KEEPALIVE
-          time: 3600s # Default 2h
-          interval: 50s # Default 75s
+        maxConnections: 100  # Default 4bn
+        connectTimeout: 50ms  # Default 10s
+        tcpKeepalive:  # TCP-level keepalives ie SO_KEEPALIVE
+          time: 3600s  # Default 2h
+          interval: 50s  # Default 75s
       http:
-        maxRequestsPerConnection: 1 # Disables HTTP connection keep-alive/reuse. Default unlimited
-        idleTimeout: 1m # How long a keep-alive tcp connection will stay open if unused for any http requests. Default 1h
-        h2UpgradePolicy: UPGRADE # Upgrade http1.1 connections arriving at the sidecar to h2 from sidecar -> workload. Default: use mesh-wide setting
+        maxRequestsPerConnection: 1  # Disables HTTP connection keep-alive/reuse. Default unlimited
+        idleTimeout: 1m  # How long a keep-alive tcp connection will stay open if unused for any http requests. Default 1h
+        h2UpgradePolicy: UPGRADE  # Upgrade http1.1 connections arriving at the sidecar to h2 from sidecar -> workload. Default: use mesh-wide setting

Istio/DestinationRule/load-balance.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: networking.istio.io/v1beta1
 kind: DestinationRule
 metadata:
@@ -6,4 +7,4 @@ spec:
   host: service-a
   trafficPolicy:
     loadBalancer:
-      simple: LEAST_CONN # Default: ROUND_ROBIN, others: RANDOM
+      simple: LEAST_CONN  # Default: ROUND_ROBIN, others: RANDOM

Istio/DestinationRule/sticky-sessions.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: networking.istio.io/v1beta1
 kind: DestinationRule
 metadata:

Istio/DestinationRule/subsets.yaml

@@ -6,9 +6,9 @@ metadata:
 spec:
   host: service-a
   subsets:
-  - name: v1 # Arbitrary name for subset
-    labels: # Kubernetes Pod labels to match
-      version: v1
-  - name: v2
-    labels:
-      version: v2
+    - name: v1  # Arbitrary name for subset
+      labels:  # Kubernetes Pod labels to match
+        version: v1
+    - name: v2
+      labels:
+        version: v2

Istio/DestinationRule/tls.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: networking.istio.io/v1beta1
 kind: DestinationRule
 metadata:
@@ -8,7 +9,7 @@ spec:
     tls:
       mode: SIMPLE
 ---
-# NB: This establishes an mTLS connection with an upstream endpoint. 
+# NB: This establishes an mTLS connection with an upstream endpoint.
 # It's for _mesh-external_ endpoints; within the mesh Istio automatically establishes mTLS connections between pairs of sidecars.
 apiVersion: networking.istio.io/v1beta1
 kind: DestinationRule

Istio/VirtualService/README.md

@@ -0,0 +1,10 @@
+# VirtualService
+`VirtualServices` configure routing rules for traffic.
+
+Traffic is identified by the _Host_ it's addressed to in its layer 7 request header (there must be at most one VirtualService per Host).
+For a given protocol, Routing Rules are then tried in order until one matches the attributes of the request.
+The matching routing rule specifies a Service to which to send the request (a _Service_ is effectively a Kubernetes `Service`, qv).
+Optionally, a subset of the Service's Pods can be targeted using Subsets (see `DestinationRule`)
+
+VirtualServices can be thought of as an "active" bump-on-the-wire through which requests are sent.
+They can apply various transforms to the traffic passing through them, such as header manipulation, delay injection, etc.

Istio/VirtualService/delay-injection.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: delay-injection
+spec:
+  hosts:
+    - service-a
+  http:
+    - fault:
+        delay:
+          fixedDelay: 10s
+          percentage:
+            value: 100.0
+      route:
+        - destination:
+            host: service-a