diff --git a/Makefile b/Makefile index 187aa14..119f439 100644 --- a/Makefile +++ b/Makefile @@ -15,6 +15,9 @@ CONTAINER_SOURCES := $(shell find var/container) HELM_SOURCES := $(shell find var/helm) HELM_TARGET := dist/mrmat-python-api-fastapi-$(VERSION).tgz +# Can be either 'sidecar' or 'ambient' +ISTIO := ambient + all: python container helm python: $(PYTHON_TARGET) helm: $(HELM_TARGET) @@ -40,13 +43,16 @@ container: $(PYTHON_TARGET) $(CONTAINER_SOURCES) helm-install: $(HELM_TARGET) kubectl create ns mpafastapi || true - kubectl label --overwrite ns mpafastapi istio-injection=true + if test "$(ISTIO)" == "sidecar"; then kubectl label --overwrite ns mpafastapi istio-injection=true; fi + if test "$(ISTIO)" == "ambient"; then kubectl label --overwrite ns mpafastapi istio.io/dataplane-mode=ambient; fi helm upgrade \ mrmat-python-api-fastapi \ ${HELM_TARGET} \ --install \ + --wait \ --force \ - --namespace mpafastapi + --namespace mpafastapi \ + --set istio=$(ISTIO) helm-uninstall: helm delete -n mpafastapi mrmat-python-api-fastapi diff --git a/src/mrmat_python_api_fastapi/app.py b/src/mrmat_python_api_fastapi/app.py index 277d4a2..1e78f03 100644 --- a/src/mrmat_python_api_fastapi/app.py +++ b/src/mrmat_python_api_fastapi/app.py @@ -21,6 +21,7 @@ # SOFTWARE. from fastapi import FastAPI +from fastapi.security import OAuth2PasswordBearer from prometheus_fastapi_instrumentator import Instrumentator @@ -29,6 +30,7 @@ from mrmat_python_api_fastapi.apis.platform import api_platform_v1 app = FastAPI(title='MrMat :: Python :: API :: FastAPI') +oauth2_scheme = OAuth2PasswordBearer(tokenUrl='token') app.include_router(api_healthz, prefix='/api/healthz', tags=['health']) app.include_router(api_greeting_v1, prefix='/api/greeting/v1', tags=['greeting']) app.include_router(api_greeting_v2, prefix='/api/greeting/v2', tags=['greeting']) diff --git a/var/helm/templates/deployment.yaml b/var/helm/templates/deployment.yaml index e293fd0..81701c5 100644 --- a/var/helm/templates/deployment.yaml +++ b/var/helm/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - name: APP_CONFIG value: /config/app_config.json - name: OTEL_SERVICE_NAME - value: "mrmat-python-api-fastapi" + value: "{{ .Release.Namespace }}.mpafastapi" - name: OTEL_TRACES_EXPORTER value: "otlp" - name: OTEL_METRICS_EXPORTER diff --git a/var/helm/templates/ingress.yaml b/var/helm/templates/edge-ingress.yaml similarity index 93% rename from var/helm/templates/ingress.yaml rename to var/helm/templates/edge-ingress.yaml index 42aaf69..290972b 100644 --- a/var/helm/templates/ingress.yaml +++ b/var/helm/templates/edge-ingress.yaml @@ -1,4 +1,4 @@ -{{- if .Values.ingress.enabled }} +{{- if eq .Values.edge.kind "ingress" }} --- apiVersion: networking.k8s.io/v1 kind: Ingress diff --git a/var/helm/templates/route.yaml b/var/helm/templates/edge-istio-gateway-api.yaml similarity index 80% rename from var/helm/templates/route.yaml rename to var/helm/templates/edge-istio-gateway-api.yaml index 2ccaca0..9a462b5 100644 --- a/var/helm/templates/route.yaml +++ b/var/helm/templates/edge-istio-gateway-api.yaml @@ -1,4 +1,4 @@ -{{- if .Values.route.enabled -}} +{{- if eq .Values.edge.kind "istio-gateway-api" -}} apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: @@ -11,13 +11,11 @@ spec: - {{ . | quote }} {{- end }} parentRefs: - {{- range .Values.route.parents }} - group: gateway.networking.k8s.io kind: Gateway - name: {{ .name }} - namespace: {{ .namespace }} + name: {{ .Values.edge.name }} + namespace: {{ .Values.edge.ns }} sectionName: mpafastapi - {{- end }} rules: - backendRefs: - kind: Service diff --git a/var/helm/templates/edge-istio.yaml b/var/helm/templates/edge-istio.yaml new file mode 100644 index 0000000..fa743dd --- /dev/null +++ b/var/helm/templates/edge-istio.yaml @@ -0,0 +1,14 @@ +{{- if eq .Values.edge.kind "istio" }} +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: waypoint + namespace: {{ .Release.Namespace }} +spec: + gatewayClassName: istio-waypoint + listeners: + - name: mesh + port: 15008 + protocol: HBONE +{{- end }} diff --git a/var/helm/values.yaml b/var/helm/values.yaml index 40dbaae..f8f1f55 100644 --- a/var/helm/values.yaml +++ b/var/helm/values.yaml @@ -15,18 +15,25 @@ svc: name: svc-mpafastapi port: 80 +edge: + ns: edge + name: edge-ingress + kind: istio-gateway-api + route: enabled: false name: route-mpafastapi hostnames: - - mpafastapi.covenant.local + - mpafastapi.nostromo.k8s parents: - name: edge-ingress namespace: edge +istio: ambient + ingress: - enabled: true + enabled: false hostname: mpafastapi.nostromo.k8s config: - db_url: "sqlite://data/db.sqlite3" + db_url: "sqlite:////data/db.sqlite3"