switch back to http

Author: alex-treebeard

.devcontainer/Dockerfile

@@ -15,4 +15,4 @@ RUN sudo apt-get update -y && sudo apt-get install -y \
   iputils-ping \
   traceroute \
   kmod
-ENV PATH="/workspaces/shadowfax/bin:/home/vscode/.local/bin/:$PATH"
+ENV PATH="/home/vscode/.local/bin/:$PATH"

.devcontainer/devcontainer.json

@@ -66,7 +66,7 @@
     },
     "ghcr.io/rio/features/k9s:1": {
     },
-    "ghcr.io/devcontainers-contrib/features/vercel-cli:1": {
+    "ghcr.io/devcontainers-contrib/features/istioctl:1": {
     },
   },
   "mounts": [

README.md

@@ -90,6 +90,7 @@
 | <a name="input_enable_external_secrets"></a> [enable\_external\_secrets](#input\_enable\_external\_secrets) | n/a | `bool` | `false` | no |
 | <a name="input_enable_gatekeeper"></a> [enable\_gatekeeper](#input\_enable\_gatekeeper) | n/a | `bool` | `false` | no |
 | <a name="input_enable_gpu_operator"></a> [enable\_gpu\_operator](#input\_enable\_gpu\_operator) | n/a | `bool` | `false` | no |
+| <a name="input_enable_istio_resources"></a> [enable\_istio\_resources](#input\_enable\_istio\_resources) | Enable istio resources for clusters with pre-existing istio | `bool` | `true` | no |
 | <a name="input_enable_kserve"></a> [enable\_kserve](#input\_enable\_kserve) | n/a | `bool` | `false` | no |
 | <a name="input_enable_kubeflow_pipelines"></a> [enable\_kubeflow\_pipelines](#input\_enable\_kubeflow\_pipelines) | n/a | `bool` | `false` | no |
 | <a name="input_enable_kuberay"></a> [enable\_kuberay](#input\_enable\_kuberay) | n/a | `bool` | `false` | no |

examples/k3s/main.tf

@@ -16,13 +16,13 @@ terraform {
   }
   backend "kubernetes" {
     secret_suffix = "state"
-    config_path   = "/home/vscode/.kube/config"
+    config_path   = "~/.kube/dev3.yaml"
   }
 }
 
 variable "kubeconfig_path" {
   type    = string
-  default = "/home/vscode/.kube/config"
+  default = "~/.kube/dev3.yaml"
 }
 
 provider "kustomization" {

main.tf

@@ -90,28 +90,28 @@ data "kustomization_overlay" "istio_install" {
   ]
 
 
-  dynamic "patches" {
-    for_each = var.enable_external_dns ? [1] : []
-    content {
-      target {
-        kind      = "Service"
-        name      = "istio-ingressgateway"
-        namespace = "istio-system"
-      }
-      patch = <<EOF
-apiVersion: v1
-kind: Service
-metadata:
-  name: istio-ingressgateway
-  namespace: istio-system
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: ${var.hostname}
-    external-dns.alpha.kubernetes.io/ttl: "60" #optional
-spec:
-  type: LoadBalancer
-EOF
-    }
-  }
+  #   dynamic "patches" {
+  #     for_each = var.enable_external_dns ? [1] : []
+  #     content {
+  #       target {
+  #         kind      = "Service"
+  #         name      = "istio-ingressgateway"
+  #         namespace = "istio-system"
+  #       }
+  #       patch = <<EOF
+  # apiVersion: v1
+  # kind: Service
+  # metadata:
+  #   name: istio-ingressgateway
+  #   namespace: istio-system
+  #   annotations:
+  #     external-dns.alpha.kubernetes.io/hostname: ${var.hostname}
+  #     external-dns.alpha.kubernetes.io/ttl: "60" #optional
+  # spec:
+  #   type: LoadBalancer
+  # EOF
+  #     }
+  # }
 }
 
 module "istio_install" {
@@ -127,7 +127,7 @@ data "kustomization_overlay" "oidc_authservice" {
     name     = "oidc-authservice-parameters"
     behavior = "merge"
     literals = [
-      "OIDC_PROVIDER=${var.protocol}${var.hostname}${var.port}/dex"
+      # "OIDC_PROVIDER=${var.protocol}${var.hostname}${var.port}/dex"
     ]
   }
 
@@ -157,7 +157,7 @@ metadata:
   namespace: auth
 data:
   config.yaml: |-
-    issuer: ${local.base_url}/dex
+    issuer: http://dex.auth.svc.cluster.local:5556/dex
     storage:
       type: kubernetes
       config:
@@ -237,10 +237,12 @@ module "knative_serving" {
 }
 
 data "kustomization_build" "cluster_local_gateway" {
-  path = "${path.module}/submodules/manifests/common/istio-1-17/cluster-local-gateway/base"
+  count = var.enable_kserve ? 1 : 0
+  path  = "${path.module}/submodules/manifests/common/istio-1-17/cluster-local-gateway/base"
 }
 
 module "cluster_local_gateway" {
+  count  = var.enable_kserve ? 1 : 0
   source = "./modules/kust"
   build  = data.kustomization_build.cluster_local_gateway
   depends_on = [
@@ -279,33 +281,41 @@ module "kubeflow_roles" {
 
 ## kubeflow istio resources
 
+variable "enable_istio_resources" {
+  type        = bool
+  default     = true
+  description = "Enable istio resources for clusters with pre-existing istio"
+}
+
 data "kustomization_overlay" "kubeflow_istio_resources" {
+  count = var.enable_istio_resources ? 1 : 0
   resources = [
     "${path.module}/overlays/istio-resources"
   ]
-  patches {
-    target {
-      kind      = "Certificate"
-      name      = "gateway-cert"
-      namespace = "istio-system"
-    }
-    patch = <<EOF
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: gateway-cert
-  namespace: istio-system
-spec:
-  commonName: ${var.hostname}
-  dnsNames:
-    - ${var.hostname}
-EOF
-  }
+  #   patches {
+  #     target {
+  #       kind      = "Certificate"
+  #       name      = "gateway-cert"
+  #       namespace = "istio-system"
+  #     }
+  #     patch = <<EOF
+  # apiVersion: cert-manager.io/v1
+  # kind: Certificate
+  # metadata:
+  #   name: gateway-cert
+  #   namespace: istio-system
+  # spec:
+  #   commonName: ${var.hostname}
+  #   dnsNames:
+  #     - ${var.hostname}
+  # EOF
+  #   }
 }
 
 module "kubeflow_istio_resources" {
+  count  = var.enable_istio_resources ? 1 : 0
   source = "./modules/kust"
-  build  = data.kustomization_overlay.kubeflow_istio_resources
+  build  = data.kustomization_overlay.kubeflow_istio_resources[0]
   depends_on = [
     module.kubeflow_roles
   ]

overlays/istio-resources/cert.yaml

@@ -1,26 +1,26 @@
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: treebeard-issuer
-  namespace: istio-system
-spec:
-  acme:
-    email: <patch me>
-    preferredChain: ''
-    privateKeySecretRef:
-      name: treebeard-issuer-account-key
-    server: https://acme-v02.api.letsencrypt.org/directory
-    solvers:
-    - dns01:
-        route53:
-          region: <patch me>
-          hostedZoneID: <patch me>
-          accessKeyIDSecretRef:
-            name: aws-credentials
-            key: aws_access_key_id
-          secretAccessKeySecretRef:
-            name: aws-credentials
-            key: aws_secret_access_key
+# apiVersion: cert-manager.io/v1
+# kind: Issuer
+# metadata:
+#   name: treebeard-issuer
+#   namespace: istio-system
+# spec:
+#   acme:
+#     email: <patch me>
+#     preferredChain: ''
+#     privateKeySecretRef:
+#       name: treebeard-issuer-account-key
+#     server: https://acme-v02.api.letsencrypt.org/directory
+#     solvers:
+#     - dns01:
+#         route53:
+#           region: <patch me>
+#           hostedZoneID: <patch me>
+#           accessKeyIDSecretRef:
+#             name: aws-credentials
+#             key: aws_access_key_id
+#           secretAccessKeySecretRef:
+#             name: aws-credentials
+#             key: aws_secret_access_key
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate

overlays/istio-resources/kustomization.yaml

@@ -3,5 +3,5 @@ kind: Kustomization
 resources:
 - ../../submodules/manifests/common/istio-1-17/kubeflow-istio-resources/base
 - cert.yaml
-patches: # only needed when using TLS loadbalancer
-- path: patches/resources.yaml
+# patches: # only needed when using TLS loadbalancer
+# - path: patches/resources.yaml

scripts/setup-krew.sh

@@ -1,4 +1,3 @@
-export KREW_ROOT=/workspaces/shadowfax
 set -x; cd "$(mktemp -d)" &&
 OS="$(uname | tr '[:upper:]' '[:lower:]')" &&
 ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')" &&