Merge pull request #8 from MrMatAP/feature/auth

Edge Variants

Author: MrMatAP

Makefile

@@ -15,6 +15,9 @@ CONTAINER_SOURCES := $(shell find var/container)
 HELM_SOURCES := $(shell find var/helm)
 HELM_TARGET := dist/mrmat-python-api-fastapi-$(VERSION).tgz
 
+# Can be either 'sidecar' or 'ambient'
+ISTIO := ambient
+
 all: python container helm
 python: $(PYTHON_TARGET)
 helm: $(HELM_TARGET)
@@ -40,13 +43,16 @@ container: $(PYTHON_TARGET) $(CONTAINER_SOURCES)
 
 helm-install: $(HELM_TARGET)
 	kubectl create ns mpafastapi || true
-	kubectl label --overwrite ns mpafastapi istio-injection=true
+	if test "$(ISTIO)" == "sidecar"; then kubectl label --overwrite ns mpafastapi istio-injection=true; fi
+	if test "$(ISTIO)" == "ambient"; then kubectl label --overwrite ns mpafastapi istio.io/dataplane-mode=ambient; fi
 	helm upgrade \
 		mrmat-python-api-fastapi \
 		${HELM_TARGET} \
 		--install \
+		--wait \
 		--force \
-		--namespace mpafastapi
+		--namespace mpafastapi \
+		--set istio=$(ISTIO)
 
 helm-uninstall:
 	helm delete -n mpafastapi mrmat-python-api-fastapi

src/mrmat_python_api_fastapi/app.py

@@ -21,6 +21,7 @@
 #  SOFTWARE.
 
 from fastapi import FastAPI
+from fastapi.security import OAuth2PasswordBearer
 
 from prometheus_fastapi_instrumentator import Instrumentator
 
@@ -29,6 +30,7 @@
 from mrmat_python_api_fastapi.apis.platform import api_platform_v1
 
 app = FastAPI(title='MrMat :: Python :: API :: FastAPI')
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl='token')
 app.include_router(api_healthz, prefix='/api/healthz', tags=['health'])
 app.include_router(api_greeting_v1, prefix='/api/greeting/v1', tags=['greeting'])
 app.include_router(api_greeting_v2, prefix='/api/greeting/v2', tags=['greeting'])

var/helm/templates/deployment.yaml

@@ -37,7 +37,7 @@ spec:
           - name: APP_CONFIG
             value: /config/app_config.json
           - name: OTEL_SERVICE_NAME
-            value: "mrmat-python-api-fastapi"
+            value: "{{ .Release.Namespace }}.mpafastapi"
           - name: OTEL_TRACES_EXPORTER
             value: "otlp"
           - name: OTEL_METRICS_EXPORTER

var/helm/templates/ingress.yaml var/helm/templates/edge-ingress.yamlvar/helm/templates/ingress.yaml renamed to var/helm/templates/edge-ingress.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.ingress.enabled }}
+{{- if eq .Values.edge.kind "ingress" }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress

var/helm/templates/route.yaml …lm/templates/edge-istio-gateway-api.yamlvar/helm/templates/route.yaml renamed to var/helm/templates/edge-istio-gateway-api.yaml var/helm/templates/route.yaml renamed to var/helm/templates/edge-istio-gateway-api.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.route.enabled -}}
+{{- if eq .Values.edge.kind "istio-gateway-api" -}}
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
@@ -11,13 +11,11 @@ spec:
   - {{ . | quote }}
   {{- end }}
   parentRefs:
-  {{- range .Values.route.parents }}
   - group: gateway.networking.k8s.io
     kind: Gateway
-    name: {{ .name }}
-    namespace: {{ .namespace }}
+    name: {{ .Values.edge.name }}
+    namespace: {{ .Values.edge.ns }}
     sectionName: mpafastapi
-  {{- end }}
   rules:
   - backendRefs:
     - kind: Service

var/helm/templates/edge-istio.yaml

@@ -0,0 +1,14 @@
+{{- if eq .Values.edge.kind "istio" }}
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: waypoint
+  namespace: {{ .Release.Namespace }}
+spec:
+  gatewayClassName: istio-waypoint
+  listeners:
+  - name: mesh
+    port: 15008
+    protocol: HBONE
+{{- end }}

var/helm/values.yaml

@@ -15,18 +15,25 @@ svc:
   name: svc-mpafastapi
   port: 80
 
+edge:
+  ns: edge
+  name: edge-ingress
+  kind: istio-gateway-api
+
 route:
   enabled: false
   name: route-mpafastapi
   hostnames:
-  - mpafastapi.covenant.local
+  - mpafastapi.nostromo.k8s
   parents:
   - name: edge-ingress
     namespace: edge
 
+istio: ambient
+
 ingress:
-  enabled: true
+  enabled: false
   hostname: mpafastapi.nostromo.k8s
 
 config:
-  db_url: "sqlite://data/db.sqlite3"
+  db_url: "sqlite:////data/db.sqlite3"