feat: cert-manager and istio version bumps
This commit is contained in:
parent
7a8baa9e74
commit
365ec9ac55
@ -114,10 +114,12 @@ post_kubeadm() {
|
||||
control_plane_upgrade() {
|
||||
CMD=$1
|
||||
|
||||
# get current values, argo app over cm
|
||||
get_kubezero_values $ARGOCD
|
||||
render_kubeadm upgrade
|
||||
|
||||
if [[ "$CMD" =~ ^(cluster)$ ]]; then
|
||||
# get current values, argo app over cm
|
||||
get_kubezero_values $ARGOCD
|
||||
|
||||
# tumble new config through migrate.py
|
||||
migrate_argo_values.py < "$WORKDIR"/kubezero-values.yaml > "$WORKDIR"/new-kubezero-values.yaml
|
||||
|
||||
@ -138,9 +140,6 @@ control_plane_upgrade() {
|
||||
kubectl patch app kubezero -n argocd --type json -p='[{"op": "remove", "path": "/metadata/annotations"}]' || true
|
||||
fi
|
||||
|
||||
# Local node upgrade
|
||||
render_kubeadm upgrade
|
||||
|
||||
pre_kubeadm
|
||||
|
||||
_kubeadm init phase upload-config kubeadm
|
||||
@ -155,13 +154,11 @@ control_plane_upgrade() {
|
||||
echo "Successfully upgraded KubeZero control plane to $KUBE_VERSION using kubeadm."
|
||||
|
||||
elif [[ "$CMD" =~ ^(final)$ ]]; then
|
||||
render_kubeadm upgrade
|
||||
|
||||
# Finally upgrade addons last, with 1.32 we can ONLY call addon phase
|
||||
#_kubeadm upgrade apply phase addon all $KUBE_VERSION
|
||||
_kubeadm upgrade apply $KUBE_VERSION
|
||||
|
||||
echo "Upgraded addons and applied final migrations"
|
||||
echo "Upgraded kubeadm addons."
|
||||
fi
|
||||
|
||||
# Cleanup after kubeadm on the host
|
||||
|
||||
@ -25,15 +25,14 @@ OLD_CONTROLLERS=$(kubectl get nodes -l "node-role.kubernetes.io/control-plane="
|
||||
# All controllers already on current version
|
||||
if [ "$OLD_CONTROLLERS" == "0" ]; then
|
||||
control_plane_upgrade finalize_cluster_upgrade
|
||||
exit
|
||||
|
||||
# Otherwise run control plane upgrade
|
||||
else
|
||||
control_plane_upgrade kubeadm_upgrade
|
||||
echo "<Return> to continue"
|
||||
read -r
|
||||
fi
|
||||
|
||||
echo "<Return> to continue"
|
||||
read -r
|
||||
|
||||
#echo "Adjust kubezero values as needed:"
|
||||
# shellcheck disable=SC2015
|
||||
#[ "$ARGOCD" == "True" ] && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kubezero
|
||||
@ -49,7 +48,7 @@ echo "Applying remaining KubeZero modules..."
|
||||
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argo"
|
||||
|
||||
# Final step is to commit the new argocd kubezero app
|
||||
kubectl get app kubezero -n argocd -o yaml | del(.status) | del(.metadata) | del(.operation) | .metadata.name="kubezero" | .metadata.namespace="argocd"' | yq 'sort_keys(..)' > $ARGO_APP
|
||||
kubectl get app kubezero -n argocd -o yaml | yq 'del(.status) | del(.metadata) | del(.operation) | .metadata.name="kubezero" | .metadata.namespace="argocd"' | yq 'sort_keys(..)' > $ARGO_APP
|
||||
|
||||
# Trigger backup of upgraded cluster state
|
||||
kubectl create job --from=cronjob/kubezero-backup kubezero-backup-$KUBE_VERSION -n kube-system
|
||||
|
||||
@ -18,4 +18,4 @@ dependencies:
|
||||
- name: cert-manager
|
||||
version: v1.17.0
|
||||
repository: https://charts.jetstack.io
|
||||
kubeVersion: ">= 1.26.0-0"
|
||||
kubeVersion: ">= 1.30.0-0"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# kubezero-cert-manager
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
KubeZero Umbrella Chart for cert-manager
|
||||
|
||||
@ -19,7 +19,7 @@ Kubernetes: `>= 1.26.0-0`
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://charts.jetstack.io | cert-manager | v1.15.2 |
|
||||
| https://charts.jetstack.io | cert-manager | v1.17.0 |
|
||||
|
||||
## AWS - OIDC IAM roles
|
||||
|
||||
|
||||
@ -18,8 +18,8 @@
|
||||
"subdir": "contrib/mixin"
|
||||
}
|
||||
},
|
||||
"version": "df4e472a2d09813560ba44b21a29c0453dbec18c",
|
||||
"sum": "IXI3LQIT9NmTPJAk8WLUJd5+qZfcGpeNCyWIK7oEpws="
|
||||
"version": "c0e7e8c873a6067f9ae9076c3c243a20fa713a58",
|
||||
"sum": "XmXkOCriQIZmXwlIIFhqlJMa0e6qGWdxZD+ZDYaN0Po="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -41,16 +41,6 @@
|
||||
"version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
|
||||
"sum": "342u++/7rViR/zj2jeJOjshzglkZ1SY+hFNuyCBFMdc="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/grafana/grafonnet-lib.git",
|
||||
"subdir": "grafonnet-7.0"
|
||||
}
|
||||
},
|
||||
"version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
|
||||
"sum": "gCtR9s/4D5fxU9aKXg0Bru+/njZhA0YjLjPiASc61FM="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
@ -58,8 +48,8 @@
|
||||
"subdir": "gen/grafonnet-latest"
|
||||
}
|
||||
},
|
||||
"version": "733beadbc8dab55c5fe1bcdcf0d8a2d215759a55",
|
||||
"sum": "eyuJ0jOXeA4MrobbNgU4/v5a7ASDHslHZ0eS6hDdWoI="
|
||||
"version": "d20e609202733790caf5b554c9945d049f243ae3",
|
||||
"sum": "V9vAj21qJOc2DlMPDgB1eEjSQU4A+sAA4AXuJ6bd4xc="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -68,18 +58,18 @@
|
||||
"subdir": "gen/grafonnet-v10.0.0"
|
||||
}
|
||||
},
|
||||
"version": "733beadbc8dab55c5fe1bcdcf0d8a2d215759a55",
|
||||
"version": "d20e609202733790caf5b554c9945d049f243ae3",
|
||||
"sum": "xdcrJPJlpkq4+5LpGwN4tPAuheNNLXZjE6tDcyvFjr0="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/grafana/grafonnet.git",
|
||||
"subdir": "gen/grafonnet-v11.0.0"
|
||||
"subdir": "gen/grafonnet-v11.4.0"
|
||||
}
|
||||
},
|
||||
"version": "733beadbc8dab55c5fe1bcdcf0d8a2d215759a55",
|
||||
"sum": "0BvzR0i4bS4hc2O3xDv6i9m52z7mPrjvqxtcPrGhynA="
|
||||
"version": "d20e609202733790caf5b554c9945d049f243ae3",
|
||||
"sum": "aVAX09paQYNOoCSKVpuk1exVIyBoMt/C50QJI+Q/3nA="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -88,7 +78,7 @@
|
||||
"subdir": "grafana-builder"
|
||||
}
|
||||
},
|
||||
"version": "d9ba581fb27aa6689e911f288d4df06948eb8aad",
|
||||
"version": "d6c38bb26f576b128cadca4137d73a037afdd872",
|
||||
"sum": "yxqWcq/N3E/a/XreeU6EuE6X7kYPnG0AspAQFKOjASo="
|
||||
},
|
||||
{
|
||||
@ -98,8 +88,8 @@
|
||||
"subdir": ""
|
||||
}
|
||||
},
|
||||
"version": "b6a425db5c72b0159e3b8666b373e21bf487df9a",
|
||||
"sum": "6KgWSzBFX09sycxfM3mYsY9Ua16ydCVpyFGYS0ZkpIo="
|
||||
"version": "de46a6811837f9750ef9c6df29dcae314f22da81",
|
||||
"sum": "TMt8tZMdzt2JL7Wt6cvxxdwEY9FbQ3OOKxAzLsTu5/w="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -118,8 +108,8 @@
|
||||
"subdir": ""
|
||||
}
|
||||
},
|
||||
"version": "63d430b69a95741061c2f7fc9d84b1a778511d9c",
|
||||
"sum": "qiZi3axUSXCVzKUF83zSAxklwrnitMmrDK4XAfjPMdE="
|
||||
"version": "1199b50e9d2ff53d4bb5fb2304ad1fb69d38e609",
|
||||
"sum": "LfbgcJbilu4uBdKYZSvmkoOTPwEAzg10L3/VqKAIWtA="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -128,8 +118,8 @@
|
||||
"subdir": ""
|
||||
}
|
||||
},
|
||||
"version": "1b71e399caee334af8ba2d15d0dd615043a652d0",
|
||||
"sum": "qcRxavmCpuWQuwCMqYaOZ+soA8jxwWLrK7LYqohN5NA="
|
||||
"version": "e27267571be06c2bdc3d2fd8dbd70161cd709cb4",
|
||||
"sum": "je1RPCp2aFNefYs5Q57Q5wDm93p8pL4pdBtA5rC7jLA="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -138,8 +128,8 @@
|
||||
"subdir": "jsonnet/kube-state-metrics"
|
||||
}
|
||||
},
|
||||
"version": "f8aa7d9bb9d8e29876e19f4859391a54a7e61d63",
|
||||
"sum": "lO7jUSzAIy8Yk9pOWJIWgPRhubkWzVh56W6wtYfbVH4="
|
||||
"version": "2a95d4649b2fea55799032fb9c0b571c4ba7f776",
|
||||
"sum": "3bioG7CfTfY9zeu5xU4yon6Zt3kYvNkyl492nOhQxnM="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -148,7 +138,7 @@
|
||||
"subdir": "jsonnet/kube-state-metrics-mixin"
|
||||
}
|
||||
},
|
||||
"version": "f8aa7d9bb9d8e29876e19f4859391a54a7e61d63",
|
||||
"version": "2a95d4649b2fea55799032fb9c0b571c4ba7f776",
|
||||
"sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c="
|
||||
},
|
||||
{
|
||||
@ -158,8 +148,8 @@
|
||||
"subdir": "jsonnet/kube-prometheus"
|
||||
}
|
||||
},
|
||||
"version": "33c43a4067a174a99529e41d537eef290a7028ea",
|
||||
"sum": "/jU8uXWR202aR7K/3zOefhc4JBUAUkTdHvE9rhfzI/g="
|
||||
"version": "1eea946a1532f1e8cccfceea98d907bf3a10b1d9",
|
||||
"sum": "17LhiwefVfoNDsF3DcFZw/UL4PMU7YpNNUaOdaYd1gE="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -168,7 +158,7 @@
|
||||
"subdir": "jsonnet/mixin"
|
||||
}
|
||||
},
|
||||
"version": "aa74b0d377d32648ca50f2531fe2253895629d9f",
|
||||
"version": "4da36fdd2377362c285aee3a96f7b0516f6e41bf",
|
||||
"sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=",
|
||||
"name": "prometheus-operator-mixin"
|
||||
},
|
||||
@ -179,8 +169,8 @@
|
||||
"subdir": "jsonnet/prometheus-operator"
|
||||
}
|
||||
},
|
||||
"version": "aa74b0d377d32648ca50f2531fe2253895629d9f",
|
||||
"sum": "EZR4sBAtmFRsUR7U4SybuBUhK9ncMCvEu9xHtu8B9KA="
|
||||
"version": "4da36fdd2377362c285aee3a96f7b0516f6e41bf",
|
||||
"sum": "tb5PzIT75Hv4m3kbOHXvmrlcplg+EbS4++NfTttDNOk="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -189,8 +179,8 @@
|
||||
"subdir": "doc/alertmanager-mixin"
|
||||
}
|
||||
},
|
||||
"version": "27b6eb7ce02680c84b9a06503edbddc9213f586d",
|
||||
"sum": "IpF46ZXsm+0wJJAPtAre8+yxTNZA57mBqGpBP/r7/kw=",
|
||||
"version": "b5d1a64ad5bb0ff879705714d1e40cea82efbd5c",
|
||||
"sum": "Mf4h1BYLle2nrgjf/HXrBbl0Zk8N+xaoEM017o0BC+k=",
|
||||
"name": "alertmanager"
|
||||
},
|
||||
{
|
||||
@ -200,8 +190,8 @@
|
||||
"subdir": "docs/node-mixin"
|
||||
}
|
||||
},
|
||||
"version": "b9d0932179a0c5b3a8863f3d6cdafe8584cedc8e",
|
||||
"sum": "rhUvbqviGjQ2mwsRhHKMN0TiS3YvnYpUXHew3XlQ+Wg="
|
||||
"version": "11365f97bef6cb0e6259d536a7e21c49e3f5c065",
|
||||
"sum": "xYj6VYFT/eafsbleNlC+Z2VfLy1CndyYrJs9BcTmnX8="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -210,19 +200,19 @@
|
||||
"subdir": "documentation/prometheus-mixin"
|
||||
}
|
||||
},
|
||||
"version": "616038f2b64656b2c9c6053f02aee544c5b8bb17",
|
||||
"sum": "dYLcLzGH4yF3qB7OGC/7z4nqeTNjv42L7Q3BENU8XJI=",
|
||||
"version": "906f6a33b60cec2596018ac8cc97ac41b16b06b7",
|
||||
"sum": "2c+wttfee9TwuQJZIkNV7Tekem74Qgc7iZ842P28rNw=",
|
||||
"name": "prometheus"
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/pyrra-dev/pyrra.git",
|
||||
"subdir": "config/crd/bases"
|
||||
"subdir": "jsonnet/controller-gen"
|
||||
}
|
||||
},
|
||||
"version": "551856d42dff02ec38c5b0ea6a2d99c4cb127e82",
|
||||
"sum": "bY/Pcrrbynguq8/HaI88cQ3B2hLv/xc+76QILY7IL+g=",
|
||||
"version": "d723f4d1a066dd657e9d09c46a158519dda0faa8",
|
||||
"sum": "cxAPQovFkM16zNB5/94O+sk/n3SETk6ao6Oas2Sa6RE=",
|
||||
"name": "pyrra"
|
||||
},
|
||||
{
|
||||
@ -232,8 +222,8 @@
|
||||
"subdir": "mixin"
|
||||
}
|
||||
},
|
||||
"version": "dcadaae80fcce1fb05452b37ca8d3b2809d7cef9",
|
||||
"sum": "HhSSbGGCNHCMy1ee5jElYDm0yS9Vesa7QB2/SHKdjsY=",
|
||||
"version": "346d18bb0f8011c63d7106de494cf3b9253161a1",
|
||||
"sum": "ieCD4eMgGbOlrI8GmckGPHBGQDcLasE1rULYq56W/bs=",
|
||||
"name": "thanos-mixin"
|
||||
}
|
||||
],
|
||||
|
||||
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubezero-istio-gateway
|
||||
description: KubeZero Umbrella Chart for Istio gateways
|
||||
type: application
|
||||
version: 0.23.3
|
||||
version: 0.24.2
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
@ -17,6 +17,6 @@ dependencies:
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: gateway
|
||||
version: 1.24.3
|
||||
version: 1.24.2
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
kubeVersion: ">= 1.26.0-0"
|
||||
kubeVersion: ">= 1.30.0-0"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# kubezero-istio-gateway
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
KubeZero Umbrella Chart for Istio gateways
|
||||
|
||||
@ -16,12 +16,12 @@ Installs Istio Ingress Gateways, requires kubezero-istio to be installed !
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.26.0-0`
|
||||
Kubernetes: `>= 1.30.0-0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://istio-release.storage.googleapis.com/charts | gateway | 1.23.2 |
|
||||
| https://istio-release.storage.googleapis.com/charts | gateway | 1.24.2 |
|
||||
|
||||
## Values
|
||||
|
||||
@ -32,6 +32,7 @@ Kubernetes: `>= 1.26.0-0`
|
||||
| gateway.autoscaling.maxReplicas | int | `4` | |
|
||||
| gateway.autoscaling.minReplicas | int | `1` | |
|
||||
| gateway.autoscaling.targetCPUUtilizationPercentage | int | `80` | |
|
||||
| gateway.minReadySeconds | int | `120` | |
|
||||
| gateway.podAnnotations."proxy.istio.io/config" | string | `"{ \"terminationDrainDuration\": \"20s\" }"` | |
|
||||
| gateway.replicaCount | int | `1` | |
|
||||
| gateway.resources.limits.memory | string | `"512Mi"` | |
|
||||
@ -47,5 +48,6 @@ Kubernetes: `>= 1.26.0-0`
|
||||
|
||||
## Resources
|
||||
|
||||
### Envoy Listener Filter - TCP KeepAlive
|
||||
- https://github.com/cilium/cilium/blob/main/operator/pkg/model/translation/envoy_listener.go#L134
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
appVersion: 1.23.2
|
||||
appVersion: 1.24.2
|
||||
description: Helm chart for deploying Istio gateways
|
||||
icon: https://istio.io/latest/favicons/android-192x192.png
|
||||
keywords:
|
||||
@ -9,4 +9,4 @@ name: gateway
|
||||
sources:
|
||||
- https://github.com/istio/istio
|
||||
type: application
|
||||
version: 1.23.2
|
||||
version: 1.24.2
|
||||
|
||||
@ -15,6 +15,3 @@ pilot:
|
||||
cni:
|
||||
ambient:
|
||||
enabled: true
|
||||
|
||||
# Ztunnel doesn't use a namespace, so everything here is mostly for ztunnel
|
||||
variant: distroless
|
||||
|
||||
@ -1,26 +0,0 @@
|
||||
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||
|
||||
pilot:
|
||||
env:
|
||||
# 1.21 behavioral changes
|
||||
ENABLE_EXTERNAL_NAME_ALIAS: "false"
|
||||
PERSIST_OLDEST_FIRST_HEURISTIC_FOR_VIRTUAL_SERVICE_HOST_MATCHING: "true"
|
||||
VERIFY_CERTIFICATE_AT_CLIENT: "false"
|
||||
ENABLE_AUTO_SNI: "false"
|
||||
|
||||
# 1.22 behavioral changes
|
||||
ENABLE_ENHANCED_RESOURCE_SCOPING: "false"
|
||||
ENABLE_RESOLUTION_NONE_TARGET_PORT: "false"
|
||||
|
||||
meshConfig:
|
||||
defaultConfig:
|
||||
proxyMetadata:
|
||||
# 1.22 behavioral changes
|
||||
ISTIO_DELTA_XDS: "false"
|
||||
# 1.23 behavioral changes
|
||||
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
||||
tracing:
|
||||
zipkin:
|
||||
address: zipkin.istio-system:9411
|
||||
@ -11,6 +11,13 @@ pilot:
|
||||
# 1.23 behavioral changes
|
||||
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
||||
|
||||
# 1.24 behavioral changes
|
||||
ENABLE_INBOUND_RETRY_POLICY: "false"
|
||||
EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false"
|
||||
PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false"
|
||||
ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false"
|
||||
PILOT_UNIFIED_SIDECAR_SCOPE: "false"
|
||||
|
||||
meshConfig:
|
||||
# 1.22 behavioral changes
|
||||
defaultConfig:
|
||||
@ -18,6 +25,9 @@ meshConfig:
|
||||
ISTIO_DELTA_XDS: "false"
|
||||
# 1.23 behavioral changes
|
||||
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
||||
# 1.24 behaviour changes
|
||||
ENABLE_DEFERRED_STATS_CREATION: "false"
|
||||
BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false"
|
||||
tracing:
|
||||
zipkin:
|
||||
address: zipkin.istio-system:9411
|
||||
|
||||
@ -6,7 +6,14 @@ pilot:
|
||||
env:
|
||||
# 1.23 behavioral changes
|
||||
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
||||
|
||||
|
||||
# 1.24 behavioral changes
|
||||
ENABLE_INBOUND_RETRY_POLICY: "false"
|
||||
EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false"
|
||||
PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false"
|
||||
ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false"
|
||||
PILOT_UNIFIED_SIDECAR_SCOPE: "false"
|
||||
|
||||
meshConfig:
|
||||
defaultConfig:
|
||||
proxyMetadata:
|
||||
@ -14,3 +21,6 @@ meshConfig:
|
||||
ENABLE_DEFERRED_CLUSTER_CREATION: "false"
|
||||
# 1.23 behavioral changes
|
||||
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
||||
# 1.24 behaviour changes
|
||||
ENABLE_DEFERRED_STATS_CREATION: "false"
|
||||
BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false"
|
||||
|
||||
@ -0,0 +1,19 @@
|
||||
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||
|
||||
pilot:
|
||||
env:
|
||||
# 1.24 behavioral changes
|
||||
ENABLE_INBOUND_RETRY_POLICY: "false"
|
||||
EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false"
|
||||
PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false"
|
||||
ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false"
|
||||
PILOT_UNIFIED_SIDECAR_SCOPE: "false"
|
||||
|
||||
meshConfig:
|
||||
defaultConfig:
|
||||
proxyMetadata:
|
||||
# 1.24 behaviour changes
|
||||
ENABLE_DEFERRED_STATS_CREATION: "false"
|
||||
BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false"
|
||||
@ -22,12 +22,29 @@ meshConfig:
|
||||
port: 4317
|
||||
service: opentelemetry-collector.observability.svc.cluster.local
|
||||
|
||||
cni:
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 40Mi
|
||||
|
||||
ztunnel:
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 40Mi
|
||||
|
||||
global:
|
||||
proxy:
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 40Mi
|
||||
waypoint:
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 40Mi
|
||||
|
||||
pilot:
|
||||
autoscaleEnabled: false
|
||||
|
||||
@ -1,33 +0,0 @@
|
||||
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||
|
||||
meshConfig:
|
||||
defaultConfig:
|
||||
proxyMetadata:
|
||||
ISTIO_META_ENABLE_HBONE: "true"
|
||||
global:
|
||||
platform: openshift
|
||||
cni:
|
||||
ambient:
|
||||
enabled: true
|
||||
cniBinDir: /var/lib/cni/bin
|
||||
cniConfDir: /etc/cni/multus/net.d
|
||||
chained: false
|
||||
cniConfFileName: "istio-cni.conf"
|
||||
logLevel: info
|
||||
provider: "multus"
|
||||
pilot:
|
||||
cni:
|
||||
enabled: true
|
||||
provider: "multus"
|
||||
variant: distroless
|
||||
env:
|
||||
PILOT_ENABLE_AMBIENT: "true"
|
||||
# Allow sidecars/ingress to send/receive HBONE. This is required for interop.
|
||||
PILOT_ENABLE_SENDING_HBONE: "true"
|
||||
PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true"
|
||||
platform: openshift
|
||||
variant: distroless
|
||||
seLinuxOptions:
|
||||
type: spc_t
|
||||
@ -0,0 +1,7 @@
|
||||
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||
|
||||
cni:
|
||||
cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d
|
||||
cniBinDir: /bin
|
||||
@ -0,0 +1,7 @@
|
||||
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||
|
||||
cni:
|
||||
cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d
|
||||
cniBinDir: /var/lib/rancher/k3s/data/current/bin/
|
||||
@ -0,0 +1,7 @@
|
||||
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||
|
||||
cni:
|
||||
cniConfDir: /var/snap/microk8s/current/args/cni-network
|
||||
cniBinDir: /var/snap/microk8s/current/opt/cni/bin
|
||||
@ -0,0 +1,6 @@
|
||||
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||
|
||||
cni:
|
||||
cniNetnsDir: /var/run/docker/netns
|
||||
@ -3,18 +3,17 @@
|
||||
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||
|
||||
# The OpenShift profile provides a basic set of settings to run Istio on OpenShift
|
||||
# CNI must be installed.
|
||||
cni:
|
||||
cniBinDir: /var/lib/cni/bin
|
||||
cniConfDir: /etc/cni/multus/net.d
|
||||
chained: false
|
||||
cniConfFileName: "istio-cni.conf"
|
||||
logLevel: info
|
||||
provider: "multus"
|
||||
global:
|
||||
platform: openshift
|
||||
pilot:
|
||||
cni:
|
||||
enabled: true
|
||||
provider: "multus"
|
||||
platform: openshift
|
||||
seLinuxOptions:
|
||||
type: spc_t
|
||||
# Openshift requires privileged pods to run in kube-system
|
||||
trustedZtunnelNamespace: "kube-system"
|
||||
@ -0,0 +1,13 @@
|
||||
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||
|
||||
# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile.
|
||||
istiodRemote:
|
||||
enabled: true
|
||||
configMap: false
|
||||
telemetry:
|
||||
enabled: false
|
||||
global:
|
||||
# TODO BML maybe a different profile for a configcluster/revisit this
|
||||
omitSidecarInjectorConfigMap: true
|
||||
@ -6,19 +6,8 @@
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the helm.sh/chart label.
|
||||
*/}}
|
||||
{{- define "gateway.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "gateway.labels" -}}
|
||||
helm.sh/chart: {{ include "gateway.chart" . }}
|
||||
{{ include "gateway.selectorLabels" . }}
|
||||
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- range $key, $val := .Values.labels }}
|
||||
{{- if and (ne $key "app") (ne $key "istio") }}
|
||||
{{ $key | quote }}: {{ $val | quote }}
|
||||
|
||||
@ -4,6 +4,8 @@ metadata:
|
||||
name: {{ include "gateway.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||
{{- include "istio.labels" . | nindent 4}}
|
||||
{{- include "gateway.labels" . | nindent 4}}
|
||||
annotations:
|
||||
{{- .Values.annotations | toYaml | nindent 4 }}
|
||||
@ -13,9 +15,13 @@ spec:
|
||||
replicas: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
# Give the LB 120s to detect and take into service
|
||||
# should only be 40s by we are on AWS so ...
|
||||
minReadySeconds: 120
|
||||
{{- with .Values.strategy }}
|
||||
strategy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.minReadySeconds }}
|
||||
minReadySeconds: {{ . }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "gateway.selectorLabels" . | nindent 6 }}
|
||||
@ -29,7 +35,7 @@ spec:
|
||||
{{- include "gateway.sidecarInjectionLabels" . | nindent 8 }}
|
||||
{{- include "gateway.selectorLabels" . | nindent 8 }}
|
||||
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- include "istio.labels" . | nindent 8}}
|
||||
{{- range $key, $val := .Values.labels }}
|
||||
{{- if and (ne $key "app") (ne $key "istio") }}
|
||||
{{ $key | quote }}: {{ $val | quote }}
|
||||
@ -94,7 +100,11 @@ spec:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- with .Values.volumeMounts }}
|
||||
volumeMounts:
|
||||
{{ toYaml . | nindent 12 }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.readinessProbe }}
|
||||
readinessProbe:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
|
||||
@ -5,6 +5,8 @@ metadata:
|
||||
name: {{ include "gateway.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||
{{- include "istio.labels" . | nindent 4}}
|
||||
{{- include "gateway.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- .Values.annotations | toYaml | nindent 4 }}
|
||||
|
||||
@ -5,6 +5,8 @@ metadata:
|
||||
name: {{ include "gateway.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||
{{- include "istio.labels" . | nindent 4}}
|
||||
{{- include "gateway.labels" . | nindent 4}}
|
||||
spec:
|
||||
selector:
|
||||
|
||||
@ -6,6 +6,8 @@ metadata:
|
||||
name: {{ include "gateway.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||
{{- include "istio.labels" . | nindent 4}}
|
||||
{{- include "gateway.labels" . | nindent 4}}
|
||||
annotations:
|
||||
{{- .Values.annotations | toYaml | nindent 4 }}
|
||||
@ -20,6 +22,8 @@ metadata:
|
||||
name: {{ include "gateway.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||
{{- include "istio.labels" . | nindent 4}}
|
||||
{{- include "gateway.labels" . | nindent 4}}
|
||||
annotations:
|
||||
{{- .Values.annotations | toYaml | nindent 4 }}
|
||||
|
||||
@ -5,6 +5,8 @@ metadata:
|
||||
name: {{ include "gateway.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||
{{- include "istio.labels" . | nindent 4}}
|
||||
{{- include "gateway.labels" . | nindent 4 }}
|
||||
{{- with .Values.networkGateway }}
|
||||
topology.istio.io/network: "{{.}}"
|
||||
|
||||
@ -5,6 +5,8 @@ metadata:
|
||||
name: {{ include "gateway.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||
{{- include "istio.labels" . | nindent 4}}
|
||||
{{- include "gateway.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
|
||||
@ -15,9 +15,14 @@ However, we can workaround this by placing all of (1) under a specific key (.Val
|
||||
We can then merge the profile onto the defaults, then the user settings onto that.
|
||||
Finally, we can set all of that under .Values so the chart behaves without awareness.
|
||||
*/}}
|
||||
{{- $globals := $.Values.global | default dict | deepCopy }}
|
||||
{{- $defaults := $.Values.defaults }}
|
||||
{{- $_ := unset $.Values "defaults" }}
|
||||
{{- if $.Values.defaults}}
|
||||
{{ fail (cat
|
||||
"Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n"
|
||||
($.Values.defaults | toYaml |nindent 4)
|
||||
) }}
|
||||
{{- end }}
|
||||
{{- $defaults := $.Values._internal_defaults_do_not_set }}
|
||||
{{- $_ := unset $.Values "_internal_defaults_do_not_set" }}
|
||||
{{- $profile := dict }}
|
||||
{{- with .Values.profile }}
|
||||
{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}}
|
||||
@ -33,11 +38,37 @@ Finally, we can set all of that under .Values so the chart behaves without aware
|
||||
{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if ($.Values.global).platform }}
|
||||
{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" ($.Values.global).platform) }}
|
||||
{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }}
|
||||
{{- else }}
|
||||
{{ fail (cat "unknown platform" ($.Values.global).platform) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if $profile }}
|
||||
{{- $a := mustMergeOverwrite $defaults $profile }}
|
||||
{{- end }}
|
||||
# Flatten globals, if defined on a per-chart basis
|
||||
{{- if false }}
|
||||
{{- $a := mustMergeOverwrite $defaults $globals }}
|
||||
{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }}
|
||||
{{- end }}
|
||||
{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }}
|
||||
|
||||
{{/*
|
||||
Labels that should be applied to ALL resources.
|
||||
*/}}
|
||||
{{- define "istio.labels" -}}
|
||||
{{- if .Release.Service -}}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
|
||||
{{- end }}
|
||||
{{- if .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/part-of: "istio"
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
{{- if and .Chart.Name .Chart.Version }}
|
||||
helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
@ -60,6 +60,15 @@
|
||||
"env": {
|
||||
"type": "object"
|
||||
},
|
||||
"strategy": {
|
||||
"type": "object"
|
||||
},
|
||||
"minReadySeconds": {
|
||||
"type": [ "null", "integer" ]
|
||||
},
|
||||
"readinessProbe": {
|
||||
"type": [ "null", "object" ]
|
||||
},
|
||||
"labels": {
|
||||
"type": "object"
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# "defaults" is a workaround for Helm limitations. Users should NOT set ".defaults" explicitly, but rather directly set the fields internally.
|
||||
# For instance, instead of `--set defaults.foo=bar`, just set `--set foo=bar`.
|
||||
defaults:
|
||||
# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally.
|
||||
# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`.
|
||||
_internal_defaults_do_not_set:
|
||||
# Name allows overriding the release name. Generally this should not be set
|
||||
name: ""
|
||||
# revision declares which revision this gateway is a part of
|
||||
@ -84,6 +84,17 @@ defaults:
|
||||
# Pod environment variables
|
||||
env: {}
|
||||
|
||||
# Deployment Update strategy
|
||||
strategy: {}
|
||||
|
||||
# Sets the Deployment minReadySeconds value
|
||||
minReadySeconds:
|
||||
|
||||
# Optionally configure a custom readinessProbe. By default the control plane
|
||||
# automatically injects the readinessProbe. If you wish to override that
|
||||
# behavior, you may define your own readinessProbe here.
|
||||
readinessProbe: {}
|
||||
|
||||
# Labels to apply to all resources
|
||||
labels: {}
|
||||
|
||||
@ -137,6 +148,7 @@ defaults:
|
||||
#
|
||||
podDisruptionBudget: {}
|
||||
|
||||
# Sets the per-pod terminationGracePeriodSeconds setting.
|
||||
terminationGracePeriodSeconds: 30
|
||||
|
||||
# A list of `Volumes` added into the Gateway Pods. See
|
||||
|
||||
@ -1,16 +1,3 @@
|
||||
diff -tubr charts/gateway.orig/templates/deployment.yaml charts/gateway/templates/deployment.yaml
|
||||
--- charts/gateway.orig/templates/deployment.yaml 2022-12-09 14:58:33.000000000 +0000
|
||||
+++ charts/gateway/templates/deployment.yaml 2022-12-13 11:43:02.196667885 +0000
|
||||
@@ -11,6 +11,9 @@
|
||||
{{- if not .Values.autoscaling.enabled }}
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
{{- end }}
|
||||
+ # Give the LB 120s to detect and take into service
|
||||
+ # should only be 40s by we are on AWS so ...
|
||||
+ minReadySeconds: 120
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "gateway.selectorLabels" . | nindent 6 }}
|
||||
diff -tubr charts/gateway.orig/templates/service.yaml charts/gateway/templates/service.yaml
|
||||
--- charts/gateway.orig/templates/service.yaml 2022-12-09 14:58:33.000000000 +0000
|
||||
+++ charts/gateway/templates/service.yaml 2022-12-12 22:52:27.629670669 +0000
|
||||
|
||||
@ -8,6 +8,7 @@ gateway:
|
||||
replicaCount: 1
|
||||
|
||||
terminationGracePeriodSeconds: 120
|
||||
minReadySeconds: 10
|
||||
|
||||
resources:
|
||||
requests:
|
||||
@ -28,7 +29,7 @@ gateway:
|
||||
# gatewayProtocol: Loadbalancer protocol which is NOT the same as Container Procotol !
|
||||
|
||||
podAnnotations:
|
||||
proxy.istio.io/config: '{ "terminationDrainDuration": "20s" }'
|
||||
proxy.istio.io/config: '{ "terminationDrainDuration": "90s" }'
|
||||
|
||||
certificates: []
|
||||
#- name: ingress-cert
|
||||
|
||||
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubezero-istio
|
||||
description: KubeZero Umbrella Chart for Istio
|
||||
type: application
|
||||
version: 0.23.3
|
||||
version: 0.24.2
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
@ -16,13 +16,13 @@ dependencies:
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: base
|
||||
version: 1.24.3
|
||||
version: 1.24.2
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
- name: istiod
|
||||
version: 1.24.3
|
||||
version: 1.24.2
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
- name: kiali-server
|
||||
version: "1.89.7"
|
||||
repository: https://kiali.org/helm-charts
|
||||
condition: kiali-server.enabled
|
||||
kubeVersion: ">= 1.26.0-0"
|
||||
kubeVersion: ">= 1.30.0-0"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# kubezero-istio
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
KubeZero Umbrella Chart for Istio
|
||||
|
||||
@ -16,13 +16,13 @@ Installs the Istio control plane
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.26.0-0`
|
||||
Kubernetes: `>= 1.30.0-0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://istio-release.storage.googleapis.com/charts | base | 1.23.2 |
|
||||
| https://istio-release.storage.googleapis.com/charts | istiod | 1.23.2 |
|
||||
| https://istio-release.storage.googleapis.com/charts | base | 1.24.2 |
|
||||
| https://istio-release.storage.googleapis.com/charts | istiod | 1.24.2 |
|
||||
| https://kiali.org/helm-charts | kiali-server | 1.89.7 |
|
||||
|
||||
## Values
|
||||
@ -64,12 +64,11 @@ Kubernetes: `>= 1.26.0-0`
|
||||
|
||||
## Resources
|
||||
|
||||
- https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec
|
||||
- https://github.com/istio/istio/blob/master/manifests/profiles/default.yaml
|
||||
- https://istio.io/latest/docs/setup/install/standalone-operator/
|
||||
|
||||
### Grafana
|
||||
- https://grafana.com/grafana/dashboards/7645
|
||||
- https://grafana.com/grafana/dashboards/7639
|
||||
- https://grafana.com/grafana/dashboards/7636
|
||||
- https://grafana.com/grafana/dashboards/7630
|
||||
- https://grafana.com/grafana/dashboards/11829
|
||||
|
||||
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubezero
|
||||
description: KubeZero - Root App of Apps chart
|
||||
type: application
|
||||
version: 1.31.5-alpha
|
||||
version: 1.31.5
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
@ -15,4 +15,4 @@ dependencies:
|
||||
- name: kubezero-lib
|
||||
version: ">= 0.2.1"
|
||||
repository: https://cdn.zero-downtime.net/charts
|
||||
kubeVersion: ">= 1.29.0-0"
|
||||
kubeVersion: ">= 1.31.0-0"
|
||||
|
||||
@ -1,9 +1,5 @@
|
||||
{{- define "istio-ingress-values" }}
|
||||
|
||||
{{- if eq .Values.global.platform "aws" }}
|
||||
{{- end }}
|
||||
{{- $ingressLabel := "node.kubernetes.io/ingress.public" }}
|
||||
|
||||
gateway:
|
||||
name: istio-ingressgateway
|
||||
|
||||
|
||||
@ -43,7 +43,7 @@ network:
|
||||
cert-manager:
|
||||
enabled: false
|
||||
namespace: cert-manager
|
||||
targetRevision: 0.9.10
|
||||
targetRevision: 0.9.11
|
||||
|
||||
storage:
|
||||
enabled: false
|
||||
@ -64,13 +64,13 @@ storage:
|
||||
istio:
|
||||
enabled: false
|
||||
namespace: istio-system
|
||||
targetRevision: 0.23.2
|
||||
targetRevision: 0.24.2
|
||||
|
||||
istio-ingress:
|
||||
enabled: false
|
||||
chart: kubezero-istio-gateway
|
||||
namespace: istio-ingress
|
||||
targetRevision: 0.23.2
|
||||
targetRevision: 0.24.2
|
||||
gateway:
|
||||
service: {}
|
||||
|
||||
@ -78,7 +78,7 @@ istio-private-ingress:
|
||||
enabled: false
|
||||
chart: kubezero-istio-gateway
|
||||
namespace: istio-ingress
|
||||
targetRevision: 0.23.2
|
||||
targetRevision: 0.24.2
|
||||
gateway:
|
||||
service: {}
|
||||
|
||||
@ -119,7 +119,7 @@ logging:
|
||||
argo:
|
||||
enabled: false
|
||||
namespace: argocd
|
||||
targetRevision: 0.2.6
|
||||
targetRevision: 0.2.7
|
||||
argo-cd:
|
||||
enabled: false
|
||||
istio:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user