diff --git a/admin/kubezero.sh b/admin/kubezero.sh index ab26d9e0..9104ec6f 100755 --- a/admin/kubezero.sh +++ b/admin/kubezero.sh @@ -114,10 +114,12 @@ post_kubeadm() { control_plane_upgrade() { CMD=$1 - # get current values, argo app over cm - get_kubezero_values $ARGOCD + render_kubeadm upgrade if [[ "$CMD" =~ ^(cluster)$ ]]; then + # get current values, argo app over cm + get_kubezero_values $ARGOCD + # tumble new config through migrate.py migrate_argo_values.py < "$WORKDIR"/kubezero-values.yaml > "$WORKDIR"/new-kubezero-values.yaml @@ -138,9 +140,6 @@ control_plane_upgrade() { kubectl patch app kubezero -n argocd --type json -p='[{"op": "remove", "path": "/metadata/annotations"}]' || true fi - # Local node upgrade - render_kubeadm upgrade - pre_kubeadm _kubeadm init phase upload-config kubeadm @@ -155,13 +154,11 @@ control_plane_upgrade() { echo "Successfully upgraded KubeZero control plane to $KUBE_VERSION using kubeadm." elif [[ "$CMD" =~ ^(final)$ ]]; then - render_kubeadm upgrade - # Finally upgrade addons last, with 1.32 we can ONLY call addon phase #_kubeadm upgrade apply phase addon all $KUBE_VERSION _kubeadm upgrade apply $KUBE_VERSION - echo "Upgraded addons and applied final migrations" + echo "Upgraded kubeadm addons." fi # Cleanup after kubeadm on the host diff --git a/admin/upgrade_cluster.sh b/admin/upgrade_cluster.sh index d61507d1..67b3feee 100755 --- a/admin/upgrade_cluster.sh +++ b/admin/upgrade_cluster.sh @@ -25,15 +25,14 @@ OLD_CONTROLLERS=$(kubectl get nodes -l "node-role.kubernetes.io/control-plane=" # All controllers already on current version if [ "$OLD_CONTROLLERS" == "0" ]; then control_plane_upgrade finalize_cluster_upgrade - exit - # Otherwise run control plane upgrade else control_plane_upgrade kubeadm_upgrade - echo " to continue" - read -r fi +echo " to continue" +read -r + #echo "Adjust kubezero values as needed:" # shellcheck disable=SC2015 #[ "$ARGOCD" == "True" ] && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kubezero @@ -49,7 +48,7 @@ echo "Applying remaining KubeZero modules..." control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argo" # Final step is to commit the new argocd kubezero app -kubectl get app kubezero -n argocd -o yaml | del(.status) | del(.metadata) | del(.operation) | .metadata.name="kubezero" | .metadata.namespace="argocd"' | yq 'sort_keys(..)' > $ARGO_APP +kubectl get app kubezero -n argocd -o yaml | yq 'del(.status) | del(.metadata) | del(.operation) | .metadata.name="kubezero" | .metadata.namespace="argocd"' | yq 'sort_keys(..)' > $ARGO_APP # Trigger backup of upgraded cluster state kubectl create job --from=cronjob/kubezero-backup kubezero-backup-$KUBE_VERSION -n kube-system diff --git a/charts/kubezero-cert-manager/Chart.yaml b/charts/kubezero-cert-manager/Chart.yaml index d628ba2f..299d4994 100644 --- a/charts/kubezero-cert-manager/Chart.yaml +++ b/charts/kubezero-cert-manager/Chart.yaml @@ -18,4 +18,4 @@ dependencies: - name: cert-manager version: v1.17.0 repository: https://charts.jetstack.io -kubeVersion: ">= 1.26.0-0" +kubeVersion: ">= 1.30.0-0" diff --git a/charts/kubezero-cert-manager/README.md b/charts/kubezero-cert-manager/README.md index 35a8d7ef..5feab8ba 100644 --- a/charts/kubezero-cert-manager/README.md +++ b/charts/kubezero-cert-manager/README.md @@ -1,6 +1,6 @@ # kubezero-cert-manager -![Version: 0.9.9](https://img.shields.io/badge/Version-0.9.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.9.11](https://img.shields.io/badge/Version-0.9.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for cert-manager @@ -19,7 +19,7 @@ Kubernetes: `>= 1.26.0-0` | Repository | Name | Version | |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://charts.jetstack.io | cert-manager | v1.15.2 | +| https://charts.jetstack.io | cert-manager | v1.17.0 | ## AWS - OIDC IAM roles diff --git a/charts/kubezero-cert-manager/jsonnetfile.lock.json b/charts/kubezero-cert-manager/jsonnetfile.lock.json index 7257aa75..d2f033eb 100644 --- a/charts/kubezero-cert-manager/jsonnetfile.lock.json +++ b/charts/kubezero-cert-manager/jsonnetfile.lock.json @@ -18,8 +18,8 @@ "subdir": "contrib/mixin" } }, - "version": "df4e472a2d09813560ba44b21a29c0453dbec18c", - "sum": "IXI3LQIT9NmTPJAk8WLUJd5+qZfcGpeNCyWIK7oEpws=" + "version": "c0e7e8c873a6067f9ae9076c3c243a20fa713a58", + "sum": "XmXkOCriQIZmXwlIIFhqlJMa0e6qGWdxZD+ZDYaN0Po=" }, { "source": { @@ -41,16 +41,6 @@ "version": "a1d61cce1da59c71409b99b5c7568511fec661ea", "sum": "342u++/7rViR/zj2jeJOjshzglkZ1SY+hFNuyCBFMdc=" }, - { - "source": { - "git": { - "remote": "https://github.com/grafana/grafonnet-lib.git", - "subdir": "grafonnet-7.0" - } - }, - "version": "a1d61cce1da59c71409b99b5c7568511fec661ea", - "sum": "gCtR9s/4D5fxU9aKXg0Bru+/njZhA0YjLjPiASc61FM=" - }, { "source": { "git": { @@ -58,8 +48,8 @@ "subdir": "gen/grafonnet-latest" } }, - "version": "733beadbc8dab55c5fe1bcdcf0d8a2d215759a55", - "sum": "eyuJ0jOXeA4MrobbNgU4/v5a7ASDHslHZ0eS6hDdWoI=" + "version": "d20e609202733790caf5b554c9945d049f243ae3", + "sum": "V9vAj21qJOc2DlMPDgB1eEjSQU4A+sAA4AXuJ6bd4xc=" }, { "source": { @@ -68,18 +58,18 @@ "subdir": "gen/grafonnet-v10.0.0" } }, - "version": "733beadbc8dab55c5fe1bcdcf0d8a2d215759a55", + "version": "d20e609202733790caf5b554c9945d049f243ae3", "sum": "xdcrJPJlpkq4+5LpGwN4tPAuheNNLXZjE6tDcyvFjr0=" }, { "source": { "git": { "remote": "https://github.com/grafana/grafonnet.git", - "subdir": "gen/grafonnet-v11.0.0" + "subdir": "gen/grafonnet-v11.4.0" } }, - "version": "733beadbc8dab55c5fe1bcdcf0d8a2d215759a55", - "sum": "0BvzR0i4bS4hc2O3xDv6i9m52z7mPrjvqxtcPrGhynA=" + "version": "d20e609202733790caf5b554c9945d049f243ae3", + "sum": "aVAX09paQYNOoCSKVpuk1exVIyBoMt/C50QJI+Q/3nA=" }, { "source": { @@ -88,7 +78,7 @@ "subdir": "grafana-builder" } }, - "version": "d9ba581fb27aa6689e911f288d4df06948eb8aad", + "version": "d6c38bb26f576b128cadca4137d73a037afdd872", "sum": "yxqWcq/N3E/a/XreeU6EuE6X7kYPnG0AspAQFKOjASo=" }, { @@ -98,8 +88,8 @@ "subdir": "" } }, - "version": "b6a425db5c72b0159e3b8666b373e21bf487df9a", - "sum": "6KgWSzBFX09sycxfM3mYsY9Ua16ydCVpyFGYS0ZkpIo=" + "version": "de46a6811837f9750ef9c6df29dcae314f22da81", + "sum": "TMt8tZMdzt2JL7Wt6cvxxdwEY9FbQ3OOKxAzLsTu5/w=" }, { "source": { @@ -118,8 +108,8 @@ "subdir": "" } }, - "version": "63d430b69a95741061c2f7fc9d84b1a778511d9c", - "sum": "qiZi3axUSXCVzKUF83zSAxklwrnitMmrDK4XAfjPMdE=" + "version": "1199b50e9d2ff53d4bb5fb2304ad1fb69d38e609", + "sum": "LfbgcJbilu4uBdKYZSvmkoOTPwEAzg10L3/VqKAIWtA=" }, { "source": { @@ -128,8 +118,8 @@ "subdir": "" } }, - "version": "1b71e399caee334af8ba2d15d0dd615043a652d0", - "sum": "qcRxavmCpuWQuwCMqYaOZ+soA8jxwWLrK7LYqohN5NA=" + "version": "e27267571be06c2bdc3d2fd8dbd70161cd709cb4", + "sum": "je1RPCp2aFNefYs5Q57Q5wDm93p8pL4pdBtA5rC7jLA=" }, { "source": { @@ -138,8 +128,8 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "f8aa7d9bb9d8e29876e19f4859391a54a7e61d63", - "sum": "lO7jUSzAIy8Yk9pOWJIWgPRhubkWzVh56W6wtYfbVH4=" + "version": "2a95d4649b2fea55799032fb9c0b571c4ba7f776", + "sum": "3bioG7CfTfY9zeu5xU4yon6Zt3kYvNkyl492nOhQxnM=" }, { "source": { @@ -148,7 +138,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "f8aa7d9bb9d8e29876e19f4859391a54a7e61d63", + "version": "2a95d4649b2fea55799032fb9c0b571c4ba7f776", "sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c=" }, { @@ -158,8 +148,8 @@ "subdir": "jsonnet/kube-prometheus" } }, - "version": "33c43a4067a174a99529e41d537eef290a7028ea", - "sum": "/jU8uXWR202aR7K/3zOefhc4JBUAUkTdHvE9rhfzI/g=" + "version": "1eea946a1532f1e8cccfceea98d907bf3a10b1d9", + "sum": "17LhiwefVfoNDsF3DcFZw/UL4PMU7YpNNUaOdaYd1gE=" }, { "source": { @@ -168,7 +158,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "aa74b0d377d32648ca50f2531fe2253895629d9f", + "version": "4da36fdd2377362c285aee3a96f7b0516f6e41bf", "sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=", "name": "prometheus-operator-mixin" }, @@ -179,8 +169,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "aa74b0d377d32648ca50f2531fe2253895629d9f", - "sum": "EZR4sBAtmFRsUR7U4SybuBUhK9ncMCvEu9xHtu8B9KA=" + "version": "4da36fdd2377362c285aee3a96f7b0516f6e41bf", + "sum": "tb5PzIT75Hv4m3kbOHXvmrlcplg+EbS4++NfTttDNOk=" }, { "source": { @@ -189,8 +179,8 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "27b6eb7ce02680c84b9a06503edbddc9213f586d", - "sum": "IpF46ZXsm+0wJJAPtAre8+yxTNZA57mBqGpBP/r7/kw=", + "version": "b5d1a64ad5bb0ff879705714d1e40cea82efbd5c", + "sum": "Mf4h1BYLle2nrgjf/HXrBbl0Zk8N+xaoEM017o0BC+k=", "name": "alertmanager" }, { @@ -200,8 +190,8 @@ "subdir": "docs/node-mixin" } }, - "version": "b9d0932179a0c5b3a8863f3d6cdafe8584cedc8e", - "sum": "rhUvbqviGjQ2mwsRhHKMN0TiS3YvnYpUXHew3XlQ+Wg=" + "version": "11365f97bef6cb0e6259d536a7e21c49e3f5c065", + "sum": "xYj6VYFT/eafsbleNlC+Z2VfLy1CndyYrJs9BcTmnX8=" }, { "source": { @@ -210,19 +200,19 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "616038f2b64656b2c9c6053f02aee544c5b8bb17", - "sum": "dYLcLzGH4yF3qB7OGC/7z4nqeTNjv42L7Q3BENU8XJI=", + "version": "906f6a33b60cec2596018ac8cc97ac41b16b06b7", + "sum": "2c+wttfee9TwuQJZIkNV7Tekem74Qgc7iZ842P28rNw=", "name": "prometheus" }, { "source": { "git": { "remote": "https://github.com/pyrra-dev/pyrra.git", - "subdir": "config/crd/bases" + "subdir": "jsonnet/controller-gen" } }, - "version": "551856d42dff02ec38c5b0ea6a2d99c4cb127e82", - "sum": "bY/Pcrrbynguq8/HaI88cQ3B2hLv/xc+76QILY7IL+g=", + "version": "d723f4d1a066dd657e9d09c46a158519dda0faa8", + "sum": "cxAPQovFkM16zNB5/94O+sk/n3SETk6ao6Oas2Sa6RE=", "name": "pyrra" }, { @@ -232,8 +222,8 @@ "subdir": "mixin" } }, - "version": "dcadaae80fcce1fb05452b37ca8d3b2809d7cef9", - "sum": "HhSSbGGCNHCMy1ee5jElYDm0yS9Vesa7QB2/SHKdjsY=", + "version": "346d18bb0f8011c63d7106de494cf3b9253161a1", + "sum": "ieCD4eMgGbOlrI8GmckGPHBGQDcLasE1rULYq56W/bs=", "name": "thanos-mixin" } ], diff --git a/charts/kubezero-istio-gateway/Chart.yaml b/charts/kubezero-istio-gateway/Chart.yaml index 76fb1dfd..fbd9ffeb 100644 --- a/charts/kubezero-istio-gateway/Chart.yaml +++ b/charts/kubezero-istio-gateway/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-istio-gateway description: KubeZero Umbrella Chart for Istio gateways type: application -version: 0.23.3 +version: 0.24.2 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -17,6 +17,6 @@ dependencies: version: ">= 0.1.6" repository: https://cdn.zero-downtime.net/charts/ - name: gateway - version: 1.24.3 + version: 1.24.2 repository: https://istio-release.storage.googleapis.com/charts -kubeVersion: ">= 1.26.0-0" +kubeVersion: ">= 1.30.0-0" diff --git a/charts/kubezero-istio-gateway/README.md b/charts/kubezero-istio-gateway/README.md index 85f824b3..132bdf02 100644 --- a/charts/kubezero-istio-gateway/README.md +++ b/charts/kubezero-istio-gateway/README.md @@ -1,6 +1,6 @@ # kubezero-istio-gateway -![Version: 0.23.2](https://img.shields.io/badge/Version-0.23.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.24.2](https://img.shields.io/badge/Version-0.24.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for Istio gateways @@ -16,12 +16,12 @@ Installs Istio Ingress Gateways, requires kubezero-istio to be installed ! ## Requirements -Kubernetes: `>= 1.26.0-0` +Kubernetes: `>= 1.30.0-0` | Repository | Name | Version | |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://istio-release.storage.googleapis.com/charts | gateway | 1.23.2 | +| https://istio-release.storage.googleapis.com/charts | gateway | 1.24.2 | ## Values @@ -32,6 +32,7 @@ Kubernetes: `>= 1.26.0-0` | gateway.autoscaling.maxReplicas | int | `4` | | | gateway.autoscaling.minReplicas | int | `1` | | | gateway.autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| gateway.minReadySeconds | int | `120` | | | gateway.podAnnotations."proxy.istio.io/config" | string | `"{ \"terminationDrainDuration\": \"20s\" }"` | | | gateway.replicaCount | int | `1` | | | gateway.resources.limits.memory | string | `"512Mi"` | | @@ -47,5 +48,6 @@ Kubernetes: `>= 1.26.0-0` ## Resources +### Envoy Listener Filter - TCP KeepAlive - https://github.com/cilium/cilium/blob/main/operator/pkg/model/translation/envoy_listener.go#L134 diff --git a/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml b/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml index d1391f70..33743efd 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.23.2 +appVersion: 1.24.2 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.23.2 +version: 1.24.2 diff --git a/charts/kubezero-istio-gateway/charts/gateway/files/profile-ambient.yaml b/charts/kubezero-istio-gateway/charts/gateway/files/profile-ambient.yaml index 22db0330..2805fe46 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/files/profile-ambient.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/files/profile-ambient.yaml @@ -15,6 +15,3 @@ pilot: cni: ambient: enabled: true - -# Ztunnel doesn't use a namespace, so everything here is mostly for ztunnel -variant: distroless diff --git a/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.20.yaml b/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.20.yaml deleted file mode 100644 index 72fdd5b3..00000000 --- a/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.20.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.21 behavioral changes - ENABLE_EXTERNAL_NAME_ALIAS: "false" - PERSIST_OLDEST_FIRST_HEURISTIC_FOR_VIRTUAL_SERVICE_HOST_MATCHING: "true" - VERIFY_CERTIFICATE_AT_CLIENT: "false" - ENABLE_AUTO_SNI: "false" - - # 1.22 behavioral changes - ENABLE_ENHANCED_RESOURCE_SCOPING: "false" - ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.22 behavioral changes - ISTIO_DELTA_XDS: "false" - # 1.23 behavioral changes - ENABLE_DELIMITED_STATS_TAG_REGEX: "false" - tracing: - zipkin: - address: zipkin.istio-system:9411 diff --git a/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.21.yaml b/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.21.yaml index d11c242b..c8da4d2e 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.21.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.21.yaml @@ -11,6 +11,13 @@ pilot: # 1.23 behavioral changes ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + # 1.24 behavioral changes + ENABLE_INBOUND_RETRY_POLICY: "false" + EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" + PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" + ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" + PILOT_UNIFIED_SIDECAR_SCOPE: "false" + meshConfig: # 1.22 behavioral changes defaultConfig: @@ -18,6 +25,9 @@ meshConfig: ISTIO_DELTA_XDS: "false" # 1.23 behavioral changes ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + # 1.24 behaviour changes + ENABLE_DEFERRED_STATS_CREATION: "false" + BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" tracing: zipkin: address: zipkin.istio-system:9411 diff --git a/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.22.yaml b/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.22.yaml index b091e2b9..70d8eb40 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.22.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.22.yaml @@ -6,7 +6,14 @@ pilot: env: # 1.23 behavioral changes ENABLE_DELIMITED_STATS_TAG_REGEX: "false" - + + # 1.24 behavioral changes + ENABLE_INBOUND_RETRY_POLICY: "false" + EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" + PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" + ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" + PILOT_UNIFIED_SIDECAR_SCOPE: "false" + meshConfig: defaultConfig: proxyMetadata: @@ -14,3 +21,6 @@ meshConfig: ENABLE_DEFERRED_CLUSTER_CREATION: "false" # 1.23 behavioral changes ENABLE_DELIMITED_STATS_TAG_REGEX: "false" + # 1.24 behaviour changes + ENABLE_DEFERRED_STATS_CREATION: "false" + BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" diff --git a/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.23.yaml b/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.23.yaml new file mode 100644 index 00000000..636bb6f1 --- /dev/null +++ b/charts/kubezero-istio-gateway/charts/gateway/files/profile-compatibility-version-1.23.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + ENABLE_INBOUND_RETRY_POLICY: "false" + EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" + PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" + ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" + PILOT_UNIFIED_SIDECAR_SCOPE: "false" + +meshConfig: + defaultConfig: + proxyMetadata: + # 1.24 behaviour changes + ENABLE_DEFERRED_STATS_CREATION: "false" + BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" diff --git a/charts/kubezero-istio-gateway/charts/gateway/files/profile-demo.yaml b/charts/kubezero-istio-gateway/charts/gateway/files/profile-demo.yaml index 83b9d6b6..eadbde17 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/files/profile-demo.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/files/profile-demo.yaml @@ -22,12 +22,29 @@ meshConfig: port: 4317 service: opentelemetry-collector.observability.svc.cluster.local +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + global: proxy: resources: requests: cpu: 10m memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi pilot: autoscaleEnabled: false diff --git a/charts/kubezero-istio-gateway/charts/gateway/files/profile-openshift-ambient.yaml b/charts/kubezero-istio-gateway/charts/gateway/files/profile-openshift-ambient.yaml deleted file mode 100644 index df4532d1..00000000 --- a/charts/kubezero-istio-gateway/charts/gateway/files/profile-openshift-ambient.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - platform: openshift -cni: - ambient: - enabled: true - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - logLevel: info - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" - variant: distroless - env: - PILOT_ENABLE_AMBIENT: "true" - # Allow sidecars/ingress to send/receive HBONE. This is required for interop. - PILOT_ENABLE_SENDING_HBONE: "true" - PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true" -platform: openshift -variant: distroless -seLinuxOptions: - type: spc_t diff --git a/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-k3d.yaml b/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-k3d.yaml new file mode 100644 index 00000000..cd86d9ec --- /dev/null +++ b/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-k3s.yaml b/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-k3s.yaml new file mode 100644 index 00000000..f3f2884a --- /dev/null +++ b/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/current/bin/ diff --git a/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-microk8s.yaml b/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-microk8s.yaml new file mode 100644 index 00000000..57d7f5e3 --- /dev/null +++ b/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-minikube.yaml b/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-minikube.yaml new file mode 100644 index 00000000..fa9992e2 --- /dev/null +++ b/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/charts/kubezero-istio-gateway/charts/gateway/files/profile-openshift.yaml b/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-openshift.yaml similarity index 79% rename from charts/kubezero-istio-gateway/charts/gateway/files/profile-openshift.yaml rename to charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-openshift.yaml index 18f61b88..8ddc5e16 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/files/profile-openshift.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/files/profile-platform-openshift.yaml @@ -3,18 +3,17 @@ # If you want to make a change in this file, edit the original one and run "make gen". # The OpenShift profile provides a basic set of settings to run Istio on OpenShift -# CNI must be installed. cni: cniBinDir: /var/lib/cni/bin cniConfDir: /etc/cni/multus/net.d chained: false cniConfFileName: "istio-cni.conf" - logLevel: info provider: "multus" -global: - platform: openshift pilot: cni: enabled: true provider: "multus" -platform: openshift +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/charts/kubezero-istio-gateway/charts/gateway/files/profile-remote.yaml b/charts/kubezero-istio-gateway/charts/gateway/files/profile-remote.yaml new file mode 100644 index 00000000..d17b9a80 --- /dev/null +++ b/charts/kubezero-istio-gateway/charts/gateway/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/_helpers.tpl b/charts/kubezero-istio-gateway/charts/gateway/templates/_helpers.tpl index 917b6359..e5a0a9b3 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/_helpers.tpl +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/_helpers.tpl @@ -6,19 +6,8 @@ {{- end -}} {{- end }} -{{/* -Create chart name and version as used by the helm.sh/chart label. -*/}} -{{- define "gateway.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - {{- define "gateway.labels" -}} -helm.sh/chart: {{ include "gateway.chart" . }} {{ include "gateway.selectorLabels" . }} -app.kubernetes.io/name: {{ include "gateway.name" . }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- range $key, $val := .Values.labels }} {{- if and (ne $key "app") (ne $key "istio") }} {{ $key | quote }}: {{ $val | quote }} diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml b/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml index 1bd29615..e9bfbbd3 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml @@ -4,6 +4,8 @@ metadata: name: {{ include "gateway.name" . }} namespace: {{ .Release.Namespace }} labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} {{- include "gateway.labels" . | nindent 4}} annotations: {{- .Values.annotations | toYaml | nindent 4 }} @@ -13,9 +15,13 @@ spec: replicas: {{ . }} {{- end }} {{- end }} - # Give the LB 120s to detect and take into service - # should only be 40s by we are on AWS so ... - minReadySeconds: 120 + {{- with .Values.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.minReadySeconds }} + minReadySeconds: {{ . }} + {{- end }} selector: matchLabels: {{- include "gateway.selectorLabels" . | nindent 6 }} @@ -29,7 +35,7 @@ spec: {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} {{- include "gateway.selectorLabels" . | nindent 8 }} app.kubernetes.io/name: {{ include "gateway.name" . }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + {{- include "istio.labels" . | nindent 8}} {{- range $key, $val := .Values.labels }} {{- if and (ne $key "app") (ne $key "istio") }} {{ $key | quote }}: {{ $val | quote }} @@ -94,7 +100,11 @@ spec: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.volumeMounts }} volumeMounts: - {{ toYaml . | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/hpa.yaml b/charts/kubezero-istio-gateway/charts/gateway/templates/hpa.yaml index 1b0f9366..64ecb6a4 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/hpa.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/hpa.yaml @@ -5,6 +5,8 @@ metadata: name: {{ include "gateway.name" . }} namespace: {{ .Release.Namespace }} labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} {{- include "gateway.labels" . | nindent 4 }} annotations: {{- .Values.annotations | toYaml | nindent 4 }} diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/poddisruptionbudget.yaml b/charts/kubezero-istio-gateway/charts/gateway/templates/poddisruptionbudget.yaml index 77f71e7f..b0155cdf 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/poddisruptionbudget.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/poddisruptionbudget.yaml @@ -5,6 +5,8 @@ metadata: name: {{ include "gateway.name" . }} namespace: {{ .Release.Namespace }} labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} {{- include "gateway.labels" . | nindent 4}} spec: selector: diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/role.yaml b/charts/kubezero-istio-gateway/charts/gateway/templates/role.yaml index c8a25cb7..3d160796 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/role.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/role.yaml @@ -6,6 +6,8 @@ metadata: name: {{ include "gateway.serviceAccountName" . }} namespace: {{ .Release.Namespace }} labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} {{- include "gateway.labels" . | nindent 4}} annotations: {{- .Values.annotations | toYaml | nindent 4 }} @@ -20,6 +22,8 @@ metadata: name: {{ include "gateway.serviceAccountName" . }} namespace: {{ .Release.Namespace }} labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} {{- include "gateway.labels" . | nindent 4}} annotations: {{- .Values.annotations | toYaml | nindent 4 }} diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/service.yaml b/charts/kubezero-istio-gateway/charts/gateway/templates/service.yaml index db7fc004..c013d812 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/service.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/service.yaml @@ -5,6 +5,8 @@ metadata: name: {{ include "gateway.name" . }} namespace: {{ .Release.Namespace }} labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} {{- include "gateway.labels" . | nindent 4 }} {{- with .Values.networkGateway }} topology.istio.io/network: "{{.}}" diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/serviceaccount.yaml b/charts/kubezero-istio-gateway/charts/gateway/templates/serviceaccount.yaml index e5b2304d..c88afead 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/serviceaccount.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/serviceaccount.yaml @@ -5,6 +5,8 @@ metadata: name: {{ include "gateway.serviceAccountName" . }} namespace: {{ .Release.Namespace }} labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} {{- include "gateway.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/zzz_profile.yaml b/charts/kubezero-istio-gateway/charts/gateway/templates/zzz_profile.yaml index 2d0bd4af..35623047 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/zzz_profile.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/zzz_profile.yaml @@ -15,9 +15,14 @@ However, we can workaround this by placing all of (1) under a specific key (.Val We can then merge the profile onto the defaults, then the user settings onto that. Finally, we can set all of that under .Values so the chart behaves without awareness. */}} -{{- $globals := $.Values.global | default dict | deepCopy }} -{{- $defaults := $.Values.defaults }} -{{- $_ := unset $.Values "defaults" }} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} {{- $profile := dict }} {{- with .Values.profile }} {{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} @@ -33,11 +38,37 @@ Finally, we can set all of that under .Values so the chart behaves without aware {{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} {{- end }} {{- end }} +{{- if ($.Values.global).platform }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" ($.Values.global).platform) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" ($.Values.global).platform) }} +{{- end }} +{{- end }} {{- if $profile }} {{- $a := mustMergeOverwrite $defaults $profile }} {{- end }} # Flatten globals, if defined on a per-chart basis {{- if false }} -{{- $a := mustMergeOverwrite $defaults $globals }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} {{- end }} {{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/charts/kubezero-istio-gateway/charts/gateway/values.schema.json b/charts/kubezero-istio-gateway/charts/gateway/values.schema.json index 4c4f0836..3108259a 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/values.schema.json +++ b/charts/kubezero-istio-gateway/charts/gateway/values.schema.json @@ -60,6 +60,15 @@ "env": { "type": "object" }, + "strategy": { + "type": "object" + }, + "minReadySeconds": { + "type": [ "null", "integer" ] + }, + "readinessProbe": { + "type": [ "null", "object" ] + }, "labels": { "type": "object" }, diff --git a/charts/kubezero-istio-gateway/charts/gateway/values.yaml b/charts/kubezero-istio-gateway/charts/gateway/values.yaml index 72205b4a..b02240df 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/values.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/values.yaml @@ -1,6 +1,6 @@ -# "defaults" is a workaround for Helm limitations. Users should NOT set ".defaults" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set defaults.foo=bar`, just set `--set foo=bar`. -defaults: +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: # Name allows overriding the release name. Generally this should not be set name: "" # revision declares which revision this gateway is a part of @@ -84,6 +84,17 @@ defaults: # Pod environment variables env: {} + # Deployment Update strategy + strategy: {} + + # Sets the Deployment minReadySeconds value + minReadySeconds: + + # Optionally configure a custom readinessProbe. By default the control plane + # automatically injects the readinessProbe. If you wish to override that + # behavior, you may define your own readinessProbe here. + readinessProbe: {} + # Labels to apply to all resources labels: {} @@ -137,6 +148,7 @@ defaults: # podDisruptionBudget: {} + # Sets the per-pod terminationGracePeriodSeconds setting. terminationGracePeriodSeconds: 30 # A list of `Volumes` added into the Gateway Pods. See diff --git a/charts/kubezero-istio-gateway/gateway.patch b/charts/kubezero-istio-gateway/gateway.patch index bb7ea2c7..a63ee006 100644 --- a/charts/kubezero-istio-gateway/gateway.patch +++ b/charts/kubezero-istio-gateway/gateway.patch @@ -1,16 +1,3 @@ -diff -tubr charts/gateway.orig/templates/deployment.yaml charts/gateway/templates/deployment.yaml ---- charts/gateway.orig/templates/deployment.yaml 2022-12-09 14:58:33.000000000 +0000 -+++ charts/gateway/templates/deployment.yaml 2022-12-13 11:43:02.196667885 +0000 -@@ -11,6 +11,9 @@ - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} -+ # Give the LB 120s to detect and take into service -+ # should only be 40s by we are on AWS so ... -+ minReadySeconds: 120 - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} diff -tubr charts/gateway.orig/templates/service.yaml charts/gateway/templates/service.yaml --- charts/gateway.orig/templates/service.yaml 2022-12-09 14:58:33.000000000 +0000 +++ charts/gateway/templates/service.yaml 2022-12-12 22:52:27.629670669 +0000 diff --git a/charts/kubezero-istio-gateway/values.yaml b/charts/kubezero-istio-gateway/values.yaml index 86c859c5..abc4ecc8 100644 --- a/charts/kubezero-istio-gateway/values.yaml +++ b/charts/kubezero-istio-gateway/values.yaml @@ -8,6 +8,7 @@ gateway: replicaCount: 1 terminationGracePeriodSeconds: 120 + minReadySeconds: 10 resources: requests: @@ -28,7 +29,7 @@ gateway: # gatewayProtocol: Loadbalancer protocol which is NOT the same as Container Procotol ! podAnnotations: - proxy.istio.io/config: '{ "terminationDrainDuration": "20s" }' + proxy.istio.io/config: '{ "terminationDrainDuration": "90s" }' certificates: [] #- name: ingress-cert diff --git a/charts/kubezero-istio/Chart.yaml b/charts/kubezero-istio/Chart.yaml index 6d754f5b..5c4b3948 100644 --- a/charts/kubezero-istio/Chart.yaml +++ b/charts/kubezero-istio/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-istio description: KubeZero Umbrella Chart for Istio type: application -version: 0.23.3 +version: 0.24.2 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -16,13 +16,13 @@ dependencies: version: ">= 0.1.6" repository: https://cdn.zero-downtime.net/charts/ - name: base - version: 1.24.3 + version: 1.24.2 repository: https://istio-release.storage.googleapis.com/charts - name: istiod - version: 1.24.3 + version: 1.24.2 repository: https://istio-release.storage.googleapis.com/charts - name: kiali-server version: "1.89.7" repository: https://kiali.org/helm-charts condition: kiali-server.enabled -kubeVersion: ">= 1.26.0-0" +kubeVersion: ">= 1.30.0-0" diff --git a/charts/kubezero-istio/README.md b/charts/kubezero-istio/README.md index daac8027..d60094ec 100644 --- a/charts/kubezero-istio/README.md +++ b/charts/kubezero-istio/README.md @@ -1,6 +1,6 @@ # kubezero-istio -![Version: 0.23.2](https://img.shields.io/badge/Version-0.23.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.24.2](https://img.shields.io/badge/Version-0.24.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for Istio @@ -16,13 +16,13 @@ Installs the Istio control plane ## Requirements -Kubernetes: `>= 1.26.0-0` +Kubernetes: `>= 1.30.0-0` | Repository | Name | Version | |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://istio-release.storage.googleapis.com/charts | base | 1.23.2 | -| https://istio-release.storage.googleapis.com/charts | istiod | 1.23.2 | +| https://istio-release.storage.googleapis.com/charts | base | 1.24.2 | +| https://istio-release.storage.googleapis.com/charts | istiod | 1.24.2 | | https://kiali.org/helm-charts | kiali-server | 1.89.7 | ## Values @@ -64,12 +64,11 @@ Kubernetes: `>= 1.26.0-0` ## Resources -- https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec - https://github.com/istio/istio/blob/master/manifests/profiles/default.yaml -- https://istio.io/latest/docs/setup/install/standalone-operator/ ### Grafana - https://grafana.com/grafana/dashboards/7645 - https://grafana.com/grafana/dashboards/7639 - https://grafana.com/grafana/dashboards/7636 - https://grafana.com/grafana/dashboards/7630 +- https://grafana.com/grafana/dashboards/11829 diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml index 904bf743..f1a0ef4d 100644 --- a/charts/kubezero/Chart.yaml +++ b/charts/kubezero/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero description: KubeZero - Root App of Apps chart type: application -version: 1.31.5-alpha +version: 1.31.5 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -15,4 +15,4 @@ dependencies: - name: kubezero-lib version: ">= 0.2.1" repository: https://cdn.zero-downtime.net/charts -kubeVersion: ">= 1.29.0-0" +kubeVersion: ">= 1.31.0-0" diff --git a/charts/kubezero/templates/istio-ingress.yaml b/charts/kubezero/templates/istio-ingress.yaml index a4dfa6db..1c53bdb2 100644 --- a/charts/kubezero/templates/istio-ingress.yaml +++ b/charts/kubezero/templates/istio-ingress.yaml @@ -1,9 +1,5 @@ {{- define "istio-ingress-values" }} -{{- if eq .Values.global.platform "aws" }} -{{- end }} -{{- $ingressLabel := "node.kubernetes.io/ingress.public" }} - gateway: name: istio-ingressgateway diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 7e514016..6af77b46 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -43,7 +43,7 @@ network: cert-manager: enabled: false namespace: cert-manager - targetRevision: 0.9.10 + targetRevision: 0.9.11 storage: enabled: false @@ -64,13 +64,13 @@ storage: istio: enabled: false namespace: istio-system - targetRevision: 0.23.2 + targetRevision: 0.24.2 istio-ingress: enabled: false chart: kubezero-istio-gateway namespace: istio-ingress - targetRevision: 0.23.2 + targetRevision: 0.24.2 gateway: service: {} @@ -78,7 +78,7 @@ istio-private-ingress: enabled: false chart: kubezero-istio-gateway namespace: istio-ingress - targetRevision: 0.23.2 + targetRevision: 0.24.2 gateway: service: {} @@ -119,7 +119,7 @@ logging: argo: enabled: false namespace: argocd - targetRevision: 0.2.6 + targetRevision: 0.2.7 argo-cd: enabled: false istio: