feat: cert-manager and istio version bumps
This commit is contained in:
parent
7a8baa9e74
commit
365ec9ac55
@ -114,10 +114,12 @@ post_kubeadm() {
|
|||||||
control_plane_upgrade() {
|
control_plane_upgrade() {
|
||||||
CMD=$1
|
CMD=$1
|
||||||
|
|
||||||
# get current values, argo app over cm
|
render_kubeadm upgrade
|
||||||
get_kubezero_values $ARGOCD
|
|
||||||
|
|
||||||
if [[ "$CMD" =~ ^(cluster)$ ]]; then
|
if [[ "$CMD" =~ ^(cluster)$ ]]; then
|
||||||
|
# get current values, argo app over cm
|
||||||
|
get_kubezero_values $ARGOCD
|
||||||
|
|
||||||
# tumble new config through migrate.py
|
# tumble new config through migrate.py
|
||||||
migrate_argo_values.py < "$WORKDIR"/kubezero-values.yaml > "$WORKDIR"/new-kubezero-values.yaml
|
migrate_argo_values.py < "$WORKDIR"/kubezero-values.yaml > "$WORKDIR"/new-kubezero-values.yaml
|
||||||
|
|
||||||
@ -138,9 +140,6 @@ control_plane_upgrade() {
|
|||||||
kubectl patch app kubezero -n argocd --type json -p='[{"op": "remove", "path": "/metadata/annotations"}]' || true
|
kubectl patch app kubezero -n argocd --type json -p='[{"op": "remove", "path": "/metadata/annotations"}]' || true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Local node upgrade
|
|
||||||
render_kubeadm upgrade
|
|
||||||
|
|
||||||
pre_kubeadm
|
pre_kubeadm
|
||||||
|
|
||||||
_kubeadm init phase upload-config kubeadm
|
_kubeadm init phase upload-config kubeadm
|
||||||
@ -155,13 +154,11 @@ control_plane_upgrade() {
|
|||||||
echo "Successfully upgraded KubeZero control plane to $KUBE_VERSION using kubeadm."
|
echo "Successfully upgraded KubeZero control plane to $KUBE_VERSION using kubeadm."
|
||||||
|
|
||||||
elif [[ "$CMD" =~ ^(final)$ ]]; then
|
elif [[ "$CMD" =~ ^(final)$ ]]; then
|
||||||
render_kubeadm upgrade
|
|
||||||
|
|
||||||
# Finally upgrade addons last, with 1.32 we can ONLY call addon phase
|
# Finally upgrade addons last, with 1.32 we can ONLY call addon phase
|
||||||
#_kubeadm upgrade apply phase addon all $KUBE_VERSION
|
#_kubeadm upgrade apply phase addon all $KUBE_VERSION
|
||||||
_kubeadm upgrade apply $KUBE_VERSION
|
_kubeadm upgrade apply $KUBE_VERSION
|
||||||
|
|
||||||
echo "Upgraded addons and applied final migrations"
|
echo "Upgraded kubeadm addons."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Cleanup after kubeadm on the host
|
# Cleanup after kubeadm on the host
|
||||||
|
|||||||
@ -25,15 +25,14 @@ OLD_CONTROLLERS=$(kubectl get nodes -l "node-role.kubernetes.io/control-plane="
|
|||||||
# All controllers already on current version
|
# All controllers already on current version
|
||||||
if [ "$OLD_CONTROLLERS" == "0" ]; then
|
if [ "$OLD_CONTROLLERS" == "0" ]; then
|
||||||
control_plane_upgrade finalize_cluster_upgrade
|
control_plane_upgrade finalize_cluster_upgrade
|
||||||
exit
|
|
||||||
|
|
||||||
# Otherwise run control plane upgrade
|
# Otherwise run control plane upgrade
|
||||||
else
|
else
|
||||||
control_plane_upgrade kubeadm_upgrade
|
control_plane_upgrade kubeadm_upgrade
|
||||||
echo "<Return> to continue"
|
|
||||||
read -r
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
echo "<Return> to continue"
|
||||||
|
read -r
|
||||||
|
|
||||||
#echo "Adjust kubezero values as needed:"
|
#echo "Adjust kubezero values as needed:"
|
||||||
# shellcheck disable=SC2015
|
# shellcheck disable=SC2015
|
||||||
#[ "$ARGOCD" == "True" ] && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kubezero
|
#[ "$ARGOCD" == "True" ] && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kubezero
|
||||||
@ -49,7 +48,7 @@ echo "Applying remaining KubeZero modules..."
|
|||||||
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argo"
|
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argo"
|
||||||
|
|
||||||
# Final step is to commit the new argocd kubezero app
|
# Final step is to commit the new argocd kubezero app
|
||||||
kubectl get app kubezero -n argocd -o yaml | del(.status) | del(.metadata) | del(.operation) | .metadata.name="kubezero" | .metadata.namespace="argocd"' | yq 'sort_keys(..)' > $ARGO_APP
|
kubectl get app kubezero -n argocd -o yaml | yq 'del(.status) | del(.metadata) | del(.operation) | .metadata.name="kubezero" | .metadata.namespace="argocd"' | yq 'sort_keys(..)' > $ARGO_APP
|
||||||
|
|
||||||
# Trigger backup of upgraded cluster state
|
# Trigger backup of upgraded cluster state
|
||||||
kubectl create job --from=cronjob/kubezero-backup kubezero-backup-$KUBE_VERSION -n kube-system
|
kubectl create job --from=cronjob/kubezero-backup kubezero-backup-$KUBE_VERSION -n kube-system
|
||||||
|
|||||||
@ -18,4 +18,4 @@ dependencies:
|
|||||||
- name: cert-manager
|
- name: cert-manager
|
||||||
version: v1.17.0
|
version: v1.17.0
|
||||||
repository: https://charts.jetstack.io
|
repository: https://charts.jetstack.io
|
||||||
kubeVersion: ">= 1.26.0-0"
|
kubeVersion: ">= 1.30.0-0"
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
# kubezero-cert-manager
|
# kubezero-cert-manager
|
||||||
|
|
||||||
 
|
 
|
||||||
|
|
||||||
KubeZero Umbrella Chart for cert-manager
|
KubeZero Umbrella Chart for cert-manager
|
||||||
|
|
||||||
@ -19,7 +19,7 @@ Kubernetes: `>= 1.26.0-0`
|
|||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
| https://charts.jetstack.io | cert-manager | v1.15.2 |
|
| https://charts.jetstack.io | cert-manager | v1.17.0 |
|
||||||
|
|
||||||
## AWS - OIDC IAM roles
|
## AWS - OIDC IAM roles
|
||||||
|
|
||||||
|
|||||||
@ -18,8 +18,8 @@
|
|||||||
"subdir": "contrib/mixin"
|
"subdir": "contrib/mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "df4e472a2d09813560ba44b21a29c0453dbec18c",
|
"version": "c0e7e8c873a6067f9ae9076c3c243a20fa713a58",
|
||||||
"sum": "IXI3LQIT9NmTPJAk8WLUJd5+qZfcGpeNCyWIK7oEpws="
|
"sum": "XmXkOCriQIZmXwlIIFhqlJMa0e6qGWdxZD+ZDYaN0Po="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -41,16 +41,6 @@
|
|||||||
"version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
|
"version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
|
||||||
"sum": "342u++/7rViR/zj2jeJOjshzglkZ1SY+hFNuyCBFMdc="
|
"sum": "342u++/7rViR/zj2jeJOjshzglkZ1SY+hFNuyCBFMdc="
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"source": {
|
|
||||||
"git": {
|
|
||||||
"remote": "https://github.com/grafana/grafonnet-lib.git",
|
|
||||||
"subdir": "grafonnet-7.0"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
|
|
||||||
"sum": "gCtR9s/4D5fxU9aKXg0Bru+/njZhA0YjLjPiASc61FM="
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
"git": {
|
"git": {
|
||||||
@ -58,8 +48,8 @@
|
|||||||
"subdir": "gen/grafonnet-latest"
|
"subdir": "gen/grafonnet-latest"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "733beadbc8dab55c5fe1bcdcf0d8a2d215759a55",
|
"version": "d20e609202733790caf5b554c9945d049f243ae3",
|
||||||
"sum": "eyuJ0jOXeA4MrobbNgU4/v5a7ASDHslHZ0eS6hDdWoI="
|
"sum": "V9vAj21qJOc2DlMPDgB1eEjSQU4A+sAA4AXuJ6bd4xc="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -68,18 +58,18 @@
|
|||||||
"subdir": "gen/grafonnet-v10.0.0"
|
"subdir": "gen/grafonnet-v10.0.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "733beadbc8dab55c5fe1bcdcf0d8a2d215759a55",
|
"version": "d20e609202733790caf5b554c9945d049f243ae3",
|
||||||
"sum": "xdcrJPJlpkq4+5LpGwN4tPAuheNNLXZjE6tDcyvFjr0="
|
"sum": "xdcrJPJlpkq4+5LpGwN4tPAuheNNLXZjE6tDcyvFjr0="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
"git": {
|
"git": {
|
||||||
"remote": "https://github.com/grafana/grafonnet.git",
|
"remote": "https://github.com/grafana/grafonnet.git",
|
||||||
"subdir": "gen/grafonnet-v11.0.0"
|
"subdir": "gen/grafonnet-v11.4.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "733beadbc8dab55c5fe1bcdcf0d8a2d215759a55",
|
"version": "d20e609202733790caf5b554c9945d049f243ae3",
|
||||||
"sum": "0BvzR0i4bS4hc2O3xDv6i9m52z7mPrjvqxtcPrGhynA="
|
"sum": "aVAX09paQYNOoCSKVpuk1exVIyBoMt/C50QJI+Q/3nA="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -88,7 +78,7 @@
|
|||||||
"subdir": "grafana-builder"
|
"subdir": "grafana-builder"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "d9ba581fb27aa6689e911f288d4df06948eb8aad",
|
"version": "d6c38bb26f576b128cadca4137d73a037afdd872",
|
||||||
"sum": "yxqWcq/N3E/a/XreeU6EuE6X7kYPnG0AspAQFKOjASo="
|
"sum": "yxqWcq/N3E/a/XreeU6EuE6X7kYPnG0AspAQFKOjASo="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -98,8 +88,8 @@
|
|||||||
"subdir": ""
|
"subdir": ""
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "b6a425db5c72b0159e3b8666b373e21bf487df9a",
|
"version": "de46a6811837f9750ef9c6df29dcae314f22da81",
|
||||||
"sum": "6KgWSzBFX09sycxfM3mYsY9Ua16ydCVpyFGYS0ZkpIo="
|
"sum": "TMt8tZMdzt2JL7Wt6cvxxdwEY9FbQ3OOKxAzLsTu5/w="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -118,8 +108,8 @@
|
|||||||
"subdir": ""
|
"subdir": ""
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "63d430b69a95741061c2f7fc9d84b1a778511d9c",
|
"version": "1199b50e9d2ff53d4bb5fb2304ad1fb69d38e609",
|
||||||
"sum": "qiZi3axUSXCVzKUF83zSAxklwrnitMmrDK4XAfjPMdE="
|
"sum": "LfbgcJbilu4uBdKYZSvmkoOTPwEAzg10L3/VqKAIWtA="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -128,8 +118,8 @@
|
|||||||
"subdir": ""
|
"subdir": ""
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "1b71e399caee334af8ba2d15d0dd615043a652d0",
|
"version": "e27267571be06c2bdc3d2fd8dbd70161cd709cb4",
|
||||||
"sum": "qcRxavmCpuWQuwCMqYaOZ+soA8jxwWLrK7LYqohN5NA="
|
"sum": "je1RPCp2aFNefYs5Q57Q5wDm93p8pL4pdBtA5rC7jLA="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -138,8 +128,8 @@
|
|||||||
"subdir": "jsonnet/kube-state-metrics"
|
"subdir": "jsonnet/kube-state-metrics"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "f8aa7d9bb9d8e29876e19f4859391a54a7e61d63",
|
"version": "2a95d4649b2fea55799032fb9c0b571c4ba7f776",
|
||||||
"sum": "lO7jUSzAIy8Yk9pOWJIWgPRhubkWzVh56W6wtYfbVH4="
|
"sum": "3bioG7CfTfY9zeu5xU4yon6Zt3kYvNkyl492nOhQxnM="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -148,7 +138,7 @@
|
|||||||
"subdir": "jsonnet/kube-state-metrics-mixin"
|
"subdir": "jsonnet/kube-state-metrics-mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "f8aa7d9bb9d8e29876e19f4859391a54a7e61d63",
|
"version": "2a95d4649b2fea55799032fb9c0b571c4ba7f776",
|
||||||
"sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c="
|
"sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -158,8 +148,8 @@
|
|||||||
"subdir": "jsonnet/kube-prometheus"
|
"subdir": "jsonnet/kube-prometheus"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "33c43a4067a174a99529e41d537eef290a7028ea",
|
"version": "1eea946a1532f1e8cccfceea98d907bf3a10b1d9",
|
||||||
"sum": "/jU8uXWR202aR7K/3zOefhc4JBUAUkTdHvE9rhfzI/g="
|
"sum": "17LhiwefVfoNDsF3DcFZw/UL4PMU7YpNNUaOdaYd1gE="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -168,7 +158,7 @@
|
|||||||
"subdir": "jsonnet/mixin"
|
"subdir": "jsonnet/mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "aa74b0d377d32648ca50f2531fe2253895629d9f",
|
"version": "4da36fdd2377362c285aee3a96f7b0516f6e41bf",
|
||||||
"sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=",
|
"sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=",
|
||||||
"name": "prometheus-operator-mixin"
|
"name": "prometheus-operator-mixin"
|
||||||
},
|
},
|
||||||
@ -179,8 +169,8 @@
|
|||||||
"subdir": "jsonnet/prometheus-operator"
|
"subdir": "jsonnet/prometheus-operator"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "aa74b0d377d32648ca50f2531fe2253895629d9f",
|
"version": "4da36fdd2377362c285aee3a96f7b0516f6e41bf",
|
||||||
"sum": "EZR4sBAtmFRsUR7U4SybuBUhK9ncMCvEu9xHtu8B9KA="
|
"sum": "tb5PzIT75Hv4m3kbOHXvmrlcplg+EbS4++NfTttDNOk="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -189,8 +179,8 @@
|
|||||||
"subdir": "doc/alertmanager-mixin"
|
"subdir": "doc/alertmanager-mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "27b6eb7ce02680c84b9a06503edbddc9213f586d",
|
"version": "b5d1a64ad5bb0ff879705714d1e40cea82efbd5c",
|
||||||
"sum": "IpF46ZXsm+0wJJAPtAre8+yxTNZA57mBqGpBP/r7/kw=",
|
"sum": "Mf4h1BYLle2nrgjf/HXrBbl0Zk8N+xaoEM017o0BC+k=",
|
||||||
"name": "alertmanager"
|
"name": "alertmanager"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -200,8 +190,8 @@
|
|||||||
"subdir": "docs/node-mixin"
|
"subdir": "docs/node-mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "b9d0932179a0c5b3a8863f3d6cdafe8584cedc8e",
|
"version": "11365f97bef6cb0e6259d536a7e21c49e3f5c065",
|
||||||
"sum": "rhUvbqviGjQ2mwsRhHKMN0TiS3YvnYpUXHew3XlQ+Wg="
|
"sum": "xYj6VYFT/eafsbleNlC+Z2VfLy1CndyYrJs9BcTmnX8="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -210,19 +200,19 @@
|
|||||||
"subdir": "documentation/prometheus-mixin"
|
"subdir": "documentation/prometheus-mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "616038f2b64656b2c9c6053f02aee544c5b8bb17",
|
"version": "906f6a33b60cec2596018ac8cc97ac41b16b06b7",
|
||||||
"sum": "dYLcLzGH4yF3qB7OGC/7z4nqeTNjv42L7Q3BENU8XJI=",
|
"sum": "2c+wttfee9TwuQJZIkNV7Tekem74Qgc7iZ842P28rNw=",
|
||||||
"name": "prometheus"
|
"name": "prometheus"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
"git": {
|
"git": {
|
||||||
"remote": "https://github.com/pyrra-dev/pyrra.git",
|
"remote": "https://github.com/pyrra-dev/pyrra.git",
|
||||||
"subdir": "config/crd/bases"
|
"subdir": "jsonnet/controller-gen"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "551856d42dff02ec38c5b0ea6a2d99c4cb127e82",
|
"version": "d723f4d1a066dd657e9d09c46a158519dda0faa8",
|
||||||
"sum": "bY/Pcrrbynguq8/HaI88cQ3B2hLv/xc+76QILY7IL+g=",
|
"sum": "cxAPQovFkM16zNB5/94O+sk/n3SETk6ao6Oas2Sa6RE=",
|
||||||
"name": "pyrra"
|
"name": "pyrra"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -232,8 +222,8 @@
|
|||||||
"subdir": "mixin"
|
"subdir": "mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "dcadaae80fcce1fb05452b37ca8d3b2809d7cef9",
|
"version": "346d18bb0f8011c63d7106de494cf3b9253161a1",
|
||||||
"sum": "HhSSbGGCNHCMy1ee5jElYDm0yS9Vesa7QB2/SHKdjsY=",
|
"sum": "ieCD4eMgGbOlrI8GmckGPHBGQDcLasE1rULYq56W/bs=",
|
||||||
"name": "thanos-mixin"
|
"name": "thanos-mixin"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|||||||
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-istio-gateway
|
name: kubezero-istio-gateway
|
||||||
description: KubeZero Umbrella Chart for Istio gateways
|
description: KubeZero Umbrella Chart for Istio gateways
|
||||||
type: application
|
type: application
|
||||||
version: 0.23.3
|
version: 0.24.2
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -17,6 +17,6 @@ dependencies:
|
|||||||
version: ">= 0.1.6"
|
version: ">= 0.1.6"
|
||||||
repository: https://cdn.zero-downtime.net/charts/
|
repository: https://cdn.zero-downtime.net/charts/
|
||||||
- name: gateway
|
- name: gateway
|
||||||
version: 1.24.3
|
version: 1.24.2
|
||||||
repository: https://istio-release.storage.googleapis.com/charts
|
repository: https://istio-release.storage.googleapis.com/charts
|
||||||
kubeVersion: ">= 1.26.0-0"
|
kubeVersion: ">= 1.30.0-0"
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
# kubezero-istio-gateway
|
# kubezero-istio-gateway
|
||||||
|
|
||||||
 
|
 
|
||||||
|
|
||||||
KubeZero Umbrella Chart for Istio gateways
|
KubeZero Umbrella Chart for Istio gateways
|
||||||
|
|
||||||
@ -16,12 +16,12 @@ Installs Istio Ingress Gateways, requires kubezero-istio to be installed !
|
|||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
Kubernetes: `>= 1.26.0-0`
|
Kubernetes: `>= 1.30.0-0`
|
||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
| https://istio-release.storage.googleapis.com/charts | gateway | 1.23.2 |
|
| https://istio-release.storage.googleapis.com/charts | gateway | 1.24.2 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
@ -32,6 +32,7 @@ Kubernetes: `>= 1.26.0-0`
|
|||||||
| gateway.autoscaling.maxReplicas | int | `4` | |
|
| gateway.autoscaling.maxReplicas | int | `4` | |
|
||||||
| gateway.autoscaling.minReplicas | int | `1` | |
|
| gateway.autoscaling.minReplicas | int | `1` | |
|
||||||
| gateway.autoscaling.targetCPUUtilizationPercentage | int | `80` | |
|
| gateway.autoscaling.targetCPUUtilizationPercentage | int | `80` | |
|
||||||
|
| gateway.minReadySeconds | int | `120` | |
|
||||||
| gateway.podAnnotations."proxy.istio.io/config" | string | `"{ \"terminationDrainDuration\": \"20s\" }"` | |
|
| gateway.podAnnotations."proxy.istio.io/config" | string | `"{ \"terminationDrainDuration\": \"20s\" }"` | |
|
||||||
| gateway.replicaCount | int | `1` | |
|
| gateway.replicaCount | int | `1` | |
|
||||||
| gateway.resources.limits.memory | string | `"512Mi"` | |
|
| gateway.resources.limits.memory | string | `"512Mi"` | |
|
||||||
@ -47,5 +48,6 @@ Kubernetes: `>= 1.26.0-0`
|
|||||||
|
|
||||||
## Resources
|
## Resources
|
||||||
|
|
||||||
|
### Envoy Listener Filter - TCP KeepAlive
|
||||||
- https://github.com/cilium/cilium/blob/main/operator/pkg/model/translation/envoy_listener.go#L134
|
- https://github.com/cilium/cilium/blob/main/operator/pkg/model/translation/envoy_listener.go#L134
|
||||||
|
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 1.23.2
|
appVersion: 1.24.2
|
||||||
description: Helm chart for deploying Istio gateways
|
description: Helm chart for deploying Istio gateways
|
||||||
icon: https://istio.io/latest/favicons/android-192x192.png
|
icon: https://istio.io/latest/favicons/android-192x192.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -9,4 +9,4 @@ name: gateway
|
|||||||
sources:
|
sources:
|
||||||
- https://github.com/istio/istio
|
- https://github.com/istio/istio
|
||||||
type: application
|
type: application
|
||||||
version: 1.23.2
|
version: 1.24.2
|
||||||
|
|||||||
@ -15,6 +15,3 @@ pilot:
|
|||||||
cni:
|
cni:
|
||||||
ambient:
|
ambient:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
# Ztunnel doesn't use a namespace, so everything here is mostly for ztunnel
|
|
||||||
variant: distroless
|
|
||||||
|
|||||||
@ -1,26 +0,0 @@
|
|||||||
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
|
||||||
# The original version of this file is located at /manifests/helm-profiles directory.
|
|
||||||
# If you want to make a change in this file, edit the original one and run "make gen".
|
|
||||||
|
|
||||||
pilot:
|
|
||||||
env:
|
|
||||||
# 1.21 behavioral changes
|
|
||||||
ENABLE_EXTERNAL_NAME_ALIAS: "false"
|
|
||||||
PERSIST_OLDEST_FIRST_HEURISTIC_FOR_VIRTUAL_SERVICE_HOST_MATCHING: "true"
|
|
||||||
VERIFY_CERTIFICATE_AT_CLIENT: "false"
|
|
||||||
ENABLE_AUTO_SNI: "false"
|
|
||||||
|
|
||||||
# 1.22 behavioral changes
|
|
||||||
ENABLE_ENHANCED_RESOURCE_SCOPING: "false"
|
|
||||||
ENABLE_RESOLUTION_NONE_TARGET_PORT: "false"
|
|
||||||
|
|
||||||
meshConfig:
|
|
||||||
defaultConfig:
|
|
||||||
proxyMetadata:
|
|
||||||
# 1.22 behavioral changes
|
|
||||||
ISTIO_DELTA_XDS: "false"
|
|
||||||
# 1.23 behavioral changes
|
|
||||||
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
|
||||||
tracing:
|
|
||||||
zipkin:
|
|
||||||
address: zipkin.istio-system:9411
|
|
||||||
@ -11,6 +11,13 @@ pilot:
|
|||||||
# 1.23 behavioral changes
|
# 1.23 behavioral changes
|
||||||
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
||||||
|
|
||||||
|
# 1.24 behavioral changes
|
||||||
|
ENABLE_INBOUND_RETRY_POLICY: "false"
|
||||||
|
EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false"
|
||||||
|
PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false"
|
||||||
|
ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false"
|
||||||
|
PILOT_UNIFIED_SIDECAR_SCOPE: "false"
|
||||||
|
|
||||||
meshConfig:
|
meshConfig:
|
||||||
# 1.22 behavioral changes
|
# 1.22 behavioral changes
|
||||||
defaultConfig:
|
defaultConfig:
|
||||||
@ -18,6 +25,9 @@ meshConfig:
|
|||||||
ISTIO_DELTA_XDS: "false"
|
ISTIO_DELTA_XDS: "false"
|
||||||
# 1.23 behavioral changes
|
# 1.23 behavioral changes
|
||||||
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
||||||
|
# 1.24 behaviour changes
|
||||||
|
ENABLE_DEFERRED_STATS_CREATION: "false"
|
||||||
|
BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false"
|
||||||
tracing:
|
tracing:
|
||||||
zipkin:
|
zipkin:
|
||||||
address: zipkin.istio-system:9411
|
address: zipkin.istio-system:9411
|
||||||
|
|||||||
@ -7,6 +7,13 @@ pilot:
|
|||||||
# 1.23 behavioral changes
|
# 1.23 behavioral changes
|
||||||
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
||||||
|
|
||||||
|
# 1.24 behavioral changes
|
||||||
|
ENABLE_INBOUND_RETRY_POLICY: "false"
|
||||||
|
EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false"
|
||||||
|
PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false"
|
||||||
|
ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false"
|
||||||
|
PILOT_UNIFIED_SIDECAR_SCOPE: "false"
|
||||||
|
|
||||||
meshConfig:
|
meshConfig:
|
||||||
defaultConfig:
|
defaultConfig:
|
||||||
proxyMetadata:
|
proxyMetadata:
|
||||||
@ -14,3 +21,6 @@ meshConfig:
|
|||||||
ENABLE_DEFERRED_CLUSTER_CREATION: "false"
|
ENABLE_DEFERRED_CLUSTER_CREATION: "false"
|
||||||
# 1.23 behavioral changes
|
# 1.23 behavioral changes
|
||||||
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
ENABLE_DELIMITED_STATS_TAG_REGEX: "false"
|
||||||
|
# 1.24 behaviour changes
|
||||||
|
ENABLE_DEFERRED_STATS_CREATION: "false"
|
||||||
|
BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false"
|
||||||
|
|||||||
@ -0,0 +1,19 @@
|
|||||||
|
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||||
|
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||||
|
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||||
|
|
||||||
|
pilot:
|
||||||
|
env:
|
||||||
|
# 1.24 behavioral changes
|
||||||
|
ENABLE_INBOUND_RETRY_POLICY: "false"
|
||||||
|
EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false"
|
||||||
|
PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false"
|
||||||
|
ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false"
|
||||||
|
PILOT_UNIFIED_SIDECAR_SCOPE: "false"
|
||||||
|
|
||||||
|
meshConfig:
|
||||||
|
defaultConfig:
|
||||||
|
proxyMetadata:
|
||||||
|
# 1.24 behaviour changes
|
||||||
|
ENABLE_DEFERRED_STATS_CREATION: "false"
|
||||||
|
BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false"
|
||||||
@ -22,12 +22,29 @@ meshConfig:
|
|||||||
port: 4317
|
port: 4317
|
||||||
service: opentelemetry-collector.observability.svc.cluster.local
|
service: opentelemetry-collector.observability.svc.cluster.local
|
||||||
|
|
||||||
|
cni:
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 40Mi
|
||||||
|
|
||||||
|
ztunnel:
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 40Mi
|
||||||
|
|
||||||
global:
|
global:
|
||||||
proxy:
|
proxy:
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 10m
|
cpu: 10m
|
||||||
memory: 40Mi
|
memory: 40Mi
|
||||||
|
waypoint:
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 40Mi
|
||||||
|
|
||||||
pilot:
|
pilot:
|
||||||
autoscaleEnabled: false
|
autoscaleEnabled: false
|
||||||
|
|||||||
@ -1,33 +0,0 @@
|
|||||||
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
|
||||||
# The original version of this file is located at /manifests/helm-profiles directory.
|
|
||||||
# If you want to make a change in this file, edit the original one and run "make gen".
|
|
||||||
|
|
||||||
meshConfig:
|
|
||||||
defaultConfig:
|
|
||||||
proxyMetadata:
|
|
||||||
ISTIO_META_ENABLE_HBONE: "true"
|
|
||||||
global:
|
|
||||||
platform: openshift
|
|
||||||
cni:
|
|
||||||
ambient:
|
|
||||||
enabled: true
|
|
||||||
cniBinDir: /var/lib/cni/bin
|
|
||||||
cniConfDir: /etc/cni/multus/net.d
|
|
||||||
chained: false
|
|
||||||
cniConfFileName: "istio-cni.conf"
|
|
||||||
logLevel: info
|
|
||||||
provider: "multus"
|
|
||||||
pilot:
|
|
||||||
cni:
|
|
||||||
enabled: true
|
|
||||||
provider: "multus"
|
|
||||||
variant: distroless
|
|
||||||
env:
|
|
||||||
PILOT_ENABLE_AMBIENT: "true"
|
|
||||||
# Allow sidecars/ingress to send/receive HBONE. This is required for interop.
|
|
||||||
PILOT_ENABLE_SENDING_HBONE: "true"
|
|
||||||
PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true"
|
|
||||||
platform: openshift
|
|
||||||
variant: distroless
|
|
||||||
seLinuxOptions:
|
|
||||||
type: spc_t
|
|
||||||
@ -0,0 +1,7 @@
|
|||||||
|
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||||
|
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||||
|
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||||
|
|
||||||
|
cni:
|
||||||
|
cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d
|
||||||
|
cniBinDir: /bin
|
||||||
@ -0,0 +1,7 @@
|
|||||||
|
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||||
|
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||||
|
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||||
|
|
||||||
|
cni:
|
||||||
|
cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d
|
||||||
|
cniBinDir: /var/lib/rancher/k3s/data/current/bin/
|
||||||
@ -0,0 +1,7 @@
|
|||||||
|
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||||
|
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||||
|
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||||
|
|
||||||
|
cni:
|
||||||
|
cniConfDir: /var/snap/microk8s/current/args/cni-network
|
||||||
|
cniBinDir: /var/snap/microk8s/current/opt/cni/bin
|
||||||
@ -0,0 +1,6 @@
|
|||||||
|
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||||
|
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||||
|
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||||
|
|
||||||
|
cni:
|
||||||
|
cniNetnsDir: /var/run/docker/netns
|
||||||
@ -3,18 +3,17 @@
|
|||||||
# If you want to make a change in this file, edit the original one and run "make gen".
|
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||||
|
|
||||||
# The OpenShift profile provides a basic set of settings to run Istio on OpenShift
|
# The OpenShift profile provides a basic set of settings to run Istio on OpenShift
|
||||||
# CNI must be installed.
|
|
||||||
cni:
|
cni:
|
||||||
cniBinDir: /var/lib/cni/bin
|
cniBinDir: /var/lib/cni/bin
|
||||||
cniConfDir: /etc/cni/multus/net.d
|
cniConfDir: /etc/cni/multus/net.d
|
||||||
chained: false
|
chained: false
|
||||||
cniConfFileName: "istio-cni.conf"
|
cniConfFileName: "istio-cni.conf"
|
||||||
logLevel: info
|
|
||||||
provider: "multus"
|
provider: "multus"
|
||||||
global:
|
|
||||||
platform: openshift
|
|
||||||
pilot:
|
pilot:
|
||||||
cni:
|
cni:
|
||||||
enabled: true
|
enabled: true
|
||||||
provider: "multus"
|
provider: "multus"
|
||||||
platform: openshift
|
seLinuxOptions:
|
||||||
|
type: spc_t
|
||||||
|
# Openshift requires privileged pods to run in kube-system
|
||||||
|
trustedZtunnelNamespace: "kube-system"
|
||||||
@ -0,0 +1,13 @@
|
|||||||
|
# WARNING: DO NOT EDIT, THIS FILE IS A COPY.
|
||||||
|
# The original version of this file is located at /manifests/helm-profiles directory.
|
||||||
|
# If you want to make a change in this file, edit the original one and run "make gen".
|
||||||
|
|
||||||
|
# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile.
|
||||||
|
istiodRemote:
|
||||||
|
enabled: true
|
||||||
|
configMap: false
|
||||||
|
telemetry:
|
||||||
|
enabled: false
|
||||||
|
global:
|
||||||
|
# TODO BML maybe a different profile for a configcluster/revisit this
|
||||||
|
omitSidecarInjectorConfigMap: true
|
||||||
@ -6,19 +6,8 @@
|
|||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create chart name and version as used by the helm.sh/chart label.
|
|
||||||
*/}}
|
|
||||||
{{- define "gateway.chart" -}}
|
|
||||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- define "gateway.labels" -}}
|
{{- define "gateway.labels" -}}
|
||||||
helm.sh/chart: {{ include "gateway.chart" . }}
|
|
||||||
{{ include "gateway.selectorLabels" . }}
|
{{ include "gateway.selectorLabels" . }}
|
||||||
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
|
||||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
{{- range $key, $val := .Values.labels }}
|
{{- range $key, $val := .Values.labels }}
|
||||||
{{- if and (ne $key "app") (ne $key "istio") }}
|
{{- if and (ne $key "app") (ne $key "istio") }}
|
||||||
{{ $key | quote }}: {{ $val | quote }}
|
{{ $key | quote }}: {{ $val | quote }}
|
||||||
|
|||||||
@ -4,6 +4,8 @@ metadata:
|
|||||||
name: {{ include "gateway.name" . }}
|
name: {{ include "gateway.name" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||||
|
{{- include "istio.labels" . | nindent 4}}
|
||||||
{{- include "gateway.labels" . | nindent 4}}
|
{{- include "gateway.labels" . | nindent 4}}
|
||||||
annotations:
|
annotations:
|
||||||
{{- .Values.annotations | toYaml | nindent 4 }}
|
{{- .Values.annotations | toYaml | nindent 4 }}
|
||||||
@ -13,9 +15,13 @@ spec:
|
|||||||
replicas: {{ . }}
|
replicas: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
# Give the LB 120s to detect and take into service
|
{{- with .Values.strategy }}
|
||||||
# should only be 40s by we are on AWS so ...
|
strategy:
|
||||||
minReadySeconds: 120
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.minReadySeconds }}
|
||||||
|
minReadySeconds: {{ . }}
|
||||||
|
{{- end }}
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
{{- include "gateway.selectorLabels" . | nindent 6 }}
|
{{- include "gateway.selectorLabels" . | nindent 6 }}
|
||||||
@ -29,7 +35,7 @@ spec:
|
|||||||
{{- include "gateway.sidecarInjectionLabels" . | nindent 8 }}
|
{{- include "gateway.sidecarInjectionLabels" . | nindent 8 }}
|
||||||
{{- include "gateway.selectorLabels" . | nindent 8 }}
|
{{- include "gateway.selectorLabels" . | nindent 8 }}
|
||||||
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
{{- include "istio.labels" . | nindent 8}}
|
||||||
{{- range $key, $val := .Values.labels }}
|
{{- range $key, $val := .Values.labels }}
|
||||||
{{- if and (ne $key "app") (ne $key "istio") }}
|
{{- if and (ne $key "app") (ne $key "istio") }}
|
||||||
{{ $key | quote }}: {{ $val | quote }}
|
{{ $key | quote }}: {{ $val | quote }}
|
||||||
@ -94,7 +100,11 @@ spec:
|
|||||||
{{- toYaml .Values.resources | nindent 12 }}
|
{{- toYaml .Values.resources | nindent 12 }}
|
||||||
{{- with .Values.volumeMounts }}
|
{{- with .Values.volumeMounts }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
{{ toYaml . | nindent 12 }}
|
{{- toYaml . | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.readinessProbe }}
|
||||||
|
readinessProbe:
|
||||||
|
{{- toYaml . | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.nodeSelector }}
|
{{- with .Values.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
|
|||||||
@ -5,6 +5,8 @@ metadata:
|
|||||||
name: {{ include "gateway.name" . }}
|
name: {{ include "gateway.name" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||||
|
{{- include "istio.labels" . | nindent 4}}
|
||||||
{{- include "gateway.labels" . | nindent 4 }}
|
{{- include "gateway.labels" . | nindent 4 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{- .Values.annotations | toYaml | nindent 4 }}
|
{{- .Values.annotations | toYaml | nindent 4 }}
|
||||||
|
|||||||
@ -5,6 +5,8 @@ metadata:
|
|||||||
name: {{ include "gateway.name" . }}
|
name: {{ include "gateway.name" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||||
|
{{- include "istio.labels" . | nindent 4}}
|
||||||
{{- include "gateway.labels" . | nindent 4}}
|
{{- include "gateway.labels" . | nindent 4}}
|
||||||
spec:
|
spec:
|
||||||
selector:
|
selector:
|
||||||
|
|||||||
@ -6,6 +6,8 @@ metadata:
|
|||||||
name: {{ include "gateway.serviceAccountName" . }}
|
name: {{ include "gateway.serviceAccountName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||||
|
{{- include "istio.labels" . | nindent 4}}
|
||||||
{{- include "gateway.labels" . | nindent 4}}
|
{{- include "gateway.labels" . | nindent 4}}
|
||||||
annotations:
|
annotations:
|
||||||
{{- .Values.annotations | toYaml | nindent 4 }}
|
{{- .Values.annotations | toYaml | nindent 4 }}
|
||||||
@ -20,6 +22,8 @@ metadata:
|
|||||||
name: {{ include "gateway.serviceAccountName" . }}
|
name: {{ include "gateway.serviceAccountName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||||
|
{{- include "istio.labels" . | nindent 4}}
|
||||||
{{- include "gateway.labels" . | nindent 4}}
|
{{- include "gateway.labels" . | nindent 4}}
|
||||||
annotations:
|
annotations:
|
||||||
{{- .Values.annotations | toYaml | nindent 4 }}
|
{{- .Values.annotations | toYaml | nindent 4 }}
|
||||||
|
|||||||
@ -5,6 +5,8 @@ metadata:
|
|||||||
name: {{ include "gateway.name" . }}
|
name: {{ include "gateway.name" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||||
|
{{- include "istio.labels" . | nindent 4}}
|
||||||
{{- include "gateway.labels" . | nindent 4 }}
|
{{- include "gateway.labels" . | nindent 4 }}
|
||||||
{{- with .Values.networkGateway }}
|
{{- with .Values.networkGateway }}
|
||||||
topology.istio.io/network: "{{.}}"
|
topology.istio.io/network: "{{.}}"
|
||||||
|
|||||||
@ -5,6 +5,8 @@ metadata:
|
|||||||
name: {{ include "gateway.serviceAccountName" . }}
|
name: {{ include "gateway.serviceAccountName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ include "gateway.name" . }}
|
||||||
|
{{- include "istio.labels" . | nindent 4}}
|
||||||
{{- include "gateway.labels" . | nindent 4 }}
|
{{- include "gateway.labels" . | nindent 4 }}
|
||||||
{{- with .Values.serviceAccount.annotations }}
|
{{- with .Values.serviceAccount.annotations }}
|
||||||
annotations:
|
annotations:
|
||||||
|
|||||||
@ -15,9 +15,14 @@ However, we can workaround this by placing all of (1) under a specific key (.Val
|
|||||||
We can then merge the profile onto the defaults, then the user settings onto that.
|
We can then merge the profile onto the defaults, then the user settings onto that.
|
||||||
Finally, we can set all of that under .Values so the chart behaves without awareness.
|
Finally, we can set all of that under .Values so the chart behaves without awareness.
|
||||||
*/}}
|
*/}}
|
||||||
{{- $globals := $.Values.global | default dict | deepCopy }}
|
{{- if $.Values.defaults}}
|
||||||
{{- $defaults := $.Values.defaults }}
|
{{ fail (cat
|
||||||
{{- $_ := unset $.Values "defaults" }}
|
"Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n"
|
||||||
|
($.Values.defaults | toYaml |nindent 4)
|
||||||
|
) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $defaults := $.Values._internal_defaults_do_not_set }}
|
||||||
|
{{- $_ := unset $.Values "_internal_defaults_do_not_set" }}
|
||||||
{{- $profile := dict }}
|
{{- $profile := dict }}
|
||||||
{{- with .Values.profile }}
|
{{- with .Values.profile }}
|
||||||
{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}}
|
{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}}
|
||||||
@ -33,11 +38,37 @@ Finally, we can set all of that under .Values so the chart behaves without aware
|
|||||||
{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }}
|
{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if ($.Values.global).platform }}
|
||||||
|
{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" ($.Values.global).platform) }}
|
||||||
|
{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }}
|
||||||
|
{{- else }}
|
||||||
|
{{ fail (cat "unknown platform" ($.Values.global).platform) }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- if $profile }}
|
{{- if $profile }}
|
||||||
{{- $a := mustMergeOverwrite $defaults $profile }}
|
{{- $a := mustMergeOverwrite $defaults $profile }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
# Flatten globals, if defined on a per-chart basis
|
# Flatten globals, if defined on a per-chart basis
|
||||||
{{- if false }}
|
{{- if false }}
|
||||||
{{- $a := mustMergeOverwrite $defaults $globals }}
|
{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }}
|
{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Labels that should be applied to ALL resources.
|
||||||
|
*/}}
|
||||||
|
{{- define "istio.labels" -}}
|
||||||
|
{{- if .Release.Service -}}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Release.Name }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name | quote }}
|
||||||
|
{{- end }}
|
||||||
|
app.kubernetes.io/part-of: "istio"
|
||||||
|
{{- if .Chart.AppVersion }}
|
||||||
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Chart.Name .Chart.Version }}
|
||||||
|
helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
||||||
|
|||||||
@ -60,6 +60,15 @@
|
|||||||
"env": {
|
"env": {
|
||||||
"type": "object"
|
"type": "object"
|
||||||
},
|
},
|
||||||
|
"strategy": {
|
||||||
|
"type": "object"
|
||||||
|
},
|
||||||
|
"minReadySeconds": {
|
||||||
|
"type": [ "null", "integer" ]
|
||||||
|
},
|
||||||
|
"readinessProbe": {
|
||||||
|
"type": [ "null", "object" ]
|
||||||
|
},
|
||||||
"labels": {
|
"labels": {
|
||||||
"type": "object"
|
"type": "object"
|
||||||
},
|
},
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
# "defaults" is a workaround for Helm limitations. Users should NOT set ".defaults" explicitly, but rather directly set the fields internally.
|
# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally.
|
||||||
# For instance, instead of `--set defaults.foo=bar`, just set `--set foo=bar`.
|
# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`.
|
||||||
defaults:
|
_internal_defaults_do_not_set:
|
||||||
# Name allows overriding the release name. Generally this should not be set
|
# Name allows overriding the release name. Generally this should not be set
|
||||||
name: ""
|
name: ""
|
||||||
# revision declares which revision this gateway is a part of
|
# revision declares which revision this gateway is a part of
|
||||||
@ -84,6 +84,17 @@ defaults:
|
|||||||
# Pod environment variables
|
# Pod environment variables
|
||||||
env: {}
|
env: {}
|
||||||
|
|
||||||
|
# Deployment Update strategy
|
||||||
|
strategy: {}
|
||||||
|
|
||||||
|
# Sets the Deployment minReadySeconds value
|
||||||
|
minReadySeconds:
|
||||||
|
|
||||||
|
# Optionally configure a custom readinessProbe. By default the control plane
|
||||||
|
# automatically injects the readinessProbe. If you wish to override that
|
||||||
|
# behavior, you may define your own readinessProbe here.
|
||||||
|
readinessProbe: {}
|
||||||
|
|
||||||
# Labels to apply to all resources
|
# Labels to apply to all resources
|
||||||
labels: {}
|
labels: {}
|
||||||
|
|
||||||
@ -137,6 +148,7 @@ defaults:
|
|||||||
#
|
#
|
||||||
podDisruptionBudget: {}
|
podDisruptionBudget: {}
|
||||||
|
|
||||||
|
# Sets the per-pod terminationGracePeriodSeconds setting.
|
||||||
terminationGracePeriodSeconds: 30
|
terminationGracePeriodSeconds: 30
|
||||||
|
|
||||||
# A list of `Volumes` added into the Gateway Pods. See
|
# A list of `Volumes` added into the Gateway Pods. See
|
||||||
|
|||||||
@ -1,16 +1,3 @@
|
|||||||
diff -tubr charts/gateway.orig/templates/deployment.yaml charts/gateway/templates/deployment.yaml
|
|
||||||
--- charts/gateway.orig/templates/deployment.yaml 2022-12-09 14:58:33.000000000 +0000
|
|
||||||
+++ charts/gateway/templates/deployment.yaml 2022-12-13 11:43:02.196667885 +0000
|
|
||||||
@@ -11,6 +11,9 @@
|
|
||||||
{{- if not .Values.autoscaling.enabled }}
|
|
||||||
replicas: {{ .Values.replicaCount }}
|
|
||||||
{{- end }}
|
|
||||||
+ # Give the LB 120s to detect and take into service
|
|
||||||
+ # should only be 40s by we are on AWS so ...
|
|
||||||
+ minReadySeconds: 120
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "gateway.selectorLabels" . | nindent 6 }}
|
|
||||||
diff -tubr charts/gateway.orig/templates/service.yaml charts/gateway/templates/service.yaml
|
diff -tubr charts/gateway.orig/templates/service.yaml charts/gateway/templates/service.yaml
|
||||||
--- charts/gateway.orig/templates/service.yaml 2022-12-09 14:58:33.000000000 +0000
|
--- charts/gateway.orig/templates/service.yaml 2022-12-09 14:58:33.000000000 +0000
|
||||||
+++ charts/gateway/templates/service.yaml 2022-12-12 22:52:27.629670669 +0000
|
+++ charts/gateway/templates/service.yaml 2022-12-12 22:52:27.629670669 +0000
|
||||||
|
|||||||
@ -8,6 +8,7 @@ gateway:
|
|||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
|
|
||||||
terminationGracePeriodSeconds: 120
|
terminationGracePeriodSeconds: 120
|
||||||
|
minReadySeconds: 10
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
@ -28,7 +29,7 @@ gateway:
|
|||||||
# gatewayProtocol: Loadbalancer protocol which is NOT the same as Container Procotol !
|
# gatewayProtocol: Loadbalancer protocol which is NOT the same as Container Procotol !
|
||||||
|
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
proxy.istio.io/config: '{ "terminationDrainDuration": "20s" }'
|
proxy.istio.io/config: '{ "terminationDrainDuration": "90s" }'
|
||||||
|
|
||||||
certificates: []
|
certificates: []
|
||||||
#- name: ingress-cert
|
#- name: ingress-cert
|
||||||
|
|||||||
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-istio
|
name: kubezero-istio
|
||||||
description: KubeZero Umbrella Chart for Istio
|
description: KubeZero Umbrella Chart for Istio
|
||||||
type: application
|
type: application
|
||||||
version: 0.23.3
|
version: 0.24.2
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -16,13 +16,13 @@ dependencies:
|
|||||||
version: ">= 0.1.6"
|
version: ">= 0.1.6"
|
||||||
repository: https://cdn.zero-downtime.net/charts/
|
repository: https://cdn.zero-downtime.net/charts/
|
||||||
- name: base
|
- name: base
|
||||||
version: 1.24.3
|
version: 1.24.2
|
||||||
repository: https://istio-release.storage.googleapis.com/charts
|
repository: https://istio-release.storage.googleapis.com/charts
|
||||||
- name: istiod
|
- name: istiod
|
||||||
version: 1.24.3
|
version: 1.24.2
|
||||||
repository: https://istio-release.storage.googleapis.com/charts
|
repository: https://istio-release.storage.googleapis.com/charts
|
||||||
- name: kiali-server
|
- name: kiali-server
|
||||||
version: "1.89.7"
|
version: "1.89.7"
|
||||||
repository: https://kiali.org/helm-charts
|
repository: https://kiali.org/helm-charts
|
||||||
condition: kiali-server.enabled
|
condition: kiali-server.enabled
|
||||||
kubeVersion: ">= 1.26.0-0"
|
kubeVersion: ">= 1.30.0-0"
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
# kubezero-istio
|
# kubezero-istio
|
||||||
|
|
||||||
 
|
 
|
||||||
|
|
||||||
KubeZero Umbrella Chart for Istio
|
KubeZero Umbrella Chart for Istio
|
||||||
|
|
||||||
@ -16,13 +16,13 @@ Installs the Istio control plane
|
|||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
Kubernetes: `>= 1.26.0-0`
|
Kubernetes: `>= 1.30.0-0`
|
||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
| https://istio-release.storage.googleapis.com/charts | base | 1.23.2 |
|
| https://istio-release.storage.googleapis.com/charts | base | 1.24.2 |
|
||||||
| https://istio-release.storage.googleapis.com/charts | istiod | 1.23.2 |
|
| https://istio-release.storage.googleapis.com/charts | istiod | 1.24.2 |
|
||||||
| https://kiali.org/helm-charts | kiali-server | 1.89.7 |
|
| https://kiali.org/helm-charts | kiali-server | 1.89.7 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
@ -64,12 +64,11 @@ Kubernetes: `>= 1.26.0-0`
|
|||||||
|
|
||||||
## Resources
|
## Resources
|
||||||
|
|
||||||
- https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec
|
|
||||||
- https://github.com/istio/istio/blob/master/manifests/profiles/default.yaml
|
- https://github.com/istio/istio/blob/master/manifests/profiles/default.yaml
|
||||||
- https://istio.io/latest/docs/setup/install/standalone-operator/
|
|
||||||
|
|
||||||
### Grafana
|
### Grafana
|
||||||
- https://grafana.com/grafana/dashboards/7645
|
- https://grafana.com/grafana/dashboards/7645
|
||||||
- https://grafana.com/grafana/dashboards/7639
|
- https://grafana.com/grafana/dashboards/7639
|
||||||
- https://grafana.com/grafana/dashboards/7636
|
- https://grafana.com/grafana/dashboards/7636
|
||||||
- https://grafana.com/grafana/dashboards/7630
|
- https://grafana.com/grafana/dashboards/7630
|
||||||
|
- https://grafana.com/grafana/dashboards/11829
|
||||||
|
|||||||
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero
|
name: kubezero
|
||||||
description: KubeZero - Root App of Apps chart
|
description: KubeZero - Root App of Apps chart
|
||||||
type: application
|
type: application
|
||||||
version: 1.31.5-alpha
|
version: 1.31.5
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -15,4 +15,4 @@ dependencies:
|
|||||||
- name: kubezero-lib
|
- name: kubezero-lib
|
||||||
version: ">= 0.2.1"
|
version: ">= 0.2.1"
|
||||||
repository: https://cdn.zero-downtime.net/charts
|
repository: https://cdn.zero-downtime.net/charts
|
||||||
kubeVersion: ">= 1.29.0-0"
|
kubeVersion: ">= 1.31.0-0"
|
||||||
|
|||||||
@ -1,9 +1,5 @@
|
|||||||
{{- define "istio-ingress-values" }}
|
{{- define "istio-ingress-values" }}
|
||||||
|
|
||||||
{{- if eq .Values.global.platform "aws" }}
|
|
||||||
{{- end }}
|
|
||||||
{{- $ingressLabel := "node.kubernetes.io/ingress.public" }}
|
|
||||||
|
|
||||||
gateway:
|
gateway:
|
||||||
name: istio-ingressgateway
|
name: istio-ingressgateway
|
||||||
|
|
||||||
|
|||||||
@ -43,7 +43,7 @@ network:
|
|||||||
cert-manager:
|
cert-manager:
|
||||||
enabled: false
|
enabled: false
|
||||||
namespace: cert-manager
|
namespace: cert-manager
|
||||||
targetRevision: 0.9.10
|
targetRevision: 0.9.11
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
enabled: false
|
enabled: false
|
||||||
@ -64,13 +64,13 @@ storage:
|
|||||||
istio:
|
istio:
|
||||||
enabled: false
|
enabled: false
|
||||||
namespace: istio-system
|
namespace: istio-system
|
||||||
targetRevision: 0.23.2
|
targetRevision: 0.24.2
|
||||||
|
|
||||||
istio-ingress:
|
istio-ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
chart: kubezero-istio-gateway
|
chart: kubezero-istio-gateway
|
||||||
namespace: istio-ingress
|
namespace: istio-ingress
|
||||||
targetRevision: 0.23.2
|
targetRevision: 0.24.2
|
||||||
gateway:
|
gateway:
|
||||||
service: {}
|
service: {}
|
||||||
|
|
||||||
@ -78,7 +78,7 @@ istio-private-ingress:
|
|||||||
enabled: false
|
enabled: false
|
||||||
chart: kubezero-istio-gateway
|
chart: kubezero-istio-gateway
|
||||||
namespace: istio-ingress
|
namespace: istio-ingress
|
||||||
targetRevision: 0.23.2
|
targetRevision: 0.24.2
|
||||||
gateway:
|
gateway:
|
||||||
service: {}
|
service: {}
|
||||||
|
|
||||||
@ -119,7 +119,7 @@ logging:
|
|||||||
argo:
|
argo:
|
||||||
enabled: false
|
enabled: false
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
targetRevision: 0.2.6
|
targetRevision: 0.2.7
|
||||||
argo-cd:
|
argo-cd:
|
||||||
enabled: false
|
enabled: false
|
||||||
istio:
|
istio:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user