ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 25 Packages Projects Releases Wiki Activity

Version bump Istio to 1.7.1

Browse Source
This commit is contained in:
Stefan Reimer 2020-09-11 15:06:38 +01:00
parent bf4deda82e
commit 3c7f1a8f74
16 changed files with 203 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
charts/kubezero-istio/Chart.yaml
View File

@ -2,8 +2,8 @@ apiVersion: v2
name: kubezero-istio
description: KubeZero Umbrella Chart for Istio
type: application
version: 0.2.5
appVersion: 1.6.9
version: 0.3.0
appVersion: 1.7.1
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
@ -16,5 +16,5 @@ dependencies:
version: ">= 0.1.3"
repository: https://zero-down-time.github.io/kubezero/
- name: istio-operator
version: ">= 1.6"
version: ">= 1.7"
kubeVersion: ">= 1.16.0"

8
charts/kubezero-istio/README.md
View File

@ -5,7 +5,7 @@ KubeZero Umbrella Chart for Istio
Installs Istio Operator and KubeZero Istio profile
Current chart version is `0.2.4`
Current chart version is `0.3.0`
Source code can be found [here](https://kubezero.com)
@ -13,7 +13,7 @@ Source code can be found [here](https://kubezero.com)
| Repository | Name | Version |
|------------|------|---------|
| | istio-operator | >= 1.6 |
| | istio-operator | >= 1.7 |
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## KubeZero default configuration
@ -30,10 +30,12 @@ Source code can be found [here](https://kubezero.com)
| ingress.replicaCount | int | `2` | |
| ingress.type | string | `"NodePort"` | |
| istio-operator.hub | string | `"docker.io/istio"` | |
| istio-operator.tag | string | `"1.6.7"` | |
| istio-operator.tag | string | `"1.7.1"` | |
| istiod.autoscaleEnabled | bool | `false` | |
| istiod.replicaCount | int | `1` | |
## Resources
- https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec
- https://github.com/istio/istio/blob/master/manifests/profiles/default.yaml
- https://istio.io/latest/docs/setup/install/standalone-operator/

6
charts/kubezero-istio/charts/istio-operator/Chart.yaml
View File

@ -1,12 +1,12 @@
apiVersion: v1
name: istio-operator
version: 1.6.0
version: 1.7.0
tillerVersion: ">=2.7.2"
description: Helm chart for deploying Istio operator
keywords:
- istio
- operator
sources:
- http://github.com/istio/istio/operator
- https://github.com/istio/istio/tree/master/operator
engine: gotpl
icon: https://istio.io/favicons/android-192x192.png
icon: https://istio.io/latest/favicons/android-192x192.png

74
charts/kubezero-istio/charts/istio-operator/crds/crd-operator.yaml Normal file
View File

@ -0,0 +1,74 @@
# SYNC WITH manifests/charts/base/files
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: istiooperators.install.istio.io
labels:
release: istio
spec:
group: install.istio.io
names:
kind: IstioOperator
plural: istiooperators
singular: istiooperator
shortNames:
- iop
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Istio control plane revision
jsonPath: .spec.revision
name: Revision
type: string
- description: IOP current state
jsonPath: .status.status
type: string
name: Status
- jsonPath: .metadata.creationTimestamp
description:
"CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources"
type: string
kind:
description:
"Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
type: string
spec:
description:
"Specification of the desired state of the istio control plane resource.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status"
x-kubernetes-preserve-unknown-fields: true
type: object
status:
description:
"Status describes each of istio control plane component status at the current time.
0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html &
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status"
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
served: true
storage: true
subresources:
status: {}
---

8
charts/kubezero-istio/charts/istio-operator/templates/clusterrole.yaml
View File

@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: istio-operator
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
rules:
# istio groups
- apiGroups:
@ -29,12 +29,6 @@ rules:
- '*'
verbs:
- '*'
- apiGroups:
- rbac.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- security.istio.io
resources:

6
charts/kubezero-istio/charts/istio-operator/templates/clusterrole_binding.yaml
View File

@ -1,13 +1,13 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: istio-operator
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
subjects:
- kind: ServiceAccount
name: istio-operator
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
namespace: {{.Values.operatorNamespace}}
roleRef:
kind: ClusterRole
name: istio-operator
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
apiGroup: rbac.authorization.k8s.io
---

46
charts/kubezero-istio/charts/istio-operator/templates/crd-operator.yaml
View File

@ -1,46 +0,0 @@
# SYNC WITH manifests/charts/base/files
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: istiooperators.install.istio.io
spec:
group: install.istio.io
names:
kind: IstioOperator
plural: istiooperators
singular: istiooperator
shortNames:
- iop
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
spec:
description: 'Specification of the desired state of the istio control plane resource.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
status:
description: 'Status describes each of istio control plane component status at the current time.
0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html &
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
versions:
- name: v1alpha1
served: true
storage: true
---

6
charts/kubezero-istio/charts/istio-operator/templates/crds.yaml Normal file
View File

@ -0,0 +1,6 @@
{{- if .Values.enableCRDTemplates -}}
{{- range $path, $bytes := .Files.Glob "crds/*.yaml" -}}
---
{{ $.Files.Get $path }}
{{- end -}}
{{- end -}}

25
charts/kubezero-istio/charts/istio-operator/templates/deployment.yaml
View File

@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
namespace: {{.Values.operatorNamespace}}
name: istio-operator
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
spec:
replicas: 1
selector:
@ -13,7 +13,7 @@ spec:
labels:
name: istio-operator
spec:
serviceAccountName: istio-operator
serviceAccountName: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
nodeSelector:
kubernetes.io/os: linux
node-role.kubernetes.io/master: ""
@ -26,14 +26,19 @@ spec:
command:
- operator
- server
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1337
runAsUser: 1337
runAsNonRoot: true
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
{{ toYaml .Values.operator.resources | trim | indent 12 }}
env:
- name: WATCH_NAMESPACE
value: {{.Values.watchedNamespaces | quote}}
@ -45,4 +50,8 @@ spec:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: {{.Values.operatorNamespace | quote}}
- name: WAIT_FOR_RESOURCES_TIMEOUT
value: {{.Values.waitForResourcesTimeout | quote}}
- name: REVISION
value: {{.Values.revision | quote}}
---

2
charts/kubezero-istio/charts/istio-operator/templates/service.yaml
View File

@ -4,7 +4,7 @@ metadata:
namespace: {{.Values.operatorNamespace}}
labels:
name: istio-operator
name: istio-operator
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
spec:
ports:
- name: http-metrics

2
charts/kubezero-istio/charts/istio-operator/templates/service_account.yaml
View File

@ -2,5 +2,5 @@ apiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{.Values.operatorNamespace}}
name: istio-operator
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
---

22
charts/kubezero-istio/charts/istio-operator/values.yaml
View File

@ -1,5 +1,25 @@
hub: gcr.io/istio-testing
tag: 1.6-dev
tag: latest
operatorNamespace: istio-operator
# Used to replace istioNamespace to support operator watch multiple namespaces.
watchedNamespaces: istio-system
waitForResourcesTimeout: 300s
# Used for helm2 to add the CRDs to templates.
enableCRDTemplates: false
# revision for the operator resources
revision: ""
# Operator resource defaults
operator:
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi

10
charts/kubezero-istio/istio-operator.patch
View File

@ -1,11 +1,9 @@
diff --git a/charts/kubezero-istio/charts/istio-operator/templates/deployment.yaml b/charts/kubezero-istio/charts/istio-operator/templates/deployment.yaml
index 5ef7848..8350dd5 100644
--- a/charts/kubezero-istio/charts/istio-operator/templates/deployment.yaml
+++ b/charts/kubezero-istio/charts/istio-operator/templates/deployment.yaml
@@ -14,6 +14,12 @@ spec:
--- charts/istio-operator/templates/deployment.yaml 2020-09-11 14:57:25.007439918 +0100
+++ charts/istio-operator/templates/deployment.yaml 2020-09-11 14:59:57.998019251 +0100
@@ -14,6 +14,12 @@
name: istio-operator
spec:
serviceAccountName: istio-operator
serviceAccountName: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
+ nodeSelector:
+ kubernetes.io/os: linux
+ node-role.kubernetes.io/master: ""

61
charts/kubezero-istio/templates/istio-base.yaml
View File

@ -5221,6 +5221,67 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: istiooperators.install.istio.io
labels:
release: istio
spec:
additionalPrinterColumns:
- JSONPath: .spec.revision
description: Istio control plane revision
name: Revision
type: string
- JSONPath: .metadata.creationTimestamp
description: 'CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
name: Age
type: date
group: install.istio.io
names:
kind: IstioOperator
plural: istiooperators
singular: istiooperator
shortNames:
- iop
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
spec:
description: 'Specification of the desired state of the istio control plane resource.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
status:
description: 'Status describes each of istio control plane component status at the current time.
0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html &
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
# Cni component is disabled.
# EgressGateways istio-egressgateway component is disabled.

4
charts/kubezero-istio/update.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
set -ex
ISTIO_VERSION=1.6.9
ISTIO_VERSION=1.7.1
NAME="istio-$ISTIO_VERSION"
URL="https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz"
@ -15,7 +15,7 @@ cp -r istio-${ISTIO_VERSION}/manifests/charts/istio-operator charts
rm -rf istio-${ISTIO_VERSION}
# Apply our patch
patch -i istio-operator.patch -p3
patch -i istio-operator.patch -p0
# Extract base / CRDs from istioctl into plain manifest to workaround chicken egg problem with CRDs
istioctl manifest generate --set profile=empty --set components.base.enabled=true > templates/istio-base.yaml

2
charts/kubezero-istio/values.yaml
View File

@ -14,4 +14,4 @@ ingress:
istio-operator:
hub: docker.io/istio
tag: 1.6.9
tag: 1.7.1