Kiam minor version bump, first draft of istio chart
This commit is contained in:
parent
1cf88e6cdb
commit
74ce5cc45c
20
charts/kubezero-istio/Chart.yaml
Normal file
20
charts/kubezero-istio/Chart.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
apiVersion: v2
|
||||
name: kubezero-istio
|
||||
description: KubeZero Umbrella Chart for Istio
|
||||
type: application
|
||||
version: 0.0.1
|
||||
appVersion: 1.5
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- istio
|
||||
maintainers:
|
||||
- name: Quarky9
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: ">= 0.1.1"
|
||||
repository: https://zero-down-time.github.io/kubezero/
|
||||
- name: istio-operator
|
||||
version: "= 1.5"
|
||||
kubeVersion: ">= 1.16.0"
|
24
charts/kubezero-istio/README.md
Normal file
24
charts/kubezero-istio/README.md
Normal file
@ -0,0 +1,24 @@
|
||||
kubezero-istio
|
||||
==============
|
||||
KubeZero Umbrella Chart for Istio
|
||||
|
||||
Installs Istio Operator and KubeZero Istio profile
|
||||
|
||||
|
||||
Current chart version is `0.0.1`
|
||||
|
||||
Source code can be found [here](https://kubezero.com)
|
||||
|
||||
## Chart Requirements
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| | istio-operator | = 1.5 |
|
||||
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.1 |
|
||||
|
||||
## KubeZero default configuration
|
||||
|
||||
|
||||
## Resources
|
||||
|
||||
- https://istio.io/latest/docs/setup/install/standalone-operator/
|
18
charts/kubezero-istio/README.md.gotmpl
Normal file
18
charts/kubezero-istio/README.md.gotmpl
Normal file
@ -0,0 +1,18 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
Installs Istio Operator and KubeZero Istio profile
|
||||
|
||||
|
||||
{{ template "chart.versionLine" . }}
|
||||
|
||||
{{ template "chart.sourceLinkLine" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
## KubeZero default configuration
|
||||
|
||||
|
||||
## Resources
|
||||
|
||||
- https://istio.io/latest/docs/setup/install/standalone-operator/
|
12
charts/kubezero-istio/charts/istio-operator/Chart.yaml
Normal file
12
charts/kubezero-istio/charts/istio-operator/Chart.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
name: istio-operator
|
||||
version: 1.5
|
||||
tillerVersion: ">=2.7.2"
|
||||
description: Helm chart for deploying Istio operator
|
||||
keywords:
|
||||
- istio
|
||||
- operator
|
||||
sources:
|
||||
- http://github.com/istio/istio/operator
|
||||
engine: gotpl
|
||||
icon: https://istio.io/favicons/android-192x192.png
|
@ -0,0 +1,113 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: istio-operator
|
||||
rules:
|
||||
# istio groups
|
||||
- apiGroups:
|
||||
- authentication.istio.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- config.istio.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- install.istio.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- networking.istio.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- rbac.istio.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- security.istio.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
# k8s groups
|
||||
- apiGroups:
|
||||
- admissionregistration.k8s.io
|
||||
resources:
|
||||
- mutatingwebhookconfigurations
|
||||
- validatingwebhookconfigurations
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- apiextensions.k8s.io
|
||||
resources:
|
||||
- customresourcedefinitions.apiextensions.k8s.io
|
||||
- customresourcedefinitions
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- apps
|
||||
- extensions
|
||||
resources:
|
||||
- daemonsets
|
||||
- deployments
|
||||
- deployments/finalizers
|
||||
- ingresses
|
||||
- replicasets
|
||||
- statefulsets
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- autoscaling
|
||||
resources:
|
||||
- horizontalpodautoscalers
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- monitoring.coreos.com
|
||||
resources:
|
||||
- servicemonitors
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- apiGroups:
|
||||
- policy
|
||||
resources:
|
||||
- poddisruptionbudgets
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- rbac.authorization.k8s.io
|
||||
resources:
|
||||
- clusterrolebindings
|
||||
- clusterroles
|
||||
- roles
|
||||
- rolebindings
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
- endpoints
|
||||
- events
|
||||
- namespaces
|
||||
- pods
|
||||
- persistentvolumeclaims
|
||||
- secrets
|
||||
- services
|
||||
- serviceaccounts
|
||||
verbs:
|
||||
- '*'
|
||||
---
|
@ -0,0 +1,13 @@
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: istio-operator
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: istio-operator
|
||||
namespace: {{.Values.operatorNamespace}}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: istio-operator
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
@ -0,0 +1,45 @@
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: istiooperators.install.istio.io
|
||||
spec:
|
||||
group: install.istio.io
|
||||
names:
|
||||
kind: IstioOperator
|
||||
plural: istiooperators
|
||||
singular: istiooperator
|
||||
shortNames:
|
||||
- iop
|
||||
scope: Namespaced
|
||||
subresources:
|
||||
status: {}
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values.
|
||||
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase.
|
||||
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
spec:
|
||||
description: 'Specification of the desired state of the istio control plane resource.
|
||||
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
|
||||
type: object
|
||||
status:
|
||||
description: 'Status describes each of istio control plane component status at the current time.
|
||||
0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
|
||||
More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html &
|
||||
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
|
||||
type: object
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
storage: true
|
||||
---
|
@ -0,0 +1,42 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
namespace: {{.Values.operatorNamespace}}
|
||||
name: istio-operator
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
name: istio-operator
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
name: istio-operator
|
||||
spec:
|
||||
serviceAccountName: istio-operator
|
||||
containers:
|
||||
- name: istio-operator
|
||||
image: {{.Values.hub}}/operator:{{.Values.tag}}
|
||||
command:
|
||||
- operator
|
||||
- server
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources:
|
||||
limits:
|
||||
cpu: 200m
|
||||
memory: 256Mi
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 128Mi
|
||||
env:
|
||||
- name: WATCH_NAMESPACE
|
||||
value: {{.Values.istioNamespace}}
|
||||
- name: LEADER_ELECTION_NAMESPACE
|
||||
value: {{.Values.operatorNamespace}}
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: OPERATOR_NAME
|
||||
value: {{.Values.operatorNamespace}}
|
||||
---
|
@ -0,0 +1,8 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{.Values.operatorNamespace}}
|
||||
labels:
|
||||
istio-operator-managed: Reconcile
|
||||
istio-injection: disabled
|
||||
---
|
@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
namespace: {{.Values.operatorNamespace}}
|
||||
labels:
|
||||
name: istio-operator
|
||||
name: istio-operator
|
||||
spec:
|
||||
ports:
|
||||
- name: http-metrics
|
||||
port: 8383
|
||||
targetPort: 8383
|
||||
selector:
|
||||
name: istio-operator
|
||||
---
|
@ -0,0 +1,6 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
namespace: {{.Values.operatorNamespace}}
|
||||
name: istio-operator
|
||||
---
|
4
charts/kubezero-istio/charts/istio-operator/values.yaml
Normal file
4
charts/kubezero-istio/charts/istio-operator/values.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
hub: gcr.io/istio-testing
|
||||
tag: 1.5-dev
|
||||
operatorNamespace: istio-operator
|
||||
istioNamespace: istio-system
|
15
charts/kubezero-istio/update.sh
Executable file
15
charts/kubezero-istio/update.sh
Executable file
@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
ISTIO_VERSION=1.5.8
|
||||
|
||||
NAME="istio-$ISTIO_VERSION"
|
||||
URL="https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux.tar.gz"
|
||||
|
||||
curl -sL "$URL" | tar xz
|
||||
|
||||
# Now lets extract what we need
|
||||
rm -rf charts/istio-operator
|
||||
cp -r istio-${ISTIO_VERSION}/install/kubernetes/operator/charts/istio-operator charts
|
||||
|
||||
rm -rf istio-${ISTIO_VERSION}
|
1
charts/kubezero-istio/values.yaml
Normal file
1
charts/kubezero-istio/values.yaml
Normal file
@ -0,0 +1 @@
|
||||
# istio:
|
@ -2,7 +2,8 @@ apiVersion: v2
|
||||
name: kubezero-kiam
|
||||
description: KubeZero Umbrella Chart for Kiam
|
||||
type: application
|
||||
version: 0.2.5
|
||||
version: 0.2.6
|
||||
appVersion: 3.6
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -2,7 +2,7 @@ kubezero-kiam
|
||||
=============
|
||||
KubeZero Umbrella Chart for Kiam
|
||||
|
||||
Current chart version is `0.2.5`
|
||||
Current chart version is `0.2.6`
|
||||
|
||||
Source code can be found [here](https://kubezero.com)
|
||||
|
||||
@ -37,7 +37,7 @@ Required for the *csi ebs plugin* and most likely various others assuming basic
|
||||
| kiam.agent.gatewayTimeoutCreation | string | `"5s"` | |
|
||||
| kiam.agent.host.interface | string | `"cali+"` | |
|
||||
| kiam.agent.host.iptables | bool | `false` | |
|
||||
| kiam.agent.image.tag | string | `"v3.6-rc1"` | |
|
||||
| kiam.agent.image.tag | string | `"v3.6"` | |
|
||||
| kiam.agent.log.level | string | `"warn"` | |
|
||||
| kiam.agent.prometheus.servicemonitor.enabled | bool | `false` | |
|
||||
| kiam.agent.sslCertHostPath | string | `"/etc/ssl/certs"` | |
|
||||
@ -52,7 +52,7 @@ Required for the *csi ebs plugin* and most likely various others assuming basic
|
||||
| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
|
||||
| kiam.server.deployment.enabled | bool | `true` | |
|
||||
| kiam.server.deployment.replicas | int | `1` | |
|
||||
| kiam.server.image.tag | string | `"v3.6-rc1"` | |
|
||||
| kiam.server.image.tag | string | `"v3.6"` | |
|
||||
| kiam.server.log.level | string | `"warn"` | |
|
||||
| kiam.server.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
|
||||
| kiam.server.prometheus.servicemonitor.enabled | bool | `false` | |
|
||||
|
@ -1,7 +1,7 @@
|
||||
kiam:
|
||||
server:
|
||||
image:
|
||||
tag: "v3.6-rc1"
|
||||
tag: "v3.6"
|
||||
# kiam.server.assumeRoleArn -- kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role
|
||||
assumeRoleArn: ''
|
||||
useHostNetwork: true
|
||||
@ -31,7 +31,7 @@ kiam:
|
||||
|
||||
agent:
|
||||
image:
|
||||
tag: "v3.6-rc1"
|
||||
tag: "v3.6"
|
||||
gatewayTimeoutCreation: "5s"
|
||||
updateStrategy: RollingUpdate
|
||||
# IP tables set on each node at boot, see CloudBender
|
||||
|
Loading…
Reference in New Issue
Block a user