From 74ce5cc45cb254c13669f2e4378b3c0445de5154 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Tue, 14 Jul 2020 16:58:14 +0100 Subject: [PATCH] Kiam minor version bump, first draft of istio chart --- charts/kubezero-istio/Chart.yaml | 20 ++++ charts/kubezero-istio/README.md | 24 ++++ charts/kubezero-istio/README.md.gotmpl | 18 +++ .../charts/istio-operator/Chart.yaml | 12 ++ .../istio-operator/templates/clusterrole.yaml | 113 ++++++++++++++++++ .../templates/clusterrole_binding.yaml | 13 ++ .../charts/istio-operator/templates/crd.yaml | 45 +++++++ .../istio-operator/templates/deployment.yaml | 42 +++++++ .../istio-operator/templates/namespace.yaml | 8 ++ .../istio-operator/templates/service.yaml | 15 +++ .../templates/service_account.yaml | 6 + .../charts/istio-operator/values.yaml | 4 + charts/kubezero-istio/update.sh | 15 +++ charts/kubezero-istio/values.yaml | 1 + charts/kubezero-kiam/Chart.yaml | 3 +- charts/kubezero-kiam/README.md | 6 +- charts/kubezero-kiam/values.yaml | 4 +- 17 files changed, 343 insertions(+), 6 deletions(-) create mode 100644 charts/kubezero-istio/Chart.yaml create mode 100644 charts/kubezero-istio/README.md create mode 100644 charts/kubezero-istio/README.md.gotmpl create mode 100644 charts/kubezero-istio/charts/istio-operator/Chart.yaml create mode 100644 charts/kubezero-istio/charts/istio-operator/templates/clusterrole.yaml create mode 100644 charts/kubezero-istio/charts/istio-operator/templates/clusterrole_binding.yaml create mode 100644 charts/kubezero-istio/charts/istio-operator/templates/crd.yaml create mode 100644 charts/kubezero-istio/charts/istio-operator/templates/deployment.yaml create mode 100644 charts/kubezero-istio/charts/istio-operator/templates/namespace.yaml create mode 100644 charts/kubezero-istio/charts/istio-operator/templates/service.yaml create mode 100644 charts/kubezero-istio/charts/istio-operator/templates/service_account.yaml create mode 100644 charts/kubezero-istio/charts/istio-operator/values.yaml create mode 100755 charts/kubezero-istio/update.sh create mode 100644 charts/kubezero-istio/values.yaml diff --git a/charts/kubezero-istio/Chart.yaml b/charts/kubezero-istio/Chart.yaml new file mode 100644 index 00000000..50266b1c --- /dev/null +++ b/charts/kubezero-istio/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: kubezero-istio +description: KubeZero Umbrella Chart for Istio +type: application +version: 0.0.1 +appVersion: 1.5 +home: https://kubezero.com +icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png +keywords: + - kubezero + - istio +maintainers: + - name: Quarky9 +dependencies: + - name: kubezero-lib + version: ">= 0.1.1" + repository: https://zero-down-time.github.io/kubezero/ + - name: istio-operator + version: "= 1.5" +kubeVersion: ">= 1.16.0" diff --git a/charts/kubezero-istio/README.md b/charts/kubezero-istio/README.md new file mode 100644 index 00000000..ab294612 --- /dev/null +++ b/charts/kubezero-istio/README.md @@ -0,0 +1,24 @@ +kubezero-istio +============== +KubeZero Umbrella Chart for Istio + +Installs Istio Operator and KubeZero Istio profile + + +Current chart version is `0.0.1` + +Source code can be found [here](https://kubezero.com) + +## Chart Requirements + +| Repository | Name | Version | +|------------|------|---------| +| | istio-operator | = 1.5 | +| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.1 | + +## KubeZero default configuration + + +## Resources + +- https://istio.io/latest/docs/setup/install/standalone-operator/ diff --git a/charts/kubezero-istio/README.md.gotmpl b/charts/kubezero-istio/README.md.gotmpl new file mode 100644 index 00000000..7789d1bc --- /dev/null +++ b/charts/kubezero-istio/README.md.gotmpl @@ -0,0 +1,18 @@ +{{ template "chart.header" . }} +{{ template "chart.description" . }} + +Installs Istio Operator and KubeZero Istio profile + + +{{ template "chart.versionLine" . }} + +{{ template "chart.sourceLinkLine" . }} + +{{ template "chart.requirementsSection" . }} + +## KubeZero default configuration + + +## Resources + +- https://istio.io/latest/docs/setup/install/standalone-operator/ diff --git a/charts/kubezero-istio/charts/istio-operator/Chart.yaml b/charts/kubezero-istio/charts/istio-operator/Chart.yaml new file mode 100644 index 00000000..2887a97d --- /dev/null +++ b/charts/kubezero-istio/charts/istio-operator/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +name: istio-operator +version: 1.5 +tillerVersion: ">=2.7.2" +description: Helm chart for deploying Istio operator +keywords: + - istio + - operator +sources: + - http://github.com/istio/istio/operator +engine: gotpl +icon: https://istio.io/favicons/android-192x192.png diff --git a/charts/kubezero-istio/charts/istio-operator/templates/clusterrole.yaml b/charts/kubezero-istio/charts/istio-operator/templates/clusterrole.yaml new file mode 100644 index 00000000..53be806e --- /dev/null +++ b/charts/kubezero-istio/charts/istio-operator/templates/clusterrole.yaml @@ -0,0 +1,113 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: istio-operator +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +--- diff --git a/charts/kubezero-istio/charts/istio-operator/templates/clusterrole_binding.yaml b/charts/kubezero-istio/charts/istio-operator/templates/clusterrole_binding.yaml new file mode 100644 index 00000000..39e26636 --- /dev/null +++ b/charts/kubezero-istio/charts/istio-operator/templates/clusterrole_binding.yaml @@ -0,0 +1,13 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-operator +subjects: +- kind: ServiceAccount + name: istio-operator + namespace: {{.Values.operatorNamespace}} +roleRef: + kind: ClusterRole + name: istio-operator + apiGroup: rbac.authorization.k8s.io +--- diff --git a/charts/kubezero-istio/charts/istio-operator/templates/crd.yaml b/charts/kubezero-istio/charts/istio-operator/templates/crd.yaml new file mode 100644 index 00000000..09dd3b0d --- /dev/null +++ b/charts/kubezero-istio/charts/istio-operator/templates/crd.yaml @@ -0,0 +1,45 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: istiooperators.install.istio.io +spec: + group: install.istio.io + names: + kind: IstioOperator + plural: istiooperators + singular: istiooperator + shortNames: + - iop + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: 'Specification of the desired state of the istio control plane resource. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + status: + description: 'Status describes each of istio control plane component status at the current time. + 0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING. + More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html & + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + versions: + - name: v1alpha1 + served: true + storage: true +--- diff --git a/charts/kubezero-istio/charts/istio-operator/templates/deployment.yaml b/charts/kubezero-istio/charts/istio-operator/templates/deployment.yaml new file mode 100644 index 00000000..5ef78484 --- /dev/null +++ b/charts/kubezero-istio/charts/istio-operator/templates/deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: {{.Values.operatorNamespace}} + name: istio-operator +spec: + replicas: 1 + selector: + matchLabels: + name: istio-operator + template: + metadata: + labels: + name: istio-operator + spec: + serviceAccountName: istio-operator + containers: + - name: istio-operator + image: {{.Values.hub}}/operator:{{.Values.tag}} + command: + - operator + - server + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi + env: + - name: WATCH_NAMESPACE + value: {{.Values.istioNamespace}} + - name: LEADER_ELECTION_NAMESPACE + value: {{.Values.operatorNamespace}} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: {{.Values.operatorNamespace}} +--- diff --git a/charts/kubezero-istio/charts/istio-operator/templates/namespace.yaml b/charts/kubezero-istio/charts/istio-operator/templates/namespace.yaml new file mode 100644 index 00000000..31dc5aae --- /dev/null +++ b/charts/kubezero-istio/charts/istio-operator/templates/namespace.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: {{.Values.operatorNamespace}} + labels: + istio-operator-managed: Reconcile + istio-injection: disabled +--- diff --git a/charts/kubezero-istio/charts/istio-operator/templates/service.yaml b/charts/kubezero-istio/charts/istio-operator/templates/service.yaml new file mode 100644 index 00000000..93e2638b --- /dev/null +++ b/charts/kubezero-istio/charts/istio-operator/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: {{.Values.operatorNamespace}} + labels: + name: istio-operator + name: istio-operator +spec: + ports: + - name: http-metrics + port: 8383 + targetPort: 8383 + selector: + name: istio-operator +--- diff --git a/charts/kubezero-istio/charts/istio-operator/templates/service_account.yaml b/charts/kubezero-istio/charts/istio-operator/templates/service_account.yaml new file mode 100644 index 00000000..32307f32 --- /dev/null +++ b/charts/kubezero-istio/charts/istio-operator/templates/service_account.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{.Values.operatorNamespace}} + name: istio-operator +--- diff --git a/charts/kubezero-istio/charts/istio-operator/values.yaml b/charts/kubezero-istio/charts/istio-operator/values.yaml new file mode 100644 index 00000000..ffe8f397 --- /dev/null +++ b/charts/kubezero-istio/charts/istio-operator/values.yaml @@ -0,0 +1,4 @@ +hub: gcr.io/istio-testing +tag: 1.5-dev +operatorNamespace: istio-operator +istioNamespace: istio-system diff --git a/charts/kubezero-istio/update.sh b/charts/kubezero-istio/update.sh new file mode 100755 index 00000000..94716320 --- /dev/null +++ b/charts/kubezero-istio/update.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -ex + +ISTIO_VERSION=1.5.8 + +NAME="istio-$ISTIO_VERSION" +URL="https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux.tar.gz" + +curl -sL "$URL" | tar xz + +# Now lets extract what we need +rm -rf charts/istio-operator +cp -r istio-${ISTIO_VERSION}/install/kubernetes/operator/charts/istio-operator charts + +rm -rf istio-${ISTIO_VERSION} diff --git a/charts/kubezero-istio/values.yaml b/charts/kubezero-istio/values.yaml new file mode 100644 index 00000000..237ff6a8 --- /dev/null +++ b/charts/kubezero-istio/values.yaml @@ -0,0 +1 @@ +# istio: diff --git a/charts/kubezero-kiam/Chart.yaml b/charts/kubezero-kiam/Chart.yaml index 121ccbb4..f78a914f 100644 --- a/charts/kubezero-kiam/Chart.yaml +++ b/charts/kubezero-kiam/Chart.yaml @@ -2,7 +2,8 @@ apiVersion: v2 name: kubezero-kiam description: KubeZero Umbrella Chart for Kiam type: application -version: 0.2.5 +version: 0.2.6 +appVersion: 3.6 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero-kiam/README.md b/charts/kubezero-kiam/README.md index 7c56ecac..050558b1 100644 --- a/charts/kubezero-kiam/README.md +++ b/charts/kubezero-kiam/README.md @@ -2,7 +2,7 @@ kubezero-kiam ============= KubeZero Umbrella Chart for Kiam -Current chart version is `0.2.5` +Current chart version is `0.2.6` Source code can be found [here](https://kubezero.com) @@ -37,7 +37,7 @@ Required for the *csi ebs plugin* and most likely various others assuming basic | kiam.agent.gatewayTimeoutCreation | string | `"5s"` | | | kiam.agent.host.interface | string | `"cali+"` | | | kiam.agent.host.iptables | bool | `false` | | -| kiam.agent.image.tag | string | `"v3.6-rc1"` | | +| kiam.agent.image.tag | string | `"v3.6"` | | | kiam.agent.log.level | string | `"warn"` | | | kiam.agent.prometheus.servicemonitor.enabled | bool | `false` | | | kiam.agent.sslCertHostPath | string | `"/etc/ssl/certs"` | | @@ -52,7 +52,7 @@ Required for the *csi ebs plugin* and most likely various others assuming basic | kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role | | kiam.server.deployment.enabled | bool | `true` | | | kiam.server.deployment.replicas | int | `1` | | -| kiam.server.image.tag | string | `"v3.6-rc1"` | | +| kiam.server.image.tag | string | `"v3.6"` | | | kiam.server.log.level | string | `"warn"` | | | kiam.server.nodeSelector."node-role.kubernetes.io/master" | string | `""` | | | kiam.server.prometheus.servicemonitor.enabled | bool | `false` | | diff --git a/charts/kubezero-kiam/values.yaml b/charts/kubezero-kiam/values.yaml index 2affcd8a..4839a30e 100644 --- a/charts/kubezero-kiam/values.yaml +++ b/charts/kubezero-kiam/values.yaml @@ -1,7 +1,7 @@ kiam: server: image: - tag: "v3.6-rc1" + tag: "v3.6" # kiam.server.assumeRoleArn -- kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role assumeRoleArn: '' useHostNetwork: true @@ -31,7 +31,7 @@ kiam: agent: image: - tag: "v3.6-rc1" + tag: "v3.6" gatewayTimeoutCreation: "5s" updateStrategy: RollingUpdate # IP tables set on each node at boot, see CloudBender