Kiam minor version bump, first draft of istio chart
This commit is contained in:
parent
1cf88e6cdb
commit
74ce5cc45c
20
charts/kubezero-istio/Chart.yaml
Normal file
20
charts/kubezero-istio/Chart.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
name: kubezero-istio
|
||||||
|
description: KubeZero Umbrella Chart for Istio
|
||||||
|
type: application
|
||||||
|
version: 0.0.1
|
||||||
|
appVersion: 1.5
|
||||||
|
home: https://kubezero.com
|
||||||
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
|
keywords:
|
||||||
|
- kubezero
|
||||||
|
- istio
|
||||||
|
maintainers:
|
||||||
|
- name: Quarky9
|
||||||
|
dependencies:
|
||||||
|
- name: kubezero-lib
|
||||||
|
version: ">= 0.1.1"
|
||||||
|
repository: https://zero-down-time.github.io/kubezero/
|
||||||
|
- name: istio-operator
|
||||||
|
version: "= 1.5"
|
||||||
|
kubeVersion: ">= 1.16.0"
|
24
charts/kubezero-istio/README.md
Normal file
24
charts/kubezero-istio/README.md
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
kubezero-istio
|
||||||
|
==============
|
||||||
|
KubeZero Umbrella Chart for Istio
|
||||||
|
|
||||||
|
Installs Istio Operator and KubeZero Istio profile
|
||||||
|
|
||||||
|
|
||||||
|
Current chart version is `0.0.1`
|
||||||
|
|
||||||
|
Source code can be found [here](https://kubezero.com)
|
||||||
|
|
||||||
|
## Chart Requirements
|
||||||
|
|
||||||
|
| Repository | Name | Version |
|
||||||
|
|------------|------|---------|
|
||||||
|
| | istio-operator | = 1.5 |
|
||||||
|
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.1 |
|
||||||
|
|
||||||
|
## KubeZero default configuration
|
||||||
|
|
||||||
|
|
||||||
|
## Resources
|
||||||
|
|
||||||
|
- https://istio.io/latest/docs/setup/install/standalone-operator/
|
18
charts/kubezero-istio/README.md.gotmpl
Normal file
18
charts/kubezero-istio/README.md.gotmpl
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
{{ template "chart.header" . }}
|
||||||
|
{{ template "chart.description" . }}
|
||||||
|
|
||||||
|
Installs Istio Operator and KubeZero Istio profile
|
||||||
|
|
||||||
|
|
||||||
|
{{ template "chart.versionLine" . }}
|
||||||
|
|
||||||
|
{{ template "chart.sourceLinkLine" . }}
|
||||||
|
|
||||||
|
{{ template "chart.requirementsSection" . }}
|
||||||
|
|
||||||
|
## KubeZero default configuration
|
||||||
|
|
||||||
|
|
||||||
|
## Resources
|
||||||
|
|
||||||
|
- https://istio.io/latest/docs/setup/install/standalone-operator/
|
12
charts/kubezero-istio/charts/istio-operator/Chart.yaml
Normal file
12
charts/kubezero-istio/charts/istio-operator/Chart.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
name: istio-operator
|
||||||
|
version: 1.5
|
||||||
|
tillerVersion: ">=2.7.2"
|
||||||
|
description: Helm chart for deploying Istio operator
|
||||||
|
keywords:
|
||||||
|
- istio
|
||||||
|
- operator
|
||||||
|
sources:
|
||||||
|
- http://github.com/istio/istio/operator
|
||||||
|
engine: gotpl
|
||||||
|
icon: https://istio.io/favicons/android-192x192.png
|
@ -0,0 +1,113 @@
|
|||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: istio-operator
|
||||||
|
rules:
|
||||||
|
# istio groups
|
||||||
|
- apiGroups:
|
||||||
|
- authentication.istio.io
|
||||||
|
resources:
|
||||||
|
- '*'
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
- apiGroups:
|
||||||
|
- config.istio.io
|
||||||
|
resources:
|
||||||
|
- '*'
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
- apiGroups:
|
||||||
|
- install.istio.io
|
||||||
|
resources:
|
||||||
|
- '*'
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
- apiGroups:
|
||||||
|
- networking.istio.io
|
||||||
|
resources:
|
||||||
|
- '*'
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
- apiGroups:
|
||||||
|
- rbac.istio.io
|
||||||
|
resources:
|
||||||
|
- '*'
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
- apiGroups:
|
||||||
|
- security.istio.io
|
||||||
|
resources:
|
||||||
|
- '*'
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
# k8s groups
|
||||||
|
- apiGroups:
|
||||||
|
- admissionregistration.k8s.io
|
||||||
|
resources:
|
||||||
|
- mutatingwebhookconfigurations
|
||||||
|
- validatingwebhookconfigurations
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
- apiGroups:
|
||||||
|
- apiextensions.k8s.io
|
||||||
|
resources:
|
||||||
|
- customresourcedefinitions.apiextensions.k8s.io
|
||||||
|
- customresourcedefinitions
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
- apiGroups:
|
||||||
|
- apps
|
||||||
|
- extensions
|
||||||
|
resources:
|
||||||
|
- daemonsets
|
||||||
|
- deployments
|
||||||
|
- deployments/finalizers
|
||||||
|
- ingresses
|
||||||
|
- replicasets
|
||||||
|
- statefulsets
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
- apiGroups:
|
||||||
|
- autoscaling
|
||||||
|
resources:
|
||||||
|
- horizontalpodautoscalers
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
- apiGroups:
|
||||||
|
- monitoring.coreos.com
|
||||||
|
resources:
|
||||||
|
- servicemonitors
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- create
|
||||||
|
- apiGroups:
|
||||||
|
- policy
|
||||||
|
resources:
|
||||||
|
- poddisruptionbudgets
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
- apiGroups:
|
||||||
|
- rbac.authorization.k8s.io
|
||||||
|
resources:
|
||||||
|
- clusterrolebindings
|
||||||
|
- clusterroles
|
||||||
|
- roles
|
||||||
|
- rolebindings
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- configmaps
|
||||||
|
- endpoints
|
||||||
|
- events
|
||||||
|
- namespaces
|
||||||
|
- pods
|
||||||
|
- persistentvolumeclaims
|
||||||
|
- secrets
|
||||||
|
- services
|
||||||
|
- serviceaccounts
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
---
|
@ -0,0 +1,13 @@
|
|||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: istio-operator
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: istio-operator
|
||||||
|
namespace: {{.Values.operatorNamespace}}
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: istio-operator
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
---
|
@ -0,0 +1,45 @@
|
|||||||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: istiooperators.install.istio.io
|
||||||
|
spec:
|
||||||
|
group: install.istio.io
|
||||||
|
names:
|
||||||
|
kind: IstioOperator
|
||||||
|
plural: istiooperators
|
||||||
|
singular: istiooperator
|
||||||
|
shortNames:
|
||||||
|
- iop
|
||||||
|
scope: Namespaced
|
||||||
|
subresources:
|
||||||
|
status: {}
|
||||||
|
validation:
|
||||||
|
openAPIV3Schema:
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values.
|
||||||
|
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase.
|
||||||
|
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
spec:
|
||||||
|
description: 'Specification of the desired state of the istio control plane resource.
|
||||||
|
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
|
||||||
|
type: object
|
||||||
|
status:
|
||||||
|
description: 'Status describes each of istio control plane component status at the current time.
|
||||||
|
0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
|
||||||
|
More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html &
|
||||||
|
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
|
||||||
|
type: object
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
---
|
@ -0,0 +1,42 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
namespace: {{.Values.operatorNamespace}}
|
||||||
|
name: istio-operator
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
name: istio-operator
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
name: istio-operator
|
||||||
|
spec:
|
||||||
|
serviceAccountName: istio-operator
|
||||||
|
containers:
|
||||||
|
- name: istio-operator
|
||||||
|
image: {{.Values.hub}}/operator:{{.Values.tag}}
|
||||||
|
command:
|
||||||
|
- operator
|
||||||
|
- server
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 200m
|
||||||
|
memory: 256Mi
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 128Mi
|
||||||
|
env:
|
||||||
|
- name: WATCH_NAMESPACE
|
||||||
|
value: {{.Values.istioNamespace}}
|
||||||
|
- name: LEADER_ELECTION_NAMESPACE
|
||||||
|
value: {{.Values.operatorNamespace}}
|
||||||
|
- name: POD_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.name
|
||||||
|
- name: OPERATOR_NAME
|
||||||
|
value: {{.Values.operatorNamespace}}
|
||||||
|
---
|
@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: {{.Values.operatorNamespace}}
|
||||||
|
labels:
|
||||||
|
istio-operator-managed: Reconcile
|
||||||
|
istio-injection: disabled
|
||||||
|
---
|
@ -0,0 +1,15 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
namespace: {{.Values.operatorNamespace}}
|
||||||
|
labels:
|
||||||
|
name: istio-operator
|
||||||
|
name: istio-operator
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: http-metrics
|
||||||
|
port: 8383
|
||||||
|
targetPort: 8383
|
||||||
|
selector:
|
||||||
|
name: istio-operator
|
||||||
|
---
|
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
namespace: {{.Values.operatorNamespace}}
|
||||||
|
name: istio-operator
|
||||||
|
---
|
4
charts/kubezero-istio/charts/istio-operator/values.yaml
Normal file
4
charts/kubezero-istio/charts/istio-operator/values.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
hub: gcr.io/istio-testing
|
||||||
|
tag: 1.5-dev
|
||||||
|
operatorNamespace: istio-operator
|
||||||
|
istioNamespace: istio-system
|
15
charts/kubezero-istio/update.sh
Executable file
15
charts/kubezero-istio/update.sh
Executable file
@ -0,0 +1,15 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
ISTIO_VERSION=1.5.8
|
||||||
|
|
||||||
|
NAME="istio-$ISTIO_VERSION"
|
||||||
|
URL="https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux.tar.gz"
|
||||||
|
|
||||||
|
curl -sL "$URL" | tar xz
|
||||||
|
|
||||||
|
# Now lets extract what we need
|
||||||
|
rm -rf charts/istio-operator
|
||||||
|
cp -r istio-${ISTIO_VERSION}/install/kubernetes/operator/charts/istio-operator charts
|
||||||
|
|
||||||
|
rm -rf istio-${ISTIO_VERSION}
|
1
charts/kubezero-istio/values.yaml
Normal file
1
charts/kubezero-istio/values.yaml
Normal file
@ -0,0 +1 @@
|
|||||||
|
# istio:
|
@ -2,7 +2,8 @@ apiVersion: v2
|
|||||||
name: kubezero-kiam
|
name: kubezero-kiam
|
||||||
description: KubeZero Umbrella Chart for Kiam
|
description: KubeZero Umbrella Chart for Kiam
|
||||||
type: application
|
type: application
|
||||||
version: 0.2.5
|
version: 0.2.6
|
||||||
|
appVersion: 3.6
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
@ -2,7 +2,7 @@ kubezero-kiam
|
|||||||
=============
|
=============
|
||||||
KubeZero Umbrella Chart for Kiam
|
KubeZero Umbrella Chart for Kiam
|
||||||
|
|
||||||
Current chart version is `0.2.5`
|
Current chart version is `0.2.6`
|
||||||
|
|
||||||
Source code can be found [here](https://kubezero.com)
|
Source code can be found [here](https://kubezero.com)
|
||||||
|
|
||||||
@ -37,7 +37,7 @@ Required for the *csi ebs plugin* and most likely various others assuming basic
|
|||||||
| kiam.agent.gatewayTimeoutCreation | string | `"5s"` | |
|
| kiam.agent.gatewayTimeoutCreation | string | `"5s"` | |
|
||||||
| kiam.agent.host.interface | string | `"cali+"` | |
|
| kiam.agent.host.interface | string | `"cali+"` | |
|
||||||
| kiam.agent.host.iptables | bool | `false` | |
|
| kiam.agent.host.iptables | bool | `false` | |
|
||||||
| kiam.agent.image.tag | string | `"v3.6-rc1"` | |
|
| kiam.agent.image.tag | string | `"v3.6"` | |
|
||||||
| kiam.agent.log.level | string | `"warn"` | |
|
| kiam.agent.log.level | string | `"warn"` | |
|
||||||
| kiam.agent.prometheus.servicemonitor.enabled | bool | `false` | |
|
| kiam.agent.prometheus.servicemonitor.enabled | bool | `false` | |
|
||||||
| kiam.agent.sslCertHostPath | string | `"/etc/ssl/certs"` | |
|
| kiam.agent.sslCertHostPath | string | `"/etc/ssl/certs"` | |
|
||||||
@ -52,7 +52,7 @@ Required for the *csi ebs plugin* and most likely various others assuming basic
|
|||||||
| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
|
| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
|
||||||
| kiam.server.deployment.enabled | bool | `true` | |
|
| kiam.server.deployment.enabled | bool | `true` | |
|
||||||
| kiam.server.deployment.replicas | int | `1` | |
|
| kiam.server.deployment.replicas | int | `1` | |
|
||||||
| kiam.server.image.tag | string | `"v3.6-rc1"` | |
|
| kiam.server.image.tag | string | `"v3.6"` | |
|
||||||
| kiam.server.log.level | string | `"warn"` | |
|
| kiam.server.log.level | string | `"warn"` | |
|
||||||
| kiam.server.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
|
| kiam.server.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
|
||||||
| kiam.server.prometheus.servicemonitor.enabled | bool | `false` | |
|
| kiam.server.prometheus.servicemonitor.enabled | bool | `false` | |
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
kiam:
|
kiam:
|
||||||
server:
|
server:
|
||||||
image:
|
image:
|
||||||
tag: "v3.6-rc1"
|
tag: "v3.6"
|
||||||
# kiam.server.assumeRoleArn -- kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role
|
# kiam.server.assumeRoleArn -- kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role
|
||||||
assumeRoleArn: ''
|
assumeRoleArn: ''
|
||||||
useHostNetwork: true
|
useHostNetwork: true
|
||||||
@ -31,7 +31,7 @@ kiam:
|
|||||||
|
|
||||||
agent:
|
agent:
|
||||||
image:
|
image:
|
||||||
tag: "v3.6-rc1"
|
tag: "v3.6"
|
||||||
gatewayTimeoutCreation: "5s"
|
gatewayTimeoutCreation: "5s"
|
||||||
updateStrategy: RollingUpdate
|
updateStrategy: RollingUpdate
|
||||||
# IP tables set on each node at boot, see CloudBender
|
# IP tables set on each node at boot, see CloudBender
|
||||||
|
Loading…
Reference in New Issue
Block a user