Kiam minor version bump, first draft of istio chart

This commit is contained in:
Stefan Reimer 2020-07-14 16:58:14 +01:00
parent 1cf88e6cdb
commit 74ce5cc45c
17 changed files with 343 additions and 6 deletions

View File

@ -0,0 +1,20 @@
apiVersion: v2
name: kubezero-istio
description: KubeZero Umbrella Chart for Istio
type: application
version: 0.0.1
appVersion: 1.5
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
- kubezero
- istio
maintainers:
- name: Quarky9
dependencies:
- name: kubezero-lib
version: ">= 0.1.1"
repository: https://zero-down-time.github.io/kubezero/
- name: istio-operator
version: "= 1.5"
kubeVersion: ">= 1.16.0"

View File

@ -0,0 +1,24 @@
kubezero-istio
==============
KubeZero Umbrella Chart for Istio
Installs Istio Operator and KubeZero Istio profile
Current chart version is `0.0.1`
Source code can be found [here](https://kubezero.com)
## Chart Requirements
| Repository | Name | Version |
|------------|------|---------|
| | istio-operator | = 1.5 |
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.1 |
## KubeZero default configuration
## Resources
- https://istio.io/latest/docs/setup/install/standalone-operator/

View File

@ -0,0 +1,18 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
Installs Istio Operator and KubeZero Istio profile
{{ template "chart.versionLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.requirementsSection" . }}
## KubeZero default configuration
## Resources
- https://istio.io/latest/docs/setup/install/standalone-operator/

View File

@ -0,0 +1,12 @@
apiVersion: v1
name: istio-operator
version: 1.5
tillerVersion: ">=2.7.2"
description: Helm chart for deploying Istio operator
keywords:
- istio
- operator
sources:
- http://github.com/istio/istio/operator
engine: gotpl
icon: https://istio.io/favicons/android-192x192.png

View File

@ -0,0 +1,113 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: istio-operator
rules:
# istio groups
- apiGroups:
- authentication.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- config.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- install.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- networking.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- rbac.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- security.istio.io
resources:
- '*'
verbs:
- '*'
# k8s groups
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions.apiextensions.k8s.io
- customresourcedefinitions
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- daemonsets
- deployments
- deployments/finalizers
- ingresses
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
verbs:
- '*'
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- events
- namespaces
- pods
- persistentvolumeclaims
- secrets
- services
- serviceaccounts
verbs:
- '*'
---

View File

@ -0,0 +1,13 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: istio-operator
subjects:
- kind: ServiceAccount
name: istio-operator
namespace: {{.Values.operatorNamespace}}
roleRef:
kind: ClusterRole
name: istio-operator
apiGroup: rbac.authorization.k8s.io
---

View File

@ -0,0 +1,45 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: istiooperators.install.istio.io
spec:
group: install.istio.io
names:
kind: IstioOperator
plural: istiooperators
singular: istiooperator
shortNames:
- iop
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
spec:
description: 'Specification of the desired state of the istio control plane resource.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
status:
description: 'Status describes each of istio control plane component status at the current time.
0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html &
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
versions:
- name: v1alpha1
served: true
storage: true
---

View File

@ -0,0 +1,42 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: {{.Values.operatorNamespace}}
name: istio-operator
spec:
replicas: 1
selector:
matchLabels:
name: istio-operator
template:
metadata:
labels:
name: istio-operator
spec:
serviceAccountName: istio-operator
containers:
- name: istio-operator
image: {{.Values.hub}}/operator:{{.Values.tag}}
command:
- operator
- server
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
env:
- name: WATCH_NAMESPACE
value: {{.Values.istioNamespace}}
- name: LEADER_ELECTION_NAMESPACE
value: {{.Values.operatorNamespace}}
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: {{.Values.operatorNamespace}}
---

View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: {{.Values.operatorNamespace}}
labels:
istio-operator-managed: Reconcile
istio-injection: disabled
---

View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
namespace: {{.Values.operatorNamespace}}
labels:
name: istio-operator
name: istio-operator
spec:
ports:
- name: http-metrics
port: 8383
targetPort: 8383
selector:
name: istio-operator
---

View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{.Values.operatorNamespace}}
name: istio-operator
---

View File

@ -0,0 +1,4 @@
hub: gcr.io/istio-testing
tag: 1.5-dev
operatorNamespace: istio-operator
istioNamespace: istio-system

15
charts/kubezero-istio/update.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
set -ex
ISTIO_VERSION=1.5.8
NAME="istio-$ISTIO_VERSION"
URL="https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux.tar.gz"
curl -sL "$URL" | tar xz
# Now lets extract what we need
rm -rf charts/istio-operator
cp -r istio-${ISTIO_VERSION}/install/kubernetes/operator/charts/istio-operator charts
rm -rf istio-${ISTIO_VERSION}

View File

@ -0,0 +1 @@
# istio:

View File

@ -2,7 +2,8 @@ apiVersion: v2
name: kubezero-kiam name: kubezero-kiam
description: KubeZero Umbrella Chart for Kiam description: KubeZero Umbrella Chart for Kiam
type: application type: application
version: 0.2.5 version: 0.2.6
appVersion: 3.6
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:

View File

@ -2,7 +2,7 @@ kubezero-kiam
============= =============
KubeZero Umbrella Chart for Kiam KubeZero Umbrella Chart for Kiam
Current chart version is `0.2.5` Current chart version is `0.2.6`
Source code can be found [here](https://kubezero.com) Source code can be found [here](https://kubezero.com)
@ -37,7 +37,7 @@ Required for the *csi ebs plugin* and most likely various others assuming basic
| kiam.agent.gatewayTimeoutCreation | string | `"5s"` | | | kiam.agent.gatewayTimeoutCreation | string | `"5s"` | |
| kiam.agent.host.interface | string | `"cali+"` | | | kiam.agent.host.interface | string | `"cali+"` | |
| kiam.agent.host.iptables | bool | `false` | | | kiam.agent.host.iptables | bool | `false` | |
| kiam.agent.image.tag | string | `"v3.6-rc1"` | | | kiam.agent.image.tag | string | `"v3.6"` | |
| kiam.agent.log.level | string | `"warn"` | | | kiam.agent.log.level | string | `"warn"` | |
| kiam.agent.prometheus.servicemonitor.enabled | bool | `false` | | | kiam.agent.prometheus.servicemonitor.enabled | bool | `false` | |
| kiam.agent.sslCertHostPath | string | `"/etc/ssl/certs"` | | | kiam.agent.sslCertHostPath | string | `"/etc/ssl/certs"` | |
@ -52,7 +52,7 @@ Required for the *csi ebs plugin* and most likely various others assuming basic
| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role | | kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
| kiam.server.deployment.enabled | bool | `true` | | | kiam.server.deployment.enabled | bool | `true` | |
| kiam.server.deployment.replicas | int | `1` | | | kiam.server.deployment.replicas | int | `1` | |
| kiam.server.image.tag | string | `"v3.6-rc1"` | | | kiam.server.image.tag | string | `"v3.6"` | |
| kiam.server.log.level | string | `"warn"` | | | kiam.server.log.level | string | `"warn"` | |
| kiam.server.nodeSelector."node-role.kubernetes.io/master" | string | `""` | | | kiam.server.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
| kiam.server.prometheus.servicemonitor.enabled | bool | `false` | | | kiam.server.prometheus.servicemonitor.enabled | bool | `false` | |

View File

@ -1,7 +1,7 @@
kiam: kiam:
server: server:
image: image:
tag: "v3.6-rc1" tag: "v3.6"
# kiam.server.assumeRoleArn -- kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role # kiam.server.assumeRoleArn -- kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role
assumeRoleArn: '' assumeRoleArn: ''
useHostNetwork: true useHostNetwork: true
@ -31,7 +31,7 @@ kiam:
agent: agent:
image: image:
tag: "v3.6-rc1" tag: "v3.6"
gatewayTimeoutCreation: "5s" gatewayTimeoutCreation: "5s"
updateStrategy: RollingUpdate updateStrategy: RollingUpdate
# IP tables set on each node at boot, see CloudBender # IP tables set on each node at boot, see CloudBender